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LIAISON INFORMATION REPORT (LIR) 


INFORMATION TECHNOLOGY SECTOR 
1 April 2019 LIR 190401001 


The FBI's Washington Field Office, in coordination with the FBI's Office of Private Sector (OPS), is 
informing private sector partners regarding foreign intelligence services" (FIS) exploitation of social media 
platforms? and data to target corporate and US government (USG) clearance holders. FIS and US adversary 
intelligence officers are using popular US-based social media platforms to identify, recruit, and conduct 
operations against USG clearance holders, to include private sector employees or contractors supporting the 
USG. FIS officers will use popular US-based platforms and their respective countries’ social media 
platforms for personal and intelligence gathering/operations purposes. 


The FBI reminds US clearance holders and/or individuals with access to US sensitive/proprietary 
information to remain vigilant, and adhere to strict operational security protocols in their physical and 
online presence. Increasing physical and online operational security awareness, using best practices, and 
training may limit FIS solicitation attempts/activities. Visit the FBI's Domestic Security Alliance Council, 
InfraGard, and the FBI's Counterintelligence homepage for information and brochures related to FIS, as 
well as, material on insider threat awareness: 


= www.fbi.gov/investigative/counterintelligence 


= www.dsac.gov 
= www.infragard.org 


FIS Primary Targets: Former/Active USG Clearance Holders 


In 2017, an FIS used a popular professional networking website to contact a former USG employee who 
held an expired Top Secret level clearance. The employee listed their intelligence/national security 
background on their website profile. A separated but recruited individual later acted as the *middleperson" 
who introduced the employee to the FIS. In February 2017, the employee traveled overseas to meet the FIS 
and established a covert communication channel. That communication channel served as a mean to pass 
Secret and Top Secret information to a US adversary. In mid-2017, the USG arrested and charged the 
employee for conducting espionage against the United States. 


FIS Private Sector Targets: USG Contractor Clearance Holders 


A known FIS front company used a publicaly available employment website to target USG defense 
contractors who posted their resume online. The FIS used the website to target, assess, and recruit 


è The term social media platform refers to as a broad range of private to public communication, employment networking, 
interaction, and file sharing featured tool via websites, as well as, applications on smart-devices and/or computer systems. 
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Sar os SS, LIAISON INFORMATION REPORT (LIR) 


employees of US-based defense contracting companies supporting the USG who have specialized skills in 
the aviation technology. 


Social Engineering Method: FIS use Fictitious Social Media Accounts to Obtain Access to Sensitive 
and Classified Data from USG and Corporate Employee 


An FIS created a fictitious US military social media profile on several platforms. The FIS used the profile 
to establish online relationships/social network with a wide range of USG, US military personnel, and 
multiple US-based cleared defense contractors. The FIS used the social network to develop and assess a 
targeted pool of profiles. 


Bridging the Physical and Online Introductions Gap: FIS Used Physical Events and Online 
Research for Social Media Usage to Establish Relationships 


In early 2018, a US-based cleared defense contractor with a Top Secret level clearance attended a 
technical trade show conference in the United States. An FIS who operated a vender booth at the 
conference approached the contractor several times and offered sales of products/services. As a means to 
deter the aggressive sales pitches, the contractor indicated to the FIS his/her affiliation with the USG and 
offered the FIS a business card. A week after the conference, the FIS located the contractor on a popular 
professional linking website. The FIS sent an online request to the contractor via the website. The FIS is 
likely associated with an identified US adversarial military unit. 


This LIR was disseminated from OPS’s Information Sharing and Analysis Unit. Direct any requests and 
questions to your FBI Private Sector Coordinator at your local FBI Field Office: 
https://www.fbi.gov/contact-us/field-offices 


Page 2 of 3 


Limited a Restricted to the Community 
Page 21of 3957 


Traffic Light Protocol (TLP) Definitions 


When should it be used? 


How may it be shared? 


Not for disclosure, restricted 
to participants only. 


Sources may use TLP:RED when information 
cannot be effectively acted upon by additional 
parties, and could lead to impacts on a party's 
privacy, reputation, or operations if misused. 


Recipients may not share TLP:RED information with any parties outside 
of the specific exchange, meeting, or conversation in which it was 
originally disclosed. In the context of a meeting, for example, TLP:RED 
information is limited to those present at the meeting. In most 
circumstances, TLP:RED should be exchanged verbally or in person. 


Limited disclosure, restricted 
to participants’ 
organizations. 


Sources may use TLP:AMBER when 
information requires support to be effectively 
acted upon, yet carries risks to privacy, 
reputation, or operations if shared outside of 
the organizations involved. 


Recipients may only share TLP:AMBER information with members of 
their own organization, and with clients or customers who need to know 
the information to protect themselves or prevent further harm. Sources 
are at liberty to specify additional intended limits of the sharing: 
these must be adhered to. 


Limited disclosure, restricted 
to the community. 


Sources may use TLP:GREEN when 
information is useful for the awareness of all 
participating organizations as well as with 
peers within the broader community or sector. 


Recipients may share TLP:GREEN information with peers and partner 
organizations within their sector or community, but not via publicly 
accessible channels. Information in this category can be circulated widely 
within a particular community. TLP:GREEN information may not be 
released outside of the community. 


Disclosure is not limited. 


Sources may use TLP:WHITE when 
information carries minimal or no foreseeable 
risk of misuse, in accordance with applicable 
rules and procedures for public release. 


Subject to standard copyright rules, TLP: WHITE information may be 
distributed without restriction. 
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Overview 


a Legal Framework 

= DoDM 5240.01 Overview 

= Computer Trespasser Exception 
= Scenarios 
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| B, Lega! Framework— 
vd The Basics 
19? 

a U.S. Constitution 

m U.S. Code 

m FISA 

m ECPA 

= Computer Fraud and Abuse Act 

= Computer Trespasser Exception 

m National Security Letters 


m Executive Order 12333 


m DoD/USAF Issuances 
= DoDM 5240.01 (Procs 1-10) 


m DoD 5240.1-R (Procs 11-15) 
m AFI 71-101 v4 
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V Legal Framework— 
u History 


m Spying is one of the oldest professions 


m General George Washington noted during the War of 
Independence "it was the British spies he feared the most." 


= Today's laws and policies are the direct result of 

unfettered intelligence collection by DoD, FBI and CIA in 
the 1960's and 1970's. 

w Physical surveillance of public figures involved with the anti- 

Vietnam war and civil rights protests, e.g., MLK 

m Mail openings 

m Break-ins of the offices, vehicles and houses of U.S. persons 

m Undisclosed participation on university campuses 


Eyes of the Eagle 
Page 27 of 3957 


Page 28 of 3957 


& " Legal Framework— 
SF History 
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m The Church and Pike congressional committees found 
the IC lacked policy on how to conduct its mission in 
regards to U.S. persons 

m Recommended "reining" in Executive Branch powers in using 
intelligence elements against U.S. persons 


a Created the Permanent Select Committee on Intelligence 
(Senate) and the Congressional Committee on Intelligence 


a The Foreign Intelligence Surveillance Act was enacted 
in 1978 
m Before Congress passed legislation to correct this 
deficiency, E.O. 11905 was signed, which was later 
replaced by E.O. 12333 (standing E.O. on Intelligence 
Oversight) 
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DoD MANUAL $240.01 
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DoDM 5240.01 Overview 


= Signed by SecDef and Attorney General August 
2016 


= Replaces Procedures 1-10 of DoD 5240.01-R 
(December 1982) 


= Ten (10) Procedures 

Proc 2, Collection 

Proc 3, Retention 

Proc 4, Dissemination 

Proc 5, Electronic Surveillance 
Proc 6: Concealed Monitor 

Proc 7, Physical Search 

Proc 8, Mail Search/Cover 

Proc 9, Physical Surveillance 

Proc 10, Undisclosed Participation 
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Counterintelligence 


^, ey 


s 


= Defined: Information gathered and activities 
conducted to identify, deceive, exploit, disrupt, or 
protect against espionage, other intelligence 
activities, sabotage, or assassinations conducted 
for or on behalf of foreign powers, organizations, or 
persons, or their agents, or international terrorist 
organizations or activities. 
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Procedure 2, Introduction 
43° 


m Intentional Collection of USPI: We may intentionally collect 
USPI only if: 


m the information sought is reasonably believed to be necessary for the 
performance of an authorized counterintelligence mission; 


m the USPI falls within one of the following 13 categories below; and 
m we use the least intrusive means. 


m U.S. Person Information (USPI) defined: Information that is 
reasonably likely to identify one or more specific U.S. persons. 


= Collection takes place upon receipt 

Regardless of when you use it 

Computers can collect 

Intel is collected only once 

May be disseminated multiple times 

Encrypted data is considered collected upon receipt 
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= Defined: When the facts and circumstances are 
such that a reasonable person would hold the belief. 
= Must rest on facts and circumstances that can be 
articulated; 
= Hunches or intuitions are not sufficient; and 


= Can be based on experience, training, and knowledge of Cl 
activities as applied to particular facts and circumstances. 


Eyes of the Eagle 
Page 33 of 3957 J f j 


Page 34 of 3957 


Procedure 2 Categories 


1. Publicly Available 8. Persons in Contact 
2. Consent With Sources or 


3. Foreign Intelligence Potential Sources 


(FI) 9. Personnel Security 

4. Counterintelligence 10. Physical Security 
(CI) 11. Communications 

5. Threats to Safety Security 

6. Protection of 12. Overhead and Airborne 
Sources/Methods Reconnaissance 

7. Current, Former, or 13. Administrative 
Potential Sources Purposes 
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Procedure 2 Categories 


1. Publicly Available Information 


2. Consent 

m Defined: An agreement by a person or organization to 
permit a Defense Intelligence Component to take particular 
actions affecting that person or organization. 

& The legal advisor [OSI/JA] will determine whether a notice 
or policy is adequate and lawful, before the Component 
takes or refrains from taking action on the basis of implied 
consent. 


3. Foreign Intelligence 
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Procedure 2 Categories 


4. Counterintelligence: The information is reasonably believed 
to constitute Cl and the U.S. person is one of the following: 


(a) An individual, organization, or group reasonably believed to be 
engaged in or preparing to engage in espionage, other intelligence 
activities, sabotage, or assassination on behalf of a foreign power, 
organization, or person, or on behalf of an agent of a foreign power, 
organization, or person; 

An individual, organization, or group reasonably believed to be 
engaged in or preparing to engage in international terrorist activities; 
An individual, organization, or group reasonably believed to be acting 
for, or in furtherance of, the goals or objectives of an international 
terrorist or international terrorist organization, for purposes harmful 
to the national security of the United States; or 

An individual, organization, or group in contact with a person 
described above for the purpose of identifying such individual, 
organization, or group and assessing any relationship with the 
person described therein. 


(b 


— 


"onus 


(c 


(d 


— 
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= Special Circumstances Collection 
m Defense Intelligence Components will consider whether collection 
opportunities raise special circumstances based on the volume, 
roportion, and sensitivity of the USPI likely to be acquired, and the 
intrusiveness of the methods used to collect the information. 
= Amount of Information Collected 
a In collecting non-publicly available USPI, to the extent practicable, collect 
no more information than is reasonably necessary. 


= Least Intrusive Means 
m Use the least intrusive collection techniques feasible within the United 
States or directed against a U.S. person abroad. 


1. Publicly available sources or with the consent of the 
person concerned 

2. Cooperating sources 

3. Techniques that do not require a judicial warrant or AG 
approval 

4. Techniques that do require a judicial warrant or AG 
approval 
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Procedure 3, Retention 
a5 


m Permanent Retention standard 


m Retention is reasonably believed to be necessary for the 
performance of an authorized intelligence mission; and 


= The information was lawfully collected or disseminated to 
the Component 
= Meets one of the 13 collection categories; or 


mis necessary to understand or assess CI, e.g., 
information about a U.S. person that provides 
important background or context for Cl. 
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= Three primary evaluation periods to determine 
retention of USPI 
= Promptly 
m Five (5) years 
= Twenty-five (25) years 


a Intentional Collection of USPI 
= Must be evaluated promptly; and 


= |f necessary, may retain the information for evaluation for 
up to 5 years, subject to extension. 
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Z7 Procedure 3, Retention 


m Incidental Collection of USPI 

= Defined: collection of USPI that is not deliberately sought, 
but is nonetheless collected 

m In the United States, may retain all of the incidentally 
collected information for evaluation for up to 5 years, 
unless extended 

m Outside the United States, may retain all of the incidentally 
collected information for evaluation for up to 25 years. 


a Voluntarily Provided USPI 
m About a U.S. person, evaluate the information promptly, up 
to 5 years, unless extended. 
m About a non-U.S. person, evaluation for up to 25 years. 
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Procedure 3, Retention 
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= Unintelligible information 
= The time periods begin when the information is 
processed into intelligible form 


= Includes information that a Component cannot decrypt or 
understand in the original format. 


m To the extent practicable, unintelligible information will be 
processed into an intelligible form. 


= A foreign language is considered intelligible 


= Deletion of Information. 
Unless the standards for permanent retention are met, 
must delete all USPI from the Component’s automated 
systems of records. 
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NP Procedure 4, Dissemination 
439 


= We may disseminate USPI based upon the following criteria: 
m Any person or entity: Information is publicly available or U.S. person 
has consented to the dissemination. 
m Other intelligence community elements 


m Other DoD elements; federal government entities; state, local, tribal, 
or territorial governments: recipient is reasonably believed to have a 
need to receive such information for the performance ot its lawful 
missions or functions. 


m Foreign governments or international organizations 


= Recipient is reasonably believed to have a need to 
receive such information for its lawful missions or 
functions; and 


= Disclosure is consistent with applicable international 
agreements and foreign disclosure policy 
m Protective Purposes: Necessary to protect the safety or security of 


persons or property, or to protect against or prevent a crime or threat 
to the national security. 
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Procedure 5, Electronic 


S Surveillance 
= Implements FISA and E.O. 12333 
= Defined 


m The installation or use of any monitoring device in the 
United States where a person has a reasonable expectation 
of privacy, as determined by OS//JA, and 


m A warrant would be required for law enforcement purposes. 


= Fourth Amendment 
m All electronic surveillance must comply with the Fourth 
Amendment 
m OSÍ/JA will assess the reasonableness of collection, 
retention, and dissemination 
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Procedure 5, Electronic 
c^ d Surveillance 


m In the United States 


m Attorney General or the Foreign Intelligence Surveillance 
Court (FISC) may authorize, except for emergency 
situations. 


= May only conduct such surveillance if both: 
= A significant purpose of the electronic 
surveillance is to obtain foreign intelligence 
information; and 


= There is probable cause to believe that the 
target of the electronic surveillance is a foreign 
power or an agent of a foreign power. 
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Surveillance 


zu Outside the United States 
m U.S. person 
= Governed by FISA and E.O. 12333; or 
= Approval under exigent circumstances 
exception 
m Non-U.S. person: governed by Title ! or Section 702 
= Emergency situations: Attorney General approval 


= Technical Surveillance Countermeasures (TSCM) 


= Applies to the use of electronic equipment and 
specialized techniques to determine the existence and 
capability of electronic surveillance equipment being 
used by persons not authorized to conduct electronic 
surveillance. 
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= Defined as the following: 
m Hidden electronic, optical, or mechanical devices, 
m to monitor a particular person or a group of persons, 
m without consent, 
m ina surreptitious manner, 
m over a period of time, and 
m no reasonable expectation of privacy. 


= Examples 


m Video monitoring or sound recording of a subject in a place 
where he or she has no reasonable expectation of privacy 
if conducted over a period of time 


m Taking one photograph of a subject would not qualify. 
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Procedure 6, Concealed 
Monitoring 


= Scope 
m Anyperson inside the United States, or 
m Any U.S. person outside the United States 


m In the United States 
m On DoD facilities 
m Outside DoD facilities, after coordination with the FBI. 


= Outside the United States 
m On DoD facilities 


m Outside DoD facilities must be coordinated with the CIA, 
and appropriate host country officials in accordance with 
any applicable SOFA or other international agreement. 
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Procedure 6, Concealed 
Monitoring 


= Approval: AFOSI/CC or delegee 


= OSI/JA will determine whether the following criteria 
have been met: 
m There is no reasonable expectation of privacy; 


& Such monitoring is necessary to conduct an assigned CI 
function; 


m A trespass will not be necessary to effect the monitoring; 
and 


= The monitoring is not subject to Procedure 5 
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m Scope: Applies to nonconsensual physical searches in 
the United States and of U.S. persons/property outside 
the United States. 

& Defined: Any intrusion on a person or property that 
would require a warrant for law enforcement purposes. 

= Does not include examinations of 


m Areas that are in plain view and visible to the unaided eye if 
there is no physical trespass; 


Publicly available information; 
Abandoned property in a public place; 
Items where we have consent; and 


Government property pursuant to Military Rule of Evidence 
314(d) 
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X J Procedure 7, Physical Searches 


= Active duty 
m Approval: Attorney General or FISC 


= Other persons inside the United States 
= We may NOT conduct searches of other persons 
a We may request the FBI to conduct such a search 


m Other U.S. persons outside the United States 
= The search is for an authorized foreign intelligence or Cl purpose; 
m The search is appropriately coordinated with the CIA; and 
= The FISC or the Attorney General has authorized the search. 
m Authority to Request 
= Does not include AFOSI/CC 
= SecDef, DSD, USD(l); SecAF; USecAF; DIRNSA/CHCSS; 
Director, DIA; Director, NGA; or Director, NRO 
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a Mail Searches 
m See Procedure 7 


a Mail cover 
= In U.S. postal service channels, request the USPS IAW 39 
CFR 233.3(e)(2) 
= In foreign postal channels, may request a mail cover for 
mail that is to or from a U.S. person consistent foreign law 
and any applicable SOFA 
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= Who can we surveil in the United States: 

= Military service members; 
Present or former military or civilian employees of a DIC; 
Present or former contractors of a DIC; 
Present or former employees of such a contractor; 
Applicants for such employment or contracting; 
Non-U.S. persons; and 


Other persons, “when detailed to the FBI or when operating 
under FBI authorities.” 
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Surveillance 
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= Scope 
m Any person inside the United States or any U.S. person 
outside the United States. 
= Applies to any devices used to observe the subject of the 
surveillance (not Procedure 6). 


= Defined 
= Deliberate and continuous observation of a person, and 
= Where the person has no reasonable expectation of 
privacy. 
= Does not apply to surveillance detection or counter 
surveillance used to detect and elude foreign physical 
surveillance 
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^ d Surveillance 


= Approval and coordination 
m Approval: AFOSI/CC or delegee 
m Coordination 
mIn the United States 


= No coordination req'd for surveillance of active duty, on- 
base 


= FBI for off-base surveillance 

= FBI for surveillance on-base, non-active duty 
= Outside the United States 

= CIA for off-base surveillance 

= Consider with SOFA and foreign law/policy 
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Procedure 10, Undisclosed 
Participation (UDP) 


m Scope: Governs the participation by DICs and anyone 
acting on behalf of a DIC, e.g., sources, in any 
organization in the United States or any organization 
outside the United States that constitutes a U.S. person. 


m Organization defined 
m Anassociation of two or more individuals formed for any 
lawful purpose whose existence is formalized in some manner 
= Includes those that meet and communicate through the use of 
technologies 
m Participation defined 
m When a person is tasked or asked to participate in an 
organization for the benefit of the DIC 
m Actions undertaken "for the benefit of" a DIC may include 
collecting information, identifying potential sources or 
contacts, or establishing or maintaining cover. 
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m Exclusions 
m Personal participation 
m Voluntarily provided information 
m Publicly available information on the Internet 
= Collection of publicly available information on the 
Internet in a way that does not require a person to 
provide identifying information (such as an email 
address) as a condition of access and does not 
involve communication with a human being. 
m Approval depends on the activity 
m No specific level of approval 
m AFOSI/CC or delegee 
m AFOSI/CC or single delegee 
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= Standards for review and approval: approving 
official must make the following determinations: 


« The potential benefits to national security outweigh any 
adverse impact on civil liberties or privacy of U.S. persons. 

m The proposed UDP complies with the limitations on UDP; 
and 

m The proposed UDP is the least intrusive means feasible 
and conforms to the requirements of Procedure 2. 
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= UDP requiring no specific level of approval 

m Education or training 

m Cover Activities: Participation in an organization solely for 
the purpose of obtaining or renewing membership status /n 
accordance with DoD cover policy 

m Published or posted information: Participation in an 
organization whose membership is open to the public 
solely for the purpose of obtaining information published 
or posted by the organization or its members and generally 
available to members; must not involve elicitation. 


m Public forums: Employment affiliation not required and no 
elicitation of USPI; and 


m Foreign entity 


Eyes of the Eagle 
Page 58 of 3957 


Page 59 of 3957 


Procedure 10, UDP 


= UDP That May Be Approved by a DIC Head or 
Delegee 
m Non-U.S. persons as potential sources of assistance 


m Public forums: employment affiliation required or 
elicitation of USPI may be authorized 

m Cover activities beyond obtaining or renewing membership 
for the purpose of maintaining or enhancing cover 

= U.S. person organizations outside the United States 
involving participation from or about a non-U.S. person 
located outside the United States. 
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YB, Procedure 1 0, UDP 


«2 


= UDP That May Be Approved by a Defense 
Intelligence Component Head or a Single Delegee 


m To conduct authorized Cl activities not otherwise 
addressed in or outside the United States, after required 
coordination with the FBI or CIA. 

= To collect information inside the United States necessary 
to identify a U.S. person as a potential source of assistance 
to foreign intelligence or Cl activities. 

m To collect information outside the United States necessary 
to assess a U.S. person as a potential source of assistance 
to foreign intelligence or CI activities. 
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Y ^ Cyber 
4 Authorities 


= Data at Rest 

m The Stored Communications Act (SCA) 
a Live data 

m Pen Register/Trap & Trace Act 

s The Wiretap Act 
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Stored Communications Act 


m Stored Communications Act (SCA), 18 U.S.C. SS 
2701-2712 


m Provides statutory and procedural protections to customer 
records and contents of communications when held in 
electronic storage 

m Electronic storage: “any temporary, intermediate storage of 
a wire or electronic communication incidental to the 
electronic transmission thereof" 


= Applies to all electronic communications services, 
e.g., Yahoo, Google, and military networks 
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Stored Communications Act 


oo 


m § 2701 prohibits unauthorized access to stored 
communications 


= Service provider exception 
m Allows person or entity providing a wire or electronic 
communications service to access stored communications, 
e.g., sys ads 


m Q: Ever wonder how Google knows that you're in 
the market for .. . a feng shui brass rooster? 
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V Stored Communications Act 
= S 2702. Disclosure of Contents 


m Prohibits a person or entity providing an electronic 
communication service [ECS] to the public from releasing 
the contents of a communication while in electronic 
storage by that service; and 


m Prohibits a person or entity providing remote computing 
service [RCS] to the public from releasing the contents of 
any communication which is carried or maintained on that 
service 
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= Strict requirements apply to public 
service providers only, per 18 U.S.C. S 
2702 


= DoD is not a public service provider. See 


Andersen Consulting LLP v. UOP, 991 F. 
Supp. 1041 (N.D. IL 1998) 

m İn theory, no substantial limits for DoD 
system admins when accessing s' 
comm nications on our networks 


Eyes of the Eagle 
Page 65 of 3957 


Page 66 of 3957 


Stored Communications Act 


= To gain access to most records of interest, LE 
needs to either obtain a search warrant or a S 
2703(d) order (used when the records are "relevant 
and material to an ongoing criminal investigation") 


m These must be obtained from a "court of competent 
jurisdiction" 
m Excludes military courts 
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g 4 SCA, Compelled Disclosure, 18 USC 
"4 8 2703 


JL 
Information Sought Public Provider V ou d 


e? 


| 
| - 
| Basic subscriber, session, and billing Subpoena; 2703(d) order, or Subpoena; 2703(d) order, or 
| information search warrant search warrant 
i 
| 8 2703(c)Q2) 8 2703(cX2) 
Other transactional and 2703(d) order or search warrant 2703(d) order or search warrant 
i account records 
| § 2703(c)(1) § 2703(c)(1) 
Retrieved communications and the | Subpoena with notice; 2703(d)order |- Subpoena, SCA does not apply 


| content of other stored files with notice; or search warrant 
1 
| 


§ 2703(b) 8 2711(2) 


Unretrieved communications, Subpoena with notice; 2703(d) order | Subpoena with notice; 2703(d) order 
| including email and voice mail with notice; or search warrant with notice; or search warrant 

| (in electronic storage more than 

| 180 days) 8 2703(a). (b) § 2703(a). (b) 

| Unretrieved communications, Search warrant Search warrant 

| including email and voice mail (in 

| electronic storage 180 daysor less) 

! 


§ 2703(8) § 2703(a) 
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SCA Practice Tips 


relevant to the investigation: 

= Immediately send a preservation request to the 
provider (renew for 90 days) 

m Work with local US Attorney's office to obtain a 
search warrant or court order from a Federal District 
Court 

m For subscriber information, i.e., non-content, trial 
counsel and/or DoD IG subpoena is sufficient 
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O Real-Time "Live" Data 


=Pen Register / Trap & Trace 
(non-content) 
aWiretap Act (content) 
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Pen Register / Trap & Trace 


* Pen/Trap captures all non-content information in a 
communication, i.e., meta data (address on an 
envelope) 

* Requires a court order, unless an exception met 


* Initially applied to telephones only 
* Pen Register: records numbers dialed from a 
particular phone, e.g., 867-5309 
* Trap & Trace: records what numbers dialed to a 
particular phone, i.e., caller ID 


* Now includes land lines, cell phones, internet user 


— accaunts.ermail-accou 
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Pen Register / Trap & Trace 


* Permits providers or wire communication services 
authority to use pen/trap devices on their own networks 
without a court order 

* Perform operation, maintenance, and testing 
* Protect provider's property 
* Protect users from abuse / unlawful use of service 


* On AFIN, would also apply to "proxy logs" containing 
records of web page activity 
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Wiretap Act 
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V The Wiretap Statute 


= Federal Wiretap Statute, 18 U.S.C. S 2510-2520 
m BLUF: Wiretapping is illegal, unless an exception applies 
m Broadly prohibits eavesdropping everywhere by people in 
the US (not just the government) 
m Wiretap defined: intercepting communications using an 
electronic, mechanical, or other device 
= “Communications” means content 


= “Intercept” means acquiring 
contemporaneously with transmission, i.e., 
“live or real-time" communication 


= Applies to Internet communications 
m Air Force is a provider of electronic communications 
services 
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Wiretap Statute Exceptions 


= Consent, S 2511(2)(c)-(d) 

= Accessible to the public, S 2511(2)(g)(i) 

= Court order, S 2518 

= Service Provider Exception, S 2511(2)(a)(i) 

= Computer Trespasser Exception, S 2511(2)(i) 
= Extension telephone exception, S 2510(5)(a) 


a Inadvertently obtained criminal evidence, S 
2511(3)(b)(iv) 
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Service Provider Exception 


oo 


= Applies to “provider[s] of electronic communication 
services” 


= System providers are authorized to intercept, 
disclose, or use network communications to protect 
rights & property of the provider or to ensure the 
system continues to provide service 

= Allows real-time monitoring w/o a warrant to 
improve service 


= For example, it is appropriate to scan (intercept) all 
incoming emails for malicious code, but it is likely not 
appropriate to scan all emails for certain words. 
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Y Computer Trespasser Exception 


rd 
Kag 


= This is the primary exception used by LE/CI (AFOSI), 18 
USC S 2511 
m Investigators may monitor a computer trespasser if: 

au System owner consents 

m Part of a lawful investigation (AFOSI); 

a Reasonable grounds exist to believe the contents 
of trespasser's communications will be relevant to 
the investigation; and 

= Interception is limited only to those 
communications "to and from the trespasser" 


m Atrespasser does not include a lawful user of the system who 
exceeds their authorized access, i.e., “insider threat" 


= AFOSI/JA will provide legal advice and staff to AFOSI/CC 
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Final Thoughts 


g Fourth Amendment violation where GPS was 
attached to a car without a warrant and Joneses’ 
movements were tracked for 28 days. United States 
v Jones, 132 S. Ct. 945 (2012) 


= “More fundamentally, it may be necessary to reconsider the 
premise that an individual has no reasonable expectation 
of privacy in information voluntarily disclosed to third 
parties." J. Sotomayer, concurring. 


Eyes of the Eagle 
Page 77 of 3957 


Page 78 of 3957 


Final Thoughts 


= Search of a cell phone incident to arrest requires a 
warrant. Riley v. California, 134 S. Ct. 2473 (2014). 


m "Indeed, a cell phone search would typically expose to the 
government far more than the most exhaustive search of a 
house: A phone not only contains in digital form many 
sensitive records previously found in the home; it also 
contains a broad array of private information never found 
in a home in any form-unless the phone is." (emphasis in 
original) 
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Recap 


= What is “cyber law"? 

» Reasonable Expectation of Privacy 
» Search and Seizure on the AFNET 
» Stored Communications Act 

» Pen Register / Trap Trace 

= Wiretap Act 

» Final Thoughts 
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"v. 


g 


\ “4 Stored Communications Act 
Al 


= Stored Communications Act (SCA), 18 U.S.C. SS 
2701-2712 

= Provides statutory and procedural protections to customer 
records and contents of communications when held in 
electronic storage 

= Electronic storage: “any temporary, intermediate storage of 
a wire or electronic communication incidental to the 
electronic transmission thereof” 


= Applies to all electronic communications services, 
e.g., Yahoo, Google, and military networks 
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Topics 
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Status 


UT 


* February 2016: DoD SIOO sends out 5240.01M for informal coord Sf 


e February — March 2016: Working and DoJ adjudicate approximately «,/Á 
170 comments from informal coord 


* 7 March 2016: "Clean" 5240.01M sent to WHS for formatting v4 

* 11/14 March 2016: SIOO to send 5240.01M for formal coord Sf 

* 1 April 2016: Suspense for formal coord A 

e 15 April 2016: Complete adjudication of comments (DoD, Dod) \/ 
* April — May 2016: Legal/security/PCLOB reviews Ti 

e July 2016: Anticipated signing by AG and SECDEF 
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| Overview 

DI 
e 5240.01M remains DoD implementing policy for E.O. 12333 
e Follows same structure as 5240.1-R 


e Procedure 1 — General Provisions 

e Procedure 2 — Collection 

* Procedure 3 — Retention 

e Procedure 4 — Dissemination 

e Procedure 5 — Electronic Surveillance 

* Procedure 6 — Concealed Monitoring 

* Procedure 7 — Physical Search 

e Procedure 8 — Mail Searches and Cover 
* Procedure 9 — Physical Surveillance 

* Procedure 10 — Undisclosed Participation 


* Procedures 11 — 15 removed from 5240.01M; AG approval not needed 
* To be published in other DoD issuance 
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V Key Changes 


7“ » 
° New definition of collection 


¢ Information is collected when it is received 

* Exception is when information not intelligible (e.g. encrypted) 

* Dissemination received from another agency is NOT collection 
* Concepts of shared repository and special collection added 
* Counterintelligence exception expanded to account for HVE 
* New retention timeframes for incidental collection 

* Domestic incidental collection may be retained up to five years 


* Overseas incidental collection may be retained up to 25 years 
* DIC Heads and single delegee may approve extensions 
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V Key Changes 


<39 


¢ Military magistrates may no longer authorize Procedure 7 


e Only MCIOs may conduct searches against AD personnel 
* Must obtain FISA 


e Three approval levels for UDP 
* No specific approval 
* DIC Head or delegee(s) 
* DIC Head or single delegee 


* Definitions of organization in US and outside US expanded to 
account for internet activity 


* List of Defense Intelligence Components and their heads updated 
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MAJOR CHANGES BY 
PROCEDURE 
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Procedure 1 


General Provisions 
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Y Procedure 1 — General 
M Provisions 


* Para 3.1.b. — Adds concept of shared repositories 


e Para 3.1.b.2. — Procedures for components hosting shared 
repositories 


* Para 3.1.b.3. — Procedures for components acting as participants in 
shared repositories 


e Paras 3.1.c. — 3.1.e. — DoD Senior Intelligence Oversight Official (SIOO) 
added as cognizant entity for interpretation, exceptions, amendments to 
5240.01M 
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Procedure 2 


Collection of US Person 
Information 
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Y Procedure 2 — Collections 


e Para 3.2.c.4.c. - Counterintelligence: exception expands foreign 
terrorist connection to include individuals "reasonably believed to be 
acting for or in furtherance of, the goals or objectives of an international 
terrorist or international terrorist organization, for purposes harmful to 
the national security of the United States." 


* Permits collection when no specific connection to foreign terrorist(s) 
has been established — HVE (e.g. San Bernardino, Orlando) 


* Para 3.2.c.5.b. — Threats to Safety: Allows DIC heads or delegee to 
authorize collection when they have determined a "persons ' life or 
physical safety is reasonably believed to be in imminent danger;" 
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Procedure 2 — Collections 


e Para 3.2.c.8. - Persons in Contact With Sources or Potential Sources: 
New exemption category added. 


e Para 3.2.c.10. — Physical Security: This exemption now includes a 
requirement that there exist a "reasonable belief in...the foreign 
connection of the U.S. persons...and the physical security threat they 
pose." 


* Para 3.2.c.12. — Overhead and Airborne Reconnaissance: This 
exemption now includes requirements to comply with DoD or NGA 
policies and procedures 


* Former exemption for Narcotics has been removed (replaced by 
3.2.C.8.) 
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Y Procedure 2 — Collections 


«P 


* Para 3.2.e. — Adds notion of Special Circumstances Collection 


e “(C)ollection opportunities raise special circumstances based on the 
volume, proportion, and sensitivity of the USPI likely to be acquired, 
and the intrusiveness of the methods used to collect the 
information." 


* DIC head or delegee must approve such collection and report 
approval to DoD SIOO 


* Para 3.2.f.3. — Requires that in any collection of non-publicly available 
information the DICs must "to the extent practicable, take steps to 
collect no more information that is reasonably necessary." 
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Procedure 3 


Retention of US Person 
Information 
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Procedure 3 — Retention 


e 


e Para 3.3.c.1. — Intentional Collection of USPI: DIC must evaluate 
information promptly, but may retain for up to five years for evaluation 


* DIC Head or single delegee may approve an extended period 


* Para 3.3.c.2.a. — Information collected incidentally in the US, or about a 
place in the US, may be retained for five years for evaluation 


e DIC Head or single delegee may approve an extended period 


* Para 3.3.c.2.b. - Information collected incidentally outside the US, or 


about a place outside the US, may be retained for 25 years for 
evaluation 


* DIC Head or single delegee may approve an extended period 
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Procedure 3 — Retention 


* Para 3.3.c.3. — Voluntarily Provided USPI: DIC may retain such 
information for up to five years for evaluation 


* DIC Head or single delegee may approve an extended period 
e If DIC receives voluntarily provided information about individual 
believed to be a non-US Person, but info may contain USPI, 


retention period is 25 years 


* Para 3.3.c.4. — Special Circumstances: Such information may be 
retained for up to five years 


e USD(I) may approve an extended period 


* Para 3.3.c.5. — Extended Retention 
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“a = ww 


wi 


Z Procedure 3 — Retention 
s 


* Para 3.3.c.6. — Retention time frames do not begin until information has 
been processed into intelligible form (e.g. decryption) 


e Para 3.3.d. — Information received from another component or IC 
element will be subject to the same, concurrent retention time limits as 
originating agency (i.e. clock does not restart for receiving entity) 


* Para 3.3.e. — Addresses criteria for permanent retention 


* Para 3.3.f.1.b. — Requires that “when retrieving information 
electronically, tailor queries...to the greatest extent practicable to 
minimize the amount of USPI returned that is not pertinent...” 


* Para 3.3.f.1.c. - DICs must "take reasonable steps to audit access to 
information systems containing USPI and to audit queries...to assess 
compliance with this issuance." 
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Procedure 3 — Retention 


* Para 3.3.f.1.d. - When developing and implementing information 
systems for use with USPI, DICs must "take reasonable steps lo ensure 
effective auditing and reporting..." 


* Para 3.3.f.1.e. — When retaining information DICs are required to 
"(e)stablish documented procedures for retaining data containing USPI 
and recording the reason...and the authority approving the retention." 


* Para 3.3 f.1.f. — Requires annual training for employees accessing or 
using USPI 


* Para 3.3.f.2. - DICs must employ reasonable measures to identify and 
mark files containing USPI 


* Para 3.3.7.3. — DoD SIOO will periodically review DIC practices 


Eyes of the Eagle 
Page 97 of 3957 


Page 98 of 3957 


Procedure 3 — Retention 


K 


* Para 3.3.g. - Enhanced Safeguards: DIC Head or delegee must assess 
need for enhanced safeguards when there is special circumstances 
collection 


* Factors to consider include 
* Intrusiveness of collection method(s) 
* Volume or sensitivity of USPI 
* Potential for harm, embarrassment, inconvenience, unfairness 
* Uses of USPI being retained 
* Length of retention 


e Para 3.3.9.2. — Details potential enhanced safeguard measures 
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Procedure 4 


Dissemination of US 
Person Information 
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D, Procedure 4 — Dissemination 


Des 


* Para 3.4.c. — Criteria for Dissemination: Several new categories added 


e Para 3.4.c.1. — Any Person or Entity: Dissemination to any person 
or entity permitted if information is publicly available or collected via 
consent 


* Para 3.4.c.8. — Protective Purposes: Dissemination permitted if 
necessary to protect safety/security of persons or property, or to 
protect against crime or threat to national security 


e Para 3.4.d. — DICs may disseminate large amounts of unevaluated 
USPI (defined in Para 3.4.c.3.) with approval of DIC Head or single 
delegee, after notification to DoD SIOO 
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Procedure 4 — Dissemination 


* Para 3.4.e. — DICs should not include USPI in dissemination “if 
pertinent information can be conveyed in an understandable way 
without including the identifying information. " 


e If dissemination includes USPI the receiving entity must be so 
notified 


* Para 3.4.g. — Special considerations/controls on dissemination of 
information to the White House 


* Para 3.4.h. — DICs must have procedures in place to address improper 
dissemination of USPI 
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Procedure 5 


Electronic Surveillance 
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Procedure 5 — Electronic 
Surveillance 


* Para 3.5.c.2. — Adds Attorney General (AG) to Foreign Intelligence 
Surveillance Court (FISC) as authorizing entities for electronic 
surveillance in the US 


* Paras 3.5.c.2.a. and 3.5.c.2.b. add criteria which DICs must meet in 
order to conduct such surveillance 


* Para 3.5.c.3. — Add USD(l) as DoD entity authorized to request 
electronic surveillance of US Person in US 


e Para 3.5.d.3. — Add USD(I) as DoD entity authorized to request 
electronic surveillance of US Person outside US 


e Para 3.5.e. — Does NOT apply to MCIO Cl activities against non-US 
Persons outside of the US 
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Procedure 5 — Electronic 
Surveillance 


e Para 3.5.g. — In emergency situations, DICs may obtain approval from 
AG 


* Request for AG approval must be made by 
e SECDEF/DEPSECDEF 
e USD (I) 
e SECAF/USECAF (SECNAV/USECNAV, SECAR/USECAR) 
* DIRNSA 


e Para 3.5.h. — In exigent circumstances, DICs may target US Persons 
outside of the US when AG approval is not practical if: 


e Persons life or physical safety in danger; or 

* Physical security of USG property in danger from foreign power; or 

* Time required for AG approval would result in harm to national 
security 
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Procedure 5 — Electronic 
Surveillance 


d 
k 


* Para 3.5.h.2. — Approval of exigent circumstance electronic surveillance 
limited to : 


e SECDEF/DEPSECDEF 

e USD (I) 

* SECAF/USECAF (SECNAV/USECNAV, SECAR/USECAR) 

* DIRNSA/Deputy DIRNSA 

* NSA SIGINT Director 

* DIRNSA Senior Representative 

* Any flag/general office at overseas location in question 
w/responsibility for subject or endangered resources 


* Para 3.5.i.2.b.1. — Adds allowance for collection of incidental information 
during TSCM when it is not reasonable to obtain consent of persons 
subject to incidental collection 
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Procedure 5 — Electronic 
Surveillance 


* Para 3.5.i.2.c. — Adds criteria for retention and dissemination of 
information obtained during TSCM 


e Para 3.5.i.3.c. — Adds several permissible targets of electronic 
surveillance for training purposes (sub-paras 3, 4, 5 and 6) 


* Para 3.5.i.3.d. — Lists five conditions which must be met to train against 
targets other than those listed in 3.5.i.3.c. 


* Surveillance not targeted at particular person without consent 

* Not reasonable to obtain consent of persons incidentally 
subjected to surveillance 

* Not reasonable to train without engaging in such surveillance 

e Surveillance limited in extent and duration to that necessary 

* Minimal acquisition of information permitted for calibration 


Eyes of the Eagle 
Page 106 of 3957 


Page 107 of 3957 


Procedure 6 


Concealed Monitoring 
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Procedure 6 — Concealed 
Monitoring 


* Para 3.6.a.2. — Procedure does not apply to concealed monitoring for 
testing or training when subjects consent; otherwise subject to 
Procedure 6 


e Para 3.6.c.1. — DICs may conduct concealed monitoring outside DoD 
facilities in the US after coordination with FBI and in accordance with all 
DoJ/FBl agreements 


e Para 3.6.c.3. — Concealed monitoring may be approved by DIC Head or 
a delegee 
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Procedure 7 


Physical Searches 
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Procedure 7 — Physical 
Searches 


2 


* NOTE: Searches based upon military magistrate authorization 
pursuant to Military Rules of Evidence are no longer permitted 
under Procedure 7 


e Search authorizations may be used to pursue potential UCMJ 
violations under Military Rules of Evidence 


* Para 3.7.c. - Searches Against Active Duty Military Personnel: only 
MCIOs may be authorized to conduct 


* Must be conducted under FISA with AG or FISC approval 


e SECDEF/DEPSECDEF, USD(I), SECAF/USECAF may seek 
approval 


* In emergency situations MCIO Head or delegee may make request 
to DoD GC to seek AG authorization 
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Procedure 7 — Physical 
Searches 


* Para 3.7.d. — Searches Against Other Persons in the US: DICs may not 
conduct, but may request FBI to conduct if two conditions met 


1. Search must be for authorized FI or Cl purpose 
2. Search must meet definition of physical search under FISA 


e SECDEF/DEPSECDEF, USD(I), SECAF/USECAF, DIRNSA, Director 
DIA, Director NGA, Director NRO may seek approval 


* In emergency situations MCIO Head may make request to DoD GC 
ask FBI to conduct search 
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Procedure 7 — Physical 
u$ Searches 


* Para 3.7.e. — Searches of Other US Persons or Their Property Outside 
the US: DICs may conduct such searches if three conditions met 


1. Search is for authorized Fl or Cl purpose; and 
2. Search is appropriately coordinated with CIA; and 
3. FISC or AG has approved search 


e SECDEF/DEPSECDEF, USD(I), SECAF/USECAF, DIRNSA, Director 
DIA, Director NGA, Director NRO may seek approval 


* In emergency situations MCIO Head may make request to DoD GC 
to seek AG authorization 
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Procedure 8 


Searches of Mail and 
Mail Covers 
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^ Procedure 8 — Searches of Mail 
d and Mail Covers 


* Para 3.8.a. — Clarifies that this Procedure does not apply to items 
transported by a commercial carrier (e.g. Federal Express, UPS, etc.) 


* Para 3.8.c.1. — Searches of Mail: subject to Procedure 7 limitations and 
approvals 


* Para 3.8.d. — Mail covers: DICs may request USPS conduct mail cover 
for items in USPS channels 


* For mail in foreign channels DICs may request mail cover for items 
to/from US Person in accordance with local law and SOFA 


* No specific DIC official(s) identified as required to make request 
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Procedure 9 


Physical Surveillance 
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Procedure 9 — Physical 
Surveillance 


* Para 3.9.c.1.a. - DICs may conduct surveillance of US Persons in US if 
they fall into the existing 5240.1-R categories 


* Para 3.9.c.1.b. - DICs may conduct surveillance of non-US Persons in 
US for authorized Fl or Cl purpose 


* Para 3.9.c.1.c. - DIC Head or delegee must approve authorized physical 
surveillance 


* Physical surveillance in the US must be coordinated with FBI per 
existing agreements with DoJ/FBI 


* DICs can participate in physical surveillance of other US Persons in 
US when detailed to, or operating under the authorities of, the FBI 
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" Procedure 9 — Physical 
"d Surveillance 


e Para 3.9.c.1.d. — DIC Head or delegee may approve DIC participation in 
authorized FBI physical surveillance in US when FBI requests and 
authorizes DIC participation in writing 


* Para 3.9.c.2.c. — DIC Head or a delegee may approve physical 
surveillance of any US person outside of the US 


* Physical surveillance outside the US conducted off of a military 
installation must be coordinated with the CIA 


* Approving official must consider host nation laws and SOFA 
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Procedure 10 


Undisclosed Participation 
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Procedure 10 — Undisclosed 
Participation 


e Para 3.10.a. - Clarifies that Procedure 10 applies to sources 
e Para 3.10.b. - Identified three categories of excluded activities 


* Personal participation (i.e. undertaken for personal reasons and at 
personal expense) 


* Voluntarily provided information from existing members without 
request from DIC 


* Publicly available information on the internet collected in such a way 
that provision of personal identifying information is not required, and 
no communication with human being occurs 
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Procedure 10 — Undisclosed 
Participation 


* Para 3.10.e. — Limitations on Undisclosed Participation: adds two 
additional limitations not found in 5240.1-R 


e UDP may not be authorized to collect on domestic activities of US 
persons 


* All UDP must be coordinated with FBI, CIA or other agency in 
accordance with EO 12333 and other policies/agreements 


* Para 3.10.e.6.b. — DICs wishing to engage in UDP to influence activities 


of an organization per Para 3.10.e.6.a. must make request to USD(I) 
through DoD/GC 


* Para 3.10.e.6.c. — Prohibition on influencing organizations does not apply 
to non-US Persons located outside the US 
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Procedure 10 — Undisclosed 


Participation 
e Para 3.10.f. — Required Approvals: Approvals now authorized at three 


levels 


1. No Specific Approval Required: Recognizes activity as UDP but no 
specific approval required 


* Education or training 
* Participation to maintain cover; no further activity in organization 


¢ Information published or posted by an organization open to the 
public when information is available to all members and no 
elicitation occurs (e.g. Subscription to Washington Post) 


* Public forums, to include social media, when employment affiliation 
is not required and no elicitation occurs (e.g. Facebook public 
profiles) 


* Foreign entities 
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Procedure 10 — Undisclosed 
Participation 


2. UDP that may be approved by DIC Head or delegee 


e Information collected to identify and assess non-US Person as 
potential source of assistance 


* Public forums, to include social media, when employment 
affiliation is required and/or elicitation occurs (e.g. Facebook 
non-public profiles) 


* Cover activities beyond obtaining or renewing membership 


¢ Information collected outside the US from or about a non-US 
Person located outside the US 
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Y n Procedure 10 — Undisclosed 
A Participation 


3. UDP that may be approved by DIC Head or single delegee 


* Collection of Fl outside of US from or about a specific US 
Person, or from or about a non-US Person in the US 


* To conduct CI activities not addressed previously, in or outside 
the US 


* Collection of information inside the US needed to identify a US 
Person as potential source 


* Collection of information outside the US needed to assess a US 
Person as potential source 


* Para 3.10.f.4. — UDP not addressed elsewhere in Procedure may be 
authorized by USD(I) or DIC Head with notice to DoD SIOO 
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Procedure 10 — Undisclosed 
Participation 


* Para 3.10.f.5. — Approving official must make following determinations 


e “Potential benefits to national security outweigh any adverse impact 
on civil liberties or privacy of US Persons." 


e UDP complies with requirements of Para 3.10.e. 


* UDP is least intrusive means feasible to obtain information and 
conforms to Procedure 2 


e Para 3.10.9. — Disclosure requirement: Disclosure of DIC affiliation must 
be sufficient to apprise appropriate official(s) of the affiliation 


e |f official to whom disclosure would be made acting on behalf of DIC, 
his/her knowledge not sufficient unless senior official of organization 


* DIC will maintain written record of disclosures, including to whom 
made 
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Definitions 


THE FOLLOWING DEFINITION HAVE BEEN ADDED OR NOTABLY 
CHANGED FROM 5240.1-R 
(Definitions below are summarized) 


* Agent of a Foreign Power — any person, including a US Person, acting 
for or on behalf of a foreign power 


* Collection — information is collected when it is received by a DIC 


* Defense Intelligence Components — now defined as: 


* NSA/CSS 

* DIA 

* NRO 

* NGA 

* Fl and Cl elements of the Military Departments 
* Senior Intelligence Officials of the COCOMs 
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* Defense Intelligence Component Head — now includes: 


* Director NSA 

* Director DIA 

* Director NRO 

* Director NGA 

* Deputy Chief of Staff, G2, Department of the Army 
e Commander, Army INSCOM 

* Director of Naval Intelligence 
* Director of Naval Intelligence Activity 
e Commander, ONI 

* Commander, US Fleet Cyber Command 

* Director, NCIS 

* Director of Intelligence, USMC 

* Commander, Marine Corps Intelligence Activity 

* Deputy Chief of Staff, ISR, Department of the Air Force 
* Commander, 25" Air Force 

* Commander, AFOSI 
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Definitions 


e Detail - an employee of one agency operating under the authorities of 
another agency 


e Dissemination — transmission of information outside of a DIC 


* DoD Facility — Installations/facilities owned, leased or occupied by 
accommodation by DoD 


* Foreign Connection — US Person in contact with a foreign person for 
purposes harmful to US national security 


e Host of a Shared Repository — entity maintaining a shared repository 
* Imagery — likeness of any feature and positional data thereof 


* Incidental Collection of USPI — USPI collection not deliberately sought 
by a DIC but which is nonetheless collected 


* Intelligence — includes Fl and Cl 
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Definitions 


e Intentional Collection of USPI — USPI collection deliberately sought by 
a DIC 


* Organization — expanded to include entities which meet and 
communicate principally through the use of technology 


* Organization in the US — expanded to include organizations primarily 
meeting via the internet substantially composed of persons located in 
the US 


* Organization Outside the US Constituting a US Person - organization 
physically located outside the US but substantially composed of US 


Persons or organization primarily meeting via the internet substantially 
composed of US Persons located outside the US 


e Overhead Reconnaissance — activities of space-based capabilities 
conducting imagery collection 
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Definitions 


e Physical Search — expanded to include electronic data 


e Shared Repository- database or other repository maintained for the 
use of more than one agency 


* Transmission Media Vulnerability Survey— acquisition of transmissions 
to determine vulnerability to interception 


* Undisclosed Participation — participation in an organization without 
disclosure of DIC affiliation 


e USPI — information reasonably likely to identify a specific US Person 
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Definitions 


THE FOLLOWING DEFINITION HAVE BEEN 
REMOVED FROM 5240.01M 


* Counterintelligence Investigation 


* | awful Investigation 
* Physical Security 
* Physical Security Investigation 


* Signals Intelligence 
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UNCLASSIFIED 


Air Force Office of Special Investigations 
Eyes of the Eagle 


DoDM 5240.01 


Legal Primer 
29 Sept 2016 


U.S. AIR FORCE 
UNCLASSIFIED 
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Lud 
<7 Topics 
DI. 
= DoDM 5240.01 Overview 


= DoDM 5240.01 Procedures 

Proc 2, Collection 

Proc 3, Retention 

Proc 4, Dissemination 

Proc 5, Electronic Surveillance 
Proc 6, Concealed Monitor 

Proc 7, Physical Search 

Proc 8, Mail Search/Cover 

Proc 9, Physical Surveillance 

Proc 10, Undisclosed Participation 


m JA Checklist 
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Overview 
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&, ~~ DoDM 5240.01, 
v4 Overview 


= Effective 8 Aug 2016; signed by SecDef and AG 

& Changes are substantial, but not significant 

= Replaces Procedures 1-10 of DoD 5240.1-R (Dec 1982) 
m DoD 5240.01-R, Procedures 11-15, remain in effect 


m No changes to Executive Order 12333 
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DoDM 5240.01, 
Overview 


UNCLASSIFIED 


= CI Defined: Information gathered and activities 
conducted to identify, deceive, exploit, disrupt, 
or protect against espionage, other intelligence 
activities, sabotage, or assassinations 
conducted for or on behalf of foreign powers, 
organizations, or persons, or their agents, or 
international terrorist organizations or activities. 
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Procedure 2, Collection— 
Introduction 


q 
1” 
a Intentional Collection of USPI: We may intentionally 


collect USPI only if: 
m the information sought is reasonably believed; 
m to be necessary for the performance of an authorized Cl mission; and 
m the USPI falls within one of the following 13 categories below. 
m CI2MS requires that you indicate a Proc 2 collection category 


m U.S. Person Information (USPI) defined: Information that 
is reasonably likely to identify one or more specific U.S. 
persons. 


m Collection takes place upon receipt 
Regardless of when you use it 

Computers can collect 

Intel is collected only once 

May be disseminated multiple times 

Encrypted data is considered collected upon receipt 
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Y " Procedure 2, Collection— 
d Reasonable Belief 


= Defined: When the facts and circumstances are 
such that a reasonable person would hold the belief. 
m Must rest on facts and circumstances that can be 
articulated; 
= Hunches or intuitions are not sufficient; and 


m Can be based on experience, training, and knowledge of CI 
activities as applied to particular facts and circumstances. 
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Procedure 2, Collection— 
Categories 


1. Publicly Available 8. Persons in Contact 


2. Consent 


3. Foreign Intelligence 


(FI) 


With Sources or 
Potential Sources 


9. Personnel Security 


4. Counterintelligence 10. Physical Security 
(CI) 11. Communications 

5. Threats to Safety Security 

6. Protection of 12. Overhead and Airborne 
Sources/Methods Reconnaissance 

7. Current, Former, or 13. Administrative 
Potential Sources Purposes 
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Procedure 2, Collection— 
Categories 


1. Publicly Available Information 


2. Consent 


= The legal advisor must determine whether a notice or 
policy is adequate and lawful, before the Component takes 
or refrains from taking action on the basis of implied 
consent (DoDM 5240.01, G.2.) 


3. Foreign Intelligence 
m AFOSI does not have a foreign intelligence mission 
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^ d Categories 
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4. Counterintelligence: The information is reasonably believed 
to constitute Cl and the U.S. person is one of the following: 


(a) An individual, organization, or group reasonably believed to be 
engaged in or preparing to engage in espionage, other intelligence 
activities, sabotage, or assassination on behalf of a foreign power, 
organization, or person, or on behalf of an agent of a foreign power, 
organization, or person; 

An individual, organization, or group reasonably believed to be 
engaged in or preparing to engage in international terrorist activities; 


(c) An individual, organization, or group reasonably believed to be acting 
for, or in furtherance of, the goals or objectives of an international 
terrorist or international terrorist organization, for purposes harmful 
to the national security of the United States; or 

An individual, organization, or group in contact with a person 
described above for the purpose of identifying such individual, 
organization, or group and assessing any relationship with the 
person described therein. 


(b 


— 


(d 


` 
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UNCLASSIFIED 


Procedure 2, Collection— 
Categories 


V 


5. Threats to safety: information needed to protect 
the safety of any person or organization, including 
those who are targets, victims, or hostages of 
international terrorist organizations, if: 

m The threat has a foreign connection; 

m AFOSI/CC or delegee has determined that a person's life or 
physical safety is reasonably believed to be in imminent 
danger; or 

m The information is needed to maintain maritime or 
aeronautical safety of navigation. 
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Procedure 2, Collection— 
Categories 


6. Protection of Intelligence Sources, Methods, and Activities 


= The information is about U.S. persons who have access to, had access to, 
will have access to, or are otherwise in possession of information that 
reveals foreign intelligence or Cl sources, methods, or activities, when 
collection is reasonably believed necessary to protect against the 
unauthorized disclosure of such information. 


7. Current, Former, or Potential Sources of Assistance 


m The information is about those who are or have been sources of 
information or assistance, or are reasonably believed to be potential 
sources of information or assistance, to intelligence activities for the 
purpose of assessing their suitability or credibility. 


8. Persons in Contact With Sources or Potential Sources 


m The information is about persons in contact with sources or p 
sources, for the purpose of assessing the suitability or credibility of such 
sources or potential sources. 


9. Personnel Security 
m The information is arising from a lawful personnel security investigation. 
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UNCLASSIFIED 


Procedure 2, Collection— 
Categories 


10. Physical Security 


m The information is about U.S. persons reasonably believed 
to have a foreign connection and who pose a threat to the 
physical security of DoD personnel, installations, 
operations, or visitors. 

= Must have or be supporting an authorized physical security 
mission and must be able to articulate a reasonable belief 
in both the foreign connection of the U.S. persons who are 
collection targets and the physical security threat they 
pose. 


11. Communications Security Investigation 


z The information is arising from a lawful communications 
security investigation. 
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Procedure 2, Collection— 
Categories 


12. Overhead and Airborne Reconnaissance 

= May intentionally collect imagery that contains USPI 
provided that the collection is not directed at a specific U.S. 
person or, if the collection is directed at a specific U.S. 
person, the collection falls in one of the other 12 categories 

m includes information obtained from unmanned aircraft 
systems 

m See SecDef Memo Feb 2016 


13. Administrative Purposes 
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Procedure 2, Collection— 
Other Considerations 


4% 


= Least Intrusive Means 
m Use the least intrusive collection techniques feasible within the 
United States or directed against a U.S. person abroad. 

1. Publicly available sources or with consent 

2. Cooperating sources 

3. Techniques that do not require a judicial warrant or AG 
approval 

4. Techniques that do require a judicial warrant or AG 
approval 


= Amount of Information Collected 
a in collecting non-publicly available USPI, to the extent practicable, 
collect no more information than is reasonably necessary. 
= Special Circumstances Collection [BIG data] 


= Components will consider whether collection opportunities raise 
special circumstances based on the volume, proportion, and 
sensitivity of the USPI KE to be acquired, and the intrusiveness 
of the methods used to collect the information. 
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Retention 


UNCLASSIFIED 


= Permanent Retention standard 


= Retention is reasonably believed to be necessary 
for the performance of an authorized intelligence 
mission; and 
m The information was lawfully collected or 
disseminated to the Component: 
= Meets one of the 13 Proc 2 collection categories; or 


a Is necessary to understand or assess Cl, e.g., 
information about a U.S. person that provides important 
background or context for Cl. 
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g, ~~ Procedure 3, 
A 


ur Retention 


m Three primary evaluation periods to determine 
permanent retention of USPI 
m Promptly 
m Five (5) years 
æ Twenty-five (25) years 


m Intentional Collection of USPI 
= Must be evaluated promptly; and 


m If necessary, may retain the information for evaluation for 
up to 5 years, subject to extension 
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Procedure 3, 
Retention 


UNCLASSIFIED 


v 
La 


m Incidental Collection of USPI 
m Defined: collection of USPI that is not deliberately sought, 
but is nonetheless collected 


m In the United States, may retain all of the incidentally 
collected information for evaluation for up to 5 years, 
unless extended 


m Outside the United States, may retain all of the incidentally 
collected information for evaluation for up to 25 years 


m Voluntarily Provided USPI 


m About a U.S. person, evaluate the information promptly, up 
to 5 years, unless extended 


m About a non-U.S. person, evaluation for up to 25 years 
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Procedure 3, 
Retention 


UNCLASSIFIED 


e Unintelligible information 

m includes information that a Component cannot decrypt or 
understand in the original format 

m The time periods begin when the information is processed 
into intelligible form 

= To the extent practicable, unintelligible information will be 
processed into an intelligible form 

a A foreign language is considered intelligible 


= Deletion of Information 
= Unless the standards for permanent retention are met, 
must delete all USPI from the Component’s automated 
systems of records 
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MA Dissemination 
a We may disseminate USPI based upon the following 
criteria: 


= Any person or entity: Information is publicly available or U.S. 
person has consented to the dissemination 
um Other intelligence community elements 
m Other DoD elements; federal government entities; state, local, 
tribal, or territorial governments: recipient is reasonably 
believed to have a need to receive such information for the 
performance of its lawful missions or functions. 
m Foreign governments or international organizations 
= Recipient is reasonably believed to have a need to receive 
such information for its lawful missions or functions; and 
= Disclosure is consistent with applicable international 
agreements and foreign disclosure policy 
m Protective Purposes 
m Necessary to protect the safety or security of persons or 
property, or to protect against or prevent a crime or threat to 
the national security 
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Y Procedure 5, 
MA Electronic Surveillance 


= Implements FISA and E.O. 12333 


m Defined for U.S. collection 


m The installation or use of any monitoring device in the 
United States where a person has a reasonable expectation 
of privacy, as determined by JA, and 


m A warrant would be required for law enforcement purposes 


= Fourth Amendment 


m All electronic surveillance must comply with the Fourth 
Amendment 

m JA must assess the reasonableness of collection, 
retention, and dissemination (DoDM 5240.01, para. 3.5.b.) 
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Procedure 5, 
Electronic Surveillance 


UNCLASSIFIED 


m In the United States 


m Attorney General or the Foreign Intelligence 
Surveillance Court (FISC) must authorize, except 
in emergency situations. 


m May only conduct such surveillance if both: 
a A significant purpose of the electronic surveillance is to 
obtain foreign intelligence information; and 
w There is probable cause to believe that the target of the 
electronic surveillance is a foreign power or an agent of 
a foreign power. 
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Electronic Surveillance 


UNCLASSIFIED 
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= Outside the United States 
m U.S. person 
m Governed by FISA and E.O. 12333; or 
= Approval under exigent circumstances exception 
m Non-U.S. person: governed by Title | or Section 702 


= Emergency situations: Attorney General approval 


= Technical Surveillance Countermeasures (TSCM) 


m Applies to the use of electronic equipment and specialized 
techniques to determine the existence and capability of 
electronic surveillance equipment being used by persons 
not authorized to conduct electronic surveillance. 
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a Concealed Monitoring 
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= Defined as the following: 
m Hidden electronic, optical, or mechanical devices, 
= to monitor a particular person or a group of persons, 
without consent, 
= ina surreptitious manner, 
m over a period of time, and 
= no reasonable expectation of privacy 


m Examples 


= Video monitoring or sound recording of a subject in a place 
where he or she has no reasonable expectation of privacy 
if conducted over a period of time 


m Taking one photograph of a subject would not qualify 
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Procedure 6, 
Concealed Monitoring 


YZ 
+ 
m Scope 


= Any person inside the United States, or 
= Any U.S. person outside the United States 


UNCLASSIFIED 


æ Procedures 
m In the United States 
m On DoD facilities 
a Outside DoD facilities, after coordination with the FBI 


m Outside the United States 
= On DoD facilities 


= Outside DoD facilities must be coordinated with the CIA, and 
appropriate host country officials in accordance with any 
applicable SOFA or other international agreement. 
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Y " Procedure 6, 
dy Concealed Monitoring 


m Approval: AFOSI/CC or delegee (new) 


m The following criteria must be met: 

m There is no reasonable expectation of privacy; 

m Such monitoring is necessary to conduct an assigned Cl 
function; 

m A trespass will not be necessary to effect the monitoring; 
and 

m The monitoring is not subject to Procedure 5 (DoDM 
5240.01, 3.6.c.(3)) 
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Physical Searches 


UNCLASSIFIED 


Z 
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= Scope: Applies to nonconsensual physical 
searches in the United States and of U.S. 
persons/property outside the United States. 


= Defined: Any intrusion on a person or property that 
would require a warrant for law enforcement 
purposes. 

= Does not include examinations of 

= Areas that are in plain view; 

Publicly available information; 

Abandoned property in a public place; 

Items where we have consent; and 


Government property pursuant to Military Rule of Evidence 
314(d) 
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Procedure 7, 
Physical Searches 


UNCLASSIFIED 
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= Active duty 
m Approval: Attorney General (AG) or FISC (new) 


= Other persons inside the United States 
= We may NOT conduct searches of other persons 
m We may request the FBI to conduct such a search 


= Other U.S. persons outside the United States 
m The search is for an authorized foreign intelligence or CI 
purpose; 
m The search is appropriately coordinated with the CIA; and 
u The FISC or the AG has authorized the search 


= Who can request 


a SecDef, DSD, USD(I); SecAF; USecAF; DIRNSA/CHCSS; Director, DIA; 
Director, NGA; or Director, NRO 
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UNCLASSIFIED 


e ) Procedure 8, 
d Mail Searches and Cover 


a Mail searches 
m See Procedure 7 


= Mail cover 
m in U.S. postal service channels, request the USPS IAW 39 
CFR 233.3(e)(2) 
= In foreign postal channels, may request a mail cover for 
mail that is to or from a U.S. person consistent foreign law 
and any applicable SOFA 
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Procedure 9, 
Physical Surveillance 


UNCLASSIFIED 


= Who can we surveil in the United States: 
æ Military service members; 
m Present or former military or civilian employees of a DIC; 
m Present or former contractors of a DIC; 
w Present or former employees of such a contractor; 
m Applicants for such employment or contracting; 
= Non-U.S. persons (new); and 
m Other persons 
a “when detailed to the FBI, or 
m when operating under FBI authorities." 


m Outside of the United States 
u “Any U.S. person... for an authorized foreign intelligence 


or Cl purpose” (DoDM 5240.01, para. 3.9.c.(2)(a)) 
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Procedure 9, 
Physical Surveillance 


UNCLASSIFIED 


= Scope 
m Any person inside the United States or any U.S. person 
outside the United States. 


m Also applies to any devices used to observe the subject of 
the surveillance (not Procedure 6). 


m Defined 
= Deliberate and continuous observation of a person, and 
m Where the person has no reasonable expectation of privacy 


= Does not apply to surveillance detection or counter 
surveillance used to detect and elude foreign physical 
surveillance 
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Procedure 9, 
Physical Surveillance 


UNCLASSIFIED 


m Approval and coordination 
m Approval: AFOSI/CC or delegee 
m Coordination 
= In the United States 


m No coordination req'd for surveillance of active duty, on- 
base 


= FBI coord for off-base surveillance 

= FBI coord for surveillance on-base, non-active duty 
= Outside the United States 

= CIA coord for off-base surveillance 

= Consider with SOFA and foreign law/policy 
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&, ~~ Procedure 1 0, 
Undisclosed Participation (UDP) 


m Scope: Governs the participation by an defense IC and 
anyone acting on behalf of an IC, e.g., sources, in any 
organization in the United States or any organization 
outside the United States that constitutes a U.S. person. 


u Organization defined 
m Anassociation of two or more individuals formed for any 
lawful purpose whose existence is formalized in some manner 
m Includes those that meet and communicate through the use of 
technologies 
m Participation defined 
m When a person is tasked or asked to participate in an 
organization for the benefit of the DIC 
m Actions undertaken "for the benefit of" a DIC may include 
collecting information, identifying potential sources or 
contacts, or establishing or maintaining cover. 
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Y ~~ Procedure 10, 
d Undisclosed Participation (UDP) 


= Exclusions 
= Personal participation 
= Voluntarily provided information 


= Publicly available information on the Internet 
= Collection of publicly available information on the Internet in a 
way that does not require a person to provide identifying 
information (such as an email address) as a condition of 
access and does not involve communication with a human 
being 


= Approval level depends on the activity 
x No specific level of approval 
m AFOSI/CC or delegee 
m AFOSI/CC or single delegee 
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& " Procedure 10, 
$$ Undisclosed Participation (UDP) 


= Standards for review and approval: 


= The potential benefits to national security outweigh any 
adverse impact on civil liberties or privacy of U.S. persons; 

a The proposed UDP complies with the limitations on UDP; 
and 

m The proposed UDP is the least intrusive means feasible 
and conforms to the requirements of Procedure 2. 


UNCLASSIFIED 
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UNCLASSIFIED 


m UDP requiring no specific level of approval 

m Education or training 

m Cover Activities: Participation in an organization solely for 
the purpose of obtaining or renewing membership status in 
accordance with DoD cover policy 

m Published or posted information: Participation in an 
organization whose membership is open to the public 
solely for the purpose of obtaining information published 
or posted by the organization or its members and generally 
available to members; must not involve elicitation. 


m Public forums: Employment affiliation not required and no 
elicitation of USPI; and 


m Foreign entity 
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& i ~~ Procedure 10, 
d Undisclosed Participation (UDP) 


= UDP That May Be Approved by a Component Head 
or Delegee 
m Non-U.S. persons as potential sources of assistance 


m Public forums: employment affiliation required or 
elicitation of USPI may be authorized 

m Cover activities beyond obtaining or renewing membership 
for the purpose of maintaining or enhancing cover 

= U.S. person organizations outside the United States 
involving participation from or about a non-U.S. person 
located outside the United States. 
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Y ^ Procedure 10, 


» 


i d Undisclosed Participation (UDP) 


m UDP That May Be Approved by a Component Head 
or a Single Delegee 


m To conduct authorized Cl activities not otherwise 
addressed in or outside the United States, after required 
coordination with the FBI or CIA. 


= To collect information inside the United States necessary 
to identify a U.S. person as a potential source of assistance 
to foreign intelligence or Cl activities. 

= To collect information outside the United States necessary 
to assess a U.S. person as a potential source of assistance 
to foreign intelligence or CI activities. 
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Topics Covered 


m DoDM 5240.01 Overview 


m DoDM 5240.01 Procedures 

Proc 2, Collection 

Proc 3, Retention 

Proc 4, Dissemination 

Proc 5, Electronic Surveillance 
Proc 6, Concealed Monitor 

Proc 7, Physical Search 

Proc 8, Mail Search/Cover 

Proc 9, Physical Surveillance 

Proc 10, Undisclosed Participation 


m JA Checklist 


UNCLASSIFIED Eyes of the Eagle 
Page 1/2 of 3957 


Page 1/3 of 3957 


UNCLASSIFIED 


Call Your Attorney 


Primary POC 
J.D., LLM. 


Chief, National Security Law 
(bX6). (b) 7) C) 


NIPR:[ibxeXbx7xC) ——— Ious.af.mil 
SIPR:[*xoxbx7« — — ]|eiv9mail.smil.mil 
JWICS:[bxoxbx7x ——[gat.i 


Alternate POC 
Maj[exsxib cr — ] 
Deputy SJA 

NIPR: 
SIPR: 
JWICS: 


(bX 6) by 7XC) 
OSI/JA Main Line 
(bx 6). (b) 7YC) 
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: 149, 152-155 
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Scenario 


= You are stationed in Los Angeles, CA and tasked to surveii a 
military member suspected of providing classified information 
to a foreign power. You observe the member meeting with a 
known Chinese IO, driving a black Jeep Wrangler. While 
observing the meet you see a second individual, an unknown 
white male, with closely shaven hair approach the vehicle. in 
your reporting of the event can you: 

* Identify the primary subject? 

« identify the Jeep Wrangler? 

« Describe the second individual? 

» What is the assumption of citizenship 
on the second individual? 
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Scenario 


m You are grabbing a pint at Murphy's pub. You run 
into an old co-worker who is now an FBI agent. He 
states he heard you are working on a big Ukrainian 
FIS case. He wants to know if you can share 
information with him. 


= Can you?? 


- 
Tae. 


Sw. 
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Points of Contact 
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Agenda 


m Significance of Executive Order 12333 
m Key Sections 
m History 
m Today 


m Counterintelligence v. Law Enforcement 
m Definition 
m Assigned Missions (E.O. 12333) 


a Ci Jurisdiction and UCMJ 
m Personal and Subject Matter 
m Article 31(b) 
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p Other relevant provisions 
ww of EO 12333 


m E.O. 1.4—Role of the iC 
m Collect and provide information needed by the President 
= Collect information on int'l terrorism, proliferation of WMD 
= Analyze, produce, and disseminate intelligence 


m Conduct research, development, and procurement of 
technical systems and devices for the IC 


m Protect the security of intel related activities, information, 
installations, property, and empioyees 


gm E.O. 1.10—Roles of the DoD 


m The Secretary of Defense shali *collect (including through 
clandestine means), analyze, produce, and disseminate 
information and intelligence in response to tasking by the 
DNI and to execute SecDef's responsibilities 
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Our Mission per the 
President, E.O. 12333 


a E.O. 12333, 1.7(f) Intelligence Community Elements: ARMY, NAVY, AIR 
FORCE, AND USMC. 


= The Commanders and heads of the intelligence and counterintelligence 
elements shall: 


(i) Collect (including through clandestine means), produce, analyze and 
disseminate defense and defense-related intelligence and 
counterintelligence to support departmental! requirements, and, as 
appropriate, national requirements; 

(2 Conduct counterintelligence activities; 


(3) Monitor the development, procurement, and management of tactical 
intelligence systems and equipment and conduct related 
research,development, and test and evaluation activities; and 

(4) Conduct military intelligence liaison relationships and military 


intelligence exchange programs with selected cooperative foreign 
defense establishments and international organizations 
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Counterintelligence 
Defined 


Counterintelligence means information gathered and 


activities conducted to identify, deceive, exploit, 
disrupt, or protect against espionage, other 
intelligence activities, sabotage, or assassinations 
conducted for or on behalf of foreign powers, 
organizations, or persons, or their agents, or 
international terrorist organizations or activities. 


-- EO 12333, 3.5(a) 
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Counterterrorism 
Defined 


Counterterrorism is the activities and operations 
taken to neutralize terrorists and their organizations 
and networks in order to render them incapable of 
using violence to instiil fear and coerce governments 
or societies to achieve their goals 


== Joint Publication 3-26 “Counterterrorism,” 24 Oct 2014 


= FBI is lead for ali CT cases in the US 
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A Very Brief History... 


UMS. 


m Spying is one of the oldest professions 


m General George Washington noted during the War of 
independence “it was the British spies he feared the most." 


m Today's laws and policies are the direct result of 
unfettered intelligence collection by DoD, FBI and CIA in 
the 1960s and 1970s. 


m Physical surveillance of public figures involved with the anti- 
Vietnam war and civil rights protests, e.g., MLK 


m Mail openings 
m Break-ins of the offices, vehicles and houses of U.S. persons 
m Undisclosed participation on university campuses 
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Unfettered Intelligence 
Collection 


In September 1963, 
Attorney General 
Robert Kennedy gave 
permission to the FBI 
to break into Dr. Martin 
Luther King's 

home and install 
listening Devices. 
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The result? 


m The Church and Pike congressional committees found 
the IC lacked policy on how to conduct it's mission in 
regards to U.S. persons 

=» Recommended “reining” in Executive Branch powers in using 
intelligence elements against U.S. persons 


m Created the Permanent Select Committee on Intelligence 
(Senate) and the Congressional Committee on intelligence 


m The Foreign Intelligence Surveiilance Act was enacted 
in 1978 


m Before Congress passed legislation to correct this 
deficiency, E.O. 11905 was signed, which was later 
replaced by E.O. 12333 (standing E.O. on Intelligence 
Oversight) 


12 


Eyes of the Eagle 


Page 188 of 3957 


Page 189 of 3957 


Current Concerns 


m Continued desire of the U.S. government to ensure Intelligence 
Community personnel do not engage in activities which are illegal or 
that violate the rights of U.S. or other persons 

m Patriot Act renewal (renamed USA Freedom Ací) 


= "The legislation we're considering proposes major changes to some of 
our nation's most fundamental and necessary counter-terrorism 
tools.” Senate Majority Leader Mitch McConnell, R-Kent 


m DoDM 5240.01, 18 August 2016 -- NEW 


m Areas of concern for the intelligence community: 
m Bulk data collection and databases 
= Insider Threat 
= Security Screening / Network Monitoring / Cyber activities 
= Mission Creep 
Use of UAVs 
The Internet 
Others? 
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Cl and LE Authorities 


LE 
US Constitution US Constitution 
Executive Order 12333 DoDD 5200.27 - (U.S. Person) 
| DoDM 5240.01 (Procs 1-10) DoDI O-5505.09 - (Intercept 
DoD 5240.1-R (Procs 11-15) Program) 
FISA (50 U.S.C. 8 § 1801 etseq) | 18 U.S.C. 8 82701-2711 (ECPA- 
(National Security/Bank Letters) Electronic Communications Privacy 


- 18 U.S.C. 8 2709 (FBI only) | Act) 
- 15 U.S.C. 8 1681v (DoD) 18 U.S.C. 8 8 3121-27 (Pen/Trap 


-12 U.S.C. 8 3414 (FBI/DoD) | Statute ) 
- 50 U.S.C. 8 3162 (FBI/DoD- |18 U.S.C. 8 8 2510-2522 (Wiretap 


travel records also available) | Statute) 


Eyes of the Eagle 


Page 190 of 3957 


Page I91of 3957 


Cl and Criminal 
Investigations 


= Sister Services are inherently different (due to 
make-up and missions) 


m Army Cl: Conducted solely by Intel professionals (No LE 
authority) 


m Navy Cl: Conducted solely by NCIS Agents (dual CLE 
authorities) 


m AF Cl: Conducted solely by AFOSI Agents (dual CILE 
authorities) 


m USD(i) Policy controls Cl investigations to include 
use of physical surveillance and other specialized 
collection techniques 
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Practice Points 


m A CI investigation may transition to more LE 
methodology and techniques once charges are 
identified 


m The approval authorities for some specialized 
collection techniques are lower for LE cases 
(physical surveillance and mail covers) and vice 
versa (oral wire intercepts) 
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Who can we investigate? 


DoD Cl Investigative Jurisdiction (of the Person) 


CONUS 
m Active Duty Military 


m Retired Military, Active or Inactive Reserve, Member of 
Nationa! Guard if suspected offense occurred when subject 
was in Title 10 status 


OCONUS : 
m AD and DoD civilians and dependents 
m DoD contractors or family members (Coor'd with CIA/FBI) 


m Retired personne! and other foreign nationals (Coor'd with 
FBI/CIA) 
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What can we investigate? 


DoD Cl Investigative Jurisdiction (subject matter) 


Ci Investigative Jurisdiction (Subject Matter) 

Espionage, Treason, Spying, Subversion, Sedition 

FIS directed sabotage 

Cl aspects of terrorism 

Cl aspects of assassination or incapacitation of personnel 
Suicide/ AWOL of personnel with access/ clearance 

Cl aspects of polygraph exams/ refusals 

Cl aspects of unofficial travel or foreign contacts 

Ci aspects of Insider Threat 
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Article 31(b), UCMJ 


» Article 31(b) advice sounds a lot like Miranda except 
the military suspect is told what crime(s) they are 
suspected of committing. 


Also, military members receive the warnings, not 
only when they're in custody, but anytime they're 
officially questioned by someone who believes they 
have committed a criminal offense. 


Article 31(b) advice is an attempt to dispel the 
inherent compulsion a service member might feel to 
answer questions during interrogations by military 
superiors. 
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Agenda, Part 2 


m E.O. 12333 
u DoDM 5240.01 


m Definitions (USPI, collection, 
retention and dissemination) 


m Procedure 2 
m Procedure 3 
m Procedure 4 
m Scenarios 
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Part Il of EO 12333 


“[T]o provide for the effective 
conduct of intelligence activities 
and the protection of constitutional 
rights..." -- EO 12333, Preamble 
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EO 12333, section 2.3 


m Elements of the Intelligence Community are 
authorized to collect, retain, or disseminate 
information concerning United States persons only 
in accordance with procedures established by the 
head of the Intelligence Community element 
concerned or by the head of a department 
containing such element and approved by the 
Atiorney General, consistent with the authorities 
provided by Part 1 of this Order, after consultation 
with the Director. 
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Who is LE m Maia 


isi 

m" PVC Pane ME Phy 

US citizen | PA CURE VE AES MSAN 

= Lawful permanent M 
resident alien de mE " | 

« Unincorporated association substantially composed of US 
citizens or permanent resident aliens 

a Corporation incorporated in the US, except for a 
corporation directed and controlled by a foreign 
government 

= NOTE: A person or organization outside the US shall be 
presumed not to be a USP unless specific information to 
the contrary is obtained 

* Foreign national! married to a U.S. servicemember? 


Pied AA ue Y: de W^ T" 
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What is U.S. Person 
Information (USPI)? 


9 
1 


um Information that is reasonably likely to identify one 
or more specific U.S. persons. 


m May require a case-by-case assessment by a trained 
intelligence professional. 


a May include names or unique titles; government- 
associated personal or corporate identification 
numbers; unique biometric records; financiai 
information; and street address, telephone number, 
and internet Protocol address info. 


m Does not include: 


m A reference to a product by brand or manufacturer's name 
in a descriptive sense, e.g., Boeing 737 
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Basic Principles 


m The rules permit CI investigations & operations targeting 
US persons, but must follow specific procedures 
m Do not infringe the constitutional rights of 
US persons 
m Protect privacy rights of persons entitled 
to protection 


m Rights to which a person is entitled depends | 
on status and location 


m Perform a lawfully assigned function 
m Employ least intrusive techniques 


u If conducted in the US or directed against a 
US person 


= Comply with regulatory requirements 
= Review and approval requirements 
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Okay, but how 
can we do it? 


w DoDM 5240.01 and DoD 5240.1-R apply to activities of DoD 
Intelligence Components 


DoDM 5240.01 (8 Aug 2016) 


m Procedures 2 - 4: Authority to collect, retain, and disseminate 
United States person information (USPI) 


m Procedures 5 - 10: Guidance for specialized techniques to collect 
foreign intelligence and counterintelligence 


DoD 5240.01-R (7 Dec 1982) m3 
= Procedures 11-15 govern other aspects of — "UU vex 
DoD intel activities, including the oversight — .— ^. 


[IL 


of such activities. — 
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Procedure 2, 
Collection of USPERS Info 


m Rule 1: You may intentionally collect USPI only if the 
information sought is reasonably believed to be necessary for 
the performance of an authorized intelligence mission or 
function, and if the USPI falis within one of the 13 categories 


a Collection = Information is collected when it is received 
whether or not it is retained for inteiligence or other purposes. 


m Regardless of when you use it 
a Computers can collect 
m Intel is collected only once 


m Must use LEAST INTRUSIVE MEANS as are practicable when 
collecting USPI 
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Procedure 2, 
Reasonable Belief 


m When the facts and circumstances are such that a 
reasonable person would hold the belief. 


m Must rest on facts and circumstances that can be 
articulated 


m Hunches or intuitions are not sufficient. 


m= Can be based on experience, training, and 
knowledge of foreign intelligence or C! activities as 
applied to particular facts and circumstances. 
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Procedure 2, 
13 Collection Categories 


1. Publicly Available 8. Persons in Contact With 
2. Consent Sources or Potentiai 

3. Foreign Intelligence (Fl) Sources 

4. Counterintelligence (CI) 9. Personne! Security 

5. Threats to Safety 10. Physical Security 

6. 11. Communications Security 


Protection of 
Sources/Methods 12. Overhead and Airborne 


Current, Former, or OQDIIEOENNITUS 
Potential Sources 13. Administrative Purposes 


A 
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Procedure 2, 
13 Collection Categories 


1. Publicly Available 
= Not the same as OSINT 


2. Consent 
m implied consent: The legal advisor will determine whether a notice or 
policy is adequate and lawful, before the Component takes or refrains from 
taking action on the basis of implied consent. 


3. Foreign intelligence 

m (a)Anindividual reasonably believed to be an officer or employee of, or otherwise 
acting on behalf of, a foreign power; 

wm (b) An organization or group reasonably believed to be directly or indirectly owned or 
controlled by, or acting on behalf of, a foreign power; 

m (c)Anindividual, organization, or group reasonably believed to be engaged in or 
preparing to engage in international terrorist or international narcotics activities; 

m (d) An individual, organization, or group who is a target, hostage, or victim of an 
international terrorist or international narcotics organization. 
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Procedure 2, 
13 Collection Categories 


4. Counterinteiligence 


m The information is reasonably believed to constitute Cl and 
the U.S. person is one of the following: 


(a) An individual, organization, or group reasonably believed to be engaged in 
or preparing to engage in espionage, other intelligence activities, sabotage, 
or assassination on behalf of a foreign power, organization, or person, or on 
behalf of an agent of a foreign power, organization, or person; 

(b) An individual, organization, or group reasonably believed to be engaged in 
or preparing to engage in international terrorist activities; 

(c) An individual, organization, or group reasonabiy believed to be acting for, or 
in furtherance of, the goals or objectives of an international terrorist or 
international terrorist organization, for purposes harmful to the national 
security of the United States; or 

(d) Àn individual, organization, or group in contact with a person described 
above for the purpose of identifying such individual, organization, or group 
and assessing any relationship with the person described therein. 
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Procedure 2, 
13 Collection Categories 


5. Threats to Sate 


m Information needed to protect the safety of any person or organization, 
including those who are targets, victims, or hostages of international 
terrorist organizations, if: 

(a The threat has a foreign connection; 
(D Component head or delegee has determined that a person's life or physical 
safety is reasonably believed to be in imminent danger; or 


(co) The information is needed to maintain maritime or aeronautical safety of 
navigation. 


6. Protection of Intelligence Sources, Methods, and Activities 


m The information is about U.S. persons who have access to, had access to, will have 
access to, or are otherwise in possession of information that reveals foreign 
intelligence or Cl sources, methods, or activities, when collection is reasonably 
believed necessary to protect against the unauthorized disclosure of such 
information. 
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Procedure 2, 
` 13 Collection Categories 


7. Current, Former, or Potential Sources of Assistance 


m The information is about those who are or have been sources of 
information or assistance, or are reasonably believed to be potential 
sources of information or assistance, io intelligence activities for the 
purpose of assessing their suitability or credibility. 


8. Persons in Contact with Sources or Potential Sources 


m The information is about persons in contact with sources or potential 
sources, for the purpose of assessing the suitability or credibility of such 
sources or potential sources. 


9. Personnel Security 


m The information is arising from a lawful personnel security investigation. 


10. Physical Security 

= The information is about U.S. persons reasonably believed to have a foreign 
connection and who pose a threat to the physical security of DoD personnel, 
installations, operations, or visitors 

m Must have or be supporting an authorized hyeri security mission and must be 
able to articulate a reasonable belief in both the foreign connection of the U.S. 
persons who are collection targets and the physical security threat they pose 
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Procedure 2, 
13 Collection Categories 


11. Communications Security investigation 


m The information is arising from a lawful communications security 
investigation 


12. Overhead and Airborne Reconnaissance 


m May intentionally collect imagery that contains USPI provided that the 
collection is not directed at a specific U.S. person or, if the collection is 
directed at a specific U.S. person, the collection falls in one of the other 12 
categories 


m includes information obtained from unmanned aircraft systems 


13. Administrative Purposes 
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Procedure 2, 
Least Intrusive Means 


m Least Intrusive Means 
m Use the least intrusive collection techniques feasible within 
the United States or when directed against a U.S. person 
abroad. 


m Publicly available sources or with the consent of the person 
concerned 


m. Cooperating sources 


m Techniques that do not require a judicial warrant or AG 
approval 


= Techniques that do require a judicial warrant or AG approval 
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Procedure 2, 
Other 


m Special Circumstances Collection — BIG DATA 
= Defense Intelligence Components wil! consider whether 
collection opportunities raise special circumstances based 
on the volume, proportion, and sensitivity of the USPI 
likely to be acquired, and the intrusiveness of the methods 
used to collect the information 


m Amount of Information Collected 
m In collecting non-publicly available USPI, to the 
extent practicable, collect no more information than 
is reasonably necessary 
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Threshold Questions 


E. 


m Are we collecting? 
m Does the collection concern USPI? 


= Does the collection fall within assigned mission/ 
function? 


m Does the information collected fall within one of the 
13 permissible categories? 


m Are you using the least intrusive method? 


= Consider the following collection “formula”: 
Mission + Reasonable Basis + Procedure = Collection 
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T à Procedure 3, 
b Retention 


m Permanent retention standard 


m Retention is reasonably believed to be necessary for the 
performance of an authorized intelligence mission; and 
m The information was lawfully collected or disseminated to 
the Component 
m Meets one of the 13 collection categories; or 


m Is necessary to understand or assess Cl, e.g., information 
about a U.S. person that provides important background or 
context for Cl. 
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Procedure 3, 
Retention 


m Three primary evaiuation periods to determine 
permanent retention of USPI 
m Promptly 
m Five (5) years 
m Twenty-five (25) years 


m Intentional Collection of USPI 
m Must be evaluated promptly; and 


m If necessary, may retain the information for evaluation for 
up to 5 years, subject to extension 
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Procedure 3, 
Retention 


w incidental Collection of USP! 

m Defined: collection of USPI that is not deliberately sought, 
but is nonetheless collected 

m Person in the United States, may retain all of the 
incidentally collected information for evaluation for up to 5 
years, unless extended 

m Person outside the United States, may retain al! of the 
incidentally collected information for evaluation for up to 
25 years 


m Voluntarily Provided USPI 


m About a U.S. person, evaluate the information promptly, up 
to 5 years, unless extended. 


m About a non-U.S. person, evaluation for up to 25 years 
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Procedure 3, 
Retention 


a Unintelligible information 


m The time periods begin when the information is 
processed into intelligible form 


m includes information that a Component cannot decrypt or 
understand in the original format. 


m To the extent practicable, unintelligible information will be 
processed into an inteiligible form. 


m Textin a foreign language is considered intelligible 


# Deletion of information 


m Unless the standards for permanent retention are met, 
must delete all USPI from the Component’s automated 
systems of records 
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Procedure 4, 
Dissemination 


m We may disseminate USPI based upon the following 
criteria: 
m Any person or entity: !nformation is publicly available or U.S. 
person has consented to the dissemination. 
m Other intelligence community elements 
m Other DoD elements; federal government entities; state, local, 
tribal, or territoria! governments: recipient is reasonably 
believed to have a need to receive such information for the 
performance of its lawful missions or functions. 
m Foreign governments or international organizations 
m Recipient is reasonably believed to have a need to receive such 
information for its lawful missions or functions; and 
= Disclosure is consistent with applicable international agreements 
and foreign disclosure policy 
m Protective Purposes: Necessary to protect the safety or 
security of persons or property, or to protect against or prevent 
a crime or threat to the national! security 
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Agenda, Part 3 


ug Special Collection Procedures 
Procedure 5 — Electronic Surveillance 
Procedure 6 — Concealed Monitoring 
Procedure 7 — Physical Search 
Procedure 8 — Mail Covers 

Procedure 9 — Physical Surveillance 
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Procedure 5, 
Electronic Surveillance 


u Implements FISA and E.O. 12333 


u Defined 


m The installation or use of any monitoring device in the 
United States where a person has a reasonable expectation 
of privacy, as determined by the legal advisor, and 


m A warrant would be required for law enforcement purposes. 


m Fourth Amendment 


m Ail electronic surveillance must comply with the Fourth 
Amendment 

m The legal advisor is required to assess the reasonableness 
of collection, retention, and dissemination 
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Reasonable Expectation 
of Privacy 


m Reasonable expectation of privacy (REP) 
m Cana person have a REP in a government office? 
m REP if a person has a private office with locked door? 
= Does a person in a public street ordinarily have a REP? 
m A person in their vehicle on public roads? A private garage? 
a Generally, no expectation of privacy in... 
Bank records (NSL) 
Public activities 
Garbage left at the curb, abandoned property 
Handwriting 
Smell of luggage 


m Legal advisor needs the facts from the field re: REP 
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Procedure 5, 
Electronic Surveillance 


gm in the United States: 


m Attorney General or the Foreign !ntelligence Surveillance 
Court (FISC) may authorize, except for emergency 
situations 


= May only conduct such surveillance if both: 


= A significant purpose of the electronic surveillance is to obtain 
foreign intelligence information; and 

a There is probable cause to believe that the target of the 
electronic surveillance is a foreign power or an agent of a 
foreign power 
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Procedure 5, 
Electronic Surveillance 


m Outside the United States: 
m U.S. person 
=» Governed by FISA and E.O. 12333; or 
« Approval under exigent circumstances exception 
m Non-U.S. person: governed by Title i or Section 702 


m Emergency situations: Attorney General approval 


m Technicai Surveillance Countermeasures (TSCM) 


m Applies to the use of electronic equipment and specialized 
techniques to determine the existence and capability of 
electronic surveillance equipment being used by persons 
not authorized to conduct electronic surveillance 
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FISA 


m Ensure you are written into the FISA request: 

m Make sure your personnel are authorized, within the 
request to receive FISA info, and that your equipment is 
authorized to be used as part of FISA coilection. 

m Dissemination of FISA derived information must 
include the caveat that use in any criminal 
proceeding requires prior approva! from the AG. 
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UNCLASSIFIED//FOUO 


Procedure 6, 
Concealed Monitoring 


m Defined as the following: 

Hidden electronic, optical, or mechanical devices, 

to monitor a particular person or a group of persons, 
without consent, 

in a surreptitious manner, 

over a period of time, and 

no reasonable expectation of privacy 


m Examples 


m Video monitoring or sound recording of a subject in a place 
where he or she has no reasonable expectation of privacy 
if conducted over a period of time 


m Taking one photograph of a subject would not qualify 
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Procedure 6, 
Concealed Monitoring 


m Scope: Proc 6 applies to the following: 
m Any person inside the United States, and 
m Any U.S. person outside the United States 


m With the appropriate approval and coordination, we 
may conduct concealed monitoring... 
= In the United States 
= On DoD facilities 
m Outside DoD facilities after coordination with the FB! 
m Outside the United States 
= On DoD facilities 


= Outside DoD facilities must be coordinated with the CIA, and 
appropriate host country officials in accordance with any 
applicable SOFA or other international agreement 
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Procedure 6, 
Concealed Monitoring 


m Approval: Component head or delegee 
m Component lega! is required to determine whether the 
following criteria have been met: 
m There is no reasonable expectation of privacy; 


m Such monitoring is necessary to conduct an assigned Ci 
function; 


m A trespass will not be necessary to effect the monitoring; 
and 


m The monitoring is not subject to Procedure 5 
m For more on trespass, see U.S. v. Jones, Sup. Ct. (2012) 


w Physical attachment of GPS tracking device on vehicle to 
monitor its movement is a trespass/search under Fourth 
Amendment 
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Procedure 7, 
Physical Searches 


m Scope: Applies to nonconsensual physical searches in 
the United States and of U.S. persons/property outside the 
United States 


m Defined: Any intrusion on a person or property that would 
- require a warrant for law enforcement purposes 
m Does not include examinations of the following: 


m Areas that are in plain view and visible to the unaided eye if 
there is no physical trespass; 


Publicly available information; 
Abandoned property in a public place; 
Items where we have consent; and 


Government property pursuant to Military Rule of Evidence 
314(d) 
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Procedure 7, 
Physical Searches 


m Approval Required 


m Search of active duty: Attorney General or Foreign 
Intelligence Surveillance Court 
m Search of other persons inside the United States 
s We may NOT conduct searches of other persons in the U.S. 
u We may request the FSI to conduct such searches 
m Other U.S. persons outside the United States 
u The search is for an authorized Cl purpose; 
m The search is appropriately coordinated with the CIA; and 
= The FISC or the Attorney General has authorized the search. 


= Who may request: SecDef, DSD, USD(l); SecAF; USecAF; 
DIRNSA/CHCSS; Director, DIA; Director, NGA; or Director, 
NRO 
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Procedure 8, 
Mail Searches and Cover 


m Mail Searches 
m See Procedure 7 


m Mail cover, e.g., examination of envelope 
m in U.S. postal service channels, request the USPS [AW 39 
CFR 233.3(e}(2) 
m In foreign postal channels, may request a mail cover for 
mail that is to or from a U.S. person consistent foreign law 
and any applicable SOFA 
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am Procedure 8, 
Maii Searches and Cover 


m Any National Security mail cover request must be 
approved personally by the head of the law 
enforcement agency or intelligence component 
requesting the cover or the one designee at the 
agency’s headquarters 


m Original signed copy is forwarded to Chief 
Postal Inspector 


= Postal has cleared facilities, request/justification 
must be specific to case details 
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Procedure 9, 
Physical Surveillance : 


u Who can we surveil in the United States: 

Military service members; 

Present or former military or civilian employees of a DIC; 
Present or former contractors of a DIC; 

Present or former employees of such a contractor; 
Applicants for such employment or contracting; 

m Non-U.S. persons; and 


m Other persons, "when detailed to the FBI or when operating 
under FBI authorities.” 


Eyes of the Eagle 


Page 235 of 3957 


Page 236 of 3957 


Procedure 9, 
Physical Surveillance 


m Scope 


m Any person inside the United States or any U.S. person 
outside the United States 


m Applies to any devices used to observe the subject of the 
surveillance (not Procedure 6) 


m Defined 
m Deliberate and continuous observation of a person, and 
m Where the person has no reasonable expectation of privacy 


m Does not apply to surveillance detection or counter 
surveillance used to detect and elude foreign physical 
surveillance 
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The offices within the Department of 
Defense for the collection of specialized 
national foreign intelligence through 
reconnaissance programs. 

= The Assistant Chief of Staff for 
Intelligence, Army General Staff. 


The Office of Naval Intelligence. 

The Assistant Chief of Staff, intelligence, 
U. S. Air Force. 

m The Army Intelligence and Security 
Command. 


m The Naval Intelligence Command. 
m The Naval Security Group Command. 
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DoD Intelligence 
Components 


The Director of Intelligence, U.S. Marine Corps. 
The Air Force intelligence Service. 

The Electronic Security Command, U.S. Air 
Force. 

The counterintelligence elements of the Naval 
Investigative Service. 

The counterintelligence elements of the Air 
Force Office of Special Investigations. 

The 650th Military Intelligence Group, SHAPE. 
Other organizations, staffs, and offices, when 
used for foreign intelligence or 
counterintelligence activities to which part 2 of 
E.O. 12333 (reference (a)), applies, provided 
that the heads of such organizations, staffs, and 
offices shall not be considered as heads of DoD 
intelligence components for purposes of this 
Regulation. 
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Procedure 9, 
Physica! Surveillance 


m Approval and coordination 
m Approval: Component head or delegee 
m Coordination 
= in the United States 
m No coord req'd for on-base surveillance of active duty 
= FBI coord for all off-base surveillance 
= FBI coord for on-base surveillance of non-active duty 
= Outside the United States 
m CIA for off-base surveillance 
um Consider with SOFA and foreign law/policy 


Eyes of the Eagle 


Page 238 of 3957 


Page 239 of 3957 


Procedure 10, 
Undisclosed Participation 


e$ 


m Scope: Governs the participation by DiCs and anyone acting 
on behalf of a DIC, e.g., sources, in any organizaticn in the 
United States or any organization outside the United States 
that constitutes a U.S. person. 


m Organization defined 
m An association of two or more individuals formed for any lawful 
purpose whose existence is formalized in some manner 
m includes those that meet and communicate through the use of 
technologies 
m Participation defined 
m When a person is tasked or asked to participate in an organization 
for the benefit of the DIC 
= Actions undertaken “for the benefit of’ a DIC may include 
collecting information, identifying potential sources or contacts, 
or establishing or maintaining cover. 
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- Procedure 10, 
RS Undisclosed Participation 


m Exclusions 
m Personal participation 
m Voiuntarily provided information 
m Publicly available information on the internet 


« Collection of publicly available information on the internet in a 
way that does not require a person to provide identifying 
information (such as an email address) as a condition of 


access and does not involve communication with a human 
being 


w Approval level depends on the activity--see below 
w No specific level of approval (NOT no approval) 
= Component head or delegee 


E Component head or single delegee 
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VI Procedure 10, 
b ; Undisclosed Participation 


a UDP requiring no specific level of approval 
m Education or training 
m Cover Activities: Participation in an organization solely for the 
purpose of obtaining or renewing membership status in 
accordance with DoD cover policy 


m Published or posted information: Participation in an 
organization whose membership is open to the public solely for 
the purpose of obtaining information published or posted by the 
organization or its members and generaily available to 


members; must not involve elicitation. 


= Public forums: yan! alae affiliation not req'd and no 
elicitation of USPI; an 


m Persian entity: Participation in an organization that is an entity 
openly acknowledged by a foreign government to be directed or 


operated by that foreign government or is reasonably believed 
to be acting on behalf of a foreign power, and the organization is 
reasonably believed to consist primarily of individuals who are 
non-U.S. persons. 
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Procedure 10, 
Undisclosed Participation 


a UDP That May Be Approved by a component head or 
delegee 
m Non-U.S. persons as potential sources of assistance 


m Public forums: employment affiliation required or elicitation 
of USPI may be authorized 


m Cover activities: beyond obtaining or renewing membership 
for the purpose of maintaining or enhancing cover 

m U.S. person organizations outside the United States: 
involving participation from or about a non-U.S. person 
located outside the United States 
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Procedure 10, 
Undisclosed Participation 


= UDP That May Be Approved by a Defense 
Intelligence Component Head or a Single Delegee 


m To conduct authorized Ci activities not otherwise 
addressed in or outside the United States, after required 
coordination with the FBI or CIA. 


m To collect information inside the United States necessary 
to identify a U.S. person as a potential source of assistance 
to foreign intelligence or Cl activities. 

m To collect information outside the United States necessary 
to assess a U.S. person as a potential source of assistance 
to foreign intelligence or Cl activities 
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Procedure 10, 
Undisclosed Participation 


m Standards for review and approval: approving 
official must make the following determinations: 


m The potential benefits to national security outweigh any 
adverse impact on civil liberties or privacy of U.S. persons 

m ihe proposed UDP complies with the limitations on UDP; 
and 

m The proposed UDP is the least intrusive means feasible 
and conforms to the requirements of Procedure 2 
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g ) UDP Online/ Social 
E4 Networking Sites 


m Undisclosed Participation is applicable in the 
CYBER world... 


m Is the website an organization/USP? Look to facts: 
m Primarily US users 
m Location of the server 
m incorporation 
m Website content 
m Language used 
m Richard Shriffin memo 


m Other matters 
m Cover Pian? 
m De-confliction? 
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Agenda, Part 4 


m Additional Legal Authorities / Special Collection 
m Bank and National Security Letters 
= Right to Financial Privacy Act (12 USC 83401) 
m Fair Credit Reporting Act (15 USC §1681(v)) 
m Requests by Authorized Investigative Agencies (50 SUSC 3162) 


a FBI Request for Telephone Toll and Transactional Records (18 
USC 82709) 


m DoD IG Subpoena 


m Electronic Communications Privacy Act (ECPA), 18 USC 
$2701 


m Computer Trespasser Exception, 18 USC §2511(2)(i) 
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National Security Letters 
(NSLs) 


m Several Federal statutes authorize intelligence 
officials to request certain business record 
information in connection with nationa! security 
investigations. 


m Prospects of continued NSL use is dimming 


= What Congress gives, Congress can take away, but 
for now..... 
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M Summary: Types of NSLs 


um Financial Information - Bank Letter (12 USC 3414) 

m Non-compulsory for DoD 
m FBi has authority to compel per para (a)(5){A) 

m Credit Reporting Agency Letter (15 USC 1681v) 
= Compulsory — 
m international terrorism only 

m Security Clearance Investigations (50 USC 3162) 
m Requires consent; check SF 86 Paperwork! 
m Gets you Bank Records, Credit Reports and Travel Records 
m Compulsory 

m Telephone and Toll Records/ISP (18 USC 2709) 
m Available only to the FBI 
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NSL - Bank Letter, 12 
USC § 3414 


m What type of records? 
& Any record held by a financial institution pertaining to a 
customer's relationship with the financial institution 
m Customer need not be the target of the investigation 
m Financia! institutions broadly defined 
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NSL - Bank Letter, 12 
USC § 3414 


From whom can we request? No 

m Bank ALES 

m Savings bank card issuer 

= Industrial loan company a Pawn broker 

m Trust company NS am Insurance Company 

= Savings association USAN a U.S. Postal Service 

m Building and loan, or homesteau = Dealer in jewels and 
“al (including cooperative precious stones 


= Credit union > x m Travel Agency 


m Consumer finance institution oh = Vehicle sales 


2S 
- 


m Broker registered w/ SEC m!» Casinos 
uo u Persons involved w/ 


4. real estate closings 
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NSL - Credit Reporting 
Agency, 15 USC $1681v 


a What type of records? 


m Customer credit reports and al! other customer records 


= Who can we compel to provide? 
m Consumer Reporting Agencies EQUIFAX 


Á 
experian 
m When? 
m Must be related to Internationa! Terrorism 


nsinmnion 


78 
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NSL - Security Clearance 
Investigations, 50 USC § 3162 


a What type of records? 


a Financial records RC 
LIN any il ile 
m Records pertaining to travel outside the U.S. Cie 


ane 
: PE ANSEPEEB | 
rmt tttm rie 


= Who can we request from? 
m Financial Institutions 
m Credit reporting agencies | 
= Commercial entities within the U.S. with records refl ay 
travel outside the U.S. M 


79 
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NSL - Security Clearance 
Investigations, 50 USC § 3162 


m TARGET 
m Executive Branch Employee 
mg Who as a condition of access to classified information 
m Provided consent (during background investigation) 


m fora period of not more than 3 years thereafter to financial and travel 
records; 
AND 


Reasonable grounds to believe that the target 
m is or may be disclosing classified info in an unauthorized 
manner to a foreign power or agent of a foreign power 
Or 
m has incurred excessive indebtedness or has acquired a level 
of affluence which cannot be explained by other info; 
Or 
m had the capability and opportunity to disclose 
classified info which is known to have been 
lost or compromised to a foreign power or 
agent of a foreign power 


MT oot 
= arse VS 
LN Lr ard « AN 
YES a ew. MES 
i isl s eed -r 
ia 
— 


Eyes of the Eagle 


Page 254 of 3957 


Page 255 of 3957 


NSL Summary Chart 


NSL Statute 


Addressee 


Certifying 
officials 


Information 
covercd 


Standard! 
purpose 


Profile of the Current NSL Statutes 
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DoD IG Subpoena 


= DoD IG Subpoenas may be used to Support Non- 
Fraud related investiaations when 


m There is sufficient DoD nexus to the crime at issue to 
warrant the DoD IG's involvement in the investigation 
= Meaning (1) Agency must have investigative authority for the 
crime under investigation and (2) if the investigation is being 
conducted jointly the DoD entity must be designated the “lead 
investigative organization" and 
m The particular crime at issue of such a nature and/or such 
concern to DoD as to warrant the DoD IG's involvement in 
the investigation 
m Terrorism, Espionage, Agent for Foreign Government, Spies, 
Aiding the enemy are among the 25 delineated crimes 
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DoD IG Subpoena 


gm Documents and instructions available on DoD iG 
Website at 


http://www.dodig.mil/Programs/Subpoena/subpoena. 
html 
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Brhanisms for Acquiring ISP 


m Request FBI pursue an NSL for Telephone Toll and 
Transactional Records, IAW 18 USC 2709 


m This option is NOT availabie to DoD entities in unilateral 
cases 

m Provides Subscriber Data and toll billing records, along 
with electronic comm transactional records 


m 18 USC 2703 offers several mechanisms that a 
government entity may use to compel disclosure 
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Electronic Communications 
Privacy Act (ECPA) 


= BLUF: USGOV can't access emails, data logs or 
subscriber data with nothing in hand 


m ECPA governs information stored on Public Internet 
Service Providers (ISPs) and on Public Networks 
m Fewer requirements for private networks, such as DoD’s 
m Plus, we obtain consent through Banner/User 
Agreement/IA Training 
m General rule for ECPA: it is uniawfui to access, 
obtain, alter or prevent access to wire or eiectronic 
communications while in storage by a prov?dex.c 
such communications services 


Eyes of the Eagle 


Page 259 of 3957 


Page 260 of 3957 


t 
© 
= 
Oo 
- 
© 
E: 
E 
3 
d) 
a 
O 
L 


Eyes of the Eagle 


Page 260 of 3957 


Page 261of 3957 


vA 


#5” 


Preservation Letters 


u If contemplating action under ECPA the first step is 
to PRESERVE the stored comms/data 

= Requirement to preserve records or evidence in the 
ISP’s possession pending the issuance of court 
order or other process for 90 days (additional 90 
day extension is available) per 18 USC 2703(f) 

m How to identify the ISP POC: 


m http://www.copyright.gov/onlinesp/list/a agents.htm! 
(Service Provider's agents for notification of claims of 


copyright infringement) 
m http://www.search.org/resources/isp-list/ 
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Computer Trespasser Exception, 
18 USC $2511(2)(i) 


au Live monitoring of Internet/network communication 
is lawful provided the four (4) criteria are met: 

m 1. The owner or operator of the protected computer must 
authorize the interception of a trespasser's 
communications. 

m 2. The person intercepting the communication must be 
lawfully engaged in an ongoing investigation. 

m 3. The person intercepting the communication must have 
reasonable grounds to believe that the contents of the 
communications to be intercepted wiil be relevant to the 
ongoing investigation. 

m 4. The monitoring must be configured so that it only 
intercepts the trespasser's communications. 
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Agenda 


m Material Support to Terrorism (MST) Statutes (18 
USC §§ 2339A and 2339B) 
= Protection of Defense Information 
= 18 USC 8793 - 18 USC $798 
m 18 U.S.C. 81924 
m Classification Reviews and CIPA 
m Sanctions 
m TWEA and IEEPA (Dept of Treasury) 
m Export Control 
m International Traffic in Arms Regulations (Dept of State) 
m Office of Foreign Assets and Control (Dept of Commerce) 
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Material Support to 
Terrorists (MST) Statutes 


a “Material support" includes almost any kind of 
support for blacklisted groups; including 
humanitarian aid, training, expert advice, "services" 
in almost any form, and political advocacy. 


m intent to further the illegal activities of the terrorist 
organization (presumption that any contribution to a 
terrorist organization furthers or facilitates criminal 
activity) 


m 18 USC § 2339A Providing material support to 
terrorists 


u 18 U.S.C. S 2339B Providing material support to 
designated foreign terrorist organizations 
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E B) ust Applicability to You 


m The term “whoever” within the statute 
and legislative history includes “government 
actors" 
m Ensure you and your assets are covered! 
m This can be a timely approval process so plan accordingly 


f 

m Each Agency has its own | 
= Approval policy 

= Lethal Aide 

æ Coordination with DOJ 

1 
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Protection of Defense 
Information (18 USC 793-798) 


m it all started with the Espionage Act of 1917 


m it originally prohibited any attempt to interfere with military 
operations, to support U.S. enemies during wartime, to 
promote insubordination in the military, or to interfere with 
military recruitment. 

m Passed along with the Trading with the Enemy Act 

m Espionage Act was based on the Defense Secrets Act of 
1911, especially the notions of obtaining or delivering 
information relating to "national defense" to a person who 
was not "entitied to have it" 
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Statutes 


m 18 USC S 793 - Gathering, transmitting or losing 
defense information 

= 18 USC S 794 - Gathering or delivering defense 
information to aid foreign government 

m 18 USC S 795 - Photographing and sketching 
defense installations 

m 18 USC § 796 - Use of aircraft for photographing 
defense installations 

m 18 USC S 797 - Publication and saie of photographs 
of defense installations 


m 18 USC S 798 - Disclosure of classified information 
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Use of Classified 
Information in Court 


m For these types of cases you wili need the 
compromised information reviewed for an 
evaluation of harm to national defense if released 
and approval for use in charging/ tria! 


m This will be a timely and occasionally an “emotional” 
experience 


m Prior to 2015, DoJ was requiring SECRET or above to 
charge 
um Classified Information Protection Act (CIPA) and 
MRE Rule 505 provide for protection of the 
classified information during court proceedings 


m False Flag Operations 
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tions and Export Controls 


m The principal statutes underpinning U.S. sanctions and 
embargos are administered by the Department of the 
Treasury: 

= The Trading With the Enemy Act (TV/EA) 
m International Emergency Economic Powers Act (IEEPA) 


These sanctions are further codified by: 


m Office of Foreign Assets and Control (Department of 
Commerce) 


= Arms Export Control Act via International Traffic in Arms 
Regulations (Department of State) 
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Sanctions: IEEPA (50 
USC §§1701-1707) 


m Authorizes the POTUS to regulate commerce with 
certain persons/countries after declaring a nationai 
emergency in response to an unusual and 
extraordinary threat from a foreign source. 

m Country or designated nationals list 
Non-Proliferation Sanctions 
Counter Terrorism Sanctions 
Counter Narcotic Sanctions 
Transnational Criminal Orgs É- -E 


= Administered by Dep't of Treasury 
m Restrictions apply to all U.S. persons and entities... 
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Sanctions: Office of Foreign 
Assets and Conirol (OFAC) 


m OFAC administers a number of different sanctions 
programs. The sanctions can be either 
comprehensive or selective, using the blocking of 
assets and trade restrictions to accomplish foreign 
policy and national security goals 

um OFAC oversees, imposes penalties pursuant to, and 
grants licenses to permit activities covered by U.S. 
sanctions. 

m Fines for violations: $50K to $100K 
and imprisonment from 10 £o 30 
yrs for willful violations. 
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OFAC Licenses 


m There are two types of licenses: 


m A general license authorizes a particular type of transaction 
for a class of persons without the need to appiy for a 
license. 


m A specific license is a written document issued by OFAC to 
a particular person or entity, authorizing a particular 
transaction in response to a written license application. 
m Persons engaging in transactions pursuant to 
general or specific licenses must make sure that all 
conditions of the licenses are strictly observed. 
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Arms Export Control Act 
(Inter’l Traffic in Arms Regs) 


m Administered by the Department of State 


m 22 USC 82778 of the Arms Export Control Act 
(AECA) provides the authority to control the export 
of defense articles and services 


m Executive Order 11958, as amended, delegated this 
statutory authority to the Secretary of State. 


m international Traffic in Arms Regs (ITAR) 
implements this authority 
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ITAR (22 USC $2778) 


= Ail U.S. manufacturers, exporters, and brokers of 
defense articles, defense services, or related 
technical data, as defined on the USML, are required 
to register with U.S. Department of State 

a A foreign person is any person who is not a lawful 
permanent resident of the U.S. and inciudes foreign 
governments and organizations 


(byob 7 KC) 
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ITAR Exceptions 


a ITAR does not apply to information related to 
general scientific, mathematical or engineering 
principles that is commonly taught in schools and 
colleges or information that is (legitimately) in the 
public domain 


m Each agency has own procedures and approvals for 
dealing with ITAR controlled items. 
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One last chance to meet 


your attorneys! 
m NCIS 
gm AFOSI 
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GPS Trackers and 
Transponders 


m U.S. v. Jones, January 2012 Supreme Court Ruling 


m Physical attachment of GPS tracking device to 
monitor a vehicle is a trespass/ search 


m Result for DoD? 
m Must use FISA or Procedure 7 — 
m Physical search authority 
m You will need to be able to 
m provide probable cause... 
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Cognitive-Emotional Conflict 


Adversary Will and Social Resilience 


By Linton Wells II 


oday's information sharing tools let adversaries interfere more directly than ever with a targeted 

nation's political processes and the minds of its citizens.' Operating effectively in such "cogni- 

tive-emotional conflict" requires that information-based capabilities be employed and countered 
in agile, integrated ways across the military, government, and society." Coherent narratives tied to strategy 
and backed by actions are important.? Technical cyberspace activities need to be well-coordinated with 
content-based approaches like military information operations, government-wide messaging, and intel- 
ligence gathering (including all forms of security).‘ Even more important is to build a society's resilience 
against persistent, disruptive, or disinformation campaigns that aim to undermine citizen confidence and 
core beliefs. 

The need for effective messaging is nothing new—targeting the minds of opposing leaders and the morale 
of their forces has been central to warfare from time immemorial. Historically, galvanizing public opinion in 
democracies usually has taken dramatic acts, from the Boston Massacre, to Pearl Harbor, to 9/11. Less dra- 
matically, waning public opinion led President Bush to the Surge in Iraq, and President Obama to adjust his 
approach in Afghanistan. Activists today, however, have much more direct access to growing numbers of citi- 
zens, either to advocate for positions, muddy the waters of public opinion with alternative facts and fake news, 
or leak secrets to wide audiences. Empowered individuals and small groups can leverage media to enhance 
their impact by ensuring their asymmetric actions against people, societal structures, or military forces are 
much more widely disseminated. Some information activities will involve cyberspace operations, while some 
will involve more traditional information means. In any case, government communication tools such as press 
releases, white papers, web posts, or even leadership speeches rarely are effective counters to these information 
flows, especially when poorly coordinated. 

The US. military and intelligence communities are starting to integrate their capabilities better, but imple- 
menting whole-of-government approaches is proving much harder owing to diverse interests, capabilities, and 
understandings of the information environment. Strengthening society’s overall resilience to such campaigns is 


Dr. Linton Wells Il is a Visiting Distinguished Research Fellow at National Defense University. A retired U.S. Navy officer 
with more than five decades of public service, Dr. Wells served as Deputy Under Secretary of Defense and twice as 
Principal Deputy Assistant Secretary of Defense. 
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even more difficult, and also more important. A vari- 
ety of reasons, from lack of trust to lack of capability, 
make it hard for most Western governments to craft 
and promote effective resilience campaigns. That 
said, transparency ultimately is a powerful asset, and 
where checks and balances, horizontal information 
flows, and citizen engagement exists, societies can 
adapt and become more resilient to cognitive-emo- 
tional attacks. However, the Strategic Multi-Layer 
Assessment (SMA) and others are doing important 
work on fake news inoculation and enhancing pop- 
ulation resilience, as well as the use of neuroscience 
to help understand subconscious decisionmaking.‘ 
Positive steps to reframe and refocus arguments can 
be used to counter disinformation campaign tactics.’ 


The Continuum of Conflict 


Where does cognitive-emotional conflict fit into the 
broader continuum of conflict that exists today? First 
one must define the continuum. Strategist Frank 
Hoffman at National Defense University defines this 
as measures ranging from “short of armed conflict” 
to “major theater war.” The spectrum includes an 
“unconventional and special warfare” category that 
cuts across the entire continuum of violence.’ Most of 


FIGURE 1: Continuum of Conflict. 
A 


Low 


Probability 


Measures Short 
of Armed Conflict 


the conflicts today fall into the blue and green zones 
identified in Figure 1. 


Measures Short of Armed Conflict 


A proposed definition is the employment of covert 
or illegal activities that are below the threshold of 
violence. This includes disruption of order, politi- 
cal subversion of government or non-governmental 
organizations, psychological operations, abuse of 
jurisprudence, and financial corruption as part ofan 
integrated design to achieve strategic advantage.” 


Irregular Warfare and Terrorism 


Existing U.S. doctrine defines irregular warfare 

as a “violent struggle among state and non-state 
actors for legitimacy and influence over the relevant 
populations.”" Irregular warfare is characterized 

by indirect and asymmetric approaches that avoid 
direct and risky confrontations with strong forces.” 
Irregular warfare may include criminal activity and/ 
or terrorism. 


Hybrid Threats 


Hoffman defines this group as the “tailored vio- 
lent application of advanced conventional military 


Irregular Warfare 


Terrorism 
Higher S 
Low Level of Violence High 
LEE Unconventional and Special Warfare 


6 | FEATURES 


Page 281of 3957 


PRISM 7, NO.2 


Page 282 of 3957 


capabilities with irregular tactics, or combination of 
forces during armed conflict.” 


Theories of Conflict and Resilience 


War is “an act of force to compel the enemy to do 
your will"—fair enough, but a complementary for- 
mulation is “... supreme excellence [in war] consists 
in breaking the enemy’s resistance without fight- 
ing.” Within the continuum of conflict, breaking 
the resistance of both civilian and military adversar- 
ies without fighting major wars is an increasingly 
common objective. 

Key arguments in this area were introduced by 
John Arquilla and David Ronfeldt in their 1993 arti- 
cle “Cyberwar is Coming!" 5 that first introduced the 
concept of "cyberwar"— "the idea that the vulnera- 
bility of communications could cripple an advanced 
army” by “disrupting, if not destroying, informa- 
tion and communication systems...on which an 
adversary relies in order to know itself...'*5 Cyberwar 
has proven hard to define, and is not included in 
the official U.S. military lexicon, but “cyberspace 
operations” are, and they are associated with pow- 
erful technical components, usually considered to 
be offensive cyberspace operations (OCO), defen- 
sive cyberspace operations (DCO), and computer 
network exploitation (CNE)." Such operations can 
impact most conflicts, but often they have been 
treated as technical capabilities injected from a par- 
allel, networked universe, rather than integrated as 
part of an overall campaign. However, Arquilla's and 
Ronfeldt's seminal 1993 article not only discussed 
how the information age is altering the nature of all 
conflict, but also introduced the concept of “netwar” 
in which actors seek to “disrupt, damage, or modify 
what a target population knows or thinks it knows 
about the world around it.”"* Today cyberspace 
operations closely relate to cyberwar with potential 
impacts on military systems, critical infrastructures, 
etc., while netwar is increasingly relevant to the cog- 
nitive and emotional disruption of societies. 
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Worldwide, hundreds of billions of dollars are 
spent to defeat enemies on high-intensity bat- 
tlefields. Such capabilities are necessary, but 
insufficient. A variety of cognitive-emotional 
campaigns are underway, from sustained efforts to 
undermine respect for liberal democratic values, 
to initiatives to establish new geopolitical "facts" 
in East Asian waters. Those suggest that the center 
of gravity for at least some conflicts is shifting 
away from military forces toward the political 
processes, thought leaders, and social media of 
the targeted populations. Rather than inciting a 
population to take a particular action, as the leak of 
the Zimmerman telegram did in accelerating the 
U.S. entry into World War I, campaigns today often 
seek to fragment citizen opinions and disrupt belief 
systems. The ultimate resilience ofa nation or an 
alliance lies in the minds of its citizens who today 
are under persistent pressure. 

There are many definitions of resilience, the best of 
which include proactive pre-crisis preparations and 
risk mitigation, effective incident management, and 
leveraging whatever shocks occur to build back better, 
as probability scholar Nassim Taleb advocates in his 
work, Anti-Fragile: Things That Gain From Disorder.” 
The Rockefeller Foundation defines resilience as: 


The capacity of individuals, communities and 
systems to survive, adapt, and grow in the face 
of stress and shocks, and even transform when 
conditions require it. Building resilience is about 
making people, communities and systems better 
prepared to withstand catastrophic events—both 
natural and manmade—and able to bounce 
back more quickly and emerge stronger from 
these shocks and stresses.” 


The summary of resilience should therefore 
move from “bounce back” to “be prepared to 
bounce forward better.”” How to strengthen the 
resilience of societies deserves more attention in 
conflict studies. 
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Cognitive-Emotional Conflict 


Continued, long-term campaigns of disruption, 
perception management, and deception sow confu- 
sion and undercut values and convictions.? These 
campaigns are but one element of cognitive-emo- 
tional conflict. Many of their components are not 
new. They involve violence and the threat of vio- 
lence, integrating kinetic and non-kinetic elements 
in ways that would be fully understood by Sun Tzu, 
Clausewitz, or John Boyd. 

The American way of war historically has 
favored kinetic approaches in environments that 
clearly distinguish between combat and non-com- 
bat, where "one side distinctively wins while the 
other distinctively loses.” Violent action and its 
connection to policy have long been at the heart 
of Western military thought, but there also are 
complementary strategies. Sun Tzu did not clearly 
delineate between a state of peace and war, though 
violence and the threat of violence were part of 
his conception of statesmanship.” He did empha- 
size the importance of deception, perhaps since it 
helped the leader to “flow” between various states 
of conflict. Twentieth century military strategist 
John Boyd later addressed both the offensive and 
defensive sides of cognitive approaches, noting that 
strategy should “magnify and augment our inner 
spirit and strength" while swaying the uncommit- 
ted. It should also *isolate adversaries from their 
allies...[and from] one another, in order to magnify 
their internal friction, produce paralysis, bring 
about their collapse...so that they can no longer 
inhibit our vitality and growth.” 

Information-based acts in cognitive conflict draw 
on many tools to "confuse, befuddle, discourage, 
confound, depress, deny, destroy, degrade, disrupt, 
usurp, corrupt, deter/dissuade, disconnect, cost-im- 
pose, dispose, convey weakness or worse, engender 
fear (or respect), herd/vector in desired direction 
and generally negatively impact on victims’/adver- 
saries' ability to see, know, understand, command/ 
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control/access his own means, decide, act and be 
confident of his/her posture, processes or destiny... 
[These] actions will likely be applied around critical 
times.”” Clearly they have been employed before in 
high-intensity wars (the deception operations sur- 
rounding Normandy), other armed conflicts (direct 
adversary messaging to populations during the 
Vietnam War and the First Intifada), and in mea- 
sures short of armed conflict (propaganda and false 
news to undermine the legitimacy of governments 
or belief systems). 

What is new today is the ease by which mod- 
ern communications allow adversaries to bypass 
military forces, borders, and alliances to magnify 
their voices in the minds of our people, our adver- 
saries, the uncommitted, and our allies. Since 
experiencing disappointing results in Chechnya 
in the 1990s the Russians have been refining their 
"information-psychological" capabilities, which 
approximate the goals of netwar.? Parts of China's 
"three [unconventional] warfares" relate to efforts to 
implement “political work." As future cyberspace 
activities evolve to destroy physical systems more 
effectively or disrupt essential services, they provide 
other ways to undercut the confidence of people in 
their governments. 

There is an ample theoretical basis, and a range 
of operational capabilities, to support a portfolio 
of cognitive-emotional strategies, from offensive 
ones to influence opponents, to persuasive ones 
to encourage neutrality, to defensive ones to build 
cohesion. This is broader than a cognitive-emo- 
tional campaign in the military sense since key 
parts fall outside military control. Cognitive- 
emotional conflict is: 


A struggle to affect the thoughts and values of 
people at all levels of an opponent's organization 
and society, using technical and other informa- 
tional means, while preserving the resilience of 
one’s own organizations and society, and attract- 
ing the uncommitted. 
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Within this struggle of understanding an adver- 
sary's conscious and unconscious perceptions is the 
recognition that the process of creating actions to 
shape perceptions will be iterative. The next step is 
creating and highlighting mismatches in percep- 
tions and using them as weaponized information 
to target the mind of the adversary and related 
populations.? Since it is impossible to understand 
perfectly how an adversary's perceptions can be 
shaped, messages will need to be tested continuously 
for effectiveness and adapted. Cognitive-emotional 
conflict thus extends across the entire continuum of 
conflict, as shown in Figure 2. 


U.S. Advantages and Disadvantages in 
Cognitive-Emotional Conflict 

Daunting as the military challenges may be, there 
are two greater problems: first, how to address 
coordination beyond the Department of Defense 
(DOD) in a whole-of-government framework? And 
then, how to move beyond government to achieve 
the kind of “whole-of-society” resilience that the 
nation, and its alliance partners, will need to face the 
coming cognitive-emotional challenges? The United 
States starts with a number of advantages, but also 
serious weaknesses. 


COGNITIVE-EMOTIONAL CONFLICT 


U.S. Advantages in Cognitive-Emotional Conflict 
Military/Government Levels 


DOD and the Intelligence Community (IC) have 
exceptional technical cyber capabilities across the 
full range of OCO, DCO, and CNE as well as many 
of the non-cyber disciplines, to include electronic 
warfare, operational deception, space, and com- 
mand and control. Additionally, Special Operations 
Forces and parts ofthe cyber community can adapt 
quickly to emerging technology and changing cir- 
cumstances. The U.S. hacking community also is 
more integrated into the cybersecurity community 
than in many other countries, partnering through 
programs like "bugs for bounty" and hackathons. 


National Levels 

Our diverse population and relatively open system is 
able to adapt in complex, uncertain environments. 
Many studies suggest that closed systems begin to 
lose their adaptability under adversity, and even- 
tually come to be at risk of survival. Such closure 
can occur either through top down direction (such 
as isolating a national internet), or a self-selecting 
series of actions, such as choosing only reinforc- 
ing information sources (echo chambers) that limit 
understanding of a rapidly evolving environment. 


FIGURE 2: Cognitive-Emotional Conflict Extends Across the Entire Continuum of Conflict. 
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Former Dean of Princeton's Woodrow Wilson 
School of Public and International Affairs, Anne 
Marie Slaughter, observed in 2009 that the United 
States ought to have significant advantages in a net- 
worked world that derive from the heterogeneity of 
its population, its geographic location, a horizontal 
social structure, and a culture of entrepreneurship 
and innovation.” 


In a networked world, the United States has 
the potential to be the most connected coun- 
try...If it pursues the right policies, the United 
States has the capacity and the cultural capital 
to reinvent itself. 


The United States possesses the checks and bal- 
ances, diversity, and feedback loops, and is resilient 
enough to absorb lessons, learn from them, and 
adapt. A key is to recognize that "the antidote to net- 
war poison is active transparency," however painful 
and disruptive that may be to implement.” 


U.S. Disadvantages in Cognitive Conflict 

The exceptional increases anticipated in science 
and technology capabilities during the next 15 
years will have social impacts as well as operational 
and strategic ones. Many technology fields such as 
biotech, robotics, information, nanotech, energy, 
and additive manufacturing are rapidly changing 
in parallel. These issues affect the winners and 
losers in society, the way nations interact, and the 
way our children think. They raise questions for 
policymakers, ambassadors, commanders, not just 
technical specialists. Technological changes, and 
their interactions, need to be considered as strate- 
gic variables in national security planning, but they 
rarely are today.^ 


Military/Government Levels 


The United States and its allies, are not organized, 
trained, and equipped to be agile and effective in 
cognitive-emotional conflicts today.” U.S. military 
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strengths and doctrine have been aligned more with 
conventional kinetic conflict than with nuanced 
cognitive-emotional approaches. Achieving inte- 
grated effects at strategic, operational, and even 
tactical levels is complicated by the way the U.S. now 
separates cyberspace operations, military informa- 
tion support operations (MISO), intelligence, civil 
affairs, and related fields into discrete disciplines 
with distinctive organizations, personnel systems, 
and operational concepts. Though they often are 
intended to be mutually supporting, campaigns in 
each of these areas now may not interact as much as 
they should to produce integrated effects. Often they 
are executed at very different levels of classification 
by skilled operators who are doing their best, but 
who may be largely unaware of each other's needs 
and accomplishments. 

The problem is compounded by how critical 
information flows increasingly are outside the 
government's control—for example, products of 
geographic information systems (GIS) from sources 
like commercial satellite imagery and unmanned 
systems—aerial, ground, and underwater. These 
are augmented by an explosion of new sensors, 
from smart phones to augmented reality devices, to 
the Internet of Things. Finally there is the volume, 
velocity, veracity, and value of information (IV4) 
produced by the 24/7 news cycle, amplified and 
accelerated by social media. 


National Level 


Most Americans do not recognize the threats posed 
by cognitive-emotional conflicts and weaponized 
information. Despite the nation's diversity, most 
Americans are poorly equipped, through language 
skills or cultural awareness, to engage deeply in for- 
eign cultures." This can make it hard to recognize 
that different nation states have different views of con- 
cepts such as soft power.** For example, Russia thinks 
of soft power as everything short of outright war 
(deception, fake news, etc.), while the United States 
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often views soft power as something that attracts 
people to American ideals.? Such differences make 
it hard to project, or counter, narratives effectively 

in foreign environments; particularly given how the 
United States has cognitive-emotional conflict needs 
that extend globally, but few of our allies can execute 
cognitive campaigns beyond regional levels. 

The United States thus far has given insufficient 
attention to crafting and disseminating compelling 
narratives that shape perceptions. We have allowed 
our once exceptional capabilities for cognitive-emo- 
tional conflict—e.g. in the information campaigns 
of World War II and the activities of organizations 
like the U.S. Information Agency during the Cold 
War—to atrophy, and we lack a consistent national 
narrative to tell our story. Additionally, U.S. practi- 
tioners are bound by asymmetric legal, moral, and 
ethical constraints that often keep them from being 
agile enough to compete effectively with skilled 
adversaries in the realm of social media. This admit- 
tedly is a complex problem for any open, democratic 
society that does not perceive an existential threat." 

Consider how Russia’s state-owned news outlets 
routinely deliver government-sponsored messages 
that are increasingly being accepted as unbiased.“ 
And al-Qaeda in Iraq did not need to match U.S. 
armor or firepower. It only needed to record impro- 
vised explosive device (IED) attacks for broadcast 
to the world. It is much easier to kill one American 
and broadcast the video to millions than it is to try 
to kill ten thousand Americans in a combined arms 
maneuver campaign. Effective cognitive-emotional 
conflict amplifies small events to create effects in the 
adversary's mind. Daesh has leveraged these tech- 
niques through social media and has broadened its 
appeal to new regions such as Southeast Asia much 
more rapidly than expected.” 

US. practitioners of cognitive-emotional conflict 
need excellent situational awareness, supported by 
securely networked systems and processes with infor- 
mation flowing as freely as possible, even while trying 


PRISM 7, NO. 2 


Page 286 of 3957 


COGNITIVE-EMOTIONAL CONFLICT 


to disrupt and isolate adversary equivalents. The 
stovepipes among U.S. tools for cognitive-emotional 
conflict may be understandable, but they cannot 
deliver integrated effects. Other nations have fewer 
artificial restrictions. For example, the Russians, like 
the Soviets before them, do not separate the intelli- 
gence, operations, and communications functions, 
but rather refer to a more integrated “radio-electronic 
struggle,” which avoids many of the inefficiencies 
caused by divisions among personnel structures, 
doctrine, management, etc. These are part of 
whole-of-government approaches. 


Improving the Odds of Success in 
Cognitive-Emotional Conflict 


Some suggest that we are reaching the end of the 
post-World War II international security struc- 
ture, pressured by the challenges ofa risen China, 
the resurgence of Russia, worldwide migration, and 
terrorism, and the various national and transna- 
tional responses.? The emerging structure is not yet 
clear, but cognitive and emotional elements certainly 
will be part ofany follow-on conflicts. This section 
addresses the military, whole-of government, and 
societal actions that could help prepare for cogni- 
tive-emotional conflict in our changing world. 


Information as a Joint Warfare Function 


In July 2017, Chairman of the Joint Chiefs of Staff, 
General Joseph F. Dunford, Jr., approved the desig- 
nation of information as the seventh joint warfare 
function.“ This designation of information as the 
seventh joint warfare function opens up possibil- 
ities for coordination that are just now beginning 
to be examined. A strategy for "Operations in the 
Information Environment" (OIE) was issued almost 
one year prior, so there is a basis for considering the 
closer integration of cyber and content along the 
full spectrum of doctrine, organization, training, 
material, logistics, personnel, and facilities—better 
known as DOTMLPF. Other information-based 
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components that could benefit from closer integra- 
tion include but are not limited to: 


a Strategic communications; 


» electronic warfare, to include an electromagnetic 
pulse (EMP) attack; 


a kinetic and non-kinetic operations; 
a space and counter-space operations; 
a operational security (OPSEC); 


a military information support operations (MISO), 
a.k.a. PSYOPS; 


m covert action/propaganda; 
= controlled and uncontrolled leaks.5 


These activities involve different skill sets, agencies, 
armed services, and even organizational cultures, 
and should include the Intelligence Community. Half 
steps are unlikely to be effective but, at the same time, 
trying to eat the whole elephant at once is likely to be 
overwhelming. First steps should focus on cross-cut- 
ting approaches to a few problems to maximize 
prospects for near-term successes. On the personnel 
side, recognize that not everyone will be able to per- 
form well in this environment. Train and educate as 
broadly as possible, but focus on building a core team 
of exceptional practitioners. 

Already the U.S. Navy has combined its intelli- 
gence (N2) and communications (N6) functions 
into an Information Warfare corps. Could/should 
similar functions be included by other armed ser- 
vices to improve integration and agility? Ironically, 
the potential split of U.S. Cyber Command from 
the National Security Agency may complicate these 
efforts to breakdown stovepipes.'5 

Alternatively, some have suggested that a new 
"Joint Concept for Cognitive-Emotional Warfare" 
be developed to give the idea of cognitive-emotional 
conflict a larger role in the training, budgetary, 
and force structure processes. Given the ongoing 
developments, this probably is premature. The other 
activities should be allowed to mature. 
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Reshaping the Broader U.S. Government for 
Cognitive-Emotional Conflict 


The nation needs to convey, by all possible means, 
the narratives it seeks to represent it. Diplomacy— 
especially public diplomacy—is on the front line of 
this campaign, supported by aid programs, and the 
myriad of other messages the United States proj- 
ects on a daily basis. Executive Branch departments 
other than Defense and State have important roles to 
play, as does industry. 

The Department of Homeland Security (DHS), 
for example, is responsible for protecting the .gov 
domain and critical infrastructure. DHS has 
well-defined, whole-of-government management 
structures in-place for steady state and incident 
response activities." These structures require collab- 
oration with the private sector through mechanisms 
such as Information Sharing and Analysis Centers 
(ISACs) and Organizations (ISAOs), and response to 
a cyber incident could well be an important part ofa 
cognitive conflict campaign. 

Communications need to be aligned with strategy, 
which must be supported by both narrative and 
action.“ Distorted information in a disinformation 
campaign can be reframed, refocusing can counter 
distraction, reaffirmation can offset dismissive 
efforts, and reassurance can address information 
intended to dismay. 

Coordinating these activities is likely to be difficult, 
given the lack of an agreed U.S. national narrative 
at present, but it must be tried. Democracies have 
the added challenge of using information legally 
and ethically within severe constraints, which 
often are strained in cognitive-emotional conflict. 
Decisionmakers have no right to be wrong. 


Increasing National Resilience against 
Cognitive-Emotional Conflict 

Government action alone is unlikely to resolve key 
societal issues, given countervailing moral, legal, 
and ethical interpretations, as well as suspicions 
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ofthe government in many quarters. For example, 
legal and privacy concerns are critical elements of a 
democratic society, and they need thorough vetting, 
even though this may impede rapid action on cyber- 
security issues. Impassioned policy discussions over 
security and privacy have existed since the begin- 
ning of the internet, and doubtless will continue in 
new directions as technology continues to evolve. 
No one side has all the answers, but the debates are 
essential, and are a far better approach than top 
down unitary, directed solutions. 

Singapore has postulated a "total defense" con- 
cept involving military, civil, economic, social, and 
psychological components.^ It recognizes citizen 
participation as essential as connectivity increases 
and infrastructures become more interdepen- 
dent. Signs like "our diversity is our strength" are 
omnipresent across Singapore. Not every nation can 
match the tight integration of Singapore's popula- 
tion and their general trust in government. However, 
as noted earlier, nations that have strong systems 
of checks and balances, feedback loops, and open 
information flows have great sources of resilience. 
These should be nurtured, for they are the basis by 
which the nation can absorb cognitive-emotional 
attacks and adjust, over time, to the cognitive-emo- 
tional campaigns against them. 

At the same time, serious research is needed into 
the basis of, and limits to, societal resilience in a 
networked world, especially in democracies. For 
example, what will be the likely impacts on resil- 
ience of disruptions of services through cyberattacks 
on infrastructures? What differentiates a spirited 
divergence of views from unbridgeable divisions of 
worldview? In some cases, neuroscience may be able 
to provide insights. As these are being worked out, 
the critical importance of transparency remains. 
The adjustments are not likely to be quick, smooth, 
or painless, but they must happen, and represent one 
ofthe nation's greatest strengths in cognitive-emo- 
tional conflict. 
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Parting Thoughts 


Today's environment is particularly conducive to 
cognitive-emotional conflicts, owing to the rise of 
cyber interconnectedness and the range and reach 
of information sharing tools. There are billions of 
netizens and billions more will connect during the 
next few years. This level of connectedness accel- 
erates change and can disrupt many of the policy 
formulation mechanisms that are legacies of the 
industrial age, “When decision-makers had time 
to study a specific issue and develop the necessary 
response or appropriate regulatory framework.” 
Cognitive-emotional conflict thrives in this 
dynamic, interconnected environment, and the 
“weaponization of information” is one way that it 
can challenge the established order. Actions, both 
violent and non-violent, can be tailored for nearly 
instant network dissemination. The nimble player 
who can shape perceptions generally wins against 
slow and methodical one. 

Success in these sorts of contests requires the 
nimble, nuanced, and harmonized use, not only of 
all aspects of national power, but also of non-state 
and transnational instruments.” Strategy, narra- 
tive, and actions need to be aligned. Cyberspace 
operations need to be integrated with “other infor- 
mation-based attacks, defenses, or exploitations as a 
means for conveying influence, signaling, messag- 
ing, or executing strategic communications based 
on the information-based content itself"? All must 
be supported by intelligence attuned to each area. 
Decisionmakers and their staffs will need near- 
real-time situational awareness, yet with options 
that provide time for reflection. Parts of an engage- 
ment will proceed at machine speed with people 
“on-the-loop,” rather than “in-the-loop,” while 
other aspects will require nuanced cultural under- 
standing, sophisticated narratives, and human 
contact.“ Throughout, citizens must be informed 
in credible ways, amidst myriad countervailing 
information flows, many of them ill-informed at 


FEATURES | 13 


Page 289 of 3957 


WELLS 


best, and malicious at worst. Conspiracy theories 
abound, amplified by information “echo cham- 
bers.” No organization today—government or 
civilian—is prepared to deal with all these forces 
effectively in real-time. PRISM 
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Notes 


! This paper represents my personal views and does not 
reflect the opinions of National Defense University or the 
U.S. Government. It would not have been completed with- 
out major contributions by Maj Phillip Lere, USAF. Dr. 
Frank Hoffman, Dr. T.X. Hammes, and ADM William O. 
Studeman, USN (ret.), and Dr. Rebecca Goolsby provided 
invaluable insights. Any errors are my own. 

? Cognitive processes involve the acquisition and 
understanding of knowledge which, while important, 
are not sufficient to address the full scope of emotions 
targeted by today's information and disinformation 
campaigns. 

? Mark Laity, Director of Strategic Communications at 
NATOS Allied Command Operations (ACO) repeatedly 
made this point to a roundtable of senior Southeastern 
European (SEE) leaders on September 27, 2017. 

* Cognitive-emotional conflict is defined later in this 
article. Information Operations are defined in U.S. Joint 
Publication (JP) 3-13 as “the integrated employment, 
during military operations, of IRCs [information related 
capabilities] in concert with other lines of operations to 
influence, disrupt, corrupt, or usurp the decision making 
of adversaries and potential adversaries while protect- 
ing our own.” JP-3-13, November 27, 2012 incorporating 
Change 1, November 20, 2014, ix. This definition makes 
it clear that IO primarily applies to military operations, 
although the “in concert with other lines of effort” could 
tie into “whole-of-government,” or even “whole-of-so- 
ciety” conflicts. For more information see <http://dtic. 
mil/doctrine/new_pubs/jp3_13.pdf>. RAND notes IO 
and IW *... also known as influence operations, includes 
the collection of tactical information about an adversary 
as well as the dissemination of propaganda in pursuit of 
a competitive advantage over an opponent." For more 
information see <https://www.rand.org/topics/informa- 
tion-operations.html>. 

5 Resilience is defined later in this article. 

° From the SMA description: "The Strategic Multi- 
Layer Assessment (SMA) provides planning support to 
Commands with complex operational imperatives requir- 
ing multi-agency, multi-disciplinary solutions that are 
NOT within core Service/Agency competency. Solutions 
and participants are sought across USG and beyond. SMA 
is accepted and synchronized by the Joint Staff/J-39 Deputy 
Director for Global Operations (DDGO) and executed 
by the Deputy Assistant Secretary of Defense (DASD) for 
Emerging Challenges and Prototyping (EC&P). 

See, for example SMA Panel Discussion: Fake News 
Inoculation and Enhanced Population Resilience, a 
Department of State Perspective; Booklet July 6, 2017. 
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7 Dr. Rebecca Goolsby proposes four “Rs” (reframe, 
refocus, reaffirm and reassure) to counter the four “D”s of 
disinformation campaigns (distort, distract, dismiss, dis- 
may). Presentation to a roundtable of senior Southeastern 
European (SEE) leaders on September 26, 2017. 

* F.G. Hoffman, Exploring a Continuum of 
Contemporary Conflict, December 2016, unpublished. 

? Unconventional warfare (UW) is defined by U.S. 
doctrine as "activities conducted to enable a resistance 
movement or insurgency to coerce, disrupt, or over- 
throw an occupying power or government by operating 
through or with an underground, auxiliary, and guer- 
rilla force in a denied area." JP 3-14, Unconventional 
Warfare, September 2015. This mode of conflict is 
usually done covertly, with low signatures and lim- 
ited footprint, and conducted primarily by Special 
Operations forces. 

? Hoffman, working definition. In his formulation, 
"Measures Short of Armed Conflict" include so-called 
"gray zone" operations, which now are not clearly defined 
in doctrine. That said, others have provided working 
definitions of "gray zone activity" as “an adversary's 
purposeful use of single of multiple elements of power to 
achieve security objectives by way of activities that are 
typically ambiguous or cloud attribution, and exceed 
the threshold of ordinary competition, yet intention- 
ally fall below the level of open warfare." U.S. Strategic 
Multi-Level Assessment (SMA) Gray Zone Effort 
Update, February 2017, 1. Special Operations Command 
(SOCOM) has used “Competition Short of Armed 
Conflict” (CSAC) in lieu of MSAC, ibid, 3. 

" First established in the Joint Staff (J7) Irregular 
Warfare Joint Operating Concept, version 1.0, Washington 
D.C., September 11, 2007. 

? Irregular Warfare often is abbreviated IW, which is 
confusing in the context of this paper with Information 
Warfare. Accordingly, "IW" in this paper only refers to 
Information Warfare. 

5 Hoffman, 19. 

14 Carl Von. Clausewitz, On War, translated 
by Michael Howard and Peter Paret, Princeton 
University Press,1976, 75. Sun Tsu The Art of 
War, translated by Lionel Giles, Amazon Classics, 

2017, available at <https://www.amazon.com/Art- 
War-AmazonClassics-Sun-Tzu/dp/1542047528/ 
ref=sr_1_3?¢s=books&ie=UTF8 &qid=1502664791&s- 
r=1-3&keywords=art+oft+war>. This is a more nuanced 
formulation than what is sometimes translated as to 
“defeat an enemy without fighting is the acme of skill.” 

S John Arquilla and David Ronfeldt, “Cyberwar is 
Coming!,” Comparative Strategy, Volume 12, Number 
2 (1993): 144-46. Precise definition is used by Arquilla 
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in his interview with FRONTLINE on March 4, 2003, 
available at < http://www.pbs.org/wgbh/pages/frontline/ 
shows/cyberwar/interviews/arquilla.html>. 

6 Tbid,146. 

Cyber Operations, JP3-12(R), February 5, 2013,vii and 
I-3. 

? Cited in Robert Brose. “Cyber War, Netwar, and 
the Future of Cyberdefense" DNI, 2012 available at 
<https://www.dni.gov/files/documents/atf/Cyber%20 
War%20Netwar%20and%20the%20Future%200f%20 
Cyberdefense_Header.pdf>, 2-3, et. seq.(emphasis 
supplied). 

? John Arquilla and David Ronfeldt, “Cyberwar is 
Coming," Comparative Strategy, Vol 12, No 2 (1993), 

144. Cited in Robert Brose. "Cyber War, Netwar, 

and the Future of Cyberdefense,” 2012, available at 
<https://www.dni.gov/files/documents/atf/Cyber%20 
War%20Netwar%20and%20the%20Future%200f%20 
Cyberdefense_Header.pdf>, 2-3, et. seq. 

? Nassim Taleb, Anti-Fragile: Things That 
Gain from Disorder, 2014, available at <https:// 
www.amazon.com/dp/B0083DJWGO/ 
ref=dp-kindle-redirect?_encoding=UTF8&btkr=1>. 

? Rockerfeller Foundation, “Valuing the Resilience 
Dividend: A New Way Forward,” available at <https://www. 
rockefellerfoundation.org/our-work/topics/resilience/>. 

? Jam indebted to Dr. Dane Egli for his insights about 
this formulation. 

?5 A speaker in Singapore recently referred to this 
as “slow burn" threats that erode public unity and 
confidence: Lin Qinghui briefing at the Asia-Pacific 
Programme for Senior Military Officers (APPSMO), 
Singapore, August 8, 2017. 

24 CAPT Phil Kapusta, USN, in SMA “Panel Discussion 
on the Gray Zone in support of USSOCOM,” April 27, 
2017, 4. 

? Michael I. Handel, Masters of War: Classical Strategic 
Thought. London: Routledge, 3" edition, 2000. 

% Frans Osinga, Science, Strategy and War: the Strategic 
Theory of John Boyd. London: Routledge, 2007, 213. 

7 ADM William O. Studeman, USN (ret.) “Tutorial 
on Managing the Overlap Between and Alignment of 
Cyber, Information Warfare/Conflict/Operations and 
Intelligence (including all forms of security),” February 
2017. Critical times include elections, preparation for 
military operations, during campaigns to build public 
support, etc. 

28 Osinga op. cit. 

? Brose, op. cit., 10-11. The complement of 
"Information-Psychological" capabilities is "Information- 
Technical" efforts, which equate more to cyberwar. 

Ibid, 18-23. 
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?! Rand Waltzman, “The Weaponization of 
Information: The Need for Cognitive Security,” testi- 
mony before the Senate Armed Services Committee, 
Subcommittee on Cybersecurity on April 27, 2017, avail- 
able at <https://www.armed-services.senate.gov/imo/ 
media/doc/Waltzman_04-27-17.pdf>. Osinga, op. cit., 217. 

? Anne-Marie Slaughter, "America's Edge: Power in the 
Networked Century,” Foreign Affairs, January/February, 
2009. Looking back, many aspects of this article now 
seem optimistic, but the points about the strengths the 
United States can derive from its diversity and networking 
seem valid. 

? Brose, op. cit., 28. 

** James Kadtke and Linton Wells II, “Technology 
Is a Strategic National Security Component," Signal 
Magazine, January 2015, available at <http://www.afcea. 
org/content/?q=node/13831>. 

* Linton Wells II, “Prepared for Battle, But Not 
Prepared for War," Proceedings, (U.S. Naval Institute 
Press: November 2017). 

*6 Military information support operations— Planned 
operations to convey selected information and indicators 
to foreign audiences to influence their emotions, motives, 
objective reasoning, and ultimately the behavior of for- 
eign governments, organizations, groups, and individuals 
in a manner favorable to the originator's objectives. Also 
called MISO. (JP 3-13.2), available at <http://www.dtic. 
mil/doctrine/new_pubs/dictionary.pdf>. 

* This extends beyond inabilities to speak foreign lan- 
guages or unfamiliarity with the norms of other cultures. 
Richard E. Nisbett, in The Geography of Thought: How 
Asians and Westerners Think Differently...and Why, 2004, 
examines differences in basic thought processes between 
US/European and East Asian societies. During a recent 
Compexity Workshop in Singapore, Dr. Cheong Siew 
An, in a presentation entitled “Complex Narratives and 
Identities,” noted the difficulty in aligning cultural narra- 
tives with historical facts. 

38 Brose, op. cit.,15. 

* Joseph S. Nye, Jr., Soft Power: The Means To Success In 
World Politics, New York: Public Affairs, 2009. 

?' See, for example, CAPT Wayne Porter, TEDx talk 
"A National Strategic Narrative & Role of American 
Communities.” May 18, 2014, available at <https://www. 
youtube.com/watch?*v-BWOS]JeqrVs»and the broader, 
website available at <http://nationalstrategicnarrative.org/>. 

# See, for example: Peter Pomerantsev, Nothing 
Is True and Everything Is Possible: The Surreal 
Heart of the New Russia, Public Affairs, 2014; see 
also “Russia and the Menace of Unreality,” The 
Atlantic, September 9, 2014, available at «http:// 
www.theatlantic.com/international/archive/2014/09/ 
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russia-putin-revolutionizing-information-war- 
fare/379880/», accessed December 30, 2016. 

? Jerard, “Indomitable Hydra,” op. cit. 

8 Views expressed at Singapore’s International Risk 
Assessment Horizon Scanning Symposium (IRAHSS), 
July 18-19, 2017. 

“ The U.S. military traditionally has recognized 
six warfare functions: Command and Control (C2), 
Intelligence, Fires, Movement and Maneuver, Protection, 
and Sustainment. A review of the National Military 
Strategy (NMS) this year led to an annex on “Shaping the 
Joint Force” that directed the joint force to “treat informa- 
tion as a joint function.” Change 1 to Joint Publication 1, 
Doctrine for the Armed Forces of the United States, dated 
July 12, 2017, established information as the seventh joint 
function, available at <http://dtic.mil/doctrine/new_pubs/ 
jpl_chl1.pdf>. 

^ Studeman, op. cit. 

46 Patrick Tucker, “What the Announced NSA/ 

Cyber Command Split Means,” Defense One, August 

18, 2017, available at <http://www.defenseone.com/ 
technology/2017/08/what-announced-nsa-cyber-command- 
split-means/140362/>.Based on other reporting, it is not clear 
the NSA/Cyber Command split has been finalized. 

" See, for example, Linton Wells II, Motohiro Tsuchiya, 
and Riley Repko, Improving Cybersecurity Cooperation 
between the Governments of the United States and 
Japan <https://spfusa.org/wp-content/uploads/2017/02/ 
Improved-Cybersecurity-cooperation.pdf>, 4-9. 

‘8 Laity , op. cit. 

? Lin Qinghui briefing at Asia-Pacific Programme for 
Senior Military Officers (APPSMO), op. cit. 

°° SMA, “Leveraging Neuroscience for Understanding the 
Cognitive Battlefeld,” August 2017. 

5! These conflicts are shaped by diverse, dynamic 
forces, from accelerating technological change, to the 
Fourth Industrial Revolution as postulated by Dr. Klaus 
Schwab of the World Economic Forum in: Klaus Schwab, 
“The Fourth Industrial Revolution: What it Means, How 
to Respond,” January 14, 2016, available at «http://www. 
weforum.org/agenda/2016/01/>, accessed February 16, 
2016. Many of these issues are beyond the scope of the 
Defense Department's role, but there are steps that DOD 
can take to help the nation deal with them. 

?' The rapid spread of jihadist ideologies in Southeast 
Asia during 2015-17 shows an exceptionally nimble, 
nuanced and integrated use of non-state and trans-na- 
tional instruments. See Jolene Jerard, "Indomitable 
Hydra: Transnational Terrorist Threat,” presented 
at the Military Studies Programme Seminar 2017 at 
the S. Rajaratnam School of International Studies 
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(RSIS), Nanyang Technological University, Singapore, 
August 11, 2017. 

5 Studeman, op. cit. 

5 *Man-in-the-loop" refers to situations where people 
make the key decisions. “Man-on-the-loop” recognizes 
that some aspects of modern warfare, notable machine- 
to-machine computer operations move too quickly for 
people to be engaged at every step and so the person ON 
the loop must pre-delegate certain ranges of action to the 
autonomous subsystems when certain criteria are met. 
This is equivalent to delegating authority under “rules of 
engagement.” 

* Information flows that reinforce each other to sup- 
port a particular point of view, or world view, form an 
“echo chamber.” 
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Scope 


This paper was produced by the Combatting Targeted Disinformation Campaigns team 
under the auspices of the Public-Private Analytic Exchange Program — an initiative of the 
Office of Director of National Intelligence and managed by the Department of Homeland 
Security. The paper was based on open-source research and interviews with subject 
matter experts. All judgments and assessments are based solely on unclassified sources, 
are the product of joint private sector and U.S. government efforts, and do not necessarily 


represent the judgments and assessments of the employers of the Team members. 


Offensive and defensive cyber operations conducted by the U.S. government against 


foreign threat actors are beyond the scope of this paper. 
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Executive Summary 


Recent events have demonstrated that targeted disinformation campaigns can have 
consequences that impact the lives and safety of information consumers. On social media 
platforms and in messaging apps, disinformation spread like a virus, infecting information 
consumers with contempt for democratic norms and intolerance of the views and actions 
of others. These events have highlighted the deep political and social divisions within the 
United States. Disinformation helped to ignite long-simmering anger, frustration, and 


resentment, resulting, at times, in acts of violence and other unlawful behavior. 


All information consumers are vulnerable to being Fact Checkers 
deceived by imposters, charlatans, hucksters, con DISINEORM ATION = 
men, and self-proclaimed experts. But ideological Social Media 


- | Spread 
rigidity and intolerance of opposing views make R^Z]8visvris) Theories 


Deceive 


information consumers especially vulnerable to The Right 
such deception. In polarized environments, threat Figure 1 Disinformation (obtained from Defense.Info) 
actors find ample opportunity to spread disinformation. Their voices are amplified by 


disgruntled audiences willing and sometimes eager to spread messages of discord. 


In 2019, the Combatting Targeted Disinformation Campaigns team submitted the first of 


a two-part report on targeted disinformation campaigns.’ In the first report, we provided 


1 2019 Public-Private Analytic Exchange Program, Department of Homeland Security, Combatting 
Targeted Disinformation Campaigns: A whole-of-society issue, PDF file, October 2019, 
https://www.dhs.gov/sites/default/files/publications/ia/ia combatting-targeted-disinformation- 
campaigns.pdf (Accessed August 24, 2021). 
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a broad overview of targeted disinformation campaigns, described how disinformation 
enters the information ecosystem, how threat actors exploit modern technology, and how 
information consumers wittingly or unwittingly contribute to the spread of disinformation. 
We then suggested ways to counter these campaigns. We concluded that, to combat 
these campaigns, a comprehensive solution involving many sectors of society and lines 


of efforts was required. 


In our second paper, we expand on two themes explored in the 
first paper: 1) how to stem the supply of disinformation; and 2) 
how to reduce the demand for disinformation. In this paper, we 


recommend approaches that impact both supply and demand. 


None of these approaches are new; nor are they decisive by Figure 2 Dilok Klaisataporn, Shutterstock. 
themselves. When combined and implemented consistently, the sum is greater than the 


parts. 


Disinformation should not be viewed as a problem to be solved, but as a condition to be 


treated. There is no cure. However, preventative and alleviatory measures can be taken. 
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Recommendations 


eIdentification of sources of disinformation, when 

S feasible. We believe that threat actors should not be 

ource permitted to hide behind the veil of anonymity and 

" ; identifying them by name gives information 

attribution consumers important information as they evaluate 
the truthfulness of the information. 


eExposure of imposters who use false persona and 


Expo sure of fake credentials to dupe information consumers 
j online. If possible, we believe that uncovering 
imposte rs imposters should be done without revealing 


personally identifiable information about the person. 


«Greater control by information consumers over the 


U ser co ntrol sources of information that appear in their content 
feeds on social media platforms. We believe that 
over content giving information consumers greater control may 


help to limit the creation of echo chambers. 


eAccess to content alerts which identify information 
that is factually incorrect, fraudulent, misleading, or 
satirical. We believe that such alerts should be 
politically neutral and based on clear definitions of 
the categories used. 


Fact checking 


e Making information consumers aware of how they 


Psycholo gy of process online information and how their online 
T : activities facilitate disinformation campaigns will 
disinformation help them make better decisions regarding this 
information. 


einformation consumers who understand how to 

: f evaluate the impact of social media and other 

M edia lite ra Cy modern forms of communication on their ability to 
assess the trustworthiness of information will be 

more resilient to disinformation. 
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1. Disinformation Campaigns Are National Security Threats 


Disinformation campaigns are threats to national security because they have a 
corrosive impact on democratic institutions and civil society in the United States. 
A healthy democracy depends on well-informed citizens, the competition of ideas, and 


the willingness to compromise. Disinformation campaigns undermine all three. 


Disinformation campaigns have contributed 
measurably to divisions within U.S. society. 
Threat actors take advantage of these divisions 
and harness the power of social media 
platforms to spread disinformation to large 


audiences. At times, these disinformation 


campaigns influence the real-world behavior of nd Pillars 

information consumers. For example, Figure 3 Jimmy Margulies via AP (from ABC news). 
disinformation about the 2020 presidential elections impacted the lead-up to the events 
of January 6, 2021 in Washington, D.C. Furthermore, disinformation about the COVID-19 
vaccination program has undermined efforts to curb the virus and its variants. 
Disinformation also weakens international alliances and undermines U.S. attempts to 


project soft power abroad. 
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The launch of Sputnik | in 1957 sent shockwaves through 
the U.S. government. Fearing that the Soviet Union was 
surpassing the United States in technological and military 


prowess, the U.S. government responded by investing 


heavily in human capital and the development of 


Figure 4 Divided country (obtained 
from News Bharati). 


technology. Experts identified weaknesses in educational 
institutions from primary to graduate levels, insufficient investment in basic and applied 
research, and governmental bureaucracies ill-adapted to guide the changes deemed 
necessary to respond to the threat. Major sectors of society contributed to a whole-of- 
society response to the perceived threat. A similar response is needed today for 
disinformation campaigns. However, the divisions in our society hinder such a 


coordinated response. 
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In Finland, information literacy forms part of the national curriculum for primary and secondary 
schools. In math courses, instructors show students how statistics can be manipulated for the 
purposes of misleading others. In art classes, students learn how images can be altered to change 
their meaning. In language classes, students are exposed to different ways words can be used to 
mislead. And finally, students learn in history classes about past propaganda campaigns. 


In Malaysia, the Communication and Multimedia Ministry launched an information verification 
portal called "sebenarnya.my." The public can use this portal to request that the Ministry verify 
information found online. 


Germany introduced the "Act to Improve Enforcement of the Law in Social Networks" in 2017. This 
bill requires social media companies with over two million users in Germany to enforce 21 statutes 
in the German criminal code related to hate speech on their platforms. Platforms must review and 
delete unlawful content within 24 hours of receiving a complaint or be fined up to 50 million EUR. 


Efforts of other countries: Finland 2; Malaysia?; Germany? 


? Jon Henley, "How Finland Starts Its Fight against Fake News in Primary Schools," The Guardian, last modified January 29, 2020, 
https://www.theguardian.com/world/2020/jan/28/fact-from-fiction-finlands-new-lessons-in-combating-fake-news (accessed August 24, 2021). 

3 Fairuz Mohd Shahar, “Communications Ministry launches sebenarnya.my to quash fake news, information", New Straits Times, last modified March 14, 2017, 
https://www.nst.com.my/news/2017/03/220604/communications-ministry-launches-sebenarnyamy-quash-fake-news-information (accessed August 24, 
2021). 

^ Nina Jankowicz and Shannon Pierson, "Freedom and Fakes: A Comparative Exploration of Countering Disinformation and Protecting Free Expression", PDF 
file, Wilson Center, December 2020, 
https://acrosskarman.wilsoncenter.org/sites/default/files/media/uploads/documents/WWICS%20STIP%20Freedom%20and%20Fakes%20A%20Comparative% 
20Exploration%20o0f%20Countering%20Disinformation%20and%20Protecting%20Free%20Expression.pdf (accessed August 24, 2021). 
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2. Reducing the Supply of Disinformation 


Methods exist which can help slow, but not eliminate, the supply of 


disinformation. The challenge is breathtaking. The global information 


ecosystem enables the creation and distribution of information on an enormous scale. 


In 2020, 306.4 billion emails were sent and received per day worldwide. 
Tweets 
350,000 tweets are added per minute on Twitter. 
Videos 
720,000 hours (30,000 days) of video are uploaded on YouTube every day. 


The global dissemination of information: Emails; > Tweets; YouTube." 


In this section, we conclude that technological and non-technological solutions exist that 
can reduce the likelihood that disinformation will course through the information 
ecosystem and negatively impact the target audience. These methods include source 
attribution, fact-checking, and greater user control over algorithms used by social media 


platforms. 


*Joseph Johnson, "Number of sent and received e-mails per day worldwide from 2017 to 2025”, last modified April 
7, 2021, https://www.statista.com/statistics/456500/daily-number-of-e-mails-worldwide (accessed August 24, 
2021). 

$ "Twitter Usage Statistics," https://www.internetlivestats.com/twitter-statistics. (accessed August 24, 2021). 

? Maryam Mohsin, ^10 YouTube Stats Every Marketer Should Know in 2021" (Infographic), last modified January 
25, 2021, https://www.oberlo.com/blog/youtube-statistics (accessed August 24, 2021). 
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DISINFORMATION KILL CHAIN 


"Find the cracks” ^ "Weaponize" "Launch Campaign"  "Fertilize” “Watch it grow” “Manipulate” 


ANALYZE TARGET CON PUTES : — ARTICLE ABOUT MALE AT | - | 
D [ EMT z r j | 
AUDIENCE AES DESIGN CONTENT sane ise wéCITE CONFLICT | 
AMANTE INTO: PREPARE SELECT BRTTLAL | SHARE = USEFUL IDIOTS MANUFACTURE 
EXVEROM MENT ENVIRDNMENT EROP DILE RE CONSENS NEOR 
DESIGN ACTIVATE DELIVER DUPLICATE VIA AUTHENTIC DENY THERE 
EXECUTBION PLAN PERSONAS CONTEHT OTHER ACCOUNT WVORCES INVOLVENIERNT | "TRUTH" 


Note: A disinformation threat actor may skip steps in the kill chain process. However, doing so can reduce the effectiveness of the campaign and erode 
protections aimed at obfuscating the identity and objectives of the actor. Source: Adam Cambridg of The MITRE Corporation 


Information Types 


ACTIONS ON 


Propaganda bas a political commotahon andl as often connected to mformation produced by govemments {ihe limes between advertising, pollicety, eed propaganda are cdlen unclear 
Diinformsties is macudfactured information that is deliberately created of disseminated with the imieni to com: harm 

Mixinfermatiom zs false enformaticn tban without the extent to milad 

MialinEsrmatiam os zenuime mionnan, rypscally privat of reveal. that may Ee distributed En a campasgn bo caue harm toa pensons regastalion to further the campaign s objective 


luagihrutc Information Rot Eraereepunrerrt um sis cnra amne affiliation. The murte of the information tries Bo maak th origin aed shentiby 


Authentic Information il transpaeees in six origins aad affiliation The source al the imforgsaton i anhidden 
Arar 
lee Dida, “iio Deore Tha remia Clic Fir? Degli Jus 201, bapa- orsicir dieran org ap comit apicc 20 UE CT anciens piany pth ERA 
anie eric i cof oisatlarsiar Ta Saari A Fai al Y eiua Tika geo] Jada: seii ts VT 3. UK. Laus Ama, Mii Taar L1 Aras SOE, bapa caca ee eiie "gg, ftu at 


Figure 5 Source: The MITRE Corporation. 
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2.1. Source Attribution and Anonymity 


ob Providing information about the threat actors responsible for disinformation 
CA campaigns can help slow the spread of disinformation since the source of 
information influences how information consumers evaluate the truthfulness of the 
information and the decision to later share the information. This method is called source 
attribution. Source attribution can be conducted in a manner that safeguards the 


constitutional and statutory rights of U.S. citizens to privacy and the freedom of speech. 


In the United States, anonymity has long been considered a necessary component of the 
freedom of speech. However, anonymity on the Internet is a mixed bag. It not only 
promotes the discussion of sensitive topics, but also facilitates uncivil behavior and the 
spread of disinformation. In the next two sections, we consider source attribution of both 


foreign and domestic threat actors. 


2.1.1. Identifying Foreign Actors 


"Naming and shaming” is an approach to countering disinformation in which 
threat actors behind disinformation campaigns are publicly identified. When 
threat actors use fake personas to deceive, information consumers may decide to 
disregard the threat actor and the disinformation associated with that threat actor when 
the deception is uncovered. Once a threat actor is publicly identified, they will be shamed 


into altering course. 
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Our deeply-felt national scruples about misidentifying a fake account or inadvertently silencing 
someone, however briefly, create a welcoming environment for malign groups who masquerade 
as Americans or who game algorithms... When tech platforms or regulators strive to take 
meaningful action to suppress abuse of their platforms and our American polity, there are waves 


ons 


Private companies have publicly attributed malicious cyber incidents to foreign state 
actors.? The benefits of doing so are usually short-lived since the threat actor will likely 
change tactics in response. These companies have stated several reasons for engaging 
in this activity, including supporting internal government discussions by allowing 
employees not possessing the appropriate security clearances to view information that 
would likely be classified if provided by the federal government, providing corroborating 
information for other information gathered by the federal government, and underscoring 


to the public the reach of the cyber incident.? 


One method of disseminating this information is through source alerts. Researchers at 


Harvard University tested whether source alerts help to reduce the likelihood that 


8 Sasha Romanosky and Benjamin Boudreaux, “Private Sector Attribution of Cyber Incidents: Benefits and Risks to 
the U.S. Government”, PDF file, Rand, January 2019, 
https://www.cs.dartmouth.edu/~ccpalmer/teaching/cs55/Resources/Papers/RAND_WR1267.pdf (accessed August 
24, 2021). 

? Ibid., 17-20. 
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information consumers will believe or share 


political messages. Limiting the study to foreign 


sources of information and two social media B 
platforms (Twitter and Facebook) the [ex - 

(EJ) @) Follow 
researchers explored whether general (“foreign Example Organization o 


& Russia state-affiliated media 


government’) — and specific (“Russian 


9 United States 


250 Following 53.2K Followers 


government") source alerts did have such an 


Tweets Tweets & replies Media Likes 


effect.'? In assessing how the participants in Example Organization ® @exa...- 1h 


& Russia state-affiliated media 


Three generations of people living in the 


the study viewed the truthfulness of the United States reflect on the past and 


their hopes for the future. Read more at... 


information. the researchers found that the Figure 6 State-affiliated media account labels (obtained from 
d Twitter ) 


effects were more significant for specific source 
alerts than for general ones. Exposure to specific source alerts reduced the probability 
that the participants would find the disinformation truthful. General and specific source 


alerts reduced the tendency to "like" or share the disinformation on Twitter only. 


FireEye, CrowdStrike, Dell SecureWorks, and Cisco Talos have publicly identified foreign 
threat actors.11 In recent years, both Facebook and Twitter have increased the use of 
specific source alerts and have tied disinformation campaigns to foreign actors such as 


the Iran Broadcasting Company and the Royal Thai Military. 1? 


10 Jason Roos Arnold et al., “Source alerts can reduce the harms of foreign disinformation”, PDF file, Harvard 


Kennedy School Misinformation Review, May 2021, https://misinforeview.hks.harvard.edu/wp- 


content/uploads/2021/05/arnold source alerts foreign disinformation 20210510.pdf (accessed August 24, 
2021). 


11 Romanosky and Boudreaux, “Private Sector Attribution of Cyber Incidents: Benefits and Risks to the U.S. 
Government." 6. 

12 Josh A. Goldstein and Shelby Grossman, “How disinformation evolved in 2020", Tech Stream, Brookings, last 
modified January 4, 2021, https://www.brookings.edu/techstream/how-disinformation-evolved-in-2020 (accessed 
August 24, 2021). 
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Developed by OpenAI, GPT-3 
uses neural networks and 
machine learning to generate 
automated text in response to 
prompts from humans. These 
texts are difficult to differentiate 
from those written by humans. 


Figure 7 OpenAl, GPT-3. 
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There are risks associated with 
source attribution. Such source 
attribution invites blowback 
from these threat actors and 
may undermine ongoing federal 
law enforcement, intelligence, 


and diplomatic efforts. 


The evidence that such naming 


“shames” foreign actors into modifying their behavior is thin.'? However, identifying 


specific foreign threat actors behind disinformation campaigns gives information 


consumers the opportunity to evaluate the information with this source attribution in mind 


and therefore we recommend such attribution when circumstances allow. 


*« Recommendation 1: Identify Foreign Sources of Disinformation 


2.1.2. Identifying Domestic Actors 


^ 


ON Since the 2016 U.S. presidential election and the emergence of the COVID- 
mS 


19 pandemic, the focus on disinformation campaigns has shifted from foreign 


13 Jack Snyder, “Backlash against naming and shaming: The politics of status and emotion”, The British Journal of 


Politics and International Relations 22, no 4 (2020): 644-653. 
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threat actors to domestic ones. '^ On balance, disinformation campaigns originating from 
domestic actors are more enduring and damaging than those originating from foreign 
actors.!? But, when domestic actors are involved, even if co-opted by foreign actors, the 
factors that bear on the decision to identify domestic actors differ in important ways from 


those that apply to foreign actors. 


Both private and public entities have legal obligations 
to protect information they collect about information 
consumers. This obligation depends on the type of 
information collected and how it was collected. Private 
entities generally have no legal obligation to protect 


information about information consumers with whom 


oW 
PANDEMIC PROFITEERS 


The business of anti-vaxx information was gathered through licit means. 


they have no fiduciary relationship, provided the 


Therefore, these private entities are free to publish 


CCDH / this information when it suits their purpose. For 


counterhate.com 


Rl INTEN E AE E N example, in a report published in March 2021, the 


Countering Digital Hate. 


Center for Countering Digital Hate named twelve 


information consumers responsible for 73% of anti-COVID-19 vaccine content online. 18 


M Larry Luxner, "Ahead of the 2020 US elections, the disinformation threat is more domestic than foreign", Atlantic 
Council, last modified September 23, 2020, https://www.atlanticcouncil.org/blogs/new-atlanticist/ahead-of-the- 
2020-us-elections-the-disinformation-threat-is-more-domestic-than-foreign (accessed August 24, 2021). 

15 Richard Stengel, "Domestic Disinformation Is a Greater Menace Than Foreign Disinformation", Time, last 
modified June 26, 2020, https://time.com/5860215/domestic-disinformation-growing-menace-america (accessed 
August 24, 2021). 

16 Center for Countering Digital Hate, "The Disinformation Dozen: Why Platforms Must Act on Twelve Leading 
Online Anti-Vaxxers", PDF file, March 24, 2021, https://252f2edd-1c8b-49f5-9bb2- 
cb57bb47e4ba.filesusr.com/ugd/fAd9b9 b7cedc0553604720b713718663366ee5.pdf. (accessed August 24, 2021). 
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The report included the name, photo, and screenshots of posts on Facebook and Twitter 
of each individual. The New York Times later published a more detailed article on the 


person listed in the report as the greatest offender." 


Whether the identification of domestic threat actors by private entities helps to stem the 
spread of disinformation is unclear. While naming and shaming may be superficially 
appealing as a method of exacting a price from those who peddle in disinformation, such 
naming and shaming might make matters worse by provoking a fierce backlash from 
those sympathetic to the views of the information consumers identified. In the end, this 
further entrenches both sides in their respective ideological positions. 18 Since polarization 
is a primary reason for the success of disinformation campaigns, attempting to counter 
these campaigns with methods which may generate even more polarization seems 
questionable. Also, revealing the identities of domestic threat actors and other personally 
identifiable information can render these information consumers vulnerable to 
harassment or more egregious forms of retaliation. 19 We do not condone harassment and 


vigilantism as means of responding to domestic threat actors. 


Absent suspicion of criminal activity or a legitimate government purpose pursuant to clear 
legal authority, government monitoring of the opinions and activities of U.S. persons is 
problematic. Although federal and state law penalize false statements in judicial 


proceedings and official documents and information consumers may be liable for words 


17 Sheera Frankel, “The Most Influential Spreader of Coronavirus Misinformation Online”, N.Y. Times, last modified 
July 24, 2021, https://www.nytimes.com/2021/07/24/technology/joseph-mercola-coronavirus-misinformation- 
online.html (accessed July 30, 2021). 

18 Ibid. 

19 Kim Zetter, “Cyberbullying Suicide Stokes the Internet Rage Machine", Wired, last modified November 21, 2007, 
https://www.wired.com/2007/11/cyberbullying-suicide-stokes-the-internet-fury-machine (accessed August 24, 
2021). 
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that incite violence, defraud, or defame, disinformation, much less misinformation, is not 


illegal in most cases. 


2.1.3. Uncovering Imposters 


UJ An alternative to naming specific domestic threat actors is to alert information 
consumers to those threat actors who assume fake persona or claim to have 
credentials which they do not have. The status of the threat actor plays an important role 
in influencing the perceived trustworthiness of that threat actor.? Someone who claims 


to be an epidemiologist will likely be viewed as more reliable on the topic of coronaviruses 


than a person who claims to be a bus driver. 


Information consumers who assume fake personas or claim 
fake credentials to deceive others for illegitimate purposes 
have no moral or legal standing for protection for their fraud, 
which is a form of disinformation. Revealing that credentials 
are fake can be accomplished without identifying the threat 


actor by name or by other information which can be tied to 


a specific person. 


Figure 9 Fake identities, (obtained from 


Wonder How To). 


? Edward L. Glaeser, "Measuring Trust", PDF file, The Quarterly Journal of Economics, (August 2000): 811-846. 
https://scholar.harvard.edu/files/laibson/files/measuring trust.pdf (accessed August 24, 2021). 
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Threat actors who spread disinformation often seem to act with impunity, facing few 
negative consequences for the harm that they cause. In some circles, their disinformation 
may enhance their status and generate lucrative opportunities for them due to the 
attention that they draw. Legal actions against threat actors are available, but limited in 
number, and invariably costly and time-consuming. In a deeply divided society, shunning 
and ostracism no longer have the practical import they may have had in earlier 
generations. The lack of perceived consequences encourages threat actors to continue 
their activities. We acknowledge the challenges in today's environment and believe that 
punitive measures are less effective than measures which provide information about the 


threat actors upon which information consumers can make better informed decisions. 


*« Recommendation 2: Uncover Imposters 
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2.2. Social Media Algorithms & Fact-Checking 


Challenging disinformation by fact-checking the information and making the 

V results of this fact-checking publicly available is an important method of 
combatting disinformation campaigns. Disinformation which spreads unchecked through 
the information ecosystem will ultimately end up in the content feeds of social media 
platforms. Algorithms determine much of the content which ends up in these feeds. By 


allowing information consumers more control over these algorithms and the sources 


which these algorithms utilize, information 


consumers may have a greater ability to 


SPONSORED 
CONTENT 


exclude known sources of disinformation. 


Figure 10 Misinformation, (obtained from Agility PR Solutions). 


2.2.1. Social Media Algorithms 


O- Social media companies use algorithms to sort, index, prioritize, and 
Li—O sometimes suppress the content generated by users of their platforms. These 
companies can manipulate these algorithms to enhance the profitability of their platforms 
by attempting to keep users engaged on their platforms as much as possible through 
attention-grabbing features such as likes, comments, streaks, and recommended posts 
and people to follow. User activities are recorded, quantified, and used to tailor the user's 


experience while on the social media platform. On the one hand, algorithms simply give 
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the user more of what the user's activity on the platform seems to indicate the user wants. 
On the other hand, these same algorithms potentially create polarizing echo chambers 


by excluding contrary views. 


In April 2021, the United States House of Representatives Subcommittee on Privacy, 
Technology, and the Law, a subcommittee of the Committee on the Judiciary, met to 
discuss the impact of algorithms.?' Several panelists warned of the dangers of algorithms 
and broadly echoed the sentiments of others who claim that algorithms affect how we see 
the world7?, erode our ability to freely make choices??, inherently create polarization?^, 
and create dangerous feedback loops?*. The panelists offered solutions ranging from 
robust federal oversight to a new digital infrastructure which avoids the many problems 


created by social media platforms in their current forms. 


Algorithms influence decision-making in many sectors of society from determining 
insurance rates to assessing the volatility of stock prices on Wall Street. Algorithms 


require data to function, which comes in the form of user input on social media platforms. 


?! Algorithms and amplification: How Social Media Platforms' Design Choices Shape Our Discourse and Our Minds, 
117" Congress, Subcommittee on Privacy, Technology, and the Law, Committee on the Judiciary, U.S. Senate, April 
27, 2021, https://www.judiciary.senate.gov/meetings/algorithms-and-amplification-how-social-media-platforms- 
design-choices-shape-our-discourse-and-our-minds (accessed August 24, 2021). 

? Joanna Stern, “Social-Media Algorithms Rule How We See the World. Good Luck Trying to Stop Them, Wall 
Street Journal, last modified January 17, 2021, https://www.wsj.com/articles/social-media-algorithms-rule-how- 
we-see-the-world-good-luck-trying-to-stop-them-11610884800 (accessed August 2, 2021). 

23 Lewis Mitchell and James Bagrow, "Do social media algorithms erode our ability to makes decision freely? The 
jury is out", last modified October 11, 2020, https://theconversation.com/do-social-media-algorithms-erode-our- 
ability-to-make-decisions-freely-the-jury-is-out-140729 (accessed August 3, 2021). 

24 Charles Johnston, "How Social Media Platforms Inherently Create Polarization”, Psychology Today, last modified 
November 29, 2020, https://www.psychologytoday.com/us/blog/cultural-psychiatry/202011/how-social-media- 
algorithms-inherently-create-polarization (accessed August 3, 2021). 

25 Ben Dickson, “What makes Al algorithms dangerous?", TechTalks, last modified June 10, 2020, 
https://bdtechtalks.com/2020/06/10/ai-weapons-of-math-destruction (accessed August 3, 2021). 
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Input into algorithms helps to determine the output of these 
algorithms. Social media platforms ultimately determine what 
content the algorithms feed into the content streams of users. By 


providing control of the data that the algorithm uses, platforms 


may help to ensure users have control over their individual 


ES 
Output 


experiences on the platform. Regular reminders to review the I 


information that the algorithms use and make adjustments, if <x > 
necessary, can help keep users engaged in the process of 


determining the content that shows up in their content feeds. 


*4* Recommendation 3: Grant Users More Control over Content Feeds 


2.2.2. Fact-checking 


In general, publishers of information have an ethical, legal, and fiduciary 


responsibility to ensure that they publish information that is accurate. When 


mistakes are uncovered, publishers can retract articles and posts, send 
amended versions, and publicly announce the course of action taken to remedy the 
situation. Notable exceptions are media sites whose content is for satirical purposes or 
entertainment shows that generate fake news for comic effect. Social media companies 
are not publishers in the traditional sense of the word. These companies provide platforms 


where users of these platforms can add content. The user-driven content on these 
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platforms does not imply that the social media companies endorse the content. While 
these companies usually grant users the ability to moderate content on the pages and 
groups formed by the users themselves, content is not first subject to pre-approval by the 


social media companies prior to posting. 


Social media companies arguably play an outsized role 
Between April and 


June 2020, Facebook 
removed 7,000,000 
posts containing 


in providing access to news and providing a means to 


share news and other types of information. The power 


false information 


to determine what content is permissible on a social 
about COVID-19. 


media platform and what is not is a power that social 


Figure 12 Reuters. 


media companies should exercise with great discretion. 
These determinations should be made based on impartial and easily understood 
guidelines. Alerting users to the accuracy of information appearing in content feeds plays 


a useful role in encouraging users to make informed decisions. 


Social media platforms, third-party entities, and users themselves can play a role in fact- 
checking information. If information is determined to be false, the information can be 
labeled as such, deleted, or supplemented by facts. To minimize the politicization of the 
process of removing or correcting disinformation, clear distinctions should be drawn 


between fact-checking, content moderation, and what constitutes improper censorship. 


The goal of fact-checking is not to promote or suppress points of view, but to make sure 
that the information presented can be supported by verifiable information. We urge all 


fact-checkers to adhere to the principles identified below: 
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A Commitment To: 


Figure 13 International Fact Checking Code of Principles, IFCN. 
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PesaCheck 


ap d 


IDENTIFY CLAIM FIND DATA VERIFY CLAIM PUBLISH FINDINGS 
Scrutinize st ntify evidence and Assess the Find other sources to Attribute all quotes and 
IDE the context trustworthiness of the corroborate the lings Jata to the appropriate 
public figures ar Jata based on source Explain any variance or sources, Giving everyone 


Tr ermines the 1 nentioned th« 
entities. Are the sources ; rm age j context discrepancies. nti he right of 


credible? yate conclusion Dee 


Figure 14 The Fact Checking Process, (obtained from PesaCheck). 
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There are different methods of notifying readers that information has been fact-checked, 


but found to be unverifiable or false. 


Labeling Debunking 


Information consumers 

can build up immunity to L Halts 

disinformation by being or misleading is labeled meee ons i 

exposed to weaker 8 countered by providing 
J as such. 

versions of facts. 

disinformation over time. 


Fal isleadi 
Information that is false P E RS 


Researchers have found that the timing of fact-checks provided to readers makes a 
difference.?® In one study, participants were exposed to 18 true headlines and 18 false 
headlines with true and false tags before (prebunking), during (labeling), and after 
(debunking) reading the headlines. The participants rated the accuracy of each headline. 
A week later, the participants were asked again to rate the accuracy of each headline. In 
comparison to prebunking and labeling, debunking had the greatest impact on their ability 


to discern the truthfulness of the headlines. 


More research needs to be conducted into the efficacy of one method versus another, 
particularly on a longer time scale. However, having accurate information does not 


necessarily lead to a change in belief.?7 Some researchers maintain that the effect is 


26 Nadia M. Brashier et al., "Timing matters when correcting fake news", PNAS 118, no 5 (2021): e2020043118. 
https://doi.org/10.1073/pnas.2020043118 (accessed August 24, 2021). 

27 Oscar Barrera et al., “Facts, alternative facts, and fact checking in times of post-truth politics", Journal of Public 
Economics 182, (2020). https://doi.org/10.1016/j.jpubeco.2019.104123 (accessed August 24, 2021). 
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weak.?? Overall, the impact of fact-checking alone is limited.?? The ability to spread 
disinformation far outpaces the ability to fact-check. Therefore, fact checkers need to 
prioritize where they can best employ their resources. We conclude that challenging 


misinformation and disinformation online is preferable to allowing both to flow unchecked. 


*« Recommendation 4: Increase Fact-Checking Efforts 


3. The Demand for Disinformation 


Disinformation campaigns wreak havoc because information consumers 


consume the disinformation, share it with others, and act upon it. For a 


variety of psychological and social 
A cognitive bias is a systemic error in 


reasons, information consumers are tempted to thinking that occurs when people are 
processing and interpreting 
believe disinformation without weighing whether information in the world around 


them and affects the decisions and 
judgments that they make. 


the disinformation is supported by evidence or 


sound reasoning. Kendra Cherry 


Understanding the influence of cognitive biases 


and why information consumers make different choices about what to believe and share 


?? Nathan Walter, et. al., "Fact-checking: A Meta-Analysis of What Works and for Whom”, Political Communication 
37, no 3 (2020): 350-375, DOI: 10.1080/10584609.2019.1668894 (accessed August 24, 2021). 

?? Andrew Tompkins, "Is fact-checking effective? A critical review of what works — and what doesn’t”, DW 
AKADEMIE, last modified December 10, 2020, https://www.dw.com/en/is-fact-checking-effective-a-critical-review- 
of-what-works-and-what-doesnt/a-55248257 (accessed August 2, 2021). 
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with others can help make them more resilient to threat actors who exploit the way 


information consumers think and interact with one another. 


Threat actors are not alone in attempting 
to use the lessons of cognitive science and 
group psychology to their advantage. 
Governments, religious authorities, and 


retail advertisers have long taken 


Figure 15 Comforting Lies vs. Unpleasant Truths (obtained from advantage of psychological and social 
News Literacy Matters). 


characteristics of information consumers 
to induce conformity, sell products, discourage harmful health habits, and otherwise steer 
thinking and behavior in a desired direction. Information consumers use reverse 
psychology or play on known weaknesses of others to achieve certain aims. Information 
consumers are not always aware of these efforts to manipulate them. 


The information ecosystem has a 


An environment is, after all, a complex 
message system which imposes on human 
beings certain ways of thinking, feeling, and 
behaving. It structures what we can see and 


contaminated by disinformation can say and, therefore, do. It assigns roles to us 


profound impact on how we view the 


world. An information ecosystem 


and insists on our playing them. It specifies 
influence people to think, feel, and what we are permitted to do and what we are 


behave in ways not informed by 


evidence, but by the duplicity of 


determined threat actors. 


In this section, we conclude that information consumers can become more resilient to 


disinformation online by understanding how their brains process information, improving 
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their ability to think critically, and becoming aware of how their online activity can facilitate 


the spread of disinformation. 


3.1. Cognitive Bias 


The mechanisms by which human brains process information make 

information consumers vulnerable to disinformation. For the human brain to 
process the enormous amounts of sensory input it receives; the brain has evolved mental 
shortcuts or "cognitive biases". However, these cognitive biases can undermine the ability 
to identify relevant facts, weigh the relevance of these facts, and form coherent courses 
of action based on these facts. Confirmation bias, belief bias, and the bandwagon effect 
are cognitive biases that are particularly relevant to understanding disinformation 


campaigns. 


Confirmation bias 


Information consumers who rely primarily on sources of information that 


conform to their ideological preferences are particularly vulnerable to 


disinformation. The design of online search engines, social media 
Figure TR-Tusfer VISION platforms, and smartphone applications, plus the availability of 
(obtained from Aftercare.com). 

cable news programming catering to specific audiences, make it easy to screen 


information consumers from viewpoints that conflict with their ideological preferences. °° 


30 Silvia Knobloch-Westwick and Steven B. Kleinman, "Preelection Selection Exposure: Confirmation Bias Versus 
Informational Utility", Communication Research 39, no. 2 (2012): 170-193. 
https://doi.org/10.1177962F0093650211400597 (accessed August 24, 2021). 
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Belief bias 


Information consumers tend to favor data and arguments 


which support their predetermined conclusions and view 


more harshly data and arguments which do not. While 


Figure 17 See hear speak no evil 


cartoon (obtained from VectorStock). researching the spread of disinformation prior to the 2016 


presidential election, researchers determined that whether a news item was accepted as 
true or rejected as false by information consumers strongly depended on how much it 


conformed to their belief system.?' 


Bandwagon effect 


Information consumers tend to adopt the beliefs that other 


people in their political and social networks have. Research 


if j A 


: . has shown that exposure to pre-election polls increases the 
Figure 18 Blind Leading the Blind : . : : . -- En 
(obtained from Conversion Uplift). likelihood that voters will side with majority opinions. 32 


Cognitive biases facilitate analytical errors, lapses in judgment, faulty conclusions, hasty 
generalizations, and other defects in sound reasoning. Since cognitive biases are 
features of the human brain, learning how to minimize their impact by developing critical 


things skills is essential to building resilience to disinformation.?? 


31 Giovanni Luca Ciampaglia and Filippo Menczer, “Misinformation and bias infect social media, both intentionally 
and accidentally", The Conversation, last modified June 20, 2018, https://theconversation.com/misinformation- 
and-biases-infect-ocial-media-both-intentionally-and-accidentally-97148 (accessed August 24, 2021). 

? Mike Farjam, "The Bandwagon Effect in an Online Voting Experiment With Real World Political Organizations", 
PDF file, International Journal of Public Opinion Research vol 33 (2) (Summer 2021): 412-421. 
https://doi.org/10.1093/ijpor/edaa008 (accessed August 24, 2021). 

33 Paul Machete and Marita Turpin, “The Use of Critical Thinking to Identify Fake News: A Systematic Literature 
Review”, PDF file, IFIP International Federation for Information Processing, (2020): 235-246. 
https://link.springer.com/content/pdf/10.1007962F978-3-030-45002-1 20.pdf (accessed August 24, 2021). 
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When it comes to assessing risk, humans often fail to make rational decisions SON 
because our brains take mental shortcuts that prevent us making the correct 

choice. Since the 1960s behavioural scientists and psychologists have been 

researching these failings, and have identified and labelled dozens of them. 

Here are some that can cause havoc when it cornes to assessing risks in business 


Cognitive bias 


® Social Financial 6 Failure to estimate 6 Short-termism 


GAMBLER'S FALLACY 
Believing that future probabilities are 
altered by past events. when in fact 
they are unchanged. 


ANCHORING EFFECT "The first test seemed 
Relying too much on the initial piece of OK. Do we need to look 
information offered when making decisions any more?” 


"The conveyor belt broke three 
times last month. It's pretty 
unlikely itl! happen again." 


AVAILABILITY HEURISTIC “I saw something very similar 


f 4 he deal 
Overestimating the importance and to this on Linkedin. We need Let's just get t 
likelihood of events given the greater 4 " done ASAP” 


availability of information 


Basing the strength of an argument 
on the believability or plausibility of 
the conctusion 


to take it seriously” 


“The whole department 
knows there's no 
problem here 


“I didn't quite follow your 
—— argument but the conclusion 
seems about right" 


"Let's ignore Sarah's 
views on this one 
She's biased" 


“This is the second week in a 
row that this has happened 
There must be a problem* 


We did loads of 
simulations. Most of them 
showed there's no problem” 


"The last time we discussed 
this the meeting lasted for 
hours. Let's move on* 


“| know it will cost a fortune 
to fix but it cost us £15,000 
We can't just throw it away." 


Figure 19 Cognitive Bias, Raconteur. 


"This worked fine in the 
factory in the Korea. it 
should work fine here 


"Looks like we've run 


later reward 


ILLUSION OF VALIDITY 


Overestimating our ability to make 
accurate predictions, especially when 
data appears to tell a coherent “story” 


out 


of time to discuss this” 


"We made a good 


call on that one” 


"Our competitors are 


oactively ascribe positive 
to an option one has selected 


only 


doing well because their 


products are cheap” 


"Now we've got the new 
| equipment we can cut the 


time spent on maintenance” 


"If it ain't broke - don't fix it 


"Dave from tech is worried 
but frankly the tech team 
are always pessimists" 
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RISK COMPENSATION 
Taking bigger risks when perceived 
safety increases, being more careful 
when perceived risks increases. 


STATUS QUO BIAS 


Preferring the current state of affairs 
ower change 


XACONTEUR 


34 
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3.2. Emotional reactions to disinformation 


d Strong emotions influence the ability of information consumers to process 
information. Information that elicits strong emotions can overwhelm an 
individual's ability to think rationally and make prudent decisions. Strong emotions fuel 
"outrage culture" and lend their force to the incessant volleys of mutual recriminations 
which are commonplace on social media platforms. Threat actors start disinformation 
campaigns not to inform, but to agitate, provoke, incite, and inflame. By doing so, they 


render their audiences more receptive to the disinformation they wish to promote. 


The belief in the truthfulness of fake news is largely 
dependent on whether the information consumer relies 


primarily on reason or emotion to assess the information.?^ 


The more the information consumer relies on emotion, the 


Í i " : : . Figure 20 Angry Comments on Social 
more likely the information consumer is to believe in the fake media (obtained from ISM Works). 


news. Additionally, information consumers are more likely to share information if that 
information provokes emotional reactions.?? Researchers determined that the ability to 
attract an information consumer's attention is key to whether the information consumer 


will later share this information. Information that does not elicit strong emotions is less 


34 Cameron Martel, Gordon Pennycock, and David G. Rand, “Reliance on emotion promotes belief in fake news”, 
Cognitive Research: Principles and Implications. 5:47 (2020). https://doi.org/10.1186/s41235-020-00252-3 
(accessed August 24, 2021). 

35 William J. Brady et al., “Emotion shapes the diffusion of moralized content in social networks”, PNAS 114, no. 28 
(2017): 7313-7318. Doi: 10.1073/pnas.1618923114 (accessed August 24, 2021). 
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likely to attract the attention of information consumers and therefore less likely to be 


shared. 


The circumvention of thoughtful deliberation before acting, rather than the presence of 
strong emotions, is the key issue. Information consumers often make poor decisions in 
the heat of the moment, and when blinded by outrage or the desire for revenge. When 
information consumers encounter information online which elicits such reactions, these 


feelings should give the individual pause. 


3.3. The Psychology Behind Sharing Information Online 


; Information consumers who share disinformation help sustain disinformation 
rs campaigns and contribute to the rapid spread of disinformation through the 
information ecosystem. Research suggests that relatively few people 
intentionally share disinformation on social media.?9 Three main factors that drive the 
decision to share disinformation are consistency, consensus, and authority.?/ First, the 
disinformation is consistent with the beliefs that the information consumers already 
possess. Second, the information consumer believes that most people in his or her social 
group believe the disinformation. Third, the information consumer believes that the 


disinformation derives from an authoritative source. 


36 Tom Buchanon, “Why Do People Share Disinformation on Social Media?", PDF file, Policy Brief, September 2020, 
https://crestresearch.ac.uk/download/3040/20-017-03-disinformation-on-social-media.pdf (accessed August 24, 
2021). 

37 Tom Buchanon, "Why Do People Spread Disinformation Online: The effects of message and viewer 
characteristics on self-reported likelihood of sharing social media disinformation", PLoS ONE 15, no 10 (2020): 
e0239666. https://doi.org/10.1371/journal.pone.0239666 (accessed August 24, 2021). 
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— Other factors also play a role in the 


#StandWithHer Š 
decision to share disinformation. 


LPNA E TI 
PLEASEL *. No ” | Information consumers may share 
SOMETHING! f mM l l l 
disinformation on social media 


j platforms to demonstrate allegiance to 


Dx 
b 
ar 


q 


a particular idea (similar to virtue 


signaling), to share novel information, 


Figure 21 Eric Allie/Cagle Cartoons. or to draw attention to themselves to 
increase ‘likes’, ‘views’, or ‘followers’. Political partisanship motivates information 
consumers to share disinformation when this disinformation can be used to counter the 


arguments of political opponents. 38 


Social media platforms have features that incentivize information 


consumers to share information. These features often have addictive ev og 


Messages Twitter Messenger 


qualities that make it difficult for information consumers to resist the a | f = 


Slack Facebook Mail 


temptation to share information, including disinformation, or to disengage a £ » 
un . 


from the platform entirely. Before sharing information online, we encourage k ©) 4 4 


information consumers to critically examine the information they wish to share and the 
motives they have for sharing it. Disinformation at rest is far less effective than 


disinformation in motion. 


38 Mathias Osmundsen et al, “Partisan Polarization is the Primary Psychological Motivation behind Political Fake 
News Sharing on Twitter,” American Political Science Review 115, no 3, (2021): 1-17. 
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o- o5 o5 


Edelman Trust Barometer 2021. 


4. Media Literacy and Critical Thinking Skills 


Media literacy is the application of critical thinking skills to forms of information, 

V whether print newspapers and magazines, along with their online counterparts, 
broadcasts on television and radio, online video or podcasts, and on social media 
platforms or messaging apps. Media literacy efforts typically involve training information 
consumers how to differentiate fact from opinion, how to assess sources of information, 


and how information can be manipulated to deceive the audience. Research suggests 
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that media literacy efforts can assist information consumers to distinguish real news from 


fake news.?? 


Other approaches include helping information consumers understand the cognitive and 
mental health impact of using social media and other digital sources of information and 
helping them negotiate the many hazards found online.*° One researcher maintains that 
media literacy efforts should encompass not only traditional forms of media, but also the 
information that passes through their networks of online connections.*’ Using this 
approach, information consumers can more clearly appreciate their own roles in the 
dissemination of disinformation. An article, video, podcast, or photograph shared, a 
retweet, a like, a comment, a post to a listserv, all may have more impact than an 


individual might foresee. 


Learn to Discern 


It's about skill building, not 
prescribing a list of “good” or “bad” 


information sources to 
Va A participants, or to criticize their 
choice of news outlets. 


A m 


Trainers Manual XK IREX 


Figure 22 IREX Media Literacy Training Manual. 


39 Andrew Guess et al., “A digital media intervention increases discernment between mainstream and false news in 
the United States and India”, PDF file, PNAS Vol. 117, no.27 (2020): 15536-15545. 
https://www.pnas.org/content/pnas/117/27/15536.full.pdf (accessed August 24, 2021). 

^ Amy Callahan, “Media Literacy Isn't Coming to Save Us (But We Can Make It Better)", EdW, last modified January 
23, 2019, https://www.edweek.org/teaching-learning/opinion-media-literacy-isnt-coming-to-save-us-but-we-can- 
make-it-better/2019/01 (accessed August 24, 2021). 

^! Dana Boyd, "You Think You Want Media Literacy...Do You?,” Points: Data & Society, last modified March 9, 2018, 
https://points.datasociety.net/you-think-you-want-media-literacy-do-you-7cad6af18ec2 (accessed August 24, 
2021). 
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Educational institutions and non-governmental organizations provide resources on media 
literacy for use in formal and information educational settings, and self-paced learning. In 
2019, the Digital Citizenship and Media Literacy Act was introduced in the U.S. Senate to 
assist with nationwide efforts, including the study of best practices in media literacy 


programs.^? 


Research indicates that many information consumers are not able to articulate the criteria 
by which they evaluate the trustworthiness of information and therefore are unable 
consistently to distinguish real news from fake news.^ The development of critical 


thinking skils can help information consumers recognize faulty reasoning, weakly- 


-— ir = > Setar So 


Pues. —- T unam 
THINKING 


Figure 23 Critical Thinking Diagram (obtained from Tycoonstory ). 


? A Bill to promote digital citizenship and media literacy, S. 2240, 116" Congress, 1* Session. (2019). 

43 Blanca Puig, Paloma Blanco-Anaya, and Jorge J. Pérez-Maciera, "Fake News’ or Real Science? Critical Thinking to 
Assess Information on COVID-19”, Frontiers in Education, last modified May 3, 2021, 
https://www.frontiersin.org/articles/10.3389/feduc.2021.646909/full (accessed August 24, 2021). 
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supported arguments, and disinformation. Teaching critical thinking skills as a separate 
course, as well as incorporating the application of critical thinking in all courses, leads to 
better outcomes than not providing a course focused exclusively on the teaching of critical 
thinking skills.^* We encourage the development of critical thinking skills in both formal 


and informal educational settings. 


** Recommendation 6: Teach Media Literacy and Critical Thinking Skills 


We also suggest information consumers to utilize the SMART mnemonic and practices. 
Based on Aesop's The Tortoise and the Hare, the SMART graphic on the next page 
illustrates the need to take time to reflect on information to verify its truthfulness before 
dissemination to others. Proceeding slowly, but prudently, before acting on information 
is preferable to proceeding rapidly, but carelessly. The tortoise bypasses the hurdles 
that impede the search for the facts. Meanwhile, the hare falls headlong into the traps 


set by those who promote disinformation. 


^ Shane Horn and Koen Veermans, “Critical Thinking efficacy and transfer skills defend against ‘fake news’ at an 
international school in Finland," Journal of Research in International Education, 18, no. 1 (2019): 23-41. 
https://doi.org/10.1177962F1475240919830003 (accessed August 24, 2021). 
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Be a SMART Turtle 


How to Spot Dis/Misinformation 


Source: What is the assertion 
based on? Are the quotes taken 
out of context? Is there evidence 
to support the assertion? 


Medium: Check the outlet or 
domain. Where is it hosted? Does 
the URL look strange? 


Author: Is there an author? What 
are his/her qualifications or 
credentials? 


Reliability: Look for biases. Does 
it seem to lean toward a particular 
point of view? Is it objective or 
subjective? 


Time: How current is the 
information? Is it outdated? 


Content Created by: Combatting Targeted 
Disinformation Campaigns Team 2021, DHS 
Public-Private Analytic Exchange Program 


Illustration by: Peter Thielen, Booz Allen Hamilton 


Figure 24 SMART Graphic | Source: Combatting Targeted Disinformation Campaigns Team 2021 
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Conclusion 


It is extremely improbable that disinformation campaigns will disappear in the foreseeable 
future. Despite the increasing effectiveness of countermeasures, threat actors will always 
find avenues to spread their disinformation and will adopt new tactics as new forms of 
technology emerge. Compared to many legitimate forms of persuasion and influence, 
disinformation campaigns are inexpensive and frequently have few downsides for the 
threat actor. Threat actors take ready advantage of software and communication 
platforms that they did not develop and benefit from political and social conditions that 


they did not create. 


In this report, we concluded that disinformation campaigns are threats to national security 
because they undermine the well-being of our society. Though disinformation campaigns 
cannot be stopped fully, we believe that measures can be taken to impede these 
campaigns and reduce their impact. We believe that building the resilience of information 
consumers to disinformation will likely bear more fruit than focusing on technological 
solutions. To build such resilience, we believe that giving information consumers more 
tools with which they can verify the information they consume online, identify the threat 
actors behind disinformation campaigns, verify the claims of imposters hiding behind fake 


persona and credentials, and control their content feeds is essential. 


The factors which make information consumers vulnerable to disinformation are rooted in 
human psychology, the divisions within our society, and the siloed nature of today's 


information ecosystem. As illustrated in the Disinformation Kill Chain, one result of 
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disinformation campaigns is that information consumers end up believing that truth no 
longer exists. Such a result demonstrates that supply and demand form a positive 
feedback loop. When information consumers lose the ability to distinguish fact from 
fiction, and become uninterested in doing so, demand for disinformation grows, which 


drives the supply of disinformation. 


The prevalence of disinformation campaigns in our society is emblematic of the 
polarization of our society. Such polarization hampers a united response and even the 
ability to come to a common understanding of what a fact is, and what disinformation or 
misinformation are. Individual information consumers can build up their immunity to 
disinformation. But our society, as a whole, will not be able to build up its resilience until 


the larger problems that recent events have exposed are dealt with first. 
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Be a SMART Turtle 


How to Spot Dis/Misinformation 


Source: What is the assertion 
based on? Are the quotes taken 
out of context? Is there evidence 
to support the assertion? 


Medium: Check the outlet or 
domain. Where is it hosted? Does 
the URL look strange? 


Author: Is there an author? What 
are his/her qualifications or 
credentials? 


Reliability: Look for biases. Does 
it seem to lean toward a particular 
point of view? Is it objective or 
subjective? 


Time: How current is the 
information? Is it outdated? 


Content Created by: Combatting Targeted 
Disinformation Campaigns Team 2021, DHS 
Public-Private Analytic Exchange Program 


Illustration by: Peter Thielen, Booz Allen Hamilton 


SMART Graphic | Source: Combatting Targeted Disinformation Campaigns Team 2021. 
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ELI DISINFORMATION KILL CHAIN Campaign Objective 


“Find the cracks” "Weaponize" “Launch Campaign” — "Fertilire" - “Watch it grow” “Manipulate” “Harvest” 
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Note: A disinformation threat actor may skip steps in the kill chain process. However, doing so can reduce the effectiveness of the campaign and erode 
protections aimed at obluscating the identity and objectives of the actor. Source: Adam Cambridge at The MITRE Corporanon 
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Source: The MITRE Corporation. 
DISCLAIMER STATEMENT: This document is provided for educational and informational purposes only. The views and opinions expressed in this document do 


not necessarily state or reflect those of the United States Government or the Public-Private Analytic Exchange Program, and they may not be used for advertising or 
product endorsement purposes. All judgments and assessments are solely based on unclassified sources and are the product of joint public and private sector efforts. 
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Preface 


This report documents research and analysis conducted as part of a 
project entitled Gray Zone War Games, sponsored by the Office of the 
Deputy Chief of Staff, G-3/5/7, U.S. Army. The purpose of the project 
was to develop an interrelated series of expert input, tabletop, and com- 
puter-assisted war games to simulate "gray zone" activities, or measures 
short of war, to support analysis of strategic and operational threats 
and opportunities, to inform indications and warning processes, and 
to support U.S., UK, and other NATO strategies and force develop- 
ment plans. 

This research was conducted within RAND Arroyo Center's 
Strategy, Doctrine, and Resources Program. RAND Arroyo Center, 
part of the RAND Corporation, is a federally funded research and 
development center sponsored by the United States Army. 

RAND operates under a  “Federal-Wide Assurance” 
(FWA00003425) and complies with the Code of Federal Regulations for 
the Protection of Human Subjects Under United States Law (45 CFR 46), 
also known as “the Common Rule,” as well as with the implementa- 
tion guidance set forth in DoD Instruction 3216.02. As applicable, this 
compliance includes reviews and approvals by RAND’s Institutional 
Review Board (the Human Subjects Protection Committee) and by the 
U.S. Army. The views of sources utilized in this study are solely their 
own and do not represent the official policy or position of DoD or the 
U.S. Government. 
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Summary 


Russias 2014 offensives in the disputed regions of Crimea and the 
Donbass in Ukraine present a different challenge—an undeclared 
form of warfare that relied on a mixture of conventional and unconven- 
tional tools—from the one that the North Atlantic Treaty Organiza- 
tion (NATO) had prepared for during the Cold War. There have been 
many terms used to describe these unconventional Russian campaigns, 
including “gray zone conflict.” This study was tasked with examin- 
ing the "gray zone" in Europe, which is the expression we will use. 
We define gray zone tactics as ambiguous political, economic, infor- 
mational, or military actions that primarily target domestic or interna- 
tional public opinion and are employed to advance a revisionist nation's 
interests without provoking outright war. 

To better understand where there are vulnerabilities to these types 
of tactics and how to effectively counter them, we ran a series of war 
games to explore the issue of Russian gray zone aggression in Europe. 
These games comprised a Russian (Red) team, which was tasked with 
expanding its influence and undermining NATO unity, competing 
against a European (Green) team and a U.S. (Blue) team, which were 
aiming to defend their allies from Red's gray zone activities without 
provoking an outright war. In our games, we observed patterns of 
behavior from the three teams that are broadly consistent with what 
we have observed in the real world. This report presents the follow- 
ing key insights from these games and from the research effort that 
informed them: 
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* "Everyday" gray zone actions must be differentiated from more 
aggressive and focused gray zone actions. There are two variables, 
the target of the action and whether it involves outright violence 
or the threat of violence, that are important for understanding 
Russian gray zone tactics, because they imply different time hori- 
zons, objectives, and stakes. Many of the unconventional tactics 
that Russia uses to try to gain influence are routine, diffuse, and 
long-term, although others have very specific, short-term objec- 
tives. Russian gray zone tactics might also be nonviolent (e.g., 
propaganda and disinformation) or involve outright violence or 
the threat of violence (e.g., a planned coup in Montenegro). 

* Based on the war games conducted to support this project, we 
observed that NATO and the European Union (EU) are unlikely 
to be able to compel Russia to stop using nonviolent Russian gray 
zone tactics, but they might be able to deter high-order aggres- 
sion. There is much talk about “deterring” Russian gray zone 
aggression, but many of these discussions are based on a misun- 
derstanding of the concept. Because Russia is already engaging in 
steady-state gray zone actions, NATO and the EU need to compel 
Russia to stop these activities, which is a much harder task than 
deterrence. Moreover, the characteristics of everyday gray zone 
tactics—they are largely nonmilitary, usually gradual, and diffi- 
cult to decisively attribute—lower the stakes and make it difficult 
for the West to credibly threaten to punish Russia, even if the 
actions are conclusively traced back to Moscow. Outright Rus- 
sian aggression with the aim of territorial expansion is an entirely 
different situation, and one that can be deterred by conventional 
means. 

* Vulnerability to Russian gray zone tactics varies significantly 
across Europe. Russia's "near abroad "— defined as the countries 
around its border—is the most vulnerable region, followed by the 
Balkans. This is largely because of those countries weak govern- 
mental institutions and historic, cultural, and linguistic ties to 
Russia. By contrast, the Baltic states are less susceptible to gray 
zone tactics because of their relatively good governance. Finally, 
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Summary xi 


Western and Central Europe are least vulnerable to Russian gray 
zone actions. 

* Civil organizations, rather than militaries, might be best posi- 
tioned to counter Russian gray zone tactics. The vast majority of 
Russian gray zone tactics are not geared toward territorial gains, 
but instead are routine actions that seek to enhance Russia's influ- 
ence through nonmilitary means. In short, this is primarily a 
social, political, and economic fight, not a military one, that is 
better waged by civilian agencies and nongovernmental organiza- 
tions whose core competencies lay in these domains. The military 
plays an important but limited role in countering Russian gray 
zone activities by improving cyber defenses, enhancing intelli- 
gence and counterintelligence capabilities, and building partner 
special forces capacity. 

* Our research suggests that the West is winning this competition 
but does not recognize it. Some seem to believe that, because the 
West cannot stop Russia from using everyday gray zone activities, 
it is therefore somehow losing, but this neglects the larger stra- 
tegic situation. Russia's gray zone tactics will persist and should 
be countered by hardening Western societies against propaganda 
and attempts to undermine democracy. However, overreaction 
only serves Moscow's purposes. Strong civil societies and robust 
democratic institutions, rather than panic at *losing" or attempts 
to fight Russia blow-by-blow, are the West's best defenses against 
Russia's gray zone tactics. Russia's gray zone tactics signify its 
weakness, and the West’s stronger political, cultural, and social 
systems will prevail over them if given the chance. 


Page 352 of 3957 


Page 353 of 3957 


Page 354 of 3957 


Acknowledgments 


The authors would like to thank MG William Hix for the opportu- 
nity to examine an important question and MAJ Robert Kurtts for his 
guidance of the project. Our report was strengthened by reviews from 
Dara Massicot of the RAND Corporation and Michael Kofman of 
CNA, and we thank them for their helpful comments. We also thank 
the Latvian Ministry of Defense, Latvian President's Office, NATO 
Stratcom Centre of Excellence, Centre for East European Policy Stud- 
ies, International Centre for Defence and Security, Estonian Ministry 
of Foreign Affairs, and Estonian National Security and Defence Coor- 
dination Unit for sharing with us their views of Russian gray zone tac- 
tics and European countermeasures. 

At RAND, we thank our colleagues Jenny Oberholtzer, William 
Mackenzie, Stephanie Pezard, David Frelinger, David Shlapak, and 
Ben Connable for helping to develop and run the games, and Sally 
Sleeper and Jennifer Kavanagh for their guidance of the project. We 
also thank the players in the multiple games that we conducted at 
RAND for their participation and valuable insights. 


xiii 


Page 354 of 3957 


Page 355 of 3957 


Page 355 of 3957 


Page 356 of 3957 


Abbreviations 


DDOS distributed denial of service 


DF (Montenegrin) Democratic Front party 

EU European Union 

FSB Federal Security Service (Russia) 

GRU Main Directorate of the General Staff of the Russian 
Federation 


MNA Hungarian National Front 
NATO North Atlantic Treaty Organization 


NGO nongovernmental organization 
RS Republic of Srspka 
SME subject-matter expert 


XV 


Page 356 of 3957 


Page 357 of 3957 


Page 357 of 3957 


Page 358 of 3957 


CHAPTER ONE 


Introduction 


In 2014, Russia's bloodless annexation of the Crimean Peninsula and its 
support of a separatist uprising in eastern Ukraine shattered the notion 
that Europe was peaceful and secure. It became clear that Russian 
President Vladimir Putin would use force to maintain Russia's influ- 
ence in its "near abroad" —the former Soviet states except the Baltics— 
to undermine the North Atlantic Treaty Organization (NATO), divide 
Europe, and reduce U.S. dominance of the international order. Con- 
sequently, for the first time in several decades, NATO began to seri- 
ously grapple with how to deter and defeat aggression in its backyard. 
However, Russia's 2014 offensives seemed to present a different chal- 
lenge—a covert form of warfare that relied on a mixture of conven- 
tional and unconventional tools—from the one that NATO had pre- 
pared for during the Cold War, one which the alliance was ill-prepared 
to counter. The Russian government did not officially acknowledge its 
offensives in Ukraine, which were characterized by the use of proxies, 
unmarked forces, disinformation, and cyberattacks, along with the use 
of conventional military forces. Together, these tactics were intended 
to create confusion and delay a response, allowing enough time for 
Russia to achieve its objective, thereby forcing its opponents to esca- 
late the situation and mount an offensive to regain the lost territory. 
These tactics succeeded in paralyzing the Ukrainian government and 
multilateral European institutions during the Crimea operation, but 
did not achieve a commensurate level of success in eastern Ukraine 
because separatist operations in the Donbass (commonly defined as 
the Luhansk and Donetsk regions of Ukraine) were bogged down in a 
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bloody, inconclusive conflict with the Ukranian government. Although 
Russian conventional forces played decisive roles in both operations, 
many observers have focused on the unconventional tools that Russia 
used to mask the true nature of its actions and to bolster their effi- 
cacy. Russia has employed similar techniques—in particular the use of 
cyberattacks, propaganda, proxy forces, and disinformation—to try to 
create strife or to influence elections in Western democracies. 

There have been many terms used to describe these unconven- 
tional Russian actions, including “gray zone conflict,” "hybrid war- 
fare," "nonlinear warfare," "ambiguous warfare," "indirect action," 
"asymmetric," and "political warfare." We are not going to delve 
into the debates about the coherence or utility of these various terms.? 
Rather, this study was tasked with examining the gray zone in Europe, 


l Joseph L. Votel, “Statement of General Joseph L. Votel, U.S. Army Commander, United 
States Special Operations Command Before the House Armed Services Committee Sub- 
committee on Emerging Threats and Capabilities," March 18, 2015, p. 7; Van Jackson, “Tac- 
tics of Strategic Competition: Gray Zones, Redlines, and Conflicts Before War,” Naval War 
College Review, Vol. 70, No. 3, Summer 2017; Mary E. Connell and Ryan Evans, Russia's 
Ambiguous Warfare’ and Implications for the U.S. Marine Corps, Arlington, Va.: CNA, May 
2015; Frank Hoffman, “The Contemporary Spectrum of Conflict: Protracted, Gray Zone, 
Ambiguous, and Hybrid Modes of War,” in Dakota L. Wood, ed., 2016 Index of Military 
Strength: Assessing America’s Ability to Provide for the Common Defense, Washington, D.C.: 
Heritage Foundation, 2015; Andrew Radin, Hybrid Warfare in the Baltics: Threats and Poten- 
tial Responses, Santa Monica, Cali£: RAND Corporation, RR-1577-AF, 2017; Mark Gale- 
otti, “The ‘Gerasimov Doctrine’ and Russian Non-Linear War,” In Moscow Shadows, blog 
post, July 6, 2014; Fletcher Schoen and Christopher Lamb, Deception, Disinformation, and 
Strategic Communications: How One Interagency Group Made a Major Difference, Washing- 
ton, D.C.: Institute for National Strategic Studies, June 2012, pp. 8—9; Michael J. Mazarr, 
Mastering the Gray Zone: Understanding a Changing Era of Conflict, Carlisle, Pa.: Strategic 
Studies Institute and U.S. Army War College Press, December 2015. 


? Adam Elkus, *50 Shades of Gray: Why the Gray Wars Concept Lacks Strategic Sense," 
War on the Rocks, December 15, 2015; Hal Brands, “Paradoxes of the Gray Zone,” Foreign 
Policy Research Institute, February 5, 2016; Hoffman, 2015; Nadia Schadlow, “The Prob- 
lem with Hybrid Warfare,” War on the Rocks, April 2, 2015; Frank Hoffman, “On Not-So- 
New Warfare: Political Warfare vs Hybrid Threats,” War on the Rocks, July 28, 2014; Merle 
Maigre, Nothing New in Hybrid Warfare: The Estonian Experience and Recommendations for 
NATO, German Marshall Fund of the United States, February 2015; Kristen Ven Bruus- 
gaard, “Crimea and Russia's Strategic Overhaul,” Parameters, Vol. 44, No. 3, Autumn 2014, 
p. 81; Mark Galeotti, “Hybrid, Ambiguous, and Non-Linear? How New Is Russia's New 
Way of War?” Small Wars and Insurgencies, Vol. 27, No. 2, 2016. 
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which is the expression that we will use. We define gray zone tactics 
as ambiguous political, economic, informational, or military actions 
that primarily target domestic or international public opinion and are 
employed to advance a nation's interests while still aiming to avoid 
retaliation, escalation, or third-party intervention.? 

The purpose of this report is to document the findings from a 
study of Russian gray zone tactics that included a series of war games 
along with in-depth research on the topic. Both forms of analysis con- 
tributed to the insights discussed later in this chapter.* The remainder 
of the report is organized as follows. Chapter Two details the method- 
ology employed in this study. It is followed by chapters reporting the 
study's main insights, which include a framework to better understand 
Russian gray zone tactics. Finally, there is an appendix that provides 
more information about the war games. 


3 Gregory F. Treverton, Andrew Thvedt, Alicia R. Chen, Kathy Lee, and Madeline McCue, 
Addressing Hybrid Threats, Stockholm: Swedish Defence University, European Center of 
Excellence for Countering Hybrid Threats, May 9, 2018, p. 10; Alexander Lanoszka, "Rus- 
sian Hybrid Warfare and Extended Deterrence in Eastern Europe," International Affairs, 
Vol. 92, No. 1, 2016, pp. 178-179; Radin, 2017, p. 5; Christopher S. Chivvis, Understanding 
Russian 'Hybrid Warfare! and What Can Be Done About It: Addendum, testimony before the 
U.S. House of Representatives Armed Services Committee, Washington, D.C., March 22, 
2017, p. 2. 


^ The interaction between the war games and research is discussed further in the methodol- 
ogy chapter. 
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CHAPTER TWO 


Methodology 


To study the dynamics of Russia's gray zone activities, we employed 
two methodologies in an iterative way. Our aim was to develop a 
framework that could be used to understand the variety of different 
Russian gray zone tactics in Europe and also to inform U.S. strate- 
gic planning. To develop this framework, we combined extensive his- 
torical research and a review of relevant literature (including strategic 
documents, interviews, and analysis by other scholars) with a series of 
war games intended to both inform the ongoing research and further 
test emerging insights.! The process was iterative in that we conducted 
both tasks simultaneously, with the research informing the games and 
the games informing the research. Both activities contributed equally 
to the final framework and key insights presented in this report. 

The gaming and research efforts were integrated in several ways. 
We began by researching Russia's gray zone activities, but also began 
running open-ended and loosely structured games with expert players. 
These initial games helped us gain a better understanding of the nature 
of the competition and focused us on particular aspects of the problem 
that appeared most challenging to the United States and European 
partners. In other words, the early games were valuable in guiding our 
research, pointing us toward key questions—such as whether Russia's 
choice to employ certain types of gray zone tactics is dependent on 
location, timing, and context—and insights that warranted additional 
investigation, such as the dominant role of civilian organizations in 


1 We ran a matrix gray zone game three times, a semistructured gray zone game twice, and 


a structured gray zone game twice. 
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combatting Russian gray zone tactics. At times, the games pointed 
us toward interesting observations that we then investigated further 
through research, including in interviews with subject-matter experts 
(SMEs) and government officials in Europe. Although players occa- 
sionally made important decisions during game play, it was mostly the 
postgame deliberations where we collectively considered the pros and 
cons of various strategies, and the competition more broadly, that led 
us to new insights that are expounded on throughout this report. In 
the later stages of the research effort, semistructured and structured 
games also served as a platform for testing various hypotheses and 
insights. Again, although player moves and game outcomes were inter- 
esting, postgame discussions with players and research team members 
were equally important. In several cases, after testing a hypothesis in 
a game, we conducted additional research to refine or improve our 
understanding of key dynamics? 

The framework and insights presented in this report are a synthe- 
sis of our research and observations made during the games and post- 
game discussions. The report does not describe specific moves made by 
the players during these games or the outcomes of the games, which 
could be misleading, but instead focuses exclusively on the insights 
that emerged from our broader cycle of gaming and research. 


Designing the Games 


As mentioned previously, we developed and ran several types of games. 
The first gray zone games were matrix games that were largely free- 
form exercises where the players made arguments that were judged by 
umpires about what they could do and to what effect.? We then devel- 


7 An example of a hypothesis we tested in one of the structured games: Russia seeks to 
actively halt NATO enlargement in the Balkans. 


5 There are three types of strategy games discussed in this report: free-form games, matrix 
games, and structured games. Free-form games (also known as seminar-style games) have 
few rules or physical elements, and game outcomes are determined by expert adjudicators 
in an ad-hoc way. Matrix games are a specific type of argumentation-based free-form game, 
where the teams present reasons why they could or their adversary could not do something, 
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oped a semistructured game that provided the players with a menu of 
options, pieces, a board, and a partially specified set of adjudication 
rules. Finally, we constructed a fully structured game with detailed 
rules that guided what the players could do and the effect of their 
actions.* Our gray zone games were intended to serve as vehicles for 
the players to develop coherent strategies, explore the pros and cons of 
different decisions, and to have a robust discussion that helped them 
to identify which strategies are most likely to be effective in different 
situations and which strategies appear the most robust against a variety 
of possible futures. 

All of our gray zone games comprised a Russian (Red) team, 
tasked with expanding its influence and undermining NATO unity, 
competing against a European (Green) team and a U.S. (Blue) team, 
aiming to defend their allies from Russia's gray zone activities without 
provoking an outright war? The players in our games were RAND 
Corporation experts on Russian, European, and U.S. defense and 
intelligence policy, and they role-played the appropriate country which 
aligned with their expertise. 

Creating these games was an iterative process that involved exten- 
sive research on the concept of the gray zone, Russia's unconventional 
tactics, counteractions to Russian measures, and their effectiveness (see 
Figure 2.1). In the course of our research, we consulted a wide vari- 
ety of sources on Russia's gray zone tactics, including journal articles, 
think tank studies, government reports, and periodicals. We used this 


and then an adjudicator or umpire makes a final determination based on the net quality of 
the argumentation for and against an action. Structured games typically represent the phe- 
nomena with physical elements (e.g., cards and blocks) and have rules that determine game 
outcomes. For more on these see Becca Wasser, Jenny Oberholtzer, Stacie L. Pettyjohn, and 
William Mackenzie, Gaming tbe Gray Zone: Observations from Designing a Structured Gray 
Zone Strategy Game, Santa Monica, Calif.: RAND Corporation, RR-2915-A, 2019. 


Á John Curry and Tim Price, Matrix Games for Modern Wargaming: Developments in Profes- 
sional and Educational Wargames Innovations in Wargaming, Vol. 2, Barking, UK: Lulu Press, 
Inc., August 2014; Warren Wiggins, War Game Adjudication: Adjudication Styles, Newport, 
R.I.: United States Naval War College, 2014. 


5 We follow the traditional wargaming practice of calling the U.S. team the "Blue team," 
U.S. allies the "Green team," and the adversary—in this instance, Russia—the "Red team." 
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Figure 2.1 
Gray Zone Game Design Process 
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from 
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research to develop simple adjudication rule sets for the games; these 
rule sets distilled the existing empirical literature on individual gray 
zone tactics and countermeasures into a set of probability curves repre- 
sented as a combat results table. These rules captured the central causal 
relationships of different phenomena but were simple enough that they 
allowed for relatively quick adjudication so that the game could be 
played in the course of a day. We do not claim that the rules or the 
underlying relationships are “correct;” rather, they are consistent with 
the literature and the understanding of these phenomena of the experts 
who played in our games, and offer a standard baseline for determining 
game outcomes.5 A companion report, Gaming the Gray Zone: Obser- 
vations from Designing a Structured Gray Zone Strategy Game, discusses 
the game design at greater length. 


6 Inthe structured Balkans gray zone game, game rules were printed on cards and therefore 
accessible to the players, who could understand what drove outcomes. The players could then 
argue with the adjudicators if they believed that the rules were wrong. When the adjudicator 
agreed that the rules did not accurately capture a dynamic in the game, they were modified 
in real time and the change was noted and incorporated into future iterations of the game. 
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CHAPTER THREE 


The Gray Zone Is More Usefully Conceptualized 
as a Type of Tactic, Rather Than an Operational 
Environment 


Because there is no commonly accepted definition of the “gray zone,” 
we began by surveying the existing literature and cataloging different 
definitions, and then used our early games to crystalize our own think- 
ing about the concept. Although many conceive of the gray zone as a 
phase of conflict, our postgame conversations led us to recast it as a 
type of tactic. Identifying the gray zone as a tactic—rather than a type 
of conflict or operating environment—is a new approach, but one that 
has greater analytic coherence and is more useful for crafting civilian 
and military strategies to counter gray zone activities. 

Generally, there was agreement, both among game participants 
and during interviews conducted as part of the broader research proj- 
ect, that ambiguity is the defining characteristic of gray zone activities.! 
There might be ambiguity about who is responsible for the actions, as 
was the case initially in Crimea and the Donbass; ambiguity about the 
legality or veracity of the claims made, as is true for much of Russia's 
propaganda; or ambiguity about Russia's true aims, as is true with the 
unstated purpose of Russia's promotion of its culture and heritage? 
Employed in the absence of conventional war, gray zone tactics are a 


! David Barno and Nora Bensahel, “Fighting and Winning in the ‘Gray Zone,” War on the 


Rocks, May 19, 2015; Brands, 2016. 


2 Christopher Paul and Miriam Matthews, The Russian ‘Firehose of Falsehood’ Propaganda 
Model: Why It Might Work and Options to Counter It, Santa Monica, Calif.: RAND Corpora- 
tion, PE-198-OSD, 2016. 
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covert subset of political warfare, which was defined by George Kennan 
as "employment of all the means at a nation's command, short of war, 
to achieve its national objectives? Gray zone tactics exist beyond the 
realm of traditional statecraft and intelligence activities, but stop short 
of the use of conventional military power—although as tactics, they 
might still be employed even after a conflict has escalated to the con- 
ventional level, as we have seen in Ukraine, and just as propaganda and 
guerrilla warfare were elements of World War II.4 

The murky nature of gray zone tactics is often identified as criti- 
cal to their success because it prevents their target from quickly recog- 
nizing the threat or from rapidly gaining support from equally unde- 
cided external actors and institutions, reducing the likelihoods of rapid 
retaliation or escalation. This is particularly a concern for a large multi- 
lateral organization, such as NATO, where all members of the alli- 
ance need to agree to activate the collective security clause embodied in 
Article V, which in turn requires them to assist the party under attack. 
Nevertheless, the veil of deniability is often quite thin, especially when 
Russia has employed belligerent and militarized gray zone tactics and 
trained observers were able to quickly see through it as was the case of 
the Russian invasion of the Donbass.5 

We focus on gray zone tactics versus the gray zone as a distinct 
type or sphere of conflict. Many others conceptualize the gray zone 
as a separate form of warfare that falls somewhere in the middle of a 
spectrum between peace and conventional war." This is in line with 


3 Overt political warfare or other white measures short of war are not a form of gray zone 
tactics. George Kennan, *George F. Kennan on Organizing Political Warfare [Redacted Ver- 
sion],” Wilson Center Digital Archive, April 30, 1948. 


^ Some, such as Mazarr and Lanoszka, define gray zone tactics as something only revi- 
sionist states—those that seek to alter the status quo—use, but in fact one could argue that 
covert actions, which the United States and other countries employ and have used extensively 
in the past, are a gray zone tactic. 


5 Mazarr, 2015, p. 39. 


6 Andrew Roth, “From Russia, ‘Tourists’ Stir the Protests,” New York Times, March 3, 
2014b; Andrew Higgins, Michael R. Gordon, and Andrew Kramer, "Photos Link Masked 
Men in East Ukraine to Russia," New York Times, April 20, 2014. 


7 Hoffman, 2015, p. 26; U.S. Special Operations Command, The Gray Zone, September 9, 
2015, p. 1. 
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the U.S. military's linear phasing construct for operational plans, but 
has contributed to conceptual muddling because it is not clear whether 
there are really boundaries between the phases. At the same time, it is 
clear that Russia has used various forms of unconventional warfare in 
both peacetime and as an element of large conventional military opera- 
tions.’ The gray zone as a middling level of competition also lends sup- 
port to Russia's narrative that it is not engaged in traditional aggression 
in such places as Georgia? The conflict in the Donbass is also domi- 
nated by traditional combat with a smattering of gray zone activities 
that are intended to sow doubt about the true nature of the conflict. 
It is extremely difficult to distinguish what falls in one phase versus 
another, and what phase a conflict is currently in, which in turn makes 
it difficult to identify the appropriate behavior that should follow. 
During their deliberations, the U.S. teams in our games struggled to 
determine what phase they were in at various points, and observed that 
the concept of the gray zone as a phase of competition was not only 
ambiguous and difficult to apply in practice, but also potentially inac- 
curate and misleading. Therefore, it is both intellectually more coher- 
ent and, for the policymaker, more operationally useful to conceptual- 
ize gray zone activities as a type of tactic rather than a unique form of 
conflict or operating environment." Seen this way, it is clear that gray 
zone tactics might be the only or primary approach employed, or they 
might simply be a supplement to more-traditional warfare. 


8 For more on the problems that this type of phased thinking creates for gray zone compe- 
tition see: Paul Scharre, “American Strategy and the Six Phases of Grief,” War on the Rocks, 
October 6, 2016. 


? Ariel Cohen and Robert E. Hamilton, The Russian Military and the Georgia War: Lessons 
and Implications, Carlisle: Pa.: Strategic Studies Institute, June 2011. 


10 Michael Kofman and Matthew Rojansky, “A Closer Look at Russia’s ‘Hybrid War,” 
Kennan Cable, No. 7, April 2015; Michael Kofman, “Russian Hybrid Warfare and Other 
Dark Arts,” War on the Rocks, March 11, 2016; Andras Racz, Russia’s Hybrid War in Ukraine: 
Breaking the Enemy’s Ability to Resist, FILA Report 43, Helsinki, Finland: Finnish Institute of 
International Affairs, 2015, p. 14. 


11 This is similar to how Mazaar (2015) uses the term, p. 58. Jackson (2017) argues that it is 
better to look at revisionist tactics, in particular avoiding redlines, using intermediaries, and 
presenting a fait accompli. 
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It is also important to mention that gray zone or hybrid tactics are 
a Western concept and not used by Russian strategists to refer to their 
own actions. Writing that is often associated with Russia's hybrid strat- 
egy, such as those articles written by Russian chief of the General Staff 
General Valery Gerasimov, is actually describing a Western campaign 
of indirect action that is being waged against Russia using nonkinetic 
tools.? In the views of such authors, the West uses indirect actions 
to undermine unfriendly governments, which is what these authors 
believe happened in Ukraine.? This is not a radically new way of 
thinking about war for the Russians because the Soviet Union exten- 
sively engaged in active measures during the Cold War. Additionally, 
the Russian general staff has been studying asymmetry in modern con- 
flicts for nearly 20 years." 


Are Gray Zone Tactics New? 

Although the phrase gray zone is relatively new, the types of actions 
that it describes are not.^ Some recently employed Russian gray zone 
tactics include the use of traditional and social media to spread propa- 
ganda and disinformation; cyberattacks against government commu- 
nications and critical civilian infrastructure; efforts to surreptitiously 
buy up large stakes in key economic sectors in foreign countries or to 


12 See, for example, Valery Gerasimov, “Znacheniye nauki nakhoditsya v predvidenii: 
novyye vyzovy trebuyut pereosmysleniya form i metodov vedeniya boyevykh deystviy 
[The Value of Science Is in Foresight: New Challenges Demand Rethinking the Forms and 
Methods of Carrying Out Combat Operations],” Voyenno-Promyshlennyy Kuryer [Military 
Courier], February 26, 2013; Vi Lutonvinov, *I ispol'zovanie nevoennykh razvitie mer dlia 
ukrepleniia voennoi bezopasnosti Rossiiskoi Federatsii [The Use of Nonmilitary Develop- 
ment Measures to Strengthen the Military Security of the Russian Federation]," Voennaia 
mysl [Military Thought], No. 5, May 2009; S. G. Chekinov, and S. A. Bogdanov, “Asimmet- 
richnyye mery po obespecheniyu voyennoy bezopasnosti Rossii [Asymmetrical Actions to 
Ensure Russia's Military Security],” Voyennaya mysl’ [Military Thought], Vol. 3, 2010. 


15 Samuel Charap, “The Ghost of Hybrid War,” Survival, Vol. 57, No. 6, December 2015— 
January 2016, p. 51; Dmitry Adamsky, Cross-Domain Coercion: The Current Russian Art of 
Strategy, Proliferation Papers, No. 54, IFRI Security Studies Center, November 2015, p. 20. 


14 Herbert Romerstein, “Disinformation as a KGB Weapon in the Cold War,” Journal of 
Intelligence History, Vol. 1, No. 1, 2001; and Adamsky, 2015, p. 25. 


15 Brands, 2016. 
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coopt business elites; support for politicians or political parties, gangs, 
and paramilitaries; promotion of Russian, Slavic, or Orthodox cul- 
ture; and the use of unmarked soldiers or “little green men.” Table 3.1 
provides an overview of major types of gray zone tactics employed by 
Russia and examples thereof. This list is not meant to be comprehen- 
sive, but instead is intended to provide a sense of the types and breadth 
of Russian gray zone tactics. Russia often employs multiple combina- 
tions of gray zone tactics together. 

What has been new and surprising to the United States and its 
European allies is the idea that they are facing a Russia that is actively 
and aggressively trying to influence their domestic politics and weaken 
the Western institutions that have underpinned the post-Cold War 
international order through the employment of these tactics. NATO's 
newest members, especially the former members of the Soviet Union 
and Warsaw Pact (in addition to aspirant states) are thought to be likely 
targets and particularly vulnerable to Russian gray zone aggression. 
Despite this fact, many policymakers in Europe and especially in new 
member states believe that accession to NATO insulates them from 
violent gray zone tactics. Yet, the Red teams specifically chose new 
and aspirant NATO members to target in our games.'¢ Recently, it has 
also become clear that Russia has sought to interfere, albeit in a much 
less overt way, in the politics of longstanding NATO members." In 
response, NATO and the European Union (EU) have focused more 
attention and resources on challenging Russia’s unconventional tactics 
and have taken several steps to counter this threat. 


16 Montenegro, in particular, was a consistent focus for the Russia teams in our games given 
its recent accession to NATO. 


17 United States Senate Committee on Foreign Relations, Putin’s Asymmetric Assault on 
Democracy in Russia and Europe: Implications for U.S. National Security, minority staff report, 
Washington, D.C.: U.S. Government Publishing Office, January 10, 2018; Matt Burgess, 
“Here’s the First Evidence Russia Used Twitter to Influence Brexit,” Wired, November 10, 
2017; Andy Greenberg, “The NSA Confirms It: Russia Hacked French Election ‘Infrastruc- 
ture,” Wired, May 9, 2017; Peter W. Singer, “What We Didn’t Learn from Twitter’s News 
Dump on Russiagate,” Defense One, January 20, 2018. 
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CHAPTER FOUR 


"Everyday" Gray Zone Actions Must Be 
Differentiated from More Aggressive, Focused 
Gray Zone Actions 


Our research, games, and postgame discussions suggest some critical 
differences between the types of Russian gray zone tactics. An under- 
standing of these differences is central to developing a clear frame- 
work and sense of how gray zone activities fit with other conventional 
military tactics. A recent U.S. Senate staff report expressed criticism of 
the U.S. government for not “hav[ing] a coherent, comprehensive and 
coordinated approach to the Kremlin's malign influence operations."! 
This is undeniably true, but it is in part because of the fact that there 
are important differences among Russia's gray zone activities that are 
often overlooked and which necessitate different types of responses. 
The first key insight emerging from the games and our research is that 
there are two central variables: the target of the action and whether 
it involves outright violence or the threat of violence. These variables 
are important for understanding Russian gray zone tactics because 
they imply different time horizons, objectives, and stakes. Many of the 
unconventional tactics that Russia uses to try to gain influence are rou- 
tine, diffuse, and long-term, although others have very specific short- 
term objectives. Russian gray zone tactics might also be nonviolent, 
such as propaganda and disinformation, or involve outright violence 
or the threat of violence, such as the planned coup in Montenegro. 
Figure 4.1 shows how these two variables intersect to create four types 
of gray zone tactics and examples of each. 


! US. Senate, 2018, p. 3. 
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The upper left-hand box represents everyday nonviolent gray zone 
tactics, which often have very general, high-level goals, such as enhanc- 
ing Russian influence, and an imprecise notion of how specific actions 
will create a desired effect.? The Russian government appears to hope 
that these routine gray zone actions will benefit Russia and weaken 
the West in some way, but exactly how, when, and why often is not 
known when the actions are performed.? The everyday gray zone activ- 
ities include propaganda and disinformation disseminated through tra- 
ditional media and social media outlets; efforts to promote Russian, 
Slavic, or Orthodox culture; cultivating allies in politics or business; 
gathering intelligence on government actions and key individuals; and 
expanding Russias economic influence by, for example, purchasing 
debt or large portions of key business sectors. 

Routine gray zone actions are low-cost and low-risk, which is why 
Russia widely and opportunistically employs them in the hope that 
some might ultimately pay off. Likewise, Russia also expects many 
of them to have little or no effect, especially in the short term. One 
example is the multifaceted Russian effort to promote Russian, Slavic, 
and Orthodox culture in its near abroad. On their face, these activities 
might appear benign, but they can create or deepen divisions within 
other countries, and provide Russia with intermediaries that it can use 
to further its interests, and a reason to be actively involved abroad.‘ For 
instance, the Federal Agency for the Commonwealth of Independent 


? U.S. Senate, Disinformation: A Primer in Russian Active Measures and Influence Cam- 
paigns, Panel II: Hearing Before the Select Committee on Intelligence of the United States Senate, 
Washington, D.C.: U.S. Government Publishing Office, March 30, 2017, pp. 1-2, testi- 
mony of Thomas Rid. According to Rid, “active measures are semi-covert or covert intel- 
ligence operations to shape an adversary’s political decisions. Almost always active mea- 
sures conceal or falsify the source—intelligence operators try to hind behind anonymity, or 


behind false flags.” 


3 Raphael S. Cohen and Andrew Radin, Russia’s Hostile Measures in Europe: Understanding 
the Threat, Santa Monica, Calif.: RAND Corporation, RR-1793-A, 2019, p. 2. 


^ Orysia Lutsevych, Agents of the Russian World: Proxy Groups in the Contested Neighbor- 
hood, London: Chatham House, The Royal Institute of International Affairs, April 2016; 
leva Berzina, "Russia's Compatriot Policy in the Nordic-Baltic Region,” in Russia’s Footprint 
in the Nordic-Baltic Information Environment, Report 2016/1027, Riga, Latvia: NATO Stra- 
tegic Communications Centre of Excellence, January 2018. 
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States, Compatriots Living Abroad, and International Humanitarian 
Cooperation (commonly known as Rossotrudnichestvo) fosters the con- 
cept of the Russian World (Russky Mir) and has more than 60 cen- 
ters, mainly in former Soviet states? Although Rossotrudnichestvo is an 
autonomous Russian government agency, the Kremlin also supports 
such ostensibly independent NGOs as the World Congress of Russian 
Compatriots and World Without Nazism, which encourage traditional 
Slavic and Orthodox values and practices. These NGOs use the shared 
historical experience of fighting fascists during World War II as a refer- 
ence point to rally opposition to current threats to traditional values, in 
particular Western institutions, such as the EU and NATO.6 

Russian gray zone activities also seek to develop relationships with 
non-Russian partners who have similar agendas to Moscow or can 
indirectly advance the Kremlin's agenda. For instance, after Marine Le 
Pen, the president of the French National Front (now National Rally) 
party, publicly supported Russia's annexation of Crimea and called for 
the ending of economic sanctions on Russia, the Moscow-based First 
Czech-Russian Bank provided her party a much-needed €9.4 million 
loan.” Le Pen denied that the loan had anything to do with her stance 
on sanctions, although it made Le Pen a potential partner for Moscow. 

The behavior and decisions of the Russia teams in our games pro- 
vided some new insights and support for this framework and relation- 
ships between gray zone and more conventional activities. Specifically, 
these teams liberally sprinkled routine gray zone activities across as 
many targets as possible and then opportunistically adjusted their strat- 
egies to capitalize on previous successes. Both in our analysis of actual 
Russian actions and in our games, the majority of steady-state gray 
zone activities are long-term ventures that seek to shape public opin- 
ion, create or deepen fissures in a society, develop proxies, expand Rus- 
sian media presence, and enhance Russia's ability to undertake more 
pointed gray zone operations in the future. Most of these measures are 


> Lutsevych, 2016, p. 10. 
6 Lutsevych, 2016, pp. 12, 16. 


7 MaxSeddon and Michael Stothard, “Putin Awaits Return on Le Pen Investment,” Finan- 
cial Times, May 4, 2017. 
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not likely to directly further Russian objectives on their own, but they 
might cumulatively alter the social, political, and economic fabric of a 
country in ways that facilitate a subtle or gradual pro-Moscow shift. 

However, nonviolent gray zone tactics can also be employed in 
a concentrated manner to achieve a specific near-term goal, which is 
captured in the upper right-hand box of Figure 4.1. Examples of such 
behavior include organizing peaceful protests, cutting off economic 
exchanges for dubious reasons, and interfering in foreign elections.® 
Targeted actions often rely on mobilizing the contacts or sentiment 
that Russia had previously cultivated through long-term diffuse gray 
zone tactics. Similarly, these actions are largely reliant on opportuni- 
ties and events for Russia to exploit in the target country. For example, 
Russia appears to have organized and resourced anti-fracking move- 
ments in Bulgaria and Romania in an effort to scuttle deals made by 
American energy corporations that threatened Gazprom's dominance 
in the region. Russia deployed a media blitz against shale exploration 
deals and called on a variety of old and new allies to oppose the moves, 
including socialist parties, the Orthodox Church, sports clubs, envi- 
ronmental NGOs, and business contacts. Moscow allegedly even paid 
to bus protestors to the demonstrations.? 

Russia also tries to subvert the democratic processes in other 
countries by influencing electoral outcomes, as has been alleged in the 
2016 Brexit referendum, the 2016 U.S. presidential election, and the 
2017 French presidential election. Russia attempted to tilt these votes 
through sophisticated disinformation campaigns and cyberattacks. 
Although Moscow’s actions might have had a significant, direct impact 


8 In 2014, Moscow announced a ban on Polish fruits and vegetable imports for “sanitary 
reasons," but it was believed to be in retaliation for EU sanctions against Russia. Polina 
Devitt, "Russia Bans Polish Fruit and Vegetable in Apparent Retaliation for Sanctions," 
Reuters, July 30, 2014. 


? Andrew Higgins, “Russian Money Suspected Behind Fracking Protests,” New York 
Times, November 30, 2014; Andrew MacDowall, “Chevron’s Bulgaria Pull-Out a Blow for 
Energy Security,” Financial Times, June 11, 2014; Sam Jones, Guy Chazan, and Christian 
Oliver, “NATO Claims Moscow Funding Anti-Fracking Groups,” Financial Times, June 19, 
2014; Keith Johnson, “Russia’s Quiet War Against European Fracking,” Foreign Policy, June 
2014. 
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on the target country's policies, they still fall into the category of non- 
violent targeted gray zone actions because Russia acted opportunisti- 
cally and exclusively used nonmilitary tools in an effort to swing the 
polls. In our games, Red teams always tried to sway scheduled elections 
because the risks of doing so were relatively low and, although the 
probability of obtaining a payoff was also low, the reward was poten- 
tially very high. 

However, many Russian gray zone tactics have a much sharper 
edge than those discussed previously because they involve the threat 
or application of force. The lower-left hand box of Figure 4.1 shows 
diffuse gray zone tactics that at least implicitly involve the threat of 
violence, including efforts by Russia to cultivate ties to criminal or 
paramilitary organizations. The Kremlin and, in particular, Russia's 
intelligence agencies have extensive ties to the criminal underworld and 
use these organizations as deniable agents that can carry out such illicit 
tasks as strongarming opponents, gathering intelligence, and at times 
having individuals within these organizations act as hitmen. Addition- 
ally, criminal organizations can be used to secure cash that can fund 
other ventures that the Kremlin does not want to traced back to it.!° For 
instance, Moscow reportedly began funding the Night Wolves motor- 
cycle gang in 2013, and through these efforts, managed to turn the 
organization into an ultranationalist government proxy.! The Night 
Wolves go on tours, such as their 2018 trip to the Balkans, to propagate 
pro-Russian views and to impress and intimidate observers.'? 

Russia also seeks to develop relationships with paramilitary orga- 
nizations. In Bosnia, for instance, the Kremlin is reportedly helping 
to develop Serbian Honour, a new militia loyal to Milorad Dodik, the 
president of the semi-autonomous Republic of Srspka (RS), who is “a 


10 Mark Galeotti, Crimintern: How the Kremlin Uses Russia s Criminal Networks in Europe, 
Brussels: European Council on Foreign Relations, April 2017, pp. 6-8. 


11 Mark Galeotti, “An Unusual Friendship: Bikers and the Kremlin,” Moscow Times, July 20, 
2018; Kira Harris, "Russia's Fifth Column: The Influence of the Night Wolves Motorcycle 
Club,” Studies in Conflict and Terrorism, 2018. 


12 Whether the Night Wolves really intimidate has been questioned. Andrew Higgins, 
"Russia's Feared “Night Wolves’ Bike Gang Came to Bosnia. Bosnia Giggled,” New York 
Times, March 31, 2018. 
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frequent visitor to Moscow."? Russian mercenaries with ties to the 
Kremlin allegedly began training Bosnian Serb recruits at a training 
center, funded by Moscow, in Serbia. This is exacerbating already 
tense relations between RS and the Bosniak-Bosnian Croat Federa- 
tion. RS seeks more autonomy—if not complete independence—from 
Bosnia, and promotes an ultranationalist Serbian agenda. ^ A Bosnian 
Serb paramilitary has heightened fears of sectarian violence and deep- 
ened divisions within Bosnia, and potentially could be used as a means 
of destabilizing the state should it seek to move closer to NATO. 

Additionally, Russia has undertaken much more aggressive and 
directed short-term gray zone actions that involved the threat of or 
actual use of violence, usually when it perceived its vital interests to 
be at risk, which is displayed in the lower right-hand box. This cat- 
egory includes Russia's 2008 war in Georgia and the 2014 war in the 
Donbass in eastern Ukraine. From the start, the former was a conven- 
tional military offensive disguised as a peacekeeping operation, which 
included a small number of gray zone tactics, including cyberattacks 
to interrupt Georgian government communications, and a media cam- 
paign to promote the Russian government's narrative in the breakaway 
region of South Ossetia and to the international community.!6 

The latter operation began principally with gray zone tactics, 
primarily the use of Ukrainian proxies, such as the Donetsk People’s 
Republic and Luhansk People’s Republic militias, which were bolstered 
by both irregular and regular forces from Russia." The Russian forces 


15 Economist Intelligence Unit, "Russia's Role in the Western Balkans," webpage, Octo- 
ber 18, 2017. 


14 Julian Borger, “Russian-Trained Mercenaries Back Bosnia's Serb Separatists,” The Guard- 
ian, January 12, 2018. 


15 Alan Crosby, “Here Are the Flashpoints You Should Be Watching in the Balkans,” Radio 
Free Europe/Radio Liberty, April 28, 2017; Thomas Rosner, “The Western Balkans: A 
Region of Secessions,” Deutsche Welle, October 4, 2017. 


16 Caroline V. Pallin and Fredrik Westerlund, “Russia’s War in Georgia: Lessons and Con- 
sequences,” Small Wars and Insurgencies, Vol. 20, No. 2, 2009. 


V The Ukrainian insurgency was manufactured by the Kremlin, and the Ukrainian sepa- 
ratist organizations were fragmented, weak, and wholly dependent on Russian support to 
survive. Franklin Holcomb, The Kremlin’s Irregular Army: Ukrainian Separatist Order of 
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were purported to be sympathetic "volunteers," including the Night 
Wolves, foreign fighters in the multinational Vostok Brigade, and Rus- 
sian military personnel who supposedly took a leave of absence to sup- 
port their Ukrainian allies.!* Russia's initial strategy, which was heavily 
reliant on proxy and unmarked forces, failed as the Ukrainian govern- 
ment was able to push the separatists to the brink of defeat.!° To save its 
proxies, Russia deployed large numbers of conventional forces begin- 
ning in August 2014 and moderated its goals from aiming to under- 
mine the Ukrainian government to consolidating the separatists’ foot- 
hold in the Donbass region, thereby ensuring that the conflict would 
continue and providing Moscow with a lever that it could use to dial up 
or dial down pressure on the Ukrainian government in Kyiv. Although 
Russian proxies and the GRU continue to be active in Ukraine, the 
fight is still predominantly conventional combined-arms operations of 
lower intensity, even though Moscow does not acknowledge its role in 
the war. 

Even the takeover of Crimea, which arguably involved the most 
successful deployment of gray zone tactics to date—Russia was able to 
annex the peninsula without going to war—depended heavily on con- 
ventional Russian forces. While local pro-Russian self-defense “volun- 
teers” and proxies assisted by, for example, blocking the roads in Sev- 
astopol, the operation was led by Russian special forces (spetsnaz) and 
unmarked Russian soldiers from the 810th Independent Naval Infan- 
try Brigade (a marine unit). The operation was facilitated by a large 
snap exercise in the Western and Central Military Districts to cover 
for troop movements, divert attention from the events in Crimea, and 


Battle, Russia and Ukraine Security Report 3, Washington, D.C.: Institute for the Study of 
War, September 2017, p. 9. 


18 Galeotti, 2016, pp. 285-286; Racz, 2015, p. 12; Damon Tabor, “Putin’s Angels: Inside 
Russia’s Most Infamous Motorcycle Club,” Rolling Stone, October 8, 2015; Jack Losh, 
“Putin’s Angels: The Bikers Battling for Russia in Ukraine,” The Guardian, January 29, 
2016; Andrew Roth, “A Separatist Militia in Ukraine with Russian Fighters Holds a Key,” 
New York Times, June 4, 2014a. 


1? Holcomb, 2017, p. 7. 
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deter the Ukrainian government from intervening.” In short, although 
gray zone tactics were employed in Georgia, Crimea, and the Donbass, 
all three involved Russian military forces capturing territory, and only 
in Crimea was conventional combat avoided.?! 

These high-intensity gray zone actions were not opportunistic, but 
were in reaction to a perceived threat to Russia's vital interests, specifi- 
cally, the dangers posed by the potential expansion of NATO and EU 
membership to Georgia and Ukraine, respectively. As a result, Moscow 
was willing to use more risky tactics that directly involved Russian 
military forces and therefore had a higher probability of being uncov- 
ered and leading to unwanted consequences, as ultimately occurred 
in the Donbass. These Russian offensives were primarily military in 
nature, with support provided by diplomatic, economic, information, 
and cyber gray zone actions. In our games, the Russian players were 
quite reluctant to use military forces, even “little green men,” for fear of 
inadvertent escalation. This result might be because the games did not 
present the Red teams with a scenario in which their vital interests were 
endangered, as they were perceived to be in 2008 and 2014. Additional 
iterations of the game would help to determine whether the Red teams 
generally preferred nonviolent gray zone tactics or whether they were 
willing to take covert violent action and overt military operations when 
the stakes were high enough, particularly when coupled with further 
research in this area. 

There have also been less militarized—but still coercive and 
violent—Russian gray zone actions in response to a particular crisis, 
or intended to achieve a specific objective. In October 2016, Moscow 
conspired with two members of Montenegro’s Democratic Front (DF) 
party and several Serb nationals to launch a last-ditch effort to derail 
Montenegro’s entry into NATO by trying to overthrow the govern- 


20 Michael Kofman, Katya Migacheva, Brian Nichiporuk, Andrew Radin, Oleysa Tkacheva, 
and Jenny Oberholtzer, Lessons from Russia’s Operations in Crimea and Eastern Ukraine, Santa 
Monica, Calif: RAND Corporation, RR-1498-A, 2017, pp. 7-10; Galeotti, 2016, p. 285. 


7! Radin makes a similar point that so-called gray zone operations relied heavily on conven- 
tional forces. Radin, 2016, p. 7. 
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ment.? Russia only resorted to this elaborate scheme, which involved a 
planned attack on parliament and an assassination attempt on Monte- 
negros prime minister, after its softer gray zone tactics aimed at under- 
mining Montenegrin support for NATO-—including a concerted 
information operation campaign, funding the anti-NATO DEF party, 
and backing anti-NATO protests—had failed.” 

Similarly, during the 2007 “bronze soldier” incident, Russia 
orchestrated protests and riots in Tallinn, a siege of the Estonian 
embassy in Moscow, and widespread cyberattacks that disabled many 
Estonian websites for nearly two weeks in response to a decision by the 
Estonian government to relocate a Soviet World War II memorial.” 
Although the stakes were much lower in this episode, which was a test 
of Tallinn’s resolve and Russia’s ability to employ gray zone techniques, 
Russia was willing to use these varied gray zone tactics, including incit- 
ing violence, in an attempt to compel Tallinn to leave the bronze sol- 
dier monument in place. 


22 U.S. Senate, 2018, p. 77; Emily Holland and Rebecca Friedman Lissner, “Countering 
Russian Influence in the Balkans,” Lawfare, August 6, 2017. 


75 Vera Zakem, Bill Rosenau, and Danielle Johnson, Shining a Light on the Western Balkans: 
Internal Vulnerabilities and Malign Influence from Russia, Terrorism, and Transnational Orga- 
nized Crime, Arlington, Va.: CNA, May 2017, p. 17. 


24 U.S. Senate, 2018, p. 101. 
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CHAPTER FIVE 


NATO and the EU Are Unlikely to Be Able 

to Compel Russia to Stop Using Nonviolent, 
Everyday Russian Gray Zone Tactics, but They 
Might Be Able to Deter Higher-Order Aggression 


There is much talk about *deterring" Russian gray zone aggression, 
but many of these discussions are based on a misunderstanding of 
the concept. Both deterrence and compellence are types of coercive 
threats that work by altering a target's expectations about future pain, 
but deterrent threats aim to persuade the target not to initiate a par- 
ticular action, and compellent threats aim to convince the target to 
change its behavior. As one of our players observed, because Russia 
is already engaging in diffuse gray zone actions, NATO and the EU 
need to compel Russia to stop these activities, which is a much harder 
task than deterrence.! To date, NATO and the EU remain focused on 
deterrence, rather than compellance, making this proposition a shift in 
these institutions approach. 

To successfully deter, one must credibly threaten painful conse- 
quences, which involves demonstrating a capability and willingness to 
follow through on that threat and waiting to see whether the target 
complies. In contrast, to successfully compel a target to reverse or halt 
its ongoing behavior, one must actually inflict pain and couple it with a 
promise to end the pain if the target relents. It is not clear that NATO 


! Compellence requires the target to change its ongoing behavior—in which it is invested— 
at some cost to its reputation. To compel a target, one must alter or reduce the utility of its 
current course of action compared with the utility of ceasing. Thomas C. Schelling, Arms 
and Influence, New Haven, Conn.: Harvard University Press, 1966, pp. 69-90. 
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and the EU would go beyond the economic sanctions that are already 
in place to compel Russia to end its use of diffuse gray zone tactics.” 
Both the Green and Blue players in our games struggled to identify 
actions that they deemed to be sufficiently compellent and would be 
willing to implement. Moreover, the characteristics of routine or every- 
day gray zone tactics—the fact that they are largely nonmilitary, usu- 
ally gradual, and difficult to decisively attribute—lowers the stakes and 
makes it difficult for the West to credibly threaten to punish Russia, 
even if the actions are conclusively traced back to Moscow. 

Because many gray zone tactics are cheap in terms of cost and 
risk, Russia is willing to liberally use them even when the prospect 
of success is low. The Red teams in our games mirrored the real Rus- 
sian government's indifference to having its covert gray zone activities 
uncovered, in part because of the lack of credible punishment. The 
Green and Blue players spent considerable time and effort trying to 
expose Red's clandestine activities, but even when they succeeded, this 
had little effect on any of the teams’ behavior: Red teams continued 
their covert meddling as if nothing had happened, and the Green and 
Blue teams still found it hard to come up with credible ways to counter 
Red's activities or punish Red for engaging in them. Consequently, the 
Red teams saw nearly no downside to extensively making use of rou- 
tine gray zone actions in the hopes that some would have an impact. 

Even if more assertive and violent efforts—such as destabilizing 
a country or attempting to forcibly change the government through a 
coup—failed or were uncovered, there were few negative consequences 
for the Red teams in our games. This tracks not just with recent expe- 
rience but also broader Cold War history. The United States was never 
able to halt Soviet active measures, which were the normal state of 
affairs during the Cold War: The Soviet Union conducted more than 
10,000 individual disinformation operations during this time. 

Because of the challenges of attribution, deterrent threats against 
even targeted, nonviolent gray zone actions are not likely to be highly 


? There are already many people calling for an end to the sanctions, despite Russia's contin- 
ued use of diffuse and targeted nonviolent gray zone tactics across Europe. 


5 U.S. Senate, 2017, p. 2. 
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credible. It stretches the bounds of credulity to believe that a dem- 
ocratic country, which requires the support of its population, would 
take potentially costly coercive actions when the majority of its public 
remains unconvinced about who is responsible for a nonviolent attack. 
The need to convince 29 nations in the alliance makes it even less 
likely that a NATO threat would be viewed as credible. Although 
NATO has claimed that its Article V collective security clause applies 
to cyberattacks against members, it has not clearly articulated what 
types of cyberattacks would trigger this and what actions it would take 
in response. Establishing that Moscow is behind a gray zone tactic 
might put sensitive intelligence sources at risk and is also likely to take 
a considerable amount of time. For example, although the Federal 
Bureau of Investigation began to investigate Russian interference in 
the 2016 U.S. presidential election in June 2016, the investigation was 
still ongoing as of June 2019. The fact that consequences are not likely 
to be automatic or quickly implemented poses a further challenge to 
deterrence. Clandestine forms of retaliation, such as cyberattacks or 
covert action, might be possible because the public is not consulted, 
but these options are in and of themselves risky, cannot be threatened 
publicly, might be limited by the laws of a country, and therefore do 
not form the basis for a strong deterrent threat. Given these manifold 
challenges, it seems more effective to focus on improving the resiliency 
of vulnerable nations and taking other defensive measures to limit the 
effectiveness of Russian intervention, rather than focusing on deterring 
most gray zone tactics. 

Outright Russian aggression—including gray zone tactics with 
the aim of territorial expansion—is an entirely different situation, and 
one that can be deterred. Because NATO did not have a security com- 
mitment or forces in place to defend Ukraine or Georgia, any attempts 
to deter Russia would likely have lacked credibility. In the future the 
alliance could, however, make it clear that it plans to stop aggression— 
whether conventional or masked by gray zone tactics—against any of 
its members. Doing so requires NATO to demonstrate the will and 
capability to act quickly to stop Russia from achieving its objectives, 
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as deterrence by denial would in any situation. NATO military and 
intelligence services need to be on alert for Russian preparations dis- 
guised as gray zone subterfuge that could signal aggressive intentions. 
At the same time, political leaders need to be prepared for this eventu- 
ality and ready to listen to military and intelligence assessments so that 
they can quickly see through any ambiguity and take the appropriate 
actions. Both of these steps need to be buttressed by a military pos- 
ture that would lend credibility to political leaders’ warnings or threats 
about the consequences should Russia persist. 


4 Deterrence by punishment, the other alternative mode, does not appear to be a strong 
approach for dealing with Russian aggression against NATO. See David A. Shlapak, The 
Russia Challenge, Santa Monica, Calif.. RAND Corporation, PE-250-A, 2018; David A. 
Shlapak and Michael W. Johnson, Reinforcing Deterrence on NATO's Eastern Flank: Wargam- 
ing the Defense of the Baltics, Santa Monica, Calif: RAND Corporation, RR-1253-A, 2016; 
Michael Petersen, “The Perils of Conventional Deterrence by Punishment,” War on the 
Rocks, November 11, 2016. 
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CHAPTER SIX 


Vulnerability to Russian Gray Zone Tactics Varies 
Significantly Across Europe 


Russia employs gray zone tactics across Europe, but its interests vary, 
and its ability to successfully achieve its objectives through these means 
largely depends on the vulnerability of the targeted country.! This 
insight emerged from both our games and our analysis of past his- 
torical cases. In one of our early games, the Red team drew a map of 
Europe and defined different regions in which Russia had varied levels 
of interest and, in the Red team's perception, a different ability to influ- 
ence because of the strengths and weaknesses of the countries in each 
area. Gray zone tactics often work best when they exacerbate preexist- 
ing tensions. Vulnerabilities fall into two different but not mutually 
exclusive categories: state fragility and polarization, and characteristics 
that provide Russia with leverage over the government and society.” 
Fragile states provide openings because they suffer from perni- 
cious factors, such as corruption; poverty; and political divisions, sec- 
tarian divisions, ethnic divisions, or some combination thereof, which 
can be exploited by Moscow's gray zone tactics to create instability. 


l Treverton et al., 2018, p. 63. 


7 [n the structured Balkans game, these factors affected a country's governance and ori- 
entation scores, which were relative, ordinal scales ranking from -2 to +2. Governance was 
a composite metric based on the Fund for Peace's Fragile States Index and the World Bank 
Worldwide Governance Indicators, although the orientation score was based on a more qual- 
itative reading of the composition of a country's ethnic makeup, religious beliefs, and cul- 
ture and its current attitudes toward Russia. As a part of scoring countries, we had regional 
experts review our initial scores and the justification for them. See Fund for Peace, “Frag- 
ile States Index,” webpage, 2019; World Bank Group, “Worldwide Governance Indicators,” 
webpage, 2019. 
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The politics in even relatively strong states might become polarized 
over divisive issues (e.g. immigration), opening avenues for Russian 
subversive actions. Countries can have cultural, economic, or historic 
ties to Russia that make it particularly susceptible to Russian gray zone 
influences. Proximity and, in particular, a shared border with Russia 
also ease Russian access to a country and concomitantly increase Rus- 
sias ability to undertake violent gray zone tactics. Economic depen- 
dence, particularly on Russian energy, is also an avenue that Moscow 
has been willing to exploit. 

Although there are significant intraregional differences, one 
can identify four broad European regions— Russia's near abroad, the 
Baltics, the Balkans, and Western and Central Europe—where Rus- 
sia's interests differ. But across these regions, there are roughly simi- 
lar degrees of vulnerability to gray zone actions. This is depicted in 
Figure 6.1. Our games suggest that considering these four regions as 
distinct when preparing and planning to confront Russian gray zone 
tactics might be valuable, because of Russia's differing interests and 
the variation in vulnerabilities across these areas. The Red teams in 
our games emphasized that their interests varied across these areas and 
developed strategies unique to each region, based on their different 
objectives. Understanding these differences in interests, objectives, and 
existing vulnerabilities better enables NATO and the EU to identify 
the tools best used to counteract Russian gray zone tactics in different 
regions. 

The countries that were identified of greatest importance were 
in Russia's near abroad: Armenia, Azerbaijan, Belarus, Georgia, and 
Ukraine.? Russia desires influence over these former Soviet states not 
only because of their shared history and language, but most impor- 
tantly because these bordering nations provide an important defensive 
buffer against external attack. Therefore, Russia views the expansion 
of NATO or the EU into its near abroad as a grave threat that must 
be stopped. The 2008 and 2014 Russian wars in Georgia and Ukraine 


5 The former Soviet republics in Central Asia are also usually included in the near abroad, 
but they were not a part these games. 


^ Andrew Radin and Clint Reach, Russian Views of the International Order, Santa Monica, 
Calif.: RAND Corporation, RR-1826-OSD, 2017, pp. 8-12. 
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Figure 6.1 
Intra-European Vulnerability to Russian Gray Zone Tactics 
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were launched to thwart their membership bids by generating a persis- 
tent source of instability that would ward off further integration with 
the West. 

Near-abroad nations bordering Russia have relatively weak mili- 
taries and poor governance, leaving them with few defenses against 
a Russian conventional offensive or clandestine infiltration, including 
land grabs by little green men. All also contain large Russian-speaking 
minorities that have historical, cultural, and economic links to Russia; 
these populations are consumers of Russian-controlled media and are 
potentially sympathetic audiences for gray zone information tactics. 

By contrast, the Baltic states of Estonia, Latvia, and Lithuania are 
also former members of the Soviet Union, are adjacent to Russia, and 
Estonia and Latvia have sizable Russian-speaking minorities. However, 
they appear to be less susceptible to gray zone tactics than some other 


Page 394 of 3957 


Page 395 of 3957 


38 Competing in the Gray Zone: Russian Tactics and Western Responses 


regions.’ This is due in part to the Baltic nations taking steps to miti- 
gate some of their vulnerabilities. Estonia, for instance, has invested 
heavily in cyber defenses since the bronze soldier crisis, and all three 
nations are taking steps to reduce their dependence on Russian energy 
imports. Additionally, the Baltic nations are relatively prosperous 
compared with other Eastern European nations and Russia, reducing 
the level of economic discontent into which the Kremlin can tap. Nev- 
ertheless, the Russian minority in the Baltics is less well-off than the 
rest of the population, in large part because economic opportunities 
still largely depend on being able to speak the official state language 
(i.e. not Russian); consequently, the Russian minority potentially 
could become aggrieved in the future." Moreover, a favorite theme of 
the Russian media (which is popular among the Estonian and Lat- 
vian Russian-speaking populations) is how the Baltic states discrimi- 
nate against their Russian minorities. To date, however, this message 
does not seem to resonate, because the benefits of living within the 
EU members of the Baltics—as opposed to Russia—seem to outweigh 
the relative disparity between Russian-speakers and the larger Estonian 
and Latvian populations. 

The Baltics’ most important defense against Russian gray zone 
attacks stems from the relative strength of their government institu- 
tions, which make them harder targets and better able to respond to 
covert infiltration than other former Soviet republics.? For instance, 
the Estonian defense chief stated that, if Russian special forces or clan- 
destine agents entered their territory, they would "shoot the first one 
to appear.” All three Baltic nations have amended their laws to enable 


? Manyargue that despite the fact that the Baltics are former members of the Soviet Union, 
they are of lesser interest to Russia since 2003. 


© Damien McGuinness, “How a Cyber Attack Transformed Estonia,” BBC News, April 27, 
2017; Simon Hoellerbauer, “Baltic Energy Sources: Diversifying Away from Russia,” Foreign 
Policy Research Institute, June 14, 2017; Asymmetric Operations Working Group, 2015, 
pp. 17-20. 


7 Asymmetric Operations Working Group, 2015, pp. 24-28. 
8 Asymmetric Operations Working Group, 2015, pp. 4-5. 


? Sam Jones, “Estonia Ready to Deal with Russia's ‘Little Green Men,” Financial Times, 
May 13, 2015. 
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their national militaries to operate in their countries during peacetime, 
and Estonia and Lithuania have exercised this capability.!° Addition- 
ally, because the Baltics are members of NATO, and the alliance has 
stationed multinational battlegroups in each country, Russian covert 
infiltration or outright aggression is much riskier than in its near 
abroad. 

Moreover, unlike Ukraine or Georgia, Russia does not seem to 
consider the Baltic states to be a critical part of its sphere of influence; 
instead, it aims to use the Baltics as a lever to destabilize and discredit 
NATO." Given these factors, it appears that, although Russia could 
and has sought to destabilize Estonia, Latvia, and Lithuania through 
everyday gray zone operations, these tactics are likely to have limited 
effects. The Baltic states are also not particularly susceptible to clan- 
destine land grabs. However, despite the enhanced forward posture, 
they remain vulnerable to a conventional offensive cloaked in gray zone 
tactics, especially information operations.'? 

There is considerable variation within the Balkans, but, in general, 
this region is an inviting target for Russian gray zone actions because 
of the weak rule of law, ethnic divisions, and relative poverty.'? Nev- 
ertheless, because the Balkans are not contiguous with Russia and do 
not have significant Russian-speaking populations, Russia's gray zone 
activities would have a somewhat different character than the actions it 
takes in the former Soviet states, and are less likely to swing these states 
in a durably pro-Russian direction. 

As a whole, the Balkans suffer from weak government institu- 
tions, resulting in autocratic leaders who can run roughshod over feeble 


10 Asymmetric Operations Working Group, 2015, p. 6. 


11 Radin and Reach, 2017, p. 10; Dmitri V. Trenin, Post-Imperium: A Eurasian Story, Wash- 
ington, D.C.: Carnegie Endowment for International Peace, 2011, p. 107; Asymmetric 
Operations Working Group, 2015, p. 14. 


12 Radin, 2017, p. 31. For more on conventional vulnerability, see Shlapak and Johnson, 
2016. 


15 There is no agreed definition of the Balkans. We consider the Balkans to include Alba- 
nia, Bosnia and Herzegovina, Bulgaria, Croatia, Kosovo, North Macedonia, Montenegro, 
Romania, Serbia, and Slovenia. 
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civil society, a subservient media, pervasive corruption, and extensive 
transnational criminal organizations. The Balkans are also the poor- 
est region in Europe with high unemployment rates, which means that 
there is widespread dissatisfaction and resentment toward Europe as a 
whole, which can be exploited by Russia. Finally, the Balkans remain 
afflicted by ethnic tensions, currently being rekindled by a renewed 
focus on historic grievances and another surge of nationalist sentiment 
in the region. Ethnic violence and secessionist movements are par- 
ticularly a problem in the former Yugoslavia (Bosnia and Herzegovina, 
Croatia, North Macedonia, Montenegro, Serbia, and Slovenia), where 
Russia has historic, religious, and linguistic ties to several groups. 

Opinions about Russia vary significantly in different Balkan 
nations; in some, such as the Slavic language-speaking nations of Bul- 
garia and Serbia, a sizable part of the population views Russia posi- 
tively." But unlike the near abroad, where Russian gray zone activi- 
ties primarily focus on already sympathetic populations, Russia courts 
allies on multiple sides in many Balkan nations. This places Moscow 
in a good position to stoke tensions, provoke sectarian violence, or 
encourage separatism. Yet because the nearest Russian military forces 
are stationed in Crimea, this region is less at risk for a covert territorial 
attack or conventional Russian aggression accompanied by gray zone 
activities. 

In terms of Russia's interests, the Balkans are a lower priority 
than the near abroad, but remain an area where Moscow desires to at 
least maintain—if not expand—its sway and curb Western influence.!5 


14 Zakem, et al., May 2017, pp. 1-2. 


15 Zakem et al., 2017, p. 6; Martin Russell, At a Glance: Russia in the Western Balkans, Euro- 
pean Parliament Members’ Research Service, July 2017. 


16 Zakem et al., 2017, p. 6; Zoran Arbutina, “Balkan Countries See Rise in Hate Speech,” 
Deutsche Welle, February 24, 2017. 


V “IRIs Center for Insights Poll: Crises in Europe and EU Leave Serbs Turning Toward 
Russia,” International Republican Institute, December 2016; Pew Research Center, Religious 
Belief and National Belonging in Central and Eastern Europe, Washington, D.C., May 10, 
2017, pp. 35-37; Rick Lyman, “Bulgaria Grows Uneasy as Trump Complicates Its Ties to 
Russia,” New York Times, February 4, 2017. 


18 Radin and Reach, 2017, specifically Figure 2.1, p. 11. 
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Consequently, Russia aims to prevent any further encroachment of 
Western multilateral organizations, but their expansion into this region 
is not seen as an existential threat unless it is tied to particular ini- 
tiatives, such as missile defense.” Russia might also view the region, 
which includes many of the newest and most vulnerable members of 
NATO and the EU, as an opportunity for undermining Western con- 
sensus by exposing the weaknesses of these new members and testing 
the West’s ability to support them. 

Finally, Western and Central European states are the least vulner- 
able to Russian gray zone tactics and are outside Russia's desired sphere 
of influence. These states are characterized by strong government insti- 
tutions, relatively low corruption, general prosperity, and strong and 
independent media. Nevertheless, Moscow undertakes everyday gray 
zone actions throughout this region, because although they have the 
worst odds of succeeding, they also offer the highest potential payoff 
should they weaken a long-standing NATO or EU members commit- 
ment to European unity. By dividing these organizations, Russia could 
also undermine the economic sanctions put in place against it after 
its invasion of Ukraine. Moreover, there are fissures in many Western 
and Central European states that Russia could potentially exploit— 
most notably, the immigration crisis, widespread dissatisfaction with 
the EU, and concerns about terrorism. Moscow has also curried favor 
with several populist and right-wing parties that promote nationalist, 
anti-integration agendas, such as Le Pen's National Rally in France.?? 


19 The Balkan Regional Approach to Air Defense is a joint NATO and Balkan initiative, 
initiated in 2010, to provide air defense capabilities to the Balkans. It is intended to be 
integrated into the broader NATO ballistic missile defense system, which is viewed with 
suspicion by Russia. NATO Communications and Information Agency, Balkan Regional 
Approach to Air Defence (BRAAD), Brussels: North Atlantic Treaty Organization, undated. 


20 David Chazan, "Russia ‘Bought’ Marine Le Pen’s Support over Crimea,” The Telegraph, 
April 4, 2015. 
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CHAPTER SEVEN 


Civilian Organizations, Rather Than the Military, 
Might Be Best Positioned to Counter Most 
Russian Gray Zone Tactics 


NATO and its member states’ armed forces have focused considerable 
attention on countering Russian gray zone actions. Clearly, there is 
an important role for the military in deterring high-order aggression, 
whether it is attempted through purely gray zone tactics or through 
conventional means—which almost surely will be coupled with gray 
zone activities—but the vast majority of Russian gray zone activi- 
ties are not geared toward territorial gains, but instead are everyday 
operations seeking to enhance Russia's influence through nonmilitary 
means. In short, our research suggests that the fight against gray zone 
activities is primarily a social, political, and economic fight—not a mil- 
itary one. Our games illuminated this observation. Many of the Blue 
and Green teams in our games argued that this fight is better waged 
by civilian agencies and NGOs, whose core competencies lie in these 
domains. These players observed that the most effective countermea- 
sures available to the Blue and Green teams were not military actions, 
but rather actions taken by the U.S. Department of State, ministries 
of foreign affairs or economy, or the United States Agency for Inter- 
national Development to strengthen governments and liberal institu- 
tions. These players viewed the military's role in countering Russian 
gray zone tactics as a supporting one, buttressing and reinforcing civil- 
ian activities, and something that needed to be included in a whole-of- 
government approach. 
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Moreover, the West should not simply react to Russian gray zone 
actions or try directly to counter them. Rather, the United States and 
Europe need to develop long-term strategies to address the underlying 
weaknesses in states that Russia's gray zone tactics try to exploit and 
build more resilient democratic societies that will be able to fend off 
these actions on their own.! This should include efforts to raise aware- 
ness about false news, strengthen independent journalism, improve 
media literacy, fight corruption, bolster the rule of law, and diversify 
Europe's energy sources to reduce Moscow's economic leverage, espe- 
cially on less prosperous countries. 

The military plays an important but limited role in countering 
Russian gray zone activities by improving cyber defenses, enhancing 
intelligence and counterintelligence capabilities, and building partner 
special forces capacity so that allies can independently and effectively 
respond to any Russian covert infiltrations. Additionally, to improve 
responsiveness, the United States should encourage collaboration 
between law enforcement and the military, so that intelligence can be 
shared in a timely fashion and to ensure that a country has clearly 
delineated the roles and responsibilities of different government orga- 
nizations in the event that Russia employs violent gray zone tactics.? In 
general, however, security force assistance, especially targeting general- 
purpose forces, should be a lower priority than efforts to strengthen 
civilian government institutions, the media, and civil society when 
seeking to counter gray zone tactics. NATO and its member states' 
armed forces should remain focused on bolstering conventional and 
nuclear deterrence while enhancing crisis stability, not on Russia's gray 
zone tactics. 


1 Mazarr, 2015, pp. 118, 126. 


2 We thank Dara Massicot for this point. 
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The West Might Be Winning This Competition, 
but Does Not Recognize It 


Although many question whether Russia would ever overtly attack 
the Baltics or any NATO member, few disagree with the contention 
that Russia takes gray zone actions against nations in Europe and the 
United States on a daily basis.! These everyday Russian gray zone oper- 
ations have caused concern verging on the point of panic and defeat- 
ism in some parts of Washington and Brussels? These sentiments 
seem mostly to stem from the idea that the West cannot stop Russia 
from using gray zone activities; therefore, it is somehow /osizg. These 
sentiments—echoed by many players in our games— neglect an evalu- 
ation of the larger strategic situation. Our games provided important 
insights on this point. 

Generally, players agreed that it is very difficult to decisively prove 
what effect everyday gray zone tactics have had in a myriad of coun- 
tries. At this time, the only conclusion we can reach is that Russia has 
been actively interfering in electoral contests; there is no conclusive 


1 Michael Kofman, “Fixing NATO Deterrence in the East Or: How I Stopped Worrying 
and Love NATO’s Crushing Defeat by Russia,” War on the Rocks, May 12, 2016. 


? Daniel R. Coats, “Statement for the Record: Worldwide Threat Assessment of the U.S. 
Intelligence Community,” Office of the Director of National Intelligence, February 13, 
2018; European Union External Action Service, Joint Communication: Increasing Resilience 
and Bolstering Capabilities to Address Hybrid Threats, Brussels: European External Action Ser- 
vice, June 13, 2018; “Countering ‘Hybrid’ Security Threats a Priority, Says EU,” EUbusiness, 
July 19, 2017; Frank Jordans, “European Spy Chiefs Warn of Hybrid Threats from Russia, 
IS,” Associated Press, May 14, 2018; Julian E. Barnes, "Warning Lights Are Blinking Red, 
Top Intelligence Officer Says of Russian Attacks,” New York Times, July 13, 2018. 
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evidence, however, that those efforts affected the outcomes.? After the 
French public was alerted to the fact that Russia was backing Le Pen, 
Moscow's gray zone tactics might have even backfired, contributing to 
a decisive victory for Emmanuel Macron. 

By stepping back and taking a wider look at the situation, it 
appears that the West might not be losing. Russian gray zone tactics 
are now the normal state of affairs.* After one game, a player observed 
that the West cannot force Russia to desist in these actions, but it is far 
from clear that they are having much effect. Russia's largest victories— 
in Crimea and the perhaps Pyrrhic victory in the Donbass—have 
combined gray zone techniques with more traditional applications of 
military power, but these outcomes are the exception— not the norm? 
Moreover, in the Donbass, gray zone tactics alone did not bring vic- 
tory, and now Moscow is bogged down in an increasingly costly war 
against a determined Ukrainian resistance. At the same time, the Rus- 
sian economy is in the midst of an economic crisis exacerbated by the 
international sanctions put in place after its offensives in Ukraine. 
More significantly, Russia's offensives in Crimea and the Donbass have 
unified and galvanized Europe in a way that was unimaginable only 
four years ago. In that short time span, NATO has gone from shrink- 
ing and consolidating its military posture to expanding it, pushing 
forces farther eastward in an effort to bolster the defenses of the Baltic 
states. As one of the Blue players observed, Russia's gray zone aggres- 
sion in Crimea and conventional offensive in eastern Ukraine have suc- 
ceeded in preventing Ukraine from entering the EU, but have reignited 
a strategic competition with the West, which Russia is not winning 
and, in the long term, cannot win. 


3 U.S. Senate, 2018, p. 2; Indictment, United States of America v. Internet Research Agency, 
Case 1:18-cr-00032-DLF (D.D.C. Feb. 16, 2018); Indictment, United States of America v. 
Viktor Borisovich Netyksho, Case 1:18-cr-00215-ABJ (D.D.C. July 13, 2018). 


^ Mazarr, 2015, p. 107, warns of a sense of “relentless confrontation” or “persistent warfare.” 
5 Mazarr, 2015, p. 121. 


6 Russia has several key weaknesses, most notably its economy, its demographic issues, and 
its authoritarian kleptocratic regime. Joss Meakins, "Why Russia Is Far Less Threatening 
Than It Seems,” Washington Post, March 8, 2017. For a contrary perspective which argues 
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Just because Moscow has not gained a significant advantage with 
its gray zone activities to date does not mean that the West should 
ignore these Russian actions. The United States and its European allies 
need to take steps to strengthen their defenses against gray zone tac- 
tics and to improve their ability to identify when Russia is shifting 
from everyday gray zone tactics to a more targeted campaign. Even the 
strongest states need to combat "truth decay —which Russian gray 
zone tactics contribute to—by expanding awareness about disinforma- 
tion and teaching how to distinguish facts from fiction." Additionally, 
they should shore up defenses by addressing critical cyber vulnerabili- 
ties. These steps will not entirely stamp out Russian gray zone actions, 
but by addressing critical vulnerabilities, they will increase the ability 
of a society to withstand them. The EU and NATO also need to work 
to strengthen the resiliency of weaker states by building democratic, 
civilian institutions and an independent media, both of which are the 
most vulnerable targets of gray zone aggression.’ 

In short, just because the West might be ahead in this compe- 
tition does not mean that it can ignore gray zone aggression. At the 
same time, however, the United States and its European allies should 
not overreact. Russia's greatest tactical successes largely depended on 
its conventional military forces, not the gray zone tools that supple- 
mented them.? High-order aggression is something that can be stopped 
through conventional deterrence. If Washington and Brussels focus 
most of their efforts on stopping Russian social media trolls, counter- 
ing each false news story, and promoting their own strategic narrative, 


that Russia's strategy of raiding could succeed, see Michael Kofman, “Raiding and Interna- 
tional Brigandry: Russia's Strategy for Great Power Competition,” War on the Rocks, June 14, 
2018. 


7 Jennifer Kavanagh and Michael D. Rich, Truth Decay: An Initial Exploration of the 
Diminishing Role of Facts and Analysis in American Public Life, Santa Monica, Calif.: RAND 
Corporation, RR-2314-RC, 2018. 


8 Brittany Beaulieu and David Salvo, “NATO and Asymmetric Threats: A Blueprint for 
Defense and Deterrence,” GMF Alliance for Security Democracy, Policy Brief, No. 031, 2018, 
p. 5. 


? For more on Russia's conventional military, see Scott Boston and Dara Massicot, The Rus- 
sian Way of Warfare: A Primer, Santa Monica, Calif: RAND Corporation, PE-231-A, 2017. 
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Russian gray zone activities could turn into a cost-imposing strategy 
that distracts the West from the main competition. If NATO wants 
to deter Russian aggression, whether it uses gray zone tactics or not, it 
should put in place sufficient military capabilities to stop Russia from 
quickly achieving its objectives when the gray zone threatens to turn 
red. 

Russia's gray zone tactics will persist and should be countered by 
hardening Western societies against Russian propaganda and its disin- 
formation and attempts to undermine democracy. However, overreac- 
tion only serves Moscow's purposes. Strong civil societies and robust 
democratic institutions, not panic at "losing" or attempts to fight 
Russia blow-by-blow, are the West's best defenses against Russia's gray 
zone tactics. Russia's gray zone tactics signify its weakness, and the 
West’s stronger political, cultural, and social systems will prevail over 
them if given the chance. 
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Wargaming the Gray Zone 


The research documented in this report is drawn from a series of war 
games developed and conducted to explore a gray zone competition in 
Europe. These games were held between October 2016 and December 
2017 and played by SMEs in Europe, Russia, and the United States. 

Three distinct strategic political-military games were designed 
to conduct this research. The first game was a loosely structured 
argument-based matrix game and the next two games were card-driven 
games that differed in structure. All three games allowed players to 
take actions across different domains, with an emphasis on informa- 
tion, economic, military, and political-social actions. The scope of 
these games was varied as well, with the first two games allowing for 
free play within Europe and the last game limited to the Western Bal- 
kans. This final game built on the previous two games and incorpo- 
rated insights derived from the earlier exercises to develop a tightly 
scoped and structured strategic level card-driven game. 

The loose structure and seminar-style nature of the matrix game 
proved to be ill-suited to representing the nature of a gray zone compe- 
tition, but helped us to identify key issues that merited further explora- 
tion. Because the variety of possible gray zone activities seemed limit- 
less, the players were overwhelmed by the choices. Without a gaming 
platform to bound and focus the discussion, the players tended to fixate 
on covert tactical actions instead of the strategic competition. We ini- 
tially attempted to provide more structure through simply adding 
cards that served as a menu for Blue, Red, and Green actions, but this 
proved disappointing as well, because it did not provide the players 
with the appropriate level of strategic feedback about the outcomes of 
their decisions. Free play within all of Europe further compounded the 
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problem because unconstrained geography impeded the players' efforts 
to develop a strategy and resulted in a deluge of unconnected actions 
that inundated the adjudicators and interfered with learning. 

Ultimately, we developed a three-sided card-driven board game 
focused on Russian, American, and European gray zone actions in 
the Western Balkans. At first blush, our gray zone game looks similar 
to commercial games, such as Twilight Struggle.! The game consists 
of two game boards (seen in Figures A.1 and A.2)—a game timeline 
where players made their short- and long-term actions by laying down 
their cards, and the other illustrating the state of play in the Balkans, 
including key country-level information and larger metrics of success, 
including NATO unity and Russian regime stability. 

Cards provide a starting menu of actions that the Russia, Europe, 
and U.S. teams could play overtly or covertly (i.e., playing the card face- 
down) on the game timeline board. In spite of this structure, the gray 
zone game was also constructed to maximize its flexibility so that the 
players could amend the provided cards, create new cards, and develop 
their own narrative by expanding on the cards and overtly messaging 
to partners and adversaries alike. Adjudication of these actions used a 
simple model that reflected our best understanding of how and why 
gray zone tactics succeed or fail. To inform the development of this 
model, we surveyed the empirical record on Russian gray zone tactics 
and the existing literature on the individual actions that are considered 
to be a part of gray zone activities (e.g., information warfare, covert 
action). Based on this literature and SME elicitation, we created combat 
results tables and probabilistically assigned outcomes to different gray 
zone tactics. The purpose of the structured adjudication, however, was 
not to predict what could or will happen in the real world. Rather, it 
is to focus the discussion and to allow for the systematic exploration of 
Red gray zone actions and Blue and Green countermeasures. Moreover, 
with the exception of covert actions, adjudication was done transpar- 
ently, so the players could understand the outcomes and argue with the 
control team if the adjudication seemed off. If the white cell, or game 
adjudicators, were persuaded by these arguments, they would amend 
the rules in real time. 


! Ananda Gupta and Jason Matthews, Twilight Struggle, GMT Games, 2015. 
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Figure A.1 
Gray Zone Timeline Board 
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Figure A.2 
Main Gray Zone Game Board 
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MEETING THE ESPIONAGE CHALLENGE: A REVIEW OF 
UNITED STATES COUNTERINTELLIGENCE AND SECURITY 
PROGRAMS 


Ocroser 3 (legislative day, SEPTEMBER 23), 1986.—Ordered to be printed 


Mr. DURENBERGER, from the Select Committee on Intelligence, 
submitted the following 


REPORT 


I. INTRODUCTION AND SUMMARY 


As espionage is ancient, so is counterintelligence. The Chinese 
military theorist Sun Tzu stated the principle in the fourth century 
B.C.: "It is essential to seek out enemy agents who have come to 
conduct espionage against you... ."! Today, over two millenia 
later, the battle is still being waged. 


A. BACKGROUND 


At the beginning of the 99th Congress, the Select Committee on 
Intelligence initiated a comprehensive review of the capabilities of 
US. counterintelligence ar.d security prcgrams for dealing with the 
threat to the United States from Soviet espionage and other hostile 
intelligence activities. This decision was an outgrowth of eight 
years of Committee interest in these issues. The review is also con- 
sonant with the Committee’s mission to ‘‘oversee and make con- 
tinuing studies of the intelligence activities and programs of the 
United States Government, and to submit to the Senate appropri- 
ate proposals for legislation and report to the Senate concerning 
such intelligence activities and programs.” Senate Resolution 400, 
which established the Committee ten years ago, specifies that intel- 
ligence activities include “activities taken to counter similar activi- 
ties directed against the United States.” 

The Committee’s review had barely begun when the arrests of 
John Walker and two of his relatives began to make 1985 the 
“Year of the Spy.” In June, 1985, the Committee pledged that it 


! Sun Tzu, The Art of War, trans. by Samuel B. Griffith, Oxford University Press (London: 
1963), p. 148. 
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would prepare a report to the full Senate at the earliest possible 
time. In light of this Committee's ongoing efforts, the Senate decid- 
ed not to create a National Commission on Espionage and Security. 
On June 20, 1985, the Chairman of the Committee wrote to the 
President, saying, “You and we share an historic opportunity— 
both to dramatically improve U.S. counterintelligence and security 
and to demonstrate how Congress and the Executive can work to- 
gether to achieve progress in sensitive intelligence areas.” 

The ensuing fifteen months have generated an amazingly sus- 
tained interest in counterintelligence and security on the part of 
both policymakers and the public. There have been over a dozen 
arrests for espionage, nearly all leading to guilty pleas or verdicts; 
Americans and West Germans with sensitive information have de- 
fected to the Soviet Union and East Germany; and Soviets with 
sensitive information have defected to the West, and in one major 
case then returned to the Soviet Union. Most recently, the Soviet 
arrest of an innocent American journalist in retaliation for the 
US. arrest of a Soviet U.N. employee has made it clear that coun- 
terintelligence, while seemingly a peripheral element in superpow- 
er relations, can even become the focus of U.S.-Soviet confronta- 

` tion. 

The “Year of the Spy" was characterized by intensive Executive 
branch attention to problems of counterintelligence and security. 
Of particular note were the efforts of the Department of Defense 
Security Review Commission, chaired by General Richard G. Stil- 
well, USA (retired), and the Secretary of State's Advisory Panel on 
Overseas Security, chaired by Admiral Bobby R. Inman, USN (re- 
tired) and Executive branch steps to implement their recommenda- 
tions. The Stilwell Commission led to significant progress in De- 
fense Department personnel and information security policies, and 
the Inman Panel led to restructuring of State Department security 
i and a major embassy rebuilding program around the 
world. 

The Committee’s efforts have encouraged, and have greatly bene- 
fitted from, this sustained Executive branch attention to counterin- 
telligence and security matters. The Committee received an un- 
precedented level of cooperation from the President, the National 
Security Council staff, the Intelligence Community Staff, and the 
many departments and agencies with counterintelligence or securi- 
ty functions. Executive branch experts and policymakers testified 
in sixteen closed hearings on specific counterintelligence cases and 
the current state of U.S. programs to counter hostile intelligence 
activities. Scores of staff briefings and the provision to the Commit- 
tee of many sensitive Executive branch studies enabled the Com- 
mittee to compile the very best ideas and recommendations of 
those in government, as well as suggestions from security experts 
in industry. The Committee, in turn, evaluated those ideas and sub- 
mitted a comprehensive set of recommendations for Executive 
branch consideration. 

The Intelligence Authorization Act for FY 1986 included a statu- 
tory requirement that the President submit to the House and 
Senate Intelligence Committees a report on the capabilities, pro- 
grams and policies of the United States to protect against, detect, 
monitor, counter and limit intelligence activities by foreign powers, 
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within and outside the United States, directed at the United States 
Government. The report was to included plans for improvements 
that the Executive branch has authority to effectuate on its own, 
and recommendations for improvements that would require legisla- 
tion. To assist the Senate Intelligence Committee in its work, the 
conferees on the Act requested an interim report developed in con- 
sultation with the Intelligence Committees. This Committee, in 
turn, prepared its own interim report, which it shared with the Ex- 
ecutive branch last winter. 

The many good ideas and recommendations that the Committee 
obtained from Executive branch officials and studies had not yet 
been implemented for two basic reasons: counterintelligence and 
security had failed to receive sustained attention; and the ideas fre- 
quently challenged established ways of doing things, cut across bu- 
reaucratic lines of responsibility, or required substantial changes in 
resource allocation. External events provided substantial impetus 
for interagency attention to these issues. The Committee's efforts 
and the Executive branch's cooperation are producing the inter- 
agency decision-making that is required for progress. 

The President began, responding to a request from the Commit- 
tee, by designating the Director of Central Intelligence to represent 
the Administration at a series of Committee hearings on counterin- 
telligence and security programs and selecting a counterintelli- 
gence expert on the NSC staff as liaison to the Committee. An 
interagency mechanism under the Senior Interdepartmental Group 
for Intelligence (SIG-I) supplied coordinated Executive branch reac- 
tions to the Committee's interim report recommendations. This not 
only helped the Committee, but also gave the Executive branch 
itself the opportunity to address and decide these important policy 
issues. The resulting positions were conveyed to the Committee in 
the President's interm report and referred to an NSC staff commit- 
tee for implementation. 

The President's interim report and subsequent consultation be- 
tween Executive branch officials and the Committee were thus of 
great value in the preparation of the present Report. The Commit- 
tee looks forward to receipt of the President's final report, which 
wil serve as an important benchmark of the progress achieved 
thus far to strengthen counterintelligence and security capabilities. 

The summary that follows is based upon the Committee's unclas- 
sified public Report. The Committee's full Report to the Senate 
contains substantial additional material, including findings and 
recommendations that remain classified. 


B. ORGANIZATION OF THE U.S. GOVERNMENT TO MEET THE HOSTILE 
INTELLIGENCE CHALLENGE 


The Committee's findings underscore a fundamental challenge to 
the nation. The hostile intelligence threat is more serious than 
anyone in the Government has yet acknowledged publicly. The 
combination of human espionage and sophisticated technical collec- 
tion has done immense damage to the national security. To respond 
to the threat, the United States must maintain effective counterin- 
telligence efforts to detect and neutralize hostile intelligence oper- 
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ations directly, and defensive security countermeasures to protect 
sensitive information and activities. 

The Committee believes that, as a result of significant improve- 
ments in recent years, the nation's counterintelligence structure is 
fundamentally sound, although particular elements need to be 
strengthened. The Executive branch and the Committee agree on 
the importance of developing and implementing a coherent nation- 
al counterintelligence strategy that integrates the work of the FBI, 
the CIA and the Departments of State, Defense and Justice. Execu- 
tive branch agencies are already drafting such a document. The 
Committee expects this strategy to play a major role in its over- 
sight of Executive branch counterintelligence efforts in the years to- 
come. 

By contrast, defensive security programs lack the resources and 
national policy direction needed to cope with expanding hostile in- 
telligence operations. Personnel security policies remain fragment- 
ed despite persistent attempts to develop national standards. Infor- 
mation security reforms are long overdue. America faces vulner- 
ability to hostile intelligence activities in the areas of communica- 
tions and computer security, where countermeasures must keep 
pace with increasing technological change. Consequently, in De- 
cember, 1985, the Committee called for the development of a Na- 
tional Strategic Security Program that would address these issues. 
The Committee believes that a new and more permanent national 
policy mechanism is needed to create this program and then to co- 
ordinate and foster the protection of information and activities 
having the greatest strategic importance. 

In recent months, the Executive brarich has come to understand 
the sense of urgency with which the Committee views the need for 
an integrated strategic security program and an improved security 
policy structure. An effort to develop sucb a security program is 
now likely. The Director of Central Intelligence, in his capacity as 
chairman of the Senior Interdepartmental Group for Intelligence, 
recently revamped the security committee structure under the 
SIG-I and called for greater participation in those committees by 
policymakers, so that decisions could be reached on interagency 
issues and policy initiatives. 

The Committee believes that these changes are insufficient be- 
cause they fail to bridge the gaps between the various security dis- 
ciplines. Most Executive branch officials, although opposing further 
changes at this time, do not dispute the likely need for them in the 
future. The Committee will continue to push for more effective 
policy review and formulation, for it believes that the national se- 
curity cannot afford much more delay. This is especially true if the 
current Administration is to leave as a legacy a workable security 
policy system that will not have to be reinvented by each succeed- 
ing administration. The Committee recommends that the eventual 
new security policy structure be one that transcends current poli- 
tics and policy and is codified in an Executive Order. 
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C. COUNTERINTELLIGENCE: LEARNING THE LESSONS OF RECENT CASES 


The Committee has examined in detail each of the espionage 
cases that have come to public attention in recent years, as well as 
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the Yurchenko defection case and cases that remain classified. Al- 
though this Report does not discuss individual cases in detail, 
many of the recommendations in sections III and IV reflect lessons 
learned through those cases. 

The first lesson of these cases is the need for greater counterin- 
telligence and security awareness. The Committee found insuffi- 
cient tailoring of security awareness material to the needs of par- 
ticular audiences—defense contractors, workers at government fa- 
cilities, U.S. personnel stationed overseas, members of ethnic 
groups known to be targeted by foreign intelligence services, con- 
gressional staff and others. The usefulness of such material is illus- 
trated by the fact that once the U.S. Navy began to improve its se- 
curity awareness briefings after the Walker case, co-workers of 
Jonathan Pollard noted his unusual pattern of document requests 
and alerted authorities. 

The second lesson is the need for earlier involvement of the FBI 
and the Department of Justice in cases of suspected espionage. 
When offices or agencies have held back from bringing in the FBI, 
events have often gotten out of control. When the FBI has been 
alerted in time, their investigative resources and interview skills 
have often led to confessions. When the Justice Department has 
been involved at an early stage, cases destined for prosecution have 
been built on more solid ground, resulting in numerous convictions. 

The third lesson is the need for more attention and better access 
to information on the finances, foreign travel and foreign contacts 
of persons with sensitive information. The Committee found that 
the FBI sometimes lacked access to financial and telephone records 
in its counterintelligence investigations; that insufficient attention 
was given to signs of trouble regarding former employees with sen- 
sitive accesses; and that too few people were alerting office security 
personnel or the FBI when they were approached by possible for- 
eign intelligence officers. 

The Chin, Pollard and Scranage cases have taughi the clear 
lesson that espionage services outside the Soviet bloc also engage in 
illegal activities targeted at the United States, which must not be 
tolerated. The Bell and Harper cases, among many, underscored 
the need for controls on the activities of certain Eastern European 
representatives and of U.S. companies controlled by the Soviet 
Union or its allies. And the Zakharov case, like the Enger and 
Chernyayev case eight years ago, reminds us that the KGB is will- 
ing to use the United Nations Secretariat for intelligence cover. . 

The Edward Lee Howard case led to investigations and corrective 
action in the CIA, just as the Walker case led to formation of the 
Stilwell Commission and to additional steps by the U.S. Navy. The 
FBI and the Justice Department are still absorbing the lessons of 
the Howard case. The Committee will continue to monitor how well 
all the agencies implement improvements in response to those les- 
sons. 

The defection and re-defection of Vitaly Yurchenko, which high- 
lighted both the counterintelligence value of.defectors and appar- 
ent shortcomings in their handling and resettlement, also led to in- 
ternal reviews and useful actions by the CIA to improve its han- 
dling of defectors. The Committee believes that more must be done, 
however, to change the basic objectives with which the U.S. Gov- 
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ernment approaches defectors. We must accept the obligation to 
help defectors succeed in, and contribute to, American society. Ex- 
ecutive branch efforts to analyze and learn from the Yurchenko 
case continue, and the Committee expects to see more progress in 
this area. . . : 

The CIA has taken significant steps to improve recruitment and 
career development programs for counterintelligence personnel. 
The Scranage and Howard cases suggest that there was, and is, 

- substantial need for improvement in CIA counterintelligence, and 

the Committee will continue to monitor CIA efforts. The military 
services and the FBI are also beginning to improve their recruit- 
ment and career development programs for counterintelligence, 
but progress is uneven. i 

The Committee will continue to press Executive branch agencies 
to incorporate into their operations improved counterintelligence 
awareness and procedures. While agencies have moved in the last 
year to remedy problems that were exposed in recent espionage 
cases, they have been much slower to accept the painful need to 
confront the implications of hostile intelligence successes. Atten- 
tiveness to possible hostile knowledge of classified U.S. operations 
must be increased, and analysis of the impact of known losses of 
classified information must extend to the unhappy possibility that 
operations or weapons systems will require modification. While 
there is always a need not to let worst-case analyses paralyze our 
military and intelligence services, the greater current danger ap- 
pears to be a wishing away of the consequences of hostile intelli- 
gence efforts. 


D. SECURITY COUNTERMEASURES: DEFENDING ON MANY FRONTS 


The National Strategic Security Program that the Committee 
recommends will have to address a multitude of issues, cutting 
across both agency and disciplinary lines. Thus, different agencies 
have failed for years to agree upon the scope and methods to be 
used in background investigations for Top Secret and Sensitive 
Compartmented Information clearances; the result has been waste- 
ful duplication of investigations. Military services, in particular, 
have been ‘Permitted to establish far too many special access pro- 
grams, all in the name of security but sometimes with lower securi- 
ty standards than the regular programs maintain. Technical ex- 
perts who run our nation's computer security programs have 
poured additional funds into specially-designed hardware and soft- 
ware to protect sensitive computer systems, while doing little to 
combat the major personnel problem of assuring the reliability of 
computer users with access to so much sensitive data. The various 
agencies that deal with technical security issues have only recently 
begun to forge effective cooperation on approaches to those issues. 
And this country has a long way to go in the development of oper- 
ations security practices to protect sensitive programs against hos- 
tile intelligence collection activities. 

This Report groups many security issues by discipline, but the 
Committee feels strongly that many, and perhaps most, of those 
issues will remain unresolved until a more effective security policy 
structure is implemented. There is a need to upgrade security 
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across the board, with improved recrutiment, improved training of 
personnel ranging from security clearance adjudicators to poly- 
graphers and technical security personnel, and upgraded job classi- 
fications that reflect the increased importance and sophistication of 
modern security specializations. 

In the field of personnel security, the Committee found, as did 
the Stilwell Commission, that insufficient attention was being paid 
to the reinvestigation of those who already have security clear- 
ances. Both the Defense Department and the intelligence communi- 
ty now understand the importance of reducing the backlog in those 
reinvestigations, and the Committee has worked to ensure that the 
needed funds to accomplish this swiftly are provided in legislation. 
One reason for recommending interagency agreement on a “single 
scope" background investigation is the hope that funds thus saved 
could be put to work on thé pressing reinvestigation task, as well 
as on upgrading Secret clearance investigations as recommended 
by the Stilwell Commission. The Defense Department has reduced 
the number of cleared personnel by some 900,000 persons—over 
2095 —thus also easing some of the clearance investigation costs. 

There is a crisis of standards in sensitive governmental positions. 
The Committee found no rigorous standards regarding the hiring of 
persons who have committed felonies. Follow-up measures after 
persons with admitted problems like past drug use are granted 
clearances are poor or nonexistent. Even the most sensitive clear- 
ances are granted to virtually anyone whose record does not con- 
tain clear disqualifying factors, rather than being based upon a se- 
lection process that chooses those persons most able to cope with 
the pressures of sensitive access and security. In light of this, the 
Committee has supported Defense Department efforts to develop 
counterintelligence polygraph programs with the highest quality 
controls, pursuant to the test program approved by the House and 
Senate Armed Services Committees. 

The Committee has found that the classification system is 
unduly complicated and that it breeds cynicism and confusion in 
those who create and use classified information. The Committee be- 
lieves that a streamlined system, in which the Confidential classifi- 
cation is eliminated and all information is either Secret or the 
equivalent of Sensitive Compartmented Information, would be 
much more workable despite the major changes and initial costs 
that this would entail. . 

The Committee also found that authorized (but uncontrolled) dis- 
closures and unauthorized leaks of classified information are so 
commonplace as to imperil many sensitive programs and oper- 
ations. Recent Executive branch efforts to investigate instances of 
unauthorized disclosure of classified information and to punish 
those responsible are a welcome development. The Committee calls 
on the Executive branch to go further, however, and to adopt pro- 
cedures governing authorized disclosures, so that there will be a 
record of such disclosures—thus relieving the FBI of the need to in- 
vestigate cases that are not real leaks—and so that those who origi- 
nate classified information will have a chance to argue against its 
release. There must be both firmness and order in the information 
security system before it will gain the respect of the millions of 
people who handle classified information. 
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The Committee. was pleased to learn of the National Security 
Agency's many efforts to improve the communications security of 
the U.S. Government. It supports NSA's plan for the development 
and licensing for distribution of low-cost secure voice telephone 
equipment. In addition, the Committee has proposed Fiscal Year 
1987 funding to improve communications security by beginning the 
encryption of many domestic commercial communications satellite 


The Committee endorses the role of NSA in developing computer 
security hardware, systems and standards for both the government 
and segments of the private sector, in cooperation with the Nation- 
al Bureau of Standards. The Committee recommends, however, in- 
creased attention to personnel security aspects of protecting com- 
puterized information. It supports State Department efforts to 
place U.S. citizens in charge of the computers in U.S. embassies 
overseas. The Committee believes that personnel with access to the 
most sensitive computer systems should be included in personnel 
reliability programs similar to those now being instituted for per- 
sons with sensitive cryptographic access. And it believes that there 
must be better analysis of information system vulnerabilities 
before permission is given to put sensitive information in those sys- 


ms. 

The Committee was very concerned over serious deficiencies in 
the security of U.S. facilities overseas, primarily those managed by 
the Department of State. The bugging of typewriters in the U.S. 
Embassy in Moscow graphically demonstrated both Soviet sophisti- 
cation and U.S. vulnerabilities. Steps are being taken to combat 
technical penetration efforts, ranging from the embassy rebuilding 
program proposed by the Inman Panel to an equipment protection 
program that was funded in the Diplomatic Security Act. The Com- 
mittee supports these and other efforts, and it has worked to 
ensure that agencies will work closely with each other to bring the 
best expertise to bear on technical security problems. 

The Committee has also found the industrial security system for 
classified defense and intelligence contracts to be seriously defi- 
cient, to an extent that warrants consideration of major changes. 
The Committee recommends a pilot program to assign Defense in- 
vestigative Service personnel to large sensitive contractor facilities 
on a full-time basis. It proposes changing the Federal Acquisition 
Regulations to make security a direct cost in contracts, rather than 
an overhead cost that is inevitably subjected to corner-cutting. It 
suggests greater incentives in contracts for security performance, 
as well as a requirement that security officers be trained and gov- 
ernment-certified. Many of the Committee’s recommendations re- 
garding personnel and information security will also have a direct 
impact upon industrial security practices. 

_, Attention to security requirements is also needed in Congress 
itself. The Committee found that there was no centralized registry 
of Senate personnel with clearances, little or no security awareness 
material for Congress, and little understanding of how to protect 
sensitive information that is provided to Member offices and com- 
mittees. At the request of the Majority Leader, the Committee 
joined with the Committee on Rules and Administration and the 
mmittee on Governmental Affairs in recommending that a 


Page 435 of 3957 


Page 436 of 3957 


Senate security office be established to develop and oversee imple- 
mentation of standards and procedures in these areas. The Com- 
mittees recommended that the security office be instructed to 
survey the extent of clearances among Senate staff, to recommend 
how the number of cleared personnel might be reduced, and to de- 
velop a Senate security manual, the provisions of which would be 
binding on all Members, Officers and employees of the Senate. The 
Committee continues to work closely with Senate leadership on 
these efforts, with a goal of creating a security office early in the 
next session. 


E. BUDGETARY IMPACT 


The Committee's recommendations will not be cost-free. Some 
savings would be achieved through streamlining the classification 
system, adopting common standards for background investigations, 
and implementing current national policies that lessen the require- 
ment for TEMPEST protection of U.S.-based information-processing 
equipment. But the Committee believes that the U.S. Government 

. has suffered for years from inadequate investment in security 
countermeasures. 

In the Intelligence Authorization Act for Fiscal Year 1987, the 
Committee has proposed substantial increases in spending for secu- 
rity in the intelligence community and in related Defense Depart- 
ment programs. Among these initiatives are an additional $129 
million for communications security, including the first year of a 
five-year plan to encrypt sensitive domestic communications satel- 
lite channels, and an additional $22 million to improve personnel 
security in the Defense Department. In 1985, Committee members 
proposed what became a $35 million supplemental appropriation 
for improved technical security at U.S. facilities abroad. In 1986, 
the Congress passed the Diplomatic Security Act and a supplemen- 
tal appropriation providing funds for a massive program to up- 
grade security at U.S. missions. This commitment is designed for 
protection against not only terrorism, but also hostile intelligence 
penetration. 

The additional expenditures recommended by the Committee for 
FY 1987 would amount to an increase in annual spending for coun- 
terintelligence and security of at least $500 million above the fund- 
ing level in FY 1985. This commitment must continue in the years 
ahead, when further increases may well be required because of the 
growing technical, communications and computer security vulnera- 
bilities. From a larger perspective, however, the costs of improved 
security will be offset by the gains to the United States in the over- 
all U.S.-Soviet balance of military, intelligence, economic and polit- 
ical capabilities. Soviet espionage successes have cost our country 
or saved our adversaries billions of dollars. Just as our nation's in- 
vestment in intelligence-gathering programs has a significant 
payoff for national security, an increased investment in counterin- 
telligence and security programs will help deny comparable advan- 
tages to the Soviets. 
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F. LEGISLATIVE PROPOSALS 


The great majority of the Committee's findings and recommenda- 
tions relate to administrative actions. Some needed actions do re- 
quire, however, legislative authorization. In these cases, the Com- 
mittee has either recommended or, often, already introduced the 
needed legislation. 

Members of the Committee have sponsored several pieces of leg- 
islation in recent years to bring the hostile intelligence presence in 
the United States under some control. The Committee recommends 
that these be implemented so as to maintain a limit of 320 on per- 
manently accredited Soviet embassy and consular personnel. The 
Committee also found gaps in current legislation and recommended 
three further steps: a legislated policy of equivalence between the 
U.S. and Soviet U.N. missions (introduced by Senators Leahy and 
Cohen as S. 1773); registration of commercial entities controlled by 
Warsaw Pact governments (introduced by Senator Roth as S. 1900); 
and extension of the Foreign Missions Act to include commercial 
and other entities controlled by foreign governments (introduced by 
Senators Durenberger and Leahy as S. 1947). All three proposals 
have been attached to the Intelligence Authorization Act for Fiscal 
Year 1987. - : 

The FBI could benefit greatly from legislation in several areas. 
The Committee has added provisions to the Intelligence Authoriza- 
tion Act for Fiscal Year 1987 that would require banks and tele- 
communications companies to comply with FBI requests for access 
to customer records pursuant to duly authorized full counterintelli- 
gence investigations. State privacy laws and fears of civil suits 
have inhibited some companies from cooperating with the FBI in 
recent years. The Committee is also prepared to introduce legisla- 
tion to create a court order system, comparable to that which now 
exists under the Foreign Intelligence Surveillance Act, to authorize 
physical searches for couterintelligence purposes. This would avert 
the need to rely on assertion of inherent Presidential powers in 
this area and would make it easier to use material thus obtained in 
eventual prosecutions. 

. The FBI has a problem in providing sufficient financial incen- 
tives to its Agents who must work in New York City, which in turn 
makes it difficult to retain counterintelligence specialists in that 
Field Office for substantial periods of time. If the FBI determines 
that legislation is required to address this problem, the Committee 
is prepared to work with the FBI to develop a suitable legislative 
approach. 

. The Committee recommends that the FBI and the Justice De- 
partment develop improved means of prosecuting foreign intelli- 
gence officers or agents who enter the United States illegally or 
under non-official cover and who engage in intelligence support 
functions without actually passing classified information. This 
could result in legislative proposals in the next Congress. 

Although the Committee has not recommended legislation re- 
garding assistance to defectors, it is quite possible that the Perma- 
nent Subcommittee on Investigations of the Committee on Govern- 
mental Affairs will make such recommendations when it completes 
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its inquiry into that matter. The Intelligence Committee expects to 
work closely with the Permanent Subcommittee on this issue. 

The Committee supports recent Defense Department efforts to 
develop a counterintelligence polygraph program with strict qual- 
ity controls, modeled on the Air Force's successful Seven Screens 
program. The Committee recommends that the Armed Services 
Committee either propose legislation to establish a permanent au- 
thority for this polygraph effort or extend the current test program 
under which DoD is operating and set a date by which the issue of 
permanent authority will be decided. 

Deficiencies in congressional security have prompted the Com- 
mittee, in conjunction with the Committees on Governmental Af- 
fairs and Rules and Administration, to propose that the Senate es- 
tablish a Senate security office with responsibilities in the areas of 
personnel and information security. The office would be established 
by Senate Resolution. 

The Committee has not recommended any legislation at this time 
to deal with the unauthorized disclosure of classified information. 
It believes that consideration of this issue should be postponed 
until appeals are completed in the Morison case and the applicabil- 
ity of the federal espionage statutes to leaks and other disclosures 
has been decided. In addition, the Committee believes that there 
are significant administrative steps that can and ought to be imple- 
mented more quickly, in particular the adoption of procedures to 
govern the authorized disclosure of classified information. 
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G. RESPECT FOR INDIVIDUAL RIGHTS 


A free society cannot allow the fear of foreign adversaries to un- 
dermine the constitutionally protected rights that define the true 
character of our nation. This principle has guided the Committee 
in its review of counterintelligence and security programs. As 
President Reagan stated on June 29, 1985: 


[W]e can counter this hostile threat and still remain 
true to our values. We don't need to fight repression by be- 
coming repressive ourselves. . . . But we need to put our 
cleverness and determination to work and we need to deal 
severely with those who betray our country. We should 
begin by realizing that spying is a fact of life and that all 
of us need to be better informed about the unchanging re- 
alities of the Soviet system. . . . There is no quick fix to 
this problem. Without hysteria or finger pointing, let us 
move calmly and deliberately together to protect freedom. 


The Committee's recommendations seek to strengthen U.S. coun- 
terintelligence and security measures without violating constitu- 
tional rights or upsetting the delicate balance between security and 
freedom. A broad range of improvements can be made without ad- 
versely affecting the rights of individuals, and the additional tools 
needed for counterintelligence and security purposes can be made 
subject to reasonable safeguards that minimize intrusion into the 
privacy of American citizens. 
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II. THE HOSTILE INTELLIGENCE THREAT 


The hostile intelligence threat to the United States is severe, and 
it confronts the Government and the American people with in- 
creasingly serious challenges. The threat spans all types of intelli- 
gence operations from traditional human espionage to the most so- 
phisticated electronic devices. Every kind of sensitive information 
is vulnerable, including classified government information, emerg- 
ing technological breakthroughs and private financial transactions. 
Foreign intelligence services also sometimes target the political 
process, seeking both information and influence. 

What has made the threat more vivid to the Congress and the 
public are the many espionage cases that surfaced publicly in the 
last few years. During 1984-86, twenty-five people have been con- 
victed or have pleaded guilty to charges of spying against the 
United States. Another person charged with espionage, Edward Lee 
Howard, has defected to the Soviet Union; a Soviet employee of the 
United Nations has pleaded “no contest" to espionage charges; and 
several foreign diplomats have been detained and/or ousted be- 
cause of their espionage activities. The upsurge in espionage pros- 
ecutions began in the late seventies; and FBI Director William H. 
Webster said in 1984 that the espionage cases that came to public 
attention weze "merely the tip of the iceberg." The Committee be- 
lieves it is vital for the Senate and the public to be aware of the 
full dimensions of the threat, technical as well as human. 


A. DAMAGE TO NATIONAL SECURITY 


National policymakers must recognize as clearly as possible the 
extent and gravity of the damage to national security interests 
caused by hostile intelligence operations. Based on the public and 
classified record, the Committee has found the aggregate damage 
in recent years to be far greater than anyone in the U.S. Govern- 
ment has yet acknowledged publicly. The Committee has reviewed 
the actual and probable injury resulting from recent espionage 
cases, technical security compromises and technology transfer. The 
inescapable conclusion is that the damage was immense: 

U.S. military plans and capabilities have been seriously com- 
ir. 
-5. intelligence operations were gravely impaired; 
U.S. technological advantages have been overcome in some 
areas; 
U.S. diplomatic secrets were exposed to the scrutiny of our 
adversaries; and 
Sensitive aspects of U.S. economic life were subject to con- 
stant Soviet monitoring. 
Foreign intelligence services have exploited human and technical 
vulnerabilities to penetrate some of the most vital parts of our de- 
fense, intelligence and foreign policy structure, including many Ex- 
ecutive branch agencies and the Congress. A sober examination of 
the damage is essential to make rational decisions on policy initia- 
tives and resources allocation for counterintelligence and security 
P" In assessing the military d 

n assessing the military damage, the Committee agrees with an 

estimate by a senior FBI official that the an aaa ote over the 
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past several years have involved billions of dollars of actual and po- 

tential damage to U.S. military programs. The cases primarily in- 

clude John Walker and Jerry Whitworth, James Harper, William 

ca Bell, Thomas Cavanagh, Christopher Cooke and Ernest For- 
rich. 


Walker-Whitworth 


Although the assessment in the Walker and Whitworth cases is 
still incomplete, their information may have enabled the Soviets to 
read some of the U.S. Navy's most secret messages to the fleet 
from the 1960's to the time of their arrests in 1985 and also possi- 
bly reduced the U.S. lead in anti-submarine warfare. The crypto- 
graphic material passed by John Walker and Jerry Whitworth was 
exceptionally harmful, because the Soviets could use it to decipher 
encrypted U.S. Naval communications. Vitaly Yurchenko, the 
Soviet KGB defector who later returned to the Soviet Union, told 
U.S. authorities that the Soviets read over a million coded mes- 
sages as a result. 

(An official assessment of the damage, prepared by the Director 
of Naval Intelligence and a senior Justice Department official, is 
provided in Appendix A.) 


Harper 


In 1979-81 James Harper passed to Polish intelligence a huge 
array of materials pertaining to the survivability of the Minute- 
man missile system and to U.S. defenses against ballastic missile 
attack. He obtained the information from a private firm doing con- 
tract research for the U.S. Army Ballistic Missile Defense Ad- 
vanced Technology Center in Huntsville, Alabama. Harper received 
approximately $250,000 for documents whose loss Army experts 
have rated as “beyond calculation." He also provided computer 
data-base tape available through his contacts in Silicon Valley. 
Harper's largest single delivery occurred in 1980, when he took 
some 100 pounds of classified reports to Warsaw, where a team of 
20 KGB experts flown in from Moscow declared them to be ex- 
tremely valuable. KGB Chairman Yuri Andropov commended the 
Polish intelligence unit handling Harper for its efforts. (An account 
of the Harper case prepared by the Defense Security Institute is 
provided in Appendix B.) 


Bell 


William Holden Bell was recruited by a Polish intelligence offi- 
cer operating under commercial cover. As a project manager in the 
Advanced Systems Division, Radar Systems Group at Hughes Inter- 
national Corporation, Bell was responsible for development and 
promotion of the radar fire control product line of tank vehicles. 
From 1978 to 1981, Bell supplied Polish (and presumably Soviet) in- 
telligence extensive classified documents on the Covert All-Weath- 
er Gun System [CAWGS], a proposed tank gun using Low Probabil- 
ity of Intercept Radar [LPIR] or "quite radar." LPIR uses a dis- 
guised radar signal that is difficult for enemy targets to identify as 
radar; an enemy is thus prevented from taking evasive action or 
using the radar signal for directing return fire. (An account of the 
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Bell-Zacharski case prepared by the Defense Security Institute is 
provided in Appendix C.) 


Cavanagh 


The defense contractor case with the greatest potential for dev- 
astating harm involved Thomas Cavanagh, an engineer at Nor- 
throp Corporation. He was arrested in December, 1984, for attempt- 
ing to sell classified documents on Stealth technology to the Sovi- 

: ets. The FBI intercepted his attempt, and FBI agents posing as 
KGB officers made the arrest after giving him $25,000 for the docu- 
ments. While no serious compromise actually occurred, FBI Direc- 
tor Webster has said that Cavanagh’s documents contained “the 
core of the Stealth technology" which had “‘cost this country over 
$1 million an hour to develop.” (An account of the Cavanagh case 
prepared by the Defense Security Institute is provided in Appendix 
D.) 


Cooke 


Lt. Christoper Cooke, deputy commander of an Air Force Titan 
missile crew, was charged with passing classified information to 
. the Soviets on U.S. strategic missile capabilities in 1980-81. While 
the damage was serious, the charge was dismissed because Air 
Force prosecutors had offered him immunity to find out if he was a 
part of a larger spy ring (which he apparently was not). 


Forbrich 


Ernest Forbrich, a West German auto mechanic, was arrested in 
1984 in Florida after buying a classified military document from an 
undercover agent posing as an Army officer. Forbrich appears to 
have been a conduit who passed U.S. military secrets to East 
German intelligence, and he admitted selling documents to the 
East Germans for 17 years. Forbrich traveled frequently to the 
United States, contacting former U.S. military personnel who had 
served in West Germany. Although he was convicted of espionage, 
none of the former U.S. military personnel whom Forbrich contact- 
ed was charged. 

The espionage damage to U.S. intelligence over the past decade 
has been as great as the harm to military programs. The cases that 
surfaced in 1985—Howard, Pelton, Chin and Pollard—represent a 
severe blow to U.S. intelligence, with Howard, and Pelton doing the 
greatest harm because they compromised collection efforts directed 
at high-priority targets in the Soviet Union. Other recent cases in- 
volved FBI Agent Richard Miller, Army counterintelligence spe- 
cialist Richard Craig Smith, and CIA employees Sharon Scranage 
and Karl Koecher. ; 


Howard 


Edward Lee Howard, a former case officer dismissed by the CIA, 
was accused of selling intelligence secrets to the Soviets and subse- 
quently defected to Moscow. Howard probably gave the Soviets in- 
formation on sensitive CIA operations in Moscow. 
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Pelton 


Ronald Pelton, a former communications specialist with the Na- 
tional Security Agency from 1965 to 1979, was convicted in 1986 of 
selling the Soviets information about a highly classified U.S. intel- 
ligence collection project targeted at the Soviet Union. Other as- 
pects of the damage caused by Pelton that did not surface at the 
trial have not yet been completely evaluated. 


Chin 
Larry Wu-tai Chin gave the Chinese an inside view of U.S. intel- 
ligence reporting on China and related topics for decades, first as a 
translator for the U.S. Army and then as a translator and foreign 
media analyst for the CIA. Chin was a "plant" who received intelli- 


gence training before his employment by the Army in 1943. His re- 
porting was highly praised by Chinese officials. 


Pollard 


Jonathan Jay Pollard, a civilian intelligence analyst with the 
Naval Investigative Service, pleaded guilty in 1986 to the charge of 
illegally passing classified documents to Israel. Pollard obtained a 
wide array of intelligence reports on the Middle East for his Israeli 
contacts. 


Miller 


FBI Agent Richard Miller injured the entire intelligence commu- 
nity, not just the FBI, when he provided the Soviets in 1984 
(through his Russian emigre lover Svetlana Ogorodnikova) a docu- 
eg outlining overall U.S. foreign intelligence collection prior- 
ities. 

Smith 


Richard Craig Smith, a former Army counterintelligence agent, 
was charged in 1984 with selling information to Soviet agents in 
Tokyo identifying U.S. double agents being operated against Soviet 
intelligence. Smith was acquitted in 1986 after asserting as his de- 
fense that be had been working under the direction of CIA opera- 
tives in Honolulu. 


Koecher 


Karl Koecher, a naturalized U.S. citizen of Czech origin, worked 
as a translator for the CIA in the 1970s. He and his wife were ar- 
rested in 1984 as they prepared to fly to Switzerland. By then, the 
FBI had sufficient information to establish that Koecher was 
trained and sent to the United States in the 1960s to work as a 
Czech "illegal" and penetrate U.S. intelligence. Koecher was able 
to give Czech intelligence everything he knew about such sensitive 
CIA information as he was provided in his job as a translator. 


Scranage 
Sharon Scranage, a CIA operations support assistant in Ghana, 
was convicted in 1985 of turning over classified information, includ- 
ing the identities of CIA case officers and clandestine sources, to 
ian intelligence officials. 
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In addition to the damage to classified U.S. military and intelli- 
gence programs, hostile intelligence services have acquired sensi- 
tive technological data in the United States, Western Europe, 
Japan and elsewhere. Soviet acquisition of U.S. technology has sig- 
nificantly reduced the time it took the Soviets to develop new 
weapons systems and field countermeasures to U.S. systems. A 
recent example is the case of Manfred Rotsch, a Director of Plan- 
ning for a prominent West German aerospace company, who was 
arrested as a Soviet agent. Rotsch was in a position to transfer de- 
tailed manufacturing information on Western weapon systems to 
the KGB, and the case points up the vulnerability of U.S. advanced 
technology released in coproduction or licensing programs. The re- 
search and development cost savings to the Soviet Union from ille- 
gal Western technology acquisition are believed to be enormous. 
The Ministries of Defense Industry and Aviation Industry alone 
are estimated to have saved half a billion rubles (roughly $700 mil- 
lion at official conversion rates) between 1976 and 1980, although 
that figure probably reflects operating cost savings as well as R&D. 

In the diplomatic field the recent discovery of bugged typewriters 
in the U.S. embassy in Moscow exposed an operation of some dura- 
tion. For years, the Soviets were reading some of our most sensitive 
diplomatic correspondence, economic and political analyses, and 
other communications. 

More difficult to assess, yet with enormous danger to the United , 
States, is the Soviet interception of U.S. communications from col- 
lection facilities throughout the world, including Soviet diplomatic 
establishments in the United States and an extensive site at 
Lourdes, Cuba. The Soviets could monitor many U.S. domestic tele- 
communications channels, including most satellite links and cer- 
tain ground-to-ground transmissions. While the risk to military se- 
crets from poor communications security is widely understood, the 
U.S. business community is also highly vulnerable. 

Taken together, the damage to national security from espionage, 
technology theft and electronic surveillance amounts to a stagger- 
ing loss of sensitive information to hostile intelligence services. As 
an open society, the United States already allows its adversaries 
unfettered access to vast amounts of information that must be 
shared widely so that our political system can function democrat- 
ically and the process of free scientific inquiry can be most produc- 
tive. Our openness gives hostile intelligence services the ability to 
focus their efforts on those few areas of our government and socie- 
ty where confidentiality is required. 

The following discussion of the hostile intelligence threat to the 
United States is designed to give the Senate and the American 
people a better appreciation of the challenges we will continue to 
face in the future. It is based upon an assessment prepared by the 
intelligence community at the Committee's request. By understand- 
ing the nature and scope of ongoing hostile intelligence efforts, 
public officials and private citizens alike can better understand 
why the Committee recommends increased emphasis on counterin- 
telligence and security programs. There is much that the ordinary 
citizen can do to strengthen the nation's defenses, especially if the 
individual works for the federal government, a government con- 
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tractor, or a high-tech industry or research program. The key re- 
quirement is knowledge of the dangers. i 


17 


B. SOURCES OF THE THREAT 


Among foreign intelligence services, those of the Soviet Union 
represent by far the most significant intelligence threat in terms of 
size, ability and intent to act against U.S. interests. In fact, the ac- 
tivities of the Warsaw Pact country and Cuban intelligence services 
are primarily significant to the degree that they support the objec- 
tives of the Soviets. The threat from intelligence activities by the 
People's Republic of China (PRC) is significant but of a different 
character, as explained below. The intelligence activities of North 
Korea, Vietnam and Nicaragua pose a lesser, but still significant, 
threat to U.S. foreign policy interests, although these countries 
have only a limited official presence in the United States. 

Many other countries—hostile, allied, friendly and neutral— 
engage in intelligence operations against the United States. While 
these activities cannot be ignored, they do not represent a compa- 
rable threat. Nonetheless, in 1985, arrests for espionage included 
U.S. Government employees who had passed classified information 
to Israel and to Ghana. 


1. Soviet Union 


The KGB and the GRU are the two principal Soviet intelligence 
organizations. The KGB (or Committee for State Security) main- 
tains internal security in the USSR and, as a secret intelligence 
service, collects intelligence and conducts covert political influence 
operations (termed "active measures") abroad. The GRU (or Chief 
Directorate for Intelligence) is the Soviet military intelligence orga- 
nization and engages only in foreign intelligence activities. 

In no other country in the modern world have intelligence and 
security services played such a crucial, long-term role in sustaining 
a government and controlling its citizens. In recent years, the KGB 
has become a vital tool for protecting the Communist Party at 
home and implementing its policies worldwide, especially through 
energetic espionage and covert action operations both against 
Western governments and in the Third World. (Covert action ef- 
forts are coordinated with the International Department of the 
Communist Party, which has lead responsibility for worldwide 
Soviet "active measures," including propaganda and political influ- 
ence operations. Soviet military intelligence came into its own 
during and just before World War II, and the GRU aggressively 
supplements the KGB with espionage and massive technical sur- 
veillance operations. The GRU coordinates and supports Soviet 
SIGINT and overhead photography and trains foreign revolution- 

cadres and insurgents. In the operational Soviet military, 
"etsnaz" (Special Forces) units have an overseas role as special- 
purpose commando forces capable of covert infiltration, sabotage 
and assassination operations. . 

The highest Soviet collection priority is accorded to policy and 
actions associated with U.S. strategic nuclear forces. Other high 
priority subjects are key foreign policy matters, congressional in- 
tentions, defense information, advanced dual-use technology, and 
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U.S. intelligence sources and methods. The Soviets also target 
NATO intensively, partly as a means to obtain U.S. foreign policy 
and military information; recent arrests in West Germany and 
Greece are indicative of the successes of the USSR in targeting 
‘U.S. and NATO classified weapons systems.? The Soviets heavily 
influence the collection activity of the Cuban and Warsaw Pact 
services, in effect expanding their own collection resources through 
exploitation of the ethnic ties that other services can use in their 
recruitment efforts, as well as the normally less stringent U.S. con- 
trols on the activity of non-Soviet visitors and representatives. 

The Soviets acquire much of the information they need through 
non-clandestine means—diplomatic activities, trade representa- 
tives, visitors, students, and other open inquiry. They carefully 
select participants in exchange programs to maximize access to in- 
formation of intelligence interest. The Soviet government also has 
access to computerized U.S. and other Western reference systems, 
to U.S. Government programs designed to facilitate legitimate dis- 
semination of information, and to open literature ranging from 
technical journals and industry publications to the news media. , 
Soviet collection efforts are further aided by the absence of effec- 
tive U.S. Government controls over foreign visitors and indirect ex- 
ports. 

The Soviets aggressively screen information on Western technol- 
ogy to avoid technological surprise and to improve their economy 
and weapons systems. The methods used to acquire technology will 
depend largely on the cost and the risk involved. It is likely that 
increased controls on trade with the Soviets and on Soviet visitors 
and official personnel will cause changes in Soviet collection tech- 
niques. Thus, more use of clandestine methods to acquire technolo- 
gy is likely when it cannot be obtained in other ways. 


2. Warsaw Pact and Cuba 


_The intelligence services of Poland, East Germany, Czechoslova- 
kia, Bulgaria, Hungary and Cuba not only serve their own national 
interests, but also act as surrogates for Soviet intelligence. While a 
member of the Warsaw Pact, Romania has looser ties to the Soviets 
in the intelligence arena. Recent cases demonstrate the. aggressive- 
ness of the Warsaw Pact services. In 1983, an employee of the Bul- 
garian trade office in New York was arrested for espionage based 
on evidence that he bought a secret document on security proce- 
dures for American nuclear weapons. The Bell and Harper cases il- 
lustrated the effectiveness of Polish intelligence in penetrating U.S. 
defense industry. East German agents arrested in the United 
States over the past three years include a women courier in a KGB 
espionage network and a prominent scientist attempting to recruit 
American scientists. 

_The recent interagency report on Soviet Acquisition of Militarily 
Significant Western Technology documents fully the relationship 
between Soviet intelligence and the Warsaw Pact services. The 


? This Report concentrates upon the direct hostile intelligence threat to the United States and 
does not include the counterintelligence and security implications for the United States of hos- 
tile intelligence activities that target U.S. allies or alliances. The Committee will examine these 
matters in its continuing oversight of U.S. counterintelligence and security programs. 
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KGB, more than the GRU, relies on the collection capabilities of 
the East German, Polish, Bulgarian and Czech services. The suc- 
cess of the East European services can be attributed partly to the 
Western misperception that their countries are less of a threat 
than the USSR. East European nationals operating in most West- 
ern countries have fewer (or no) travel restrictions and, in some 
cases, find it easier to work in a Western cultural and commercial 
environment. At the same time, however, the West also has easier 
access to Warsaw Pact countries than to the Soviet Union. Reci- 
procity considerations limit the West's ability to impose extreme 
controls on East Europeans. 

The Cuban DGI has long been under the direct influence of 
Soviet intelligence. While in recent years the Cubans have empha- 
sized operations against anti-Castro emigre groups and illegal ac- 
quisition of embargoed U.S. technology and equipment, Cuban in- 
telligence also targets U.S. Government plans and intentions, espe- 
cially regarding Latin America. There are indications, dating back 
many years, of Cuban support and training for Puerto Rican ter- 
rorists and of propaganda operations to influence segments of 
American public opinion. 


3. People's Republic of China 


The PRC has several intelligence services whose personnel are 
represented among the approximately 1,500 Chinese diplomats and 
commercial representatives located at some 70 PRC establishments 
and offices in the United States. They also have some access to the 
approximately 15,000 Chinese students and 10,000 individuals ar- 
riving in 2,700 delegations each year. PRC intelligence also seeks to 
apon the large ethnic Chinese community. 

e implications of PRC intelligence activities are markedly dif- 
ferent from those of the Soviet Union and its surrogates. The forces 
of the Warsaw Pact are arrayed against those of NATO; and the 
Soviet Union’s expansionist policy poses a current and continuing 
global challenge to the United States and its allies. The PRC is not 
now in strategic competition with the United States. Indeed, the 
United States has fundamental interests in maintaining friendly 
relations with the PRC and promoting its modernization, to include 
selective upgrade of its military defensive capabilities. Intelligence 
collection priorities of the two major communist powers reflect 
their respective foreign policies. The Soviet intelligence services 
have urgent requirements with respect to U.S. plans, intentions 
and capabilities, as well as technology; the PRC services concen- 
trate primarily on advanced technology not approved for release so 
as to further PRC military and economic modernization in the 
1990s and beyond. . . ' 

Despite these differences, the PRC intelligence threat continues 
to be significant. The evidence of PRC espionage in the Chin case 
and from other counterintelligence sources justifies alerting Ameri- 
can citizens to the current risks. The recent detention of a British 
national employed by the New York Times as a reporter in China 
reflects an increased emphasis by PRC intelligence and security 
services on surveillence of foreign visitors. PRC efforts to cultivate 
Chinese-Americans in scientific and technical fields should be rec- 
ognized as including potential intelligence approaches, as long as 
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the PRC continues to mount espionage operations against classified 
U.S. programs and embargoed technology. 


4. Other Countries 


Other countries also conduct human intelligence operations in 
the United States, both overt and covert. Their targets include 
largely the same range of interests as those of the Soviets and the 
PRC, including high technology and political, military and econom- 
ic policies and intentions that might affect the particular country. 

Among the common activities of foreign intelligence services in 
this country are attempts to penetrate emigre communities. A 
large number of expatriate political and emigre groups in the 
United States are viewed as a threat by authorities in the former 
homelands. From a national security viewpoint, these activities are . 
less significant than those of the USSR and its allies, although 
they are clearly in violation of U.S. sovereignty and may have an 
effect on the U.S. political system. Foreign intelligence services 
also target ethnic groups in the United States, directly or through 
front organizations, to influence U.S. decisions on foreign aid, trade 
agreements and other issues where foreign governments have 
strong interests. 

Two recent incidents illustrate the threat from non-communist 
governments. In 1984, a vocal opponent of the current regime in 
Taiwan: was murdered in California, and the Taiwanese govern- 
ment later admitted that officials of its intelligence service were 
implicated. Also in 1984, the South African military attache was 
expelled from the United States for activities incompatible with his 
diplomatic status. In 1978, the Committee issued a public report on 
Activities of “Friendly” Foreign Intelligence Services in the United 
States which examined, as a case study, South Korean operations 
in the early-to-mid 1970s. The Pollard case has raised questions as 
to whether the Israeli government, or significant elements thereof, 
have engaged in more extensive espionage operations in the United 
States. While the strategic threat in such cases in less than from 
Soviet bloc or PRC operations, the harm to specific U.S. foreign 
ed iere and legal safeguards is still substantial and unac- 
ceptable. . 


C. HUMAN INTELLIGENCE TECHNIQUES 


The hostile intelligence threat can be divided roughly -between 
the human side and the wide array of technical collection oper- 
ations. The human dimension begins with the trained intelligence 
officer, dispatched under official or nonofficial cover to operate 
abroad. Intelligence officers recruit and handle agents employed by 
foreign governments, industries, or political organizations; and 
they “co-opt” other members of their own government and citizen- 
ry for particular assignments. In general, hostile intelligence 
HUMINT operations fall into the following categories: 

Legal” operations are conducted by intelligence officers 
under official cover. The term does not mean “lawful,” because 
case officers recruit and handle espionage agents. The FBI esti- 
mates that at least 30% of the 1,500 Soviet officials in the U.S. 
are KGB or GRU staff officers. Reportedly, over 3,000 KGB of- 
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ficers and approximately 1,500 GRU officers are posted outside 
the Soviet Union. 

“Tilegals” are trained intelligence officers sent abroad, often 
with false identities, who maintain no overt contact with their 
government. The number of Soviet illegals and their activities 
are very difficult to estimate. 

"Co-optees" are officials or visitors tasked to do particular 
tasks, such as spotting potential recruits or servicing drops. 
Many Soviet officials are co-opted, as are many official visitors 
and some emigres. 

"Agents" are American or third-country nationals recruited 
for current operational purposes or, in some cases, as “sleep- 
ers" to be activated at a later date. Apart from the egents sur- 
faced publicly in espionage or illegal export cases, the FBI has 
numerous other suspected agenis under investigation. 

Despite the development of increasingly sophisticated technical 
means of collection, the human agent continues to be the most im- 
portant key to satisfying a nation's intelligence needs. An intelli- 
gence community study summarized the human threat in the fol- 
lowing terms: 


The Communist countries depend to a large degree on 
their human collection networks throughout the world to 
satisfy their U.S.-related intelligence requirements—re- 
quirements ranging from acquisition of advanced technolo- 
gy, location and determination of the quality of strategic 
and conventional military forces, and assessment of U.S. 
reaction to international political incidents, to discovery of 
techniques used by U.S. counterintelligence. 


An analysis of hostile human intelligence operations against the 
United States must address the role of the Soviet-bloc official pres- 
ence in the United States; the non-official United Nations and ‘“‘il- 
legal" hostile presence; the recruitment of agents; the Soviet 
Union's systematic technology acquisition program; and covert po- 


litical action operations (or "active measures"). 


1. Official Presence 


The spearhead of the Soviet, other Warsaw Pact and Cuban in- 
telligence collection effort is their official presence in the United 
States. In 1985, there were about 4,250 diplomats, commercial offi- 
cials and other representatives from Communist countries in the 
United States, 2,100 of whom were from the Soviet Union and the 
other Warsaw Pact countries. The Soviet Missions to the United 
Nations in New York have approximately 275 accredited diplomats; 
the Department of State has recently mandated a reduction in this 
number to 170 by April 1988. The Soviets have 320 accredited per- 
sonnel at their Embassy in Washington and Consulate General in 
San Francisco, in comparison to the approximately 200 American 
diplomatic personnel assigned to the Soviet Union. Additional Sovi- 
ets come to the United States on temporary assignment, as do 
American personnel to the USSR. : 

The FBI estimates that at least 30 percent of the Soviet bloc offi- 
cials and representatives in the United States are professional in- 
telligence officers of the Soviet KGB and GRU or one of the other 
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East European intelligence services. Under diplomatic cover, Soviet 
bloc diplomatic personnel accredited to the United States and to 
the U.N. missions in New York have complete immunity from 
criminal prosecution for espionage. (By contrast, Soviet nationals 
employed by the U.N. Secretariat, such as Gennadiy Zakharov, do 
not have such diplomatic immunity.) 

Soviet bloc use of official representatives for espionage purposes 
is well documented. In the Walker and Miller cases, Soviet officials 
involved with handling American agents left the country shortly 
after their agents were arrested. In other instances, successful U.S. 
counterintelligence operations have led to the exposure of Soviet 
officials engaged in clandestine communications with agents, such 
as by servicing "drops." Soviet bloc intelligence officers under dip- 
lomatic cover also seek to use overt contacts with Americans as an 
opportunity to develop long-term relationships providing an oppor- 
tunity to assess and exploit vulnerabilities for espionage recruit- 
ment purposes. In one case in the early 1980s, a Soviet official who 
attempted to recruit a Congressional staff member was expelled 
from the country. The staff member had reported the approach and 
cooperated with the FBI's investigation, which led to exposure of 
the Soviet official's intelligence recruitment efforts. 

The sheer volume of intelligence activity is increased by the 
number of officials from other Communist countries in the United 
States as well as the large number of establishments from which 
they can operate. Soviet bloc and PRC establishments—government 
offices and U.N. missions—are located in seventeen different cities. 
The largest numbers are in New York (92), Washington (34), Chica- 
go (11), San Francisco (9), Houston (9), and Newark (9). While most 
officials are concentrated in New York and Washington, all but the 
Soviets are allowed to travel almost anywhere they wish in the 
country, subject to notice requirements and certain other condi- 
tions under the Foreign Missions Act in the case of most Warsaw 
Pact countries. 

Within the Soviet services, GRU personnel are targeted primari- 
ly against military and scientific and technical information, while 
KGB personnel in its First Chief Directorate (foreign intelligence) 
are assigned to one of four operational departments or “lines”— 
Scientific and Technical (Line X), Political (Line PR), Counterintel- 
ligence (Line KR), or Illegals Support (Line N). S&T personnel spe- 
cifically target U.S. advanced technology. Often, clandestine collec- 
tion of S&T information is preferred over buying or developing 
technology because it is cheaper and provides the best short-term 
results, although there is a risk factor in theft. KGB Line PR offi- 
cers target governmental policy information and, frequently, seek 
to advance Soviet objectives via contacts with persons of influence 
or through covert activities. Certain Line PR officers focus specifi- 
cally on the Congress. Line KR officers have the security responsi- 
bility for preventing defections of Soviet personnel and particular 
concern for penetration of the U.S. intelligence community, al- 
though all lines are tasked with this important function as a 
matter of general concern. “Illegals” support personnel comprise a 
small group that helps maintain those networks. 
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2. Other Aspects of the Hostile Intelligence Presence 


The Soviet Union is effectively using U.N. organizations, particu- 
larly the Secretariat, in the conduct of its foreign relations and as 
a cover for the activities of Soviet intelligence officers and co- 
optees. The United Nations employs, worldwide, approximately 800 
Soviet nationals as international civil servants, with about 300 of 
them in New York. Approximately one-fourth of the Soviets in the 
Secretariat in New York are considered to be intelligence officers, 
and many others are co-optees who have been told to respond to 
KGB and GRU requests for assistance. The Soviet intelligence serv- 
ices also use their developed agents in the United Nations to collect 
information on U.N. activities; to spot, assess and recruit American 
and foreign-national agents; to support worldwide intelligence oper- 
ations; and to collect scientific and technical information on the 
United States. 

The KGB has succeeded in infiltrating its officers into the U.N. 
bureaucracy, with some reaching positions of authority. The KGB 
has held the position of Assistant to the Secretary General since 
Viktor Lesiovskiy held the post under U Thant. The current Assist- 
ant is a KGB China expert. The Soviets take full advantage of U.N. 
personnel procedures such as liberal sick leave. This permits KGB 
U.N. employees to be absent as often as they desire, enabling them 
to carry out intelligence activities further abetted by the compara- 
tive freedom of movement enjoyed by U.N. employees. 

While the State Department has recently required Soviet U.N. 
employees to give notice of unofficial travel outside the New York 
area, they are not subject to the geographical off-limits restrictions 
placed on Soviet diplomats in response to equivalent restrictions 
placed on travel by U.S. diplomats in the Soviet Union. Little can 
be done about the number of Soviets employed by the United Na- 
tions in view of the large number of Americans similarly em- 

3 


ployed. 

There have also been reports of the U.N. Secretariat being used 
for clandestine activity by Warsaw Pack officials. Currently, State 
Department conditions for travel in the United States by U.N. Sec- 
retariat employees from the Soviet Union still do not apply to U.N. 
employees from other Warsaw Pact countries. 

The hostile intelligence threat is further expanded by the 
number of Soviet bloc commercial entities in the United States 
that can be used as cover for clandestine collection activities. These 
commercial establishments include the USSR's AMTORG and IN- 
TOURIST, the Polish-American Machinery Company (Polamco), 
and similar East German, Czechoslovak and other East European 
entities. Through their legitimate business activities, intelligence 
officers in those firms have access to Americans in business, indus- 
try and government who are potential targets for agent recruit- 
ment. A Czech, Pole or other East European is frequently able to 
contact U.S. companies without arousing the suspicion that contact 
by a Soviet official would occasion. The primary interests of hostile 
collectors operating under commercial cover are economic data and 


3 For a more detailed discussion of the Soviets at the United Nations, see the Committee's 
report on Soviet Presence in the U.N. Secretariat, S.Rpt. 99-52 (May, 1985). 
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advanced technology. Altogether, nearly 70 U.S.-chartered corpora- 
tions, although owned by Warsaw Pack countries, function legally 
as U.S. corporations and thus are subject to few restrictions on ac- 
quiring technologies. East Europeans employed by these firms are 
subject to no travel controls or notice requirements. 

In addition to the threat posed by their official establishments, 
U.N. employees and front companies, hostile intelligence services 
have infiltrated intelligence collectors into the United States 
among the thousands of exchange students, commercial and cultur- 
al visitors, tourists and ship crewmen who enter this country each 
year. Some 2,000 Soviets come to the United States each year 
under the auspices of the Soviet Academy of Sciences, the Ministry 
of Trade, the State Committee for Foreign Economic Relations, and 
other Soviet agencies. They collect not only overt information for 
non-defense industries, but also classified and proprietary data, in 
response to intelligence tasking on behalf of military research 
projects. The number of U.S. universities and institutes subject to 
focused Soviet efforts reportedly increased from 20 to over 60 from 
the late 1970s to the early 1980s. 

Soviet trade or scientific representatives travel to California 
about four times a month in delegations ranging from two to ten 
people, supplementing the 41-person staff of the Soviet San Fran- 
cisco Consulate. It is reasonable to assume that, just as 30-40 per- 
cent of the personnel in each Soviet establishment are intelligence 
officers, the same percent of the personnel in a Soviet visiting dele- 
gation are intelligence officers and/or co-optees. Thus, the Soviets 
are able to target more intensively the 1,500 high-technology com- 
panies in the area known as “Silicon Valley," which constitute the - 
largest collection of electronics and computer manufacturers in the 
United States. 

In recent years, a number of intelligence agents of the USSR, 
Cuba and other countries have been uncovered among the flood of 
immigrants into the United States from Communist countries. 
While not all of these agents are considered classic “illegals,” in- 
vestigations have determined that many have been sent with intel- 
ligence missions. 

The deep-cover "illegals" dispatched to the United States in the 
emigre flow and through other means by Soviet bloc and PRC in- 
telligence services represent a particularly perplexing problem be- 
cause of their completely clandestine manner of operation. They 
generally enter the United States under false identities with forged 
or stolen documents. They often acquire U.S. citizenship, and they 
have attempted to assume the appearance of ordinary Americans 
having no connection with their home country and intelligence 
service. 

An example of a KGB illegal agent was disclosed publicly by the 
FBI in 1981. Col. Rudolf Hermann (a pseudonym) had earlier been 
identified and recruited to work as a U.S.-controlled double agent. 
Hermann’s 25-year career with the KGB had begun in the 1950s 
while he was serving in the military of a Soviet-bloc country. His 
initial training in espionage techniques such as secret writing and 
cipher systems took place in East Germany. More advanced train- 
ing was received in the Soviet Union. 
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Before coming to the United States, Col. Hermann practiced his 
intelligence skills in West Germany and Canada. He and his family 
entered the United States illegally in 1968, and he established a 
home and found work as a free-lance photographer. He did not di- 
rectly collect classified information, but performed support func- 
tions such as locating drop sites for other agents and spotting po- 
tential recruits. He was also prepared to conduct more active col- 
lection operations in the event of the expulsion of Soviet officials in 
time of crisis or war. Col. Hermann's son had enrolled in an Ameri- 
can college, under KGB orders, and was preparing to seek U.S. 
Government employment, possibly in a sensitive position. 


3. Recruited Agents 


Visitors and emigres are no substitute for recruited agents inside 
sensitive U.S. programs. The spy of the 1980s has been described as 
a new breed, motivated more by greed than by ideology. However, 
the cases uncovered in 1985 suggest more complex motivations; po- 
litical beliefs, intrigue, and job dissatisfaction or alienation also 
appear to have been reasons for engaging in espionage. Most Amer- 
icans arrested for espionage in recent years actually volunteered 
their services to the other side. 

Soviet intelligence efforts include active programs outside the 
United States against U.S. Government personnel and business- 
men. Even those recruited agents who live in the United States are 
frequently met in third countries to avoid U.S. domestic counterin- 
telligence. Vienna, Austria, was used as the meeting place for John 
Walker, Ronald Pelton and Edward Howard. 

KGB residencies abroad target principally American embassy 
employees with access to classified information. Other targets in- 
clude American journalists, businessmen, and scientists who can 
furnish sensitive technological information, as well as students 
with job prospects in sensitive positions for long-range develop- 
ment. 

The widespread use of foreign nationals in U.S. embassies and 
consulates compounds the problems faced by U.S. intelligence in 
most hostile countries. Over 9,800 foreign nationals are so em- 
ployed for a number of reasons, including cost considerations. De- 
spite their value in dealing with local government organizations be- 
cause of their language fluency and understanding of local customs 
and regulations, their threat to the security of U.S. operations 
must be recognized. . : f 

The employment of foreign nationals in U.S. establishments in 
the Soviet Union and other Eastern European countries, as well as 
in numerous other countries where the Soviet bloc has influence, 
affords hostile security services the opportunity to conduct a varie- 
ty of observations of U.S. personnel and technical penetrations of 
U.S. facilities. The foreign nationals’ personal observations are 
used by the KGB to assess possible recruitment targets among the 
American personnel (e.g., those with financial, family, alcohol, or 
drug problems), as well as to identify U.S. intelligence personnel. 
The U.S. Embassy in Moscow faces particular problems in this 
regard. Soviet nationals operate the carpool, including making me- 
chanical repairs and, until recently, operated the telephones, 
cleaned the offices, and performed all the maintenance tasks in the 
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embassy compound. Approximately 200 Soviets are employed at the 
embassy, contrasted to fewer than a dozen Americans in the Soviet 
establishments in Washington. The Soviets strictly limit the use of 
local hires in their own embassies—apparently concerned that if 
they can succeed, so could U.S. intelligence. . 

U.S. military installations and personnel abroad continue to at- 
tract major Soviet intelligence interest, both to gain potential 
access to military plans and to acquire sensitive technical data. It 
is probable that third-country nationals are used to target U.S. 
bases, just as they are at embassies. There are over 120,000 third- 
country nationals employed at such installations; and 930 of these 
have accesses, of which 371 are at the Secret level, to see certain 
classified material. 


4. Soviet Metl.ods of Recruitment 


. A study by the Defense Security Institute outlines some of the 
most common Soviet methods of recruiting and handling agents. 
The agents who steal most of the U.S. classified information lost 
through human espionage are not foreign nationals, legal or illegal, 
but Americans already employed in sensitive positions who are re- 
cruited, or who volunteer, to provide information to hostile intelli- 
gence services. l 

Social occasions and situations are a favorite hunting ground for 
Soviet bloc intelligence officers, such as diplomats or U.N. employ- 
ees, on the look-out for potential recruits. So are restaurants, bars 
and clubs in the vicinity of defense contractor facilities. The intelli- 
gence officer looks for a combination of access to desired informa- 
tion and some motivating factor or factors that might be exploited 
for drawing a person into espionage. Ideological affinity is not fre- 
quently encountered, although it is a desired inducement. Black- 
mail is a last resort. The most common motivation is financial 
gain, often combined with conscious or unconscious anger at the 
employer. 

In typical fashion, an intelligence officer proceeds with his culti- 
vation of a prospect by stages, attempting to establish a pattern of 
payment for seemingly harmless services. The aim is to avoid scar- 
ing off the prospect with premature demands for classified informa- 
tion. After classified material is passed, the officer may shift the 
mode of communication from personal meetings to more secure 
methods such as “dead drops”—that is, the placement of a package 
In an inconspicuous agreed location where it can be picked up by ` 
the recipient at a later time. 

Recruitment of this sort is a process of salesmanship, almost of 
seduction. Soviet intelligence officers vary in their skill, but some 
possess the finesse to do an effective job of cultivation without 
rushing the potential agent. Most, of our information concerns the 
least successfu' recruitment attempts, such as those reported by 
persons who become FBl-controlled double agents. KGB training 
documents, however, describe instances of successful recruitment 
involving bribery of employees with sensitive access. 

In one case cited in KGB training materials, an intelligence offi- 
cer spotted a possible recruit while serving as interpreter for a 
Soviet scientist visiting the laboratory of a private U.S. company. 
The KGB account states that the scientist was aware of his inter- 
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preter's intelligence function and actively assisted him in that role. 
The intelligence officer's attention was drawn during the visit to a 
young lab assistant who seemed poorly dressed. When the Soviet 
scientist offered to provide copies of a number of his writings to the 
head of the laboratory, it was revealed that this assistant was 
studying Russian and could assist in translating the material. 

On this basis the Soviet intelligence officer was able to cement 
an acquaintance with the young worker during the deliberately 
prolonged process of delivering the documents to the laboratory. As 
suspected, the lab assistant was having financial difficulties. He 
was married and attending graduate school and his job was a low- 
paying one. The KGB officer developed a friendship with him over 
the course of three months and then began requests for unclassi- 
fied information in return for payment. Ultimately he persuaded 
the lab employee to join him in the formation of a consulting firm 
for the sale of scientific data, which the lab assistant would obtain 
and the KGB officer would market. In furtherance of this business 
venture, the lab assistant was persuaded to provide secret as well 
as unclassified information. 

This recruitment approach reflects both subtlety and ingenuity. 
The prospective agent was never confronted with a stark proposal 
to spy for the KGB, but was gradually drawn into such activity 
through apparent friendship and an ostensibly legitimate business 
arrangement. Similar techniques apparently were used by Genna- 
diy Zakharov, the Soviet physicist employed at the United Nations 
who was arrested on August 23, 1986, for buying classified docu- 
ments from an FBlI-controlled double agent whom he had attempt- 
ed to recruit. See Appendix E for the indictment and an FBI affida- 
vit filed in this case. The recruitment of William Bell, which also 
used a consulting ploy, is described in Appendix C. The finesse with 
which a good intelligente officer can draw a person into espionage 
is a strong argument for informing the FBI when one is ap- 
proached by foreign officials, as this Report recommends later. 
Advice from counterintelligence experts can help to prevent trage- 

es. 

Recruitment is more commonly accomplished on the basis of 
positive inducement than by coercive approaches such as black- 
mail, which are the last resort for the hostile intelligence service. 
Blackmail produces the least satisfactory, because least willing, 
sort of agent. But such methods are nonetheless used with some 
frequency when preferable methods fail or are unavailable. This is 
particularly true outside the United States, and especially in Com- 
munist countries where hostile intelligence services control the 
total environment. Entrapment through contrived circumstances 
can easily be arranged. Sexual entanglements, currency exchange 
violations and black market involvement are favorite recruitment 
ploys. U.S. diplomatic personnel, among others, have been targets 
of hostile intelligence services using these techniques. 

Visitors with intelligence value are routinely approached by pro- 
vocateurs with proposals of this kind, and ensuing arrests or 
threats of arrest or exposure serve as leverage for enlistment in es- 
pionage. For example, employees of U.S. firms with defense con- 
tracts who visit the Soviet Union or Eastern Europe will be given 
special attention and assessment for possible intelligence exploita- 
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tion. Visa applications reveal where an American works, and falsi- 
fication of such information is itself an offense that can be used 
against an American visitor. Whether active recruitment is at- 

. tempted depends upon whether the American provides indications 
of susceptibility to inducement or coercion. While travel to Eastern 
Europe is not, for the most part, discouraged, those who go can 
reduce their vulnerability by not doing or saying anything that 
could be recorded or photographed for future reference in the ar- 
chives of the KGB. 

In the final analysis, however, the most dangerous agents of all, 
who account for the greatest losses of the most highly classified in- 
formation, are not those who are laboriously recruited, but those 
who walk in the door of a Soviet embassy somewhere and volun- 
teer information for sale. For the “walk-in” as for the recruited 
agent, the motivating factors are usually greed or indebtedness 
plus an additional element of grievance or disgruntlement. The in- 
dividual usually is dissatisfied with his or her job or harbors some 
grudge against his organization or both. ; 

Some characteristic signs that may betray an agent at work, if 
security people and co-workers are sufficiently alert, include: 

Attempts to obtain information when there is no need to 
know and excessive curiosity about what others are doing; 
Unauthorized removal of classified material from work areas 
or introduction of cameras or recorders into work areas; 
Repeated overtime or unusual work hours not required by 
the job; and 
Unexplained affluence. . 
Indicators of espionage are, unfortunately, generally much more 
noticeable in retrospect than during the course of the crime. In 
many cases, it is difficult to distinguish the spy from an en rid 
ally hard worker. But suspicious activities such as those listed, 
combined with job dissatisfaction or other disgruntlement, would 
certainly provide grounds for heightened attention to an individ- 
ual's actions. It was sensitivity to such behavior, after receiving a 
security awareness briefing in the wake of the Walker-Whitworth 
arrests, that led Jonathan Pollard's co-workers to alert the FBI, re- 
sulting in his arrest and conviction for espionage. This Report later 
recommends both improved security awareness programs and, in 
some areas, personnel reliability programs that incorporate peer- 
group cooperation. 


4. Technology Transfer 


The Soviet drive to achieve technological equality with the 
United States and other Western countries has led the USSR to 
commit enormous resources to the acquisition of open-source infor- 
mation, unclassified but proprietary information, and high-technol- 
ogy equipment that the West has agreed not to export to the Soviet 
bloc. Soviet intelligence services actively engage in these efforts in 
addition to their pursuit of U.S. secrets. As a result, the Western 
lead in many key technological areas has been reduced, with seri- 
ous economic and military consequences for the United States. 

Moscow has devised two programs to obtain Western technology. 
The first, under the Military Industrial Commission (VPK) of the 
Presidium of the Council of Ministers, seeks to obtain military and 
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dual-use hardware, blueprints, product samples and test equipment 
to improve the technical levels and performance of Soviet weapons 
and defense manufacturing equipment. By adapting design con- 
cepts from the acquired hardware and documents, the Soviets 
reduce their own research and development costs. In the early 
1980s, more than 3,500 requirements were levied by the VPK each 
year, with about one-third being satisfied. Some 60 percent of the 
most significant acquisitions were of U.S. origin, although not nec- 
essarily collected in the United States. Nearly half of the up to 
10,000 pieces of military hardware and 20 percent of the 100,000 
engineering and research documents the USSR acquires annually 
worldwide are used by the Soviets to incorporate Western technolo- 
gy into their military research projects. Most of the documents, 
about 90 percent of which are unclassified, contain patented or 
copyrighted proprietary information and are illicitly obtained. 

The GRU is believed to have satisfied considerably more VPK re- 
quirements than the KGB. This success is attributed partly to the 
GRU's greater scientific orientation and its wider variety of tech- 
nology-related cover positions. The approximately 1,500 GRU offi- 
cers serving outside the USSR have scientific and technological col- 
lection as an integral part of their responsibilities. The KGB S&T 
unit, Line X, has nearly 300 officers on foreign assignment operat- 
ing under cover of Soviet embassies, trade and commercial organi- 
zations, as members of exchange groups, and as employees of inter- 
national organizations (the United Nations Secretariat, for in- 
stance, as in the case of Gennadiy Zakharov). 

The second program, managed by the Ministry of Foreign Trade 
and the KGB/GRU, seeks, through trade diversions, to acquire rel- 
atively large amounts of dual-use manufacturing and test equip- 
ment for direct use on production lines. This program attempts to 
obtain export-controlled microelectronic, computer, telecommunica- 
tion, machine-tool, robotic, diagnostic and other sophisticated 
equipment. This program also utilizes both legal and illegal means. 

Major Soviet collection efforts are targeted at microelectronics 
fabrication equipment and computers; nearly one-half of detected 
trade diversions fall into these categories. The acquisition of much 
of the information concerning these high-technology areas is not 
particularly difficult. Information is often available to the public 
(and, therefore, accessible to the Soviets and their surrogates) from 
U.S. Government agencies. 

The Soviets and their allied intelligence services have for many 
years been regular attendees of scientific, technical and industrial 
conferences in the United States and abroad. The Soviets consid- 
ered some of the information obtained from these conferences to be 
among the most significant contributions to their military projects. 
The VPK identifies those having the most potential; in recent 
years, these have included conferences assembled by several well- 
known professional engineering societies. _ . 

In addition, the Soviet Ministry of Foreign Trade and academic- 
related collectors contribute to Soviet exploitation of open-source 
Western information. The Ministry of Foreign Trade has hundreds 
of trade organizations and companies around the world. KGB and 
GRU officers operating under cover of these establishments collect 
large quantities of data openly, in addition to that derived from 
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'their covert operations. The Ministry, as an independent collector, 
helped meet about 15 percent of all fully satisfied VPK require- 
ments during the late 1970s and early 1980s. It specializes in ac- 
quiring microelectronics, manufacturing equipment and communi- 
cations dual-use products. 

Equipment is obtained through the use of dummy firms, false 
end-user certificates and falsifications of export licenses by the So- 
viets and professional trade diverters whom they hire. Many ad- 
vances in Soviet microelectronics have been made possible by the 
illegal acquisition of equipment from the West. The result, accord- 
ing to U.S. Government estimates, has been a marked reduction in. 
the Western technological lead from about 10-12 years a decade 
ago to about half that today. 

Richard Mueller, a West German citizen, has been involved in il- 
legal technology acquisitions for the Soviets for more than a 
decade. Using dummy and front firms, he has diverted advanced 
computers and microelectronics equipment of significant value to. 
the Soviets. Mueller was the moving force in the 1983 attempted 
diversion to the USSR of several Digital Equipment Corporation 
VAX super mini-computers that would have assisted the Soviets in 
computer-aided design applications for microelectronics fabrication. 


6. Active Measures and Disinformation 


"Active measures" and “disinformation” are terms for Soviet 
covert action operations designed to implement Soviet policy goals 
by attacking U.S. policy and by promoting a positive image of the 
Soviet Union. They are significant weapons in the Soviet strategy 
to discredit and deceive the United States and its allies. The Sovi- 
ets' principal techniques include the use of front groups, agents of 
influence, media manipulation and forgeries. The nature and.scope 
of Soviet "active measures" was spelled out in detail in published 
hearings before the House Permanent Select Committee on Intelli- 
gence in 1982 and before the Senate Foreign Relations Subcommit- 
tee on European Affairs in 1985.* Deputy Director of Central Intel- 
ligence John McMahon testified that the Soviets have a $3-4 bil- 
lion program to influence public opinion in countries throughout 
the world. It combines all forms of overt propaganda and covert po- 
litical action, including systematic disinformation efforts. 

"Disinformation" is a convenient label to describe a variety of 
techniques. The classic example is forged documents used to dis- 
credit the United States or to supply proof of Soviet propaganda 
claims. Another method is to recruit and pay agents in foreign 
news media to slant their reporting and plant false stories. The So- 
viets also secretly fund and control front organizations and individ- 
ual agents to promote pro-Soviet or anti-U.S. positions. The Soviets 
themselves use the term "active measures" to describe their covert 
disinformation and political influence operations. 


* Soviet Active Measures, Heari before the Permanent Select Committee on Intelligence, 
House of Representatives, July 13-14, 1982, U.S. Government Printing Office (Washington: 
‘ Soviet Active Measures, Hearing before the Subcommittee on Euro: Affairs, Committee on 
Foreign Relations, United States Senate, September 12-13, 1985, U.S. Government Printing 
Office (Washington: 1985). 
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It is also fair to say that most overt Soviet propaganda is also a 
form of disinformation because of its systematic distortion of reali- 
ty to advance Soviet interests. Whenever a prominent Soviet citi- 
zen addresses a foreign audience, his or her remarks are likely to 
reflect a calculated effort to influence the audience. The same is 
true of Soviet print and electronic media. 

Every country tries to sell its viewpoint. What distinguishes the 
Soviet effort are the immense resources and systematic controls 
that are employed. Two organizations develop and implement the 
Soviet "active measures" strategy: (1) the International Depart- 
ment of the Communist Party of the Soviet Union, which coordi- 
nates foreign policy and propaganda objectives and now includes 
most of the work of the Party's former International Information 
Department; and (2) Service A of the KGB’s First Chief Director- 
ate, which conducts covert political influence and forgery oper- 
ations. The CIA has estimated that if the United States were to un- 
dertake a campaign the size of the Soviet "neutron bomb cam- 
paign" of the 1970s, it would cost over $100 million. 

Currently, there is evidence of a major Soviet active measures 
campaign against U.S. development of the Strategic Defense Initia- 
tive (SDD. The Soviets are making every effort to convince a world 
audience that SDI will destabilize an already precarious superpow- 
er armaments balance. In addition, Soviet active measures directed 
at U.S. allies, such as in West Germany and Japan, are designed to 
sow distrust of American policies and to intensify financial and 
commercial rivalries with the United States by holding out the 
promise of favorable terms to the business communities in both 
countries. Such techniques are more subtle than blatant forgeries, 
which may be less effective in furthering Soviet objectives in so- 
phisticated Western countries. 

Soviet active measures efforts are focused primarily on Third 
World countries. The Soviets appear to employ massive active 
measures currently in South Asia, in an effort to depict the United 
States as interfering in the affairs of India, Pakistan and Bangla- 
desh. The media in all three countries have consistently carried 
Stories to this effect. One long-running disinformation ploy con- 
cerns alleged attempts by CIA to aid separatist movements in 
India, thereby splitting the country, supposedly to America's eco- 
nomic advantage. Another frequent theme is accusations of CIA bi- 
ological warefare efforts in the region. Discrediting U.S. intelli- 
gence agencies, particularly the CIA, has long been an important 
objective of Soviet active measures. . 

In some cases Soviet active measures directly involve domestic 
U.S. matters. During July, 1984, for example, the Soviets began a 
widespread disinformation campaign to discredit the Los Angeles 
Olympic Games and booster worldwide support for their boycott of 
them. This campaign featured three forged documents purportedly 
from racist groups, threatening Third World athletes with bodily 
harm if they participated in the Olympic Games. Shortly after 
their discovery, then-Attorney General William French Smith an- 
nounced that the letters were KGB forgeries and part of a major 
Soviet disinformation effort. It has been determined that these doc- 
uments fit the pattern of other Soviet forgery operations and were 
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part of the overall Soviet active measures campaign to discredit the 
Reagan administration and its handling of U.S.-USSR relations. 

A very recent forgery sought to implicate the Chairman of this 
Committee. In August, 1986, U.S. news media received copies of a 
forged letter purportedly from an official of the United States In- 
formation Agency to Senator Dave Durenberger, purporting to dis- 
cuss a proposed plan to exploit the Chernobyl nuclear power plant 
disaster for propaganda purposes. Analysis of the forged letter re- 

- vealed that the letterhead and signature had been taken from a 
copy of an entirely different letter from the USIA official to the 
President of the Inter-American Defense Board. Ironically, the 
USIA official's letter had alerted the President of the Inter-Ameri- 
can Defense Board to an earlier forged letter, in Spanish, purport- 
edly from the Board President to Chilean President Pinochet. The 
circumstances of the earlier forgery indicated Cuban-Nicaraguan 
involvment. (See Appendix F for copies of the forged letters and 
the true letter.) 

According to the CIA's 1982 assessment, it is sometimes hard to 
judge the success of Soviet active measures because they “tend to 
capitalize on and manipulate existing sentiments that are parallel 
to or promote Soviet foreign policy objectives. Whenever a political 
movement supports policies that coincide with the goals or objec- 
tives of Soviet foreign policy, the exact contribution of Soviet active 
measures to that movement is difficult to determine objectively." 
The CIA cites evidence that the Soviets themselves believe that 
their efforts are worthwhile. They appear to consider the “neutron 
bomb campaign" in Europe to be one of the most successful. On the 
other hand, the more recent campaign against Pershing and cruise 
missile deployment in Europe had much less impact. The FBI has 
described Soviet operations in the United States, moreover, as 
"often transparent and sometimes clumsily implemented." The FBI 
also states, "The American media is sophisticated, and generally 
recognizes Soviet influence attempts." 

As noted later in this Report, the U.S. Government has stepped 
up efforts to expose Soviet disinformation and covert manipulation . 
worldwide. The State Department now regularly publicizes the 
facts about Soviet forgeries and Soviet control of political organiza- 
tions such as the World Peace Council, the Christian Peace Confer- 
ence, and the 12th World Youth Festival. 

The most sensitive aspect of the disinformation threat is Soviet 
deception of U.S. intelligence as part of an attempt to confuse or to 
manipulate the perceptions of U.S. policymakers. The Soviet mili- 
tary doctrine of maskirovka and the KGB concept of dezinformat- 
siya both emphasize the need for measures to mislead opposition 
intelligence services and to create false perceptions that will influ- 
ence Western policy and undermine strategic capabilities. 

_ The U.S. intelligence community recognizes the danger of dece 
tion and has a community-wide program to assess systematically 
the possibilities of successful Soviet efforts. The deception threat 
has been a focus of the Committee's oversight in recent years, and 
the Committee continues to support intelligence community efforts 
to maintain vigilance in this area. 

One major means of countering any Soviet deception efforts is to 
leave our adversaries uncertain regarding the full extent of U.S. in- 
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telligence collection capabilities. Steps to maintain the security of 

.S. human and technical intelligence capabilities make it much 
more difficult for the Soviets to engage confidently or successfully 
in deception efforts. 


D. TECHNICAL COLLECTION OPERATIONS 


Hostile intelligence services use the full range of intelligence- 
gathering technologies to collect sensitive information from the 
United States and our allies. Public discussion of technical collec- 
tion methods is more difficult than the explanation of human intel- 
ligence techniques, because we do not want to tell the Soviets just 
how much we know about their operations. Countermeasures 
against technical threats work best when the hostile service does 
not recognize U.S. defenses and continues to conduct operations 
that can be substantially neutralized. At the same time, however, 
wider knowledge of the technical collection threat is essential to 
develop better security awareness and to explain the need for 
major resource investments. Technical threats include the intercep- 
tion of communications, other forms of electronic surveillance, col- 
lection of emanations from equipment, penetration of computer 
systems, and photoreconnaissance. 


1. Interception of Communications 


The interception of electronic communications and deciphering 
of machine-generated codes played a vital role in Allied intelli- 
gence during World War II—although the methods of collection 
were so sensitive that many aspects of these operations remained 
secret for thirty years after the war. An Anglo-American team of 
top mathematicians and cryptologists provided Allied commanders 
with vital realtime intelligence on German and Japanese inten- 
tions and plans. The interception of electronic communications and 
the computer-assisted assault on crytographic systems remains a 
central part of present-day signals intelligence. 

The Soviet electronic monitoring effort represents a significant 
worldwide threat to U.S. military and civil telecommunications. 
This threat derives from large collection facilities that are operated 
in the Soviet Union, as well as in other countries around the world, 
such as Cuba. The Soviets also maintain a fleet of intelligence col- 
lection vessels that operate worldwide— including off both coasts of 
the United States. The latest of these vessels has been built from 
the keel up specifically for this role, unlike earlier ships that were 
reconfigured trawlers or other types of vessels. The Soviets also use 
merchant ships and possibly commercial aircraft to perform collec- 
tion operations against targets of opportunity. _ . 

A serious threat is posed by the Soviet intelligence collection fa- 
cility located at Lourdes near Havana, Cuba. Established in the 
mid 1960s, the site has steadily grown to its present size of about 
2,000 technicians and is the most sophisticated collection facility 
outside the Soviet Union. i , 

Evidence of the seriousness of the threat to electronic communi- 
cations was emphasized by the issuance in 1984 of National Securi- 
ty Decision Directive No. 145, which concluded that “the compro- 
mise of U.S. information, especially to hostile intelligence services, 
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does serious damage to the United States and its national security 
interests." . 

The technology to exploit U.S. electronic communications is 
widespread, and many foreign countries use it extensively. Current- 
ly, more than half of all telephone calls in the United'States made 
over any distance are vulnerable to interception. Calls that the 
caller believes to be on less vulnerable circuits may be automatica- 
ly switched to more vulnerable ones. The Soviet diplomatic facili- 
ties at their Riverdale complex in New York City, at their consul- 
ate in San Francisco and at their new Mt. Alto embassy in Wash- 
ington all occupy high ground, thus providing superior opportuni- 
ties for communications intercept. The “Silicon Valley" concentra- 
tion of high technology centers and the government's sensitive fa- 
cilities in Washington and New York are at risk of intercept be- 
cause of these Soviet sites. 

‘It is especially important for civilian agencies and the private 
sector to understand the nature of the risk from Soviet intercep- 
tion of their communications. The Defense Department and the 
CIA have elaborate programs to inculcate communications security 
awareness and to protect classified communications links. The mas- 
sive Soviet surveillance efforts from Cuba and elsewhere demon- 
strate, however, that the Soviet intelligence payoff from intercep- 
tion of unsecured communications is immense. One reason is that 
too many government officials and contractor employees discuss 
classified matters on unsecure lines because of the difficulty and 
expense of using currently available secure communications equip- 
ment. Another significant problem is the Soviet ability to exploit 
HO HMM pieces ot information toai po Eon pue ii 
isolation, but in the aggregate provide highly damaging insig 
into U.S. capabilities. The Committee's classified Report contains 
several examples of how both industrial and national security can 
be harmed by such intercepts. 

Public awareness of the hostile intelligence threat to domestic . 
communications is essential, because there are real limits to what 
the U.S. Government can do to provide secure communications for 
the private sector. Although this Report later discusses some gov- 
ernment initiatives, the protection must depend on the willingness 
of private organizations to invest in secure communications, not 
only for their immediate self-interest, but for the larger interests of 
the nation as a whole. - 


2. Other Forms of Electronic Surveillance 


The Soviets have a long history of electronic attacks on the U.S. 
Embassy in Moscow, dating back to the 1950s when a replica of the 
Great Seal of the United States in the embassy was found to con- 
tain an audio device. In the late 1970s, a Soviet antenna was found 
in the chimney of the chancery. Additionally, Soviet and other hos- 
tile intelligence services try to gain access to office or communica- 
tions equipment in order to "read our mail." 

, The vulnerability of the U.S. Embassy in Moscow was drama- 
tized vividly by the recent discovery of the technical compromise of 
embassy typewriters. The typewriters were shipped to the Soviet 
Union by unaccompanied commercial means, thus affording the So- 
viets access to them. The compromised typewriters were used in 
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the embassy for a significant period. What made this incident espe- 
cially astonishing was that it occurred despite a similar discovery 
in 1978, when security officers found that a shipment of IBM Selec- 
tric typewriters destined for the U.S. Embassy had been shipped 
from Antwerp to Moscow by a Soviet trucking line. The potentially 
compromised equipment identified in 1978 was returned to the 
United States before being placed in service. Unfortunately, the So- 
viets again gained access to several similar IBM machines that 
were not recognized for a substantial time as being compromised. 

As noted earlier, foreign nationals with access to U.S. embassies 
and other establishments abroad provide a means for hostile intel- 
ligence services to make other electronic penetrations. Offices, resi- 
dences and cars are all vulnerable to the planting of audio or video 
devices by foreign nationals with access, legitimate or otherwise, to 
the U.S. target. 

Although all high technical threat U.S. diplomatic posts have 
eliminated the authorized access of foreign nationals to the vicinity 
of classified work areas, there remains a serious problem of 
common walls with uncontrolled adjacent areas from which techni- 
cal attacks and even physical entries can be mounted. Offices and 
residences are also vulnerable to planted devices when access by 
foreign nationals is not properly monitored and technical counter- 
measures are not routinely employed. 

In 1985, the Secretary of State's Advisory Panel on Overseas Se- 
curity, chaired by Admiral Bobby R. Inman, provided to the Intelli- 
gence Committees of the House and Senate a classified annex to its 
report, covering, electronic and physical penetration of U.S. diplo- 
matic facilities. The Inman Panel described the Soviet technical 
surveillance effort as “a technologically advanced and sophisticated 
program obviously supported by tremendous resources." The report 
went on to describe scores of discoveries of Soviet and Soviet-bloc 
technical exploitation of U.S. diplomatic premises. Noncommunist 
host nationals have also been detected mounting technical penetra- 
tions of U.S. missions. 

The threat to office and communication equipment from the ex- 
ploitation of unintended emissions is greater at U.S. facilities 
abroad than in the domestic environment, where the risks and 
costs of detection are considerably higher. Consequently, as noted 
by the Stilwell Commission on DoD Security Policies and Practices, 
the previously rigid requirements for expensive equipment shield- 
ing have been modified to prescribe shielding only when inspection 
verifies that a threat exists. There is, however, no question that 
such a potential threat does exist at especially sensitive locations 
in this country. 


3. Penetration of Computer Systems 


The hostile intelligence threat to U.S. computer systems is mag- 
nified by the enormous growth in the number and power of com- 
puters and the vast amount of data contained in them. The Gener- 
al Services Administration has estimated that the number of U.S. 
Government computers has increased from 22,000 in 1983 to over 
100,000 in 1985. The increase in the number of computers in use in 
industry, business and other private sectors has been equally stag- 
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gering. Computers multiply enormously the information to which a 
single individual may obtain access. 

There is a real possibility that the Soviets may exploit these vul- 
nerabilities. Computers and computer software are high-priority 
items of both the VPK's and the Ministry of Foreign Trade's tech- 
nology acquisition programs by legal or illegal means. The Soviet 
and other Warsaw Pact intelligence services have also obtained in- 
formation concerning the methods used in the West to provide 
computer security, and constantly seek more knowledge. Over the 
past decade, the Soviets have acquired over 300 different types of 
U.S. and other Western computer hardware and software, which 
has enabled them to develop the technical ability to penetrate at 
least some U.S. automated systems. The Soviets are making a con- 
certed effort to access state-of-the-art computers, including super- 
computers. 

The first Annual Report of the National Telecommunications 
and Information Systems Security Committee, completed in Sep- 
tember, 1985, emphasized the challenge of computer security in 
both government and the private sector: 


Future technologies, particularly the growth of desktop 
computers, the increased local storage of data and the 
widespread networking, will exacerbate existing security 
vulnerabilities as well as create new ones. As this technol- 
ogy has grown, the resources and awareness needed to 
allow security technology to grow with it have not kept 
pace. The use of traditional COMSEC, physical security, 
personnel security, and administrative security protection 
techniques does not sufficiently protect the type of infor- 
mation-sharing that is becoming increasingly common in 
new automated information systems, especially distributed 
processing and networked systems. 

storage costs decrease, the amount of data stored at 
the mainframes increases, creating more appealing tar- 
gets. As the uses of networks and remote access expand, 
more and more users will have potential access to a broad- 
er range of information. As end-users of computers contin- 
ue to increase their technical competence and computer 
literacy, the technical and management automated Sys- 
tems security task of protecting data and controlling users 
has fallen even further behind. 


The NTISSC Annual Report admitted that “the full extent of the 
threat to and vulnerabilitis of automated information systems is 
unknown." Specific cases of unauthorized access to government 
computer systems have been detected and reported widely, includ- 
ing cases of access to and manipulation of Defense Department 
data in order to divert military equipment and weapons. There is 
nc reason to believe that hostile intelligence services or their 
agents will ignore similar opportunities. 


4. Imagery 


The final category of technical intelligence collection is photo- 
graphic or imagery intelligence—collection by means of overhead 
vehicles against adversary installations. The history of this disci- 
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pline dates to the use of observation balloons as platforms for pho- 
tography during the Civil War and then use of aircraft for the 
same purpose during the two World Wars. The use of U-2 aircraft 
for imagery collection was extensively publicized in the 1960s. 
Today U.S. and Soviet imagery intelligence is collected primarily 
by satellite. The use of photographic satellites by both sides has 
gained wide recognition in the context of verification of compliance 
with arms control limitations. 

Intelligence collection against the United States and U.S. inter- 
ests worldwide using photographic means, or imagery, is carried 
out principally by the Soviet Union (with some assistance from its 
Warsaw Pact allies and Cuba). The Soviet imagery effort is mainly 
conducted from spaceborne and airborne platforms. The continued 
proliferation of Soviet satellites has given the USSR the concomi- 
tant capability for increased photoreconnaissance of its most obvi- 
ous targets—U.S. and NATO strategic and tactical military forces, 
and crisis situations any place in the world. In addition to these 
uses of photoreconnaissance, the Soviets employ it to conduct earth ° 
resource surveys for economic and agricultural data. 

Soviet spaceborne satellite reconnaissance capabilities are sup- 
ported by the capability of military and civilian aircraft to collect 
photographic intelligence. The potential value of airborne recon- 
naissance conducted by the Soviet airline Aeroflot, which, in April, 
1986, resumed operations to the United States, and by other 
Warsaw Pact national airlines' flights remains of concern. These 
Communist country overflights in the United States are under the 
jurisdiction of an FAA committee. 

The Soviets continue to pursue intelligence-related manned space 
programs. In February, 1986, they launched a new type of modular 
space station, the MIR, replacing the older SALYUT-type modules. 
The MIR, as did the SALYUT, gives the Soviets the capability to 
perform a number of functions in space, including the use of cos- 
monauts to augment their other reconnaissance and surveillance 
efforts. The apparent military usefulness of their manned space 
program has been indicated in the Soviet announcement that 
"earth surface surveys" have been conducted; however, no photo- 
graphs were ever published. ; . 

The seriousness of the imagery collection threat posed by Soviet 
and Bloc overflights in the NATO area can be illustrated by two 
examples. In March 1985, Norway banned or restricted Soviet and 
Bloc passenger airplanes from several airports on the basis that 
they were conducting electronic surveillance. Bulgarian aircraft 
were specifically mentioned as having departed from scheduled 
routes to overfly sensitive areas. In West Germany, some 1,500 
Soviet Bloc overflights occurred in a three-month period in 1985, of- 
fering a tremendous opportunity for both electronic and photo- 
graphic reconnaissance. 
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= E. SUMMARY 


Until the espionage arrests and disclosures of technical security 
compromises in 1985, the American people and most Government 
officials did not fully appreciate the magnitude and intensity of the 
hostile intelligence threat, despite previous espionage prosecutions 
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and knowledge of the vulnerability of U.S. communications to 
Soviet intercept operations. The barrage of revelations in 1985-86 
has changed these perceptions, so that today there is a better rec- 
ognition in Government and in the private sector of the continuing 
efforts by hostile intelligence services to collect sensitive informa- 
tion by human and technical means. There is also a greater aware- 
ness of Soviet efforts to influence the political process through 
*active measures" directed at countries throughout the world. 

The Committee intends that this description and analysis of the 
hostile intelligence threat serve as a benchmark against which to 
measure further evolution of the threat in the years ahead and the 
effectiveness of counterintelligence and security programs. It is 
also important that the American people—especially responsible of- 
ficials of private organizations in business and industry, science 
and technology, and international affairs—remain aware of the 
changing threat from foreign intelligence services. Such awareness 
does not mean exaggerating the dangers or engendering an atmos- 
phere of suspicion. Rather, it is part of a mature understanding of 
the reality of U.S. relations with other countries in the world of 
competing national interests. The political and military rivalry be- 
tween the Soviet bloc and the West is a fact of life that requires 
constant attention to ongoing and emerging Soviet bloc intelligence 
operations. 

The hostile intelligence threat is, of course, only half the equa- 
tion. On the other side are U.S. activities to counter this threat: 
counterintelligence, to uncover and to neutralize hostile intelli- 
gence activities; and security, to protect against both known and 
undiscovered hostile efforts by setting obstacles in the path of 
anyone seeking unauthorized access to sensitive information, activi- 
ties, equipment or facilities. The rest of this Report examines the 
nature and effectiveness of those critical U.S. programs. 


IH. COUNTERINTELLIGENCE 


An effective response to the foreign intelligence threat requires a 
combination of counterintelligence and security measures. The 
Committee believes it is important to distinguish between counter- 
intelligence efforts and security programs, while ensuring that 
both are part of a national policy framework that takes account of 
all aspects of the threat. The best way to explain the difference is 
to say that counterintelligence measures deal directly with foreign 
intelligence service activities, while security programs are the indi- 
rect defensive actions that minimize vulnerabilities. The FBI, CIA, 
and the counterintelligence components of the Defense Department 
have primary responsibility for operations and analysis dealing di- 
rectly with foreign intelligence services. In addition, the Committee 
and the Executive branch have included within the national coun- 
terintelligence policy structure those diplomatic and regulatory 
policies that control the numbers and movements of particular 
countries' foreign intelligence service officers and co-opted agents 
in the United States and at U.S. facilities abroad. 
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_By statute and executive order, counterintelligence functions are 
divided among the FBI, CIA, and components of the Defense De- 
partment. The FBI has the lead within the United States, while 
the CIA is in charge abroad. The Defense Department, which deals 
with threats to classified defense information worldwide, divides its 
counterintelligence functions among the military services, DIA, 
and NSA. No single official is responsible for the full range of 
counterintelligence activities below the level of the President and 
his National Security Adviser. Given these circumstances, there is 
a constant risk of fragmentation and conflict among organizations 
with different methods and priorities. 

The Committee has found that communication and cooperation 
among U.S. counterintelligence agencies have improved greatly in 
recent years and are probably better today than at any time since 
World War II. Nevertheless, more needs to be done to ensure that 
agencies learn from each other's experiences and that progress 
achieved in one area can have benefits for others. The issue is not 
just communication and operational coordination to bridge jurisdic- 
tional boundaries. Better long-range planning is also needed to 
make optimal use of limited resources worldwide against well-orga- 
nized and sophisticated adversaries. 

Soviet bloc' and PRC intelligence operations do not respect geo- 
graphic boundaries. Thus, in many recent cases Americans who 
committed espionage in the United States met their foreign intelli- 
gence service contacts abroad. The targets and techniques needed 
for counterintelligence success transcend agency jurisdictions. For 
these and other reasons, the Chairman and Vice Chairman of the 
Committee stated in October, 1985, that the Executive branch 
should develop a national counterintelligence strategy that estab- 
lishes national objectives and integrates the planning and re- 
sources of each agency to achieve these objectives. The President's 
interim report to the Intelligence Committees indicated agreement 
with this proposal, and in fact the Executive branch is now prepar- 
ing such a document. 

The organizational structure is already in place, fortunately, to 
develop a national counterintelligence strategy. Under the Nation- 
al Security Council, there is a Senior Interdepartmental Group for 
Intelligence (SIG-I) chaired by the Director of Central Intelligence. 
Within that framework, an Interagency Group for Counterintelli- 
gence (IG-CD, chaired by the FBI Director, develops national policy 
recommendations and provides a forum for agreement on new ini- 
tiatives. A small secretariat for the IG-CI has expert personnel 
drawn from the FBI, CIA, and Defense Department. This staff eval- 

. uates the threat and recommends policy initiatives for counterin- 
telligence and countermeasures improvements. 

The IG-CI, assisted by its secretariat, is the proper place to de- 
velop a national counterintelligence strategy. This structure en- 
sures joint participation by the FBI, CIA and Defense Department; 
and other interested departments and agencies (such as the State 
and Justice Departments) are also represented on the IG-CI. Ulti- 
mate responsibility for resolution of policy issues rests with the Na- 
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tional Security Council, which has recently brought onto its staff 
an experienced FBI counterintelligence specialist. 

The President's interim report to the Intelligence Committees in- 
dicates that the IG-CI has, in fact, been tasked to frame strategic 
guidance of the sort proposed by this Committee. As noted earlier, 
member agencies are now engaged in the drafting process. 


Findings and Recommendations 


l. Findings.—The IG-CI has been chartered to frame national 
counterintelligence objectives and an associated strategy (or master 
plan) to further those objectives, and to submit the objectives and 
plan for consideration by the SIG-I and thence the NSC. The Com- 
mittee is pleased to learn that Executive branch agencies are ac- 
tively drafting this document. This is a positive response to propos- 
als presented by the Chairman and Vice Chairman in testimony 
before the Permanent Subcommittee on Investigations in October, 
1985. 

2. Recommendation.—The National Security Council should ap- 
prove a statement of major counterintelligence objectives and a 
strategy, i.e., a time-phased master plan, to attain those objectives. 
The House and Senate Intelligence Committees should receive this 
document. An effective oversight mechanism should be established 
to ensure that major programs and associated budgets, legislative 
proposals, and other key actions are validated against the master 
plan, constitute judicious and operationally efficient allocation of 
resources, and achieve all feasible synergism. There should also be 
a process for continuing review and evaluation. 

3. Recommendation.—The National Foreign Intelligence Program 
should Pore for, and Congress should authorize, augmentation of 
the staff that assists the IG-CI to ensure effective performance of 
its expanded responsibilities regarding the development and imple- 
mentation of the national counterintelligence strategy. 


B. HOSTILE PRESENCE LIMITS 


_An effective national counterintelligence strategy should include 
diplomatic and regulatory policies that control the numbers and 
movements of hostile intelligence service officers and co-opted. 
agents in the United States and at U.S. facilities abroad. Each 
year, in the formal classified justification for funds for its Foreign 
Counterintelligence Program, the FBI advises Congress that, even 
with increased resources, the FBI cannot cope with the hostile in- 
telligence threat unless measures are also taken to reduce the 
number of potential intelligence officers in this country. Where the 
numbers cannot be reduced, controls on their movements can assist 
the FBI in making better use of limited resources. 

The Foreign Missions Act of 1982, which created a new Office of 
Foreign Missions in the State Department, provided the authority 
to exercise greater control over the activities of foreign officials in 
this country. Although such control is normally exercised within 
the framework of diplomatic reciprocity, the Act also facilitates ac- 
tions to enhance U.S. security and counterintelligence interests. 
Limits on numbers of foreign representatives allowed into the 
United States are usually left to Executive branch discretion, but 
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the Leahy-Cohen amendment in 1985 established a policy of equiva- 
lence between the number of Soviet embassy and consular person- 
nel in the United States and the number of U.S. embassy and con- 
sular personnel in the Soviet Union. The 1985 Roth amendment 
provided for regulation of travel by U.N. Secretariat personnel 
from countries whose diplomats are subject to such regulations 
under the Foreign Missions Act. 

National Security Decision Directive (NSDD) 196, signed by the 
President on November 1, 1985, established national policy objec- 
tives for restricting and controlling the hostile intelligence pres- 
ence and travel in the United States. In addition to implementing 
the Leahy-Cohen and Roth amendments, the Administration has 
imposed Foreign Missions Act travel regulations on representatives 
of Warsaw Pact countries whose intelligence services act as Soviet 
surrogates, has begun reducing the number of Soviet representa- 
tives in the United States, and has supported extension of Foreign 
Missions Act controls to commercial and other entities used by hos- 
tile intelligence services in this country. Consistent with these 
Presidential objectives, Committee Members introduced legislation 
to establish a policy of equivalence for the size of the U.S. and 
Soviet Missions to the United Nations (Leahy-Cohen), to broaden 
the scope of the Foreign Missions Act to cover commercial and 
other entities controlled by foreign governments (Durenberger- 
Leahy), to require registration by commercial entities controlled by 
Warsaw Pact governments (Roth-Nunn), and to require imposition 
of Foreign Missions Act travel regulations on representatives of 
Warsaw Pact countries (Roth-Nunn). 

The 1985 Roth amendment has been implemented by imposing 
travel restrictions on U.N Secretariat representatives/employees 
from the Soviet Union, Afghanistan, Vietnam, Libya, Iran and 
Cuba. The State Department's Office of Foreign Missions Travel 
Bureau Service has been required for use by U.N. Secretariat per- 
sonnel from East Germany, Czechoslovakia, Bulgaria, and Poland. 
Most recently, it was publicly announced that effective October 1, 
1986, the Soviet Missions to the United Nations will be required 
gradually to decrease their size from 275 to 170, to be accomplished 
by April, 1988. 

In 1986, the Committee received three reports on Executive 
branch efforts to control the hostile intelligence presence. The first 
was a report on the respective numbers and treatment of officials 
from countries that conduct intelligence activities in the United 
States contrary to U.S. interests and the numbers and treatment of 
U.S. officials in those countries. Under the Leahy-Huddleston 
amendment of 1984, this requirement covers the Soviet bloc, Cuba, 
China, and any other nation designated on the basis of the threat 
posed by its intelligence or terrorist activities. The second was a 
report from the Secretary of State and the Attorney General on 
plans for implementation of the policy of substantial equivalence 
between U.S. and Soviet embassy and consular personnel pursuant 
to the Leahy-Cohen amendment of 1985. The third was the annual 
report of the State Department's Office of Foreign Missions, which 
regulates many aspects of the treatment of foreign government es- 
tablishments and officials in the United States. 
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These reports reflect uneven progress in limiting the hostile in- 
telligence presence in the United States. While the planned reduc- 
tion in the size of the Soviet U.N. mission is an important step for- 
ward, the intent of the Committee in recommending the Leahy- 
Cohen amendment was also to reduce the number of Soviet embas- 
sy and consular personnel in the United States. The plan for imple- 
mentation of diplomatic equivalence does not achieve that objec- 
tive. Instead, there is a potential for actually increasing the 
number of Soviet embassy and consular personnel in the United 
States if the State Department carries out its plan for a Soviet con- 
sulate in New York and permitting a U.S. consulate in Kiev. Ac- 
cording to the plan received by the Committee, the number of 
Soviet diplomatic and consular officials will increase from 320 to as 
many as 350, depending on the number of Americans sent to Kiev. 
Current plans call for thirty U.S. officials in Kiev. Apart from the 
merits of the need for so large an establishment in Kiev, the Com- 
mittee believes that at a minimum the Soviets should be required 
to staff their New York consulate within the 320 ceiling on overall 
representation in the United States. The State Department should 

lan accordingly to staff the U.S. embassy and consulates in the 
viet Union within a comparable 320 ceiling. 

The Committee supports the State Department's plan to reduce 
the Soviet work force at the U.S. Embassy in Moscow. This plan 
would also allow the staffing of a small consulate in Kiev within 
the 320 ceiling and still permit some reduction in Soviet embassy 
and consular positions in the United States. Such reductions could 
be made, for example, by refusing to allow the Soviets to replace . 
officials expelled from the United States for espionage-related ac- 
tivity. Further reductions should be possible as the Americans who 
replace Soviet employees learn to do their jobs more efficiently. 

Apart from issues of numerical equivalence, the State Depart- 
ment through the Office of Foreign Missions has made considerable 
progress in imposing more effective controls. In addition to regulat- 
ing the travel of Soviet bloc representatives and U.N. Secretariat 
personnel, the Office of Foreign Missions (OFM) is requiring Soviet 
bloc embassies to secure prior OFM approval of purchases or leases 
of property for housing as well as business purposes. A Soviet re- 
quest to construct a new apartment building in their existing com- 
pound in Riverdale, New York, has been denied because it is 
deemed excessive to Soviet housing needs. On May 28, 1985, the So- 
viets were advised that their procurement within the United States 
of building equipment, materials, or services for the remaining con- 
Struction work at their Mt. Alto site in Washington, D.C., must be 
arranged through OFM. In response to a Soviet request to expand 
its recreational facilities at Pioneer Point, Maryland, OFM has told 
the Soviets they must abide by the same terms and conditions ap- 
plied to construction on the site of U.S. Embassy recreational prop- 
erty in Moscow. 

The Committee believes the OFM program is one of the most im- 
portant recent counterintelligence initiatives, and is recommending 
legislation to broaden OFM's authority to impose travel controls on 
certain Soviet bloc-controlled businesses located in the United 
States. The Committee also supports OFM's plans to require Soviet 
bloc missions to lease residential units from OFM, to purchase tele- 
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communications goods and services through OFM, and to use OFM 
banking services. OFM's effectiveness will be enhanced by the Ad- 
ministration's decision to give Ambassador status to its current Di- 
rector. (By law, his successor will have such status.) The Committee 
supports the decision to make this appointment, so as to strengthen 
the Director's ability to deal with foreign representatives. 

The need to combat the hostile intelligence presence must also be 
taken into account in developing policies and regulations for ex- 
change programs. There is clear evidence that some exchange visi- 
tors are used for clandestine intelligence purposes. While foreign 
policy considerations may dictate greater openness between the 

nited States and certain countries, they must be balanced against 
the counterintelligence risks. The President's interim report to the 
Intelligence Committees states that efforts are made to do this. 

Overseas, the hostile presence problem has three separate dimen- 
sions. The first is employment of Foreign Service Nationals (FSNs) 
at U.S. diplomatic missions. While most attention has been focused 
on the large number of Soviet nationals employed at our Embassy 
in Moscow, similar concerns arise in other countries. The Inman 
Panel on Overseas Security recommended reducing the number of 
FSNs at embassies in other Warsaw Pact countries and segregati- 
ing them from sensitive areas and positions in other missions. The 
State Department has developed a plan to reduce the number of 
FSNs in Moscow to 95 and to begin such reductions elsewhere. 

The Committee supports both the Moscow effort and the modest 
FSN reductions planned in Eastern Europe. The Administration re- 
quested $6.3 million for FY 1986 and $28.3 million for FY 1987 to 
meet the costs of such staffing changes; the urgent supplemental 
appropriations bill met $12.0 million of that need. The Committee 
urges the State Department to reprogram the remaining needed 
funds, especially if construction funds Sppropriated in the urgent 
supplemental cannot be fully expended in 1987. 

A second aspect of the problem is the employment of over 
120,000 foreign nationals at U.S. military installations. Close to 
1,000 of these personnel have access to some classified information; 
roughly 370 have access to some Secret material. The Stilwell Com- 
mission recommended stricter personnel security safeguards in 
such cases, and consideration should also be given to reducing the 
military’s reliance on foreign nationals, who are much more likely 
to be recruited by a foreign intelligence service than are U.S. per- 
sonnel. The Committee recognizes that status of forces ments 
limit the hiring of U.S. citizens to perform unclassified work at 
overseas bases, but the number of foreign national employees with 
authorized or unauthorized access to classified information can and 
should be reduced to the minimum feasible level. The Committee 
supports the tighter investigation requirements for foreign employ- 
ees that have been recommended by the Stilwell Commission. 

The State Department plays a key role in developing and imple- 
menting these policies and in ensuring that they take into account 
other U.S. foreign policy objectives. Components of the State De- 
partment vary in their understanding and appreciation of counter- 
intelligence concerns. It is important to provide better training and 
other information on the foreign intelligence threat to State De- 
partment officials. While the State Department is not a counterin- 
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telligence agency, its officials should be kept fully apprised of the 
threat so they can be better prepared to support Foreign Missions 
Office and other policies designed to implement a national counter- 
intelligence strategy. 


Findings and Recommendations 


4. Recommendation.—Recent Administration initiatives and leg- 
islation (Leahy-Cohen amendment, Roth amendment) should be im- 
plemented in a manner that places effective limitations on the 

‘numbers and activities of hostile intelligence service personnel in 
the United States and takes into account our foreign policy and in- 
telligence collection efforts. The limit of 320 on permanently ac- 
credited. Soviet embassy and consular personnel should not be in- 
creased, and the State Department should plan to staff the U.S. 
embassy and consulates in the Soviet Union so as to require some 
reduction in Soviet embassy and consular personnel in the United 
States. i - 

5. Recommendation. —Congress should enact legislation establish- 
ing a policy of substantial equivalence between the size of the 
Soviet and U.S. missions to the United Nations in line with the Ad- 
ministration’s plan to reduce the size of the Soviet U.N. Mission. 

6. Recommendation. —Congress should strengthen the authority 
of the Office of Foreign Missions to regulate commercial and other 
entities controlled by foreign governments and require registration 
of commercial entities controlled by Warsaw Pact governments. 

7 Recommendation.—The Committee supports efforts through 
the Office of Foreign Missions to enhance U.S. counterintelligence 
effectiveness, including new initiatives to require Soviet bloc mis- 
sions to acquire residential property, telecommunications services 
and equipment, and banking services through OFM. The Commit- 
tee also supports the granting of Ambassador status to the current 
OFM Director. 

8. Recommendation.—Policies and regulations for exchange pro- 
grams with other countries should take counterintelligence con- 
cerns into account. 

9. Recommendation.—The State Department should reprogram 

whatever funds are needed to supplement the $12.0 million appro- 
priated through FY 1987 to implement plans to replace a substan- 
tial number of Foreign Service Nationals with Americans at US. 
missions in the Soviet Union and other high-risk countries. The De- 
fense Department should reduce the use of foreign nationals with 
access to classified information at DoD installations abroad, and 
Congress should appropriate sufficient funds to replace them with 
Americans. Funds for this purpose should be requested in the FY 
1988 budget, and DoD should determine what changes may be re- 
quired in mandated military ceilings overseas. 
_ 10. Finding.—In conjunction with the CIA, FBI and DoD counter- 
intelligence components, the State Department should have a pro- 
gram of formal training sessions, briefings and intelligence report- 
ing arrangements to provide more and better information to State 
Department officials on the foreign intelligence threat and US. 
counterintelligence requirements. The Committee notes with pleas- 
ure that progress is being made in this area. 
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C. COUNTERINTELLIGENCE AWARENESS PROGRAMS 


One key to a successful counterintelligence strategy is thorough 
analysis of the hostile intelligence threat and communication of 
the results to those who need to take countermeasures. Current ef- 
forts range from the FBI's Development of Counterintelligence 
Awareness (DECA) program for briefing defense contractors to the 
improved assessment of Soviet deception, disinformation and active 
measures. Informing the public, industry and other government 
agencies can have a direct payoff, as in the case where a student at 
Columbia University contacted the FBI about a Bulgarian ex- 
change visitor after seeing a TV documentary on espionage that de- 
scribed conduct similar to that of the Bulgarian. The student's 
report led to an FBI offensive double agent operation resulting in 
the arrest of a Bulgarian intelligence officer. At a classified level, 
U.S. counterintelligence agencies must work with a great variety of 
government programs and security officials to provide tailored in- 
formation and analysis. 

On November 1, 1985, the President issued NSDD-197 requiring 
each U.S. Government agency to establish a security awareness 
program for its employees, including periodic formal briefings on 
the threat posed by hostile intelligence services, and to provide for 
the reporting of employee contacts with nationals of certain foreign 
powers. These programs are to be tailored to the sensitivities of 
particular work and designed so as not to intrude into employees' 
privacy or freedom of association. . 

According to the NSC staff, department and agency heads have 
responded positively and have given high priority to this enter- 
prise. The State Department contact reporting directive, which has 
been provided to the Committee, serves as a good model because it 
specifies reporting procedures clearly and identifies those countries 
that require the greatest attention. Civilian agencies without ex- 
tensive national security responsibilities also appear to be taking 
this policy initiative seriously. 

The Committee strongly supports this policy and is recommend- 
ing that a similar security awareness program be established for 
the U.S. Senate. The Committee has used the State Department's 
new program as its model. 

The Larry Wu-tai Chin case highlighted the threat posed by Chi- 
‘nese intelligence operations. As indicated in section II of this 
Report, however, the PRC intelligence threat differs greatly from 
the Soviet one. These differences require development of new coun- 
terintelligence approaches geared to the special characteristics of 
the PRC threat. In particular, the FBI should develop specialized 
threat awareness briefings geared to the unique problems posed by 
PRC operations. At the same time, FBI threat awareness programs 
do not—and should not—leave the implication that lawful associa- 
tion with or assistance to Chinese technical and scientific research- 
ers is a sign of disloyalty to the United States. 

Another aspect of counterintelligence awareness is the knowl- 
edge by agency security officials of when to bring a matter to the 
attention of a U.S. counterintelligence agency. In the Edward Lee 
Howard case, CIA security officials failed to alert and involve the 
FBI in a timely fashion. The CIA has taken steps recently to guard 


Page 4720f3957 . 


Page 473 of 3957 


46 


against a recurrence of this problem. The FBI should continue to 
work closely with security officials of all U.S. Government agencies 
to ensure that they understand its requirements and guidelines. A 

ood example is the Pollard case, where the Naval Investigative 
Bervice Command brought in the FBI at an early stage. The Com- 
mittee is pleased that the Navy has given a commendation and a 
monetary award to the official who was responsible for bringing 
the FBI into the Pollard case promptly when certain questionable. 
behavior was observed. : 

The lessons of the Howard and Pollard cases should be extended 
to all departments and agencies that handle highly sensitive infor- 
mation. Interagency procedures for reporting suspicious conduct to. 
the FBI should be strengthened. Moreover, the Howard and Pelton 
cases demonstrate that former employees with grievances or finan- 
cial problems can compromise our most sensitive national security 
programs. Individuals who choose to work in positions as sensitive 
as those occupied by a Howard or a Pelton should expect to be held 
to a higher security obligation than personnel with access to less . 
sensitive information. Therefore, the FBI should be informed when 
employees with access to extremely sensitive information resign or 

` are dismissed under circumstances indicating potential motivations 
for espionage. The decision as to whether the circumstances justify 
investigation in varying degrees should be made by the FBI, in 
light of its counterintelligence experience, not by the employing 
agency. Interagency procedures should be established to address 
borderline cases. 

Threat analysis functions are shared among U.S. counterintelli- 
gence, foreign intelligence and security agencies. Development of 
an effective national counterintelligence strategy, as well as a com- 
prehensive and balanced set of security measures, requires central- 
ized assessment of the threat posed by all forms of collection—tech- 
nical as well as human. Since 1981, an interagency staff has com- 
piled assessments of the hostile intelligence services threat and 
U.S. countermeasures, based on inputs from throughout the Gov- 
ernment. The Committee has found these assessments to be in- 
aer d valuable and is pleased that they continue to have high 
priority. : 

National assessments are no substitute, however, for high-quality 
threat assessments tailored to meet more specific needs. The Com- 
mittee is pleased to learn that progress is being made regarding 
one such need for tailored material that was highlighted in the 
most recent interagency assessment. 

, DoD counterintelligence agencies have taken the lead in analyz- 
ing the threat to particular military installations and activities. 
The Committee supports increased efforts in this area, especially to 
assess the threat to highly Sensitive research and development 
projects and to make the findings available to the officials responsi- 
ble for security countermeasures. In recognition of the importance 
of this function, the Stilwell Commission has recommended, and 
the Secretary of Defense has directed, that the Defense Intelligence 
Agency establish a Multidisciplinary Counterintelligence Analysis 
Center as a service of common concern for DoD to meet the coun- 
terintelligence analytic requirements of the Defense Counterintelli- 
gence Board and the various DoD components. DIA should have 
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the task of ensuring that other agencies’ threat assessments are re- 
sponsive to security and program management needs of DoD com- 
ponents. Efficient allocation of limited security resources depends 
on careful evaluation of the threat. 

Special attention is required for two aspects of the hostile intelli- 
gence threat that directly relate to U.S. foreign intelligence analy- 
sis: deception; and “active measures,” including disinformation, for- 
geries and other political influence operations. Hostile intelligence 
vcn conduct these operations in addition to their collection ef- 

orts. 

An interagency committee and a community-wide intelligence 
analysis office are both active in the analysis of deception efforts. 
Pursuant to the Committee's classified reports accompanying the 
Intelligence Authorization Acts for FY 1985 and FY 1986, a small 
interagency staff has been assigned to the analysis office. 

In recent years, with the help of the intelligence community, the 
State Department has stepped up efforts to expose Soviet "active 
measures," such as forgeries and Soviet control of political organi- 
zations and conferences abroad. The Committee supports recent ini- 
tiatives to improve intelligence support for U.S. efforts to counter 
these Soviet activities. 

The State Department and other appropriate agencies should do 
more to disseminate the results of such analyses to opinion leaders 
and policymakers worldwide. Recent steps to increase the effective- 
ness of the Active Measures Working Group, which is chaired by 
State/INR, are welcomed by the Committee. The Working Group 
has briefed U.S. embassies on its role, encouraged the formation of 
embassy committees to monitor and combat Soviet active meas- 
ures, and arranged for both classified and unclassified guidance to 
be provided to the field on specific cases. These efforts should be 
supported and fully staffed by the relevant agencies, especially the 
State Department. The Committee is pleased that a new office has 
been established recently in State/INR for this purpose. 

The FBI prepares reports and testifies before Congress on efforts 
in the United States by the Soviets and other designated countries 
to influence public opinion and government policy through “front” 
organizations and other covert operations. For example, in 1986 the 
Committee received a classified FBI report on “Trends and Devel- 
opments in Soviet Active Measures in the United States," which 
updated a previous study prepared in 1982. The FBI report reviews 
covert Soviet political influence operations directed at U.S. public 
opinion and policymakers. The Committee regularly requests fur- 
ther counterintelligence information from the FBI on such oper- 
ations. The Bureau should continue to report these assessments in 
a manner that provides the necessary facts about hostile intelli- 
gence activities and that fully respects First Amendment rights. 
Findings and Recommendations 

11. Recommendation.—All elements of the U.S. Government 
should give high priority to implementation of the policy requiring 
security awareness briefings and the reporting of contacts with na- 
tionals of designated countries. A similar procedure should be 
adopted for U.S. Senate personnel. 
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12. Recommendation.—The Howard case demonstrates the need 
for strengthening interagency procedures for bringing possible espi- 
onage cases to the FBI's attention in a timely manner. The FBI 
should also be informed when employees with access to extremely 
sensitive information, such as Howard and Pelton, resign or are 
dismissed under circumstances indicating potential motivations for 
espionage. 

13. Recommendation.—The FBI should develop threat awareness 
briefings tailored to the special characteristics of the PRC espio- 
nage threat. Such briefings should alert American citizens to the 
risks of giving assistance to PRC nationals who may have espio- 
nage assignments, while respecting the freedom to associate with 
lawful scientific and technical research. 

14. Finding.—Significant efforts are underway to improve coun- 
terintelligence threat analysis, including publication of regular 
interagency assessments of the hostile intelligence services threat 
and U.S. countermeasures and the establishment in DIA of a Mul- 
tidisciplinary CI Analysis Center to meet DoD threat analysis re- 
quirements in conjunction with other DoD components. 'The Com- 
mittee is also pleased to note that there has been progress in the 
effort to provide tailored analyses of the hostile intelligence threat. 

15. Recommendation.—The relevant interagency intelligence 
analysis office should coordinate and sponsor analytic efforts on 
Soviet deception, disinformation and active measures. The State 
Department and other agencies should increase dissemination of 
information about Soviet active measures abroad. The FBI should 
continue to be responsible for reports on active measures in the 
United States by hostile intelligence services and should cooperate 
with interagency analytic efforts. Reports on active measures in 
the United States that are prepared by agencies other than the FBI 
should be prepared in coordination with the FBI and/or the Attor- 
ney General. 


D. DOMESTIC OPERATIONS 


Counterintelligence operations in the United States differ from 
such operations abroad, because the environment is generally more 
favorable. U.S. counterintelligence has greater resources, easier 
access to the target, and public attitudes favorable to citizen coop- 
eration. While legal requirements place constraints on surveillance 
techniques and investigative methods, those limits are vital for 
maintaining our free society and (with exceptions discussed below) 
do not inhibit necessary counterintelligence efforts. 

Domestic operations can be divided into the following categories: 
surveillance coverage of foreign government establishments and of- 
ficials; offensive operations to recruit agents-in-place and defectors 
or to control double agents; and espionage investigations and pros- 
ecutions. Many of the strategic requirements for domestic oper- 
ations are unique, especially with respect to surveillance of estab- 
lishments and officials and the investigation and prosecution of es- 
pionage cases. Other requirements have more in common with 
overseas operations, particularly with regard to penetration of hos- 
tile services, handling of defectors and double agents, and analysis 
of the bona fides of sources. Unique features of overseas operations, 
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as well as personnel management and training programs that cross 
geographic divisions, are treated in later sections of this Report. 


1. Coverage of Establishments and Officers 


The foundation for domestic counterintelligence is systematic col- 
lection on a foreign country's official representatives in the United 
States. Such collection may be technical or human. 

Recent cases have shown the vital importance of comprehensive 
coverage of Soviet bloc embassies and consulates as a means of de- 
tecting offers to sell U.S. secrets. Pelton, Cavanagh, Jeffries and 
others made their initial contacts with the Soviets by contacting an 
establishment. Skilled counterintelligence work is required in such 
cases, and frustrations may be unavoidable. The Pelton case is an 
example in which it took years to achieve a positive identification. 

The stratgegic importance of covering certain foreign establish- 
ments and their employees justifies continuing resource invest- 
ments to upgrade the FBI's surveillance capabilities. The Commit- 
re has supported such investments over the years and continues to 

o so. 

In this connection, the importance of the contact reports dis- 
cussed earlier in this Report cannot be overemphasized. While gov- 
ernment regulations can require federal employees to report con-: 
tacts with possible foreign intelligence officers, a free society must 
rely on the voluntary cooperation of private citizens to advise the 
FBI of approaches and other contacts by such officials. Frequently 
the FBI requests citizens to report this information about particu- 
lar individuals, based on surveillance of a contact. The FBI's DECA 
briefings, which are designed to encourage such contact reports 
from defense contractors and their employees, have now reached 
over 15,000 contractor employees. FBI and other intelligence com- 
munity officials have used speeches and public appearances to em- 
phasize the importance of public cooperation. 

The American people have a legitimate concern that their gov- 
ernment should not intrude upon their lawful associations with for- 
eign officials and their First Amendment right to exchange ideas 
with visitors from abroad. For that reason, the FBI operates under 
guidelines established by the Attorney General and internal FBI 
policies overseen by the Committee that are designed to respect the 
free exercise of constitutional rights. As Director Webster stated in 
a recent speech: 


We certainly don't have enough Agents to keep track of 
every citizen of this country nor do we want to investigate 
the activities of lawful organizations without predication 
for doing so. Rather, our focus—indeed our strategy—must 
be on the intelligence operatives themselves and the iden- 
tification of those who have come here with intelligence 
commissions. By building a spiderweb throughout the 
United States that focuses on them rather than on our 
own citizens, we make it much more difficult for those who 
would betray our country by surreptitiously supplying na- 
tional secrets to foreign intelligence officers. I believe that 
in a free society this is the only way we can function with- 
out turning ourselves into a police state. 


? 


Page 476 of 3957 


Page 477 of 3957 


The existence of those safeguards should give the public confidence 
that cooperation with FBI counterintelligence not only serves the 
national interest, but is consistent with respect for constitutional 
rights. 


Findings and Recommendations 


16. Recommendation.—Congress should continue to fund in- 
creases in FBI surveillance capabilities. 

17. Recommendation.—American citizens in all walks of life 
should be encouraged to assist U.S. counterintelligence efforts by 
providing information to the FBI, either upon request or when they 
are approached by possible foreign intelligence officers. 


2. Offensive Operations 


A major element in counterintelligence is offensive operations, 
especially efforts to recruit agents-in-place within hostile intelli- 
gence services and to induce defections from those services. The 
strategic payoff of agents and defectors can be immense, as demon- 
strated by the exposure of Edward Lee Howard and the successful 
prosecution of Ronald Pelton. 

The greatest area of concern is the handling of defectors, as 
dramatized by the Yurchenko case. According to a CIA survey, 
most of the defectors resettled in the United States with CIA assist- 
ance are basically satisfied with their treatment. Nevertheless, a 
significant minority have problems that require special attention 
on a continuing basis. 

In the aftermath of the Yurchenko re-defection, the CIA has un- 
dertaken a comprehensive review of its practices for handling de- - 
fectors. Deputy Director of Central Intelligence Robert M. Gates 
summarized the CIA's conclusions and corrective actions at his con- 
firmation hearing on April 10, 1986: 


There were organizational deficiencies. We have made 
organizational changes so that a single individual and a 
single organization are accountable and are in charge of 
the entire process for defectors. Another element that we 
have changed . . . is to ensure that the same person is ba- 
sically the principal case officer for a defector with conti- 
nuity, so that a defector isn't facing a whole new set of 
people all the time and there is somebody there that he 
gets to know and that he can depend upon and that under- 
stands him and understands his concerns, and can identify 
when he is going through a particular psychological 
crisis. . . . 

Mr. Gates also called it "imperative" to assign individuals who 
speak the same language as a defector so that someone is available 
to talk in his or her own language; he did not know, however, 
m the CIA has actually been able to implement this ap- 
proach. 

The actions taken and under consideration by the CIA reflect a 
constructive effort to upgrade the defector program and respond to 
the lessons of the Yurchenko case. They need continuing high-level 
support, both in the CIA and in other agencies. The Committee will 
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continue to assess the CIA improvements along with other ap- 
proaches. 

The Executive branch continues to examine the broad question 

of how defectors might best be welcomed, assisted and utilized. A 
private organization formed to assist defectors, the Jamestown 
Foundation, has recommended major changes in the defector han- 
dling program. The Committee intends to follow this issue closely 
in the coming year and looks forward with great interest to seeing 
the results of Executive branch deliberations. 
- The Committee considers it of the utmost importance that our 
nation's goals in welcoming and assisting defectors be more clearly 
enunciated and boldly implemented. Too often, the only operative 
goals have been the national security benefits that result from de- 
briefing a defector; the defector's personal security against attacks 
by his or her country's security services; and enabling the defector 
to survive without continuing U.S. Government intervention. Other 
goals must be added to that list: to encourage achievement in 
American society consonant with the defector's talents and accom- 
plishments; and to assist the defector in making a continuing con- 
tribution to the United States. While the Executive branch has 
taken steps to administer its current defector program more effec- 
tively, it must also effect this important change in attitude and 
commitment. 

The Permanent Subcommittee on Investigations of the Senate 
Committee on Governmental Affairs has begun a major study of 
the U.S. Government's handling of defectors and other refugees 
from the Soviet Bloc. This study will focus particular attention on 
the contributions that defectors can and do make to American soci- 
ety and on the need to encourage that process. The Intelligence 
Committee supports this PSI study and is cooperating with the 
Subcommittee in its effort to inform the public regarding the needs 
of defectors and of the agencies that assist them. 

Perhaps the greatest risk in a strategy of penetrating hostile 
services is that the agent-in-place or defector may be a double 
agent, pretending to be recruited by or escaping to the United 
States but actually controlled by a hostile counterintelligence serv- 
ice. Disputes over the bona fides of sources have plagued the U.S. 
intelligence community in the past. Such differences are sometimes 
unavoidable, but they should not disrupt interagency cooperation. 
Counterintelligence is not an exact science. The important thing is 
not to rely on a single source without careful testing and corrobora- 
tion of his information. In this regard, the Committee has sought 
and received assurances that intelligence officials are alert to the 
risk of over-reliance on the polygraph. "n 

The FBI, CIA, and DoD counterintelligence components have 
made extensive use of double agents, as evidenced in the recent Iz- 
maylov and Zakharov cases. Last June, the Soviet air attache, Col. 
Vladimir Izmaylov, was expelled after being apprehended by the 
FBI. On August 23, Gennadiy Zakharov, a Soviet physicist working 
for the United Nations, was arrested and charged with espionage. 
Both Soviets had been maintaining clandestine contact with indi- 
viduals who were cooperating with the FBI. 

There is a clear need for these operations to be carefully man- 
aged. Counterintelligence managers must also review operations to 
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ensure that they have not been compromised. The Committee 
found Executive branch officials sensitive to these and other issues 
raised by double-agent operations. . . 
The most difficult counterintelligence task is countering the use 
of "illegals," that is, hostile intelligence service officers who oper- 
. ate under deep cover rather than official cover. Some “‘illegals” 
may be used primarily for performing espionage support functions 
(e.g., clearing drops) The FBI and the Justice Department should 
consider improved ways to prosecute “illegals” for such espionage 
support activity. 


Findings and Recommendations 


18. Finding.—In the aftermath of the Yurchenko re-defection, 
the CIA has made improvements in its procedures for handling de- 
fectors. The Committee will continue to review the implementation 
of those procedures to ensure that needed resources and personnel, 
as well as continuing high-level support, are provided. The Admin- 
istration has commissioned an independent assessment of the CIA 
defector resettlement program, and the results will be provided to 
the Committee. 

19. Recommendation.—Objectives for the defector resettlement 
program must include encouraging the fullest possible achievement 
in American society and assisting defectors to make a continuing 
contribution to the United States. The Committee strongly sup- 
ports the efforts of the Permanent Subcommittee on Investigations 
of the Senate Governmental Affairs Committee to focus public at- 
tention on the contributions that defectors can make to erican 
society and on the need to enhance their ability to make such con- 
tributions. 

20. Finding.—The Executive branch has reassured the Commit- 
tee regarding the risk of over-reliance on the polygraph in testing 
sources and defectors and has demonstrated sensitivity to issues 
COn oring the mangement of U.S.-controlled double-agent oper- 
ations. . 

: 21. Recommendation.—The Justice Department and the FBI 
should work together to develop improved ways to prosecute “ille- 
gals" who perform espionage support functions. If further legisla- 
tion is needed, the Justice Department should so inform the Con- 
Eress. 


3. Espionage Investigations and Prosecutions 


_ Espionage investigations that may lead to criminal prosecution 
raise delicate issues of interagency cooperation and balancing of in- 
terests. Some senior officials Ws us impostition of the most severe 
penalties on an individual found to have engaged in espionage on 
behalf of a hostile foreign power. Law enforcement objectives may 
conflict, however, with counterintelligence requirements and other 
national security interests. 

Espionage cases involving non-Soviet bloc countries raise foreign 
policy issues, because of the desire of the United States to maintain 
good relations with particular governments. In the recent Pollard 
and Chin cases, however, the Executive branch has demonstrated 
its willingness and ability to investigate and prosecute espionage 
by agents acting on behalf of friendly countries—in these cases, 
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Israel and China. The Committee fully supports enforcement of the 
espionage laws, without regard to the foreign country involved. 
This policy does not necessarily conflict with other U.S. objectives 
requiring good relations with such countries, so long as it is applied 
even-handedly. The United States should make clear to every coun- 
try that it will not tolerate violation of our espionage laws and that 
it will investigate the intelligence operations of countries that con- 
trol or permit the commission of espionage in or against the United 
States on their behalf. The Committee is pleased with recent assur- 
ances of State Department cooperation with enforcement action 
whenever evidence of espionage is presented. 

For many years U.S. counterintelligence officials assumed that 
information acquired by intelligence techniques could not be used 
for law enforcement purposes because of legal obstacles and the 
need to protect sources and methods. The Foreign Intelligence Sur- 
veillance Act and the Classified Information Procedures Act have 
made espionage prosecutions somewhat easier, although other diffi- 
culties still remain. These problems include the use of certain in- 
vestigative techniques, the need for more expertise in handling sen- 
sitive espionage matters, and requirements for better cooperation 
among and within agencies. 

One of the principal differences between espionage investigations 
and other criminal cases is the overriding need for secrecy to pro- 
tect counterintelligence sources and methods. That is why Presi- 
dents have asserted claims of "inherent constitutional power" to 
authorize the use of intrusive techniques with Attorney General 
approval rather than a judicial warrant. That is also why Congress 
has established a special secure court order procedure under the 
Foreign Intelligence Surveillence Act and exempted counterintelli- 
gence from the law enforcement procedures for access to bank 
records in the Right to Financial Privacy Act. U.S. counterintelli- 
gence officials have consistently contended that ordinary judicial 
procedures do not provide adequate security in dealing with hostile 
intelligence services. In nozmal criminal cases the objective—either 
immediate or long-term—is always prosecution in open court. 
Counterintelligence operations have other objectives that may be 
more strategically important, such as learning the methods of the 
hostile service. 

Federal law does not adequately take account of such differences 
in several areas. The FBI has found that the counterintelligence 
exemption in the Right to Financial Privacy Act is insufficient to 
obtain access to bank records when financial institutions refuse to 
cooperate on a voluntary basis. Consequently, the FBI is requesting 
legislation to give U.S. intelligence agencies the authority to re- 
quire financial institutions to provide access to records. Unlike the 
law enforcement procedures under the Right to Financial Privacy 
Act, neither a court order nor notice to the subject of the records 
would be required. The FBI has a strong case for replacing the cur- 
rent voluntary system with a law that provides mandatory access 
for counterintelligence purposes within a framework of Attorney 
General guidelines and congressional oversight to provide safe- 
guards against abuses. The Committee, therefore, has included leg- 
islation to address this need in the Intelligence Authorization Act 
for Fiscal Year 1987. 
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There is a similar problem with access to telephone and other 
telecommunications records. Paradoxically, it is easier in some 
states to wiretap an individual than to get the phone company to 
provide access to his or her billing records. For security reasons, 
the law enforcement alternative of a grand jury subpoena is usual- 
ly impractical; and the Foreign Intelligence Surveillance Act does 
not cover access to records. As with bank records, the FBI is asking 
for legislation that provides mandatory access for counterintelli- 
gence purposes to such telecommunications records as telephone 
billing records. The Committee has incorporated such legislation in 
the Intelligence Authorization Act for Fiscal Year 1987. 

A third gap in federal law concerns physical searches. The For- 
eign Intelligence Surveillance Act (FISA) authorizes a special court 
composed of Federal District Judges to grant orders for electronic 
surveillance to meet counterintelligence requirements, but the Act 
does not apply to physical search. The FBI supported broadening 
the Act to cover searches as part of the intelligence charter legisla- 
tion considered by the Committee in 1980, but the only provisions 
of the charter to be enacted were the congressional oversight au- 
thorities. Pursuant to Executive Order 12333, the Attorney General 
authorizes warrantless searches for counterintelligence purposes. 

The absence of a statutory court order procedure creates at least 
two problems. First, as with bank and telephone records, there is 
no authority to require cooperation from private parties. Second, 
the Federal appeals court in the Truong case ruled that evidence 
derived from a warrantless counterintelligence search may not be 
used in court if the search occurs after the Government decides to 
prosecute. Neither problem exists for wiretaps and other forms of 
electronic surveillance under the Foreign Intelligence Surveillance 
Act, which provides a court order procedure to secure the coopera- 
tion of private parties and permits the use of information for law 
enforcement purposes with appropriate security. 

In light of this situation, the Committee recommended in 1984 
that legislation be developed to establish statutory procedures com- 
parable to FISA for physical search. The Committee is prepared to 
develop and introduce such legislation in cooperation with the Ex- 
ecutive branch. 

The President’s interim report to the Intelligence Committees 
comments, “It is imperative that FISA be retained as it now 
exists.” The Committee similarly endorsed FISA in 1984, finding 
that it has resulted in “enhancement of U.S. intelligence capabili- 
ties" and also "contributed directly to the protection of the consti- 
tutional rights and privacy interests of U.S. persons." The Commit- 
tee believes that physical search legislation can be achieved, with 
Executive branch support, without endangering FISA. 

Espionage investigations and prosecutions would also be more 
successful if greater expertise and resources were brought to bear 
in certain areas. Since 1985 the Army has reorganized its counter- 
intelligence efforts and instituted a specialized training program to 
Evelop greater expertise at the field level in espionage investiga- 

ions. 

. The espionage prosecutions in 1985 and 1986 demonstrated the 
importance of early consultation with Justice Department attor- 
neys in developing tactics that reconcile intelligence and law en- 
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forcement interests. In the Pelton case, close cooperation between 
NSA, and the FBI, and the Justice Department resulted in a con- 
viction with minimal disclosure of sensitive information. In the 
Sharon Scranage case, the combined efforts of the CIA, the FBI, 
the Justice Department, and the State Department produced a 
strategy that successfully led both to two convictions and to the ex- 
change of the Ghanaian official convicted in the case for several 
prisoners in Ghana and their families. 

The Committee understands that such consultation is now being 
instituted in a more timely manner than often occurred in the 
past. This welcome coordination requires that the Justice Depart- 
ment, in turn, have a sufficient number of attorneys trained and 
experienced in handling the unique problems in these cases. The 
Committee is especially concerned that those attorneys learn how 
to maintain controls on the release of sensitive information. De- 
partment attorneys should also work with U.S. counterintelligence 
agencies in potential espionage cases to ensure that their methods 
are as consistent as possible with successful prosecution. In this 
regard, the Justice Department's Criminal Division has begun to 
build a cadre of experienced personnel and to provide additional 
training to United States Attorneys. 

The Howard case, which is discussed in some detail in the Com- 
mittee's classified Report, revealed serious shortcomings in CIA 
performance relating to espionage investigations. The Committee is 
pleased to learn that the CIA has taken steps to correct problems 
pinpointed in investigations by its Inspector General and an inter- 
agency group. The Committee will monitor the implementation of 
those changes. 

Issues relating to the handling of the Howard case by the FBI 
and the Justice Department have also been pinpointed and are the 
subject of continuing consideration. The Committee expects remedi- 
Doce to be taken, as appropriate, and will continue to follow 

is matter. 


Findings and Recommendations 


22. Recommendation.—The United States should not tolerate vio- 
lation of our espionage laws by any country and should investigate 
the intelligence operations of countries that control or permit the 
commission of espionage in or against the United States on their 
behalf. The Committee is pleased to learn on their behalf. The 
Committee is pleased to learn that the State Department has 
pledged to cooperate with enforcement action whenever evidence of 
espionage is presented, and the Committee supports efforts to set 
up a mechanism for regulatory interagency consultation on cases 
that might warrant action. f 

23. Finding.—The Foreign Intelligence Surveillance Act contin- 
ues to be considered by U.S. counterintelligence agencies to be 
highly beneficial to their efforts. They strongly favor retention of 
FISA as it now exists. ae . 

24. Recommendation.—Congress should enact legislation to give 
the FBI the authority to require financial institutions and telecom- 
munications carriers to provide access to records, with notice re- 
strictions comparable to FISA. Any such mon should be limit- 
ed to counterintelligence matters, governed by the current Attor- 
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ney General's guidelines, and accompanied by improved provisions 
for congressional oversight. 

25. Recommendation.—Congress should enact legislation compa- 
rable to FISA to authorize physical search for intelligence pur- 
poses, so as to reduce legal uncertainties in counterintelligence in- 
vestigations that have prosecution as one of their objectives. 

26. Recommendation.—U.S. counterintelligence agencies should 
continue to emphasize, as standard procedure, consultation with 
the Justice Department at an early stage in potential espionage 
cases. The Justice Department should provide increased training to 
Criminal Division attorneys and U.S. Attorneys concerning the . 
prosecution of espionage cases, including the need to protect sensi- 
tive information relating to such cases. : 

27. Finding.—The CIA has taken some steps that are likely to 
improve counterintelligence investigations and prosecutions, in the 
wake of investigations of the Howard case. The Committee will 
monitor implementaton of those improvements. 

Recommendation.—The FBI and the Justice Department 
Should take actions, as appropriate, to remedy shortcomings ex- 
` posed by the Howard case. 


E. OVERSEAS OPERATIONS 


Strategic counterintelligence objectives abroad differ from those 
in the United States not only because of the different environment, 
but also because of the added requirements for counterintelligence 
support in intelligence collection programs. The Committee wel- 
comes recent CIA initiatives to improve both its counterintelligence 

. efforts and its career opportunities in counterintelligence. 

The Committee's classified Report discusses further issues re- 
garding CIA and Department of Defense counterintelligence activi- 
ties overseas. 

The investigation of espionage by U.S. civilian and contractor 
personnel abroad raises jurisdictional questions. The Committee be- 
lieves that the FBI should be called in and should work closely 
with agency security officials from the outset. i 


Findings and Recommendations 

29. Finding.—The CIA has begun initiatives to improve its coun- 
terintelligence efforts. 

30. Recommendation.—U.S. agencies abroad should continue to 


obtain the timely advice and assistance of the FBI in cases of possi- 
ble espionage by civilian and contractor personnel. i 


F. PERSONNEL MANAGEMENT AND TRAINING 


Counterintelligence is not the main function of any of the organi- 
zations responsible for U.S. counterintelligence programs. The 
CIA's primary task is collection and analysis of political, economic 
and military intelligence; the FBI is a law enforcement organiza- 
tion; and each of the service counterintelligence organizations is 
part of a larger criminal investigative or intelligence agency. This 
1s one reason why there have been less specialized training and 
fewer incentives for careers in counterintelligence. Personnel are 
recruited for law enforcement or intelligence positions generally 
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and are usually not assigned to counterintelligence until they have 
experience in other fields. The advantage of this practice is that 
personnel can develop their basic investigative or intelligence skills 
in less sensitive areas before taking on more important counterin- 
telligence duties. The disadvantage is that specialization and career 
advancement in counterintelligence may be discouraged because of 
the organization's emphasis on other functions. 

Every agency is taking steps to upgrade counterintelligence 
training, but the results thus far have been uneven. More should 
be done to encourage agencies to share their experience with. suc- 
cessful methods. While each agency operates in a different environ- 
ment and with different internal regulations, joint discussion of 
such topics as the nature of the threat from particular hostile serv- 
ices and the techniques for offensive operations and counter-espio- 
nage investigations could be very useful. This would also make 
more efficient use of expert personnel who assist in other agencies' 
training. In the CIA and the military services, better training in 
agency guidelines is also needed. 

In the aftermath of the Miller case, the Committee has taken a 
close look at FBI personnel management policies for counterintelli- 
gence. At the Committee’s request, the FBI prepared a study re- 
viewing the impact of FBI personnel policies on the Foreign Coun- 
terintelligence (FCI) Program in order to determine how the FBI 
may more effectively recruit, select, assign, train, promote, and 
retain Special Agents for counterintelligence matters. The FBI 
study indicated a need for improvements in several areas. 

The FBI confronts unusual personnel management problems be- 
cause of the large hostile intelligence presence in New York City, 
where the cost of living has discouraged FBI Agents from seeking 
assignments or pursuing careers. Unlike State Department person- 
nel, FBI Agents in New York do not have a special housing allow- 
ance to defray the cost of living in town. The Committee believes 
that action is needed to improve benefits and incentives in New 
York and is prepared to develop legislation that may be needed for 
this purpose. 

Another manpower issue is the limited number of FBI senior 
grade positions in the counterintelligence field, as compared to po- 
sitions as Special Agent in Charge of a field office and comparable 
headquarters positions with primarily law enforcement duties. The 
Committee supports efforts to change this situation, including 
funds requested in the FY 1987 budget to increase the number of 
senior grade counterintelligence positions at FBI Headquarters. 
The Committee also supports the FBI policy requiring that all new 
Special Agents in Charge of field officers who have not previously 
served in a full-time counterintelligence position must receive FCI 
training. 

The Committee intends to continue its review of FBI counterin- 
telligence personnel policies as part of a broader ongoing study of 
intelligence community personnel issues. JL 

DoD counterintelligence components have similar problems and 
should develop appropriate revisions in personnel policy to encour- 
age specialized counterintelligence career development. In all the 
DoD counterintelligence units, as well as the FBI, greater efforts 
are needed to recruit and retain the best possible personnel. 
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Findings and Recommendations 


31. Recommendation.—More should be done to encourage agen- 
cies to share their experience with successful CI methods and to 
make more efficient use of expert training personnel. 

82. Recommendation.—Additional measures should be taken to 
improve benefits and incentives for FBI Agents in New York City, 
including any legislation needed to give the FBI comparable au- 
thority to the State Department. 

33. Finding.—The FBI is planning to increase the number of 
senior grade counterintelligence positions at FBI Headquarters. 
The Committee supports these efforts. : 

34. Recommendation.—While each counterintelligence agency 
must recruit to satisfy its unique needs, greater attention should be 
given to determining specialized qualifications required for person- 
nel to meet each agency's CI needs as distinct from law enforce- 
ment or foreign intelligence needs. 

35. Recommendation.—DoD _ counterintelligence components 
should continue to develop appropriate revisions in personnel 
policy to encourage specialized counterintelligence career develop- 
ment. 


IV. SECURITY COUNTERMEASURES 


In 1984-85 the Executive branch conducted seven in-depth stud- 
ies of security policies and practices for protecting classified infor- 
mation and activities against hostile intelligence collection. The 
Committee has reviewed findings and recommendations from all of 
these studies, as well as observations and proposals made by other 
Congressional committees, by witnesses at the Committee's closed 
hearings, and by experts inside and outside the Government. 
Taken together, these reports and recommendations raise grave 
questions regarding U.S. security programs to protect sensitive in- 
formation from our adversaries. 

The Walker case disaster and the bugging of typewriters in our 
Moscow embassy were compromises that waited years to be uncov- 
ered and that illuminated significant weaknesses in the nation's se- 
curity. There have been wide disparities in policies and standards 
for personnel, information, technical and other security measures. 
Serious imbalances in resource allocation have existed, and in some 
areas inadequate resources have led to serious gaps in protection. 
poene and development to improve security has been haphazard 
at best. 

, Since the late 1970s, the Committee has worked with the Execu- 
tive branch and the intelligence community to strengthen counter- 
intelligence throughout the Government, so that the FBI, CIA and 
DoD. counterintelligence components could deal more effectively 
with the hostile intelligence threat. Until 1985, however, neither 
this Committee nor any other congressional body had taken a simi- 
larly comprehensive look at the defensive security countermeas- 
ures that surround the core of classified information and that are 
supported by counterintelligence. The Committee's closed hearings 
in the fall of 1985 were the first systematic Congressional review of 
security programs since the 1957 report of the Commission on Gov- 
ernment Security established by Congress (with Senator John Sten- 
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nis as its Vice Chairman). Although the Committee is encouraged 
by many of the steps now being taken to remedy serious deficien- 
cies, the continuing fragmentation of security planning and policy 
requires a substantial reorganization of the way the Government 
handles its many security programs. Congress has a similar duty to 
put its own house in order; and the Committee has specific recom- 
mendations for that purpose as well. 

The Committee has addressed security countermeasures at two 
levels. First is the national policy level, where government-wide 
initiatives and programs are developed, approved and overseen. 
Many of the most serious security weaknesses result from the lack 
of an effective, national policy that gives high priority to security 
programs and ensures comprehensive and balanced planning. The 
second level is the numerous separate security disciplines, which 
each have their own problems that must be solved within a coher- 
ent national policy framework. These disciplines include informa- 
tion security, personnel security, communications security, comput- 
er security, emanations security (TEMPEST), technical surveillance 
countermeasures, physical security, industrial security and oper- 
ations security. Their variety itself clearly indicates how difficult it 
is to pull together the necessary expertise and reconcile the inter- 
ests of different agencies and programs— intelligence, military, dip- 
lomatic, industrial, research and budgetary. Nevertheless, the 
effort must be made if we are to reduce the likelihood of future 
worn that repeat the multi-billion dollar damage of the 
Walker, Pelton, Howard, Harper and Bell cases or the incalculable 
harm from interception of our communicatins and technical pene- 
tration of U.S. facilities. 

We would not wish to mislead; in any foreseeable environment, 
U.S. security countermeasures programs can provide no absolute 
guarantees against compromises and losses. Our goal is a signifi- 
cant improvement in security, a further limiting of the damage 
that is wreaked by those compromises and losses. Our belief is that 
more effective, but not unduly intrusive measures can accomplish 
this objective. 


A. A NATIONAL STRATEGIC SECURITY PROGRAM 


In December, 1985, the Committee recommended to the National 
Security Council that the Excutive branch develop a comprehen- 
sive and integrated National Strategic Security Program to coordi- 
nate and foster the protection of sensitive information and activi- 
ties from the efforts of hostile intelligence services. The purpose is 
three-fold. . n 

First, such a program would give greater visibility, higher priori- 
ty and increased attention of senior officials to security counterme- 
sures. Frequently, security programs have neither an influential 
voice in government departments and agencies nor adequate fund- 
ing and career opportunities. Security must be recognized by the 
Executive branch and Congress as a crucial underpinning to the 
other basic functions—military, intelligence and diplomatic—that 
safeguard national security. . 

Second, the reason for such a program is to provide a coherent 
Structure to address and overcome security deficiencies. As dis- 
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cussed in the following sections, these problems include underfund- 
ing of essential programs, significant gaps in research, inadequate 
training and career development, insufficient management ac- 
countability, uneven national policy guidance, interagency conflicts 
over new initiatives, and failure to ensure necessary linkages 
among security disciplines. 

Third, the establishment of such a program and structure should 
provide long-term continuity and consistency through succeeding 
Administrations. The changing of NSC structures from one Admin- 
istration to the next does not fill the pressing need for continuity 
and consistency of policy. When a National Strategic Security Pro- 
gram has taken shape, therefore, the essential features Should be 
promulgated by the President in a formal Executive Order. 

At the Committee's closed hearings in late 1985, senior officials 
were asked to discuss how U.S. counterintelligence and security 
countermeasures policies are established and coordinated at the na- 
tional level. The answer for counterintelligence was clear: responsi- 
bility is focused on a single NSC committee process (the Interagen- 
cy Group for Counterintelligence (IG-CI) and the Senior Interde- 
partmental Group for Intelligence (SIG-D), with support from an 
interagency staff which assists the NSC staff in coordinating policy 
initiatives and overseeing their implementation. Much progress has 
been made in developing a coherent process for counterintelligence 
policy. The same cannot be said for security countermeasures, 
where responsibilities have been widely diffused and the Executive 
gren has only begun to develop a coherent policy review struc- 

ure. 

The DCI testsified that the SIG-I is "the principal forum where 
the national perspective can be brought to CI [counterintelligence] 
and CM [countermeasures] policy," with countermeasures handled 
by an Interagency Group M) chaired by the Deputy Undersec- 
retary of Defense for Policy. At the same time, however, the DCI 
acknowledged the existence of “other Executive branch policy rec- 
ommending and implementing entities such as the DCI Security 
Committee, the National Telecommunications and Information Sys- 
tems Security Committee, the SIG for Technology Transfer, etc." 
While the DCI said the SIG-I system has “ the capability for and 
mission for ensuring proper national-level coordination of all CI 
and CM matters," this has not in fact been the case for security 
countermeasures. 

Recently, the DCI, acting in his capacity as Chairman of the 
SIG-I divided the Interagency Group for Countermeasures into sep- 
arate groups for Technical matters (IG-CM(T)) and for Policy and 
other non-technical issues (IG-CM(P). The new IG-CM(T), headed 
by the Assistant Secretary of Defense for Command, Control, Com- 
munications and Intelligence, is intended in part to serve as a 
bridge between the intelligence world of the SIG-I and the world of 
the National Telecommunications and Information Systems Securi- 
ty Committee (NTISSC). The NTISSC is chaired by the same Assist- 
ant Secretary and has a presidential mandate under NSDD-145 to 
develop communications, computer and emanations security policy 
for the whole government. 

The DCI also abolished the DCI's Security Committee (SECOM), 
which had been a working-level intelligence community group out- 
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side the IG-CM but covering some of the same issues. The two new 
IG-CMs are to have subcommittees that will handle many of the 
former SECOM functions, but with more senior members than was 

the case with SECOM, so that subcommittee members can actually 
commit their agencies to act upon group recommendations. Staff- 

ing is to be achieved through an up-graded interagency staff. 

These structural changes are very welcome signs of the serious- 
ness with which the Executive branch is approaching the need to 
improve the security policy process. The Committee does not be- 
lieve, however, that they go far enough in establishing a forum in 
which all the many security interests can be surfaced and recon- 
ciled. It is uncertain, moreover, whether the IG-CM subcommittee 
will be sufficient improvements on the SECOM structure to over- 
come the bottlenecks that too often have stifled progress on securi- 
ty issues. The Committee continues to believe, therefore, that a 
comprehensive National Strategic Security Program must be devel- 
oped, through whatever structures the Executive branch finds best 
suited to that task. 

In recommending establishment of a comprehensive National 
Strategic Security Program, a Committee does not intend to create 
a "czar" or to take from individual agencies their responsibility for 
implementing national policies that. affect their work. If there is no 
national policy, however, there is no standard against which to 
hold each department accountable. If national policies are frag- 
mented, outdated or unbalanced, security becomes subordinated to 
other departmental priorities and interagency disputes. This has 
occured far too often in recent years. Later sections of this Report 

ive examples: the inability to reach agreement on a "single scope" 

ackground investigation for Top Secret and SCI clearances; the 
proliferation of special access programs without sufficient controls 
and standards; the imbalance in resources between expensive tech- 
nical safeguards and the personnel and information security meas- 
ures needed for effective computer security; and, at least until very 
recently, interagency conflicts over how to deal with some techni- 
cal security issues. 

As important as it is to remedy these problems, the greatest 
value of a National Strategic Security Program should be to pro- 
mote innovative solutions to new and emerging hostile intelligence 
threats. This requires collaboration with counterintelligence agen- 
cies to identify such threats, as well as recruitment and training of 
top-quality security specialists with wide-ranging operational, tech- 
nical, analytical, and managerial skills. At the core must be a com- 
mitment at top management levels within each department and 
agency to setting clear security objectives, providing adequate re- 
sources, and devising effective oversight and inspection procedures 
for holding managers and commanders accountable for their per- 
formance. This commitment will be forthcoming only if Congress 
and the President make clear they expect it and establish their 
own systematic means to assess government-wide progress in meet- 
ing national goals. i : ! 

À National Strategic Security Program should provide policy di- 
rection and oversee implementation for all security disciplines: 

Personnel security; 
Information security; 
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Communications, computer and emanations security; 
Technical surveillance countermeasures; 

Physical security; i 

Industrial security; 

Operations security. 

To assist the NSC, a single body shoud be assinged responsibility 
for policy planning and analysis of all aspects of security counter- 
measures for protection of sensitive information against hostile in- 
telligence efforts. It should ensure effective coordination among the 
other interagency forums that address particular problems. It 
should have the task of putting together for the NSC and the Con- 
gress a fully balanced and coordinated government-wide program. 
A senior official should be designated to testify on the National 
Strategic Security Program before the appropriate Congressional 
committees. 

During 1985, the CIA and the State Department took significant 
steps to achieve the same objectives on a departmental level. The 
CIA reorganized and expanded its Office of Security to integrate all 
its security functions. Similarly, as recommended by the Inman 
Panel on Overseas Security, the State Department established a 
new Diplomatic Security Service with higher status and wider re- 
sponsibilities, including a high-priority effort to upgrade technical 

' security. The Stilwell Commission has recommended a similar 
‘action by the Defense Department, stressing “that all security dis- 
ciplines have as their fundamental purpose the protection of classi- 
fied information and must be applied in a fully balanced and co- 
ordinated way.” The Committee urges that resources be allocated 
to enhance sore policy and oversight in the Office of the Secre- 
tary of Defense (OSD), so as to make the policy-level integration of 
the various security programs in DoD a viable option. 

A significant aspect of the National Strategic Security Program 
should be to assist the NSC on resource priorities. The current 
budgetary arrangements are fragmented and inadequate. To con- 
sider ways to improve the resource allocation process, the Commit- 
tee held a closed hearing on June 4, 1986, on principal security pro- 
grams outside the NFIP, as well as those in the CIA Office of Secu- 
rity. The ultimate goal of the Committee is to have each depart- 
ment and agency identify its security resources by function and 
program and include these resources in their congressional budget 
justification submissions. The National Strategic ecurity Program 
should give the NSC and Office of Management and Budget a simi- 
lar opportunity to evaluate the resource priorities of these and 
other security countermeasures programs. 

Another high priority for the National Strategic Security Pro- 
gram should be an assessment of requirements for research and 
analysis, especially on personnel security and the interfaces be- 
tween personnel, communications and computer security. The 
greatest imbalance in ey resources is between costly projects 
on technical safeguards and the meager efforts to look into person- 
nel security issues. Not until January, 1986, was DoD able to get 
the necessary concurrences for a modest personnel security re- 
search program in DoD to be administered by the Navy. Current 
arrangements for intergency assessment of security research needs 
have been insufficient to identify and promote aggressive and bal- 
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anced government-wide efforts, even though particular agencies 
have taken valuable initiatives in areas of concern to themselves. 

Special emphasis should also be placed on commander and man- 
ager responsiblity for security within their respective organiza- 
tions. The recent action of the Deputy Secretary of Defense order- 
ing the incorporation of security management as a criterion in 
military and civilian performance and fitness reports is a step in 
right direction. Such a requirement should be extended govern- 
ment-wide and apply to all contractors as a condition for inclusion 
on a bidders list. Other realistic sanctions are needed, as well as 
greater consistency in the government and among contractors on 
the severity and application of such sanctions as fines, relief for 
cause, debarment and suspension, for knowing or negligent securi- 
ty violations both by managers and by subordinates. The National 
Strategic Security Program should supply the necessary policy di- 
rection. 

Security normally ranks well below other careers in most agen- 
cies; the National Strategic Security Program must change the 
status of the security profession. Security specialists should match 
other professionals in terms of their qualifications, training, com- 
pensation and career opportunities. There should be an independ- 
ent evaluation of the recruitment, training, pay, status, profession- 
al development and retention of federal security officers in all de- 
partments and agencies. As recommended by the Information Secu- 
rity Oversight Office and the Stilwell Commission, the OPM job 
classification standards for security should be revised immediately 
io ensure comprehensive and accurately graded descriptions of 
modern security disciplines. 

One of the common themes in all recent studies of security coun- 
termeasures—the Information Security Oversight Office (ISOO) 
task force, the Stilwell Commission, and the Inman Panel—is the 
need for better training not only for security professionals, but also 
for managers and other officials having security responsibilities. In 
the near-term, the quality of training for new security personnel 
must have special attention. Through the government, security ini- 
tiatives are providing funds for new personnel. Agencies should be 
held accountable for ensuring that the most qualified personnel are 
recruited and that their training meets high standards. 

The National Strategic Security Program should establish gov- 
ernment-wide security training objectives for managers, security 
professionals, personnel security clearance adjudicators, and indus- 
trial security officiers. Minimum levels of training and certification 
should be established for industrial security personnel, clearance 
adjudicators, and other positions requiring consistent standards. 
Because the Defense Investigative Service and the Defense Security 
Institute (DSI) have crucial roles in the development and imple- 
mentation of security training programs and industrial ep icd 
generally, an expanded government-wide training role for I 
should be considered. The Information Security Oversight Office 
has made a similar recommendation. DSI could serve as a national 
security training and education center serving all federal depart- 
ments and agencies. Consideration should also be given to forming 
under DSI an interagency group, with counterintelligence agency 
participation, to develop and review effective security awareness 
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educational material and techniques. Given the concentration of 
sensitive facilities on the West t, establishment of a perma- 
nent West Coast security training facility for government and con- 
tractor personnel should be considered. 

One of the most challenging and difficult tasks that a National 
Strategic Security Program must address is the development of co- 
herent and effective policy for operations security (OPSEC). OPSEC 
has many definitions amoung the various departments and agen- 
cies. It can include the implementation and assessment of U.S. ef- 
forts to frustrate hostile intelligence collection. Another element is 
the careful design of particular unclassified activities or informa- 
tion to keep hostile intelligence services from putting together bits. 
and pieces of information to detect classified missions or the pres- 
ence of sensitive installations. 

Equally important is the assessment of government practices out- 
side the national security field that could help or hinder hostile in- 
telligence collection efforts. The recently established National Op- 
erations Security Advisory Committee of the IG-CM(P) has taken 
several valuable initiatives in restricting public availability of sen- 
sitive data. 

A 1985 interagency assessment identified serious OPSEC weak- 
nesses. The National Strategic Security Program should develop 
government-wide OPSEC objectives and ensure that relevant agen- 
cies have the necessary resources and programs to achieve these 
goals. Just as sensitive military units take care to ensure that 
changes in routine activity will not provide our enemies indications 
and warning of their operations, so must agencies and contractors 
involved with sensitive agencies or programs incorporate OPSEC in 
their overall security philosophy and programs. 

These are some of the government-wide security issues that 
should be addressed by a National Strategic Security Program. 
Others are detailed in the sections below on personnel security; in- 
formation security; communications, computer and emanations se- 
curity; technical and physical security; and industrial security. 


Findings and Recommendations 


. 96. Recommendation.—The Executive branch should develop and 
implement a comprehensive National Strategic Security Program 
which would provide: 
a. NSC-approved objectives and policy direction; 
b. A broad master plan faithful to the objectives and policies, 
and both based upon and prioritized in light of the threat; 
c. Close coordination of implementing programs; 
d. Assessment and allocation of resource requirements for all 
areas of common concern—such as, but not limited to: R&D; 
computer security; TEMPEST and personnel security; and core 
training for technical security countermeasures; 
e. Oversight of implementation of national policy; and 
. FRA review of total resources planning. 
This program, although within the NSC, should be structured so as 
to provide long-term continuity and consistency through succeeding 
Administrations. Accordingly the program and the essential struc- 


ture for its maintenance should be promulgated by the President in 
an Executive Order. 
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47. Finding.—Recent IG-CM changes promulgated by the DCI, al- 
though not sufficient, in the Committee's view, to solve the prob- 
lem, are a welcome sign of the seriousness with which officials are 
addressing the need to improve the security process. 

48. Recommendation.—The Defense Department should enhance 
its security policy and oversight capabilities in the Office of the 
Secretary of Defense so as to ensure integration of policies for the 
various DoD security programs 

49. Recommendation.—The National Strategic Security Program 
should evaluate security countermeasures resource priorities for 
the NSC and OMB on an annual basis. Security resources should 
be identified by function and program in departmental and agency 
budget justifications. The Administration and the Congress should 
consider additional ways to implement a more coherent budget 
process for security programs. 

40. Recommendation.—The National Strategic Security Program 
should assess requirements for research and analysis on security 
countermeasures to promote aggressive and balanced efforts gov- 
ernment-wide, especially on personnel security. 

41. Recommendation.—The National Strategic Security Program 
should emphasize commander and manager responsibility for secu- 
rity, including government-wide application of the recent DoD 
action to incorporate security into performance evaluations and de- 
velopment of more realistic and consistent policies for disciplinary 
sanctions. 

42. Recommendation.—The National Strategic Security Program 
should commission an independent evaluation of the recruitment, 
training, pay, status, professional development and retention of fed- 
eral security personnel. Relevant OPM job classifications should be 
revised and modernized. 

48. Recommendation.—The National Strategic Security Program 
should establish government-wide security training objectives and 
should require minimum levels of training and certification for in- 
dustrial security officers, clearance adjudicators, and other posi- 
tions requiring consistent standards. 

44. Recommendation. —The National Strategic Security Program 
should consider phased assignment of national responsibilities for 
security training to the Defense Security Institute (DSD, with an 
interagency group including representation from U.S. counterintel- 
ligence agencies to develop security awareness materials. DSI 
should establish a West Coast annex. 

45. Recommendation.—The National Strategic Security Program 
should develop government-wide operations security (OPSEC) objec- 
tives and ensure that relevant agencies have the necessary re- 
sources and programs to achieve those goals. 


B. PERSONNEL SECURITY 


: The most important barrier to the hostile intelligence threat and 
the growing willingness of Americans to divulge classified informa- 
tion for financial gain is a sound personnel security program. Un- 
fortunately, recent Executive branch and congressional studies 
have identified significant weaknesses in U.S. Government person- 
nel security practices. Many of the issues raised by the Report of 
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the Commission on Government Security in 1957 remain unre- 
solved today, particularly the need for national policy guidance and 
oversight. The Stilwell Commission, the DoD Industrial Security 
Review Committee (formed after the Harper espionage case), the 
Permanent Subcommittee on Investigations of the Senate Govern- 
mental Affairs Committee, other interagency assessments, and in- 
vestigations of agency performance prompted by recent espionage 
cases have all addressed deficiencies, inconsistencies and ineffec- 
tiveness in the administration of personnel security policies and 
programs. Development of a more coherent and effective personnel 
security policy should have the highest priority in a National Stra- 
tegic Security Program. 

The Stilwell Commission, while finding the DoD security pro- 
gram “reasonably effective," made the following critique: 


Clearly there is room for improvement. Many people are 
cleared who do not need access to classified information. . 
Background investigations yield relatively little derogatory 
information on those being cleared, and under the existing 
adjudication process, far fewer still are actually denied a 
clearance. Once cleared, very little reevaluation or reinves- 
tigation actually occurs, and relatively few indications of 
security problems are surfaced. The principle that a 
cleared individual is authorized access only to that infor- 
mation he “needs to know” is generally not enforced. 


The Commission attributed these problems to insufficient resources 
and the desire not to let security interfere with mission accom- 
plishment. 

The Committee endorses vigorous implementation of most of the 
Stilwell Commission’s recommendations on gaining and maintain- 
ing access to classified information and on detecting and investigat- 
ing security violations. They should be reviewed at the NSC level 
and adopted for government-wide application. In summary, the 
Commission proposes: 

For Secret clearances, better background checks, an eventual 
reinvestigation system, and better workplace controls (docu- 
ment logs and briefcase searches). 

For Top Secret information, many more reinvestigations, 
more polygraphs primarily for reinvestigations, better work- 
place controls (a personal reliability program and a ban on 
one-man access), and a special crypto-access compartment. 

More inspections and management responsibility. 

Not issuing clearances for information to personnel who re- 
quire only access to the workplace. 

Measures to reduce the number of clearances and streamline 
security requirements for contractors, including a billet system 
to cut the number of Top Secret clearances, justification for 
each contractor clearance (with periodic rejustification for 
overseas positions), and a single scope for Top Secret and SCI 
background investigations. 

To free resources to cover other costs, the easing of reinstate- 
ment procedures for contractors whose clearances lapse for a 
short time and the routine granting of interim Secret clear- 
ances while initial investigations are conducted. 
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These recommendations reflect the most comprehensive and de- 
tailed analysis of DoD personnel security requirements that has 
been conducted in decades. Nevertheless, in some respects they fall 
short of meeting current needs. 

The first requirement is resources. Personnel security is serious- 
ly underfunded, especially in comparison to the technical programs 
for communications and computer hardware and software. Redress- 
ing this imbalance should be one of the highest priorities for a Na- 
tional Strategic Security Program. Congress added $25 million for 
the Defense Department in FY 1986 to reduce the backlog of inves- 
tigations and, especially, of reinvestigations of persons with Top 
Secret clearances. The Committee has recommended, and the 
Senate has passed, an additional $22 million authorization and 358 
positions for FY 1987 to accelerate implementation of Stilwell Com- 
mission recommendations, primarily regarding more detailed inves- 
tigations for Secret clearances. Intelligence elements have also reg- 
ularly fallen short of meeting periodic reinvestigation goals be- 
cause of inadequate funding. This is true as well for the FY 1987 
budget. The basic problem is that personnel security has had rela- 
tively low priority in the Executive branch budget process. The 

. Committee welcomes recent testimony by the DDCI that the CIA 
will give much higher priority to reinvestigations. 

Nowhere is the adage “penny wise, pound foolish” more apt, yet 
even the Stilwell Commission had to confront serious resource con- 
straints. Its goal is to reduce the DoD backlog of reinvestigations 
for persons holding Top Secret clearances to manageable levels 
within four years and to conduct periodic reinvestigations of all 
persons holding Secret clearances and above by 1995. Efforts to 
reduce the number of positions requiring [ri Sheep investigations 
can alleviate some of the pressure, but the technological sophistica- 
tion of modern military systems and the need for widespread access 
to intelligence products requires that large numbers of DoD person- 
nel have at least Secret-level clearances. On the civilian side, the 
work of Departments such as State, Energy, Justice and Treasury 
will continue to require that many employees have background in- 
vestigations and reinvestigations. 

Over the years, resource constraints have prevented any serious 
consideration of field investigations for Secret clearances, which 
have been based on name and fingerprint checks of law enforce- 
ment and counterintelligence files. Some of the most sensitive in- 
formation in the U.S. Government is classified at the Secret level, 
and sustained passage of Secret information to hostile countries 
would do grave damage to national security in many areas. The 
Harper case is a good example where compromise of a substantial 
amount of Secret information from a defense contractor's office did 
great harm. The current requirements for Secret clearance investi- 
gations are too low, and the proposals for wider checks are too 
modest. 

At a minimum, the investigative requirements for a Secret clear- 
ance should include, in addition to file checks: a credit check; in- 
quires to present and past employers; more documentation of iden- 
tity; other field inquiries on recent life history; and a subject inter- 
view. The key is the interview, to surface issues that may merit 
further investigation. This recommendation requires a substantial 
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increase in manpower and funds, but the cost is reasonable in light 
of the Soviet bloc intelligence emphasis on acquisition of Secret- 
level technological data. EM 

Overall, the Stilwell Commission goal of eliminating the reinves- 
tigation backlog within four years should be extended government. 
wide and.to contractor employees. In addition, a government-wide 
plan for Secret clearances should be developed and submitted to 
the Committee, with a target of implementation in less than the 
ten years proposed by the Stilwell Commission. A government-wide 
funding plan to achieve all these objectives should be submitted to 
Congress as soon as possible. . 

Another resource problem results from the resistance of some au- 
thorities to modification of Top Secret and SCI background investi- 
gation requirements that Defense Department officials have con- 
cluded are not cost-effective. Because the Defense Investigative 
Service, CIA and OPM have different policies on the scope of those 
investigations, it is not unusual for individuals, particularly in in- 
dustry, to have two or more background investigations in the same 
year for Top Secret and SCI access. Moreover, some agencies 
appear unwilling to simplify their background investigation proce- 
dures in the light of cost-effectiveness studies. While the Commit- 
tee has not attempted to evaluate alternative procedures in detail, 
it strongly recommends that a uniform policy be established to 
achieve less costly and more timely background investigations and 
clearances and to eliminate redundant investigations. 

Another factor that should guide development of a "single scope" 
investigation is the high priority for reinvestigations. Recent espio- 
nage investigations indicate that none of the current approaches to 
initial clearance is infallible. Espionage-related issues rarely sur- 
face during initial background checks. Biroamtining the procedures 
for initial investigations would releasé manpower for use in meet- 
ing the five-year reinvestigation requirement that all agencies 
agree should apply to Top Secret and SCI Clearances. 

The Committee also believes that a "single scope" background in- 
vestigation for Top Secret and SCI clearance should include an in- 
depth interview of each subject by a trained and experienced secu- 
rity officer. The record indicates that such interviews are often ef- 
fective in surfacing issues not uncovered by a field investigation 
that bear on the ability of an individual to handle sensitive infor- 


mation. = 
Several Stilwell Commission proposals de -special emphasis. 
A reliability clearance for persons needing access to a site, but not 
to classified information, would underscore the importance of 
need to know.” There are no figures on the number of people with 
clearances where the intent is solely to determine their reliability. 
Included in this category are guards, char force, maintenance per- 
sonnel, etc. Implementation of this measure would set the stage for 
carrying out such other measures as a “billet control system” de- 
scribing which positions require access to classified information. 
This action will help revive the need-to-know rule by drawing a 
clear distinction between clearance for one purpose and clearance 
for other purposes. 
The Committee Shares a concern, expressed initially by the Per- 
manent Subcommittee on Investigations, about the potentially seri- 
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ous risks in issuing security clearances to foreign-born individuals 
whose background cannot be verified adequately. The Stilwell Com- 
mission's proposal for use of the polygraph in such cases is compa- 
rable to the FBI's policy of polygraphing foreign nationals em- 
ployed for specialized purposes. Agencies must guard against over- 
reliance on the polygraph, of course, especially when independent 
corroboration is so difficult to obtain. Other approaches tailored to 
particular agency needs should also be considered. A government- 
wide minimum standard is needed, however, in order to ensure 
cross-agency acceptance of clearances. 

One Stilwell Commission recommendation that should be recon- 
sidered is the proposal for one-time, short duration (read on, read 
off) access by cleared personnel to the next higher level of classified 
information when necessary to meet operational or contractual ex- 
igencies. Given the vast differences between investigative standards 
for Secret and Top Secret, there is too great a risk in giving an in- 
dividual with only a Secret clearance access to Top Secret informa- 
tion. If the requirements for Secret clearances are substantially up- 
graded, this proposal could be reconsidered as a means to conserve 
security resources. As the Stilwell Commission recognized, adminis- 
trative oversight is essential to ensure that repeated read on, read 
off access does not become a loophole for semipermanent access. 

Several areas of concern not mentioned by the Stilwell Commis- 
sion deserves serious consideration. One is the need for relevant 
data on persons who leave positions with Top Secret or sensitive 
Son eruere accesses. Pelton, Howard and, for the most part, 
Walker committed capionage after each had lost his clearances. 

Walker’s greed and his aberrant conduct as a private investiga- 
tor could have alerted a Navy system tasked to continue oversight 
of individuals with previous high clearances. No such system effec- 
tively exists. Pelton's bankruptcy should have served as the indica- 
tor for further NSA review, particularly in view of Pelton's access 
to very sensitive information. Had Howard's travels and finances 
been known, the FBI might have been brought into that case much 
sooner. 

The Executive branch should consider requiring as a precondi- 
tion for clearance, that those who receive access to the most sensi- 
tive information agree to permit, for a period of years after their 
clearance ends, access to relevant financial and foreign travel 
records. In practice, for example, this would mean that agency se- 
curity officials could access credit bureau information on former 
employees, as DoD agencies are now doing on background investi- 
gations and reinvestigations pursuant to the Stilwell Commission’s 
recommendation. m 

Such a system could be abused if not clearly limited to persons 
with access to especially sensitive information and properly admin- 
istered under stringent safeguards for privacy and civil liberties. It 
would be important to establish clearly, for example, that the ex- 
amination of these records would not imply suspicion regarding a 
person. Another useful safeguard might be to limit the information 
gained from these records to an employee's security file unless the 
Director of Security certified that it warranted the attention of an- 
other office or the FBI. Other minimization procedures, perhaps 
based upon those in the Foreign Intelligence Surveillance Act, 
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could also be applied. In addition to providing better means to 
detect suspicious behavior, records access procedures could enable 
security offices to respond in a timely and helpful fashion to evi- 
dence of financial problems among personnel whose recent sensi- 
tive accesses would make them lucrative intelligence targets. 

The Committee recommends that the Executive branch study the 
possibility, in consultation with appropriate congressional commit- 
tee and civil liberties experts, of a program of expanded post-access 
foreign travel reporting obligations and/or agency access to rele- 
vant financial and travel records. The Committee believes that 
such a program, if combined with proper safeguards and limited to 
those persons whose access to the most sensitive information clear- 
ly warrants special measures, might be acceptable from a civil lib- 
erties standpoint. A similar view has been expressed by a ranking 
ACLU official at a recent conference sponsored by the Congression- 
al Research Service of the Library of Congress. 

Another initiative, relevant to the role of a National Strategic 
Security Program in fostering and coordinating research, is exami- 
nation of the value of psychological testing in the security clear- 
ance process. Some authorities contend that such testing can help 
identify persons disposed to disregard their obligations for the sake 
of self-gratification. Any use of psychological testing, however, 
should take full account of the need for test reliability, trained per- 
sonnel to interpret results, and protection of individual rights. Psy- 
chological testing can supplement, but not replace other screening 

evices. 

The Stilwell Commission urged the Secretary of Defense, al- 
though not in a formal recommendation, to press for revival of the 
interagency effort chaired by the Justice Department in 1983-84 to 
draft a new Executive Order on personnel security. While drafting 
such an order may be a lengthy process and must not be an excuse 
for inaction on the specific national policy issues discussed above, a 
new Executive Order would make an important contribution to 
better personnel security. Such an order should provide a formal 
Presidential mandate for minimum government-wide standards 
and procedures that incorporate the essential elements of national 
policy on key topics, with details to be spelled out in an implement- 
ing directive that can be updated periodically in light of experience 
and research. Second, it should establish an office similar to the In- 
formation Security Oversight Office to provide the kind of policy 
guidance and oversight of implementation that ISOO has supplied 
for information security. The absence of such an office makes it ex- 
tremely difficult for the National Security Council to address per- 
sonnel security policy issues government-wide. Third, a new Execu- 
tive Order should focus exclusively on policies and procedures for 
access to classified information and to facilities where classified in- 
formation is maintained. Experienced Justice Department officials 
believe that such an order would make it easier to defend in court 
decisions to deny or remove security clearances. 

More extensive and timely background investigations and rein- 
vestigations, with streamlined government-wide standards and pro- 
cedures, must feed into an adjudication system with rigorous but 
realistic criteria for granting or denying clearances. There is cur- 
rently no uniform requirement to deny a clearance to a person who 
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has been convicted of a felony or has admitted to conduct which 
constitutes a felony under state or local law. There is no require- 
ment for follow-up inquiries in cases where clearances are granted 
to persons admitting problems like drug use. (The FBI has ex- 
pressed particular concern about this problem in contractor facili- 
ties, where habitual drug users have posed real threats to sensitive 
research and development programs.) There is no government-wide 
requirement for training of persons who adjudicate security clear- 
ance cases. (Only one agency currently has a formal adjudicator 
training school and individual services tend to have too few adjudi- 
cators to justify their own training programs.) The lack of training 
and experience among adjudicators causes delays and inconsisten- 
cies within and among agencies. 

Agency and interagency investigations of such recent espionage 
cases as Edward Lee Howard and Jonathan Pollard have highlight- 
ed serious flaws in agency hiring, assignment and termination 
practices. The CIA and DoD have moved to rectify problems, and 
there will probably be interagency consideration of adopting simi- . 
lar corrective measures. The CIA and other agencies have also 
become more sensitized to the risks inherent in decisions to give 
sensitive assignments to persons with a history of personal prob- 
lems. While there is a balancing need not to do away with neces- 
sary managerial flexibility, these corrective steps are basically 
much needed and long overdue. 

Underlying these specific problems is a general attitude that the 
purpose of the clearance process is simply to wed out those individ- 
uals most obviously likely to pose a threat to security. Wider back- 
ground checks will have little impact if the results are not used ef- 
fectively. Especially for Top Secret clearances and for the most sen- 
sitive Secret clearances, the policy should be reversed. Clearances 
should go to individuals whose records demonstrate a clear apti- 
tude for security. That is, their background and personal qualities 
should show a high sense of responsibility—not just the absence of 
proved disqualifying factors. At the same time, denial of such 
highly sensitive clearances should not affect the ability to pursue 
careers in other areas. 

A final personnel security issue is the use of polygraph examina- 
tions as part of the initial clearance process or in reinvestigations. 
Since 1983, the Committee has followed closely the various at- 
tempts in the Executive branch to widen use of polygraphing for 
personnel security purposes and congressional efforts to control 
such practices by statute. The Committee has consistently support- 
ed the approach taken by the Senate Armed Services Committee in 
approving a personnel screening polygraph test program for the 
Defense Department. That test program is limited to counterintelli- 
gence-related questions and has very stringent quality controls and 
safeguards for individual rights. The same limitation, controls and 
safeguards should apply to any expansion of polygraphing in other 
departments and agencies. The National Strategic Security Pro- 
gram should ensure full coordination of departmental policies and 
practices for this purpose. 

The Committee is concerned about the tendency to place an over- 
reliance on the polygraph, thereby allowing apparent passage of an 
examination to validate the reliability of an individual who may be 
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intent on espionage. Other concerns are the persistent underfund- 
ing for implementation of some high-quality polygraph programs 
and the risks that incompetent or improper use of the polygraph 
may harm the careers, reputations. or well-being of loyal Ameri- 
cans. Adequate research on personnel screening polygraph prac- 
tices is also lacking. 

An essential prerequisite for any wider polygraph program in 
DoD or other agencies is a significant upgrading of the national 
polygraph training school managed by the Army. This training pro- 
gram should be the focal point for development of a government- 
wide approach to personnel security polygraph examinations, in- 
cluding equipment requirements, question format, quality controls, . 
and use of individuals as training subjects. A model that should be 
studied is the Air Force Seven Screens program, which is described 
in a recent report to the Senate Armed Services Committee. This is 
a screening program that uses only counterintelligence-related 
questions and is designed to establish and maintain strict quality 
controls and respect for individual rights. The establishment of an 
Oversight and Review Committee and the conduct of regular in- 
spections are especially valuable features of Seven Screens that 

‘should be considered for use in other polygraph programs. The 
Committee is pleased that other sensitive DoD programs are adopt- 
ing the Seven Screens approach. 

The Stilwell Commission recommended that Congress replace the 
current statutory authority for a limited DoD “test program" with 
permanent legislation authorizing the use of polygraph examina- 
tions for personnel screening with counterintelligence-related ques- 
tions for DoD personnel. Any such legislation should incorporate 
standards for quality control and respect for individual rights and 
should provide a means whereby those standards can be enforced. 
DoD has prepared draft legislation for this purpose. The legislation 
deserves serious consideration in the next Congress, after thorough 
review of the current test program. If Congress does not yet have 
sufficient test data to decide this issue, then the current test pro- 
gram should be extended for a specific period, at the end of which 
a decision on permanent authority will be made. 

The DoD-proposed polygraph legislation would apply only to the 
most sensitive positions and would include both quality control and 
oversight requirements. The Secretary of Defense and the Armed 
Services Committees would agree in advance to an annual numeri- 
cal ceiling on examinations to be given, and no adverse action 
could be taken soley on the basis of polygraph results except with 
approval at the highest levels in special. circumstances. In review- 
ing this proposed legislation, Congress should consider the adequa- 
cy of DoD policy oversight and inspection arrangements to ensure 
consistent implementation and quality control for all DoD compen- 
ents. As recommended elsewhere, this requires augmentation of 
OSD security policy staff personnel. An oversight and review com- 
mittee comparable to SEVEN SCREENS should also be considered. 

, The difficulties with expanding the, use of polygraph examina- 
tions in DoD and other departments suggest a need for caution at 
the national policy level. There is widespread misunderstanding 
about the use of polygraphs for personnel security screening with 
Cl-related questions and strict quality controls. While a uniform 
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national policy for access to certain types of highly sensitive data is 
desirable in theory, more needs to be done to explain the proce- 
dures and safeguards to federal employees, the Congress and the 
public and to compile data on employee reactions to such examina- 
tions before a government-wide policy is implemented. 


Findings and Recommendations 


46. Finding.—Defense Department adoption of Stilwell Commis- 
sion recommendations is a major step forward. The Committee has 
supported additional funding in FY 1986 and 1987 to accelerate im- 
plementation of recommendations regarding clearance investiga- 
tions. 

47. Recommendation.—The National Strategic Security Program 
should ensure substantially increased funding for personnel securi- 
ty in all relevant departments and agencies. A Government-wide 
plan should be submitted to Congress to achieve the following 
goals: (a) elimination of the reinvestigation backlog for Top Secret 
(including SCI) within four years; and (b) implementation within 
less than ten years of a program for intensified investigation and 
reinvestigation for Secret clearances. 

48. Recommendation.—Agreement should be reached as soon as 

ossible on a “single scope” background investigation for all Top 
Bacret and SCI clearances. The uniform policy should provide for: 
(a) less costly and more timely background investigations and clear- 
ances; (b) highest priority for meeting the five-year reinvestigation 
requirement; and (c) a subject interview in all cases. _ 

49. Recommendation. Goverhitient- wide adoption should be con- 
sidered for the Stilwell Commission recommendations to prohibit 
the practice of requesting security clearances solely to provide 
access to a controlled area, where there is no need to know or even 
to be exposed to classified information. Reliability investigations 
should still be conducted in such cases, with standards equal to 
those proposed by this report for Secret clearances. 

50. Recommendation.—More effective means should be estab- 
lished for investigating and clearing immigrant aliens and foreign 
nationals overseas who are granted access to classified information. 

51. Recommendation.—Implementation of the proposal for one- 
time, short duration access by cleared personnel to the next higher 
level of classified information should be postponed until Secret 
clearance requirements and investigations are upgraded and the 
IG-CM(P) has reviewed the issue. 

52. Recommendation.—The Executive branch should study the 
possibility, in consultation with appropriate congressional commit- 
tees and civil liberties experts, of a program for requiring those 
who receive access to the most sensitive information to agree to ex- 
panded post-access foreign travel reporting obligations and/or 
agency access to relevant financial and travel records. Such a pro- 
gram would need to be clearly limited and to incorporate proper 
safeguards regarding the use of the information obtained. 

53. Recommendation.—The National Strategic Security Program 
should increase personnel security research, including expanded re- 
search and evaluation on the wider use of psychological testing in 
the clearance process, taking full account of individual rights, as 
well as the implications of recent espionage cases. 
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54. Recommendation.—The President should issue a new Execu- 
tive Order on personnel security. The order should provide for gov- 
ernment-wide minimum standards and procedures and a policy 
oversight office similar to the Information Security Oversight 
Office. It should focus exclusively on personnel security programs 
regarding access to classified information and to sites where classi- 
fied information is maintained. Drafting of this order should not 
delay action on other recommendations. 

^. 55. Recommendation.—The National Strategic Security Program 
should improve the adjudication process for granting or denying se- 
curity clearances, with more rigorous standards regarding persons 
who have committed felony offenses; follow-up measures where per- 
sons with admitted problems like drug use are cleared; and a gov- 
ernment-wide requirement for training of adjudicators. For the 
most sensitive positions, a "select in" policy based on demonstrated 
aptitude for security should be adopted in place of the current 
*select out" policy based on the absence of proved disqualifying fac- 


tors. 

56. Finding.—Agency and interagency investigations of recent es- 
pionage cases have highlighted flaws in hiring, assignment and ter- 
mination practices. Recent corrective efforts in CIA and DoD and 
proposed government-wide consideration of similar measures - 
should be very useful. The Committee will continue to monitor © 
these efforts to achieve needed corrective action without destroying 
necessary managerial flexibility. 

57. Recommendation.—The national Strategic Security Program 
should ensure full coordination of departmental policies and prac- 
tices for the use of polygraphing in personnel security screening so 
as to maintain stringent quality controls and safeguards for indi- 
vidual rights, to prevent over-reliance on this technique, to provide 
for necessary research and funding, and to improve understanding 
of the procedures. 

38. Recommendation.—Congress should consider permanent legis- 
lation authorizing DoD to use polygraph examinations for person- 
nel security screening with Cl-related questions, based on the most 
recent DoD proposal. If a decision cannot be reached in 1987 be- 
cause of insufficient test data, then Congress should extend the 
current test program for a fixed period. 

59. Recommendation.—The other Stilwell Commission recommen- 
dations on personnel security should be implemented vigorously in 
DoD with augmented OSD policy oversight, and they should be re- 
viewed at the NSC level for adoption government-wide. 


C. INFORMATION SECURITY 


In December, 1985, the Committee submitted to the National Se- 
pd Council nd series of M pur egies on information securi- 

, In response to a request for input on proposals developed by the 
Information Security Oversight Office (ISOO). In addition to calling 
for a National Strategic Security Program, as discussed above, the 
Committee urged immediate implementation of the ISOO proposals 
with strong, public endorsement of the President and the principal 
members of the National Security Council. The ISOO proposals 
would establish new information security policies for curbing over- 
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classification and over-distribution, improving classification man- 
agement, enforcing the need-to-know principle, and improving secu- 
rity awareness and investigations of unauthorized disclosures. The 
Committee recommended that senior executives and program man- 
agers be held personally responsible for effective implementation of 
these policies. 

Although the ISOO proposals are an excellent agenda for near- 
term actions, the Committee made several other recommendations 
for long-term decisions. First, there is a fundamental problem with 
the classification system because of its complexity. The Committee 
recommended consideration of a two-level system, based essentially 
on the current Secret standard and the Sensitive Compartmented 
Information model used in the Intelligence Community. A two-tier 
system offers a better chance of enforcing the need-to-know princi- 
ple and reversing the natural incentives to over-classification. 

The Confidential classification should be dropped, with such in- 
formation either kept unclassified or protected at the Secret level. 
The initial decision should be whether the information requires 
protection in order to prevent substantial harm to identifiable na- 
tional security interests. 

The classification threshold should reflect a policy that classifies 
information only where truly necessary to maintain the national 
security. The report on Scientific Communication and National Se- 
curity, issued in 1982 by a panel of the National Academy of Sci- 
ences, warned that undue controls can “weaken both military and 
economic capabilities by restricting the mutually beneficial interac- 
tion of scientific investigators, inhibiting the flow of research re- 
sults into military and civilian technology, and lessening the capac- 
ity of universities to train advanced researchers." The 1985 inter- 
agency report on Soviet Acquisition of Military Significant Western 
Technology reiterated the warning that restricting access to scien- 
tific data "may also inhibit the United States' own national re- 
search effort." As stated recently by former DIA Director Eugene 
F. Tighe, "[I]f the U.S. security system for handling classified mate- 
rial is to be useful, only data that are critical to the United States’ 
status as a political, economic and military power should be classi- 
fied." The assumption should be that information is unclassified, 
unless there is a specific reason for maintaining secrecy. 

The higher of the two classification standards should focus on 
the much smaller universe of data that require special protective 
measures above and beyond the normal safeguards for classified in- 
formation. As is the case with intelligence data designated SCI, 
classification at the second level should be based on a full analysis 
of the risks of compromise. Such analysis should ensure that spe- 
cial protective measures are imposed only where necessary and are 
not diluted by applying them too widely. Careful analysis should 
also provide the elements for more effective security briefings that 
help senior policy-makers as well as lower level employees under- 
stand the consequences of a security breach. . 

Executive branch officials have noted that many bilateral and 
multilateral national security agreements are linked to the current 
system, and that the handling of Confidential-level foreign materi- 
al at the Secret level will require some investment. The Committee 
recognizes that this change must be gradual. It is confident, howev- 
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er, that the declassification of many U.S.-generated documents that 
do not merit serious protective efforts will result in significant 
overall savings that can be devoted to better protection of Secret 


and Top Secret information. 
Another concern is that a higher classification threshold would 
make more documents a ible to people who request them, 


either directly or under the Freedom of Information Act. However, 
unclassified information of a sensitive character can be marked 
"For Official Use Only" to maintain a policy of not releasing such 
materials routinely or in response to non-FOIA requests. Concern 
about FOIA, moreover, should not dictate classification manage- 
ment policy, which should be geared to the most efficient protec- 
tion against hostile intelligence access to truly important secrets. If 
a case can be made that specific types of unclassified, but sensitive, 
information should be exempted from the FOIA, Congress should 
consider appropriate legislation as has been done for certain kinds 
of Defense Department technical data. This would be in keeping 
with the report on Scientific Communication and National Securi- 
ty, which called for development of specific criteria to determine 
whether unclassified scientific research should be protected by 
means short of classification. 

The other information security recommendations sent to the 
NSC by the Committee addressed the problem of disclosure of clas- 
sified information to the news media. The Committee is especially 
concerned about leaks that compromise sensitive intelligence 
sources and methods. The Committee emphasized the ISOO recom- 
mendation that more effective, unclassified educational materials 
be developed to explain the damage caused by unauthorized disclo- 
sures. The more does etse i recommendation was for new proce- 
dures for authori disclosure of classified information to the 
news media. 

, The Committee recommended that the NSC confront the perva- 
Sive practice of authorized disclosure of classified information on 
background, without permitting attribution to the source. By exec- 
utive order, the President should require each agency to establish 
procedures to be followed whenever an official authorizes the dis- 
closure of classified information to the news media or in any other 
public forum. The procedures should apply not only to formal state- 
ments for attribution, but also to disclosures on background. They 
should require that a decision be made to declassify the exposed in- 
formation or that a record be maintained for purposes of account- 
ability when authority is exercised or granted to disclose informa- 
tion that remains classified. The procedures should require consul- 
tation with the agency that originated the information and written 
designation of the officials in each agency who are authorized to 
communicate classified information to the media, either in person 
or through an authorized representative. 

Some Executive branch officials oppose such procedures as likely : 
to open the floodgates for "authorized leaks." Others want strict 
enforcement of a policy that any classified information disclosed to 
the media be officially declassified. The Committee strongly encour- 
ages adherence to a policy that officials speak on the record to the 
maximum extent. Nevertheless, there may well be valid reasons for 
retaining a background briefing's classified character. Any serious 
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effort to address the problem of leaks must face the realities of 
press-government relations. More leak investigations may accom- 
plish little, moreover, so long as authorized background disclosures 
continue to divert investigators from cases in which administrative 
discipline, dismissal or legal action is possible. Policies that ignore 
"authorized leaks" simply reinforce the climate of cynicism that 
has fostered disrespect for security. 

In addition to the recommendations submitted to the NSC in De- 
cember, 1985, the Committee has several other information securi- 
ty recommendations. Many proposals of the Stilwell Commission on 
managing and controlling classified information should be consid- 
ered government-wide. These include recommendations to: 

Require, rather than simply permit, challenges to classifica- 
tions believed to be improper. 
Require a higher minimum degree of accountability for 
Secret documents. 
Impose better controls over reproduction equipment used to 
copy classified information. 
Initiate long-term action to develop technical or mechanical 
controls over unauthorized reproduction. 
Reduce unnecessary retention and storage of classified docu- 
ments. 
Prohibit employees from working alone in areas where Top 
Secret or similarly sensitive materials are in use or stored. 
The Stilwell Commission recommendations on special access pro- 
grams and on National Disclosure Policy for transfers of classified 
information to foreign governments are particularly important. 

The proliferation of special access programs is testimony to the 
failure of the current security system. I Director Steven Gar- 
finkel testified that “a number of these programs are probably un- 
necessary," and the Stilwell Commission reported that some actual- 
ly afford less security protection than ordinary classification re- 
quirements. This situation reflects the fact that, too often, there is 
no real analysis of the hostile intelligence threat to special access 
programs or of the reasons why normal security standards and pro- 
cedures offer inadequate protection. As the Stilwell Commission 
comments: 


[Although the sole rationale for the creation of Special 
Access Programs under Executive Order 12356 is to pro- 
vide enhanced security, there is sometimes too little scruti- 
ny of this determination at the time such programs are 
created. Unless an objective inquiry of each case is made 
by the appropriate authorities, the possibility exists that 
such programs could be established for other than security 
reasons, e.g., to avoid competitive procurement processes, 
normal inspections and oversight, or to expedite procure- 
ment actions. 

The Stilwell Commission's proposed policies, standards and con- 
trols for special access programs should be adopted government- 
wide. The development of minimum security standards for all DoD- 
established special access programs, which was recommended by 
the Stilwell Commission and has now begun, should end the temp- 
tation to use SAPs as a way to avoid normal security requirements. 
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The assignment of Defense Investigative Service personnel to work 
full-time at major contractor facilities may reduce the likelihood of 
problems like those recently revealed at Lockheed regarding pro- 
tection of information on stealth technology. 

Executive Order 12356 on National Security Information should 
be modified, moreover, to place more controls on the establishment 
of special access programs and to give the ISOO Director greater 
authority to conduct oversight and ensure accountability of special 
access programs. A revised executive order should designate the 
Secretary of Defense as the sole official entitled to create or contin- 
ue defense-related, non-intelligence special access programs. There 
should also be a comprehensive, one-time review and revalidation 
of all existing special access programs and associated contracts, 
with each department and agency reporting the results to the 
ISOO Director who should make an independent assessment for the 
NSC 


The Committee believes ISOO has made a valuable contribution 
to better information security, but its small size (10 professionals) 
unduly limits its ability to conduct oversight inspections and other | 
in-depth evaluations. ISOO's staff should be expanded to include a 
permanent element to inspect agency practices at all levels of com- 
mand and management. While ISOO cannot replace internal in- 
spections, it should do more to ensure the effectiveness of agency 
inspections by sampling on a periodic basis. ISOO should also wor 
closely with the Defense Security Institute to implement the gov- 
ernment-wide policy (proposed by ISOO) requiring seminars and 
training courses for all levels of commanders and managers, in gov- 
ernment and industry, to understand information security policy 
and procedures, especially classification management. 

Classification management training should focus, in part, on the 
fact that the only valid national security reason for classifying in- 
formation is that a hostile element whose goal is to damage the in- 
terests of the United States should not have use of the information. 
Throughout the government, most classification judgments : are 
made by the “proponent,” i.e., the originator or functional manager 
Her slant for the substance of the information. Few classification 
authorities consider or have a good knowledge of how a hostile ele- 
e ment, government or otherwise, would use a particular piece of in- 

formation to damage U.S. national security interests. 

An informal query of government and industrial managers by 
Committee staff tends to validate the report that managers are 
often deficient in their knowledge of classification management re- 
quirements and procedures. The proliferation of classified docu- 
ments and the need for greater security has sprawned an entire 
dictionary of special classification markings and control systems. 
The rise of these special markings and control systems has tended 
to generate a false sense of security and also to confuse those who 
do not fully understand their meanings. ISOO and the DCI should 
undertake a thorough reassessment of these practices with a view 
to simplifying the special markings systems. 1 

Special markings help to enforce need-to-know restrictions by 
warning a reader what accesses are required to read a document. 
Equally important, however, is a need for clear assignment of re- 
sponsibility for determining whether someone has a requirement 
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for access to information about a particular program. ISOO should 

review current directives and regulations to ensure that such re- 

ee are pinpointed and that compliance is audited regu- 
y. 

Finally, the Committee does not believe that legislation to en- 
hance criminal enforcement remedies for unauthorized disclosure 
of classified information would be appropriate this year. After com- 
pletion of the appeals in the Morison case, a reassessment by both 
Congress and the Executive branch might be in order. The Commit- 
tee does, however, support continued investigation of unauthorized 
disclosures within agencies and by the FBI for purposes of adminis- 
trative discipline as well as criminal prosecution. When Depart- 
ment of Justice guidelines for leak investigations are reviewed pur- 
suant to ISOO's proposal, they should be revised to reflect this 
policy. Polygraph examinations should also continue to be used in 
leak investigations on a voluntary basis in accordance with proce- 
dures followed in other types of criminal investigations. 


Findings and Recommendations 


60. Recommendation.—The Executive branch should immediately 
implement the Information Security Oversight Office (ISOO) pro- 
posals, with strong public endorsement by the President and the 
principal members of the National Security Council. 

61. Finding.—The complexity of the current information security 
System has led to overclassification, employee confusion and igno- 
rance, inability to protect all the information earmarked for protec- 
tion, and, at least at times, cynical disregard for security. 

62. Recommendation.—The Executive branch should consider 
simplifying the classification system by establishing two levels, 
eliminating the current Confidential classification. This streamlin- 
ing should be preceded by consultation with other countries with 
whom the United States shares security classification agreements. 

63. Recommendation.—An Executive Order should be promulgat- 
ed requiring each agency to establish procedures governing author- 
ized disclosure of classified information to the news media, includ- 
ing background disclosures of information that remains classified. 
Such procedures should require records for accountability, consul- 
tation with originating agencies, and designation of officials au- 
thorized to disclose classified information to the media. 

64. Recommendation.—The Executive branch should review the 
Stilwell Commission proposals on managing and controlling classi- 
fied information for ible government-wide implementation as 
part of the National Strategic Security Program. 

65. Recommendation. —Executive Order 12356 should be modified 
to require greater controls on special access programs and to give 
the IS00 Director greater authority to oversee such programs. The 
Secretary of Defense should have sole authority to approve defense- 
related, non-intelligence special access programs. The whole gov- 
ernment should conduct a comprehensive review and revalidation 
of all existing special access programs and associated contracts, 
with an independent assessment by the ISOO Director. Such re- 
views should be repeated on a periodic basis. f 

66. Recommendation. —ISOO’s staff should be expanded to in- 
clude a permanent inspection element. ISOO should work with the 
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Defense Investigative Service to implement improved training 
courses on information security and classification management. 
ISOO and the DCI should also reassess special markings with a 
view to simplification. ISOO should erisure that agencies designate 
individuals/positions with responsibility for determining need-to- 
know access. 

67. Recommendation.—The Executive branch should postpone 
consideration of new criminal penalties for unauthorized disclosure 
until after the appeals in the Morison case. The Committee sup- 
ports continued internal agency and FBI investigations for pur- 
poses of administrative discipline as well as prosecution, including 
use of voluntary polygraph examinations under criminal investiga- 
tive procedures. Justice Department guidelines for leak investiga- 
tions should be revised to reflect current policy of using adminis- 
trative sanctions when prosecution is not pursued. 


D. COMMUNICATIONS, COMPUTER, AND EMANATIONS SECURITY 


The rapid expansion of electronic systems and equipment capable 
of very high-speed transmission and storage of large volumes of in- 
formation offers striking capabilities and opportunities for the 
United States, particularly in the areas of national defense and in- 
telligence. Equally striking are the security vulnerabilities of such 
systems, for which Executive branch efforts to develop and imple- 
"ment countermeasures are in their embryonic stage. The Defense 
Department and NSA have been given the lead in developing na- 
tional policy for security countermeasures against hostile intelli- 
gence efforts to intercept communications, penetrate computer sys- 
tems, and monitor the emanations from communications and infor- 
mation processing equipment. 

Traditionally, communications security meant thé encryption of 
classified communications and the maintenance of discipline to 
ensure that classified information was not discussed on open lines. 
In the 1970s, two weaknesses with this approach came to be recog- 
nized. First, it was discovered that the Soviets had a massive capa- 
bility to intercept communications that could be exploited for sig- 
Bin intelligence value, even if the discussions were unclassi- 

led. 

The second factor was the inherent human weakness of govern- 
ment and contractor officials, at all levels, who inevitably fail to 
follow strict security rules. The inaccessibility or inconvenience of 
secure phones, and the ease of slipping into or "around" sensitive 
topics, meant that security briefings and penalties were simply not 
oo to prevent discussion of classified information on open 

nes. 


Congressional concern about communications security has in- 
creased with growing public awareness of the threat. In 1985, Con- 
gress enacted Senator Moynihan’s proposal that the FBI submit a 
report to Congress on the measures needed to counter the Soviet 
surveillance threat to domestic communications. This report was 
submitted in June, 1986, but was limited to the FBI’s counterintel- 
ligence support role without discussing steps being taken or 
planned by the National Security Agency’s Information Security 
Directorate to deny the Soviets access to domestic communications. 
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, The NSA communcations security program is described in detail 
in the annual budget justification submitted to the Intelligence 
Committee for the first time in 1985. NSA has recently initiated a 
major program to upgrade communcations security by developing a 
low-cost, user-friendly secure telephone system. NSA's leadership 
in working with private industry to develop such a system may 
lead to a significant security breakthrough. NSA's plans to work 
with the private sector by licensing use of essential cryptographic 
techniques in equipment marketed to the public are unprecedent- 
ed, and the Committee is satisfied with the efforts to take all equi- 
ties into account. The Committee supports NSA's plans for secure 
telecommunications equipment, including the idea of making the 
equipment available to the private sector; it recommends attention 
at the highest levels to the need for agencies outside the traditional 
national security arena to join in this program as appropriate. The 
Committee will continue to exercise budgetary and policy oversight 
of NSA’s communications security program. 

In this regard, the NSA is concerned that current plans do not 
fully respond to the threat to long-distance communications re- 
layed over satellite links and intercepted from sites like the one in 
Cuba. While the low-cost secure equipment developed under NSA's 
leadership may solve much of the problem for government agencies 
and private firms that can afford the cost, many organizations are 
much less likely to be able to pay the price. Efforts to neutralize 
the Soviet intercept operations that damage national security : 
should not depend so heavily on the marketplace. Senator Moyni- 
han, former Vice Chairman of the Intelligence Committee, has pro- 
posed a $1 billion program to encrypt all domestic communications 
satellite links. The Committee has asked for and received a five- 
year NSA plan to protect the most sensitive links that the Soviets 
could exploit to damage U.S. security interests. This less expensive 
proposal is to encrypt all dedicated channels leased by federal gov- 
ernment agencies, by private firms with government contracts, and 
by private firms that communicate large financial transactions and 
economic forecasts. The Soviet could exploit these unclassified links 
by piecing together information that, taken in aggregate, is highly 
damaging to the United States. In the Intelligence Authorization 
Act for FY 1987, the Committee recommends an increase of $129 
million for the communications security program above the funds 
requested by the Administration. More than half of this increase is 
to begin implementation of the domestic satellite protection plan. 

Another threat comes from hostile intelligence efforts to monitor 
emanations from equipment and/or electrical lines. This problem 
generally bears the label Tempest, from the term used for the 
costly shielding and equipment design measures sometimes needed 
to ensure against compromising emanations. Improvements are 
being made in definition of the threat and the most cost-effective 
countermeasures. The initial security standards developed by the 
Defense Department and the Intelligence Community were based 
primarily on the theoretical possibility of compromise. A 1983 
interagency assessment of actual and probable threats led to re- 
finement of the threat assessment, since the current threat appears 
much greater abroad than in the United States. The bulk of Tem- 
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pest expenditures, however, is still being made in the United 
Sta 


tes. 

On June 27, 1986, the General Accounting Office completed a 
review of domestic DoD and military service adherence to national 
Tempest policy for the House Committee on Government Oper- 
ations. The GAO concluded that more than a year after the issu- 
ance of the new January, 1984, Tempest policy, the services all con- 
tinued to follow their older internal Tempest guidance. 

. The GAO is of the view that the imposition of 'Tempest counter- 
measures on industry should be controlled from a central point 
within DoD." Also in order to minimize unnecessary Tempest-relat- 
ed expenditures, the report recommends that the Secretary of De- 
fense require all DoD components to conduct Tempest evaluations 
before implementing Tempest countermeasures in the United 
States to protect non-SCI information. Both the Stilwell Commis- 
sion and an interagency body have recommended increased efforts 
to relate more closely the extent of the Tempest protective effort in 
the U.S. to the identified hostile collection threat. The expenditure 
of funds and effort for unnecessary Tempest protection clearly 
shows the need for better threat analysis and interagency collabo- 
ration in developing the communications and computer security as- 
‘pects of a National Strategic Security ; 

The Committee sees a similar imbalance in resource allocation in 
the computer security field. Testimony at Committee hearings indi- 
cates a disparity in resources between the technological and human 
sides of the computer security problem. The overwhelming empha- 
sis today is on increasing expenditures for development of more 
secure equipment and software, rather than on the personnel and 

. information security measures needed to deal with the human side 
of the problem. The DCI testified that personnel security is "the 
most important part of any effective security program," yet the 
Computer Security Center at NSA and the interagency computer 
security committee (under the National Telecommunications and 
Information Systems Security Committee chaired by the Assistant 
Secretary of Defense for C?I) have focused mainly on hardware and — 
Systems design. 

The Stilwell Commission, citing the estimate that redressing the 
damage from the Walker-Whitworth case could cost several billion 
dolars, went on to warn: 


Given the range of density of information housed in major 
DoD computer-based systems, the possibility of remotely 
accessing terminals over great distance, and the difficulty 
of detecting exploitation by a trusted person, it is entirely 
conceivable that a computer-wise traitor could cause cata- 
strophic loss of resources and military advantage. 


The security officer for one of the larger military logistics comput- 
er systems sites expressed the same concern to Committee staff. 
The Committee is also concerned about the apparent use of a DoD 
computer system in a scheme to divert parts to Iran. 

The trusted-person threat to computer security is not limited to 
the Defense Department. The State Department has a problem due 
to the fact that many embassy computer system managers and op- 
erators are foreign nationals. In light of the sensitivity of even un- 
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classified State Department systems, Members of the Committee 
sponsored an amendment to the Diplomatic Security Act to protect 
funding for State Department initiatives to replace those personnel 
with U.S. citizens. 

Because of the seriousness of the computer security threat, the 
Committee urges consideration of the option suggested in a 1985 
interagency assessment: “The only recourse may be for the United 
States to exclude from these data bases the types of science and 
technology information that are likely to be used against U.S. in- 
terests." The National Strategic Security Program should ensure 
that the computer security and information security communities 
jointly develop procedures requiring analysis of computer system 
vulnerabilities before sensitive material is approved for storage in 
those systems. 

Given the gravity of the personnel security problem, the Nation- 
al Strategic Security Program should address the need for more 
stringent controls on personnel with access to sensitive computer 
data bases. As a result of the Walker-Whitworth case, special 
i " controls have been approved for personnel with ex- 
tensive access to classified cryptographic information. Similar con- 
trols should be considered for access to the most vital data bases 
and networks. Furthermore, such positions should have top priority 
for institution of personnel reliability program measures, as recom- 
mended by the Stilwell Commission for DoD personnel involved in 
especially sensitive programs. 

One reason for the apparent imbalance in attention to technolog- 
ical and human aspects of the computer security problem may be 
the national policy structure that separates communications and 
computer security from other security functions. In 1984 the Presi- 
dent issued NSDD-145, which made NSA the "national manager" 
for communications and computer security under a new National 
Telecommunications and Information Systems Security Committee 
(NTISSC) chaired by the Assistant Secretary of Defense for C3l. 
NSDD-145 was an important effort to update national policy, be- 
cause it recognized the close connections between computer and 
communications security. The Committee endorses the assignment 
of NSA, working through its National Computer Security Center, 
to conduct research and develop computer security hardware, sys- 
tems and standards not only for DoD, but also for the federal civil- 
ian establishment and segments of the private sector. The National 
Bureau of Standards Institute for Computer Science and Technolo- 
gy is cooperating with NSA in transmitting research results 
throughout the government and to private industry. These efforts 
should increase. 

Computer security is, however, one of the best examples of why a 
still broader national policy structure is essential to ensure full at- 
tention to all aspects of security counter-measures. While NSA has 
unique technical capabilities, computer security priorities should 
be addressed as part of the National Strategic Security Program to 
ensure that research efforts and resource allocation respond to the 
most serious actual and probable threats. (Another reason for a 
framework spanning current jurisdictional divisions is that TEM- 
P issues relate closely to technical surveillance countermeas- 
rues, as discussed below.) l 
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Recently, fears have been expressed regarding a "big brother" 
role in NSA's growing involvement with the civilian and private 
sectors. The Committee believes that NSA is best equipped to de- 
velop technical measures needed to remedy serious vulnerabilities 
in a timely manner. The Committee also recognizes that both the 
Executive and Legislative branches must continue to exercise over- 
sight to ensure that the Government does not impose technical so- 
lutions that impinge on individual privacy, civil liberties or public 
confidence. 

To improve congressional oversight of resource allocation, pro- 
gram priorities and privacy concerns, the Committee instituted a 
review of the NSA communications and computer security budget 
requests beginning with FY 1987. The House Intelligence Commit- 
tee began this practice last year, and the funds were included for 
the first time in the Intelligence Authorization Act for FY 1986. 
While these NSA programs are not part of the National Foreign 
Intelligence Program and thus are within the concurrent jurisdic- 
tion of the Armed Services Committee, they also fall under the In- 
telligence Committee's general mandate in Senate Resolution 400 
for oversight of measures taken to protest against the hostile intel- 
ligence threat. 


Findings and Recommendations 


68. Recommendation.—The National Strategic Security Program 
should ensure that NSA's plan for low-cost, secure voice telephone 
equipment is implemented by all government agencies, contractors 
and offices involved with national security information and other 
technological, political and economic information of significant 
value to adversaries. l 

69. Finding.—A program for encryption of domestic commercial 
communications satellite links that would be the most lucrative 
targets for hostile interception of private communications is a 
worthwhile supplement to the secure phone program. The Commit- 
tee has recommended FY 1987 funding to begin this program. 

70. Recommendation.—The National Strategic Security Program 
should enforce current national TEMPEST policy for all govern- 
ment agencies, so that decisions to buy TEMPEST equipment are 
based on the best counterintelligence estimates of actual and prob- 
able threats. 

71. Recommendation.—The. National Strategic Security Program 

should place greater emphasis on personnel, physical and informa- 
tion security aspects of computer security, including research ef- 
forts, and should establish relative priorities for all aspects of com- 
puter security countermeasures. 
_ 72. Finding.—Because U.S. embassy computers and word process- 
ing systems may contain sensitive information, Committee Mem- 
bers sponsored an amendment to the Diplomatic Security Act to 
protect State Department funds to place U.S. citizens in charge of 
embassy computers. 

73. , Recommendation. —The computer security and information 
security communities. should review and improve current proce- 
dures for analysis of information system vulnerabilities before sen- 
sitive material is approved for storage in such systems. 
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74. Recommendation.—Given the gravity of the threat, high pri- 
ority should be given to strict personnel security controls, compara- 
ble to the reinstituted crypto-access program and incorporating 
personnel reliability programs, for persons with extensive access or 
potential access to sensitive computer systems. 

75. Recommendation.—The National Strategic Security Program 
should provide for national-level review of communication, comput- 
er and emanations security resource requirements, with NSA con- 
tinuing to be responsible for development of technical measures 
and standards needed to remedy vulnerabilities. The Committee 
will continue to oversee the level of effort and to ensure that tech- 
nical measures are not imposed in a manner that impinges on indi- 
vidual privacy, civil liberties or public confidence. 
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E. TECHNICAL AND PHYSICAL SECURITY 


In June, 1985, the Committee heard detailed testimony on the 
bugging of typewriters at our Moscow embassy and other Soviet 
technical surveillance operations. This testimony vividly demon- 
strated the Soviets' strong technical surveillance capabilities and 
U.S. vulnerability to sophisticated electronic penetration and eaves- 
dropping techniques. Shortly thereafter, the Inman Panel on Over- 
seas Security submitted to the Committee a compartmented annex 
to its report to the Secretary of State, showing that the technical 
security threat is a formidable challenge. The Inman Panel 
stressed fundamental problems for the State Department and rec- 
ommended both a reorganization of State Department security op- 
erations into a new Diplomatic Security Service and a massive re- 
building program for overseas missions. The Moscow embassy dis- 
covery and the Inman Panel report have reawakened the intelli- 
gence community and the State Department to the threat of hostile 
technical surveillance. 

The Committee recognized after the June, 1985, hearing that 
U.S. technical surveillance countermeasures (TSCM) had been seri- 
ously underfunded in recent years. Consequently, the Committee 
proposed what became a $35 million FY 1985-86 supplemental ap- 
ee nen to enhance security countermeasures at U.S. facilities 
abroad. 

The physical security lapses that allowed Soviet access to State 
Department equipment and the low funding for technical surveil- 
lance countermeasures are matters of grave concern to the Com- 
mittee. As a result, the Committee accompanied its proposal for a 
supplemental appropriation with a request for a comprehensive 
long-range plan for upgrading technical security at U.S. facilities 
abroad. The outlines of such a plan are beginning to take shape. 

The Committee is pleased to note the cooperation and progress 
achieved in this area by Executive branch agencies in 1986. The 
best way to marshal their energies is, however, to establish a Na- 
tional Strategic Security Program that can take all interests and 
disciplines into account. Current interagency mechanisms will ben- 
efit from being incorporated in this broader and more formal 
framework. This recommendation is consistent with an interagency 
assessment that emphasizes the necessity for total protection of in- 
formation and telecommunications equipment and with the testi- 
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mony of CIA's Security Director that “the best security will be 
achieved through a program that integrates technical security with 
other security disciplines." . . 

Many agencies play R&D or operational roles in detecting and 
denying technical penetration by hostile intelligence services. Ade- 
quate TSCM planning must do more than just provide an organiza- 
tional framework and philosophy. It should outline explicitly the 
vulnerabilities, requirements, objectives, responsibilities, resources 
and schedule for short and long-term R&D, training, personnel, in- 
spection and other needs. The Committee looks forward to this 
level of effort in the future. __ 

Implementing the Inman Panel recommendations, the State De- 
partment has established a new Diplomatic Security Service so as 
to give those who manage its security functions higher status, in- 
creased resources and a greater voice in Department management. 
State has also developed a $285 million construction plan to build 
more secure facilities in Eastern Europe. The State Department is 
establishing programs, moreover, to ensure that all information 
processing equipment sent abroad is under strict security controls. 
These efforts are a sensible response to the vulnerabilities uncov- 
ered by the discovery of the bugged typewriters. The Committee 
has encouraged development of this program, and Members spon- 
sored an amendment to the Diplomatic Security Act that protects 
funds for it. , 

Congress should also support the substantial, multi-year expendi- 
tures that will be required to implement Inman Panel recommen- 
dations for enhanced physical security at U.S. facilities overseas. 
Congress funded initial requests to improve embassy security 
against terrorism, including President Reagan’s request for a 
$110.2 million supplemental appropriation for FY 1985 and the Act 
to Combat International Terrorism (P.L. 98-533), which authorized 
$366.3 million for embassy security. The urgent supplemental for 
FY 1987 appropriates over $700 million to begin the new construc- 
tion and other security enhancements. 

The Committee understands that there must be a “rule of rea- 
sonableness” in embassy physical security that takes into account 
the need for openness and the negative effect of a “fortress” image. 
Nevertheless, policy and design should be flexible enough to re- 
spond not only to the terrorism threat, but also to the hostile intel- 
ligence threat. i 

Security expertise in other agencies can contribute significantly 
to the success of the embassy construction program and it will be 
important to factor technical security requirements into both the 
planning and the construction of new facilities. This Committee 
has worked closely with the Senate Appropriations Committee to 
provide funds and positions in the FY 1987 urgent supplemental 
for such assistance to the Foreign Buildings Office of the State De- 
partment. i 

The State Department advises that budget constraints have re- 
quired modification of the plans for certain construction which 
originally would have made necessary security improvements in 
FY 1988. The revised plan stretches out construction work through 
FY 1990. The Committee urges the Administration to accelerate its 
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decisions in light of long-range, tailored security plans for each of 
these missions. 


Findings and Recommendations 


76. Recommendation.—The Executive branch should continue to 
place greater emphasis on the development of means and the im- 
plementation of actions to detect and defeat technical penetrations 
of sensitive facilities. The National Strategic Security Program 
should reconcile the various technical security interests and inte- 
grate them with other security disciplines. 

77. Finding.—Executive branch actions in 1986 to upgrade securi- 
ty functions and to coordinate technical security efforts have been 
a notable step forward. They deserve continuing high-level support 
and resource commitments. 

78. Finding.—State Department plans to improve the security of 
information processing equipment constitute a reasonable approach 
to the technical penetration problems. Committee Members have 
moved to ensure that the needed funds to begin these programs are 
available. 

79. Recommendation.—Congress and the Executive branch 
should support implementation of the Inman Panel recommenda- 
tions for major site and/or physical changes to U.S. facilities 
abroad to enhance security, minimize acts of terrorism and prevent 
hostile intelligence penetration. 

80. Recommendation.—The State Department should ensure that 
security experts in other agencies are given full opportunity to par- 
ticipate in the planning and oversight of new embassy construction 
efforts to achieve a comprehensive security system. Decisions on 
long-range, tailored security plans for overseas missions should be 
accelerated. 


F. INDUSTRIAL SECURITY 


Espionage cases of the past ten years, involving such industry 
personnel as Boyce, Lee, Bell, Schuler, Harper and Cavanagh and 
the loss of sensitive technological information through increasing 
levels of espionage and illicit transfer, have highlighted the priori- 
ty that hostile intelligence services attach to U.S. technology. The 
interagency report in 1985 on Soviet Acquisition of Militarily Sig- 
nificant Technology described the threat, and its findings are con- 
firmed both by Soviet documents obtained by the French and by 
the testimony of Soviet bloc defectors. Industry is vulnerable to re- 
cruitments by hostile services and to employees who volunteer 
their information for pay. Industrial communications are vulnera- 
ble to Soviet interception; and industrial facilities are susceptible 
to technical penetration, especially overseas. Co-production agree- 
ments with foreign firms compound the difficulties. . 

Hostile intelligence successes in penetrating U.S. industry, culmi- 
nating in the Harper case, triggered an in-depth review of industri- 
al security programs and policies in 1984 by a DoD Industrial Secu- 
rity Review Committee (also known as the "Harper Committee"). 
This review was particularly important because DoD has been dele- 
gated industrial security responsibility for eighteen federal depart- 
ments and agencies. The Harper Committee's 25 recommendations 
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are designed to enhance industrial security dramatically. While not 
all have been adopted by DoD, the majority are being implemented 
as proposed or with some revisions. The Committee urges prompt 
action on the Harper Committee reforms that have been approved 
for implementation. The National Strategic Security Program 
should also review those recommendations for government-wide im- 
plementation. 

Several Harper Committee proposals deserve special emphasis. 
First is better integration between counterintelligence and indus- 
trial security. In the past, there has been a reluctance on the part 
of the counterintelligence community to communicate with indus- 
trial security officers. While such communication is improving, par- 
ticularly in security awareness programs such as the FBI's DECA 
program, there is ample room for closer cooperation. There should 
be a continous two-way sharing among counterintelligence agencies 
and government and industrial security officers. Counterintelli- 
gence agencies should provide more tailored information on the 
hostile intelligence threat to particular programs or types of pro: 
grams, as well as in particular geographical areas, for use in secu- 
rity awareness efforts and the design of security measures. 

A pilot program should be initiated for assignment of Defense In- 
vestigative Service personnel to large sensitive contractor facilities 
on a full-time basis, and the National Strategic Security Program 
should review the results as a basis for considering a similar gov- 
ernment-wide practice. With 95 percent of all classified documents 
(an estimated 15 million out of 16 million) residing with only 4 per- 
cent of the cleared industrial contractors, the case for a continuing 
government security presence at those facilities is strong. It is fur- 
ther enhanced by the admissions of the Chairman of the Board of 
Lockheed regarding the sloppiness of the company in accounting 
for classfied documents. A GAO investigation had revealed that 
Lockheed was unable to account for nearly 1,500 documents due to 
inadequate controls. A reordering of priorities to concentrate on 
major contractors will not result in the government taking over 
contractor security functions, but rather will permit timely audits 
x security functions and correction of problems in primary facili- 

ies. 

, As discussed in the section on personnel security, a single-scope 
background investigation for Top Secret and SCI clearances would 
especially benefit industrial security. The five-year goal for clear- 
ing up the backlog of periodic reinvestigation for Top Secret and 
SCI, if applied government-wide, would similarly benefit contrac- 
tors who are on the leading edge of U.S. intelligence technology. 
The Committee has added funds to agency budgets for this purpose 
on more than one occasion. 

Industrial security managers have had to cope with tremendous 
needs for, aad resultant delays in, clearance investigations for in- 
dustry. With the large defense buildup in recent years has come a 
dramatic rise in the number of contractor personnel holding securi- 
ty.clearances. Between FY 1978 and the end of FY 1985, the 
number of such clearance investigations per year increased from 
28,000 to 75,000. The Defense Department's recent twenty-percent 
reduction in clearances should help ease this burden. 
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Federal Acquisition Regulations should be changed to designate 
security requirements for classified contracts as a direct cost. When 
security is designated as a direct cost instead of an overhead cost, 
industrial security officers are relieved of the opposing pressures of 
the government-customer who demands more and better security 
and the company officials who see security as a drain on profitabil- 
ity. In addition, the designation of security as a direct contract cost 
will force the customer to more precisely define his security re- 
quirements in the Request for Proposals (RFP) and in security deli- 
verables. While this approach may appear more costly to the tax- 
payer, in the long run it will result in greater cost savings through 
effective planning and cost controls. 

Consideration should also be given to the greater use of Cost Plus 
Award Fee (CPAF) contracts as an incentive for fulfilling contract 
security requirements and specifications on time, within cost and 
without security violations. Making security a major award fee de- 
terminant along with the other award fee elements will give con- 
tractors for classified contracts the motivation for ensuring that 
more and better-qualified security planning and operations person- 
nel are assigned and retained on contracts. 

Training and government certification of all current and planned 
contractor security officers should be required in each classified 
contract. As pointed out in the Harper Committee report, the in- 
tense targeting by hostile intelligence services of the large amount 
of classified data entrusted to contractors, as well as the absence of 
a formal training program for industrial security officers, justifies 
the government's establishment of this requirement. The require- 
ment for training and certification should also apply to personnel 
with security responsibilities for special access program contracts. 

A final and most disturbing concern is the hostile intelligence 
threat to foreign subsidiaries of U.S. firms and to foreign firms 
that have co-production agreements with the United States. Al- 
though U.S. counterintelligence efforts abroad, both unilateral and 
in concert with our allies, can help deal with this problem, it also 
requires national policymaker attention. The Stilwell Commission 
warned specifically of the critical problem with co-production ar- 
rangements, "where losses could entail not only the end-item being 
produced but also the technical 'know-how' necessary to manufac- 
ture it in large quantities." Other weaknesses identified by the 
Commission include insufficient controls in the sale of classified 
weapons systems and ineffective security surveys. The Committee 
fully endorses the Stilwell Commission's recommendations for im- 
proving the National Disclosure Policy, which governs transfer of 
classified military information to foreign recipients. The following 
approach would be required in approving classified transfers: _ 

(1) requiring a determination that the need of the recipient 
cannot be satisfied by unclassified systems or data; . 

(2) if classified systems or data are required, then requiring 
selection of a model or type of such system that minimizes the 
need to transfer classified information; . . 

(3) requiring phasing in of the most sensitive classified infor- 
mation over time, if feasible; 
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(4) avoiding co-production of military systems which involve 
the manufacture of the most advanced version of classifed com- 
ponents or end-items. 

In addition, security surveys would be conducted by a permanent 
professional staff with flexibility to meet pressing needs for in- 
country security assessments. The National Strategic Security Pro- 
gram should ensure that such improvements are implemented not 
only for military information, but for sensitive intelligence and nu- 
clear matters as well. 


Findings and Recommendations 


81. Recommendation.—The National Strategic Security Program 
should foster better communication between U.S. counterintelli- 
gence agencies and industrial security officials and provide more 
tailored information on the hostile intelligence threats to particu- 
lar programs or areas. 

82. Recommendation. —DIS should initiate a pilot program for as- 
signment of its personnel to large sensitive contractor facilities on 
a full-time basis, and the results should be reviewed as a basis for a 
similar government-wide practice. 

83. Finding.—Recently adopted goals for ending the reinvestiga- 
tion backlog for contractors holding Top Secret and SCI clearances 
who are currently involved in sensitive classified contracts merit 
high-level commitment and support. 

84. Recommendation.—Federal Acquisition Regulations should be 
changed to designate industrial.security for classified contracts as a 
direct cost. The primary intent of this proposal is to identify and 
monitor security costs associated with particular contracts. 

85. Recommendation.— Consideration should be given to greater 
use of Cost Plus Award Fee contracts as an incentive for fulfilling 
contract security requirements. 

86. Recommendation.—Trained and government-certified security 
officers should be required in each classified contract, including 
those for special access programs. 

87. Recommendation.—The National Strategic Security Program 
should ensure implementation of the Stilwell Commission recom- 
mendations on National Disclosure Policy not only for military in- 
Euston, but for sensitive intelligence and nuclear matters as. 
well. 

_ 88. Recommendation.—Other Harper Committee recommenda- 
tions approved by DoD should be implemented promptly and re- 
viewed for government-wide application. 


G. CONGRESSIONAL SECURITY 


In December, 1985, Randy Jeffries, an employee of a private firm 
that transcribed classified hearing transcripts for congressional 
committees, was arrested for attempting to sell classified material 
to Soviet intelligence. The FBI detected the employee making con- 
tact with the Soviet Military Office in Washington. The employee 
admitted giving the Soviets excerpts from a classified transcript of 
a House Armed Services Subcommittee hearing on Defense Depart- 
ment command, control, communications and intelligence pro- 
grams. The subsequent FBI investigation revealed that the employ- 
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ee had been observed by a co-worker removing classified documents 
from the firm under his coat and that a friend of his had destroyed 
a locked briefcase given to him that possibly contained classified 
documents. Jeffries pleaded guilty in January, 1986, to a charge of 
supplying national security documents to a person not entitled to 
receive them. This offense carries a maximum sentence of ten 
years in prison. 

The case highlights the fact that Congress is not immune from 
the espionage problems that have surfaced throughout the govern- 
ment in recent years. Both Executive branch and congressional in- 
quiries have emphasized the need to enhance congressional securi- 
iy in response to espionage threats. In November, 1985, the Stilwell 
Commission expressed the following concerns about the handling of 
classified information by Congress: 


[Although Executive Order 12356 provides that depart- 
ments and agencies may disseminate classified information 
to persons outside the Executive branch provided such in- 
formation is given "equivalent protection" by the recipi- 
ent, DoD elements frequently provide classified informa- 
tion to the Congress without any understanding of how 
such information will be protected. While all congressional 
staff members who receive access to classified DoD infor- 
mation are, in theory, cleared by DoD, little attention is 
given the handling and storage of such information by con- 
gressional staffs, who are not, in fact, bound by the safe- 
guarding requirements of Executive Order 12356. 


The Stilwell Commission recommended that the Secretary of De- 
fense take the following actions: 


Urge the President of the Senate and Speaker of the 
House of Representatives to adopt, for each House of Con- 
gress, rules to provide uniform minimum control over clas- 
sified information provided by departments and agencies 
of the Executive Branch. Volunteer to provide DoD re- 
Sources and assistance to Congress to achieve this goal. 


In January, 1986, the Report on the Federal Government's Secu- 
rity Clearance Programs by the Permanent Subcommittee on In- 
vestigations of the Senate Committee on Governmental Affairs ad- 
dressed this subject in the following observation: 


Congress must also focus on problems dealing with clas- 
sified information in the legislative branch. For the most 
part, there are no established standards and procedures. 
Personal offices and Committee practices vary widely in 
terms of their handling of clearances and classified materi- 
al. There are few, if any, checks in this system. We believe 
an overall review of security procedures in the legislative 
branch should be conducted by the Rules Committee, in 
consultation with the Intelligence Committee, with a goal 
of recommending improvements where needed. 

The Chairman and Ranking Minority Member of the Subcommit- 
tee, Senators Roth and Nunn, addressed this issue through prelimi- 
nary letters to the Senate leadership. 
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The Senate Intelligence Committee has received information 
from the FBI and other U.S intelligence agencies regarding the op- 
erations of the intelligence services of Communist countries direct- 
ed at Members of Congress and their staffs, including attempts to 
recruit or place agents in Congressional offices. Electronic surveil- 
lance of domestic communications by foreign countries also poses 
threats to Congress. Only a few congressional offices have secure 
telephones linked through the Executive branch system. 

The information provided to the Intelligence Committee about 
the espionage threat to Congress indicates a continuing pattern of 
activity designed to exploit vulnerabilities in security. In three 
cases over the past ten years, the FBI has uncovered and disclosed 
publicly Soviet bloc attempts to recruit and place American citi- 
zens as agents inside Congressional offices. U.S. counterintelligence 
successfully prevented any damage in the following cases: 

In 1976 a political scientist employed by the Atlantic Coun- 
cil, James Frederick Sattler, was revealed to be attempting to 
secure a position with a House Foreign Affairs Subcommittee, 
after being recruited and trained as an espionage agent by 
East German intelligence. 

In 1980 a former CIA case officer, David Barnett, was pros- 
ecuted for espionage based on evidence that he had sold CIA 
information to Soviet intelligence and had attempted to gain 
employment with the Senate and House Intelligence Commit- 
tees on the instructions of Soviet intelligence. 

In 1982 a staff assistant to a House Member reported to the 
FBI an effort by Soviet intelligence to recruit him as an agent. 
At the FBIs request, the staff member became a “double 
agent" to learn more about Soviet intelligence techniques and 
aid U.S. counterintelligence. 

In other cases, which have not been disclosed by the FBI, there is 
additional evidence of espionage targeting of Congress by Commu- 
nist intelligence services. 

In more general terms, the FBI has described the techniques 
used to penetrate the Congress. Communist countries assign intelli- 
gence officers to the United States as diplomats, journalists, trade 
representatives, and in similar capacities. Some of these intelli- 
gence officers are instructed to cultivate associations with Members 
of Congress and congressional staff for the purpose of developing 
confidential relationships. A well-trained intelligence officer knows 
how to approach individuals so as not to appear in any way hostile 
or threatening. Sophisticated and skillful intelligence officers can 
establish relationships that seem entirely innocent. Professional, 
academic or social contacts lead to friendships without any sugges- 
tion by the intelligence officer of anything illegal or improper. 
Only when the intelligence officer has learned enough about an in- 
ao s vulnerabilities will an effort be made to exploit the rela- 

ionship. 

Lax security practices offer greater opportunities for an intelli- 
gence officer to succeed in compromising a congressional staff 
member. Unlike Executive branch personnel, congressional staff 
have no requirement or established procedure for reporting con- 
tacts with representatives of Communist countries. In some cases, 
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Members or their staff do report such contacts to the FBI, but the 
record is very uneven. 

, The purpose of contact reports is to assist the FBI's investiga- 
tions of suspected foreign intelligence officers. The FBI has advised 
the Intelligence Committee that its investigations of suspected in- 
telligence officers disclose many contacts with individuals who, 
after further inquiries, are found to be congressional staff. Contact 
reports save the FBI much time and effort, as well as enabling it to 
advise staffers on how to handle such contacts. That agency has 
raised with the Intelligence Committee the need for a more formal- 
ized procedure in the Senate for briefing staff on the espionage 
threat and for reporting contacts with representatives of Commu- 
nist countries. 

Another matter that the FBI has discussed with the Intelligence 
Committee is the handling of classified documents in the personal 
offices of Members. The FBI has offered to develop both classified 
and unclassified briefings on the espionage threat to Congress from 
the intelligence services of Communist countries. The Defense De- 
;partment, which is responsible for most of the security clearances 
for congressional staff, might be an appropriate source of assist- 
ance in briefing staff on the handling of classified materials. 

In an effort to address issues related to Senate classified informa- 
tion security, the Senate Sergeant at Arms, in November, 1985, cir- 
culated a Senate Select Committee on Intelligence questionnaire to 
all Members' personal offices and Committees of the Senate. The 
results of that questionnaire were not encouraging. Based on re- 
ponies from 60 Senators’ offices, the following conclusions can be 

rawn: 

There is confusion about the levels and sensitivity of the 
classified information received in personal offices. 

There is no uniform procedure followed for storage or control 
of classified information in personal offices. 

Staff with clearances in personal offices rarely receive secu- 
rity indoctrinations or other security education. 

As a result of the security survey and the foreign intelligence 
threat to the Congress, the Senate Select Committee on Intelli- 
gence, together with the leaders of the Committee on Rules and 
Administration and the Committee on Governmental Affairs, de- 
termined that the key to addressing the Senate’s information secu- 
rity problems lies in the creation of a central office within the 
Senate to develop and oversee much-needed standards and proce- 
dures on important personnel security and information security 


issues. , 
The security assistance that a central office would provide in- 
cludes: : 
Receiving, controlling, transmitting, storing and destroying 
classified material. 


Processing clearance requests for personnel of the Senate. 

Maintaining a centralized record of clearances held by per- 
sonnel of the Senate. 

Presenting security briefings and debriefings for the benefit 
of Senate personnel. 

Consulting on security issues with the personal offices and 
committees. 
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Conducting administrative liaison with other U.S. Govern- 
ment agencies on behalf of the Senate. 

A particularly troublesome question relating to classified infor- 
mation security is the large number of Senate staff having access 
to classified material. The Senate security office should be required 
by resolution to conduct a comprehensive survey of all Senate of- 
fices to determine which officers and employees hold security clear- 
ances. The director would report this information within 90 days to 
the Majority and Minority Leaders along with comments and/or 
recommendations as to the feasibility of reducing the number of 
Senate staff with security clearances. 

Another early task of the proposed office should be to devise a 
Senate Security Manual whose provisions, if approved by an over- 
sight group and the full Senate, would be binding on all Members, 
Officers and employees. The Committee has provided to the Senate 
leadership a draft Senate security manual to serve as a basis for 
discussion which is reprinted in Appendix G to this Report. The 
draft security manual contains standards and procedures both for 
the handling of classified information and for personnel security. 


Findings and Recommendations 


89. Finding.—Hostile intelligence services have attempted to pen- 
etrate the staffs of Senate and House Members and Committees. 
Hostile services use sophisticated techniques to develop contacts 
that can lead to intelligence recruitments. 

90. Finding.—Lax security practices in the Senate increase the 
risk of compromising sensitive information. There is no require- 
ment or procedure for reporting contacts with representatives of 
Communist countries. There are no established procedures for han- 
dling classified information, especially in Member offices. There is 
no accountability for the handling of such information, and there is 
great confusion about the sensitivity of the information and what 
should be done with it. There is no central point where the number 
of Senate employees with security clearances is tallied or where 
such services of common concern as security briefings and day-to- 
day information security assistance are provided. 

91. Recommendation.—The Senate should establish a central se- 
curity office to develop and oversee standards and procedures on 
important personnel security and information security issues. 

92. Recommendation. —A central security office, once established, 
should immediately survey all Senate offices to determine which 
offices and employees hold security clearances. This information 
should be reported within 90 days to the Majority and Minority 
Leaders along with comments and recommendations on the feasi- 
bility of reducing the number of Senate staff with security clear- 
ances. 

93. Recommendation.—The proposed office should develop a 
Senate Security Manual, the provisions of which would be binding 
on all Members, Officers and employees. 

34. Recommendation.—All Members and employees of the Senate 
should be encouraged, and employees with security clearances re- 
quired, to report contacts with Communist country officials or 
other suspected foreign intelligence officers. The central security 
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office should establish a procedure for such reporting, either 
through it or directly to the FBI. 

95. Recommendation. —Further recommended items for consider- 
ation by the Senate security office include: establishment of a 
Senate corps of cleared employees for transcribing and reporting 
classified hearings; and improvement in the communications secu- 
rity of telephone conversations, classified computer data, and face- 
to-face discussions of a sensitive nature. 
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APPENDIX À 
UNITED States District Court, NORTHERN DISTRICT OF CALIFORNIA 
UNITED STATES OF AMERICA, PLAINTIFF, 
v. 
JERRY ALFRED WHITWORTH, DEFENDANT. 
Criminal No.: 85-0552 JPV 


Affidavit of Rear Adm. William O. Studeman, Director of Naval 
Intelligence 


1. I am William O. Studeman, a naval officer presently holding 
the rank of Rear Admiral. I was commissioned an Ensign in the 
Navy in 1963, and have served virtually continuously on active 
duty as a naval intelligence officer since that time. My present po- 
sition is that of Director of Naval Intelligence, which I have held 
since September 1985. As Director of Naval Intelligence, I am re- 
sponsible for the collection, analysis and distribution of intelligence 
information within the Naval Service. I am the Navy’s sponsor for 
counterintelligence programs executed by the Naval Security and 
Investigative Command, under the policy auspices of the Office of 
the Secretary of Defense. I offer this affidavit to the Court for use 
as it deems appropriate in constructing an appropriate sentence for 
the defendant in this case. 

2. The defendant in this case, formerly Senior Chief Petty Officer 
Jerry Alfred Whitworth, served the United States Navy for 24% 
years, 18 of which were in the rate of Radioman, rising to the rank 
of Senior Chief prior to his retirement. The primary function of a 
Radioman is to provide and maintain the ability of Department of 
Defense and naval forces to communicate with each other as well 
as senior and subordinate commands. Unlike the navies of old, vir- 
tually all the information required to plan, operate, command, 
maintain, modernize, repair, replenish, warn, inform and control 
the military forces of all the services and our allies is exchanged 
electrically via communication systems, most of which are consid- 
ered secure by virtue of their cryptographic cover. Electrical distri- 
bution of naval messages is an essential backbone activity designed 
to reach all levels of command in the Navy. This naval communica- 
tions system is operated by some of our brightest people who are 
given the tools, training and sacred trust to protect the vital high 
technology systems and access to sensitive secrets which are placed 
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in their hands. It is important, therefore, to understand the vulner- 
abilities inherent in naval communications, to understand the con- 
cept of crytographic support to communications security (COMSEC) 
and to understand how Radioman Senior Chief Jerry Whitworth's 
violation of his trust as a member of the elite fraternity of naval 
communication professionals has resulted in unprecedented 
damage to the Navy and the nation. 

3. Cryptographic systems are designed to encipher information so 
that only the holders of the system will be able to decipher that 
same information. Contemporary crypto-equipments accomplish en- 
ciphering and deciphering on the basis of complex mathematical | 
formulas called “logic”, which are designed as an integral part of 
the system with changeable additives called “key”. To decipher an 
intercepted message, an adversary must know both the logic and 
the key of the cryptosystem used to encipher it. Since it is effective- 
ly impossible to ensure that the logic of a cryptosystem will not be ` 
compromised during the years it remains in effect, the security of 
our machine cryptosystems depends on ensuring the integrity of 
the associated key and the personnel who care for the system. 
: "Key" literally will unlock the secrets contained in encrypted com- 
munications. 

The ultimate vulnerability of cryptosystems and all procedures 
designed to protect sensitive information lies at the human level. 
For this reason, personnel chosen for communications-related 
duties are carefully screened and indoctrinated in the especially 
sensitive nature of the positions they hold and the fiduciary-like 
nature of the trust placed in them. No system ever designed can be 
invulnerable to the corrupt, cleared individual who has access to 
sensitive information. Thus, we depend on an individual's integrity 
and deterrence of the law to ensure that this trust is fulfilled. 

4. The importance of key was amply demonstrated by the evi- 
dence in this trial. The Soviets were clearly willing to pay a high 
price for key—more than $300,000 for the defendant alone. But the 
price paid by the Soviets pales in comparison to its worth. Naval 
intelligence analysis has led us to conclude that the Walker-Whit- 
worth espionage activity was of the highest value to the intelli- 
„gence services of the Soviet Union, with the potential, had conflict 
erupted between the two superpowers, to have powerful war-win- 
ning implications for the Soviet side. 

, 9. The importance of the individual spy cannot be overestimated 
in this type of intelligence acquisition. When an adversary covertly 
obtains the protective key supplemented by large volumes of actual 
messages, he can potentially read any or all intercepted messages 
which that key protects. In the case of Navy operational command 
circuits, this can be literally hundreds of messages per key setting, 
many of which are vital to the national security of the United 
States. Normally, the information contained in those encrypted 
messages could be expected to include, at a minimum, further 
plans, ship locations and transit routes, mili operations, intelli- 
gence activities and information, weapons and sensor data, naval 
tactics, terrorist threats, surface, subsurface and airborne doctrine 
and tactics, and similar information which could prove of incalcula- 
ble value to hostile powers. Undetected theft of c tographic key 
by persons intent on penetrating COMSEC Safe Uarda can have ex- 
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tremely dire consequence to the defense posture of the nation. His- 
tory is replete with examples of the benefits and risks associated 
with COMSEC made vulnerable by espionage or otherwise pene- 
trated for the benefit of one side or another. Such vulnerabilities 
sustained over time have altered the course of history and can do 
so again in the future. 

6. With respect to this specific case, the sheer volume of encrypt- 
ed data compromised to the Soviet Union makes it impossible to 
describe all of that data with specificity. The Court has already 
heard a few of the specifics during trial; therefore, in paragraphs 
7-9, I will simply describe generically the types of information 
which have likely been traded to the Soviet Union through the 
years of this espionage enterprise. I will briefly mention some of 
the more significant aspects of the defendant's activities. I will also 
provide to the Court certain conclusions I have drawn concerning 
these compromises. My conclusions are based on my twenty-four 
years experience as a naval officer, as both a user and producer of 
intelligence information, and on my current responsibilities as Di- 
rector of Naval Intelligence and the Senior Intelligence Officer for 
the Department of the Navy. 

7. Ship location and transit information.—This is perhaps the 
most common type of information transmitted over naval commu- 
nications circuits. On any given day the transit passages and loca- 
tions of numerous naval vessels, both U.S. and allied, will be trans- 
mitted in encrypted radio traffic. Normally, this type of data is 
held confidential until the information is no longer valid. The rea- 
sons that ship locater information is temporarily classified are 
three-fold. First, simple prudence dictates that the location of ships 
of the line be held confidential while that sort of information can 
enhance their vulnerability. This is sepoctally true during periods 
of hostility. For example, during the Vietnam era, compromises of 
this type of information could have been responsible for ineffective 
air strikes, downed aircraft, abandoned targets and infantry losses. 
It is also particularly true today when U.S. and allied vessels pose 
a lucrative target for terrorist attack. Secondly, the location and 
transit routes of naval vessels can be valuable information leading 
to disclosure, either directly or by informed n ge of naval doc- 
trine and tactics. This, in itself, could prove to decisive to the 
outcome of an engagement at sea. Finally, the rationale that per- 
suades the United States to maintain the confidentiality of ship 
movements is universally shared by allied nations. Disclosures of 
transit movements of our allied navies would be as potentially 
harmful to them as to our own ships; therefore, inappropriate dis- 
closures of such information resulting from breaches of U.S. securi- 
ty could reasonably be expected to have some adverse impact on 
both foreign relations and on international military cooperation. . 

8. U.S. Naval operations information.—The volume of communi- 
cations traffic concerning naval plans and operations is large. As 
with the previous section, analysis of naval plans and operations 
information can lead, either directly or by informed analysis, to 
disclosure of naval excerises, contingency activities, and future 
combat operations which can be exploited to the advantage of a 
hostile power. In addition, communications will invariably reveal 
classified technical information, intelligence data, intelligence sur- 
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veillance activities or information critical and potentially harmful 
to the foreign policy of the United States. It would directly reveal 
substantive information used by the United States in making deci- 
sions concerning the security of the nation and its foreign policy. If 
a hostile power were to obtain that information, it would be possi- 
ble to turn this newly acquired information to the disadvantage of 
the United States, either by adopting measures to counter the ad- 
vantage otherwise available to the United States, or by inserting 

: misleading data into the collection process. An indirect benefit of 
obtaining this information would be the ability to analyze it for in- 
telligence value, and to inferentially extrapolate the location and 
concentration of resources dedicated by the United States to ob- 
taining similar information worldwide. Thus, disclosures of specific 
data can lead to harmful results, both for the specific collection ac- 
tivity involved, and also for similar activities conducted worldwide 
by U.S. forces and other agencies of the government. 

9. Special category (SPECAT) information.—Frequently it is nec- 
essary to transmit information which is of such a degree of sensi- 
tivity that its disclosure must be limited to only those individuals 
with an absolute need to acquire the data. One method of restrict- 
ing access to especially sensitive information is to permit its dis- 
semination only within special, restricted channels of communica- 
tion called Special Category (SPECAT) channels. The defendant 
was on several occasions in a position to have access to SPECAT 
communications and had the ability to transfer the information to 
the Soviet Union. 

Some examples of operations that are planned and executed 
through SPECAT channels are: 

a. Covert Military Operations: Disclosure of communications 
concerning covert operations jeopardizes the United States’ 
ability to conduct missions. vital to the national defense and 
world peace. The risks involve not only extreme embarrass- 
ment to our government, but also danger to the lives of the 
personnel involved. 

_b. Counterintelligence Operations: Only through the aggres- - 
sive pursuit of counterintelligence initiatives such as double- 
agent operations, surveillance, and eavesdropping can the 
United States protect itself from the threat of espionage con- 
ducted against our defense establishment. Disclosure of 
SPECAT communications concerning such operations allows 
hostile intelligence services to develop countermeasures and ` 
techniques to render these operations ineffective. 

c. Human Intelligence (HUMINT) Operations: HUMINT is 
unquestionably the most fragile of intelligence sources, due to 
the difficulties in recruiting human agents, the ease with 
which they are lost, the personal danger often involved and be- 
cause the quality of information is entirely dependent on the 
abilities of the individual recruited. Disclosure of any informa- 
tion relating to HUMINT operations, even the intelligence 
report derived from HUMINT can lead to loss of the source, 
personal harm to the agent and the insertion of false and mis- 
leading information through the agent once the target organi- 
zation becomes aware. 
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10. Based upon an analysis of Whitworth's access to classified in- 
formation during his participation in the espionage scheme, on the 
trial testimony, and on debriefings conducted by the Office of 
Naval Intelligence, we wish to point out certain areas of concern: 

a. Mr. Whitworth met with John Walker two to four times 
per year between 1976 and 1985, and supplied Walker with be- 
tween twenty-five and fifty rolls of Minox film at each meet- 
ing. Since the rolls were undeveloped, Walker cannot assure us 
of their content, but he believes that it was largely photo- 
graphed key material. The amount of money paid by the Sovi- 
ets corroborates that belief. Whitworth was originally paid 
$2,000 per month for the material he supplied, however, this 
was subsequently increased to $4,000 and then $6,000 per 
month later in the conspiracy. 

b. We also know that Whitworth compromised detailed plans 
for primary, secondary. and ae communications cir- 
cuits which are used by the National Command Authority to 
maintain contact with operational units. With this knowledge, 
an adversary can gain significant advantage during crisis 
events or hostilities. 

c. Whitworth also compromised operational military plans, 
operations orders, and operational message traffic over a sig- 
nificant period of time. For example, he provided the Soviets 
with a full year of operational message traffic from the USS 
Enterprise, including TOP SECRET information. He also com- 
promised the operations order for Fleet Exercise 83-1, a unique 
exercise conducted near the Soviet coast by three carrier battle 
groups. We believe that he also compromised the communica- 
tions plan for all U.S. naval forces in the Indian Ocean and all 
littoral nations. 

11. Most importantly, the activities of Jerry Whitworth, continu- 
ing as the principal agent of collection for John Walker, permitted 
the Soviets to gauge the true capabilities and vulnerabilities of the 
U.S. Navy. The U.S. Navy is a technology-intensive service, con- 
ducting sophisticated and often sensitive operations using highly 
advanced warfare capabilities. Soviet access to those operations and 
capabilities provided them with the motivation to dramatically im- 
prove the Soviet military posture, and identified the specific steps 
which could achieve the largest gains relative to the U.S. It al- 
lowed them the focussed insights required to reduce their own vul- 
nerabilities while simultaneously increasing the vulnerability of 
the U.S. We have seen clear signals of dramatic Soviet gains in all 
naval warfare areas, which must now be interpreted in light of the 
Walker-Whitworth espionage conspiracy conducted over approxi- 
mately two decades. Mr. Whitworth’s role was all the more impor- 
tant because of the new directions taken by the U.S. Navy during 
his years of collection for the Soviets. For example, through Whit- 
worth the Soviets were able to monitor the U.S. Navy transition to 
use of satellite systems as its principal communication network. _ 

12. In conclusion, the U.S. Navy and the nation have been seri- 
ously wounded by Jerry Whitworth’s breach of faith and honor 
wherein he agreed to sell the secrets with which he was entrusted 
to a foreign power for personal gain. His misuse of a position of 
trust in naval communications has jeoparized the backbone of this 
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country's national defense. Recovery from the Walker-Whitworth 
espionage will take years and millions of taxpayer dollars. Even 
given these expenditures, we will likely never know the true extent 
to which our capabilities have been impaired by the traitorous and 
infamous acts of Jerry Whitworth. 

WILLIAM O. STUDEMAN, 


Rear Admiral, United States Navy. 
Subscribed and sworn to before me this 25th day of August 1986. 
PATRICK A. GENZLER, 
; Lieutenant Commander, 
Judge Advocate General's Corps, United States Navy. 
Notary service provided in accordance with 10 U.S.C. sec. 936. 


UNITED STATES District Court, NORTHERN DISTRICT OF CALIFORNIA 
Unrrep STATES OF AMERICA, PLAINTIFF, 
v. 
JERRY ÁLFRED WHITWORTH, DEFENDANT 


CR. No. 85-0552 JP 


I, John L. Martin, declare under penalty of perjury that the fol- 
lowing is true and correct: 2. . 

1. I am Chief of the Internal Security Section of the Criminal Di- 
vision of the United States Department of Justice in Washington, 
D.C. As such, I am responsible for the regnis of all investiga- 
tions and prosecutions of violations of the espionage law. In the 
performance of my official duties, I am routinely briefed on foreign 
counterintelligence matters by the agencies of the United States in- 
telligence community including the Federal Bureau of Investiga- 
tion, Central Intelligence Agency and National Security Agency. 

2. By virtue of my position in the Department of Justice, I am 
aware of the facts surrounding the defection to the United States 
in July, 1985, of Admiral Vitaly Yurchenko, then a high official of 
the primary Soviet intelligence agency, the K.G.B. (Committee for 
State Security) The information set forth in this declaration was 
provided to me by United States government officials who were re- 
sponsible for debriefing Admiral Yurchenko. 

3. Vitaly Yurchenko defected to the United States by voluntarily 
walking into the United States Embassy in Rome, Italy, in July, 
1985. Yurchenko was at that time a 25-year veteran of the K.G.B., 
having attained a military rank in the Soviet Navy of Admiral and 
serving since March of 1985 until his defection as Deputy Chief of 
the First Department of the First Chief Directorate. The First 
Chief Directorate of the K.G.B. is responsible for the clandestine 
acquisition of intelligence outside the Soviet Union, and the First 
Department of that Directorate is responsible for such activities in 
the United States and Canada. Previously, Yurchenko served as 
Chief of the Fifth Department of Directorate K of the K.G.B., 
where he supervised internal security matters, including cases in- 
volving suspected espionage by K.G.B. officers. Yurchenko had var- 
ious responsibilities for internal security matters for a ten year 
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period, including a five-year assignment from 1975 through 1980 as 
principal security officer at the Soviet Embassy in Washington, 
D.C. In that position, he was in charge of liaison between the em- 
bassy and United States law enforcement officials concerning the 
security of the embassy, and had responsibility for assuring the loy- 
alty and security of K.G.B. officers asigned to the Embassy. During 
his career, Yurchenko was the recipient of many awards and deco- 
rations. In July, 1985, shortly before his defection, Yurchenko re- 
ceived the K.G.B.'s highest honor, the title of "Distinguished Offi- 
cer of the Organs of State Security." 

4. One of Yurchenko's responsibilities as a Deputy Chief of the 
First Department of the First Chief Directorate was to review and 
supervise the handling of important cases in the United States and 
Canada. Moreover, because of his previous experience and exper- 
tise in matters of security in the K.G.B., Yurchenko was frequently 
consulted when K.G.B. officers came under suspicion of having 
been compromised. 

5. As the evidence in the trial of this case showed, John Anthony 
Walker, Jr. was observed making a “drop” of classified information 
to a Soviet intelligence officer on May 19, 1985. He was promptly 
arrested and charged. Publicity concerning his arrest was wide- 
spread. It was also widely publicized that Walker's former wife, 
Barbara Walker, had tipped the FBI to Walker's espionage months 
before his arrest. 

6. Soon after Walker's arrest and the attendant publicity, Yur- 
chenko was briefed and consulted about the Walker case. The 
K.G.B. did not believe that the FBI had been tipped by Barbara 
Walker and suspected that one of the K.G.B. officers directly in- 
volved with Walker had been compromised by Western intelligence 

ncies. Because of his expertise in internal security matters, Yur- 
chenko's advice was sought with regard to the appropriate course 
of action for dealing with the suspected compromise. In his position 
in the First Department, it was also appropriate to brief him con- 
cerning the Walker/Whitworth case. Because of the high degree of 
compartmentalized protection given to a case like Walker-Whit- 
worth, Yurchenko, despite his previous assignments involving in- 
ternal security and at the Soviet's United States Embassy, had not 
previously been aware of the Walker/Whitworth operation. 

7. From his briefings, Yurchenko learned that the K.G.B. regard- 
ed the Walker/Whitworth operation to be the most important oper- 
ation in the K.G.B.'s history. 

8. Yurchenko stated that the information delivered by Walker 
enabled the K.G.B. to deciper over one million messages. Early on, 
operation was transferred to Department Sixteen of the K.G.B, 
which handles only the most sensitive and important clandestine 
K.G.B. operations around the world. . . : 

9. The K.G.B. officers who handled the operation received impor- 
tant promotions and decorations for their successes. One of these 
officers secretly received the "Hero of the Soviet Union" award 
after the Soviet Navy expressed its delight over the success of the 
operation. Two other K.G.B. officers involved with the Walker/ 
Whitworth operation were awarded the coveted "Order of the Red 
Banner." Certain K.G.B. officers from Department Sixteen were, at 
various times, assigned to the Soviet Embassy in Washington solely 


103 


Page 529 of 3957 


Page 530 of 3957 


104 


to handle "drops" made in connection with Walker/Whitworth es- 
pionage. The most recent of these, Aleksey Tkachenko, was re- 
turned to the Soviet Union when Walker was arrested. 

10. Yurchenko was informed by a high K.G.B. official that the 
information learned from the Walker/Whitworth operation would 
have been "devastating" to the United States in time of war. 

Dated: August 26, 1986. 

JOHN L. MARTIN, 


Chief, Internal Security Section, Criminal Division. 
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APPENDIX B 


[From the Defense Security Institute Security Awareness Bulletin, August 1984] 


PARTNERS IN ESPIONAGE 


THE CASE OF JAMES HARPER AND RUBY LOUISE SCHULER 


An American named “Jimmo” sporting an Irish Brotherhood me- 
dallion meets a Polish intelligence agent called "Jacques" at the 
Museum of Anthropology in Mexico City—such is the internation- 
al, and distinctly bizarre, flavor of the latest espionage case to hit 
the Defense Industrial Security Program. 

This is the case of James Durward Harper who was sentenced to 
life in prison, with a recommendation that he never be paroled, on 
May 14, 1984. He had pleaded guilty in April to selling classified 
documents to the Polish Intelligence Service. The material, classi- 
fied up to Secret, pertained to survivability of the Minuteman mis- 
sile system and to U.S. defenses against attack by ballistic missiles. 

Harper was a self-employed electronics engineer in Mountain 
View, California. He first became involved with the Poles in 1975 
when a business associate, William Bell Hugle, introduced him to 
Polish agents seeking U.S. electronics technology. 

Harper was at that time running a small firm, which made and 
marketed the world's first digital stopwatches. He sold technologi- 
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cal information to the Poles for several thousand dollars. During 
this period, Harper did not hold a security clearance and had no 
direct access to classified information. 

But in May 1979 Harper began what appears to have been a sort 
of “business-romance” with a woman named Ruby Louise Schuler. 
She held a Secret clearance as executive secretary to the president 
of Systems Control Inc., (SCI) in Palo Alto, California, a Defense 
contractor doing research for the U:S. Army Ballistic Missile De- 
fense Advance Technology Center, Huntsville, Alabama. Schuler 
agreed to provide documents to be copied and sold. Harper contact- 
ed Hugle who, in return for a share of the proceeds, arranged a. 
meeting with Polish Intelligence in Warsaw. 

Harper conducted a total of a dozen meetings with Polish agents 
in Warsaw, Vienna and various locations in Mexico betwen July 
1979 and November 1981. He received approximately $250,000 for 
documents whose loss has been rated by Army experts as “beyond 
calculation." 

Harper and Schuler were married in October 1980. She died in 

: June 1983 from complications of cirrhosis of the liver. 

James Harper was ultimately arrested in October 1983, partly on 
the basis of information from a source within the Polish Intelli- 
gence Service. But his apprehension was also partly due to his own 
futile efforts to negotiate immunity and and a double-agent role for 
himself through anonymous contacts with the CIA and the FBI. 
Shortly after his arrest numerous classified documents were recov- 
um from a safe deposit box in his name in a bank in Tijuana, 

exico. 

The case against Harper has now been completed with his sen- 
tencing and incarceration. But certain aspects of this investigation 
remain active. Some details have not yet been released, and of 
course some never will be. 

This account is based primarily open court papers pertaining to 
the per nen of Harper, especially affidavits and testimony by 
the FBI investigators. We have also drawn upon a follow-on inspec- 
tion. of the cleared facility by the Defense Investigative Service. 

The most detailed account of Harper's activities was provided b 
prosecution testimony at a pre-sentencing hearing on April 16, 
1984. This hearing did not receive extensive coverage in the press, 
although more limited information available at the time of Harp- 
er’s arrest last October was widely reported. 

As additional information becomes available on the case, we will 
provide follow-up articles in future Bulletin issues. 


HIGH STAKES HAGGLING 


Accompanied by his friend Mr. Hugle, James Harper sat down 
on July 17, 1979 in Warsaw across the table from Zdzislaw Przy- 
chodzien, known publicly as an official of Polish Ministry of Ma- 
chine Industry but in fact a lieutenant colonel in the Polish Intelli- 
gence Service and head of an intelligence section or “Wydzial” 
using the Ministry as cover for collection operations against the 
West. Przychodzien was fluent in English, having been assigned to 


he EU in the 1970's with the Polish Commercial Office in New 
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Harper described the materials now accessible to him through 
Louise Schuler at Systems Control, including classified documents 
pertaining to U.S. strategic forces and ballistic missile defenses. 
And he provided reproduced excerpts of ten documents. (Enroute to 
Warsaw he had placed copies of the full documents in a safe depos- 
it box at the Citibank in Paris.) 

Przychodzien was very interested in the material. He promised 
generous payment, although he demurred at the American's initial 
asking price of one million dollars. Also discussed at this July 
meeting were other materials available to Harper including com- 
puer database tapes obtainable through his contacts in Silicon 

ey. 

Harper and Hugle agreed to meet with Przychodzien again in 
Vienna the following October. On that occasion Harper delivered 
full copies of the ten documents which Przychodzien had previewed 
earlier. He also provided excerpts of additional documents. 

But a disagreement arose, or rather erupted, over the matter of 
payment. Harper and Hugle had come down a good deal from their 
original demands, but they understood that $15,000 would be paid 
for one of the ten documents. When Przychodzien declined to pay 
that much Hugle started a shouting match which quickly broke up 
the get-together, which was taking place in a public lounge at the 
Hotel International. 

Harper had travelled to Vienna with Louise Schuler. They left 
the city immediately following this incident and returned to Cali- 
fornia. Harper was naturally unsure of his position with Przychod- 
zien. 

It appeared that the Poles were not as interested in the classified 
Defense documents from SCI as he had originally thought, so he 
buried them, in an out-of-the-way location in the San Joaquin 
River delta near Stockton, California—just for safe-keeping in case 
a buyer could later be found. 


SOGGY SECRETS AND GREETINGS FROM YURI 


At this point Harper wanted nothing further to do with the ex- 
citable Mr. Hugle, but he was able to reestablish contact with Przy- 
chodzien through a friend in Switzerland, and he returned to 
Warsaw in May 1980 with the Silicon Valley database tapes and 
without any classified documents. 

But it was the classified ballistic missile material that Przychod- 
zien really wanted. The intelligence officer paid $10,000 for the ten 
documents delivered at the stormy meeting in Vienna, apologized 
for the misunderstanding and urged Harper to come back with all 
of the Defense documents he could get his hands on. ) 

So Harper went back to the delta, dug up his "stash and trans- 
ported the additional documents to Warsaw (via Vienna and 
Geneva) the following month (June 1980). Harper later estimated 
that this second delivery of reports, some of which were classified, 
weighed about 100 pounds. The documents were somewhat the 
worse for their seven month interment on the banks of the San 
Joaquin River. But Przychodzien's people worked through the 
night of June 5 to separate the matted pages and restore the mate- 
rials to decipherable condition. 
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On June 6 the documents were brought to the Soviet Embassy 
where a team of 20 KGB experts, flown in specially from Moscow, 
declared them to be genuine and extremely valuable. Harper was 
paid $100,000 on this occasion. A month later Przychodzien and his 
unit received a commendation for their efforts, directly from KGB 
Chairman Yuri Andropov. 


JIMMO MEETS JACQUES 


Harper next returned to Warsaw in September 1980, this time 
bringing along a document registered for the safe in his wife's 
office, i.e., an inventory of all documents in the SCI president's se- 
curity container. The Poles selected several items for purchase and 
Harper delivered them during visits to Warsaw in October and No- 
vember 1980, receiving $20,000 in payment. : . 

During the November meeting with Przychodzien Harper was in- 
structed to meet next time in Mexico City with a Polish agent 
whom he knew only as 'Jacques." Harper himself was given the 
code name “Jimmo.” He occasionally wore an “Irish Brotherhood” 
medallion, and this was to be used as a recognition device. In addi- 
tion, Harper wrote a limerick on the back of the laundry slip. This 
was then torn in half, and Jimmo and Jacques were to confirm 
identities by matching the halves of the paper. 

The first meeting with Jacques took place as agreed at the cash- 
ier cage of the Museum of Anthropology on December 14, 1980. 
Harper brought no documents, treating the occasion as a dry run 
to establish contact and “get the feel of the city.” Jacques paid him 
$10,000 anyway, and at the next encounter in the same city two 
$5000 later Harper brought nine Secret documents and received 

Following one more transaction with Jacques (eight classified 
documents and excerpts of 30 more, in return for $50,000), Harper 
told the agent in September 1981 that he was dissatisfied with the 
payments he was receiving. He brought no documents to the Sep- 
tember meeting, in Guadalajara, and received no payment, al- 
though Jacques had brought along $30,000 for the 30 documents 
previewed last time in extract. It was agreed that Harper would go 
= to Warsaw to work out his complaints with Przychodzien di- 
rectly. 

This was in fact the end of Harper's active dealings with the 
Poles. He made a trip to Warsaw in November 1981 and spoke with 
Przychodzien, but he remained dissatisfied with the payments of- 
fered and no further contacts ensued. 

Before going to Warsaw Harper had driven with Louise to Tijua- 
na and placed his remaining collection of classified documents in a 
safe deposit box, where. they remained until retrieved by the FBI, 
with Harper's cooperation, following his arrest. 

These were actully the last documents available to Harper, since 
Louise lost her clearance in August 1981— not due to any suspicion 
of her activities but rather due to acquisition of her company by a 
foreign firm. 

Under an arrangement approved by the Department of Defense, 
SCTs Defense contracts have been retained by a "spin-off' compa- 
ny insulated from the parent by a stock proxy agreement. The fa- 
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cility clearance for this subsidiary was later upgraded from Secret 
to Top Secret. But Ruby Schuler remained an employee for the 
original SCI organization, now under British ownership, and her 
Secret clearance was administratively terminated as a result. 

She had major surgery in August 1982 and died the following 
June of cirrhosis of the liver. Her death certificate lists ‘‘alcohol- 
ism" as a "secondary cause" of death. 


PLAYING BOTH ENDS 


In September 1981, at the time he was becoming increasingly un- 
happy about his exchanges with the Poles, Harper contacted attor- 
ney William Dougherty requesting that Dougherty act as go-be- 
tween in negotiations with the CIA and FBI. Harper wanted to ar- 
range immunity from prosecution in exchange for information on 
his activities and services as a double agent. While concealing his 
identity from the lawyer, he provided detailed written and tape-re- 
corded accounts of his espionage activities through Dougherty to 
the government. This continued for two years until Harper's ulti- 
mate arrest, although the government showed no willingness to 
agree to his terms. 

Investigators succeeded in positively identifying him in March 
1983. He was immediately placed under physical surveillance at his 
home in Mountain View, California, where he was at that time 
living with Louise. Wiretaps were also authorized and installed on 
their telephone. 

Investigators were able to learn the location of a storage locker 
where Harper kept records of his activities. They also learned that 
he was planning overseas travel and was again in contact with the 
Swiss friend who had arranged earlier meetings with Przychodzien. 

He was arrested on October 15, 1983, forestalling any chance 
that he would turn over his remaining documents. 


THE KGB CONNECTION 


One lesson of this case is unmistakable confirmation of the inti- 
mate ties between Warsaw Pact intelligence services and the Soviet 
KGB. It is clear not only that the Polish Intelligence Service works 
closely with the KGB, but that they in fact work for the KGB. 

When Harper brought his main installment of documents to 
Warsaw in June 1980 the Poles spent the night putting the pages 
in order, but once collated the materials were immediately turned 
over to the Soviets for evaluation and analysis. f 

Harper has stated to the FBI that the tasking presented him by 
the Polish agents was derived from a “master shopping list” pro- 
vided by the Soviets. And this has been confirmed by the Polish in- 
telligence officer who served as a source in breaking the Harper 
case. U.S. investigators have not revealed the source’s identity but 
they have testified that he was an officer of the Polish Intelligence 
Service at the time Harper was active, that he was a close col- 
league of Zdzislaw Przychodzien and that he served as liaison offi- 
cer with the KGB for Przychodzien’s intelligence unit. The source 
has confirmed that Polish agents respond directly to detailed task- 
ing from the KGB, with military collection as a top priority. 
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The Polish source was aware of Harper's activities, although he 
did not know Harper's identity. Przychodzien had told him of the 
initial meetings with an American, fitting Harper's description, 
who had access to ballistic missile information. 

He even recalled seeing a phone message from Hugle written on 
Przychodzien's desk calendar at the time of those first meetings in 
October 1979. This inside information confirmed the authenticity of 
Harper's accounts once his anonoymous statements began coming 
in. 
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SECURITY IN THE FACILITY 


Information so far available does not reveal any major security 
deficiencies at SCI which can be identified as contributing directly 
to Harper's and Schuler's activities. She apparently removed the 
documents from the facility to be reproduced at home on a paper 
copier which Harper had bought for the purpose. As in most facili- 
ties, governmental or industrial, there were no searches at the 
exists to prevent removal of classified material. 

Schuler was noted in the facility during evenings and weekends. 
On at least one occasion Harper was with her. But this was not a 
violation since he was escorted—by Schuler! Unexplained off-hours 
activity has often been highlighted as a possible indication of espio- 
nage, and this is another case in point. 

a result of the case the company has centralized its classified 
document storage at one location under direct control of the securi- 
ty officer (something which would obviously not be possible for a 
larger facility, and they have implemented tighter personnel 
access controls for non-working hours. 

There are some indicators that certain adverse information re- 
garding Louise Schuler was known to co-workers and company offi- 
cials and was not reported. She was, first of all, an alcoholic and 
ultimately died of complications from that disorder. Quotations in 
the press indicate that co-workers were aware that she carried 
vodka in her purse and drank on the job. An inquiry into that 
issue might have revealed some indication of her illicit activities, 
or possibly exerted some deterrent effect. 

_In addition, a former employee of the company, also a cleared in- 
dividual, had a close involvement with Louise during much of the 
period in question, and he was aware not only of her drinking but 
also of her unexplained income. She does not seem to have flaunted 
her ill-gotten gains in a public sort of way, and most co-workers 
would have had no occasion to notice anything out of the ordinary. 

But this other employee was with her on at least one occasion 
when she placed a large stack of $100 bills in a safe deposit box at 
a local bank, and he did not report this. 


THIS CRIME DIDN'T PAY 


Much of what makes the Harper case an interesting story also 
makes it an atypical story, therefore limiting its value as a source 
of “lessons-learned” for future reference and edification. But it 
does bring to the public view a rare glimpse of the inner workings 
of a foreign intelligence service. And it emphasizes the clear and 
present danger which espionage poses to our national security. 
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The case dramatically demonstrates that our security system is 
inherently and perhaps inevitably vulnerable to betrayal from 
within. Procedures and physical barriers can keep uncleared people 
from direct access to classified material. But when a cleared person 
goes bad, our defenses have already been breached and some 
damage is bound to occur. 

Above all, the case highlights yet again that our system rests ul- 
timately upon the integrity of the cleared individual. We must 
strive to indentify and motivate that quality, however elusive. 

Finally, the sentence received by Harper provides a "lesson- 
learned" that is hard to overlook. 

At the time of sentencing Judge Samuel Conti emphasized that 
he had "never heard the defendant say that he was sorry," and he 
called Harper's criminal activities "beyond comprehension or toler- 
ation." "Your actions have exposed all of our people to risk and 
danger," he said, "a danger that could well extend into the 21st 
century." 

"There can be no crime more serious than that of selling our 
country's defense secrets to a foreign government," the Judge 
stated. “Your crime concerns each and every living and yet unborn 
citizen of this country," and it threatens "the very heart and exist- 
ence of our freedom." 

“It is ironic, indeed, that you pled guilty on April 15th, and 
that's the very day that all federal income taxes were due. It goes 
without saying that a great portion of the billions paid in taxes 
goes for national defense and yet you, for your own personal greed, 
would cause many of these billions to go for naught and to the ad- 
vantage of a foreign power." 

The judge then imposed the maximum sentence—life imprison- 
ment, with recommendation against parole. 
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APPENDIX C 


[From the Defense Security Institute Security Awareness Bulletin, June 1983] 


CAuGHT UNAWARES: THE CASE OF WILLIAM BELL AND MARIAN 
ZACHARSKI 


Marian Zacharski arrived in Los Angeles from Poland in late 
1976. He was assigned as West Coast Branch Manager for the 
Polish American Machinery Company (POLAMCO), a U.S.-incorpo- 
rated firm serving as marketing arm for the Polish trade agency, 
Metal Export. 

But machinery was not Zacharski’s only business. He was also 
covertly assigned by the Polish Intelligence Service to spot and re- 
cruit agents within California aerospace industry. And he was for a 
time highly successful in both his occupations. By early 1981 (at 
the age of 29) he had been appointed president of POLAMCO, and 
he had recruited at least one agent with access to important classi- 
fied weapons information and technology. 

Thereafter, Zacharski’s fortunes took a turn for the worse, and 
by the end of 1981 he was serving a life sentence for espionage 
against the United States—but not before doing both a lot of good 
for Polish exports and a lot of harm to U.S. national security. 

William Bell was Zacharski’s agent. He was born in Seattle, 
Washington on May 14, 1920. He was employed an an engineer 
with Hughes Aircraft Company and met the Polish businessman in 
1977 at the Cross Creek Apartments in Playa del Rey where both 
were residents. The two shared an interest in tennis as well as a 
common concern with the aerospace industry, where Zacharski sold 
much of his industrial equipment. 

After almost a year of purely social and recreational contacts, 
Zacharski began to ask Bell for unclassified literature from work. 
Then he asked for “interesting” material and received first Confi- 
dential, then Secret documents to look over. He paid Bell lavishly 
for his minimal “consulting” work. And when Zacharski proposed 
that Bell, for additional thousands of dollars, photograph classified 
documents and carry them to Europe to meet other Polish repre- 
sentatives, Bell was ready to go along. Soon he felt “over his head” 
and too committed to back out. William Bell is now in prison, serv- 
ing an eight-year sentence. 

Zacharski’s recruitment approach was a standard one. It should 
be as familiar and hence as ineffective as attempts to sell shares in 
the Brooklyn Bridge. But Bell’s susceptibility was not the result of 
tender years, or slim experience or lack of education, training or 
intelligence. He was 57 years old when he meet Zacharski, with 25 
years in Defense work, a B.S. in applied physics from UCLA and 
two overseas tours with his company. 
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, Bell had been briefed on the threat of hostile intelligence serv- 
ices, but he did not recognize the classic approach when he encoun- 
tered it in real life. He did not believe that it could actually be hap- 
pening to him, that this amiable Polish tennis buff (who reminded 
him of his estranged older son) could possibly be anything other 
than what he appeared to be. 

Bell was experienced, educated and informed—but not aware. We 
are using his story, as he has recommended that it be used, to en- 
hance the awareness of others who may face a similar approach— 
and in the hope that they will respond by promptly reporting such 
contacts to security officials, for their own protection and for the 
protection of U.S. national security. 


I. THE FACTS 


Marian Zacharski was arrested for espionage in June 1981 and 
went to trial in October. He was convicted largely on the basis of 
William Bell's testimony against him, and Bell's lighter sentence 
was based in part upon consideration of his cooperation with the 
government in the final stages of the investigation and the trial. 
This account of the Bell/Zacharski espionage case is based primari- 
ly upon the transcript of Zacharski's trial. It also draws upon Bell's 
testimony in May 1982 before the Senate Permanent Subcommittee 
on Investigations. 


Troubled times 


In the Fall of 1977, when he was first introduced to Marian Za- 
charski at the swimming pool of the Cross Creek Apartments, Wil- 
liam Bell had recently returned to Los Angeles from an assignment 
in Brussels as Manager of European Operations for the Radar Sys- 
tems Group, Hughes International Corporation. He was now a 
Project Manager in the Advanced Systems Division, Radar Systems 
Group at the main Hughes facility in Los Angeles. 

Bell held a Secret security clearance and was responsible, as he 
later testified, for "development and promotion of the radar fire 
control product line for tank vehicles. He had been with Hughes 
since graduation from UCLA in 1952, employed entirely at the Los 
Angeles facility except for two European assignments (in the mid- 
1960’s and from 1974 to 1976). 

In his Senate testimony Bell stated that these overseas assign- 
ments had been "financial nightmares" for him, "although they 
are touted as glamorous and lucrative." Upon his return in 1976, 
he recalled, he was "pursued by four separate IRS offices for back 
taxes on disallowed deductions primarily arising out of my overseas 
assignments." The year of 1976 was in fact a low point in Bell's life 
for a number of reasons. He was divorced from his wife after 29 
years of marriage ("in an extended proceeding") and was faced 
with alimony payments of $200 per week. His accumulated debts 
forced him to file bankruptcy in July 1976. During the previous 
year, Bell's family had suffered a tragic loss when his 19-year-old 
son died in a camping accident in Mexico. 

In addition to finanical hardship, divorce and personal tragedy, 
Bell also later recalled feeling “like an outsider” upon his return to 
the Los Angeles plant. "I returned from Europe to find a younger 
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group at Hughes and I [was] shunted off to a quiet back room." But 
regardless of any disappointment with his assignment, Bell was in 
fact given major responsibilities for development of advanced weap- 
ons systems—a fact which Marian Zacharski was quick to learn. 
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New beginnings 
When he met Zacharski in 1977 Bell was attempting to make a 
new start. He had remarried (“to a young Belgian citizen," former- 

_ ly his secretary overseas) and had taken up residence with her and ~ 
her six-year old son at the Cross Creek Apartments. He was 
making a gradual financial recovery (although alimony, taxes and 
debts still put a strain on his $35,000 income). And he found com- 
fort in the companionship of a close friend: 


Zacharski and his wife moved into the apartment com- 
plex and I began to play tennis [with him] on a daily basis. 
He slowly became my best friend. He was about the age of 
my oldest son who had been close to his mother and quite 
distant from me since our divorce. 


Marian “made friends easily," Bell recalled. The two couples so- 
cialized frequently both by themselves and with an informal “little 
United Nations," a social group at the complex consisting of cou- 
ples one or both of whom were foreign nationals. And the two men 
found common professional interests as well. Zacharski was a 
skilled and successful salesman of industrial equipment and the 
California aerospace industry was one of his principal sales targets. 
He naturally discussed the aerospace business with his tennis part- 
ner and, in about mid-1978, he asked Bell for help in making con- 
tacts at Hughes and other companies in the field. 

Bell gave Zacharski's name to a purchasing manager at Hughes 
and also contacted people at Lockheed and Northrop. And for this 
Zacharski paid him approximately $5,000. At the trial, the cross- 
examining attorney wondered why Bell had not been suspicious of 
such generosity. He had been, he claimed, though evidently only 
temporarily. "To recieve four or five thousand dollars for doing 
pratically nothing made me very suspicious." 


Q: It also made you very glad, did it not, Mr. Bell? 
À: It sure did. I needed the money. 


The conscientious consultant 


Bell and Zacharski discussed the possibility that Bell might be 
permanently retained by POLAMCO as a “consulting engineer" ` 
and sales advisor, although the terms of the arrangement were left 
studiously indefinite ("I was working, in a way, and talked about 
working as a consultant for POLAMCO . . ."). Bell began, again 
around mid-1978, to provide printed material from the office, to 
help Zacharski keep abreast of sales opportunities. “It started out 
[with] simple things,” Bell later told the Grand Jury, "like the 
Hughes News," the company newspaper. 

Then came documents of more technical substance. He brought 
Zacharski copies of the Hughes "Vector," a technically-oriented 
publicity sheet on company programs. Zacharski had specifically 
requested these openly-published materials. But then Bell began to 
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volunteer materials in response to Zacharski's general expressions 
of interest. "I could tell from our conversations that they were 
things that he would like to see." "We would be talking about it at 
the tennis court—unclassified documents in the beginning." 

During the summer of 1978 he provided Marian with several doc- 
uments “related to items that were machined.” These were unclas- 
sified, at least for the most part, but “there was possibly one confi- 
dential. . . . I’m not certain.” Bell has never been sure of exactly 
when he first showed Zacharski a Confidential document—or just 
which or how many such documents he had compromised. 

He may also have been uncertain in his grasp of security re- 
quirements for the handling of Confidential material, as indicated 
by this courtroom exchange between Bell and prosecutor Robert 

rewer: 


Q: Would that [taking documents home] be a violation of 

. . security policy? 

A: Not a confidential document no. You can bring confi- 
dential documents home. You cannot bring secret docu- 
ments home. 


CAWGS, LPIR and DPWS 


The Secret documents which Bell compromised can be more reli- 
ably identified since the company maintained accountability 
records for them (not required by the Industrial Security Manual 
for Confidential) Bell determined that his first transfer of Secret 
. material occured in October or November of 1978 when he lent Za- 
charski (at the tennis court) Copy No. 8 of the "Proposal for a 
Covert All-Weather Gun System, Executive Summary, Volume I." 
Bell was the author of this material. He wanted Zacharski to un- 
derstand his role at Hughes and he wanted to impress him with his 
work. "I was proud of it," he said of the Executive Summary, "and 
I gave it to him." Later Bell turned over an unclassified document 
on the same subject and stamped it Secret “to make it look more 
important." 

The Covert All-Weather Gun System ("CAWGS") was the pri- 
mary development project under Bell's technical management at 
that time. It envisioned the application to tanks of the Low Proba- 
bility of Intercept Radar ("LPIR") or “quiet radar." LPIR utilizes a 

isguised radar signal which is difficult for enemy targets to identi- 
fy as radar; they are thus prevented from taking evasive action or 
using the radar signal for directing return fire. The CAWGS, subse- 

uently redesignated the Dual Purpose Weapon System or 
“DPW” (to be used against both aircraft and other tanks), was 
Bell’s main responsibility throughout his relationship with Za- 
charski. It was, according to trial testimony, the principal program 
compromised by his espionage activities. 
A Friend in Need 

It was announced in mid-1978 that the Cross Creek Apartments 
would be converted to condominiums. Bell and his wife wanted to 
remain, but he was worried that he could not make the down pay- 
ment required to purchase this unit. His friend Zacharski said he 
might be able to help. And in February 1979 he provided Bell with 
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$12,000 in two payments handed over in envelopes at the door of 
Bell’s apartment. They were speedy and uncomplica transac- 
tions, as Bell later testified: "Q: Did you say anything to him? A: 
"Thanks.' » 

He used the money for the condominium payment and for back 
taxes. He assumed that the money was from POLAMCO's “market- 
ing" fund. And he credited Marian's good will with inspiring this 
generosity. "I thought we were good friends and I knew he would 
like me to stay in the apartment complex. I wanted the condomini- 
um and 1 accepted the money." 
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Foreign liaison l 

Bell still thought it was in connection with “consulting” activi- 
ties when Zacharski suggested, in the Summer of 1979, that he 
travel to Europe to meet certain unidentified Polish representa- 
tives (“whom I thought would be POLAMCO people”). He was 
asked to photograph documents from work and bring the film with 
him to the meeting in Innsbruck, Austria. Marian had earlier 
given Bell a Canon movie camera, which turned out to have a 

. frame-by-frame capability ideal for photographing documents. He 

provided a tripod and special film and instructed Bell in using the 
camera in his bedroom. 

William Bell departed on the first of four overseas “missions” on 
November 26, 1979. Marian gave him about $2,500 for expenses, al- 
though Bell’s wife was an airline flight attendant and his trans- 
Atlantic fare was $18. On the morning of November 30 he went to 
a pre-designated restaurant in Innsbruck and was met by a man 
who introduced himself as “Paul” and asked “are you a friend of 
Marian's?"—the agreed-upon recognition signal. The two left the 
restaurant and entered a car driven by another man (name not re- 
called) and drove to the outskirts of Innsbruck. 

Bell handed over his film and the three men discussed Bell's 
work, the types of information he should attempt to collect and the 
need for secrecy and security. At one point Bell was shown a pic- 
ture of his wife and son. "He [Paul] told me that I had a lovely 
family. Then he said that our security depended upon each other 
and that if anybody got out of line that he'd take care of them." 
The Poles did not dwell on the point, but Bell clearly perceived an 
"implied threat" in Paul's words. Before leaving Innsbruck, he re- 
hla 2 ae and agreed to another meeting in the same city in 

ay : 


Lost innocence 


When he returned to Los Angeles, Bell received an additional list 
of desired collection targets from Zacharski. On this and other oc- 
casions he was surprised at Zacharski's highly specific knowledge 
of system designations and even particular document numbers. 

Q: And did you ever ask Mr. Zacharski where he ob- . 
tained those numbers: 

A: Yes. 

Q: What did he say, if anything? 

À: He didn't answer me. He just smiled. 
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, By now, at the end of 1979, Bell could no longer maintain the 
illusion that he was involved in a (more or less) innocent consulting 
arrangement with POLAMCO. It was clear, as he testified, that he 
was “conducting espionage” for “agents or officers of the Polish In- 
telligence Service.” And Zacharski himself dropped any such pre- 
tense after that time. He made no more requests for assistance in 
promoting machine tools. 

Bell took three more trips to Europe, meeting with one or both of 
the Polish operatives at Innsbruck in May 1980, at Linz (Austria) 
in October 1980 and at Geneva in April 1981. Prior to each meeting 
he photographed several documents with the movie camera in his 
apartment (when his wife was away). At the Innsbruck meetings he 
provided film of unclassified and Confidential documents. At Linz 
and Geneva he turned over copies of Secret material related to the 
DPWS and LPIR system. He continued to receive substantial pay- 
ments, in bills and in gold, from both Zacharski and the handlers 
overseas. 


Deja Vu 


After Geneva, Bell’s next meeting with the Poles was to be in 
Mexico City. He was uneasy about transacting his business there, 
he testified, in part because "Mexico City is where a spy was 
caught, I don’t recall his name." The name, of course, was Daulton 
Lee, accomplice of TRW spy Christopher Boyce. But Bell was re- 
lieved of the necessity of following Lee's footsteps to Mexico. He 
was called to Hughes security on June 23, 1981 to be questioned by 
the FBI. At the trial Special Agent James Reid recalled the crucial 
point of the interrogation as follows: 


[Rem]: I showed Mr. Bell a translation of a Polish news- 
paper article which indicated an individual who had been 
assigned to the U.N. In New York had defected to the 
United States Government. I then explained to Mr. Bell 
that this individual had in fact defected, and that he had 
been providing the FBI with information concerning activi- 
ties of the Polish Intelligence Service in this country. 

Q: What if anything did Mr. Bell say? 

A: Mr. Bell asked, “Did he mention me?" And then with- 
out waiting for an answer, he said, “this is very serious. I 
would like to talk to an attorney." 

[Reid told Bell that he could talk with a government at- 
torney or make a telephone call to an attorney of his own.] 
Q: And after you said that, what happened? E 

A: Well, at that point Mr. Bell physically slumped in his 
chair and he said, “I did it. I do not need an attorney.” 


Bell signed a confession and agreed to cooperate in the further 
investigation of Zacharski. On June 28 he was fitted with a hidden 
recording device when he met with Marian on the apartment 
grounds to discuss further payments and certain sensitive pro- 
grams at Hughes which Zacharski was interested in targeting. Za- 
charski was arrested shortly thereafter. 
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II. THE LESSONS 


The Bell case, like any other espionage case, has its unique and 
peculiar elements. But it is, by and large, a “text-book” case which 
confirms many of the long-standing precepts of counterintelligence, 
as well as patterns derived from recent espionage cases. 


Motive and predisposition " 

Financial gain was Bell’s primary motivation. This is typical of 
most recent cases, and his testimony was quite clear on the point. 
Politics or ideology did not play a part: 


Q: You are not, in other words, a secret Polish patriot? . 
À: No I am not. 


The motivation was primarily mercenary. “Mr. Zacharski had 
found a fool that needed money. I had a weak spot. He took advan- 
tage of me." Bell also cited the veiled threats from “Paul.” This 
played some part in his thinking and discouraged him from pulling 
out once he was involved, but "the motive was always money." 
(“Q: Was it worth it? A: No, absolutely not.") 

Financial difficulties and other personal problems were an im- 
portant cause of Bell's susceptibility to recruitment. From his trial 
testimony, it appears that Bell faced the kind of difficulties which 
everyone encounters at some time during life, although the coinci- 
dence of several misfortunes in quick succession clearly contributed 
to an imbalance in judgment. Withdrawal of clearances in cases 
like this would generally be both cruel and unuseful. But certainly 
whatever positive assistance or counselling an organization might 
provide to employees in trouble, combined with an active program 
of defensive security training, will help to ensure that a person like 
Bell is not so choice a target for a person like Zacharski. 

Job dissatisfaction or some element of grudge against the compa- 
ny or the U.S government have figured as predisposing elements in 
several recent cases (Boyce, Kampiles, Edwin Moore, etc.). Bell's re- 
marks display some signs of disgruntlement with Hughes. The Eu- 
ropean assignments were not as “glamous and lucrative” as they 
were “touted” to be; he felt like an “outsider” among the younger 
LTDA at the Los Angeles plant—and so forth. But here again 

ell’s difficulties were of a rather ordinary sort, providing no obvi- 
ous warning of an employee who was ready to take desperate 
measures. 


Espionage indicators 


Several attempts have been made in recent years to draw up a 
behavioral profile of the typical spy, to identify the patterns of ac- 
tivity Which are characteristic of espionage in progress. A listing of 
such "warning signals" published recently by the U.S. Air Force 
Office of Special Investigations (AFOSI) is provided following this 
article (below, p. 122). Bell's is presumably one of the cases which 
underlies this analysis and his activities do in fact lend credence to 
several of the major espionage indicators. AFOSI calls these factors 
an "Ounce of Prevention" since early reporting of suspicious be- 


havior may help to halt an espionage operation before irreparable 
damage is done: 
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Unexplained affluence is well known as a possible tip-off to on- 
going espionage and certainly Bell received a substantial increase 
in income from his illicit activities. His estimates of the total 
amount varied wildely, from $70,000 to $170,000. Payments specifi- 
e od during the trial were totalled to between $101,000 and 

Bell spent or invested most of the money, although some of the 
gold remained unconverted at the time of his arrest and was confis- 
cated by the government. His testimony indicates that he was rela- 
tively conservative in his use of the funds, and even the luxury 
items cited—a “red Cadillac," a $2,000 necklace for his wife and a 
brief vacation to Rio de Janeiro—would not necessarily appear ex- 
travagant for a family with an income of $52,000 (in 1980): Bell, 
$40,000, his wife, $12,000). Much has been made in press coverage 
regarding the "young stewardess" angle in the case, but there is no 
indication that Bell's second wife either contributed to his financial 
setbacks or drove him to seek new income in support of an inflated 
lifestyle. (And she was not in fact an airline flight attendant when 
She met and married him but entered training in Janaury 1979.) 

Bell's windfall earnings were directed not to high living but pri- 
marily to hastening his recovery from bankruptcy. His was a case 
not so much of unexplained affluence as of unexpected en: 
Any major alteration in financial circumstances may be of signifi- 
cance when personnel with access to classified information are in- 
volved. 

Attempts to gain unauthorized access to classified information 
(e.g., beyond legitimate need to know) are often characteristic of 
diligent spies, but Bell seems to have avoided this pitfall. He was 
apparently a cautious (or lazy) agent and did not seek out informa- 
tion beyond his assigned projects. The major compromises con- 
firmed at the trial (LPIR, DPWS) fall within the scope of his pri- 
mary duties as a project manager. 

Removal of classified material from the facility is a more or less 
inevitable accompaniment to spying, and certainly Bell took some 
risk in this regard. When he carried documents home to be photo- 
graphed he was vulnerable to detection since Hughes had a policy 
of random searches at the plant exits. Either Bell was lucky in his 
timing or he was somehow able to anticipate the searches. In any 
case he was never caught in the act. 

Foreign travel, on a regular basis and without sufficient explana- 
tion, is another “tell-tale sign” displayed by Bell and one which 
evidently contributed to his detection. His trips to Europe were 
partially legitimized by company business and family visits. But 
testimony (Bell himself and by a Hughes security official) indicates 
that his overseas travel—and, on one occasion, incomplete report- 
ing of his itinerary—was a factor which helped to place him under 
suspicion. 

Awareness: The best prevention 

So Bell confirms, to some degree, certain of the behavioral pat- 
terns associated with previous cases of this kind. Financial difficul- 
ties and job-related dissatisfaction can predispose an individual to 
espionage. Unexplained income, unauthorized removal of docu- 
ments and unexplained foreign travel may be indicators that espio- 
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nage activity is underway. But the case also confirms the difficulty 
of applying this sort of preventive counterintelligence to real-world 
situations, without the benefit of '20/20"hindsight." The real 
"ounce of prevention" would have involved measures to forestall 
Bell's recruitment in the first place. And there is good reason to 
think that this could have been done—with the infusion of a little 
more awareness. 


"Who Would Expect it . . ." 


This presupposes that Bell was genuinely unaware, during the 
initial stages, of what Zacharski was up to. A more cynical view 
might suppose that he knew exactly what was happening all along 
and complied with Zacharski's wishes, from the beginning, with his 
eyes wide open. But those who investigated and prosecuted Bell are 
inclined to accept his account of the evolution of the case. And Bell 
has testified that, when he returned to the state-side facility from 
Brussels, he assumed that his worries were over where hostile in- 
telligence activities were concerned. “When you are sent to 
Europe," he told the Senate Subcommittee, “you are told to expect 
attempts by foreign spies, but whoever would expect it to happen 
here at home? 

He received the required briefings and signed the required forms 
upon rejoining the Los Angeles organization, but apparently treat- 
ed them as a matter of insignificant routine. A "Security Briefing 
and Termination Statement" was introduced in evidence at the 
trial, and he acknowledge having seen it: "I recall signing the 
normal form you sign when you hire into the company. . . . 
quete are many forms you sign and I am sure that was one of 
them." 
~ “Whoever would expect it to happen here at home?" It was in 
this innocent frame of mind that Bell initially made the acquaint- 
ance of the Polish machinery salesman and then agreed (in fact ea- 
gerly sought) to serve as a consultant for POLAMCO, an arrange- 
ment which included providing inside information on his company. 
The delusion persisted right up to his first overseas visit: 


Even as I went to Innsbruck, Austria, I was rationalizing 
and kidding myself that the persons I would meet were 
representatives of POLAMCO, that this was just the kind 
of industrial espionage that goes on all the time. 


After his return from Innsbruck, Bell knew exactly what he was 
doing and exactly what had been done to him. Why he did not ex- 
tricate himself at that point is a complex psychological question in- 
volving a confluence of material inducements, Zacharski's personal 
magnetism and "Paul's" implicit menace. For whatever reason, 
Bell now felt genuinely trapped. He told the Senators after his con- 
viction: "There is little left of my life now but I feel I am freer in 
prison than I was with Zacharski." . 


The classic modus operandi 


Clearly there was more to this entrapment than simple mone- 
tary temptation. And we must not take too literally Bell's own 
statement that he was “a fool that needed money." A fool he may 
have been and he was certainly hungry for cash. But too much 
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stress on Bell's foolishness can lead us to ignore Zacharski's skill. 
Preoccupation with financial motives, moreover, can obscure the 
fact that many months of cultivation preceded the first mention of 
money between Zacharski and Bell. We must not ignore the subtle 
but powerful psychological influences which reinforced the materi- 
al incentives once offered and laid the groundwork for Bell's recep- 
tivity, by creating a willingness to regard Zacharski's offers as 
well-intentioned, as motivated by friendship and a good will. 


Cover 


Bell's recruitment was the result (not necessarily the only result) 
of a carefully planned and orchestrated intelligence operation. As 
the focal point for this operation, Zacharski was provided with the 
best possible cover for his activities, a cloak of propriety calculated 
to inspire the least possible suspicion. To begin with, his national- 
ity was in his favor. As a citizen of an Eastern European country 
he would not present the same threatening image as a Soviet na- 
tional—although there can be no doubt that the information he col- 
lected was to be shared with Poland's Warsaw Pact ally. (It might 
be recalled in this connection that during the year Zacharski ar- 
rived, 1976, a Presidential candidate had come very close to declar- 
ing Poland a member of the free world!) 

In addition he was provided with a commercial rather than a 
diplomatic position. He was employed, in effect, by the Vise uad 
ernment, but as a salesman of industrial equipment he assumed an 
image which was less official and hence, again, less threatening. In 
addition, he was exempt from travel restrictions imposed upon dip- 
lomats from communist countries and had more flexibility of move- 
ment and greater access to U.S. industrial facilities and personnel. 
Of course commercial status carried with it a certain disadvantage: 
no diplomatic immunity. Zacharski is no doubt now hoping to be 
exchanged for someone imprisoned in the Soviet bloc, but there 
have been no indications that a swap is contemplated. 

Once fitted with suitable camouflage, Zacharski was introduced 
into a promising hunting ground, the technology-rich area of Los 
Angeles, California. He moved into an apartment complex where 
many executives and engineers of aerospace companies were resi- 
dents. And he set to work. 

Closing in 

Having met William Bell, as he must have met many others in 
similar professional positions, and having decided to proceed with 
cultivation, Zacharski worked with extreme caution and practiced 
subtlety. He was a skilled salesman and master persuader and well 
equip for his task. 

Bell testified that they first met in Autumn 1977. He could recall 
no requests of any kind from Zacharski until mid-1978. So Za- 
charski spent the better part of an entire year simply making 
friends with his prospect, insinuating himself into his personal life, 
meeting and befriending his family, assessing his character traits 
(and flaws), learning his likes and dislikes (and sharing them), dis- 
cerning his weaknesses and above all his needs. . : 

Only after many months of this did he begin seeking active as- 
sistance from Bell and overtly feeding his desire for money. Corne- 
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lius G. Sullivan, a former counterintelligence agent with the FBI, 
testified at the trial that this is a crucial "dividing line" in the 
process of developing an agent, the boundary between a simple 
social relationship and one involving overt exchange. This "bar. 
rier" is typically overcome, he said, by first requesting unclassified 
and seemingly innocent items—and this of course is the approach 
which Zacharski adopted. "LP 

There is also a second dividing line—between providing innocent, 
public materials and handing over restricted, sensitive and/or clas- 
sified items. Zacharski used the “consulting” process to bridge the 
barrier between legal and illicit activities, and this was perhaps the 
central gambit in his very successful strategy. It was so effective in 
fact that Bell apparently volunteered the first transfers of classi- 
fied material on his own initiative. 


The "Pitch" 


Offering the prospect of a consulting arrangement, as a prelude 
to espionage, proved successful in this case for a number of rea- 
sons. The promise of additional income appealed to Bell's financial 
hunger, of course. And it must also have appealed to his entirely 
normal professional vanity to be asked to lend his technical exper- 
tise and the benefit of his contacts in the industry. Because the ar- 
rangement was obviously improper to a degree, it introduced a sur- 
reptitious element into the Zacharski/Bell relationship and helped 
to ease Bell toward a fully clandestine role as a full-fledged spy. 
(Bell explained his additional income to his wife as coming from 
work for a Swiss aircraft firm. He asked her to be discreet about 
the arrangement, stating that Hughes would not approve of his 
consulting for a compen to firm.) 

Perhaps above the consulting arrangement permitted Za- 
charski to deceive Bell, and Bell to deceive himself, into regarding 

. the initial compromises of national security information as a venial 
sort of "industrial espionage.” “Within the avionics industry," Bell 
told the Senate Subcommittee, “it is a common practice for all 

_ companies to obtain the secrets of their competitors by the same 
techniques Zacharski used with me." He thought of POLAMCO as 

an American company." They had offered him a job which would 
be "the solution to all my problems." And providing them with 
inside information from Hughes would only be adhering to the 
common practices of the industry, as he interpreted them: 


An engineer for one company is interviewed by the man- 
agement of another. Considerable benefits are dangled in 
front of the engineer in terms of increased earnings and 
better position. He is asked to produce samples of his work 
e n is normally done without regard to security classi- 

ication. ... 


Whether or not Bell accurately describes a common practice, he 
certainly does reflect a common attitude— "Everybody's Doing It.” 
Zacharski exploited this attitude and used the consulting ploy to 
ease Bell almost imperceptibly into his intitial ventures in the ille- 
gal exchange of information. After that Bell felt that it was too 
late to back out, and it was indeed too late to prevent some damage 
to the national security, since some damage had already been done. 
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Thinking about espionage 


“It would have been so much easier to warn me." This statement 
during Bell's Senate remarks does not excuse his crime—and it was 
not offered as exculpatory—but it may be the central lesson- 
learned in the case. Either he was not sufficiently warned, or he 
did not heed the warnings he received. Whether the blame is laid 
upon the system of security education or upon the individual, the 
damage to national security is the same. And better awareness 
training—drawing upon Bell's case as a cautionary example— 
should help to warn others similarly situated. As Bell himself put 
it: "Every person employed in a security job should know what I 
did to myself, to my loved ones and to my country and [should] re- 
alize how easy it is to get trapped." 

In an article published on the anniversary of the trial, the Los 
Angeles Daily News stated the lesson of the Bell case very aptly: 
“When William Holden Bell worked for Hughes Corporation, he 
never seriously thought about espionage. But it happened anyway." . 

inking seriously about espionage, about the reality of espionage, 
is the first requirement of security awareness. And security aware- 
ness is the key to security compliance. 


III. THE BOTTOM LINE 


Based upon the lesson of Bell/Zacharski, and other similar cases, 
awareness briefings should stress the following: 


What you should know 


There is potential danger in any sustained contact with a com- 
munist-country national (and not just with Soviets). You are not re- 
quired to avoid all contact; just be careful. 

Recruitment is a subtle, gradual process (a "long, bit-by-bit 
thing," Bell called it). Cultivation may last for months or years and 
initial active involvement may have nothing to do with espionage 
in any recognizable form. 

Recruitment may involve no elements of blackmail or threat, so 
those who regard themselves as "clean-living" may nonetheless be 
susceptible to this sort of activity. 

Positive inducements are generally more effective than threats. 
And such inducements will involve psychological loys (friendship, 
flattery, sharing of common opinions/interests) as well as (and usu- 
ally prior to) material offerings. . 

‘Entrapment” once it comes is as much a psychological as a ma- 
terial entanglement, and commitment (as in Bell's case) may only 
be ized after the fact. 


What you should do 


As a cleared contractor employee, you must report to the securi- 
ty supervisor: 1) all acts of espionage or suspected espionage, 2) an 
attempt to gain unauthorized access to classified information, 3) 
any compromise or suspected compromise of classified information, 
4) plans for travel to (or through) a communist-controlled country, . 
5) plans to attend any professional meeting where communist-coun- 
try nationals may be in attendance, 6) plans to host a facility visit 
by communist country nationals. 
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You should (for your own protection) report any contact, particu- 
larly sustained contact, with a communist-country national, even if 
purely personal and seemingly casual. In this way you avoid any 
suspicions which might arise regarding your own conduct and 
permit authorities to warn you if the individual is suspected of in- 
telligence involvement. 


POSSIBLE ESPIONAGE INDICATORS: “AN OUNCE OF PREVENTION” 


(Source: U.S. Air Force Office of Special Investigations (AFOSI) 
(Adapted from TIG Brief 18, 1982) . 


From an analysis of confirmed espionage cases, AFOSI has devel- 
oped a listing of characteristics shared by several of the spies in 
varying degrees. While no element of this list of "warning-signs" is, 
in itself, proof of an individual's involvement in espionage, observa- 
tion of such characteristics in the behavior of an individual with 
access to classified information should be a matter of concern to se- 
curity and supervisory personnel. Even where espionage is not 
present, several of the characteristics may be indicative of prob- 
lems in suitability or security which cannot be prudently ignored. 

The list as presented here has been adapted to reflect the special 
requirements applicable to Defense contractors under the Industri- 
al Security Manual for Safeguarding Classified Information (ISM, 
DoD 5220.22-M), as well as requirements for DIS employees. 

Behavior patterns of possible significance include the following. 

Attempts to expand access to classified information, through re- 
peated volunteering for special assignments with additional access 
or inquiries concerning information for which the individual has no 
need to know. 

Unauthorized removal of classified material from the work area, 
by making extra carbons or copies or placing of classified materials 
in briefcase, purses, gym bags, etc. 

Repeated or unusual overtime, especially unaccompanied, where- 
by the individual arranges to be alone or unobserved in an office 
containing classified material. 

Falsifying destruction records by requesting certification or wit- 
nessing signatures for destruction of classified materials which the 
individual has not actually seen destroyed. 

. Sudden, unexplained affluence as indicated by purchase of expen- 

. Sive cars, real estate, jewelry, etc.; by display of large amounts of 
cash; or by lump-sum repayments of significant debts, large stock 
purchases, or opening of substantial savings accounts—in the ab- 
sence of some legitimate source of increased income. Unexplained 
pagan is of particular concern when it follows a period of leave 
or travel. 

_A pattern of recurring travel, within the United States or (espe- 
cially) abroad, perhaps 2 to 4 times per year, without apparent rec- 
reational or business purpose. Married individuals who travel for 

. tourism or recreation unaccompanied by family members may also 
be of concern. 

Falsification of locations visited on leave statements or trip re- 
ports. Also reluctance to describe or ignorance concerning places 
supposedly visited. 
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Travel to Communist countries or on communist-flag ships or air- 
craft not involving an organized tour and not explained by business 
or family connections. Any attempts to visit communist countries 
without complying with applicable reporting requirements is of 
particular concern (e.g., paras. 5u and 6b[9], ZSM). 

Repeated association with Communist-country nationals without 
bona fide business purpose or without required reporting. 
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Note for contractors 


Under the ISM cleared contractor employees must report antici- 
pated contacts with communist-country nationals at professional 
meetings or through facility visits (para. 5u). A forthcoming change 
to the ZSM (new para. 5ah, to be published in "Industrial Security 
Letter” no. 83L-1 and the next edition of the ISM) will require con- 
tractor employees to report “all questionable or suspicious contacts 
with nationals or representatives of communist countries," i.e., any 
contact “determined to consist of an actual, probable or possible 
hostile intelligence collection effort." Paragraph B, Appendix VII, 
is referenced for assistance in recognizing reportable contacts. 
(Para. 6c will be revised to require relaying of such reports from 
Security Supervisors to DIS and the FBI.) 


` Note of DIS employees 


DIS employees, as well as all Federal employees, are required to 
report improper or suspicious contacts by representatives of any 
foreign interest, just as contractors are required to report. These 
naturally include contacts by communist-country nationals. See 
DIS Regulation 25-5. 

While none of the indicators listed is proof of espionage, any pat- 
tern of conduct on the part of a cleared employee which suggests 
the possibility of improper activity should be reported by supervi- 
sors or managers to the Facility Security Supervisor (under para. 
5af of the JSM). Security Supervisors should report in turn to the 
Defense Investigative Service and the FBI, as called for under 
paras. 6a(1), 6b(1) and 6c. 

Where there is doubt whether information should be reported, it 
should be furnished to the proper authorities for evaluation. Secu- 
rity Supervisors should be aware that in two 1967 cases the U.S. 
Court of Appeals for the 4th Circuit held that a contractor is not . 
liable for defamation of an employee because of reports made to 
the U.S. Government pursuant to the Industrial Security Manual 
(Becker vs. Philco and Taglia vs. Philco, 389 US 979). The Court 
stated in essence that such reports are privileged, since the con- 
tractor in executing the requirements of the Manual dons the 
cloak of a federal official. MER 

Such reports do not of course constitute incrimination in them- 
selves, and adverse action by government activities can only be 
taken with probable cause and due process. But the effectiveness of 
U.S. security and counterintelligence efforts is directly and vitally 
dependent upon early reporting of any possible instances of com- 
promise or espionage. 
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APPENDIX D 


[From the Defense Security Institute Security Awareness Bulletin, December 1985] 


PORTRAIT OF AN UNEASY Spy—CAVANAGH CASE HIGHLIGHTS THE 
VALUE OF Goop SECURITY 


Thomas Cavanagh had secrets to sell. And he made no bones 
about his motive. “I’m after big mony,” he told the prospective 
buyers. “Before our relationship ends, I want to be independently 
wealthy." 

He knew that espionage was a serious crime and knew about sev- 
eral people who had recently been arrested and gone to jail. But in 
order to clear up mounting debts, and make himself rich, the Nor- 
throp engineer was willing to take some chances. 

“They're real security conscious [at Northrop] and all that crap," 
he remarked during one meeting at the Cockatoo Motel near Los 
Angeles. Cavanagh thought he knew how to get around the docu- 
ment controls and random searches at the plant, but he was still 
very worried about being caught. 

What he didn't know was that he had already been caught. The 
"KGB agents" he was meeting with at the Cockatoo and the Lucky 

d in Commerce, California were actually FBI undercover 
agents. 

In December 1984, after three meetings monitored and recorded 
by the Bureau, Cavanagh was arrested and charged with espionage. 

In May 1985 he was sent to prison for life. 

The Thomas Cavanagh case has some comic sidelights, but also 

some serious lessons for counterintelligence and industrial security. 
For the most part it's a success story, both for the FBI, which 
caught him before he could get to the Soviets and for the security 
program which put some real curbs on his ability to damage the 
nation. 
_ Some of the lessons are plain. Above all, the case points up the 
importance of document accountability and reproduction control. 
And it suggests that exit searches can be an effective deterrent to 
espionage activity. i 

In the first part of the article we'll set the scene and tell the 
Story of Cavanagh's encounters with FBI undercover agents, who 
posed as KGB officers speaking Russian and broken English. We'll 
listen in on their conversatioris as Cavanagh discusses what he's up 
against at the Northrop plant and how physical security and docu- 
ment control are cramping his style as a spy. 

Less straight-forward, as always, are the implications for person- 
nel security: adverse information reporting and the psychological 

profile" of the espionage offender. Follow-up investigation con- 
cluded that Cavanagh's supervisors had not neglected their report- 
ing responsibilities and that the reporting program at his facility 
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was satisfactory—although there were some hints in his behavior 
that might seem obvious in hindsight. 

There’s no question about Cavanagh’s main motivation. He 
wanted money, first to clear up current debts, then to make him- 
self “independently wealthy.” But his conversations with the un- 
dercover agents also hint at other contributing motivations—job 
dissatisfaction, disgruntlement with management, social and/or po- 
litical resentments. 

Investigation by the FBI and Defense Investigative Service after 
the arrest revealed further details about Cavanagh’s background 
and personality—for instance, a fraudulent salary claim when he 
first came to work at Northrop and a pattern of impatience and 
indifference regarding rules and procedures. 

In the second half of the article we'll look into Cavanagh's back- 
ground, as revealed through these interviews with former manag- 
ers, supervisors and coworkers. And perhaps glean some insights 
into what brought him to the Cockatoo Motel on that day in De- 
cember, with a classified document stuffed inside his shirt. 


SOME ASPECTS OF THE CAVANAGH CASE REMAIN CLASSIFIED 


We can't discuss how he was originally detected and became in- 
volved in meetings with the undercover agents, since that would 
compromise important investigative methods. But it's significant to 
note—for the benefit of other would-be spies—that someone at- 
DE to contact the KGB can end up in touch with the FBI in- 


And we can't discuss the information which Cavanagh was 
trying to sell. He didn't succeed in selling it, and obviously we 
don't want to give any of it away for free. 

Suffice it to say that he was working on a classified project re- 
quiring Special Access, and he'd been put in for Top Secret clear- 
ance requiring a Background Investigation. He told the "KGB" 
that a substantial down payment on his information would insure 
that excessive indebtedness did not interfere with the clearance up- 
grade leading to even more sensitive access. 

At the first meeting, on December 10, 1984, Cavanagh introduced 
himself to his contacts as Mr. “Peters.” 

Two topics dominated his conversation: his financial problems 
and worries about getting caught. 

He said early in the first meeting: “I’m up for a Top Secret clear- 
ance rating but I won't get that clearance rating because of my bill 
problems. » 

“So somehow we have to come to an agreement, ah, on money. 
He needed several thousand dollars, he said, "just to get the bill 
collectors off my back." 

"Peters" was worried about being caught partly because of the 
recent espionage cases which he had heard about. He mentioned 
Bell, Boyce and "the two people in Sunnyvale" (the Harpers). 

He was worred about leaks "on your end," i.e., U.S. informants 
inside Soviet intelligence, no doubt thinking of the informants 
inside Polish intelligence who helped put Bell and Harper behind 
bars. 

See appendix C on Bell and appendix B on Harper. 
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And he didn't want to talk with his contacts on the telephone— 
"because it's constantly being bugged; they bug it with micro- 
waves." 

But his biggest source of anxiety was the security program at 
No E 
He was extremely concerned about his accountability for docu- 
ments. He wouldn't turn them over to the "KGB" agents, and he 
wanted to get them back to the plant as quickly as possible. 

"[ can't give you the documents and have them back in time. 
They have audits. A guy just came by today and asked me how 
many secret documents I have." Security might open his safe and 
clieck his documents at any time. 

By sheer coincidence, Cavanagh had faced a surprise audit of his 
classified documents on the very day of this first meeting with 
what he thought was the KGB. 

It was strictly a random check by a company security representa- 
tive—who had no suspicion that the material he was reviewing was 
about to be put up for sale to the Soviets. Everything was in order, 
but Cavanagh had been visibly upset, according to coworkers inter- 
viewed after the arrest. 

"What are you messsing around with me for? I've served my 
time in Vietnam," he told the security officer. Cavanagh obviously 
thought twice about what he was doing—although he went ahead 
and did it. But the system of strict accountability put some. impor- 
tant limits on his espionage activities. 

Cavanagh was also hampered by reproduction controls at Nor- 
throp. "You can't run you own copies in the plant. They got that 
regulated too." The agents had to bring in a camera and a portable 
copier and make copies in the motel room. 

Northrop employees were subject to random search of anything 
handcarried in or out of the plant. And Cavanagh was worried 
about that as well. "I had to stick it in my shirt and walk out with 


it. ; 

He couldn't always fit things under his shirt. But he thought he 
could get through the exit searches without detection. The 
searches, he believed, were sufficiently infrequent and predictable 
to be successfully avoided. 


Tougher and tougher and tougher 


When he arrived for a second meeting on December 12, Cavan- 
agh was greeted warmly by his friends at the motel: 
“KGB”: "So, how are you today?” 

_Cavanacu: “Good. But a little nervous because, ah, get- 
ting the documents out is getting tougher and tougher and 
tougher." 

"KGB": "Why tougher?" 

Cav.: "They're real security conscious, and all that crap. 
Okay?" 

“KGB”: “So you were scared?" 

Cav.: “Well not scared, just very careful and apprehen- 


sive. . . . Every once in a while you get somebody that's 
due rr E and wants to look at everything going in 
and out. 
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So the "triple threat" of document accountability, reproduction 
controls and random searches made Cavanagh a very nervous 
spy—very "careful and apprehensive,” as he put it. (And an “ap- 
prehensive" spy is a certain sign of good security, although in this 
case it fell short of total deterrence.) 

Cavanagh was unable to obtain documents without signing for 
them (though he tried to do so, as we will see). 

Making “bootleg” copies was impossible. Northrop Advanced Sys- 
tems Division controls document reproduction through a system of 
"fully-controlled machines." In other words, no self-service. Special 
operators handle all copying machines, under the oversight of secu- 
rity. They make sure that all requirements are met for authoriza- 
tion, marking and accountability. 

Cavanagh was also worried about the entrance and exist 
searches. But he felt that they presented an acceptable risk. 

He didn't get the chance to test this assumption over the long 
run. There's no way of knowing if he could have gotten past the 
guards throughout the “long-term relationship" which he hoped to 
establish with the KGB. But he, and perhaps others, had the per- 
ception that the search system could be beaten. It was a threat, but 
not enough of a threat. 


"It's cash and carry 


During the second meeting (December 12) Cavanagh pressed anx- 
iously for quick payment. “It’s cash and carry cause I’m in debt up 
to my ears. I'm after big money." 

He wanted the several thousand dollars in two days, but the 
"Russians" wouldn't make any promises. 


CavaNAGH: "Is it, is it possible to see money by Friday 


[Dec. 14]. , 
“KGB”: “By Friday, I don't know. By Christmas. . . .” 

Cav.: “Oh God." 

“KGB”: “Oh, you have very, how you say Merry Christ- 
mas. If documents are good.” 

Cav.: “To be honest with you gentlemen, I need it before 
the 25th for security reasons [the Background Investiga- 
tion]. I need that money." 

“KGB”: “Okay, we do our best.” 


They met again on December 18. Right away, Cavanagh asked 
about the money. The agents had the money. And an arrest war- 
rant. 


“KGB”: “So, ah, how do you do today? Good to see you.” 
CAVANAGH: “Okay, okay. Any word on the cash?" 
“KGB”: “Oh we got good surprise for you today.” 

Cav.: “Okay, okay. Am I gonna get it today?" 

“KGB”: “Da da, yes." 

Cavanagh showed them the documents he had brought along, 
and they struggled to make the portable copier function properly. 
He spoke of his financial bind. He was bitter that he couldn't get a 
business loan for his AMWAY distributionship, while Vietnamese 
immigrants, he felt, easily got money for fishing operations. 
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The agents suggested that future meetings be held outside the 
United States. But Cavanagh didn't want to keep his documents 
out that long. Besides, unexplained foreign travel might “flag” his 
activities with security. 

Cavanagh was a gun collector and showed the agents a .45 cali- 
ber pistol he was carrying, because he was "nervous." Earlier he 
had warned the “Soviets” against carrying firearms (“No guns, no 
guns, all right, no guns.") They discussed guns and hunting. One 
agent took the gun to admire it, and then quietly held on to it. ` 
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A long-term relationship 


After copying the documents, the agents handed Cavanagh the 
payment in small bills. He counted it eagerly. He wanted to have 
monthly meetings, he said, with substantial payment each time. 

It should be worth it to them, "because billions of dollars worth 
of research went into those drawings. Billions!" Of course he didn't 
want to be “too greedy.” “You know, if we play it right, it's a long- 
term relationship." : 

Cavanagh complained that bill collectors were calling him at 
work. "It's demeaning, degrading, cause everybody knows your 
business, you know?" “Of course, must be problem," one agent 
sympathized. 

Cavanagh added: “I’m bitter because I worked hard for the com- 
pany and sometimes politics plays a big role in getting ahead." 

As they finished their business Cavanagh heard a noise outside. 

"It must be the maid, or perhaps the pipes, " one agent said. “It 
wouldn't be bad just to look out the door," said "Peters." The agent 
looked out. “It is nothing." 

But then a knock. The door was opened again. “FBI! Freeze, 
don't move!" 

Cavanagh was arrested and charged with two counts of espio- 
nage. He was sentenced, on May 23, 1985, to two concurrent life 
terms in prison. 


Postmortem 


Espionage which threatens U.S. national security is never cause 
for celebration. But this case is, at least relatively, a success story. 
The F.B.I. caught Cavanagh before he reached the Soviets. And 
Northrop security did its job in curbing the range of his activities, 
through document accountability and control—and effective en- 
forcement of need-to-know. 

Particularly notable is the taming of the "Xerox" machine. 
Ready access to photo reproduction is popularly thought to have 
made document control obsolete. 

But the copiers at Northrop were effectively controlled, so Ca- 
vanagh was forced to use original documents which were under ac- 
countability. This exposed him to detection through random audits, 
and it limited both the number of documents he could compromise 


is E length of time he was willing to keep them outside the 
plant. : 
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REASONS AND REVELATIONS 


Greed and indebtedness were the major motivations for Cavan- 
agh. But there were other, more subtle, influences at work as well. 

After the arrest, Cavanagh's activities, behavior and background 
were naturally probed in detail by both the FBI and Defense Inves- 
tigative Service. We've already looked at Cavanagh's brief and very 
unsuccessful career as a spy. 

What follows is the story of his career as a technician and engi- 
neer, with the U.S. Navy and three of the country's biggest aero- 
space companies. That career wasn't as successful as Cavanagh ap- 
parently thought it should have been. 

' Disappointment with his advancement both professionally and fi- 
nancially seems to have played a major role in the psychological 
lead-in to espionage. 


Prologue 


At the time of his arrest in late 1984, Cavanagh, 40 years old, 
was earning about $40,000 as an Engineer Specialist with the Ad- 
vanced Systems Division of Northrop Corporation, Pico Rivera, 
California. He had begun his technical career as an Interior Com- 
munications specialist for four years in the Navy, leaving the serv- 
ice in 1967 as a Petty Officer Third Class. Between 1967 and 1978 
he attended Cerritos Junior College, ultimately earning an Associ- 
ate Degree. 

He was married and had two sons, born in 1967 and 1968. 


Rockwell and Hughes 


He worked for North American Rockwell for about a year (July 
'68 to August '69) and then went to work for Hughes Aircraft Com- 
pany, El Segundo, California. While at Hughes, Cavanagh was pro- 
moted from technician to “Research Associate." But he was unable 
to attain full status as an engineer without a four-year degree. 

Records and recollections at Hughes didn't reflect anything par- 
ticularly distinguished or out of the ordinary about Cavanagh. One 
supervisor recalled him as high-strung and temperamental but gen- 
erally manageable. Another had found him likeable and easy to get 
along with. . ` 

But a third former boss said Cavanagh had problems dealing 
with people and recalled a heated argument in which he seemed on 
the verge of physical violence. . 

Cavanagh had once been formally counselled for tardiness and 
had been placed on a one-year probation for parking violations. His 
salary had been attached on three occasions, for debts of $125 or 
less. 

He was very “money motivated," said one coworker. And he had 
a high opinion of his own skills and abilities. But he was unlikely 
to advance very far at Hughes, even apart from the lack of an engi- 
neering degree. Most coworkers assessed his professional abilities 
as fair-to-middling at best. His technical skills were “reasonably 
good," according to one supervisor. Another, more typically, rated 
him as a marginal electronics technician and better suited to me- 


chanical assembly. . . 
Cavanagh held a Secret clearance while working at Hughes. 
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Northrop: He hoodwinked us | 


In November 1981, Cavanagh made the jump to full engineer 
status when he joined Northrop Electronics Division in Hawthorne, 
Califorinia. Northrop gave him a substantial raise and the title of 
"Senior Engineer," on the basis of over ten year's experience as an 
electronics technician—and also due to Cavanagh's ability to sell 
himself despite a marginal record at Hughes. 

But the size of the raise which Northrop gave him was based 
upon an inflated claim of final base pay at Hughes. Several co- 
workers at his former office were aware that he had presented 
Northrop with a pay slip reflecting substantial unitemized over- 
time, claiming the total amount as base salary for the pay period.. 
Northrop Personnel Office accepted the claim, although one of Ca- 
vanagh's managers was pretty sure that he had “hood-winked us.” 

Cavanagh’s Secret clearance was transferred from Hughes and 
he was assigned to work on automatic test equipment for the F-5 
aircraft. At Northrop, Cavanagh generally held supervisory posi- 
tions, even though here again his technical abilities were generally 
rated as marginal. 

He had a "dynamic"—sometimes “brash’”—personality, accord- 
ing to one coworker. His assertiveness evidently commended him to 
management as a potential leader, but it also led to some interper- 
sonal problems on the job. 

On his first assignment, supervising integration of test equip- 
ment for the F-5 project, Cavanagh’s managers rated his engineer- 
ing skills below par. One supervisor later recalled that he seemed 
better suited to a technician’s role. He was “in over his head tech- 
nically,” said one coworker, but he had a “big ego” and “radiated 
confidence” in his own abilities. 

lleagues remembered him as a frequent complainer with a 
short temper. A couple of incidents had led to threatening remarks 
(“TI knock her block off," and the like). Once he slammed a door 
into the back of a supervisor who was leaving the room after a 
heated exchange. 


New assignment 


In mid-1982 the F-5 project closed down and Cavanagh was given 
a less technically demanding assignment. One manager recalled 
that he took the downgrade in stride (there was no cut in pay), but © 
he showed little enthusiasm for the new project. He was more 

paper oriented” than the assignment required and “didn’t like to 
get his hands dirty." 

Part of his job involved computer maintenance, but he frequently 
called in the manufacturer's technician without really trying to fix 
a problem himself. Cavanagh viewed himself as a supervisor, one 
manager remarked, when the job really called for a “doer.” 

. agers and co-workers had seen no signs of major financial 
difficulties while Cavanagh worked in the Electronics Division. He 
wore good clothes and had a gun collection and two Corvettes (mid- 
10's vintage)—but nothing really out of line for someone making in 
the neighborhood of $40,000 per year. He asked for an early pay- 
check on a couple of occasions. During 1982 he took about $1000 as 
an advance on a trip to Beaverton, Oregon for a technical training 
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course. He apparently had trouble repaying what was due when he 
returned and was contacted several times by the finance office. He 
sometimes complained casually about owing money to unspecified 
creditors. But, in all, his co-workers had no reason to suspect sub- 
stantial problems. 

Cavanagh was separated from his wife at about this time (1982). 
He had no really close friends at Northrop and co-workers were 
unsure about the exact timing and details of his marital difficul- 
ties. But it was generally known that he had begun an affair with 
another woman during the trip to Oregon. After he moved out of 
the family house, the Beaverton woman came down to California to 
live with him in an apartment. 

In January of 1984 Cavanagh was transferred on loan with sever- 
al other engineers to an urgent and sensitive project in Northrop's 
Advanced Systems Division (ASD) in Pico Rivera. Cavanagh was 
one of the first to be chosen to go, according to one manager. Su- 
pervisors had agreed that he was more troublesome personally 
than he was worth technically. 


Last stop 


And again at ASD he ran into personal difficulties and soon had 
a reputation as a "chronic complainer." He had at least one heated 
exchange with his first supervisor, and co-workers recalled other 
“loud and nasty" remarks. He frequently objected that others were 
IUE promotions and raises while he was getting less than his 

ue. 

A subsequent supervisor at ASD recalled that Cavanagh was 
careless and impatient with controls and procedures and had an in- 
flated view of his own capabilities. But this manger thought Cavan- 
agh might respond to additional responsibility, so he placed him 
once again in a supervisory position, as a lead engineer—his final 
assi ent prior to the arrest in December 1984. 

D management personnel interviewed after the arrest suggest- 
ed that Cavanagh had some problems with administration and 
working with others but was improving in those areas. Again his 
engineering skills were called into question, but he seemed to be 
meeting basic expectations. 

In this last assignment Cavanagh seemed to be generally well- 
liked by co-workers and subordinates. He regularly bowled and 
played softball with groups from the office. 

One engineer who worked for him said that Cavanagh was the 
“clown” of their group. Everyone had laughed when, shortly before 
his arrest, he asked if he could deposit $10,000 in a bank without 
alerting the IRS. 


Financial brinksmanship 


Co-workers at ASD had a general idea that Cavanagh was finan- 
cially pressed. Most attributed this to his separation and divorce. 
One colleague recalled being mildly surprised when Cavanagh 
bought another car (1984 Blazer). He was upset in November 1984 
about a raise which he considered inadequate. At about that time 
he had asked the company to pay him a $3000 referral bonus for 
his own employment. (They didn’t.) 
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One colleague remembered that Cavanagh seemed to have a lot 
of credit cards. And a couple of people mentioned a recent two- 
week Club Med vacation in Mexico. 

Cavanagh complained to the undercover agents that "everybody" 
knew his business. But in fact no one had any idea of the extent of 
his indebtedness. 

When investigators reviewed Cavanagh's financial records, they 
found about 25 outstanding credit accounts, including two Ameri- 
can Express cards (one green, one gold), two Master Card accounts 

` and five Visa cards. In December 1984 his balance with Club Med 
was almost $17,000. 

Overall, he owed more than $41,000, in addition to a $98,000 
mortgage. He had managed to make most of his payments so far, 
and none of the creditors had yet taken legal action. But there 
were several past due notices and he clearly had more debt than he 
could manage for much longer. 

Looking for loopholes 

Several former supervisors remarked that Cavanagh often tried 
to “test” the system, to see how far he could bend the rules. But he 
generally fell into line when counselled or confronted. 

This pattern held true in his handling of classified material.. At 
the Advanced Systems Division Cavanagh regularly obtained classi- 
fied documents from two control stations. The document control : 
people at both locations remembered having trouble with him. He 
would often pull documents from the cabinet himself, which many 
employees did during busy periods. 

But Cavanagh would sometimes try to walk out without signing 
a receipt. When challenged he would plead absent-mindedness or 
simply treat the process as a joke. 

e control clerks learned to keep an eye on him. And they ap- 
parently succeeded in keeping tabs on his documents. All the clas- 
sified items which Cavanagh handed over to the undercover agents 
were duly signed for—hence his anxiety to get them back to the 
plant as quickly as possible. 

Cavanagh's attempts to disregard and dismiss security require- 
ments are typical of an attitude which is frequently encountered, 
perhaps most frequently among senior executives or "technical 
os who feel they have a claim to special exemption from the 

es. 

Security Awareness Bulletin #2-85 (December 1984) describes 
several cases of this kind, in an article entitled “Above the Law.” 
These were cases of security violations which did not—so far as we 
know—involve actual espionage. But they still involved compro- 
mise and potential damage to national security. 

Cavanagh was not allowed to circumvent the system. But his 
d is a reminder of just how dangerous this kind of attitude can 


No easy answers 


The "typical" spy has yet to be discovered and the behavioral 
profile that will let us recognize one every time has P bey to be in- 


Meam The psychology of espionage is not a source o tidy conclu- 
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. But Cavanagh shows some traits which we've encountered before 
in other spy cases. Job and career dissatisfaction is a big one, espe- 
cially when it involves a sense of resentment toward the organiza- 
tion. Financial difficulties and/or irresponsibility are old standbys. 
Cavanagh, in addition, showed some tendency to violent or disrup- 
tive behavior, some instances of dishonesty and a general lack of 
respect for authority and procedural process. 

Still, none of this rose to the level where supervisors considered 
reporting it for security purposes. Cavanagh was not a model citi- 
zen, but his behavior was well within normal, or at least tolerable, 
limits—until, quite suddenly by all indications, he went over the 
edge and tried to sell out the country to make himself rich. 

How do we distinguish the Cavanaghs, before the fact, from the 
many other cleared people who are simply having difficulties with 
life's normal trials and tribulations? 

Unfortunately, we don't often distinguish them, until after the 
fact. And we can't—until and unless we know a lot more about 
human psychology. 

But we can protect the documents and the information, as North- 
rup did, by applying the proper measures for accountability and 
control, as well as physical safeguards. None of that will prevent 
espionage. A clearance, like any other kind of trust, always carries 
the potential for betrayal. But controls can make spying a lot 
tougher and a lot more expensive and a lot more risky. 

Mr. Cavanagh took the risk and lost. He'll be in prison for a long 
ne Others will be that much more reluctant to take the same 
chances. 
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APPENDIX E 


Unrrep States District Court, EASTERN District or New York 
AND SOUTHERN District or NEw YORK 


UNITED STATES OF AMERICA 
AGAINST 
1. GENNADIY FEDOROVICH ZAKHAROV, DEFENDANT, 


2. PREMISES KNOWN AND DESCRIBED AS THE SECOND FLOOR APART- 
MENT OF A Two-FAMiLY RESIDENCE LocATED AT 6019 TYNDALL 
AVENUE Bronx, NEW YORK; AND 


3. ONE 1982 BLUE PLYMOUTH RELIANT BEARING New York LICENSE 
PLATE 2281-ASJ 


Affidavit for an Arrest Warrant and Search Warrant 


(T. 18, U.S.C. § 794(c) 


EasTrERN District oF New York, SOUTHERN District or New 
YORK, ss: 


Daniel K. Sayner, being duly sworn, deposes and says that he is 
a Special Agent of the Federal Bureau of Investigation, duly ap- ` 
pointed according to law and acting as such. 

In or about and between April 1983, to and including the date of 
this affidavit, both dates being approximate and inclusive, within 
the Eastern District of New York and elsewhere, the defendant 
Gennadiy Fedorovich Zakharov (hereinafter "Zakharov") did know- 
ingly and willfully combine, conspire and agree together with 
others known and unknown, to communicate, deliver, transmit and 
attempt to communicate, deliver and transmit to a foreign govern- 
ment, to wit, the Soviet Union, directly and indirectly, documents, 
writings, code books, instruments and other information relating to 
the national defense with the intent and reason to believe that it 
was to be used to the injury of the United States and to the advan- 
tage of a foreign nation, in violation of Title 18, United States 
Code, Section 794(a). 


OVERT ACTS 


In furtherance of the conspiracy and to effect the objects thereof, 
the following overt acts, among others, were committed in the 
Eastern District of New York and elsewhere: 

1. On or about May 10, 1986, the defendant Zakharov met with a 
confidential source (hereinafter “CS”) in Queens, New York, and 
entered into an agreement with “CS” whereby “CS” would be re- 
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quired to obtain classified information relating to the national de- 
fense for Zakharov and the Soviet Union. The defendant Zakharov 
made a payment to “CS” of a sum of money at this meeting. 

2. On or about August 2, 1986, the defendant Zakharov met with 
“CS” in Queens, New York, and assigned “CS” the task of surrepti- 
tiously copying documents kept in a locked safe at '"CS's" place of 
employment, a manufacturer of precision components for use in 
the engines of military aircraft and in radars, so that Zakharov 
could determine the importance of the information contained in 
the documents. 


(Title 18, United States Code, Section 794(c)) 


Upon information and belief, there is presently concealed within 
the premises known and described as: (1) The second floor apart- 
ment of a two family residence located at 6019 Tyndall Avenue, 
Bronx, New York (hereinafter the '"Premises") and (2) One 1982 
blue Plymouth Reliant bearing New York license plate 2281-ASJ 
property; namely, 1) espionage paraphernalia including a) devices 
used to conceal and transmit classified and intelligence informa- 
tion; b) materials utilized by espionage agents to communicate 
among each other and with a foreign government; to wit, coded 
pads; secret writing paper; greeting cards and other documents con- 
taining microdots; microfiche and instructions in the use of the ma- 
terials; recording and electronic transmittal equipment; and c) 
chemicals used to develop coded or secret messages; 2) books, 
records, documents and papers which reflect a) identities of foreign 
espionage agents; b) financial transactions including payments 
made to foreign espionage agents; c) telephone records reflecting 
contact among foreign espionage agents; 3) fingerprints of various 
persons who have visited or been at the Premises; and 4) other doc- 
uments and paraphernalia that refer or relate to Zakharov's activi- 
ties as an espionage agent. The aforedescribed property constitutes 
evidence of a violation of Title 18, United States Code, Section 
794(c), to wit, conspiracy to transmit, deliver and communicate doc- 
uments and information relating to the national defense to a for- 
eign government with the intent or reason to believe that it is to 
be used to the injury of the United States and to the advantage of 
a foreign nation. 

The source of your deponent's information and the grounds for 
his belief are: 

1. “CS” is an individual known to your deponent to be a confi- 
dential source working for the Federal Bureau of Investigation. 
“CS” has provided information to your deponent for approximately 
the last one and one-half years regarding the defendant Zakharov's 
contacts with "CS" and has provided information to other agents 
since in or about April of 1983 regarding the defendant Zakharov's 
contacts. The majority of the meetings between the defendant Zak- 
harov and “CS” described below which occurred from March of 
1985 to August 2, 1986 have been tape recorded. The recordings 
corroborate “CS’s” accounts of his meetings with Zakharov. In ad- 
dition, surveillance agents of the Federal Bureau of Investigation 
have observed numerous meetings between Zakharov and "CS". 
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2. "CS" has informed agents of the Federal Bureau of Investiga- 
tion that in April 1983, "CS" was approached by Zakharov on the 
campus of Queens College, New York, where “CS” was a third-year 
student majoring in computer sciences. Zarharov did not identify 
himself as a Soviet, but did tell “CS” that he worked at the United 
Nations doing scientific research. Zakharov requested '"CS's" help 
in obtaining material of robotics and computer technology. Zakhar- 
ov offered to pay “CS” a sum of money for "research time" neces- 
sary to obtain unclassified microfiche from local university librar- 
ies. At this first meeting Zakharov gave “CS” a list of specific 
microfiche relating to robotics and computers that “CS” was to 
obtain for Zakharaov. A second meeting was scheduled. 

3. On or about May 3, 1983, a second meeting occurred between 

"CS" and the defendant Zakharov. During this second meeting, 
Zakharov identified himself as a Soviet and paid "CS" a sum of 
money even though “CS” had not located any material for Zakhar- 
ov. 
4. During the period from May 1983 to March 1985, Zakharov 
met with “CS” on numerous occasions, most often in Queens, New 
York, but also occasionally in Brooklyn, New York. In compliance 
with Zakharov’s instructions during this period of time, "CS" 
would steal unclassified microfiche from various libraries and in- 
formation centers and provide the microfiche to Zakharov. Zakhar- 
ov continued to pay ''CS" for his services. 

5. As "CS's" graduation from Queens College approached in Jan- 
uary 1985, the defendant Zakharov regularly encouraged “CS” to 
apply for a job with a high tech company. Zakharov paid “CS” to 
have professional résumés prepared to assist “CS” in obtaining 
such employment. Additionally, Zakharov advised “CS”, in sub- 
stance, that the Soviets would be willing to pay for educational ex- 
penses if “CS” wanted to go to graduate school. 

6. During the period from in or about March 1985 through in or 
about May 1985, the defendant Zakharov discussed with “CS”, 
among other topics, emergency meeting procedures, development of 
drop, sites for the transfer of documents between Zakharov and 

and emergency signaling procedures. Zakharov further ad- 
vised "CS", in substance, that he wanted to have a longterm rela- 
tionship with “CS” and that “CS” should not be in this type of ac- 
tivity entirely for money but also to hurt America. 

T. In or about September 1985, “CS” became employed at a com- 
pany located in Queens, New York (hereinafter the "Company". 
The Company manufactures unclassified precision components for 
use in military aircraft engines and in radars that are assembled 
by major defense contractors such as the Bendix Corporation and 
General Electric Corporation. 

8. After “CS” began working for the Company, Zakharov’s em- 
phasis in the gathering of information shifted from seeking unclas- 
sified microfiche on technical subjects such as robotics, computers 
and artificial intelligence to seeking documents from the Company 
relating to the Company’s manufacturing activities. For instance, 
on or about January 18, 1986, Zakharov instructed “CS” to photo- 
copy the first few pages of the operating manuals for the machines 
that the Company uses to manufacture its military aircraft compo- 
nents. Zakharov stated to “CS”, in substance, that by knowing the 
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type of machines the company uses, his "Institute" would be able 

- to determine specifically what the Company manufactures. Zakhar- 
ov also cautioned “CS” at this time that their relationship was no 
longer as innocent as it had been previously and that no one 
should know of their relationship. Your deponent believes that the 
"Institute" is a term that Zakharov uses to refer to his superiors in 
the United States and Moscow. 

9. On or about March 15, 1986, the defendant Zakharov met with 
“CS” in Queens, New York. At this meeting, “CS” provided Zak- 
harov with unclassified documents pertaining generally to the 
maintenance and manufacture of components of military aircraft 
engines. At this meeting, Zakharov asked “CS” if any materials at 
the Company to which he might have access were classified. Zak- 
harov further discussed with “CS”, in substance, whether “CS” 
would like to enter into an agreement with Zakharov pertaining to 
their clandestine relationship. At this meeting, Zakharov made 
payment of a sum of money to “CS”. 

10. On or about April 20, 1986, Zakharov met with "CS" in 

eens, New York. At this meeting, Zakharov stated, in substance, 

t before Zakharov could make payment to “CS” for delivery of 
documents and information, Zakharov would first have to send the 
material to Moscow for their review. 

1l. During a meeting on May 10, 1986, which occurred on a 
subway platform in Queens, New York, Zakharov dicated an agree- 
ment to “CS” whereby “CS” would continue to work for the Soviets 
for a period of ten years, after which the agreement could be recon- 
sidered and renegotiated. The agreement dictated Uu Zakharov to 
“CS” specifically included a provision that “CS” would be required, 
as part of his assignments, to obtain classified material for the So- 
viets which could not be obtained by a citizen of the USSR. The 

eement entered into between Zakharov and “CS” further pro- 
vided that the amount of payment to ''CS" for his services would 
be based on the quality and quantity of the information provided 
by “CS”. As Zakharov dictated the agreement, “CS” wrote it out on 
a piece of paper. “CS” then signed the agreement and handed it to 
akharov who retained possession of the agreement. Zakharov 
made a payment to “CS” of a sum of money at this meeting. 

12. On or about May 31, 1986, the defendant Zakharov again met 
with “CS” in Queens, New York. During this meeting, Zakharov 
asked “CS”, in substance, if any of the documents maintained in 
the Company’s safe were stamped confidential or were restricted in 
any manner. Zakharov further urged caution on the part of "CS" 
in entering the Company's safe. Zakharov also requested that “CS 
remain unmarried. 

13. Shortly after this meeting, the defendant Zakharov travelled 
to the Soviet Unon where he remained until on or about July 20, 
1986. 
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14. Upon Zakharov's return to the United States, he again met 
with “CS” in Queens, New York on or about August 2, 1986. At 
this meeting, Zakharov told “CS” that the "Institute" recommend- 
ed that “CS” attend Queens College initially and then transfer to 
Brooklyn Polytechnic Insitute at a later time. Zakharov further 
stated, in substance, that he would pay "CS" a sum of money for 
graduate school plus additional expenses at their next meeting. 
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15. Also during this meeting of August 2, 1986, the defendant 
Zakharov sought more information from “CS” about "CS's" em- 
plo ent and, specifically, about the safe located at the Company. 
CS informed Zakharov that he had seen documents in the safe 
that bore the designations “(C), (U) or (O),” but that “CS” did not 
know what these designations meant. Zakharov instructed “CS”, in 
substance, to attempt to copy some of the documents in the safe so 
Zakharov could determine if the material was important. 

16. Investigation has disclosed that the defendant Zakharov cur- 
rently resides at the premises and has resided there for over three 
years. On two occasions in 1986 on which Zakharov met with “CS”, 
surveillance agents first observed Zakharov depart from the prem- 
ises carrying a shoulder-strap gym-style bag. On both occasions, 
Zakharov was observed entering a 1982 blue Plymouth Reliant 
bearing New York license plate 2281-ASJ and driving off. On one. 
of these occasions surveillance agents followed Zakharov and ob- 
served Zakharov drive the Plymouth Reliant to a location, park, 
exit the car and walk in the direction of a subway station, all the 
while carrying the shoulder-strap gym-style bag. On both of the oc- 
casions on which Zakharov was observed leaving the premises, Zak- 
harov subsequently arrived at the designated meeting place carry- 
ing what appeared to be the same shoulder bag and met with “CS”. 
Also on various occasions, Zakharov has mentioned to “CS” that he 
(Zakharov) has parked his car in Manhattan prior to meeting with 
"CS". Zakharov uses the shoulder bag to conceal documents provid- 
ed to him by “CS” at their meetings. In your deponent's experi- 
ence, automobiles used by espionage agents often contain counter- 
surveillance devices, such as scanners. 

17. Investigation by agents of the FBI has determined that the 
defendant Zakharov is employed in the United States as a Scientif- 
ic Affairs Officer assigned to the Center for Science and Technolo- 
g for Development at the United Nations Secretariat in New 
i e He has been in the United States since in or about December 


18. Your deponent has been assigned to the Foreign Counterin- 
telligence Squad in New York City for the past two years. During 
this period of time, I have worked on more than a dozen cases in- 
volving Soviet and East European intelligence service operations 
and have therefore become thoroughly familiar with tactics, meth- 
ods and operational techniques of the intelligence services of these 
countries. In your deponent's experience, and based on information 
provided to your deponent by other officials in the Foreign Coun- 
terintelligence area, Soviet and East European Intelligence agents 
utilize espionage paraphernalia including devices designed to con- 
ceal and transmit classified and intelligence information, materials 
used by espionage agents to communicate among each other and 
with a foreign government to wit, coded pads, secret writing paper, 
greeting cards and ocher documents containing microdots, micro- 
fiche together with instructions in the use of these materials, re- 
cording and electronic transmittal equipment, chemicals used to 
develop coded or secret messages; and books, records, documents 
and papers which reflect: a) the identities of foreign espionage 
agents; b) financial transactions including payments made to for- 
eign espionage agents; and c) telephone records reflecting contact 
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among foreign espionage agents. It is also your deponent's experi- 
ence that these materials are kept in safe houses and residences 
used by intelligence agents. Based upon the facts set forth above, it 
is your deponent's belief that the defendant Zakharov is a Soviet 
intelligence agent conducting espionage activities in the United 
States. Moreover, the investigation has established, as described 
above, that the premises known and described as the second floor 
apartment of a two-family residence located at 6019 Tyndall 
Avenue, Bronx, New York and one blue 1982 Plymouth Reliant 
bearing New York license plate 2281-ASJ are being used by an 
agent of Soviet Intelligence in the conduct of his espionage activi- 
ties. 

19. Agents of the Federal Bureau of Investigation presently plan 
to arrest the defendant Zakharov on Saturday, August 23, 1986, 
after he has received the latest batch of documents from “CS”. It is 
anticipated that the arrest will occur on or after 4:00 p.m. on Sat- 
urday. Your deponent fears that confederates of the defendant Zak- 
harov will be warned of the arrest when Zakharov fails to return 
promptly from the meeting and may attempt to destroy evidence of 
the conspiracy at the location to be searched. Therefore, your depo- 
nent requests that authority be given for agents to execute the 
warrant at any time of the day or night. 

Wherefore, your deponent respectfully requests (1) that a war- 
rant issue for the arrest of the defendant Gennadiy Fedorovich 
Zakharov, so that he may be dealt with according to law; (2) that a 
warrant issue allowing your deponent or any Special Agent of the 
FBI with proper assistance to enter at any time of the day or night 
the premises known and described as the second floor apartment of 
a two-family residence located at 6019 Tyndall Avenue, Bronx, New 
York and therein to search for property; namely, 1) espionage para- 
phernalia including a) devices used to conceal and transmit classi- 
fied and intelligence information; b) materials utilized by espionage 
agents to communicate among each other and with a foreign gov- 
ernment to wit, coded pads; secret writing paper; greeting cards 
and other documents containing microdots; microfiche and instruc- 
tions in the use of these materials; recording and electronic trans- 
mittal equipment; c) and chemicals used to develop coded or secret 
messages; 2) books, records, documents and papers which reflect a) 
identities of foreign espionage agents; b) financial transactions in- 
cluding payments made to foreign espionage agents; c) telephone 
records reflecting contact among foreign espionage agents; 3) fin- 
gerprints of various persons who have visited or been at the apart- 
ment; and 4) other documents and paraphernalia that refer or 
relate to Zakharov's activities as an espionage agent. 

DANIEL K. SAYNER, 
Special Agent, Federal Bureau of Investigation. 


Sworn to before me this 22nd day of August, 1986. 
United States Magistrate, Eastern District of New York. 
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APPENDIX F 
united »3tates 
Information 
Agency 
wasmagiss OC 20547 April 29, 1986 
- 


Senator David Üurenberger 
375 RSOB 
Washington, D.C. 20510 


Oaar Senator MM = ORG: R. 
Now thet there is conclusive evidence E n of a 


Chernobyl nuclear power plant reactor produced a considerable 
quantity of radioactive fallout, wa shave 9 jchance to utilize 
this fact for propaganda purposes. : Furthermore, it is good for 
us thet Moscow h has made no official statement on tho, event. 


Therefore we suggest that followingtatens ould be taken: " 


- Reporte should be Spread by our: ‘eeeocistps in European 
information medie giving the public the details of Chernobyl 
disaster: MT : i oR Ay ? 
+. 5% ` ; : 
e number of victims should be ‘alleged to ‘be somewhere” 
between 2,000 and 3000, E" 4 
a - n 
@ mase evacuation of population from the 190-mi le zonos $ 


a 
f 


a iraispart probleme, shortato “of vertous asadi cheos, x 
and panic, should aleo be given publicity; . ES 

w appropriate illustrations and tope fates should bo 
provided, 


g campaign dpourd ba orgenized by usta ud ‘who should 
aloo supply the. ‘materiel seeded: B ` 
-"In view of ‘the forthcoming Toky — dats should be 
(m 5 
issued, by the soven leaders. 


~ Considering the facts about tha increased air pollution, 
our ‘allies should:-be recommended to stop imports of food and 
other commodities from Eastern bloc. 

Our allies should be influenced eo as to make a request 
for compensation for contamination of their territory. 


We will keep you informed of any future measures. x 


s, 


Best regards, 
-Herbert Romerstein 


Senior Policy Officer 
om Soviet Active Measures 
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C'nited States 
Information 
Agency 
Wastingten D C. 20547 < 
August 16, 1985 USIA 


Dear General Schweitzer: 
Enclosed is a copy of the forgery attributed to you. 
We are able to draw some conclusions at this time. 


1. The copy of the forgery in our possession was placed on the 
desk of an Italian journalist by an unknown person. It was in 

a plain white envelope. This method of surfacing a forgery is 

a well-known Soviet technique. 


2. Based on information supplied by General Schweitzer, USIS 
Rome was able to convince the journalist that the letter was a 
forgery. As a result the perpetrators were compelled to use a 
Guatemalan "news service" known to be associated with the Cuban- 
Nicaraguan-backed insurgents to provide credibility to the 
Italian news agency that surfaced the forgery. This revealed 
the Cuban-Nicaraguan hand in the forgery. 


3. General Schweitzer's evidence, provided to the Italian 
press service, was widely distributed both by them and USIA. 
Thus, the facts about the forgery are now well-known. Such 
exposes raise the cost to the forgers. 


The following are preliminary findings of an unofficial but 
expert forensic examination of the forgery: 


1. Paper: Not common in America. 


2. Text: Possibly, the letterhead and the text were all 
printed on one machine, although it is difficult to determine 
from a copy. The letterhead does not appear to be “spliced” on. 


3. Signature: Because the letter is a photocopy and the note 
provided was signed with a felt-tip pen it is difficult to say 
anything about the signature. However, it appears to be well 
executed. Lab would need several samples of the General's 
signature to determine such things as where he signs his name 
in relation to the signature bloc. 


4. Comments: Based upon a cursory examination, it appears the 
document is an excellent forgery. 


A Linguistic examination of the forgery is now being done. 
Lt. General Robert L. Schweitzer 
Inter-American Defense Board 


2600 16th St., N.W. 
Washington, D.C. 20441 
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-2. 


I am sorry that I did not get back to you earlier on this 
matter. We will continue to pursue this forgery and will keep 
you advised as we gain additional information. 


Best regard 
' Herbert we 


Senior Policy Officer 
on Soviet Active Measures 


Enclosure: Letter 
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INTER-AMERICAN DEFENSE: BOARD 
2600 - I th Street, N V. 
Washington, D.C. 20411 


25 de febrero de 1985 


Su Excelencie 

Augusto Pinochet Ugecce >» 
'"Fresidentp de ln República de Chi 
Cap. Grol, peliejéecito 


nurus F RG E Ry 


Eacimado Sr. Prasidente: 


Me complace informar e Su Excelencio que la encrega ^ Chile del nuevo 
acmamento solicitado serS decidida en el máe corto plazo. Me ha causando 
agrado el saber, a cravés dal Sr.Mocley, que usted ha mostrado vivo inte-- 
rës por amplier nuestra cooperación en el terreno militar. "Estimamos su 
profundo comprensión de las patticulorídades de la nueve situación inter- 
nacional y de las iniciotivae del presidente Rcogan, encauredse e fortele- 
coe nuestra Capacidad defensive común, 


Quisicea aeeçuror a Su Excelencia que seruirá usted contando con 
nuestro decidido apoyo en sue cefucrzos por forcalecer la libarced y je 
democracia en Chile. 


Con respecto a nuesatres acciones conjuntas cn América Control, qui- 
asiera sugerirle le convéniencis de que lae primeras unidades chilenes ecen 
trasladadas o El Salvador y Honduras ya en marzo. Nuestros representantes 
en dichos países recibirán instrucciones dentro de dos semanas. Junto con 
eu Cepresencante tractaremos los demás problemas de nuestra cooperación en 
vna de les próximas reuniones de is JID. 


Con loe mejore« testimonios de mi min alca consideroción y estima 
peraonal hacia Su Excelencia, ealuda a usted 


Muy atentomente, 


Ke C Shue: 


ROBERT L. SCHWEITZER 
Lieutenant Generol, U.S. Army 
Presidente 


JUD SERTO 
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APPENDIX G 
Drart SENATE SECURITY MANUAL 


FOREWORD 


The United States Senate is obligated to safeguard the classified 
information we obtain and produce as a result of our legislative ac- 
tivities. To ensure that the Senate lives up to its obligations, this 
manual is published to establish uniform security practices. within 


the Senate. 
| TABLE OF CONTENTS 
SECTION I. GENERAL ..........csccessssssssssssesesscssssorscosssecsescsencsessoeacasscusosseeaceesensseeseneneeess 146 
jm. ————————————— — A 146 
2. Designation of Senate Office of Security ....................... sss m 
gs. scassississsscasissesssssssssscsescssssseesczcsssasesesaczeessssaessecscseisssssnsascesisisessabsasususcessene 
SECTION II. HANDLING OF CLASSIFIED INFORMATION ....................... 147 
BM. ——————————— 147 
2. Classification ———— 147 
3. Marking Classified Material ..................-csssssscssssssessecensecensssctseeesarscarseseesesees 148 
4. Record of Classified Material........................... .. 148 
5. Inventory? Accounting of Classified Material .......... 149 
6. Special uirements for Secret and Top Secret... .. 149 
T. Storage and Certification....................... sse .. 149 
8. Safeguards During Use ...... .. 150 
9. Transmission 150 
10. Reproduction s 150 
11. Exemptions.................. esent 151 
SECTION III. PERSONNEL SECURITY . 151 
L.Ge mera iississssi.n.ccssesessnsescesscasconssaccevsesseseseesss 151 
2. Clearance Standards for Senate Staff... .. 5l 
8. Investigative Requirements...................... we — 151 
4. Consultants or Contract Personnel................................ .. 15 
5. Denials and Terminations of Security Clearances...... 152 
6. Reinvestigation and Revalidation Program ................. 152 
T. Secrecy Agreements... 152 
8. Security Violations ............................ 153 
9. Penalties for Breaches of Security...... 153 
10. Security Education and Awareness 153 
11. Termination of Security Clearances, Employment, or Extended Leave 154 
12. Security Responsibilities in Personal and Committee Offices 154 
13. Foreign Travel ..........ccscsscssssssscssssssssssesccsesencsscssecsesscsssesessuteoneceseces 154 
14. Contact Reports... 155 
GLOSSARY .......csccccsssssssssssssseecssssssssoseessnssessnsssrsccessusesauecsssussssusestvssscssssusecssescscsusceccenns 155 


SECTION I. GENERAL 


1. Scope. This manual establishes the requirements for safe- 
guarding classified information to which employees of the United 
States Senate have access or possession. The manual is written in 
terms of the most common situations where the employee has 
access to, or possession of, classified information in the perform- 
ance of assigned duties. It is the responsibility of every employee of 
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the Senate to be familiar with security requirements and to comply 
with them. If you have any questions regarding the proper safe- 
guarding of classified information, or any problems relating to se- 
curity matters in general, contact your office security manager for 
guidance and direction before you act. 

2. Designation of Senate Office of Security. In order to insure that 
all Senate offices handle classifed information in a uniform and ac- 
ceptable way, an Office of Senate Security has been created under 
the auspices of the Senate Majority Leader. The duties of the Di- 
rector of the Senate Office of Security shall include the following: 

a. Function as a central point within the Senate for the re- 
ceipt, control, transmission, storage, and destruction of classi- 

ed material. 

b. Process clearance requests for personnel of the Senate. 

c. Provide centralized recording and certification of clear- 
ances held by Senate personnel. 

d. Administer a security awareness program, including secu- 
rity E indi and debriefings for the benefit of all Senate per- 
sonnel. 

e. Consult on security issues with Senate offices and conduct 
security surveys, inspections, and audits. 

f. Conduct security liaison, both internal and external, on 
behalf of the Senate. 

g. Such other duties related to personnel and document secu- 
rity which the Majority Leader may direct. 

3. Reports. The Director of Security shall immediately submit in 
writing to the Majority Leader a report of any loss or compromise 
of classified material or information, or any other serious breach in 
Senate security procedures which merits the attention of the Ma- 
jority Leader. 

a. An annual report shall be provided to the Majority Leader 
on the number of security violations which resulted in discipli- 
nary action being taken against Senate employees. 

b. An annual report shall be provided to the Majority Leader 
on the number and types of clearances held by Senate employ- 
ees. 
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SECTION II. HANDLING OF CLASSIFIED INFORMATION 


l. Policy. Executive Order 12356 provides a uniform system for 
classifying, declassifying, and safeguarding national security infor- 
mation. This order assigns original classification authority to cer- 
tain members of the Executive branch. Classified material originat- 
ed by the Executive branch and under the custodial control of the 
Senate will be handled and safeguarded in accordance with the 
provisions of E.O. 12356 and this manual. . mE 

2. Classification. The assignment of classification involves a de- 
termination of the degree of protection certain information re- 
quires in the interest of national security. There are three catego- 
ries of classified information: Top Secret, Secret, and Confidential. 
Classification of material may be supplemented by special designa- 
tions and access requirements. Definitions of classification designa- 
tions and other supplemental access designations may be found in 
the glossary of this manual. , 
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3. Marking Classified Material. The originator of material which 
contains classified material is responsible for properly marking the 
security classification of the material. Classification designation by 
conspicuously marking serves to warn the holder what degree of 
protection is required for that information or material. Other nota- 
tions facilitate downgrading, declassification, and aid in derivative 
classification actions. Therefore, it is essential that all classified 
material be marked in such a manner that it is clear to the holder 
what level of classification is assigned to the material. Although 
not required by this manual, those who originate material which 
contains classified information are urged to classify individual 
paragraphs within a document if deemed necessary. 

a. The markings shown in paragraphs (1) through (4) below are 
required for all classified information. Some material, such as docu- 
ments, letters, and reports can be marked easily with the appropri- 
ate markings. Marking other materials, such as ADP media and 
slides, will be more difficult due to size or other physical character- 
istics. Since the purpose of the markings is to warn the holder that 
the information requires special protection, it is necessary that all 
classified material be marked with the appropriate markings to the 
fullest extent possible to ensure it is afforded the. necessary safe- 


guards. 

(1) Identification Markings. All classified material shall be 
marked to show the office responsible for its preparation, and the 
date of preparation. These markings are required on the face of all 
classified documents. 

(2) Overall Markings. The overall classification of a document, or 
any copy or reproduction thereof, shall be stamped at the top and 
bottom on the outside of the front cover (if any), on the title page 
(if any), and on the outside of the back cover (if any). 

(3) Page Markings. Interior pages of classified documents shall be | 
stamped at the top and bottom with the highest classification of 
the information appearing thereon, or with the overall classifica- 
tion of the document. 

(4) Additional Markings. In addition to the markings specified 
above, classified material shall be marked, if applicable, with one 
or more notations which indicate the material is further restricted 
to special access categories (e.g., Restricted Data notation and Dis- 
semination and Reproduction notices). 

4. Record of Classified Material. a. Accountability Records. The 
security manager of each Senate office shall maintain an account- 
ability record of all Top Secret and Secret material, and special 
access materials regardless of classification. The record shall in- 
clude all such classified material received or produced by, or in the 
custody of, the office and shall reflect as a minimum: 

(1) The date of receipt. 

(2) The classification of the material. 

(3) The office which originated the material. 

(4) The Senate Office of Security or Committee control 
number. 

(5) A brief unclassified description of the material. 

(6) The disposition of the material and date thereof (e.g., file 
location, or return to the Senate Office of Security). 
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5. Inventory/Accounting of Classified Material. When directed by 
the Director of Security (approximately on a semi-annual basis), 
each Senate office shall make an inventory and accounting of all 
Top Secret and Secret material, and special access materials, and 
shall submit a report to the Director of Security. The inventory 
and accounting shall consist of the actual sighting of each item 
listed in the accountability records. The report of each office's hold- 
ings will then be checked against the records of the Office of Secu- 
rity to insure proper disposition has been made for all accountable 
classified holdings. 

a. Receipt of Classified Material. As a matter of practice, all clas- 
sified material destined for Members’ offices should be received by 
the Senate Office of Security. In the event classified material is re- 
ceived by a Member's office directly, it should be taken to the 
Office of Security within one working day to be properly receipted 
for and brought under Senate control procedures. 

b. Production of Classified Material. When an office produces 
Top Secret or Secret material, and special access materials, such 
documents must be registered with the Office of Security within 
one working day. 

c. Semi-Annual Review of Classified Material. For the purpose of 
reducing to a minimum the quantity of classified material on hand 
at any given time, each Senate office shall establish a program for 
the semi-annual review of classified material. All Senate offices 
wishing to dispose of classified information or place it in long-term 
Storage may forward it to the Office of Security (using proper re- 
ceipting procedures) who will assume responsibility for the proper 
storage or destruction of same. 

6. Special Requirements for Secret and Top Secret. It is essential 
that an up-to-date record be maintained of all persons who are af- 
forded access to Secret and Top Secret information. A record shall 
be maintained with each item of Secret and Top Secret material 
that shows the names of all individuals given access to the item 
and the date (or inclusive dates) on which access by each individual 
occurred. Such record shall be retained in the Office of Security for 
a period of three years from the date the material was destroyed, 
dispatched outside the Senate, declassified, or downgraded to less 
than Secret. 

1. Storage and Certification. Classified material must never be 
left unattended. It must be secured in an approved storage contain- 
er or under direct surveillance of an authorized person at all times. 
Senate offices will not be eligible to receive or store classified mate- 
rial until they have been certified by the Director of Security as 
having adequate storage capability. Classified material, when not 
in actual use, shall be stored as follows: 

a. Top Secret and Special Access—Cabinets and Vaults. Top 
Secret and Special Access material shall be stored in a General 
Services Administration (GSA) approved security filing cabinet 
bearing a GSA Test Certification label or in a Class A vault con- 
structed in accordance with the requirements of the Department of 
Defense Industrial Security Manual. . 

(1) Entry to the room in which the container or vault is lo- 
cated shall be controlled by a properly cleared employee so as 
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to control admittance to the room during normal working 
hours. 

(2) During non-duty hours the room in which the container 
or vault is located shall be patrolled and each container or 
vault inspected by a Capitol Police Officer at least once during 
each four-hour period. The inspection procedure will be super- 
vised by a system which provides a written record of the cover- 


age. 

b. Secret and Confidential Cabinets. Secret and Confidential ma- 

terial may be stored in a Top Secret cabinet or vault, or in a steel 
. file cabinet secured by a steel bar and the three-position changea- 
ble combination padlock. , 

c. Supervision of Sonae Containers. Only a minimum number of 
authorized persons possess the combinations to the storage 
containers or vaults, or have access to the information stored 
therein. To facilitate investigation of a container found open and 
unattended, a record shall be maintained by the Office of rity 
of the names, home phone numbers, and addresses of persons 
having knowledge of the combination. In addition, the combina- 
tions of storage containers in Members’ offices shall be maintained, 
in a sealed envelope, by the Office of Security. Such envelope may 
be opened only at the direction of the Member or the office security 
manager. Cabinets and vaults in which classified information is - 
stored shall be kept locked when not under the direct supervision 
A 2: authorized person entrusted with the combination or the con- 

nts. 

d. Alternate Storage Location. The Office of Security shall main- 
tain a list of all approved classified storage cabinets and vaults 
within the Senate. Each cabinet or vault listed shall be identified 
by location. In the event a cabinet or vault become damaged or in- 
operable in a Senate office, the Office of Security will provide tem- 
porary secure storage until such time the cabinet or vault is re- 
Stored to good repair. 

8. Safeguards During Use. Classified information is provided to a 
properly cleared person on the basis of a need-to-know. Determina- 
tion of a need-to-know is an individual responsibility. Before divulg- 
ing any classified information, Senate employees shall make cer- 
tain of the recipient's identity, level of clearance, and need-to- 
know. The Office of Security will maintain a list of Senate employ- 
ees whose level of clearance has been properly established. Classi- 
fied materials, when not safeguarded as provided for in paragraphs 
Ta and "b, and when in actual use by cleared personnel, shall be 
protected as follows: 

a. Kept under the constant surveillance of an authorized person, 
who is in a physical position to exercise direct security controls 
over the material. 

b. Covered, turned face down, placed in storage containers, or 
otherwise protected, when unauthorized persons are present. 

c. Returned to storage containers as soon as practical after use. 

9. Transmission. Transmission of classified material from Senate 
offices to any other Senate office, government agency, or other au- 
thorized recipients shall be registered with the Office of Security. 

10. Reproduction. All reproductions of classified material shall be 
marked or stamped with the same classification as the original. Re- 
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production of classified material shall be made only on equipment 
specifically designated by the Director of Security for the reproduc- 
tion of classified material. The Senate office which reproduces clas- 
sified material is responsible for immediately bringing all copies - 
under proper accountability controls and notifying the Office of Se- 
curity of the particulars as provided for a paragraph 4, "Record of 
Classified Material." 

1l. Exemptions. Those Senate Committees which have custodial 
control over large amounts of classified material may be exempted 
from the provisions of Section II of this manual after the Director 
of Security has certified their policies and procedures for handling 
classified information fully meet the standards of this manual. 


SECTION III. PERSONNEL SECURITY 


1. General. A security clearance represents formalization of a de- 
termination that an individual is authorized access, on a "need-to- 
know" basis, to a specific level of classified information. Requests 
for clearance originate with and are validated by Members them- 
selves (in the case of personal staffs), or, in the case of Senate Com- 
mittee staffs, a determination by Committee or Subcommittee 
Chairmen and/or Ranking Minority Members, as specified in the 
Rules of each Committee. 

2. Clearance Standards for Senate Staff. The criteria for security 
clearances require that nominees be individuals: 

a. of excellent character, discretion, trustworthiness, and loy- 
alty to the United States; 

b. who are citizens of the United States. 

8. Investigative Requirements. To ensure that personnel meet the 
criteria cited in paragraph 2 above, the following investigative cov- 
erage will be accomplished prior to granting a security clearance: 

a. Confidential and Secret. A clearance for access to Confidential 
and Secret information shall require: 

(D A National Agency Check. This consists primarily of a 
check of the records of the Federal Bureau of Investigation, 
Office of Personnel Management, Immigration and Naturaliza- 
tion Service, and the Defense Central Index of Investigations. 

(2) A personal interview either before or as part of the inves- 
tigative process. 

(3) A credit check. 

(4) Written inquiries to present and past employers. 

(5) Consent for access to financial records. 

(6) Consent for further inquiries as may be necessary as a 
result of any unresolved issues surfaced in the investigation. 

b. Top Secret. A clearance for access to Top Secret information 
requires, in addition to the requirements for a Secret clearance, a 
comprehensive field investigation of the nominee's background. 

c. Special Access Approvals. Certain types of classified informa- 
tion require special clearances and access approval. These clear- 
ances and approvals are granted on a rigidly controlled need-to- 
konw basis. Requests from Committees or Subcommittees for staff 
clearances to special access programs will be processed on a case- 
by-case basis. 
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4. Consultants or Contract Personnel. Consultants or contract per- 
sonnel must meet security approval criteria consistent with the 
sensitivity of assigned duties. Depending upon the proposed use of - 
the individuals, specific investigative requirements will be estab- 
lished by the Director of Security at the time the request for secu- 
rity approval is submitted. In all instances, access to classified in- 
formation will be limited to that needed in the performance of 
duty, as specified in the security approval. Any proposed change in 

' the utilization of the individual requires submission of a request 
that a new security approval be granted. 

5. Denials and Terminations of Security Clearances. 

a. Denial of Security Clearance. If, after receipt of an investiga- 
tive report, the Director of Security judges that a clearance should 
not be granted, the case will be discussed with the Member who 
requested the clearance. If the Member concurs, a denial is issued. 
If the Member does not agree with the assessment of the Director 
of Security, the matter will be reported to the Senate Majority or 
Minority Leader, depending on the requesting Member's party af- 
filiation. . 

b. Termination of Security Clearance. The Director of Security 
‘will terminate staff security clearances of an individual if: 

(1) the sponsoring Member requests such termination; 

(2) the employee terminates employment with the Senate; 

(8) the employee has committed security violation(s) of such 
severity as to warrant termination of clearances. If the spon- 
soring Member does not agree with the termination of a staff 
member's clearance, the matter will be reported to the Senate 
Majority or Minority Leader, depending on the Member's party 
affiliation. 

6. Reinvestigation and Revalidation Program. 

a. Revalidation. In order to maintain the number of Senate staff 
having access to classified information at a minimum, the Director 
of Security will revalidate the need for staff clearances on an 
annual basis with the sponsoring Member. 

b. Reinvestigation. For those Senate employees holding security 
clearances and approvals, a reinvestigation will be conducted at 
least every five. years. The Director of Security shall maintain a 
control system to insure such reinvestigations on staff members are 
accomplished. 

_ €. Requested Reinvestigation. The Director of Security will also 
initiate a reinvestigation of a Senate employee at the request of the 
sponsoring Member. 

T. Secrecy Agreements. A secrecy agreement must be executed by 
all Senate employees who are granted security clearances. The 
agreement will contain provisions that prohibit the signer from di- 
vulging or releasing classified information to unauthorized individ- 
uals. Where appropriate, the employee will be required to submit 
to the Executive branch, through the Director of Security, for pre- 
publication review all writings, scripts, or outlines of oral presenta- 
tions intended for non-Senate publication, which may contain ma- 
terial or information which the employee is pledged not to disclose 
by the terms of the secrecy agreement. 
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8. Security Violations. All security violations or alleged violations 
within the Senate will be investigated by the Director of Security. 
The formal investigation report will include: 

a. A finding on whether a probable disclosure for classified 
information occurred. 

b. A written report of those interviewed. 

c. À finding as to the person(s) responsible. 

d. À statement as to the degree of compromise involved. 

: An The security violation history of each person found respon- . 

sible. 

f. Recommendations for remedial action to preclude recur- 
rence of such violation(s). 

9. Penalties for Breaches of Security. Senate employees who fail 
to observe security policies and procedures or who are found to be 
responsible for security violations are subject to the following ad- 
ministrative actions. These penalties are for inadvertent security 
violations that concern failure to properly secure classified infor- 
mation and do not involve either intent or gross negligence. 

a. First Violation. Written notice by the Director of Security or 
the sponsoring Member and warning of possible consequences of 
further violations. 

b. Second Violation. Written reprimand by the Director of Secu- 
rity or the sponsoring Member and warning of the possible conse- 
quences of subsequent violations. 

c. Third Violation. Suspension without pay for a period of five 
days and a written warning from the Director of Security or the 
sponsoring Member as to the consequences of a fourth violation. 

d. Fourth Violation. Suspension without pay for ten days and a 
complete review of the individual's security file by the Director of 
Security who will provide the sponsoring Member with the recom- . 
mendation for a more severe penalty, if warranted. Such recom- 
mendation may involve a longer period of suspension without pay 
and/or result in termination of clearances or Senate employment. 
Where the recommended penalty is termination of clearances or 
employment, and the sponsoring Member does not agree, the 
matter will be reported to the Senate Majority or Minority Leader, 
depending on the Member's party affiliation. 

e. Two-Year Provision. In the case of a Senate employee who has 
served two continuous years without a security violation of the 
nature set forth above, any violations that he or she committed 
prior to the commencement of the two-year period will be disre- 
garded for purposes of determining whether a violation is the first, 
second, third, or fourth. : : 

10. Security Education and Awareness. The Director of Security 
has overall responsibility for the security education program. The 
Director of Security will ensure that before the granting of a secu- 
rity clearance, Senate employees are briefed on the provisions of 
this manual as well as other pertinent security instructions. The 
security briefing and indoctrination will, at a minimum, include 
the following: . i 

a. The employee shall read the espionage laws concerning 
disclosure of information relating to the national defense. The 
briefer will ascertain that the individual understands the espi- 
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consequences under the law if the statutes are violated. 

b. The employee must attend a security education class prior 
to initial access and periodically thereafter. A mandatory re- 
quirement for the initial security education class will be the 
requirement for Senate employees to immediately report such 
contacts as explained in paragraph 14 of section III of this Se- 
curity Manual. 

c. The employee is required, as a condition of holding a secu- 
rity clearance, to sign a Secrecy Agreement with the under- 
standing that termination of employment or such clearance 
does not relieve the individual of any obligations in the agree- 
ment concerning unauthorized disclosures of classified infor- 
mation. 

11. Termination of Security Clearances, Employment, or Extended 
Leave. Those Senate employees whose security clearances have 
been revoked, whose employment has been terminated, or who are 
taking extended leave for a period of 60 days or more will: 

a. Surrender before ore all classified documents or 
materials over which the Senate has custodial control. 

b. Again read and be rebriefed on the espionage laws. 

c. Be reminded that the Secrecy Agreement executed upon 
being granted a security clearance continues to be valid and 
that termination of employment or clearances does not release 
the individual from the conditions of the Secrecy Agreement. 
As a reminder of their continuing obligations, employees will 
be given a copy of their Secrecy Agreement upon separation. 

_12. Security Responsibilities in Personal and Committee Offices. A 
high level of security consciousness and good security practice is a 
basic responsibility of every person holding a security clearance. To 
achieve and maintain a strong security posture, a Security = 
er will be designated for each Member’s personal office and in 
other Senate offices which receive or store classified information. 
Under the administrative guidance of the Director of Security, 
sach office security manager will be responsible for the following 

uties: 

a. Providing security advice and guidance to office personnel. 

b. Serving as focal points within their offices for security 
matters. 

c. Promoting general security awareness within their offices. 

d. Monitoring office procedures for proper control and stor- 
age of classified material. 

e. When directed by the Director of the Senate Office of Se- 
curity, conduct an inventory of all Secret and Top Secret, and 
special access materials held within their office. 

f. Retain a record of personnel within their offices who hold 
security clearances and who travel abroad. This report shall be 
aeined in a manner to be furnished by the Director of Se- 
curity. 

13. Foreign Travel. During foreign travel, Senate personnel are 
more accessible to foreign intelligence services. To minimize the 
threat to the individual or to classsified information, the Director 
of Security will establish procedures to provide for defensive brief- 
ings for persons planning private or official travel to designated 


Page 580 of 3957 


Page 581of 3957 


foreign countries. All Senate employees who hold clearances will, 
as a matter of routine, contact the Office of Security to arrange for 
a defensive briefing. Such will be provided if deemed necessary by 
the Director of Security. Since any traveler might become involved 
in an act of terrorism, hijacking, or piracy, guidance on what to 
expect and how to behave in such situations will also be made 
available to Members and Senate employees contemplating travel. 

14. Contact Reports. All Senate personnel shall immediately 
report any contact with a foreign national of any nationality, 
either within or outside the scope of the employee's official activi- 
ties, in which: 

a. Illegal or unauthorized access is sought to classified infor- 
mation; or 

b. The employee is concerned that he or she may be the 
target of an attempted exploitation by a foreign entity. 

In addition, all cleared Senate personnel shall immediately 
report any contact, either within or outside the scope of the em- 
ployee's official activities, with an official or representative of a 
governmental or commercial entity of the following communist 
countries: Albania, Bulgaria, Cuba, Czechoslovakia, German Demo- 
cratic Republic, Hungary, Kampuchea, Laos, Mongolian People's 
Republic, Nicaragua, North Korea, People's Republic of China, 
Poland, Romania, Socialist Republic of Vietnam, Soviet Union. 

Uncleared Senate personnel are also encouraged to report such 
contracts. Reports shall be made to the Director of Security who 
shall advise the FBI of the fact of the contact, unless the sponsor- 
ing Member or office security manager determines that the FBI 
should be informed directly. 
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Glossary 


ACCESS—The ability and opportunity to obtain knowledge of classified information. 
An individual may be able to obtain classified information by being in a place 
where such information is kept, provided the security measures in effect do not 
prevent him from doing so. . 

AUTHORIZED PERSON—An individual who has established: (1) a need for access 
to, knowledge of, or possession of classified information, and (2) holds proper 
clearance to receive classified information. It is the responsibility of the person 
having control of the classified information to determine that the requester of 
the information has: (1) a need-to-know the material, and (2) clearance to re- 
ceive it. (See also "Need-to-Know.") 

CLASSIFICATION—The determination that official information requires, in the in- 
terests of national security, a specific degree of protection against unauthorized 
RACKS, coupled with a designation signifying that such a determination has 

n made. 

CLASSIFIED INFORMATION —Official information, including foreign classified in- 

formation, that has been determined, pursuant to statute or executive order, to 
uire protection in the interests of national security. _ . 

CLASSIFY To assign information to one of the three classified categories (Confi- 
dential, Secret, or Top Secret) after determination that the information requires 
protection in the interests of national security. . : 

COMPROMISE-— The known or suspected exposure of classified information to an 
unauthorized person. . . ; 

CONFIDENTIAL—The designation applied to information or material the unau- 
thorized disclosure of which could reasonably be expected to cause damage to 
the national security. ; . T 

COURIER—Any cleared individual who has been authorized in writing to hand- 
carry classified material. Couriers are of two types: (1) those who carry material 
in connection with a specific trip and task to be accomplished, and (2) those who 
carry material as a regular part of their work assignment. 
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DERIVATIVE CLASSIFICATION—Classification based on or derivied from previ- 
ous, officially classified material or prescribed in a security classification guide. 

DOCUMENT-—Any recorded information regardless of its physicial form or charac- 
teristics, including, without limitation, written or printed material, data proc- 
essing disks, cards, and tapes; maps; charts; paintings; drawings; engravings; 
sketches; working notes and papers; reproductions of such things by any means 
of process; and sound, voice, or electronic recordings in any form. 

FORMERLY RESTRICTED DATA—Data that have been removed from the Re- 
stricted Data category upon determination, jointly by the Department of De- 
fense and the Department of Energy, that such data relate primarily to the 
military use of atomic weapons and that can be adequately safeguarded as clas- 
sified defense information. | . 

INDUSTRIAL SECURITY-— That portion of national security concerned with the 
protection of classified information in the possession of industrial contractors to 
the Department of Defense or other user agencies. __ "m . 

MATERIAL—Any document, product, or substance on or in which information may 
be recorded or embodied. . ; : : 

NEED-TO-KNOW —A determination that a prospective recipient of classified infor- 
mation, in the interests of national security, has a clearance and a requirement 
for access to, knowledge of, or possession of the classified information in order 
to perform tasks or services essential to the fulfillment of a classified contract 
approved by a user agency. f . : 

OFFICIAL INFORMATION—Information that is owned by, produced by, or is sub- 
ject to the control of the United States Government. 

ORIGINAL CLASSIFICATION—An initial determination that information requires, 
in the interests of national security, a specific degree of protection against un- 
authorized disclosure. Such classification is not based on or derived from any 
previously classified material. . 

PUBLIC DISCLOSURE—The passing of information and/or material to any 
member of the public in any manner. , 

REPRODUCTION The term reproduction, as used in this manual, means copying, 
duplicating, photographing, or otherwise making a facsimile, replica, or coun- 
terpart of an original article, regardless of the means used to copy.or reproduce. 

RESTRICTED DATA-—All data (information) covering: (1) the design, manufacture, 
or utilization of atomic weapons; (2) the production of special nuclear material; 
or (3) the use of special nuclear material in the production of energy, but not to 
include data declassified or removed from Restricted Data category pursuant to 
the provisions of the Atomic Energy Act of 1954. . 

SECRET—The designation applied only to information or material the unauthorized 
disclosure of which could reasonably be expected to cause serious damage to the 
national security. l 

SENSITIVE COMPARTMENTED INFORMATION—AI information and materials 

requiring special controls indicating restricted handling within present and 

uture intelligence collection programs and their end products. These special 

controls are formal systems of restricted access established to protect the sensi- 

tive aspects of sources and methods and analytical procedures of foreign intelli- 
gence programs. 

SPECIAL ACCESS PROGRAM —Any program imposing need-to-know or access con- 
trols beyond those normally prescribed for access to Confidential, Secret, or Top 
Secret information. 2 

TOP SECRET—The designation applied only to information or material the unau- 
thorized disclosure of which could reasonably be expected to cause. exceptionally 
grave damage to the national security. 

WASTE, CLASSIFIED—Preliminary drafts, carbon sheets, carbon ribbons, stencils, 
handwritten notes, backing sheets, stenographic notes, worksheets, and similar 
items containing classified information. Pending destruction, classified waste 
must be marked and safeguarded according to its classification. 
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Introduction 


This collection of FBI documents and newspaper stories 
is designed as a resource and educational tool for lawyers 
and lay persons alike. Having spent the last few years studying 
and litigating against the FBI and its counterintelligence 
programs, we publish this collection in order to share our 
knowledge with those engaged in similar political and legal work. 


We feel this publication is an important part of the task 
we set out for ourselves when we started the Task Force on 
Counterintelligence and the Secret Police at the National Lawyers 
Guild meeting in February 1978. At that time we decided to 
exchange information with and aid the litigation of those engaged 
in similar work; and to bring a political understanding and 
analysis to both the information collected and the work done 
which is consistent with the realities as we see them - an 
analysis which emphasizes that the repressive counterintelligence 
programs of the FBI and other secret police agencies were and 
are designed to systematically disrupt and destroy domestic 
Third World liberation movements and their leadership bv any 


means necessary. 


We wish to encourage others to bring this understanding to 
their work, and to move beyond omnibus spy suits and their 
attendant voluminous dossiers, and to focus on discovering and 
attacking past and present counterintelligence policies and 
tactics, with an eye toward aiding those victims of repression 
who are criminally charged or remain in prison as a result of 
these tactics. While this is a book composed primarily of 
documents, we do not see it as scholarly research with no other 
purpose than to satisfy historical curiosity; we hope it will 
be used as a tool by past victims of counter intelligence, and by 


the people who are the current targets of FBI harrassment. 


We welcome your support and ideas, your criticisms, and 
especially your direct participation. Let's join together to hoist 
the secret police on their own petard! 


Flint Taylor, and 


Margaret Van Houten 
1d Co-Chairs, NLG Task Force 
N G on Counterintelligence 


and the Secret Police 
1/26/80 


National Lawyers Guild Government Repression and Police Misconduct | 
Committee - Counterintelligence Documentation Center - Suite 918 - 
343 South Dearborn Street, Chicago, Illinois 60604 
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Editor's Note 


This is the third edition of Counterintelligence: A 
Documentary Look at America's Secret Police. Since the last 
edition, we have collected and included in‘ this book newly- 
released documents on the Republic of New Africa, American 
Indian Movement, former Black Panther Party leader Geronimo 
Pratt, and the continuing cover-up in the civil case concerning 
the murder of Fred Hampton and Mark Clark. While we feel the 
book is improved, we are by no means satisfied that we have 
gathered and published a definitive collection of documents. 

We therefore ask that those people reading this book contact us 

and send documents, newspaper ciippings, and other materials 

that you feel would make our next edition more complete. We are 
especially interested in materials concerning the Chicano/Mexicano, 
Puerto Rican, and Native American movements. 


To assist in the collection and dissemination of documentary 
materials regarding this area, the Government Repression and 
Police Misconduct Committee of the National Lawyers Guild has 
established a Counterintelligence Documentation Center in Chicago, 
liiinois. ihe Center makes avaiiabie to interested persons over 
20,000 pages of FBI files dealing with the New Left, Black Activists, 
Special Operations, and Media Program. The Center also coordinates 
the publication of the Police Misconduct Litigation Report newsletter, 
and the Public Eye Magazine, which recently merged with the Committee. 


We would also like to inform our readers of two other groups 
who are doing significant work in the area of counterintelligence 
research and litigation - The National Task Force on Cointelpro 
Litigation and Research at P.0. Box 65, Bronx, New York 10473; and 
FOIA, Inc. at 36 West 44th Street, New York City 10036. 


Please send any documents, synopses of files, or other 
materials to NLG Counterintelligence Documentation Center, Suite 918, 
.343 South Dearborn Street, Chicago, Illinois 60604, If you wish to 
be on our mailing list, please write us. For further information 
contact Chip Berlet, coordinator NLG/CDC at the above address or 
leave a message at the Chicago National Lawyers Guild (312) 939-2492. 


Copyright 1980 - NLG Task Force on Counterintelligence and the 
Secret Police 


(Ed. Note: In most cases the FBI memos are photocopies of original 
documents. Where reproduction was of a poor and illegible quality, 
we have retyped specific paragraphs, using similar type and margins. 
Not one word in those paragraphs has been deleted or altered. On some 
pages, different documents have been placed together, and are seperated 
by a wavy line to indicate the difference. Dashed lines indicate 
paragraphs have been removed for reasons of space and relevance.) 
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Part One: The Political Mission of the FBI 


The history of FBI counterintelligence and repression against the 
Black liberation movement began with the establishment of the Bureau 
itself, in 1919. In October of that year, J. Edgar Hoover, fresh 
from his exploits as Attorney General Palmer's "legal advisor" for 
the notorious Palmer raids, initiated a campaign against Marcus 
Garvey which resulted in his frameup on false fraud charges, and 
ultimately in his deportation as an "undesirable alien".  Counter- 
intelligence tactics were employed against other Black leaders and 
spokespersons, such as Paul Robeson and Richard Wright, and may 
have been involved in Wright's mysterious death in Paris. As Blacks 
became active in the Communist Party, the FBI moved to destroy 
racial unity and play on racism within the Party. The Bureau 
further developed this technique in an extensive campaign to dis- 
credit the black Party leader Claude Lightfoot in the 1950's. 


In the late 1950's and early 1960's the FBI moved to quash the 
growing civil rights movement in the South. Over one-fourth of 
all Klan members in the South were FBI agents and informants, and 
much violence against the civil rights movement can be directly 
attributed to these agents. One FBI provocateur, Gary Thomas 

Rowe, was an active participant in widespread Klan violence, in- 
cluding the murder of civil rights worker Viola Liuzzo, the bombing 
of a Birmingham church which killed four Black children, and the 
killing of a Black man during a racial disturbance in Birmingham 

in 1963. Much of the FBI's attention, as has now become well known, 
was focused on Dr. Martin Luther King,.Jr. and the Southern Cfiris~ 
tian Leadership Conference(SCLC). 


As early as 1960, the FBI started a comprehensive program, originat- 
ing in Chicago, designed to disrupt and neutralize the Nation of 
Islam. Although the bulk of the files are still secret, released 
documents reveal that'one of the primary purposes of this program 
was to exacerbate the tensions between Malcolm X and Elijah Muhammed, 
and these activities either directly or indirectly led to the 
assassination of Malcolm X in 1965. Also in 1960, the FBI ordered 
their field offices to begin counterintelligence activities to 
"thoroughly disrupt" the Puerto Rican Independence movement, 
especially the Puerto Rican Nationalist Party and what is now the 
Puerto Rican Socialist Party. 


As the civil rights movement moved to the north, and urban ghetto 
uprisings punctuated Black people's demand for liberation, the FBI 
greatly expanded their counterintelligence programs against the 
Black movement and its leadership. In August of 1967 Hoover.directed 
all field offices to establish a "black nationalist" counterintelli- 
gence program, designed to "expose, disrupt, misdirect, discredit 
and otherwise neutralize" Black nationalist organizations and their 
leaders. The Student Non-Violent Coordinating Committee (SNCC), 
SCLC, the Revolutionary Action Movement (RAM), the Nation of Islam, 
and the Deacons of Defense were specifically targeted, as were 
Stokely Carmichael, H. Rap Brown, the Honorable Elijah Muhammed, 

and Maxwell Stanford, among others. 
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On March 4, 1968, Hoover exhorted 41 field offices to redouble 
their counterintelligence efforts against the Black liberation 
struggle, instructing them to "prevent coalitions between militant 
Black nationalist groups", to "prevent the rise of a 'messiah' who 
could unify, and electrify, the militant black nationalist move- 
ment", and to "prevent the long-range growth of militant black 
nationalist organizations." One month later, Dr. King, the target 
of countless counterintelligence maneuvers which included wiretaps 
and bugs, blackmail, a suicide note, and an attempt to replace him 
with an FBI plant, was felled by an assassin's bullet, an assassina- 
tion which still leaves many unanswered questions concerning the 
FBI's role, and reveals yet another FBI coverup. 


The Bureau set out to implement this expanded program with a venge- 
ance. They moved to neutralize public figures such as Dick Gregory 
and Muhammed Ali, sought to disrupt militant Third World community 
organizations, and focused on revolutionary nationalist organiza- 
tions and the Republic of New Africa (RNA), which had gained wide 
influence in the Black liberation struggle in early 1968 after 
‘declaring that all Black Americans (New Africans) were citizens of 
the Black nation, whose rightful land was 5 states of the deep South. 
Much energy was expended on discrediting Stokley Carmichael, who 

was branded by the FBI as a CIA agent. 


It did not take long, however, for the.FBI to make its main target 
the Black Panther Party. In late 1968, the Bureau sent out a com- 
munique to all field offices exhorting them to "cripple the EPP." 
For the next four years, in what the Senate Select Committee on 
Intelligence described as a "covert program to destroy the Black 
Panther Party," the FBI maintained a massive counterintelligence 
program, steeped in violence and illegality, against the Panthers. 
Determined to silence the strongest and most militant black revolu- 
tionary organization, the Bureau used everything from wiretap to 
murder. They coordinated police raids against Panther homes and 
offices throughout 1969, and set up the police murder of Fred 
Hampton, one of the youngest and most inspiring of all Black 
leaders, on December 4, 1969. They put special emphasis on dis- 
rupting the BPP's most successful programs, such as the Breakfast 
Program and the Black Panther Newspaper, and instructed all field 
offices to "destroy what they stand for." Although they focused 
on the Panthers, they also continued to disrupt the Young Lords, 
the Republic of New Africa, and the Nation of Islam; and worked 
hard to discredit Rev. Charles Koen, who was leading a heroic 
battle against Klan terror in Cairo, Illinois. The Bureau took 
credit for the demise of several Panther chapters, and for the 1971 
split between Huey Newton and Eldridge Cleaver. 


During 1971, the FBI office in Media, Pennsylvania was secretly 
entered by nameless American patriots, who managed to liberate a 
number of counterintelligence documents. The FBI then claimed that 
it was disbanding its counterintelligence programs, but, in fact, 
it has only charged the names. FBI counterintelligence against the 
American Indian Movement and Native American people across the 
country has intensified over the past several years, as the events 
at Wounded Knee and FBI terror on the Pine Ridge reservation show. 
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The FBI until recently orchestrated and coordinated violent attacks 

on the Iranian Student Association by agents of the Shah of Iran's 

Secret Police (SAVAK) in the United States, in order to crush the ISA 

in this country. The FBI and the Justice Department have resumed the 
inquisitional use of Grand Juries to jail Puerto Rican and Chicano 
activists, and have employed widespread intimidation and harrassment 

in Puerto Rícan and Chicano communities to disrupt activities there. 

The FBI continues to assist in and condone violence against Native 
Americans. While Assata Shakur and Imari Obedele are no longer in 

prison, many other victims of FBI counterintelligence remain incarcerated, 
victims of set-ups and frame-ups: Geronimo Pratt and citizens of the 
Republic of New Africa, to name but a few.  COINTELPRO continues. A 
tragic repitition of history occured when five members of the Communist 
Workers Party were slain by members of the Ku Klux Klan and American 

Nazi Party in Greensboro, North Carolina on November 3, 1979. The 

local police and FBI, who were aware of the intentions of the Klansmen 
and Nazis to disrupt the CWP demonstration ~ and that they were armed - 
did nothing to prevent the assault, and indeed, were many blocks away | 
when the murders took place. The resemblance to the incident in 
Birmingham, Alabama almost twenty years ago that is recorded in FBI 

memos on pages four and five of this book, is chilling: and is also a 
reminder of the words of "The Director" J. Edgar Hoover, who said in 
a 1964 FBI memo: 


"Over the years, our approach to investigative problems 
in the intelligence field has given rise to a number of 
new programs, some of which have been most revolutionary, i 
and it can be presumed that with a continued aggressive 

approach to these problems, new and productive ideas 

will be forthcoming. These ideas will not be increased 

in number or improved upon from the standpoint of 
accomplishments merely through the institution of a 
program such as COINTELPRO which is given another name, 
and which, in fact, only encompasses everything that has 
been done in the past or will be done in the future." 
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DETROIT [UPI]—Documents obtained 
by the American Civil Liberties Union 
show that, in 1961 the FBI passed along 
information about two Freedom- Rider 
buses to a Birmingham, Ala., police ser- 
geant who was a known Ku Klux Klan 
agent. 

Howard Simon, Michigan ACLU exec- 
utive- director, said the 3,000 pages of 
FBI letters, memos, and teletype mes- 
sages were released to ACLU attorneys 
in a lawsuit filed against the FBI for 
allegedly failing to prevent Klan attacks 
on Freedom Riders. 

“What we found in the documents was 
rather startling," Simon said Sunday. 
"The ACLU is cbarging that the FBI 
provoked the Klan to carry out terrorist 
acts against civil rights workers." 


HE SAID DOCUMENTS show that the 
FBI knew Sgt. Thomas Cook of the po 
lice department's intelligence branch 
‘was giving the Klan the information that 
the FBI was providing about civil rights 
workers. 


í——MAXÀÓ A ((Ó( (A  aÓÓÓ 


2 ES .. ^ BH 248-PCI (RAC), 


information: 


On April 21, 


GENE REEVES and BILL HOLT, 
of Eastview Klavern #13, 


According to the documents, the chief 
of the Birmingham FBI office called 
Cook to inform him of the progress the 
buses were making through the racially 
tense South and when they were due to 
arrive at Alabama bus stations. 

According to Simon, an FBI informant 
who had infiltrated the Kian said Cook 
and Birmingham’s public safety direc- 
tor, Eugene “Bull” Connor, conspired 
with Klan leaders to allow physical at- 
tacks on Freedom Riders when the bus- 
es arrived at terminals in Birmingham. 


THE DOCUMENTS, he said, show 
that Birmingham police agreed to arrive 
at the terminals 15 or 20 minütes after 


the buses arrived to give Klansmen time 
to attack the civil rights workers. Klans- 
inen arrested atter then were promised 
light senterices. 

When buses arrived, no police were 
present. Klansmen attacked civil rights 
workers, reporters, and press photogra- 
phers with chains, pipes, and baseball 


bats. 


Earlier the same day, Klansmen inter- 
ccpted a Freedom bus at Anniston, Ala., 
59 miles to the east, and set it on fire. 

"We. found," Simon said, “that the 
FBI knew that the Birmingham Police 
Department was infiltrated by the Klan, 
that many members of the police de- 
partment were Klan members, that they 
knew a person in intelligence was pass- 
ing information directly to leaders of the 
Klan, and they also knew that their un- 
dercover agent had worked out an 
agreement with the police department to 
stay away from the terminals. . 


“THEY KNEW ALL that, and yet 
they continued their relationship with 
the police department." 

The documents were released to attor- 
neys for Walter Bergman, .80; a former 
Wayne State University professor and 
Detroit school board official who has 
filed a $1 million lawsuit against the 
FBI. 


Chicago Tribune ^g 


"who has furnished reliable 
information in the past, orally furnished tbe. following 


1961, BH 248- PCI (RAC) "telephonicaliy 
contacted this Agent and advised that he had in his possession 
certain communications which he had received from one T. H. 
COOK, Sergeant of the Birmingham Police Department, which 
communications he had shown to ROBERT THOMAS, HUBERT PAGE, 


after the regular closed meeting 
of THE ALABAMA KNIGHT, KNIGHTS OF 


THE KU KLUX KLAN, INCORPORATED, on April 20, 1961. 


l : He said he had received the inter-office 
communications from COOK, on the morning of April 20, 


i961, 


and -was given.instructions to turn these over to 


"ROBERT THOMAS and HUBERT PAGE, with the thought in mind 
that the KLAN could possibly reprodüce the information 
contained in the communications on the KLAN press for 
distribution to the members. of THE ALABAMA KNIGHTS. 


MES MED EET EP MEES MED A EM A A A A 


COOK opened several file drawers in his Filing. 
cabinets and told informant that any information contained 


in his files was readily available to informant, ‘for the 
in general- AM 


use of the KLAN, 
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Reference is made to matter entitled, "INFILTRATION 
OF LAW ENFORCEMENT AGENCIES I BY KbAN-TYPE ORGANIZAT IONS, 
RACIAL MATTERS" (Bufile[ <C. The Bureau is aware thes I] 
Sergeant TOM COOK:or the Bicnlnshsm Police Department has 
been furnishing information concerning potential violence 
given him by tne Birmingham FBI Office to THE ALABAMA KNICHES, 
KNIGHTS OF THE KU KLUX KLAN, INCORPORATED. 


I anml» A A A MEES BEET EET EE GIUM ARUM 


On May 12, 1961, Birmingham Confidential Informant 
wi, who has fu -nished reliable information in the past, 
advised that at a regular ciosed meeting of Eastview Klavern 
#13 of THE ALABAMA KNIGHTS, KNIGHTS OF THE KU KLUX KLAN, 
XNCORPORATED, the an * val of the CORE group and KLAN inter- 
vention, on May 14, 1951, was discussed. All Klansmen were 
tola to stay away from the Greyhound Bus Terminal, unless ` 
apecifically instructed to participate in KLAN intervention, 


After the. closed meeting, accordina to T-1, 

HUBER? PAGE, Grand Titan of THE ALABAMA KNIGHTS, advised 

several persons that ROBERT SHELTON, Imperial Wizard, THE 

ALABAMA KNIGHTS, had spoken to Detective TCM COOX, 
Birmingham Police Department, date and time unknown, 

concerning CORE. PAGE further related that the CORE group 

yas to arrive at approximately 11:00 A.M., May 14, 1961, at : 
the bus depot, ard that sixty Klansmen were to participate i 


‘in the beatings. 
PAGE further stated that EUGENE "BULL" CONNOR, 


Police Commissioner, Birmingham, Alabama, had stated, "By 
God, If you are eed to do this tning, do it right’, 


Bron am te ~ waa: RA an ar 


Asad Aneta 1 4 
ref er I ing to th p- Jj Vu AXllUCJIUuUt!iv Uil ae "ui ‘aay 3 ria y i4, A A. o. 
. FROM sac, BIRMINGHAM /149-NEW/ 6P 
DIRECTOR OF NEWS, WAPI, HAS ADVISED ME THAT UPON HIS 


peer ae AT THE TRAILWAYS BUS STATION. THIS AFTERNOON 


HE ‘SAW A SHORT, uu ee WEARING A YELLOW SHIRT, KNOCK 
A. NEGRO' MALE TO ur SROUND AND JUMP on os AND THAT TEMPORE 
THEREAFTER SEVERAL MEN STARTED THROWING PEOPLE AROUND. HE STATED | 
THAT HE SAW NO POLICE IN SIGHT, BUT DID SEE TWO NEWS PHOTOGRPAHERS , 
TAKING PHOTOGRAPHS. HE STATED THAT TEE NEGRO RAN OUT OF. THE BUS: 


STATION, HIS FACE WAS. BLOBDY AND ONE oF “HIS PANTS- LEGS RIPPED OFF. 
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6 28 COs SO. vO . 
‘UNITED STATES CO — 3k«iENT 7 
Memorandum wur bee T sk 
"f "" DIRECTOR, FBI t (2105-66754) DATE: 11/15/60 


SAC, NEW YORK ee ie 


c C^ GROUPS. SEEKING INDEPENDENCE U 
.. .. . FOR PUERTO RICO (COUNTERINTELLIGENCE PROGRAM) - 
^ SUBVERSIVE CONTROLZ/.-7*«4 p 


— —— a— a 


——— —————M anae 


coo MESE 
E © Re Bureau letter dated 9/13/60. 


; À review of the files of the NYO hes been ' 

: made concerning the activities of Puerto Rican pro-indepen- 
dence groups which seek independence by other than peaceful 
means, as well as the files on the counterintelligence 
program as it relates to the Communist Party. It is believed 


that upon instituting a counterintelligence program in this "E. 
field, ERIOESE should be directed with the following aims in i J 
mind: l à 


I. icine bd and discord. 


XI. Creating doubts as to the wisdom of re- 
maining in the independence movement. 


209 ` ‘ 
E ; « i E A 


MES eR, III. Causing defections from the indpendence ie 

E ELE movement. l , N: 

i i. The suggested means of obtaining these desired ae? 
. ends are as follows: | o di 
u E T 


paris i 1) Exploiting factionalism within an TEE 
organization. : Iu ee ewe heia 


Factionalism is a common fault within pro- 
independence groups and it is believed that this existing 
element can be developed, enlarged and exploited. As an 
example, after the demise of the Agen Eevee m 


-— Pp “=~ . E | ise : i P Q. WOKE: diy iso eee ` 
‘2Y. Bureau: (105-66754) (RM) HH EREE TEA 
24 San Juan ipic (RM : | l | E 
3 New m 105-3283872) (77113) as NOV dn ens : 
Lu Feveb PAi it a E ed "E yc bai 
S SC ZU 
bi S X a m 7 
VÀ J 1 Ke. ~ Aae qv 
J i, aà 
€ n VS fe 
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| SAC, San Juan (105-3353) d 
[y ee T v 


Director, FBI (105-66754) FEHOUNAL AuilNilUs 


/ E GROUPS SEEKING. INDEPENDENCE . : f 


t FOR PUERTO RICO 
(SUBVERSIVE CONTROL) 


Nei ted es hb ad duh To 


The Bureau is considering the feasibility - pe 
of instituting a program of disruption to be directed = 
against organizations which seek independence for M i 
Puerto Rico throneh other than lawful, peaceful means. dba | 

H 
f 
i 
f 


à 


VI Seas 


Because of the increasing boldness apparent . 
in the activities of such organizations, their utter 1 
disregard of the will of the majority, the inevitable * 
communist iio dd Soviet effort. to embarrass the , 


,United States, and the coura & 
/ by Castro's Guba. we “must make a more positive effort, E s 
not only to curtail, but to disrupt their activities. r. 


San Juan and New York should give this matter d 
studied consideration and thereafter furnish the Bureau B 
observations, suggestions and recommendations relative 
to the institution of such a program to PAOR the 
Bureau no later than 8/25/60. . l E 
< 


In considering ttis matter, you should bear | 
in mind the Bureau desires to disrupt the activities » 
oi these organizations and is not interested in mere | 
harassment. No action should be taken in this program 


without Bureau authority, at any time. 


A copy of this communication is designated OX. 
-for the Chicago Office and a copy for the Washington l 
„Field Office for information. 
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“gue 12, 1960 = 


“FR Evam 


SAC, Sen Juan (105-3353 Sub,1)- 


HE DIRE Wet e 


` - e 
Bas 


Director, FBI (105-3124) 
GROUPS SEEKING INDEPENDENCE FOR PUERTO RICO Txt 

(COUNTERINTELLIGENCE PROGRAM) `- A Pd 
SUBVERSIVE ARTA: PETION = eS c MS 


l ` In order to appráise' the caliber of leadership. 
in the Puerto Rican independence movement, particularly 
as it pertains to our efforts to disrupt their activities 
and compromise their effectiveness, we should have an | 


intinate Gctailed knowledge of the’ more influential. 


leaders as individuals. : - 4a 
(x The names of each of the leaders listed below 
i . are maintained. in the Security index. 


SAN JUAN ` EI 


informatio 
P We should, 
however, for the purposes of this po gie “delve deeply 


B 


D Your files will contain descriptive 
appropriate to our investigative reporting. 


into that part of their lives which do not snow on the 
surface; for examplc,. we must Getermmine their canubilitics 
of influencing others, capabilities of real leadership, 

why the intense desire for Puerto Rico's independence, 

what they expect to gain from independence, and- the support 
they have from other leaders and rank-andá- iile members. 

He must have information concerning their weaknesses 
morals, criminal records, spouses, children, Tonily life, 


i 
eaucational ualifications and personzl ectivitick yai can 


than indepenaence activities. Di sb 
" ue di ix pees wre 2 ze EY hoD AZ. Pul 3 P . 
= ---2-2-New York SSS 2372 Aor p s en . Cas di 


$3124 5 mt ‘ 
Beds i "afi 
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O34 «At — 219-998 bs s p 
UNITED S EL OVERNMENT , fered x 


Memorandum 


To "DIRECTOR, FBI- (100-448006) DATE: 
PROM fICAGO (157-2209) (P) 
supjecr: ` CONTER INTELLIGENCE PROGRAM 

í BLACK NATIONALIST - HATE GROUPS 


RACIAL INTELLIGENCE 
(NATION OF ISLAM) 


Reurlet, 1/7/69; Chicago letters 12/24/68 and 
1/14/69. 


ReBulet has been thoroughly studied and discussed 
by the SAC, the Supervisor, and Agents familiar with facets 
of the NOI which might indicate trends and possible future 
direction of the organization, The Bureau'8 concern is most 
understandable and Suggestions appreciated. 


Over the years considerable thought bas been given, 
and action taken with Bureau approval, relating to methods 
through which the NOI could be discredited in the eyes of 
the general black populace or through which factionalism among 
the leadersbip could be created, Serious consideration has 
also been given towards developing ways and means of changing 
NOI philosophy to one whereby the members could be developed 
into useful citizens and the organization developed into one 
emphasizing religion - the brotherhood of manking - and 
self i dpi Factional d gput g haye ] eyelone 

1 b BA 


TATT have sbl ieIy and nat onal LE, Prom out against 

the group - U.S. District Court Judge JAMES BENTON PARSONS 
being one example. The media of the press has played down 

the NOI. This appears to be a most effective tool as 
individuals such as MUHAMMAD assuredly seek: any and all 
publicity be it good or bad; however, if the press is utilized 
it would appear it should not concentrate On Such aspects 

as the alleged strength of the NOI, immoral activities of 

the leadership, misuse of funds by these officials, etc, 

It is the opinion of this office that such exposure is 
ineffective, possibly creates interest and maybé~ envy 

among the lesser educated black man causing them out of 
curiosity to attend meetings and maybe: join, and encourage 

the -opportunist to seek personal gain —- physical or 

monetary - through alignment with the group. At any rat 

it is felt Such publicity in the case of the n is A over bf: 


os PT. A rs Be E) MA 
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FBI i 
j 
" Date: 8/29/69 C ' 
l . i AN 
;nsinit the following in saa ae n 1 f 
(Type in plaintextor code} i or WEE 
D y " "n. i 2 
"E TEENS NL 
(Priority) i P^ n 
———————————— ——— —— Lp 


FRQi  : SAC, CHICAGO (157-2209) 


SUBJECT: COUNTERINIELLIGENCE PROGRAM 
BLACK NATIONALIST “=~ HATE GROUPS... 
RACIAL INTELLIGENCE 
(NATION OF ISLAM) 


Re Miami airtels to the Director (copy to 
Chicago). 8/22/69. and 8/25/69. 


TO : DIRECIOR, FBI (100-448006) n 
| yr 


71 


At. the present time, Chicago does not desire to 

"rehash some the exposes that occurred around the time 

of the. E IP. oF MALCOLM X LITILE as top level sources 
ies thereof curtailed. 


could be endangered and future activit 


! Referenced Miami airtel dated 8/25/69, reflected 
gee 4s attempting to locate statements of prominent 
ernment and police officials regarding dangers created 
.by the NOI. Again, Cnicago agrees that the constant hate 
‘teachings against the white race is most undesirable. This 
is especially true as it relates to the children of the 
membership wno are indoctrinated from birth on to hate the 


white man. 


In an effort to peep EEE proposed documentary 


current, the following observations are set forth: 


Report of üz- Ez oeldated 6/20/69, ‘pages 
49 - 53, copy available to Niami, sets forth full details 
regarding ELIJAH MUHA:HAD’'s statements concerning his 
version of law and order; sets forth data regarding a 
meeting of the minds between the NOT, and the Chicago Police 
Department; and relates details concerning plans by the 
National Society of Afro-American Policemen, New York City, 
to honor LUH/ALMAD and the NOI in June, 1969. While this 
is in no way meant to infer the NOI is a useful, integral 


e uus 
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By Norman Kempster | 
Washington Star Staf! Writer ' 


Looking gray und wan after a ae 
^onth bout with cancer, Sen. Phili 
iart spent one of his first days bac 
ən Capitol Hill listening to a catalog 
æ apparently illegal FBI activities 
a! ranged from fomenting violence 
fesuggestinm suicide. -> — — ^ 
"Over the years, we have been 
varned abóut the dangers of subver- 
ive organizations . . . organizations 
hat would incite and perpetrate vio- 
ence, pit one American group 
igainst another. I think the story you 
old us today shows there is an 
organization that does fit those de- 
criptions. It is the organization (the 
*BI) that has been most active in its 
"arnings to be on guard against such 
rganizations. - ae 
Hart's statement was the emotion- 
il peak of a hearing yesterday in 
which the committee's top two staff 
members, chief counsel Fritz 
schwarz and minority counsel Curtis 
3mothers, took the lawmakers on a 
guided tour of 20 years of FBI files 
recording efforts to disrupt and de- 
stroy organizations ranging from the 
Ku Klux Klan to the Black Panthers. 


According to Schwarz and 
Smothers, the most deter- 
mined of all of the bureau's 
domestic counterintelli- 
gence activities was aimed 
at discrediting the Rev. Dr. 
Martin Luther King Jr., 
head of the Southern Chris- 
tian Leadership Confer- 
ence, and dissipating his 
influence in the black com- 
munity. 


SMOTHERS SAID the 
files show that Hoover was 
suspicious of King from the 
moment King first began to 
achieve national promi- 
nence with the Montgom- 
ery, Ala., bus boycott in 
1956. One reason for the 
animosity, Smothers sug- 
gested, was King's criti- 
cism of Hoover. 
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By December 1963, short- 
ly after the assassination of 
former President John F. 
Kennedy, the effort to dis- 
credit King began in ear- 
nest. An FBI memo sum- 
marizing a meeting devoted 
to ways of dealing with 
King contains 21 sugges- 
lions of methods of obtain- 
in EE information. 

any of the ideas are 
hrased as questions. They 
include, ''Can colored 
agents be oi any assist- 
ance?" “What are the 
possibilities of using Mrs. 
King?'' "Are there any dis- 
gruntled employes of 
SCLC?" and ‘What are the 
possibilities of providing a 
C n female plant 
in King's office?" 

Also suggested were tele- 
phone taps and hidden 
microphones. The first of 
these was installed the next 
month. 

In all, 16 microphones 
were planted in hotel rooms 
used by King during the 
next few years. There also 
were several telephone 
taps. 


SHORTLY BEFORE 
King was to leave for 
Stockholm in 1965 to receive 
the. Nobel Peace Prize, the 
FBI sent King an anony- 
mous letter which seemed 
to be a suggestion that he 
kill himself. The letter was 
accompanied by ‘a gs 

e 


l . recording of some of t 


D 


hotel room bugs. 

"King, there is only one 
thing left for you to do,” the 
letter said. “You know what 
it is. You have just 34 days 
(the number of days before 
the Nobel ‘ceremony) in 
which to do It... . You are 
done. There is but one way 
out for you." ` 


King did not. kill himself. 
But anotber EDI dirty trick- 


may haye jndireotly con- 


uted_to SSASSInatlUn 
il oL 1968. 

The FBI files show that 
the bureau 
friendly reporter that King 
was staying in the white- 
owned Holiday Inn during 
his participation in a sani- 
tation workers strike that 
included a boycott of white- 
owned businesses. A buzeau 
memo said King should be 
called a hypocrite because 
he was not staying in the 
Lorraine, a black-owned 
and black-patripnized 
motel. 

King did checK into the 
Lorraine where lie was shot 
to death April 4 while 
Standing on a balcony. The 
FBI contends that he had 
checked into the black- 
owned motel before the re- 
ports of his stay at the-Holi- 
day Inn had surfaced. 

IN 1963, former Asst. FBI 
Director William Sullivan 
suggested to Hoover that 
the bureau nick and develon 


‘Xodkake King's place. Hooy- 
erc-Jpproved the ut 
apbarenllv. nothi r 


me oli 
Smothers said the FBI 


‘had in mind a black who 


was prominent.in a field 
other than civil rights. 
Smothers said the jndividu- 
al, whom he would rot 
name, apparently never 
knew of the plan. 

An obsession with 
communism .runs through 
the documents that were ei- 
ther released or read. ' — 

An April 24, 1964, memo 
from Hoover to the special 
agent in chargé of the New 
York office called for re- 
newed Investigation of à 


leaked to a 
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civil rights leader, whose 
name was removed before . 
the document was: made 
public: "The bureau does 
not agree with the express- 
ed belief of the New York 
office that (deleted) is not 
sympathetic to the party 
cause. While there may not 
be any evidence that (de- 
leted) is a Communist, nei- 
ther is there any substantial 
evidence that he is. anti-- 
Communist.” ` i 
AN EXCHANGE of. 
memos between Hoover 
and. Sullivan in mid-1963 
illustrates Hoover's deter- 
mination to find Communist 
influence even where it 
might not exist and spot. 
lights the problems of 
working for the often iras 
cible director. ' , ; 
Sullivan at.first said anl 
investigation had turned up 
no evidence of substantial: 
Communist penetration ofj 
the civil rights movement.; 
Hoover penned at the bot- 
tongof the memo a sarcas 
tic note that Sullivan once 
doubted Communist influ- 
ence on Fidel Castro. 
., Sullivan took the hint. He 
shortly wrote a memo not: 
ing that “the director is 
correct." " | 


“When it came to b'acks, 


the most violent pe of 
methods seemed to be ac- 


" Ceptable," Smothers said.. 


“If they were going to have 
gang fights and if they 
were going to be killing 
each other, it seemed to be 
an opportunity to promote 
it. 
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BAC, Albany August 25, 73067 


PERSONAL ATTENTION TO ALL OFFICES - 


mr m m t nnn À— 


| Director, FBI 


1 
l 1 WF, 
COUNTERINTELLIGENCE PRG jRAM A^ eu 
BLACK RHATIONALIST - - HA 'E GROUPS. e l. 
(— "CENTERNAL SECURITY ; Gi i 
U Offices A U E copies of thi letter are aerated 
to immediately establish a control file, captioned as above, and 


to assign responsibility for following and coordinating this new 
counterintelligence program to an experienced and imaginative 
. Special Agent well versed in investigations relating to black 
nationalist, hate-type organizations, The field office control 
file used under this program may be maintained in a pending 
inactive status until such time as a specific operation or 
\ : cuna id is placed under consideration for implementation, 


The popoe of this ew ee endeavor 


OF XUTSIIIEGROS 4 "Interest to this Bureau must be followed on & 
continuous: basis 80 we will be in a position to promptly take 
advantape/of all opportunities for counterintelligence and to 
inspire action in instances where circumstances warrant, ‘The 


pernicious background of such groupe, their duplicity, and devious 


C . iianeuvers must be exposed to public scrufiny whore such publicity 
S of the various | g£roups/ .- 


PA will have a neutralizing effect; Ef} 
| à YV IG- 448006 — 
Philadelphia /- ie 
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rite 5:2 = Menphis PY APO ds uu ^o dem d. | jv 
cis -2 = Newark. n A EL. i 
Fett ‘ {HED | -eg a cow d 
Gole ED - New Orleans ` TORMATION CORTAI bray 3 aie. FC : 1 «d a 
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Yatter to BAC, Albany 
RE:  COUNTERINTELLIGENCE PROGRAM - : 
BLACK KATIORALIST = HATZ GROUPB | 


| to consolidate their forces or to recruit ney or — | i | 
adherents must be frustrated, o opportunity should be missed. 
to exploit through countarintelligence techniques the É 
organizational and personal conflicts of the leaderships of the 
groups and where possible an effort should be made to capitalize 
upon existing conflicts between competing black nationalist | 
organizations, When an opportunity is apparent to disrupt or | 
neutralize black nationalist, hate-type organizations through the 
coopsration of established local news media contacts or. through: | 
such contact with sources available to the Seat of Government, 
in every instance careful attention must be given to the proposal. 
to insure the targeted group is disrupted, ridiculed; or 
discredited through the publicity and not merely publicized. 
Consideration should be given to techniques to preclude violence- 
prone or rabble-rouser leaders of hate groups from spreading their 
philospphy publicly or through various mass comuunication modia. 


Kany individuals currently active in black nationalist 
organizations have backgrounds of immorality, subversiva activity, 
and criminal records, Through your investigation of key agitators, 
you should endeavor to establish their unsavory backgrounds, 

Ba alert to determine evidence of misappropriation of funds or 
other types of personal misconduct on the part of militant 
nationalist leaders so any practical or warranted counter=. 
-Antelligence ray be instituted. | 


Yntensified attention under this program showta ba | | 
afforded to the activities of such groups as the Student 
Nonviolent Coordinating Conmittes, the Southern Christian 
Leadership Conference, Revolutionary Action Movement, the 
Deacons for Defense and Justice, Congress of Racial Equality, 
and the Nation of Islam. Particular emphasis should be given to 
extremists who direct the activities and policies of 
reyolutionary.or militant groups such as Stokely’ Carmichrel, 

H, "Bap" Brown, peed se Bohammad, and Haxwell Btanford. 


At this time the Bureau 1s aetting up no requirement 
for status letters to be periodically submitted under this : | 
program, It will be incumbent upon you to insure the program - 
is being afforded necessary and continuing attention and that 
no opportunities will be overlooked for bc cS Md 
action, . 


This program should not be confused with the program 
jontitied "Communist Party, USA, Counterintelligence- Program, | 
Internal Security = C,” (Bufilo 100-3-104), which is directed - 


pur ain 


wn. 
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- pga inst the Communist Party and related organizations,or ths 


prograz entitled "Counterintelligence Program, Internal Security, 
Oisruption-of: Hate Groupa,” (Bufile.257-9), which is directed 
ageinst Elan and hate-type groups prinarily consisting of white 


All Special Agent personnel responsible for the 
investigation of black nationalist, hate-type organizations and 
their semberghiys should bs alerted to our counterintelligence 
Antereet and cach investigative Agent has a responsibility to 
call toithe attention of the counteríntelligence coordinator 
guggestionz and possibilities for inplemsnting the program. 


You are eine cautioned that the nature of a n 


new endeavor 


L Ho counters pte gence action under this. |'orogram may 


without specific pr prior Bureau 


are urged to take an onthusiastic and ánaginative 


approach to this new counterintelligence endeavor and the Bureau 
will be pleased to entertain any suggestions or techniques you 


DAILY DEFENDER IUIUS 


FBI and once ordered -a tap. on King’s 


But ne said he learned later the FBI put 


14 
Fatter to BAC, Albany 
R23: COUNTRERINTELLIGENCE PROGRAM 
BLACK NATIONALIST - HATZ GROUPS 
nembarBhips, 
be initiate the 
authoriza 
You 
may recommend, 
BY DANIEL E. GILMORE 
home phone ended. 
WASHINGTON (UPI)—Former Attor- electronic “bugs” 


ney Gen. Nicholas Katzenbach testified 
Wednesday that J. Edgar Hoover risked 
the reputation of the FBI—‘his life's 
work—in a vendetta against Dr. Martin 
Luther King, Jr. . 

Katzenbach told the Senate Intelligence 
committee that when he was Attorney 
General during 1965-66, he knew of 
telephone wiretaps against King by the 
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in King’s hotel room 
without authorization and- used other, 

“unlawful and grossly improper” tactics 

against King. 

When questioned about three memos to 
him written by Hoover in 1965, giving what ` 
Katzenbach called *‘after-the-fact” 
notification of bugs in King’s hotel room, 
he said the memos contained initials “that 
appear to be mine”- 


Also testifying was Ramsey 
Clark who gave no specifics about 


what he may have known. when’ 


he was Attorney General in 1967- 
69, but said the FBI was trying 


“to destroy the desperately 
needed moral leadership of Mar- 
tin Luther King." 


“His vendetta against Dr. King, 
if successful, could have led to a 
civil strife of frightening 
magnitude.” 


i 
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DIMECTOR, FBI (100-3-104-34) 
` ^ ics ` = - `. 
SAC, CHICAGO 100- -s2864) ceu 


. COMUNIST (P nn PARTY, USA a AM 
COUINTERINTELLIGENCE PROGRAM =) puc 
INTERWAL SECURITY - C D cA A a Ge 
(MARTIN LUTHER KING) 24.3 


-ReBulet 5/18/67 and NYlet to Bubesgu | 5/25/67. 


> b It is agreed that the bounudisteurtot S (CP). h 
interest in a peace ticket headed by MARTIN LUTHER KING and 
BENJAMIN SPOCK offers the appearance of a counterintelligence 
oo eae aie The reference to this matter in Burreau letter 
datea 3/13/67 odviousiy relates to the 


Presidential elections 
of sini dg 1968. i = 


E A reporter or columnist of national stature, 
jropériy briefed, could write an excellent account of the 
KXNG-SPOCK ticket. It is the sort of article or series 
Foe ob i a first rate reporter with first rate sources, 


it is ‘ees that the Bureau consider our 
comments as reflected above. Consider also a top columnist 
or reporter who might be interested in the KING-SPOCK K story. 
-It is emphasized that this person should be respected for his 


balance and fair-mindedness. An article or series by an 


established conservative would not adequately serve our 


purposes. In zn nrea the Miresu 
T n TE ME RS EUR 


might desire to consider 


Pipe oe 


: E Me ren cru A former confidant 

oi BECOME CN CONES RS he bas cxce@ss¢nt sources tkhroughopt 
the governconuv uua is not too ciorto to fon tetra at ares 955 =L 
tion to be branded 2s a nron2"2nóist. [~~ 3 
Peer eee eee M T e cane ania = à eae 


RAM UE aa i See eee 
the CHarge Thal ne iS atrenvczany to aisercuit these men. 


Left standing would be the realization Sig MN 
ins Sources and came up with : 


fe tea OE 


T would not be about TO Givul;; 2 


: the AeRCALY va 
his Sources. Thus the Bureau would stand Ustedes. 


. It is not known wbether the Bureau has information 
which would make\ 2.3564 selection undesirable. If ris 
selection is not ieasipie, there are others in the L7z-. - 


field who could serve as well. Put it is clear that tans” 


Dy sand should not be a 
"hawk" or "dove" 


yt C VLC KD ERI E ie SD s a IS 
2I ARES RG am a: ES 
Sot dos iOr eivuer THOSE or uno 
persuasion. 


since the contact with 


Cp Eis 


Awould be made in 
being made at this 


time. 


Page 603 of 3957 


Page 604 of 3957 


By Sean Toolan cT isol 


COPIES OF FBI documenís released 
Sunday indicate that the Chicago FBI 
office planned to manipulate a: National 
Association for the Advancement of Col- 
ored People [NAACP] election in Chica- 
go in 1959. 

The documents, presented at a press 
conference at the Bismarck Hotel by 
Richard Gutman, a lawyer representing 
the Alliance to End Repression in a suit 
against the Chicago Police Department, 
also indicate that the Federal Bureau of 
Investigation office in Chicago suggested 
methods for sabotaging a planned 1968 
Martin Luther King-Benjamin Spock 
campalgn for President. 


rr 6 ee ee Jha A 
Gutman obtained the dacuments under 


the Freedom of Information Act, which 
gives the public access to previously 
secret government documents. The 
group has obtained previous FBI docu- 
ments for use in the suit, which seeks to 
ihalt government spying on such groups. 
The documents describe how the Chi- 
cago FBI office; through an infiltrator, 
learned that the NAACP's so-called “left 
caucus" planned to run a slate of candi- 
* dates for delegates to the NAACP na- 
tional convention. 


THE FBI SENT an anonymous letter 


and made 2n anonymous phone cal to 


Theodore A. Jones, then “president of 
Chicago NAACP, telling him that “two 
Communists” were on the slate, accord- 
ing to the documents. 

. The FBI went on to report that Jones 
kept the location of the delegate elec- 
tions secret, and that Jones ‘‘packed the 


SAC, Chicago 


mio semri ae 


To: . 


From: 


meeting with members of the United 
Stee] Workers Union whom Jones had 
enfranchised for the meeting.” 


THE FBI HERE concluded in its re 
port that “Chicago feels it has played a 
definite part in the defeat of a ‘left cau- 
cus,’ an attempt by the CP [Communist 
Party] to infiltrate a ‘right led’ organi- 
zation.” 

J. Edgar Hoover, then the director of 
the FBI, later recommended a commen- 


dation for the agent who “suggested the: 


anonymous letter,” according to the 
documents. . 

Timuel D, Black, a professor of soclal 
science at Loop College, said Sunday he 
was a member of the so-called “left 
caucus" at the time and a candidate for 
the board of directors of the Chicago 
NAACP chapter. 

"I was very shocked and a bit en- 
raged to learn that the taxpayer-sup- 
ported FBI had been interfering with 
the democratic process they were sup- 
posed to protect.” 


HE SAID HE knew something unusual: 


was happening in the local NAACP 
when its members weren't even able to 
find out when and where meetings were 
being held. 

“And when we found out about the 
meetings and went to them,” Black 
said, “they were held in a high-handed, 
dictatorial manrer. The decisions were 
arbitrary. We were cut off and cut out." 

Black said members of the *'left cau- 
cus" thought it was Chicago's Demo- 
cratic machine that was interfering with 
their organization. 

In 1967, according to the documents, 


(100-32864) 


Director, FBI (100-3-104) 


the FBI here suggested à campalgn to 
sabotage the King-Spock presidential 
campaign by recommending the name 
of a newspaper columnist to write an 
article attacking the campaign as 
“Communist-backed.” Spock ran for 
president and King for vice president on 
the ticket. 


THE DOCUMENTS released Sunday 
also indicate that the FBI here planned. 
to “discredit Students for a Democratic 
Society [a radical group] in the eyes of: 
the Negro community. And by appropri- 
ate sources organize an anti-SDS demon- 
stration by a group of Negroes accusing 
the SDS of being white-oriented.” 

Other documents indicate the FBI 
tried to remove Herbert Mohammad as 
a possible successor to .his father as 
head of the Nation of Islam, by going 
through his tax returns for possible ir- 
regularities. 

Gutman charged that the files are 
“proof of the Chicago FBI’s massive 
organized campaign of disrupting the 
exercise of First Amendment rights, of 
promoting enmity between groups, of 
disseminating üerogatory information, 
and of manipulating the mass media.” 


THE ALLIANCE to End Repression 
and 32 other groups have presented the 
FBI files as evidence for a suit filed in. 
November, 1974, which seeke a court 
declaration that ‘the government spying: 
be halted permanently. 

Asked if he thought FBI spying was 
still going on, Gutman said: “It was 
supposed to have ended in 1970, but 
many cases we have show it continued 
after then.” 


The Bureau was pleased to note that the "left 
caucus" was badly defeated in its efforts to elect.nine 
candidates as delegates to the 1959 convention of the 
National Association for the Advancement of Colored People 
(NAACP) at the ad branch mee ELIE of the NAACP in Chicago 


on 5- 22- dn 


à It is suggested that if you have not already done 
so, you may desire to submit your recommendations for commen- 
dation of the Agent who suggested the technique of the 
anonymous letter to Theodore A. Jones, president of the 
Chicago branch of the NAACP, which apparently played a major 
role in alerting Jones to the danger. the Communist Party 
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3/4/68 


—- Hr. C. D. DeLoach 
— Mr. W. C. Sullivan 


Ped fod ed bet pet 


SAC, Albany 


REC Ig - P 


Fron: Director, FBI (100-443006) 


COUNTERINTELLIGENCE PRCGRAM 
BLACK NATIONALIST-HATE GROUPS 
PACIAL INTELLIGENCE 


. Title íÍs'chanred to substitute Ractol Intelligence 
for Internat Security for Bureau routing purposes. 


PERSONAL ATTENTION FOR ALL THE FOLLOWING SACs 


te tr et tne a es netting” ght thin en tinea etn ee 


2-h ta 2 ~ Minneapolis 
, = PGA GE imore 2 = Mobile 
2 - Birmingham 2 - Newark 
2 ~ Boston 2 ~ Now Haven 
(NÉ 2 = Buffalo 2 - New Orleans 
23 2 sm 2 —- New York 
- cago 2 — Omahn 
2 — Cincinnati 2—~ Philadelphia 
2 = Cleveland 2 ~= Phocnix 
2 — Denver 2 ~ Pittsburgh 
2 - Detroit 2 - Portland a 
RN 2 —- Houston 2 ~ Richmond 
ti 2 — Indianopolis 2 ~ Sacramento 
+ 2 — Jackson 2 = Ban Diego e 
2 — Jacksonville 2 ~ San Francisco ; ay) 
2 - Kansas City 2 = Senttie toU 
2 ~ Los Angeles 2- Springfield ,, . 
2 — Henphis 2 - Bt, Louis ` b ES 
2 — Minami 2 - Tampa 
"— 2 — Milwaukee ‘2 — WFO . 
ees Minden me 
anes JD:rmm (88 Lp TNECEAAT ON GODTA t 
zhon E : pun E ipd 1$ VE oPASSTELED,”’ : " 
Mv ap: H pA - a lEXCE?T Te RE SHOWN 
es Jae Yia OTHERWISE SEE NOTE PAGE SIX 
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Airtel to SAC, Albany 
RE:  COUNTERINTELLIGENCE FROGRAM 
SLACK NATIORALIST-HUATE GROUPS 


I4 
E 
k Bacxorou 
Sa 


By letter dated 8/25/61 tho following offices 
sere ndvised of the beginning of s Counterintelligence 
Poets DUERME militant Black Hatsonalint-Hate Groups 


e ` 


. Albany Neaphis 
Atlanta P - Newark 

: Baltimore — . |New Orleans: 
Boston : : Aeg York. : 

. Buffalo QU Philadelphia 
Charlotte -` . Dhoonix .' > 
Chicago . - : Pittsburgh 

-Cincinnati - "EI Rickaond | 
Cleveland | | Bt. Louis 
Detroit ec - Bsn:7rancisco 
Jackson -- Washirgton Field | 
Los Angeles E ELEM" 

P ‘Each of the above offices vast to. designate ac 


Special Agent to coordinate this progranm, ‘Replies to this 
letter indicated an intorest in counterintellígence against, 
militant black nationalist groups that foment violence and. 
seyeral offices outlined proceduteg which had been affective: 
.in the past.. Por example, Washington Field O?fice had: : 
furnished infornation about a new Nation of Isilon (NOY 

grade school to appropriate suthorities ín the District 

of Colunbia who investigated to determine if the &8chool 
conformed to District regulations -for private schools. In. 
the process WFO obtainod background S i on the parents: 


of each pupil. 


The Revolutionary’ ‘Aetion ‘Movement (RAW), a pro= 
Chinese ‘conmunist group, was active in Philadelphia, Pa., . 

in tho sumer of 1967. The Philadelphia Office alerted ~ 

local police; who then put RAM leadors under close scrutiny. 

They were arrested on evory. possible charge until they could ; 
Ho longer make bail. Ag a result, ‘RAH lenders speat,:imost eI the. 
ayaner in jail and no violence traceable, to NAN took place... 


— . 


M vu The Counterinteliigence — ia noy being. 
f xpanded to include 41 offices. Each of the offices added t 
oo progran ghould odis da an: Agent. fanilinr with bil ck 


Am 


am 2 æ 
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Airtel tosic, Albany ' ; 
^ RE? COUNTER INTELLIGENCE PROGRAM . 
- BLACK NATIONALIST-HATE GROUPS .. 


ationalist activity, and Ínterested in counterintelligencs 
‘Oo coordinnte this program. ‘This Agent w1Jl1.be responsibip 
Ate the periodic progress letters being requested, but ench `- 
gent working this type of case should: participate in the - sei 

formulation of counter inte lagena, operations, - ZEE 
a "PEE NE UL we 
A Y - il For maximun "etfeotiveness of tho Counterintelligence: 
. Program, and to ere wasted effort, ‘long-range goals are 


. noe set. , 


: Us 1, ` Prevent. the ooalition of militant black 
 nationnlist groups, In unity there is strength; a truism 

» that is no less vnlid for,nll its triteness. An offective 
coalition of black nationalist groups nght be the first 
[Biep toward a reni “Mau Hau" ' in Áxeríon, the beginning of 
“a true brace cn a d 


p BIB . Prevent the rise of a "nossiah" who could: 
taindify, nnd olectrify,. the militant black nationalist’ moverent. 
Malcolm X might havo been such a “hessinh;" he is the martyr . 
of tbc movement today. Martin Luther King, Stokely Carmichael 
and Elijah Muhamacd all aspire to this position. Elijah A 
Mubanmmed is less of n threat because of his age. -King could’ 
be a very real contender for this position should he abandon 
-his supposed "obedience" to “white, liberal doctrines" «=. . 

(nonviolence) and embrace black nationalisn.. Carmichasl -= 
has the DOGOGBHBEN charisma to be a real. Crede in this way. - 
: 3. ' Prevent violence on ‘the ‘part of black ER 
; aie oan ise groups. ‘his is of primary importance, -and is, 
- Of course, a goal of our investigntive activity; it should 
also be n "goal of the Counterintollizonce Frogram. Through - 
. counterintelligenco 4t should be’ possible to pinpoint. potential 
.£roublemnkers and neuralizo them before thoy exercise their 
JRORPHELSE for violence, 


j - 4, Prevent militant black notioniligt: groups pud 
' leaders fron gaining respoctpnbillity, by discrediting them 
to threo separate segnents of tho coununity. ibo goal of 
‘ASecrediting black nationnlistsmust be handled tactically 
n three ways. You nust discredit these groups nnd 
ndividunls to, first, the responsible Negro community. 
econd, they must be discredited to the white connunity, 


na 


Page 607 of 3957 


Page 608 of 3957 


20 


Airtel to SAC, Albany 
. BE: COUNTERINTELLIGENCE PROGRAM 
BLACK aas E HATE GROUPS. - 


pm., = fo Pek oh ERR Aa 


S2 


, both ‘the ewer cene p to "Mberals" who have 
jvestiges of sympathy for militant black nationalist simply 
Abecause they are Negroes. Third, these groups must be- | l 

iscredited in:the eygs of Negro radicals, the follovers “~*~. 

-of the movement.. This last area requires’ entirely different - 
tactics from the first tvo. ,Publicity about violent tendencies 


' and radical statements merely enbances black nationalists ~ za 
to tbe aru po at eae 2 5 ae ina different f. 
i4. T ^ - S RE . dc at ECS © Pat B : 2% ‘a ae » ui PM f 7 


"LE A final eon! should "bs E "m the "Jongs 
.xange growth of militant black nationnlist organizations,^: 
especially among youth, Specific tactics to prevent these : 
groups fron A S young people must be geyolopod; m 


. ' Besides "linca fiva goals 'Gbhnterintelifbenco is 
“a valuable part of our regular: Investigative program, 2B ito 
ozten peeduces positive informntion, m. : a 
TARGETS , A DEN 2 adr FON "M eo 
. Primary targets of the Counterintelligonce Program, 
Black Nationalist-Hnate Groups, should be the most violent ~ 
and radical groups and their leaders, - So should emphasize ^" 
those leaders nnd organizations that are natiomnmzide in Scope 
and are.most capable of disrupting this country.. Theses 
targets should include the radical and violence e-prone . 

Jeandara pombe rs | and followers of the: f ] ET , . a : 


AV UME, do RM A EA 
ue 


. Student Nonviolent Cor aati Conüittes (éNcc), 
- - . Southern Christian Lendership Conference SEL) ¢ 
Revolutionary Action Hovenent (HAM). . 
e, Nation of Islam (ROI) " 5. . 
( v ^ Offices handling 4hese cases and those of Stokely: 
Carmichael of SNCC, H, Bap Brown of SNCC, Martin Luther King 
of SCLC, Maxuell Stanford of RAH, and Elijah Muhammed of . - 
NOI, should be. erii for Kad der aged Suggestioni, NES 


INSTRUCTIONS iti rt "amr Pc M 7 Pu es ee 
ea adis oe ee . T 


mit thin 30 vaya of p date of this detter ean omga 


hould; . = a E x: 
[^ RE ja " advise tho Bureau of the identity of the p i 
4 gent sesigned | to coordinato thig progran, i 2 c Cer 


gge : io 
Rus 
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Airtel to sic, Albany a" £c 
"COUNTERINTELLIGENCE PROGRAM , "uic 
BI ACK: NATIONALIST-HATE GROUPE. PE po n 


>r, wow v t, 2 3° - utc E . K 
"ues m RE è v, - ge DE "SS LM ^. a 2 te n4 7 e "I UR 2 
d . PLI 


Er * The Diikstiycasna of counterintelligence depends | 
"on the pans nnd quantity of positive information i 

E "available regarding the target and on the. imagination and . 
initiative of Agents working the program. The response of- 
"the field to the Counterintelligence. Program against the : 
"Communist Party, USA,’ indicates. that a superb job. can per 


E E A the field on cag ies quac Sta fee. E qd 


- 


- 


di Coünterintelligence operations must be 'aónroved ye 
by the Bureau, Because of the nature of this program each' 
operation must be designed to protect'tbe Bureau'g interest 


- 80 that there is no possibility of embarrassment to the 
Bureau. Beyond this the.Bureau ‘will give a possible 
. sonst decatton to rene proposala. CSS Tu Eg s Pd 
aues "uM ut 9 . ° SE fiet. as XE D i 
; NOTE: ’ i 07 


.. Bee memorandun G., c. Hoore to Mr. W. C. Sullivan | 
Captioned £ as above dated iid eae by Tape rnm. Ls 


- 
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"  - ROUTE IN ENVELÉPE 


BAC, Chicazo 


Diroctor, FBI (300-448006) l PERSONAL- 


COUNTENINTELLIGINCE PROGRAM e 
BLACK NATIONALICT, = NATE POUR 
RACIAL INTSLLIGIZICB ra 
(BICHARD CLANTON omncont) | 


Nelulet 4/23/88. 


| - Chicago airtel and LEN dst od 8/2/68 bud oet dale 
"Richard Claxton Gregory" concern a speech by dii. org en 
4/29/68 whore he noted thot “Syndicate boots fare livir 
211 over. They are the filthiest gnakeg that PLAT. on this 
earth,” Hoferenced Bulet instrüctoU you to develop covnter- 
intelligenza action a AERE milit»nt black national Ige 


Dick "Wesory. 


Consicer tbe umo of this atatenent in devoloping 
a counterintelligence operation to alert Le Cose Nostra (LEN) 
to Gregory’s atteck on ICU. It is noted thet other speeches 
by Gregory also contain sttacks on the LCN. No counter inteltigence 
nection should bc taken without Dureru authority. 


TJD: pag/nrm 

(Sy a nat? 
NOTE: 
Toletypo from Jew Orleans to Director, 7480/83, 
captioned "Richard Claxton Gregory" reported rpeech by Gregory 
referring to the Director and FBI Agents in derggatory terms. 
The Director noted, on the informative" note of i't- teletype 
which said we would recommend counterintolligense actlon 
against Gregory when indicated, “Right.” 


te 
i EE T RE. > jn 
i m a t E ift 
: i a el H3 : . nC £ 
tAd 51g ] LE 1 RAN Ie 
/ { . 
/ 


3s MAY 15 DX 


Page 6llof 3957 


PE Phd ES 
E: 0 EXHIBIT. 


_sunjecr: LL COUNTERINTELLIGENCE-j a Rd r l 


empese BLACK ‘NATIONALIST, ERAT 
| RACTAL INTELLIGÉS AS 


: Se information of^ recipient ‘offices a seric 
. © Gaelic is taking place between the Black Panther Party (ŁPF 
EM and the US organization. The struggle has reached such proportii 
que it is taking on the aura of gang warfare with attendant |... 


.threats of murder and reprisals, I S uid lade 


X coat order to fully capitalize upon BPP and US 
difference Marr rie ees RIT of creating 


Consenetng Decenbep 2, prr and every two-week perice 
thereafter, each office is instructed to submit a letter uncer 
this caption containiag counterintelligence measures aimed 
against the BPP. The bi-weekly letter should also contain 


"accomplishments obtained during the Reip tt o-week period wher 


Pel program. 


--- All counterinediiigence actions must be approved 
Ot. the. Bureau puer. to taking pepe to implement them. 


j -- PES : . . npe eo. eye SA EURO o, tS 
Ls I E s E POM i PT 
- Chicago de ARE EN M oa 
oe A 
è wm - 
Sao E WM ur E ee 


dio U.S. ni Boinds R Regularly en the P "prol Savings Plen 
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2h 
= E tls, ty LE 1969 
2 i CA San Francisco a57- 601) . x 


 Ffrom:. ^ Director, FBI (200- 448006) - 


C OUNTERINTELLIGHICE PROGRAM ©" 
BLACK NATIONALIST - HATE GROUPS ` 
RACIAL INTELLIGENCE e ee 
BLACK PANTHER PARTY D pec AA 


BUDED: brisa f SEE : 
- e “ReSFairtel ‘5/18/69. £A ae ME i 


d A review has been made | o£ Taaa ani which ^ EE 
contains your thoughts on the Counterintelligence Program (CIP). 
Your reasoning is not in line with poren Me ibas as to our Pé 
[ PESQOnsiPEEUEEes 1 Under the CIP, ^ 0 0.5... "m a eo 


J Ki y "D 
^M 3“, 


E state that vhile the Departament of Justice con- . E m 


Ailanta E ci 


1 
i 
i 
E! 
pi 
i 
1 
i 
X 


pa 
Ü 


oe -New York i MAY 
uiae dia = Seattle [| 


26 1969 j} 


tha C —— 
Verve uM t - 
eileen mm ae 


ae = nas 


Re -AvA Ar TUR Ne os eee S 


Wee ee aaa 


Page 622 of 3957 


Page 613 of 3957 


A to SAC, San Francisco.  .. . +, . a 25 


BLACK PANTHER PARIY - "d f 7 E : es Ms n > 72 : = v Son 


- . “æ 


overthroy the Government by revolutionary means, "There . seens ` 
to be little likelihood of this," All information developed a 
to date leads to the obvious conclusion that this group is 477- 
dedicated to the principle of violent overthraw_and will go. LN 
to pe ERBEN to further this aim, IM E RS ON ci 


- You point out that the activities of the BPP have ME 
 résched the black and white communities as evidenced by their E $e 
weekly newspaper which has reached a circulation of 45,000, :—- 
You have previously been instructed to review your files GER ee 

concerning this newspaper to determine whether we could disrupt A 
the mailings of the publication. Your answer stated that you - 

were not in a position to do this. You must immediately take - 
positive steps to insure that we will be in a position to ^" 
accomplish CIP objectives including the disruption of the mailing 
of their publications, You must develop adequate informant  - 
coverage to insure that we are in a position to accomplish all 
of our objectíves, which include steps to counteract the bud 
a bet ee iene ee der 


D You state that local and national newspapers contine 

-to publicise information concerning the BPP. This fact automaticall 
lends itself toward mass media disseminations to capitalize on this 
eagerness and to isolate the organization from the majority of - 
Americans, both black and white. The dissemination of mass media 
information to selected and trusted newspapermen, pointing eut the 
violent and dangerous nature of a group, has contributed - 
measurably to the decline of the Ku Klux Kian in the United : States 
Newspapers will print derogatory information much easier than - 
they will print commendatory information, especially if the e 
organization is by its nature violence-prone. For your reece, 
the San Diego Office has waged an effective CIP against the PrE: 
which has measurably resulted in oad achive and. Ee 
cone iccrarre saat tlen bod 


Wee Ce qEmESRS ou, Br uei Ses esae ue pi a ee eee ed 
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Airtel to SAC, San Francisco 

RE: COUNTERINTELLIGENCE PROGRAM, 
BLACK PANTHER PARTY 26 

100-445008 ; : 


> - 


m— 


: It is noted that BPP leader Bobby Seale speaks im -- 
schools and universities and receives fees ef up to $1, 000. 
This raises counterintelligence opportunities, among which 
are anonymous disseminations of derogatory information to _ 


universities and misuse of funds receives, aes 


mes As 4t concerns the BPP, you point out that results B 

- achieved by utilizing counterintelligence ideas such as .... 

` publicizing the evils of violence, the lack of morals, the 
widespread use of narcotics and anonymous mailings, have not | 
been outstanding. This is because a typical black supporter | 
of the BPP is not disturbed by allegations which would upset — 
a white community. You must recognize that one of our primary. 
aims ín counterintelligence as it concerns the BPP is to keep - 
this group isolated from the moderate black and white community 
which may support it. This is most emphatically pointed out -- 
ín their Breakfast for Children Program, where they are actively 
soliciting and receiving support from uninformed whites and . . 
moderate blacks, In addition, we have received information =~ 
from San Francisco and other offices indicating that BPP > = 
officials are extremely suspicious of each other as to monies . 
received, This also is a fertile ground for CIP and should be . 
explored. M o- 

ReSFairtel states that nation-wide mailings to BPP ©. 

chapter offices would automatically indicate that the FBI was 
the source, Mailings originating from Oakland, California,  - 
would logically be attributed to someone either at national .':- 
headquarters of the BPP or a dissident who has recently iin dd: 


and had access to the records, op FR Se Ue Di eR EPR 


—— You state that the Bureau under the CIP should ‘pot r> 
attack programs of community interest such as the BPP "Breakfast 
for Children.” „Tou state that this is because many prominent . 
"humanitarians," both white and black, are interested ín the 
dici as well as churches which are RT a a it..- 


P b ie LA 
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Airtel to SAC, San Francisco D pc. 

RE: COUNTERINTELLIGENCE PROGRAM, . 

... BLACK PANTHER PARTY © cog n e 

100- Ma nds Sq PEN 2. Sli pro ME "M 


27 


_ a ros : -—-£45- 


. — -- Rees: acm Vus tm 


You i have obvícusiy missed the point, The BPP ie not engage 
in the "Breakfast zor Children" program for humanitarian .i: 
reasons, This program vas formed by the BPP for obvious == 
reasons, including their efforts to create an {mage of civility © 

assume community control of Negroes, end to fill adolescent i... 
children with their insidious poíson. An example of this is e 
set forth in the May 11, 1969, issue of “The Black Pmther.™ 


~ 


Page seven contains an article captioned "Black Panther =~ °*. . 

" Revolutionary Wedding." The article points out that two embers a 
of the Panthers were married at a church in Oakland, California, = 
which is participating ín the Breakfast Program. The crowd . staat 
consisted mostly of Panther members and children from the - 
Breakfast Program. Instead of a Bible, Bobby Seale used tha E 
"Red Book Quotations from Chàírman Hao Tse-tung" to perform -^ 
the marriage. After the Corte the ehrtoren Bang "We Went ^ 
a Pork Chop OFf the Pig" og oa ses ao ouiho mn ahan Pa s ac 


n 


- The CIP in the San Francisco office must be : re-" ee 
evaluated. During the reevaluation, give thorough oer x 

to the adequacy of the personnel assigned. Insure that you are ` 
utilizing the best personnel available in this ‘program.’ Advise us 
the Bureau of the results of your reevaluation by June 925 id 
- Referenced airtel mentions several specific CIP Í s 
proposals now pending. Instructions will be furnished ao nt - 
offices by gira p HE D. tite co chee E 


E ODE ns NE ny eg ram i - 
9e no ste Mot Sey ae ergs UTE 


NOTE: . San Francisco has furnished | en evaluation of the CIP Es 
in that office as ituaffects the BPP, That office is hot: incline 
with Bureau objectives in the use of counterintelligence, We are 
calling attention to their derelictions and point out various .- 
situations where they should have proposed counterintelligenos,. 
We are caliing for a reevaluation of the whole thinking behind : D 
Md uM EE dd: in the San A dra. Nou Hd 


Page 615 of 3957 


Page 616 of 3957 


28 l 
To: DIRECTOR FBI (100-448006) From: SAC, Jackson (100-980) (P) 12/2/70 


II. OPERATIONS BEING EFFECTED III. TANGIBIE RESULTS 
l Since March, 1968, the Republic of Hew Africa (RNA) 
uas been attempting to start a sepacate black nation in five 
southern states, starting with } Mississippi. In. this regard, 
the RNA has been trying to buy and lease Land in Mississippi. 
in the Jackson Division on several past eccasions, (Counter= 
intelligence measures nas been able to abort all RNA efforts to 
obtain land in isst Appts ) i 
In lete July, 1970, RICHARD HENRY, aka Brother Imari, 
12ader of the RNA, case to Jackson, Mississippi, acccmpanied 
by many out-of-state supporters to hold a national RIA meeting 
"oa the lend of the pation in Mississippi". This conference was 
disruptive and ftuerfective due to Jacksca Division, Bureau- 
epproved counterintelligence measures. 
In mid-September, 1970, Brother MARL: a os a few close 
was for sale in 


tes af hT namna Fana Tangle at land which was fto 


-sanrta 
OL LL fate 4G Loox 


woe GOCLa 
zural Hinds County, Mississippi, near Jackson; this uar was 
ewned by a Negro male who was retiring and owned over 560 acres, 
Jickaon informants advised Bureau Agents of developments regarding 
this land and the fact that the cwner of the Jand, (2 S NERA NM. X 
N/M, had advised Brother THARI he will lease or sell him ten 
to twenty acres, RNA leaders, including Brother IMARIÍ, vere 
delighted over this land purchase or leasing prospect, Jackson 
informants were directed by contacting Agents to approach (£7 73 
privately and indicate to him that his selling land to Brother 
AAAI rings n/o/7n 


IMARIÍ X t. nda asters 11 
RI would not be a wise ENnucavore aGGiciOonariry, On 10j SL d£, 


C ;- 7 was interviewed by Bureau Agents and edvised of the true 
“ature and violence potential of the RNA and its pagers. The-. 
[Be lasted 14 hours; following the interview, fL. 
indicated he would reconsider whether he would sell or Tease ix 


any EC C tne R RNA; on moe Bureau Agents’ interviewe 
S aes ; : set who sas assisting ‘the *- 


: DAL 

RNA in their rper Aa Ld regarding the. 

land, The true nature and violence ope ential of the RNA 
and its leaders was ane 
As a result of = above Cpontccinketi enu . 
efforts, the land which the “RNA | rad almost finalized plans 

regarding purchasing or lezsing tn rural Hinds County, 
Miss., has not been sold or leased to them, Jackson has. 


maintuined contact with’, © oF and he has advised he has 
no plans to lease or sell any land to the RNA in the imnediate 


i future, There have been no recent visits by tcp officials. 
'" of the RNA to Mississippi regarding the land, it being noted 
they made several visits in September, 1970, «hen their 
prospects for the land purchase or leasing was good, 

As a xcsult of the above, intensive efforts 


Page SIPE to obtzin land in Mis siastppt ever the past 


LaL 


-~WASHINGTON (AP) — The 
late FBI Director J. Edgar 
Hoover approved a plan to dis- 
credit a Midwest black mili- 
tant leader with - anonymous 
letters accusing him of adul- 
'tery and of being a bureau in- 
formant, according to .FBI 
documents.. 


The documents, made avail- 
able by the Senate intelligence 
committee, show that the bu- 
reau's campaign against the 
Rev. Charles E. Koen lasted 
from 1968 to 1971 and was ap- 
proved at each step of the way 
by Hoover. However,- it. was 
unclear whether the letters 
were ever actually sent to Mr. 
Koen,: who a committee 
spokeswoman said is a min- 
Aster in Cairo, IN. 

According to the FBI docu- 
ments, the campaign against 
Mr. Koen began in November, 
1968, with a proposal by St. 
Louis FBI officials to send him 
an anonymous letter criticizing 
him for referring to the pos« 


viglenre in his 
VIDence in 


sible use of 


NIIS 


public speeches. 


St.Louis 
Post-Dispatch 
Holis 


"more. office 


aire 


chieege Daily News 
M3/75 


THE LETTER would pur- 
portto be from members of 
Students for , a - Democratic 
Society in St. Louis. and 
"would have an adverse ef- 
fect on the consolidatory ef- 
forts of the SDS and the Black 
Liberators," according to the 
propusa! approved by Hoover. 

Two months later, Hoover 
authorized - the FBI's Balti- 
to send än 
anonymous Tetter to the: No. 2 
man in the Black Liberator 
.movement informing him. that 
Mr. Koen was working for 
either the CIA or FBI. The let- 
ter, signed “A Soul Brother," 


said Mr. Koen “was in Balti“ 


more Jast week and spent most 
of his time in the Justice 
Building. Don't know whether 
that cat was talking to CIA-or 
FBI. " 


. The FBI documents p in- 
clude a 1969 memo from the 


head of the FBI's St. Louis of- . 


fice who claims the campaign. 


forced Mr. Koen's resignation 


as head of the Black Liber- 
ators, a black militant group. _ 
IN FEBRUARY, 1969, after 


Mr. Koen had resigned as head 
of the Black Liberators, the 


“FBI chief in St. Louls proposed 
mailing an anonymous letter 


designed “to alienate (Koen) 
from his wife and cause suspi- 
cion among the Black Liber- 
ators that they..have a dan- 
gerous troublemaker in their 
midst,” an FBI document said. 


The anonymous letter would 
be sent to Mrs. Koen telling 
her that her: husband has 
“been making it here with Sis- 
ter Marva Bass and Sister 
Tony and then he gives us this 


jive "bout their (sic) better in- 


bed then (sic) you.” 


It was to. be followed i 
sending a copy of the 


anonymous letter to Mr. Koen 
with the note “I understand 


she recently received this let- 
ter... I suggest you look 
into this matter." : 


IN A MEMO authorizing the 
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operation, Hoover directed the 
.agents to “use commercially 
purchased stationery and take 
‘the other precautions ere ect o- 
insure this cannot pe traced tà 
i this bureau.” — 
The next and thal step m 
: the FE campaign against Mr. 
‘Koen came in February. 1871, 
;when Hoover approved a pro 
: posal for circulating a cartoon 
sketch ef Mr. Kon that 
“sould emphasize the cost of 
Mr. Koer.’s attire and uwmire 
as to the source of his finds.” 
At that time. ‘Mr. Keen was - 
head of the Uniled Front. in’ 
Cairo, which, according to the 
FBI memo, was a "præ 
‘dominately hiack-orranization 
"which has Feen bntcotting 
white mirchonts in Cairo for 
tne past 70 month CUM 
he' plar ro send {he cartoon 
was- proposer - beceuse “it is 
felt that any diminution of Mr. 
‘Koch's support. in: Cairo would 4. 
be beneficial since he appears | 
tà be the single most impor- - 
Aant cause, of confrontations: 
occurring in ‘Cairo. 


^ By MARTHA SHIR 
Of the Post-Dispatch Staff, 


The Federal Buréau of Investigation 


unt an anonymous Jetter to the ranking 


ishop of the Episccpal Church of the 
United States in 1571 in an attempt to 
¿seredit the United Front of Cairo, M., 


and'to dry up its major source of funds, ' 


says the Rev. Charles Koen, the United 
Froat’s leader. > 


.- He said documerts scheduled to be 


nede public this week by the United 
S:ates Senate Select Committee on Intel- 


‘igence would disclose a pattern of 


Jarassment, including attempts to cause 
lisagree—--7^s among the leaders of the 


Cairo group, provoke matital squabbles” 


and cut off its outside financial support. . 


He said a committee staff member | 
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had traveled to Cairo in recent days and - 
had shown him tlie letter in question. 
The staff member, reached by telephone 
Friday night, refused to comment and. 
would say only that the facts would be 
disclosed this week. 


The Rev. Mr. Koen said the staff 
member had told him that the FBI had 


sent an anonymous letter in 1971 to the ` 
Right Rev. John E. Hines, then the- 


presiding bishop of the Episcoal Church. 
The letter, which was writien from the 


. viewpoint of a concerned parishioner, _ 
called the United Front a violent organi- 


zation and said its leaders had used 
donations from the church to buy weap- 
ons, the Rev, Mr. Koen said. 

In 1970, the national Episcopal Church 


donated more than $75,000 to the United . 


Front, a community-based self-help 
group with branches in East St. Louis; 


and St, Louis. But the Rev. Mr. Koen. 


said in.an interview. Friday that ihe. 


church had denied the group a contribu- 
tion for the next three years. 

"And now we know why," 
mented. 


he = com- 


In 1969, the United Front, headed o 


the Rev. Mr. Koen, conducted. boycotts 


and demonstrations against white-owned - 


"businesses in Cairo in an ‘attempt to 


force.the hiring of more black employes. -. 


Racial strife, and often exchanges of 


gunfire between the white and black, 


communities, continued into the 1970s. 
The Rev. Mr. Koen, 29 years old, is 


' assistant pastor of Cairo's First Mission- 
- ary Baptist Church. 
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OCTODER 23, 1968 
: CODE Lo ue 


H 
H 


SLETYPE ! MAN URGENT 
stp] BY CODED TEL ETYPE TET ! 
l = Mr. Suffivan 


SACs, CHICAGO 


CINCINNATI "S for/review) 
i CLEVELAND 
DENVER MA TELETYPE |l ~ Mr. Deily 
i ` MIAMI IPÊ 45 E 
NEW YORK OCT 2 31968 | s 
M33 APM LAD | 


SAN FRANCISCO 


ENCIPHERED | 


FROM: DIRECTOR, FBI | 
fy us’ : toe id st D. 
C7D1SiURBANCES ARISING OUT OFlDEMOCRATIC. NATIONAL CONVENTION _ 


- 5 
^ - -4 


ARL ° ` ; at i ay ee 


* a4 


QU. os : 
FOR YOUR CONFIDENTIAL INFORMATION, DEPARTMENT PLANS TO SEEK ` 
a H AC » 
INDICTMENTS IN IMMEDIATE FUTURE CHARGING APPROXIMATELY TTENTY 
Ma 


. PRINCIPAL LEADERS AND ACTIVISTS OF VARIOUS NEW LEFT ORGANIZATIONS 


WITH CONSPIRACY TO VIOLATE AND SLASH OR SUBSTANTIVE VIOL/ 


Pil» Lobo 


ANTIRIOT LAWS PARENTHESIS TITLE EIGHTEEN, SECTIONS TWO FOUR FIVE, 


TWO ONE ZERO ONE, TWO ONE ZERO TWO OR TWO TIREE ONE CLOSE m 
PARENTUESIS IN INSTANT MATTER. A SUCCESSFUL PROSECUTION OF THIS. 
TYPE WOULD BE A UNIQUE ACIIIEVEMENT FOR THE BUREAU AND SHOULD 
SERIOUSLY DISRUPT AND CURTAIL THE ACTIVITIES OF THE NEW LEFT. ; 
IT IS THEREFORE IMPERATIVE THAT THE FBX DO EVERYTHING POSSIB » 
T Y IO AIJEE ro 
Z P d PROVIDE THE ADMISSIBLE EVIDENCE REQUIRED BY -THE nicks T TO _ 
m —f . : wt te ze eee DAT MAC 
s^ X— . pROCEED; ets 00. 410 j 7 ——— — X e. - 
ME 3X € Luiz od Ji^ 
"——— E Wwe 19 OC vy : 
VOR onaf l AA TE AW 44 » UE 
LU 0 4 CY amt ae 
CCMTZIAMSEE NOTE PAGE SEVEN a " Uu" s 


Mis bei f l ff i Rus 
NJ JI" Vis AK p is 


af 
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ad 
EBI Memo: IV)S | 


-AMERICAN INDIAN MOVEMENT 


^ The government's ríght to continue full 
investígation of AIM and certain affiliated organizations 
may create relevant danger to a few citizen's privacy and 
free expression, but this danger must be weighed against 
society's right to protect itself against current domestic 


-threats. 


The Supreme Court has observed that “unless the 
government safeguards its own capacity to function and 
to preserve the security of its people, society itself 
could become so disorderly that all righta and liberties 
would be endangered." United States v. United States 
District Court, 407 U. 5. 297, i 


2. Scope of Investigation 
Investigative Techniques 


Thé key to the successful investigation of 
AIM is substantial, live, quality informant coverage of 
its leaders and activities. In the past, this technique 
d to be hi hly effective ,& gto EU CU 
CUT ECC Uu PR OT MI ESET 


AU ES a As a 
n disclosures regarding informants, AIM 


certai 
leaders have dispersed, have become extremely security 
conscious end literally suspect everyone. This paranoia) 
works both for and against t ement and recent events 


he m 
support this observation. pee 


Dena 


paj 


; "When necessary, coverage is supplemented by 
-certain techniques which would be sanctioned in preliminary 
and limited investigations. E 


“EE Paes CX C 


i Physical surveillance is another useful 
technique and should be utilized when deemed appropriate.: 


„Xo mail covers or electronic surveillance have 
been used to investigate AIM and none is anticipated at 
'this time. 55 f 


Su uL 


Boren EAST 
E TAM UN omes 
PAS SAREE 


=- 52 = 
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32 
i FBI 
° : Dat 
Te: 472770 
Rn th “following in TE EO 


(Type ia plaintext or code) 


Pe [NE ^. AIR MAIL | | 
NN SEMEN ONDE 77 C E ROC 


“emo tm — — —— — st ÀÀ— a MÀ — me —— — —— —— —— —— —— M nc —— — — —— — — — —— — — — — — — — — — — — — — 


TO: DIRECTOR, FBI (100- dc 


GS HOUSTON (105-2275) 


SUBJECT: COUNTERINTELLIGENCE PROGRAM 


"INTERNAL SECURITY - DISKUPTION 
OF THE NEW LEFT 


3 tmu "itam cmt Dept MATE ATIC 


RE: HOairtel, 9/30/69. 


Hag y . n ; . : 
z | a X. Potential Counterintelligence Action 


Houston Office has during recent months obtained 
letterhead stationery from the United Farm Workers 
Organizing Committee, Delano, California, which stationerv 
was being considered for use in a counterintelligence-type 
letter to the organization in connection with the interest 

. previously shown on behalf of the grape pickers strike 
by the Houston SDS people. During the recent several 
months, the SDS group have not expressed any interest in 
tne grape pickers strike as they have previously, and 
any counterintelligence move utilizing the contemplated 
letter, would at this time, be inopportune. In the 
event interest again is generated by the SDS on behalf : 
of the grape pickers strike, a specific proposal will 


Rx d m1  RE-3 74-V77747*-7 


" Informants have advised that SDS people in Houston 
.who are currently residing at 5003 Austin are currently 
selling and using marijuana at this address. Informants 
. stated also that there is a good possibility that the 
supply of marijuana is kept by one of the individuals 
living at this address. This information has been reiated 
£o apprmpriate narcotics people at the Houston PD and also 
the Federal Narcotics Bureau in'Houston. In the event ~ 
additional specifics are obtained-in this regard, appxpricke 
(jauthorities will be advised: dala lañ effort. tọ cc Now 


ew o, . š 


T aU. ~ | 
B Bu eau’ (RM) . CN epos T" » 
"- Houston pc ZEN GNU QU dC NET LI 
ES querer’: Qo cs - Sent ** -M worm "i n— 
Pe ce AN: : Special Agent fn Charge — us 0 000 cos WU 
xit 
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Bleck Panther aul re 


(Mexico City, Mexico) - The 
Federal Bureau of Investigation 
(FBI) conducted an intense cam- 
paign of violence, harassment 
and disruption against activists 
in Mexico, recently released FBI 
files have shown. 

The Bureau's Mexican activi- 
ties were similar to the notorious 
COINTELPRO operations in the 
U.S., directed against militant 
Black groups, the antiwar move- 
ment and other so-called ''sub- 
versive'' activities. In Mexico, 
the FBI organized and fomented 
bombings, shootings, and murder 
attempts. Bureau agents also 
worked closely with the U.S. 
border cops, against both Mexi- 
can and Chicano activists. 

The campaign was carried out 
with the collaboration and tacit 
support of the Mexican govern- 
nent. 

The FBI's disruption campaign 
was the subject of a recent 
‘our-part series in the Mexico 
Zity daily paper Excelsior. The 
irticles were based on FBI files 
lisclosed through the Freedom of 
nformation Act. Virtually none of 
he files’ contents on Mexico 
ias been reported in U.S media, 
he Militant reports. 

Excelsior reported that the 
'BI's activities were stepped up 
etween 1967 and 1970, a period 
iarked by the rise of mass 
truggles in Mexico. 

Many.of the documents de- 
cribed by Excelsior were confi- 
ential memos from then FBI 
irector J. Edgar Hoover to the 
legal attache” of the American 
mbassy in Mexico City. The 
legal. attache” in most Ameri- 
an embassies, according to 
mer CIA agent turned Marxist 
hilip.Agee, is in reality the head 
‘ the local FBI operation. 


YI-e——— 


Page 621of 3957 


9 A 


——— dS Hee 


that the Bureau's Mexican activi- 
ties were to be kept top secret — 
obviously to cover the fact that 


the FBI, supposedly ‘‘restricted’’ 
to domestic surveillance, actually 
cames out illegal operations 
abroad. 

In. 1967, Excelsior reported, 
Hoover sent instructions to the 
FBI in Mexico City to prepare a 
plan for disrupting ‘‘subversive’’ 
student groups. ` 

Later in 1967, the FBI head in 
Mexico’scapital received congrat- 
ulations from Hoover. The chief 
was ''pleased by the wave of 
nighttime machine gunnings to 
divide subversive leaders." 

These shootings bear remarka- 
ble similarity to plans carried out 
by the FBI in the U.S. to provoke 
disputes between Black groups 
that could lead to violence. The 
Black Panther Party was a 
prime target of such tactics. 

Hoover also congratulated the 
"jegal attache" in Mexico City 
for the ''effective and strategic 
detonation of bombs'' that the 
FBI had arranged or provoked. 

In 1968, according to Excelsior, 
"the terrorist activity of the FBI 
was intensified as pari of a 
broadening of counterintelligence 
operations." 

Meanwhile, in Mexico, a pow- 
erful movement of students and 
working people demanding re- 
lease of political prisoners had 
arisen. The movement frightened 
the Mexican government —and 
the FBI. A 1968 memo from 
Hoover reveals the FBI’s infiltra- 
tion of the movement: ‘‘With only 
10 men in the demonstration that 
thé radicals (students) are going 
to hold, it is not sufficient to 
consummate the plans that have 
been made,'' Excelsior quotes. 

The Mexican government 
moved  auicklv to crosh the 
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growing movement. On October 
2, 1968, a peaceful demonstra- 
tion of thousands of people at the 
Tlatelolco Plaza in Mexico City 
was fired on by police and troops. 
Hundreds of protesters were 
killed. 

The government minister re- 
sponsible for the massacre, Luis 
Echeverria, became the president 
of Mexico in 1970. Echeverria had 
been a close contact of the CIA, 
Philip Agee reported in Inside the 
Company. The FBI continued its 
close collaboration with the Mexi- 
can government under the Eche- 
verria administration, the files. 
show. 

A 1971 memo from Hoover tells 
the FBI’s agents in Mexico to 
"make sure that the disruptions 
will be carried out by our under- 
cover agents in meetings with ` 
subversive students without en- 
dangering the life of [name 
deleted],’’ Excelsior reported. 
explaining that this was an 
‘indirect reference’’ to Echever- 
ria. 

FBI agents posed as agents of 
the Immigration and Naturaliza- 
tion Service (INS) to question 
people who ''could be of interest 
in relation to national security," 
Excelsior quotes one memo. 

Stories were planted by agents 
in border city newspapers urging 
citizens to inform on sons and 
daughters of neighbors who 
might be ‘‘subversives.’’ 

When mere harassment was 
insufficient, the FBI resorted to 
out-and-out frame-ups. One 
memo admits that U.S. police 
planted illegal drugs — heroin, 
cocaine, and marijuana — in the 
cars of Chicano leaders. 

Mexican government agencies 
routinely collaborated with and 
turned over information to the 
FRI M 
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e p En STATES U :NMENT 1 - Mr. g E Sullivan “ete a 
a A - " : - Reeva T: 3T. —. 
Li Ta emorandum 1 - Mr. U.M. Felt. aaa 
SM ] T Mr. Mohr l - Mr. C.D. Brennan . Mu gp 
TO C, D. Brennan «."[:* DATE. 3/25/71 F 
i : l - Mr.. G.C. Moore 
FROM . C. prp 1477. ocd 
i 
susject: COINTELPRO - BLACK EXTREMISTS — j..: 


RACIAL MATTERS 


' To recommend 90-day progress letters submitted by 
43 offices participating in this program be discontinued, 


COINTELPRO is code word for counterintelligence 
program. By memorandum 2/29/68 the Director authorized 
submission of 90-day progress letters concerning captioned 
program for purpose of stimulating thinking in offices where 
black extremist activities are concentrated. Forty-three 
offices are currently participating in this project. 


This program has as its objectives the rU 
of black extremist groups, the prevention of violence by these 
groups and the prevention of coalition of black extremist 
organizations. Since these offices have participated SUE 
cantly in this program, it is felt ve can now relax our 
administrative procedures by eliminating the 90-day letter. 

We will not suffer from this discontinuance as continued 
participation in this program by field is foiiowed by individual 
Supervisors in Racial intelligence Section, Domestic Intelligence 
Division. In addition, the Inspection Division analyzes each 
office's participation in this program during field office 
inspections. In view of. the above and to streamline our 
operations, it is recommended these progress letters be 
discontinued. No change is required in any Bureau P, / 


ACTION: REC-20 gears 
If approved, the attached airtel advising of 
discontinuance of these 90-day letters wiil be forwarded to 
fices eri a in this program. : 


VT a A d^ gy 
100-448006 ee PN "4 ; 
P 
WHA:sef QD M , "n 
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Part Two: Violent Methods and Tactics 


FBI counterintelligence employed its most violent and illegal 
tactics against third world liberation movements, especially the 
Black Panther Party. They sought to provoke street gangs and other 
organizations such as the United Slaves organization in Southern 
California to engage in violence against the BPP. During 1969, 
four Panthers, including leaders Bunchy Carter and John Huggins, 
were killed by U.S. members (or FBI provocateurs) in incidents 
which the FBI helped to provoke and claimed credit for. 


In Chicago, the FBI contemplated inciting the Mafia against Dick 
Gregory, and intentionally provoked Blackstone Ranger leader Jeff 
Fort in the hope that he would violently "retaliate" against Hampton 
and other Panther leaders. The Bureau, through their informants, 
falsely labelled Panthers and other Blacks as informants, altbough 
they recognized that this could lead to physical harm. Their most 
trusted informants, such as William O'Neal and Darthard Perry, 

acted as provocateurs, encouraging and participating in illegal and 
violent acts such as robberies, bombings, building electric chairs, 
and bullwhipping those they branded as informants. Other illegal 
tactics included forgery, wiretapping, burglaries, unauthorized use 


of Internal Revenue Service materials, interception of mail, and 
assassination. 


One of their most violent counterintelligence policies was the use 
of raids on offices and homes of the Black Panther Party and other 
organizations throughout the country. In June of 1969, the FBI 
raided several Panther offices across the country, purportedly look- 
ing for George Sams, who later turned out to be an FBI provocateur. 
They would never apprehend him, but they would brand each raid a 
counterintelligence success after seizing or destroying almost 
everything in the offices, making bogus arrests, and generally dis- 


rupting the BPP. 


Later in 1969 the policy changed. The FBI no longer executed the 
raids themselves, but employed local police forces--already at a 
fever pitch against the Panthers--to do their dirty work. In 
Chicago, FBI informant O'Neal obtained a floorplan of Fred Hampton's 
apartment, showing the bed upon which Hampton slept, which the FBI 
then gave to Edward Hanrahan's police who assassinated Hampton at 
4:30 a.m. while he slept on that very bed. Four days later, in Los 
Angeles, the FBI passed a floorplan of the Panther offices to 300 
L.A. police, who raided the offices in the early morning hours, and 
pumped thousands of rounds at the Panthers inside, who defended them- 
selves and thereby miraculously avoided death. 


In sum, FBI tactics of counterintelligence, as practiced against 
the Black liberation movement, were, and are, so violent, so uncon- 
stitutional, and so illegal, as to make a mockery of the law which 
the FBI is sworn to uphold. 
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Reports May Back F.B.I. Informer 
in Klan on Killing in South 


By HOWELL RAINES 
Special to The New York Times 


BIRMINGHAM, Ala., July 13 — Police 
sources here said today that they had in- 
formation that might support Gary 
Thomas Rowe Jr.'s contention that he 
killed a black man during racial unrest in 
Birmingham in 1963, while Mr. Rowe was 
on the Federal Bureau of Investigation's 
payroll as an informer within the Ku Klux 
Klan. 

The sources said a former Klansman 
and another man described as à Klan 
sympathizer told the police, in separate 

ccounts, that Mr. Rowe had boasted to 
them that *'I shot some niggers" during 
rioting that followed a double bombing in 
a black neighborhood. 
A Birmingham police officer has also 
told city investigators that he saw Mr. 
Rowe with a pistol stuck in his belt near a 
police barricade like the one described by 
Mr. Rowe in his account of the killing. 

Missing Report ïs Sought 

The investigators are now combing po- 
lice files here for a missing report that 
they believe contains information about 
at least three unsolved shootings during 
the 1963 disturbances. 

Meanwhile, another document has 
come to light that may add to the growing 
controversy over Mr. Rowe’s involve- 
ment in racial violence while he was get- 
ting monthly payments from the F.B.I. In 
a statement to a Senate investigator in 
1975, Mr. Rowe accused John Doar, for- 
mer Assistant Attorney General for civil 
rights, of forcing him to change his ac- 
count of the killing of Viola G. Liuzzo in 
1965. 

In the.interview, Mr. Rowe said that 
Federal investigators ignored his report 
that a black man was also killed in Mrs. 
Liuzzo's car when Mr. Rowe and three 
Birmingham Klansmen chased down the 
Detroit woman's automobile on the night 
after she took part in a civil rights march 
from Selma to Montgomery. Mr. Rowe 
further alleged that Mr. Doar ordered 
him to keep silent when Mr. Rowe told 
Government prosecutors that he could 
not positively identify a black man called 

as a key Government witness as having 
been in the car with Mrs. Liuzzo at the 
time of the shooting. 

The Luizzo case brought Mr. Rowe na 


tional attention aS the F.B.1.'s chief tn 
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fermer as si st the Kian it: Alabama. He 
was later relocated and given a new iden 
tty by the burcau, and hives in an undis 
closed location, 

Mr. Rowe also told Senate investiga- 
tors that the Justice Department, under 
it. witness protection program, got him a 
job with a United States Marshal and al- 
juwed him to attend the Department of 
Justice Training Academy with 90 other 
Federal officers. Mr. Rowe charged that, 
because of his dispute with Mr. Doar, he 
was subsequently forced to resign the 
job, and that Marshal who employed him 
filed ‘‘false affidavits” in order to get Mr. 
Rowe an extra month's pay on which to 
find a job outside the Government. 


Questioned in Church Bombing 


When the authorities in Alabama reo- 
pened their investigations into the un- 
solved racial killings in the early 1960's, 
they contacted Mr. Rowe for information 
on the 1963 bombing that killed four black 
children at Sixteenth Street Baptist 
Church. But Mr. Rowe himself became a 
suspect in that case after two polygraph, 
or lie-detector, tests showed that he was 
giving ''deceptive" answers when he 
denied having been with the group that 
planted the bomb. 

Since that time there have been disclo- 
sures that indicate that Mr. Rowe ma 
have participated in_and helped to plan 
the Klan violence he was hired to 0 


serve. > 
A former leader of the Ku Klux Klan in 


Birmingham said today that Mr. Rowe 
helped direct ihe attacks on the Freedom 
Riders at a Birmingham bus station on 
May 15, 1961. ` 


Mr. Rowe himself said, in an interview 
with Alabama investigators last fall, that 
e participated in the firebombing ot the 
home al A. G. Gaston, a black mitlrion- 
aire, according to investigative docu- 
ments. 

In the same series of interviews, Mr. 
Rowe was quoted as saying he killed a 
black man during a riot here and was told 
by the F.B.I. agent to whom he regularly 
reported to keep quiet about the shooting. 
The agent named by Mr. Rowe has denied 
the report as "an absolute falsehood.” 

According to the Senate document that 
came to light today, Mr. Rowe said he 
was assured bv F.B.I. agents here that 
his participation in violence had the per- 
sonal endorsement of ‘‘The Man" — the 


late J. Edgar Hoover, then Director of thé 


bureau. 


*War' on the Klan 


Mr. Rowe stated that *'the quote to me 
was "The Man has declared war on the Ku 
Klux Klan and that vou are man enough 
to do, do it.’ '" Mr. Rowe stated that the 
“agent quivered, literally” in delivering 
this message and said "we don't have to 
worry about covering you any more." 

‘The Birmingham Police Department's 
information about a possible shooting by 
Mr. Rowe was obtained, sources said, be- 
fore disclosure by The New York Times 
that Mr. Rowe had told investigators that 
such a shooting took place. 

The police inquiry here now is focusing 
on Mr. Rowe's activities after bombings 


"scribed by .Mr. 


Page 624 of 3957 


on the nights of May 11 and Sept. 4, 1963 
Rioting of the sort described by Mr. Rowe 
took place on both nights. By the accounts 
of Mr. Rowe and others, according to in- 
vestigative documents, Mr. Rowe was in 
he riot area on both occasions. ' 


Account of Shooting 


The documents show that Mr Rowe 
told a state investigator that he came 


upon blacks attacking a taxicab on 
Eighth Avenue here and beaung à 
When the rioters 


waman passenger. 
turned on him, Mr. Rowe is quoted as 
saving. he shot a black man through the 
chest. Then. Mr. Rowe is reported to have 
said. he went to a bárricade and reported 
the:shooting to a policeman and later, by 
telephone, to his F.B.I. "control" agent. 

According to an investigative source, a 
Birmingham policeman has told detec- 
tives here that during the riot on May 1l. 
"he came down Eighth Avenue and 
stopped and got out of his car and Rowe 
was standing there in the middle of th: 
road in civilian clothes with a gun stuck 
in his belt." 

Later that same night, according to an 
investigative document, a fellow Klans- 
man saw Mr. Rowe and talked to him at a 
telephone booth at 3 A.M. “At that time, 
Rowe stated to him that he had been up- 
town shooting Negroes," the document 
stated. 

In a separate interview, the companion 
of the Klansman who gave that report 
supported the account without prompt- 
ing, investigative sources here said. Mr 
Rowe was quoted as telling the two men: 
“There's been a bombing. The niggers 
are rioting. I shot some niggers.” 


However, the assault on the taxicab de- . 
Rowe more closely 
matches an incident that took place on 
Sept. 4, after the bombings of the A. G. 
Gaston Motel and the home of the Rev. A. 
D. King, brother of the Rev. Dr. Martin 
Luther King Jr. 

On that night, Mr. Rowe has told state 
investigators, he was riding with Bir- 
mingham policemen in the riot area when 
they came upon a taxicab whose driver 
and a woman passenger were under as- 


sault by rioters. 


Chicago Tibune 


BIRMINGHAM, Ala. [UPI]—A lawyer 
who defended three Ku Klux Klan mem- 
bers 10 years ago says an ex-FBI in- 
former was involved with his clients in 
an attack resulting in the murder of 
civil rights worker Mrs. Viola Liuzzo. 


`- “It was Gary Thomas Rowe who sug- 


gested the trip to Lowndes County to kill 


some of the civil rights workers," said 


Haynes, a former FBI agent and former 
Birmingham mayor. 

"And we have him on record as say- 
ing in the courtroom that he had his gun 
out the window and was shooting along 
with the rest of them," he said. 
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DATE: 11/29/68 


I. OPERATIONS UNDER CONSIDERATION 


The Los Angeles Office is currently preparing an 
anonymous letter for Bureau approval which vill be sent to 
the Los Angeles Black Panther Party (BPP) supposedly from PU 
a member of the "us" orgenization in which it ill be stated 
that the youth group of the "US" orgenization is avere of tna 7 
BPP "contract" to k111 RON KARENGA, leader of "US", and they, 
"US" members, in retaliation, have made plans to ambush l 


leaders of the BPP in Los Angeles. 


It is hoped this counterintelligence measure vill 7 


result in an'US" and BPP vendetta. 


: Investigation has indicated that the Peace and 
Freedom Party (PFP) has been furnishing the BPP with - 
financial assistance, An anonymous letter is being prepared- 
for Bureau approval to be sent to a leader of PFP in which 


A We 


it is set forth that the BPP has made statements in closed 
meetings that vhen the armed rebellion comes the whites in , 
the PFP will be lined up against the wall with the rest of th? 


whites. 


It is felt that this type of a letter could cause 
considerable disruption of the association betveen the BPP 


and the PFP, 


In order to cause disruption betveen the BPP of 


Oakland, California, and the BPP of Los Angeles, an 
envelope is being prepared x .Bureau approval which appears 


poo REGS 


CA: Binet (RM) 
2 - Los Angeles 


LWS/d1 dé 
G) ^ 
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8 DIRECTOR, FBI | 


SAC, SAN DIEGO ; 


COUNTERINTELLIGENCE PROGRAM 
BLACK NATIONALIST — HATE GROUPS 
RACIAL INTELLIGENCE 

(BPP) 


III. TANGIBLE RESULTS 


The BPP Breakfast Program appears to be floundering 
.in San Diego due to lack of public support and unfavorable 
publicity concerning it. It is noted that it has presently 
been temporarily suspended. Therefore, it was felt that 
placing the above mentioned anonymous call to the Bishop at 
this particular time might be a significant factor in 
‘precluding the resumption of the program. The information i 
to the Bishop appeared to be favorably received and he seemed 
to be quite concerned over the fact that one of his Priests 
was deeply involved in utilization of church facilities for 
this purpose. This matter, of course, will be closely 
followed for further anticipated developments concerning the 


Breakfast Program. E 


: Shootings, beatings, and a high degree of ünrest 
continues to prevail in the ghetto area of southeast San Diego.. 


Although no specific counterintelligence action can be 
credited with contributing to ems over-all situation, it is 


attributable to this program... 


2 


In view of the recent killing of BPP member SYLVESTER 
BELL, a new cartoon is being considered in the hopes that . 
it will assist in the continuance of the rift between BPP 
.and US. This cartoon, or series of cartoons, will be similar 
in nature to those formerly approved by the Bureau and will 
be forwarded to the Bureau for evaluation and approval 


immediately upon their completion. 


Ie DEVELOPMENTS OF COUNTERINTELLIGENCE INTEREST -> 


Due to the fact that the US members víolently . --- 
sectei to being called “pork chops", a change in the order of 
the mailing of the cartoons was made isi San Dieg of the .. 
recently Bureau-approved cartoons depicting holding & 
Black Panther off with his hand with the tit Pork Chop Karenga” 
was distributed on 4/7/69, due to the excellent pagi d release 


Page 62 Of pees particular cartoon, . . 
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a acm ho m at cr m s n 


RACIAL INTELOI 
_ (BLACK PANTI 


eee MÀ 


In the Chicago letter of December 16, 1968, a 
suggestion was made that an anonymous mailing: be sant JEFF 
FORT, leader of the Blackstone Rangers, advising óf BPP n ots 
to discredit him, and in effect to "take over" the, Rangers. As 
events have subsequentlv developed, as fet fortu in yelecenced 
Chicago airtel and LEM, the Rangers and the BPP have. not only 
not been able to form any alliance, but enmity and'distrust nave 
arisen, to the point where each have been ordered to stay our of 
the others territory. The BPP has since decided to conduct as 
-activity or attempt to do any recruiting in Ranger territory. 


: It appears therefore that the letter AS originally 
intended at this point would serve no useful purpose., The end 
in view appears to have been very quickly arrived at, in great- 
measure by virtue of the inherent inability of two stich yolatile 
, And power conscious groups to derogate any of their status Ox 
assumed authority to the other. : 


d From information recently received, it appears, however 

that the BPP nas not entirely; abandoned 211 hope or utilizing 

the Rangers for their own purposes. Some feeling has been evident 
‘that FORT may not continue indefinitely in his position of leader- 
ship with the Rangers, most probably a yeference to various 
Criminal charges facing him. It is clear, however, that so 

long as he is in this position, any work ing arrangement between 
"the two groups will be on Hanger terms, i 
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P ye ua HU 
D uu ae 


; > i ' A 
Cori qutn |y, V Chigaget Dow recommends tho following 
- letter be sent "bs | Rakdwriticn, on plain paper: 


"Brother Jeff 


“Iiye spent sare time with some panther friends on 
the vest side lately and I know what's bogu going on. The 
"brothers that run the Panthers blame you for blocking their 
thing and there's supposed to be a hit out for you. {I'm nat 
a Panther, or a Ranger, just black. From what see these 
Panthers are out for themselves not black people, Y thing 
you ought to know what their up to, I know what I'd do iz 1 
was you, You night ‘hear from we again. MS , 


The above would be sent to FOR n in care of the First 
Presbyterian Church, 6401 South Kimbark,..the widely publicized 
headquarters of the Rangers, . 

ii iz Geligved tie abuve may intensiiyvy the derree of 
animosity between the two groups and occasion FORT to take 
retaliatory action’ which could disrupt the BPP or lezd io 
reprisals against its leadership. 


Consideration has been piven to a similar letter 
to the BPP, dlleging a Ronger plot against the BPP lerdershi 
[o c c 


however, it is not felt this would be productive, princirall«q 
since the BPP at present is not believed as violence-prone as 
the Rangers, to whom violent type activity, E. aud the 
like, are second nature. There is also the possibility that 
if a future contact between the tvo were to Bc vlacc, andit 
became apparent that both had received such COmmUAICKR TIONS, 
then an outside interest would be somewhat obvious, 


Chicago will take no action regarding the above, 
pending Bureau authorization, 
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CHICAGO SUN-TIMES, Thurs., Feb. 12, 1976 


We appear to have a new definition for a time-honored Chi- 
cago term. 

Marlin W. Johnson, former head of the Chicago FBI office, 
testified in federal court.this week, and he was asked to define 
the words “ʻa hit." 

The reason Johnson was asked to do this was that Jeff Fort, 
the leader of a Chicago street gang, received a letter back in 
1969 that said, “there is supposed to be a hit out for you." - -> 

The letter was intended to convince Fort that the “hit” was 
being ordered by members of the Black Panther Party. 
"Recently uncovered evidence, however, has indicated that the 
letter was.written not by Black Panthers — but by FBI 
agents, in am effort to turn black nationalist groups against 
each other. 

SO JOHNSON WAS on the stand to testify about the FBI’s 
Tole in the sending of the letter to Fort. Johnson admitted that 
he had once approved the mailing of the letter. But he denied 
that Fort should have construed the phrase, “there is sup- 
posed to be a hit out for you," to mean that Fort was in 
danger of foul play. : 

Johnson said that “a hit" — according to newspaper ac- 
counts of his testimony — was ''something nonviolent in na- 
ture." . . 

Now I may not have been raised in the big city, but I grew 
up watching The Untouchables on television just like everyone 
else, and I was pretty sure that “a hit" did not precisely mean 
“something nonviolent in nature." 


Still, I didn't want to trust myself on this. So I went to. 
a reference book call "The Dictionary of American Under ' 


world Lingo” (Citadel Press, New ‘York, 1962) and looked up 
the definition. It was brief and to the point: 
“HIT — To shoot to kill." 

Marlin Johnson had been a top. FBI man, though, and I 
didn’t want to rely on the say-so of one not very well-known 
book to call him wrong. So I got on the telephone and sought 
the advice of a number of experts in the field. I asked each of 
them, “Does a ‘hit’ mean something-nonviolent in nature?” 
Here are their responses: : 
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'"Biesdletters and Bad Men"— 
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PETER MAAS, author of “Serpico” and “The Valachi Pa- 
pers" — A hit means only one thing. It means a bullet in the 
back of the head. Nonviolent? Jesus Christ. Joe Valachi talked 
about 33 hits to me, and he wasn't referring to Broadway 
plays." 

STEVE SCHILLER, executive director of the Chicago Crime 
Commission — *'A hit means something very violent. A hit 
means being taken care of completely. A hit means someboáv 
being exterminated. Taken out. Murdered. Killed. Dead. Final.” 

JAY ROBERT NASH, veteran crime-watcher and author of 
"A hit has only one meaning, 
angftbat’s assassination. That’s all it is; planned; urdered-in- 
advance murder. Usually the weapon is a handgum -Often a 
silencer is used." 


TONY PELLICANO, private eye—“A hit means that a con- 
tract is out. A hit means you’re going to die. A hit means that 
your life has been offered up for sale by whoever wants to get 
you. It's not a very difficult concept. 1f there's a hit out on 
you, that simply, means that someone has been hired to kil 


you." 
GEORGE V. HIGGINS, former federal prosecutor in Boston 
and author of “The Fri iends of Eddie Coyle"—" What did you 


say? A hit is.'something nonviolent in nature’? That's a lot of 
ciap.-It was never like that in any parlance I ever heard. A hit ` 
has always meant.one thing. It’s a contract for murder. 

There’s no two ways about it. It’s murder.” - 

RONALD EWERT; acting executive director of the Illinols 
Legislative Investigative Commission (formerly the Illinois 
Crime Commission)--'"A hit's a bit. A guy's going to get 
killed. When someone says that there is a hit out for you, he 
means that the plans are for you to be dead soon.” 

So... I am certainly not going to quarrel with G-Man 
Johnson's definition of “a hit." In fact, I kind of like it. It-adds 
yet another note of distinction to our civic history: 

Only in Chicago can premeditated murder be defined as a 
nonviolent act. — 


--— 
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NILLIAM ONEAL on November 19, 1969, which information 
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AIRTEL 


TO: 


FROM: 


faf SUBJÉCT: 


Re: Bureau airtel'12/8/69 and Chicago letter 11/24/69. 


Information set forth in Chicago letter and letterhead 
memorandum of 11/21/69, reflects legally purchased firearms 
in tke possession of the Black Panther Farty (BPP) were stored 
at 2337 West ionrce Street, Chicago. A detailed inventory of 
the weapons and also a detailed floor plan of the apartment 
were furnished to local authorities. In addition, the identities 
of BPP members utilizing the apartment at the above address 
were furnished. (This information was not available from any 
other source aud subsequently proved to be of tremendous value 
in that it subsequently saved isjry and possibla death to 
police officers participating in a raid at the address on the 
morning of 12/4/69. The raid vas bascd on the information 
furnished by informant. ~ Durias the resistance by the BPP 
members gt tho time of the raid, the Chairman of the Illinois 
Chapter, BPP, FRED BAEPTON, was killed and a LPP loader from 
Peoria, Illinois, vas also killed. A quantity of weapons 
and amaunition. were recovered. - 


. It is felt that this information is of considerable 
value in consideration of a special payment for informant 
requested in re Chicago letter. 
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By Thomas J. Dolanlcsr mo. 


Lawyers for families “of two slain Black ; 
anther Party leaders Friday. sibpenaed FBI 
rcuments they say outlined an FBI plan to 


4 rep í 


sk the lives of local police in clashes and : 
ids involving Panthers. Pin -d 


“We heve a reliable informant,” said attor- 
y G. Flint Taylor, “‘who has‘told us that 
ch a plan existed and he saw it in writing. 
2 are demanding ibat those documents be 
ought into court.” | 

' Taylor made his comment: after serving 


bpenas on four Federal. Burezu of In- | 


stigation agents, or former agents, three of 


iom are facing civil charges that they vio- ` 


ed thé civil rignts of Panther leaders Fred : 
mpton and Mark Clark during a Dec. 4, 
9, weapons raid on a West Side Panther } 


‘raid. : 


“he subpenas demand all documents show- | 


; an alleged FBI counterintelligence plan to . 

: or entice local law enforcement agencies ` 

ne the Black Panther Party. The | 
penas said the pian: 


| “, . - Set (s) forth that local Jaw eníorce- 
ment agencies (are) to be employed by the 
i FBI to raid Black Panther Party offices and 
‘homes wherein Panthers and police would be 
' wounded and kiled and Panthers arrested . 


i 
"The plan, according to the subpena, was 


' drafted between January, 1988, and Decem- 
"ber, 1570. Sources close to the case said the 
; existence of the pizn kas been mace known to 


ia U.S. Senate committee investigating the 


: Hampton and Clark case, bt Senate officials 
could not be reached for comment. 

Sources close to the Hampton and Clark 
, lawyers said. the plan is being sought to 
show that the FBI intenged that police should 
be killed or wounded in clashes with armed 
; Panthers to publicly discredit the militant 


r blacks. 
artment. Hampton and Clark were killed i in: 


Subpenaed were Marlin Johnson, former 
special egent in charge of the Chicago FBI 
office, and àgents Roy Mitchell and Robert 
Piper. All are charged in the $47.7-million 
federal civil rights Gamages suit being tried 
before U.S. poner Court Judge Jos eph Sam 


` Perry. 


4f3ol76 Chitago Gun Times 


— € 


Panther raidisuccese --agent 


y Dennis D. Fisher 


1 FBI agent testified 
rsday that he considered 
police weapons raid on a 
ago Black Panther apart- 
t "successful" because no 
:e were injured. 


"bert T. Piper, head of the 
s Chicago “racial matters 
d" at the time of the pre- 
3 raid Dec. 4, 1969, told a 

jury and U.S. District 
t Senior Judge Joseph 

Perry that information 
lied to local police by the 
was the key to the success 
? weapons search. 


er, a defendant in a $47.7- 
om civil rights damage 
filed by the, families of 
aton and Clark and other 
'ants of the apartment, 
wiestioned about a letter 


he wrote to FBI headquarters 
in Washington. 

The one-page letter credited 
FBI undercover informant Wil- 


liam M. O'Neal Jr. with pro- 
viding a list of weapons and a 


detailed floor plan of the Pan- 
ther apartment, including the 
exact location of Hampton's 
bed, which contributed to the 
saving of police lives. The let- 


"ter was read to the six-mem- 


ber jury. 

“It 1s felt that this Informa- 
tion -(O'Neal's) is of consid- 
erable value In consideration 
of a special payment for infor- 
mant... ," the letter said. 


"The local FBI office was seek- 


ing a $300 "reward" payment 
for O'Neal, who acted as the 
Chicago Panther's chlef of se- 
curity and soinetimes as a per- 


——— Td. -4 Be TI tn 
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Roy M. Mitchell, 


Piper conceded that he 
wrote the letter to obtain a 
bonus for O'Neal. 


The raiding party had been 
supplied the apartment dia- 
gram by another FBI agent, 
who was 
O'Neal's “operator.” 
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Panther leaders Fred Hamp- 
ton and Mark Clark were shot 
and killed by Chicago police 
assigned to the state’s attor- 
ney’s office, who conducted the 
weapons search at 2337 W. 
Monroe. 


CST 

By Dennis D. Fisher 2/28/76 

A document that showed the FBI knew 
an impending police action against a Chicag go 
Black Panther apariment surfaced Friday in 
federal] court. 

The document was a bureau report initialed 
by Marlin W. Johnson, chief of the Federal 
Bureau of Investigation office here at the 
time, 

Chicago police officers conducted a raid on 
the Panther apartment Dec. 4, 1969, the day 
after the FBI report was dated. 

Johnson, now an executive with the Ganien 
Corp. and chairman of the Chicago Police 
Board, has testified that the first he heard of 
the weapons raid on the apartment was on 
radio the morning it happened. 

In earlier testimony Johnson denied any 
knowledge that Chicago policernen assignsd 
to the Ccok County state's attorney's office 
planned the predawn raid in which Panther 
Jeader Fred Hampton and member Mark 
Clar! were killed 


The FBI report was rcad tn a jury and U.S. 
District Court Judge Joseph Sam Perry. The 
report dealt with an FBI countcrintclligence 
program aimed at harassing and rcutralizing 
"black nationalist-hate groups" that included 
the Black Panther Party. 

Dated Dec. 3, 1969, the three-page report 
noted that the Chicago FBI office has ‘‘contin- 
ued to advise local authorities of instances 
where BPP members appear vulnerable to 
arrest Gn local charges.” 

The report recites how the. FBI gave infor- 
mation concerning weapons "reportedly pur- 
chased legally by local BPP members. This 
information has been furnished to local law- 
enforcement officials. Officials of the Chicago 
Police Department have advised (the FBI) 
that the cepartment is currently planning a 
positive course of action relative to this (wea- 
pons) information," 


Sun-Times Bureau $4] «76 


WASHINGTON — A Federal 
Bureau of Investigation memo 
says the 1969 raid in which two 
Black Panthers were killed in 
Chicago was "based on infor- 
mation" from an FBI inform- 
er, a Senate intelligence com- 
mittee staff report disclosed 
Thursday. 

Arthur Jefferson, head of the 
staff that produced the report, 
said the memo was "'inconsist- 


by former Cook County State's 
Atty. Edward V. Hanrahan, 
Chicago police and the FBI. 
Jefferson said -the Chicago 
rald was part of a nationwide 
FBI effort to “encourage po- 
lice to raid the Panthers." The 
FBI justified the policy as.a 
precaution against violence, he 
sald, but "the real reason was 
they didn’t like the political 
rhetoric and the political 
stance the Black Panther Par- 
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William:O'Neal, the Black Panther double 


COUNTERINTELLIGENCE PROGRAM 
BLACK NATIONALIST - HATE GROUP 
RACIAL INTELLIGENCE 

(BLACK PANTHER PARTY) (BPP) 
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4/11/69 


TO DIRECTOR, FBI 


„SAC, CHICAGO 


FROM 


' et 


Above is furnished for the information of the 


Bureau, 


and an indication of the use of this source in 


harassing and impelling the criminal activities of the BPP 


locally. 


Explosives offer to 


By Rob Warden CON 7/2/76 


A paid FBI informant offered explosives to members of 
the Black Panther Party here in 1969 and suggested thev 
could blast their way ‘into armories to seize weapons, at- 
cording to a sworn statement filed Thursday in dederat 
Court. 

The statement details testimony that former Panther 
Louis Truelock would give if he were permitted to testify 

.in 2a landmark civil rights suit before U.S. District Court 
Judge Joseph Sam Perry. 

Truelock would testify that in October, 1969, ne and other 
Panthers went with FBI informant William O’Neal Jr. to 
the home of O'Neal's father on the West Side, the siate- 
ment said. ] 


iMth and Springfield. 


Panthers told 


THERE, ACCORDING TO THE statement, O’Neal showed 
the Panthers a satchel of putty, blasting caps and several 
plastic battles of liquid, presumably high explosives. 

"He said armories could be blown up this way and wè 
could get their guns," Truelock's: statement said. 

The next month, the statement continued, Truelock and 
other Panthers again went to O'Neal's father's home, near 


"O'Neal showed us the explosives again and said there : 


iwas a McDonald's we would rip off," Truelock was quoted’ | 


as saying. “He (O'Neal) stated we could use the explosives 
on the safe door and blow it open". l 

:The statement also said that O'Neal once tried to bring 
an apparently stolen electric typewriter into Panther head- 
quarters at 2350 W. Madison. 


By ROBERT McCLORY 


security, said Satchel, 
oust him from the party — a decision which 


7/24 [76 


Chicago Daily Defeader 


but decided not to 
wanted intruders instantly” 


equipped with devices to “electrocute un- 
and to eject 
in a matter of 


jagent who helped arrange the 1969 raid on, 
iFred Hámpton's apartment, also had plans 
ito blow up City Hall with a bomb carried in a 
iradio-controlled model airplane, a witness 
testified this week before U.S. District 
Judge Joseph Sam Perry. : 
Ronald (Doc) Satchel, who was shot five 
times during the raid, said O'Neal's 
elaborate devices, including the plane and à 
home-made electric chair he built to 
"punish traitors," led the Panther high 
command in early 1969 to suspect him of 
being an agent provocateur. They voted to 
strip O'Neal of his position as chief of 


was eventually fatal for Hampton and Mark 
Clark. 

Throughout 1969 O'Neal continued to feed 
the FBI with information about Panther 
weapons and security measures, finally 
triggering the Dec..4 raid. 

During his questioning of Satchel, Atty. 
James Montgomery, representing survivors 
of the raid, attempted to establish that much 
of O'Neal's information was blatantly false. 
Over the strenuous objections of attorneys 
representing. O'Neal, 
and 27 other men implicated, Montgomery 
asked Satchel about a report submitted in 
late 1968 by O'Neal's FBI contact, Roy Mit- 
chell. In it, O’Neal claimed Panther 


headquarters at 2350 W. Madison were then 


coo 3/5/77 
William O'Neal, the cen- 


Edward Hanrahan . 


projects, including the con- 


poison gas that “kills 
seconds. " O'Neal also told Mitchell that 
a bullet-proof steel door was in place 
and the windows were equipped with 
siren-alarms. 

In fact, testified Satchel who frequented 
Panther headquarters daily, he never saw 
any of these devices. ‘The airplane and the 
electric chuir were real, however. Satchel 
sdid the Panthers never took seriously 
O'Neal's claim that the one-foot-long, 
plastic airplane equipped with a gasoline 
motor could actually blow up City Hall, ana 
he never saw it in operation. Hampton, he 
said, explicitly ordered O'Neal to dismantte 
the electric chàir after it has been con- 
structed. 


The prosecution contends 
O'Neal was encouraged by 


tral figure in the Black Pan- 
ther trial, engaged in 
terrorism, torture, robbery 
and theft, while he was 
collecting thousands of 
dollars from his FBI em- 
ployers, a witness testified 
this week in the continuing 
federal trial. 

Robert Bruce, 29, a former 
Panther himself, described 
many of O'Neal's peculiar 


struction of a Panther elec- 
tric . chair to execute 
“traitors” and the designing 
of a radio-controlled model 
airplane to bomb City Hall. 
He also said O'Neal en- 


couraged Panther members. 


to commit crimes, per- 
sonally took part in several 
burglaries and holdups, and 
viciously beat one suspected 
informant with a bullwhip. 


testimony 


his FBI superiors to 
discredit the party and 
justify the fatal raid, 


Bruce, who was moved by 
the FBI to California three 
years ago following his 
in the Stanley 
Robinson trial, said O'Nea! 
contacted him last year and 
urgéd him not to appear in 
the Panther trial. 
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informer was ‘hit ma 


Charge 


By William J. Eaton 
Of Our Washington Bureau 


WASHINGTON — An FBI in- 
former in the Black Panther 
Party in Chicago became part 
of a. “murder-by- contract 


group” with apparent approval 
of FBI officials, a member of 
the Senate intelligence com- 
mittee has charged. 

The informer supplied the 
Panthers with weapons, 


trained them in their use and 
later joined a murder squad. 
that stalked a victim and 
killed him, according to Sen. 
Walter D. Huddleston (D-Ky.). 

Although Huddleston did not 
name the informer, he appar- 
ently is William O'Neal, a for- 
mer FBI informer -who was 
chief of security for the Chi- 
cago Panthers when Illinois 
Panther leaders Fred Hamp- 
ton and Mark Clark were 


killed in a police raid six years 
ago. 


O'Neal also testified for fed- 
eral prosecutors in the 1973 
trial of former Chicago police- 
man Stanley Robinson, who 
was convicted of murdering 
two persons. O'Neal testified 
that he accompanied Robinson 


-when a contract killing was 
“carried out on May 6, 1972, on 


the Dan Ryan Expressway. 


Huddleston asked why the 
Chicago informer was able to 
provide weapons to the Pen- 
thers and associate with killers 
"presumably all 
knowledge of the FBI.” 

JOSEPH Deegan, chlef of 
the FBI section on extremist 
organizations, did mot chal- 
Jenge the senator's recital of 

. the facts. 


Chicago Daily Mews 12/3175 


with the. 


By ROBERT McCLORY 

Two former Black Panthers have claimed 
William O'Neal warned them it would not be 
in their "best interesis" to testify ai the 
current federal trial. 

The two, Robert Bruce and Nathaniel 
Junior, said they were contacted separately 
by O'Neal, the FBI informant who is now in 
his third week on the stand, and told to 
"forget about" unrequested visits O'Neal 
paid them last April. He also allegedly 
discouraged their scheduled appearances in 
the trial. As a result of these contacts, 
Jünior and his family are reportedly in fear 
for their lives and are seeking to keep teir 
present whereabouts unknown. 

Bruce and Junior, former associates of 
O'Neal, have long criminal records, and are 
prepared to testify about O'Neal's own 
criminal history. Attorneys for the Panther 
plaintiffs believe their testimony would 
seriously discredit O'Neal's claim before 


Fred Hampton: Gunned down 
&t dawn by Chicago Police 
using information given 
to them by FBI informant 
and agent-provocateur 
William O'Neal. 
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the jury that he served as a paid informant 

only because he was *'interested in law en- 

forcement and what the FBI stood for.” 
Junior, in particuiar, has charged O'Neai 


with building an electric chair to scare Pan- 


ther traitors, organizing groups to conduct 
robberies, bringing explosives and guns to 
Canada while Junior was a fugitive there, 
{towing up a car in suburban Argo, and 
urging other F'anthers to engage in terrorist 
activities. 

Meanwhile, O'Neal has admitted little un- 
der heavy questioning by Atty. Jeff Haas. 


Panther trial vow Times 2/19/77 


When William O'Neal recently 
took the witness stand in the $47.7 
million civil suit filed by survivors of the 
1969 Chicago police raid, in which 
Black Panther leaders Fred Hampton 
and Mark Clark were slain; a chant of 
"pig. pig, pig" arose from the plaintiffs’ 
side of the courtroom 

in 1969-70, O'Neal earned 
$30,000 as a paid FBI informant who so 
successfully infiltrated the Panthers 
that he became Fred Hampton's 
personal bodyguard. It was O'Neal 
who provided the FBI with a floor plan 
of Hampton's apartment, a plan that 
the 14-man police unit referred to when 
surprising the sleeping residents at 
dawn with a nine-minute spray of 
gunfire. An autopsy revealed 
abnormally high levels of barbiturates 
in Hampton's blood; the plaintiffs 
believe that O'Neal drugged Hampton 
the night before the raid. FBI 
documents in evidence show that 
O'Neal was rewarded for his efforts 
with a $300 bonus. 

After three earlier "official" 
investigations of the raid, during which 
neither he nor the FBI was even 
mentioned, O'Neal is back on the 


i (ib l2 


He said his only purpose as an informant 
was to provide FBI agent Roy Mitchell with 
"general information" about Panther ac- 
tempting to establish that O'Neal was paid 
by the government to àct as an "agent 
provocateur” in the party, to encourage 
illegal acts and to provide justification for a 


crackdown on its leaders. This theory: has. 


gained considerable credibility in view of of- 
ficial FBI documents which urge agents to 


promote disruption by a host of illegal dirty. 


tricks and the use of informers. 


government payroli, this time earning 
about $3.000 a month to testify in his 
cwn defense. (Other defendants in the ` 
case include the FBI, the Chicago 
police department and the illinois State 
Attorney's Office.) The payments, 
which started in September 1975—on 
the day he served his deposition in the 
case—are for “subsistence,” O'Neal 
says 

Though able to subsist 
comfortably on his government salary. 
O'Neal did have some uncomfortable 
moments during his six weeks of 
testimony. While being questioned 
about the floor plan and his request to 
be a pallbearer at Hampton's funeral, 
O'Neal disappeared during a lunch 
recess last December 8 and didn't turn 
up again for five days. The defense 
explained that his wife was ill, but upon 
returning, O'Neal failed to bring the 
medical note that the plaintiffs” 
attorneys had requested. Although the 
plaintiffs believe that O'Neal was really 
holding out for more government 
money, Judge Joseph Sam Perry 
would not permit. them to question : 
O'Neal about his absence, ruling that 
to do so would violate 
security —O'Neal's location is a 
well-kept government secret 
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New York Times News Service. 

SAN DIEGO-The American 
Civil Liberties Union complet- 
ed Thursday a report for Sen- 
ate investigators alleging that 
the Federal Bureau of Investi- 
gation recruited a band of 
right-wing terrorists and sup- 
plied them with money and 
weapons to attack young anti- 
war demonstrators. 

The 5,000-word account pre- 
pared for the Senate Select 


i Committee in Intelligence con- 


tains what ACLU lawyers de- 
scribed as "newly established 
evidence" purporiediy iinking 
the FBI to at least two assas- 
sination plots here. 

The lawyers, H. Peter 
Young and. Mark D. Rosen- 
baum of the ACLU Foundation 
of Southern 'California, said 
the allegations to be sent, 
probably Friday, to the Senate 
committee "document in de- 
tail" the FBI's sponsorship in 
1971 and 1972.0f a San Diego 
group calling itself the “Secret 
Army Organization." 


TOLD OF THE ACLU asser- 
tions, a spokesman for the 
FBI said that the bureau had 
had “nothing to do" with the 
establishment of the so-called 
Secret Army Organization, 
"nor did we have anything to 
.do with the direction of its ac- 
tivities." 

According to the ACLU 
report, the Secret Army Or- 
ganization was set up “on in- 


structions of FBI officials" to 


serve as agents provocateurs, 
inciting disorders as a means 
of exposing “domestic radi- 
cals,” particularly campus 
Jeaders of the New Left pro- 
testing the war in Southeast 
‘Asia. - 

The organization was de- 
scribed by the ACLU as an 
outgrowth of an elaborate in- 
teragency espionage apparatus 
organized “at the direction of 
Richard M. Nixon" early in 
his administration to intimi- 
date and silence domestic crit- 
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THE ACCUSATIONS con- 
tained in the report go consid- 
erably beyond those of a $10.6- 
million damage suit filed by 
ACLU attorneys in Federal 
District Court here last Jan. 6 


on behalf of Peter G. Bohmer, 


a discharged economics pro- 
fesson at San Diego State 
University, and Paula Tharp, 
a companion. 

Miss Tharp was wounded on 
Jan. 6, 1972, when shots were 
fired into Eohmer's Ocean 
Beach home here from an au- 
tomobiie carrying severai 
members of the so-called Se- 
cret Army. 


By JOHN M. CREWDSON 


Special 10 The New York Times 


WASHINGTON, Jani  — 


Bohmer, an avowed Marxist, 
and: Miss Tharp, formerly 
employed by an underground 
newspaper twice wrecked in 
nighttime Secret Army raids, 
organized the San Diego Con- 
ventión Coalition in mid-1971. 
The coalition was formed to 
bring thousands of youthful 
demonstrators to San Diego to 
disrupt the 1972 Republican 
National Convention before the 
convention site was shifted to 
Miami Beach. 


THE ACLU report says that 
John Rasperry, whom it iden- 
tified as an FBI informer, has 
admitted that, in the winter of 


agents: 
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1971-1972, the bureau instruct- 
ed him to assassinate Bhomer, 
but that the attempt was nev- 
ed him to assassinate Bohmer, 

Another FBI-directed plot to 
assassinate Bohmer was alleg- 
edly set up in April, 1972, with 
Gil Romero, a member of the 
San Diego Police Depart- 
men's antisubversive “Red 
Squad," also described as an 
FBI undercover agent. 

The plot was abandoned, 
Young reported, presumably 
when the Republican conven- 
tion was moved to Miami 
Beach. 


mat. es allezing that bureau 


instructed him to 


mer, a San Diego 
y and radi- 


QUS piuies 


Clarence M. Kelley, the dindor 
of the Federa! Durcau:of inves- 
tigation, denied fadav that. his 
agenes had piaved a significant 
Mie m financing or encaurap- 
Ing the artivities ef a group 
of right-wing San Diego fervor 
ists known es the Secret Army 
Omaan. 200000 05 
Despite Mrz Kelley's Insis- 
tence today. that the F.B.1. “did! 
not sponsor, did ‘not. engape 
in and did not condone” any 
of the Secret Army Organiza- 
tion activities, information has 
been placed on the public re- 
cord or gathered by' the Senate 
Select Committee on Intel- 
ligence that shows substantial 
F.B.I. involvement with the San 
Diego groups. . 
Testimony on F.B.I. Funding 
Howard B. Godfrey, the F.B.I. 
informat to whom Mr.: Kelley 
referred, who was also one 
of the co-founders of the Secret 
Army Organization, has testi- 
fied in a California court that 
the bureau pave bi 00 
to $20. worth of weapons 
and explosives for use by the 
group in addition to bis $250-a- 
month salary ás an informat. - 
-In addition, a report by the 
American Civil Liberties Union, 
provided to the Senate commit- 
ted lest summer, quotes John 
Rasperry, p second F, infor- 


car activist, but that he had 
—Hoscsn, according to court 
testimony, members of the se- 
cret group, including Mr. God- 
frey, did carry out such a mur- 
er attempt on Jan. -6, 1972, 
when ‘they fired a pistol 
through the front window. of 
Mr. Bohmer’s San Diego home: 
Mr. Godfrey said tbat he:did 
not fire the pistol but that he 
was in an- automobile with the 
Imen who did. Mr. Boehmer was 
lunhurt, but Paula Tharp, a 
friend, was “wounded in thet 
clhbuw. oes 
“Sennte commiliee investiga-; 
lors have discovered, according: 


to sources familiar, with their, 
r 


inquiry, that the pistol in ques-: 
ltion was later given by Mr. 
Godfrey to his controlling: 
FBL agent, Steven Christian-, 
isen, a member of the bureau's: 
San Diego office. g 

Committee es said atl 
Mr. Christiansen concealed the: 
lweapon in his own home for 
halt a vear while the San Diego' 
police searched for evidence in 
fne Tharp shooting. 

The sources said that Mr. 
Christiansen, who has since re- 
signed from the hureau, was 
disciplined in some undescribed 
way by the F.B.I. for his han- 
dling of the secret group. 


Part Three: Other Methods and Tactics 


The FBI used over two hundred tactics against liberation and 
progressive groups during its counterintelligence program. A 
partial list includes: anonymous mailings of fictitious letters; 
exploiting hostility between groups; spreading malicious 
rumors; Manipulating media; pressuring employers to fire 
progressive employees; engineering the cancellation of 

speaking engagements; arranging for local police to set- 

up or harass groups and their members; intimidation through 
.frequent interviews and investigations; and having the 

Internal Revenue Service conduct illegal tax audits. 


One tactic closely related to the illegal raids mentioned 

in the previous section was the use of false arrests and 

prosecutions. This was done either by the FBI acting alone 

or with the cooperation of local police and prosecutors, 

as well as representatives of the Justice Department. During 

the summer of 1967, almost the entire RAM organization in 

Philadelphia was falsely arrested and kept in jail through 
11; cen par 4 


the counterintelligence efforts of the FBI and the 
Police Intelligence Unit. 


Often, a contemplated result of the raid would be arrest 
and prosecution, whether there was any real evidence or hope 
of conviction. There were one hundred and thirteen arrests 
of BPP members in Chicago in 1969, with no more than a 
handful of convictions resulting. In Mississippi, in 1971, 
the police and the FBI raided an RNA home under very sus- 
picious circumstances. Although he was not even in the 
building, RNA leader Imari Obadele was charged with conspi- 
racy and sent to the penitentiary, 


The use of FBI informers and agents-provocateur was, and is, 
widespread, but the FBI also attempted to spread rumors that 
certain respected and influential progressive leaders and 
group members were FBI or CIA spies. This tactic led to 
much divisiveness and even a potential for violence within 
several liberation groups. 


The FBI also printed its own leaflets with false or malicious 
information. The FBI was very successful in using the media 
to discredit and slander activists and liberation struggles. 
Many "friendly" media sources were little more than pro bono 
FBI agents themselves, printing or broadcasting whatever the 
FBI requested. The FBI even supplied pre-written feature ar- 
ticles and screened television documentaries for "accuracy." 
Like so much of their broadly illegal political repression 
activities, this media manipulation continues today in a 
less overt form, adjustments having been necessary due to 
the damaging revelations exposing the FBI's dci im Cointel- 
pro operations. i 
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1- Mr, Wo C. Sullivan - taps 
| E 


FROM : G C, maa e 


r 


SUBJECT: COUNTERINTELLIGENCE PROGRAM 
BLACK NATIONALIST - HATE GROUPS 
RACIAL INTELLIGENCE 


This ís to recommend that the Counterinfelligence Program 
against black extremists be continued. tM 


The Counterintelligence Program — A black extremist 
ba arch 4, 1 and individuals was ínitiated August 25, 1967, and 
n March 4, 1968, ít was expanded from 27 to 42 participating 
B black extrenists, “to prevent the growth and/or unification of 
extremist groups, and to prevent extremist groups from gaining 
respectability in the Negro community, Some of the excellent 
results of counterintelligence actíon duríng the past year are set 


out below: 


To create friction between Black Panther Party (BPP) 
leader Eldridge Cleaver ín Algiers and BPP Headquarters, a spurious 
; letter concerning an internal dispute was sent Cleaver, who 
i accepted it as genuine. As a result, the International Staff of 
(| the BPP was neutralized when Cleaver fired most of its members, ' 


ae E e werda funa tha nt + 
from the Director for 


' Bureau personnel received incentive awaras 


| this operation, = 


To show the criminal nature of the BPP a write-up concern- 
ing the convictions of its members was prepared and received i 
publicity -in a Robert S, Allen and Jobn A». Goldsmith syndicated 
column of March 31, 1970, Previously we exposed the BPP Breakfast 
For Children Program in these writers’ column of June 14, 1969, 


Articles concerning the BPP based on information furnish 
a news media source in Mississippi resulted in the closing of a 


BPP Chapter in Cleveland, Mississippi. 
P 2 pp . ET Jf20 


Counterintelligence acpeththeainst other extremist organ- 
izations has also been effective, In San Diego, California, an 
anonymous telephone call to the landlord of the US organization 
resulted ín the group being evicted from its Headquarters, In Wami 
Florida, a television source was helped in the preparation of a pro- 
gram exposing the Nation of Islam. The excellent results of this 
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Memorandum to Mr, W. C, Sullivan 
Re:  COUNTERINTELLIGENCE PROGRAM 
BLACK NATIONALIST = HATE GROUPS 


100-448006 


Counterintelligence action has also been effective 
against individual black extremists, In St, Louis, the 
circulation of a spurious newsletter caused four extremists 
to begin fighting among themselves, An anonymous letter to 
& radio station caused the removal of xs 
from the show where he had been preaching blac 
philosophy, The Jackson Division prepared a spurious letter 
from a college group to m black extremist who was attempting 
to recruit the group, As a result, the extremist left the 
area, severing all contact with the group. 


ACTION: 


af the tangible results evidenced by this 


M - wre 


In view o 


program with a minimum _expenditure of manpower, it is 
recommended the Counterintelligence Program be continued, 
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52 UNITED STAT Le) 
femorauandum 
7, M Director, FBI | z l DATE: . 8/30/67 
Ly gi SAC, Philadelphia (157-2371) 
(U " 
BUBJECT: JCOUNTERINTELLIGENCE PROGRAM 


BLACK NATIONALIST - HATE GROUPS 
INTERNAL SECURITY : 


l Re Bureau airtel to Albany dated 8/25/67. 


E. The following suggestions are presented for general 
consideration: 


uM" m 
. Mu 
This division during the summer of 1967 has had WV" “ft 
the opportunity to observe an attempt by an extremist Negro cU 
group (RAM) to affect the peace of a city. Some of the d 
steps taken against RAM may be of possible use elsewhere e 
under the current program. It is pointed out that in a (Mery. A 
fast moving series of situations, the police may have to TON 
"play it by ear," which may reduce Bureau control of the r : 
action taken. Actions herein set out were carried out by “ i 
-either the Intelligence Unit or the Civil Disobedience , d / 
Unit (CDU) of the Philadelphia PD, the largest role being 
played by CDU. / | 


i TOW O any police attention. He settled in the 
heart of the Negro ghetto with his common-law wife and two 
children. 


Keads a ting Jute lege nee ( 
This tactic worked. The police had forgotten: 
and had no prior experience with or knowledge of RAM. 
; e E Sd Ade Unit secured spot check coverage 

Q ru as a personal favor after 


position in it to police 


p g 
officials. 
] gio WD n 
7 6 flo mo [ffs ois 
mt ionsun ST-108 /GO- Jug ^, 2 J 
à - Philadelphia (127-2371) REC64 — he, ee , 


m" 


MBD : MMR 22 SEP 1 ts/ (^ A 
A | 
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When activity started with the appearan 
‘Negro extremists native to Philadelphia at the} 
residence, a full-time surveillance by. police w 
Police disruptive action was also initiated. 


Cars stopping att residence wepe checked 
as to license numbers. Whe ey left the residence area 
they were subject to car stops by uniformed police. The 
occupants were identified. They then became the target ` 
for harassment. As an example, the following case is cited: 


TUCI« He was interrogated. He was 
arrested as a narcotic user on the basis of alleged needle 
marks. He was fingerprinted and photographed. He was 
BubegHentay released by 8 magistrate. 


l Any excuse for arrest was promptly implemented 
by arrest. Any possibility of neutralizing a RAM activist | 


was exercised, 


focal was arrested for defacing private property 
when he painted ack Guard“ on a private building. His . 

companion was also arrested. A charge of carrying a concealed 
deadly weapon, aswitch-blade knife, was pushed against the 
companion, His probation officer was contacted, his parole : 
revoked, and he was returned to prison for several years. 


When surveillance reflected the arrival of a new 
group in town, they were brought in for investigation and 
their residence searched. 


Certain addresses used byj j35 mail drops 
in Philadelphia had been determined e addresses of known 
Negro extremists. When a young Negro was arrested for passing 
out RAM printed flyers and was charged with inciting to riot 
these addresses appeared in his statements to the police. Search 
warrants were secured, While the search of the first four 
only eliminated their use as mail drops, the fifth contained 
RAM and Communist literature and a duplicating machine with a 
RAM leaflet on the plate. Three persons were arrested at 
thís,last address, - 


=- 2- 
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. abanico ar 
Legal searches of the home of; EENE D and other 

RAM members produced a volume of Literature oi. such A 

"that the District Attorney authorized the arrest ofi. 

and five other RAM members. They are still in prison. - 


— 


Other RAM people were arrested and released on bail, 
but were re-arrested several times until they could no longer 


make bail. 
The above local actions appear ior bE present to 


have curtailed the activities of this / f$ 
apparently a highly frustrating experiecüéé ior the persons 


involved. 


< : gain under, arrest and that his wife 
and sister were also under arrest, he lay down on the floor 
of his residence, beat the floor with his fists and cried. - 


E: =? has been returned to New York to answer 
charges groWwitig out of a RAM plot in that city to kill moderate 
civil rights leaders. Most of the RAM activists are still 
in jail in Philadelphia at this time. " 


The above action by local police units is cited as 
an example of an effective disruptive counterintelligence 
technique. In other cities where close police cooperation 
exists, it may be possible to suggest similar operations ' 
and to supply to police officers interested in such a 
violence-prone organization not only information concerning 

roa tan its y Yan weak caont4mnmnc and 


4f hnt Adeas mer at ita 
á v wuY - NA X a el tive vu viv A MA AD VV, VIVUS AP baile 


profitable points of attack. 


EM MEIE MEET MEET GIL MEET UID! UM MUS Gm 


III, Future Action Planned by Philadelphia 


1. Pursuant to Bureau instructions, this office 
will commence interviewing RAM members. About a dozen are 
presently incarcerated in Philadelphia and tnese will be tne 
Tirst interviewed. 


2, Philadelphia is presently ee and 
analysing a list of names and addr mp from three 
private address books taken from} fat the times 


of. his three arrests since he retürücd tO rn lphia, 


Selective interviews will be made and the analysis may lead 
to other counterintelligence suggestions, 


" 3. { nd most RAM activists in 
Philadelphia da prison. Philadelphia will have 
to evaluate the situation more fully to determine the extent 
of vitality remaining in RAM in this area before it will be 
in a position to advance further PEGER LONN under this program. 
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Security Aide for Indians Says 
He Was F.B.I. Informer 


By JOHN KIFNER: 


fpecie] to The New York Times 


CHICAGO, March 12—The 


American Indian ‘“Movement’s 


chief ‘security officer during 
the trial of the leaders of the 
Wounded: Knee take-over said 
today that he was a paid in- 


former: for the Federal Bureau 
of Invéstigation. 
The Government, in a sworn 


affidavit at the trial, had ap- 
peared to contend that it had 
no informer in the defense 


ranks. 


"The informer, Douglass Dur- 
ham, was the chief aide and 


confidante of Dennis J. Banks, 


one of the two defendants jand 
a co-leader of the American 
Indian Movement. In addition 
to. being the organization’s na- 
tional secunity director, he be- 
its chief 


came, in effect, 
bureaucrat. 


“I exercised so much control 
that you couldn't see Dennis 
or Russell [Means, the other 
defendant and co-leader] with- 
out going through me, you 
couldn't contact any other 
chápter without going through 
me, yoü couldn't contact any 
other chapter, without going 
through me, and if you wanted 


» 


money you had to see me, 
,Mr. Durham said. 


Cash Payments Raised 


During the trial, Mr. Durham 
-was the only person, other than 
defendants and lawyers, with 
regular access to the room in 
which defense strategy was 
planned. He said that his prox- 
Amity to the A.LM. leadership 
had caused his cash payments 
from the F.B.I. to be raised 
from $900 a month to $1,100. 
He said he was given'a spe- 
cial telephone number during 
the trial, which was held- in 
three-man 


St. Paul, to cail a 


F.B.I. team headed by Ray Wil- 


Jams. 


eTIwua G? VILE PIRECTOA 


an estimated 350 to 400 
Pine Ridge Indian Reservation, South Dakota, 


' Reached at the Minneapolis 
office of the F.B.I, Special 
Agent Ray Williams said, "We 
are unable to comment on 
that." 

Following the 71-day occupa- 
tion of the village of Wounded 
Knee on the Oglala Sioux reser- 
vation of Pine Ridge in South 
Dakota by more than 200 In- 
dian militants in the late winter 
and early spring of 1973, Mr. 
Means and Mr. Banks were 
indicted: on: Federal charges of 
conspiracy, larceny and assault 
on government officers. 


Charges Dismissed 


The charges were dismissed 
‘after an eight-and-a-half-month 
trial last Sept. 17 by Judge 
Frederick J. Nichol of Federal 
District Court when a juror 
became sick and the Govern- 
ment declined to proceed with 
a jury of 11. A Government 
appeal oa the case was argued 
yesterday in St. Louis. 

In dismissing the charges, 
Judge Nichol assailed the 

prosecution, contending that it 

had deliberately deceived the 
court. He was icularly criti- 
cal of the F.B.L, whose agents, 
he said, had given testimony 
that was not true, and had 


withheld documents or fur-. 


nished altered. documents to 
defense attorneys. 

"It's hard for me to believe 
that the F.B.I, which I have 


revered for so long, has stooped’ 


so low,” the judge said. 

In an interview last night, 
the 37-year-old Mr. Durham de- 
scribed what he said ware his 
activities as an F.B.I. informer. 

His cover was broken on 
Friday, he said, when, after 
some members of the group 
became suspicious, he was con- 
fronted with law enforcement 
documents that proved his role 
as an informer. 

He said he was 


"relieved" 


ibscause he had come to respect 
‘Mr. Banks and to believe that 
IA.LM. was a “legal, social orga- 
|nization that wasn't doing any- 
‘thing wrong.” 

Mr. Durham, a large man 
‘with his black, shoulder-length 
|hair, recounted his career as 
& police undercover agent in 
| n n native city of Des Moines, 


e said that after serving 
in the Marine Corps, he joined 
the Des' Moines police force, 
working in a burglar-infested 
neighborhood, but left the force 
after his wife died. 

He later worked in and thsn 
imanaged a ‘series of restau- 
'rants, some of which became 
.hangouts for burglars, Mr. Dur- 
ham said. 

At the Same time, he added 
he was learning to fly a plane 
and to scuba dive, and was 
developing skills as a photo- 
grapher, studying locks and 
burglar tools and reading about 
:psychology—all abilities that 
would eventually serve him as 
‘an informer. 
| He said that he began passing 
the information to the F.B.I. 
and the local police, and even- 
tually became a police under- 
cover operative on criminal ca- 
‘ses in several Midwestern ci- 
ties. 

He said he was taking photo- 
graphs for an underground pa- 
ver called Pax, whose editor 
asked him to go to Wounded 
‘Knee during the Indian take- 
lover. 

Reporting this to the F.B.I., 
he entered the encampment 
with press credentials, took 
photographs and gave a report 
'on the Indian group's defenses. 

After returning to Des 
‘Moines, he said, the F.B.I. sug- 
gested that he get in touch 
with Harvey Major, the leader 
of the local A.LM. chapter. Mr. 
Durham became the publicity 


FEDERAL BUREAU OF JNYESTICATION 


A A A A A A A A TEE 


As of March 13, 1972 


Breet and later the assistant 
director of the chapter. 

Mr. Durham’s swarthy skin, 
dark eyes, and high cheek- 
‘bones gives him an Indian 
look, and appearance heighten- 
ied by the large turquoise ring 
land beaded belt buckle he 
iwears and by the headband he 
fwore around his hair when he 
‘was the Indian group's chief 
isecurity officer. He told the 
|A.LN. members that he was 
one-fourth Chippewa. 

At one point, he said he 
{helped lead an armed take-over 
lof the Grimes State Office 
Building in Des Moines. He said 
ihe first informed the state po- 
lice of the impending take-over, 
land that they paid a $100 fine 
jhe received for disturbing the 
peace. 

i 1t was his skill as a pilot 
that first brought him close to 
Mr. Banks, he said, and the 
jE-B-L encouraged him to main- 
tain the relationship. 
Ì Mr. Banks had gone into 
hidding in Canada after the in- 
dictment and before the bond 
Wes raised. He got a message 
‘to Mr. Durham to meet him in 
‘Yellow Knife, in the Northwest 
jreow xn Mr. Durham did, and 
IMr. Banks gave him two rolls 
[of movie film that Mr. Durham 
‘turned over to the F.B.I. 
| Then, with the F.B.I.'s knowl- 
‘edge, Mr. Durham again flew 
ito Canada in a rented plane 
tand spirited Mr. Banks to Rapid 
|City, S.D, in time to avoid 
forfeiting bond on state charges. 

Later, Mr. Durham said that 
he flew Mr. Banks around the 
country on speaking trips and 
that at one point the F.B.I. 
gave him a $1,000 "bonus," 
made out to tbe charter serv- 
ice, to pay for the plans. 


WAR 16 173 


available information indicates 
individuals are at Wounded Knee, 
taking part in the 


occupation of that community under the leadership of the American 


Indian Movement. 


Previous estimates of the mumber of individuals 


at Wounded Knee have ranged as high as 1,000, many of whom are 


reportedly armed with assorted weapons, 
rifles and machine guns. 
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To: SACs, Baltimore £157-2520) __ ; 
id l Detroit (157-3214) `- San Francisco (157-601) ER 
Los d (157-4054) Washington Field 037-1292 


Fron: pickbE, free (100- 448006) - 


COUJTERIHTZLLIGEFCE PROGIA' $ 
BL^CK HATIONALIST - HATE GROUPS .. . | 
BLACK PLNTHER PAPTY (BeF) - 

RACIAL MATTERS 


 Bebuairtel 8/27/70 and San Francisco airtel 1 978/70, 
copies furnished all recipients, 5 E E f 


Bureau concurs with observations: of San Francisco : 
concerning proposals submitted by Baltimore, New Haven, and 
Washington Field, In event these offices have specific :: 
proposals to make in line therewith, they should be separctely * 
E a in detail requesting specific Bureau BEDS E I 
z jto implenent them, 


Concerns the first proposal subit tted by Detroit, 

ounterintellipence action by San Francisco to capitalize on 7? 
Rlicy P, Howton*s favoreble stan toward honosezuais has already . 
t; been authorized by the Bureau. The second Detroit proposal to — 
» consider directing an anonymous commnicetion to Newton accusing 
ETC David Hilliard of stealing BPP funds and depositing them in ^ 

4. 1,7 foreign banks does have merit and the Bureau does not concur . 
A vel with Son Francisco's observation that this would have little 
effect since there is no record that d. is s'-imming * Te 
peter d amounts ex inue d. B te21í ti 


COMES. 


E - -105-165706 Ger) 


= ABF: alae) (20) © 
WEREIH IS re stor 
MOT SHEPE SENNY . 


zoca 1°70 
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^ ALL INFORÉATION CONTATNE2; 
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rfel to. SAC, Baltimore et a s 

3 COUNTERINTELLIGENCE PROGRAM ^ 

^ BLACK NATIONALIST - PATE GROUPS 
BLACK PANTHER PARTY APR? -— 


100- 448006 


tiat If. "EN are presen t, it 


the success of the a but the Bureau feels tha fus tha t the = 
skimm mning of dd is Such i a sensitive issue that disruption 


Es-to-back it up. ues 


: dosordimgis: Detroit imncdietely furbisk Bureau 
ans Son Francisco with specific suggestions and wording to 
Coa — owe — 8 Olin ete nae name wed, 


Lm EEan 
this errect and SPULE & ALIE OUUU Snort tnen LOVAC WEI DOUI TAES 


submit specific proposal in this regard for approval by Buresu, 


With respect to two anonymous letters proposed by : 
Los Angeles, Bureau concurs with San Francisco that to include - 
the card of a member of a rival black extremist group in a letter 
Hilliard indicating Newton is marked f for- assassinai t E 
T the Bureau in the position of aídii initi 
by the BPP 


Wetter ais not gather 


that the writer would soon get is touch with A $. 
a eee have Newton eliminated. ` 
‘eSubmit the revised letter to the Bureeu for approval, = 7T 
— cm ESO e c Mi Xr an um. RE 
"C Concerning the second anonymous letter identified | as 
‘Wetter E" submitted by Los Angeles to be directcd to Newton . 
apparently from dissident and expelled Los Angeles BPP menbers ` 
and aimed at undercutting previous leadership, this proposal : 
is authorized. Los fngeles mail same in such a manner that ae: 


cannot be traced to the Bureau. Advise Buresu and San Francisco - 
when mailed and of any positive results. a lus 


olo 
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TO  : DIRECTOR, FBI (300-448006) - pate: 7/9/68 


WFO inclined to feel the best way to inplenent 
the suggested counter-intelligence program against CAUMICHAFL 
is by inavgurz siri a “whispering campaign" iba? he is ^n. 
agent of the U. 5, Government and doing organizing work among 
Negroes solely for the purpose of hclping the iin itd ent 
identify racial militants and futurc racial radicals. Further, 


one 


SSeS SSS 


DIRECTOR, FBI (100-448005) DATE: 7/10/68 


SAC, NEW YORK (100-161140) (P) 


It is suggasted that consideration be given 
to convey the impression that CARMICHAEL is o C? l 


informant. 


t» a One method of accomplishing the above vould 
be to nave a carbon copy of informant report reportedly 
written by CARMICHAEL to the CIA carefully deposited in 
the automobile of a close Black Naticnalist friend. 

The report should be so placed that ít will be pied 


. geen. 


It is hoped that when the informant reyort 
is read it will help promote distrust between CARMICHAEL 
: and the Black Community. It ís suggested that carbon 
. “copy of report be used to indicate that CARMICHAEL, turned 
. original copy into CIA and kept carbon copy fer himself. 


i It is also suggested that we inform a certain 
percentage of reliable criminal and racial íiníc:r»nts 
that “we heard from reliable sources that CARIUTAEL: 
is a CIA agent". It is hoped that these informants 
would spread the rumor in various large WegroQ. cowwun- 


‘ities across the land. 


TO, 2 9 DIRECTOR, FBI (100-448006) - pate: 9/9/68 
nl . E 

On 9/4/68, a pretext phone call was placed to 
the residence of STOKELY CARMICHAEL and in the absence 
of CARMICHAEL his mother was told that a friend was 
calling who was fearful of the future safety of her son. 
It was explained to Mrs. CARMICHAEL the absolute neces- 
sity for CARMICHAEL to “hide out" inasmuch as several 
BPP members were out to kill him, and it would probably 
be done sometime this week. Mrs. CARMICHAEL appeared , 
shocked upon hearing the news and stated she would tell 
STOKELY when he came home. 
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| Ademorarioum: 


TO  : DIRECTOR, FBI (100-848006) 


29 


MM 


etra SAC, SAN FRANCISCO (157-601) - P `> < >` : | 


- 


p" SUBJECT? LOUNTERINTELLIGENCE PROGRAM 
. BLACK NALIONALIST - HATE GROUPS 
T4 | RACIAL INTELLIGENCE 
| (BLACK PANTHER PARTY) 


a Bulet 11/25/58. 


f : On 11/19/68, a group of members of the BPP held up 


a service station in gan Francisco and then, when stopped by 
the San Francisco Police Dejartment, engaged in a shooting 


fray, in w which three pole o'ficers were y 


place 
close to Police Headquarters. The truck in which the Panthers 
were riding was clearly marked as a BPP vehicle.  ELDRIDGE 
a CLEAVER was reported in the press as being astounded at such 
N an'episode, with so little chance of success, and which received 
D very bad publicity for the BPP. It was so illogical, he 
` charged, that there must haye been a police plant in the truck, 
and suspicion centered ong because he was the man in 
M charge; likewise he had gone “tO the men's room" during the holdup, 
‘oy, and the BPP suspected he may have gone to pcne the polices 


A A ne ch FP 
NJ 7 ade Tg ee A 
[f z 


privileges at City Prison, such as more lenient visiting hours, 
and to have the guards show him "extra" courtesy in front of 
other vrisoners. Also, with Bureau concurrence, an c 

letter was sent to BPP Headquarters via Omaha, where 
in August, 1968, organizing a new BPP branch, and: whe 
been temporarily detained and interviewed by police, suggesting 


G- Bureau (RM) 

- San Francisco 
WAC/jr °> 
(3) 
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SF 157-601 
WaCfje ^ F , ; 


who had 


that the brothers in Omaha were suspicious of 
easily gotten out of jail on a local charge. 


The success of this operation is unknown, however, 
to have added to the suspicions of the BPP 
who is actually an important man in the San 


* The San Francisco Office wishes to point out that 

opportunities such as the above are rare, and fast action is 

pecessary to successfully implement them. It cannot be 

expected that a planned disruption in the average case would 
' be of such probable value. 


i It is believed that the BPP is becoming sensitive to- 
the possibility of informers. This office will try to ascertain 


those Pantliers who have been arrested and who the BPP thinks 
might start to talk. We would then formu TALS Some plan to 
cast suspicion on the man. We must be i it if tbe plan 
is successful, a gang-type murder may be the result. 


recently, the San Francisco Office ascertained that 
ELDRIDGE/CLEAVER was “dating” ED neglecting his 
wife, the dynamic and handsome KATHLE LEAVLR. With Bureau 
‘permission, the dating information was made available to 

Mrs. CLEAVER. Results of the above are not known. i 


Attention will be given to this program on a continuous 
basis. 
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2 . P DeLee mann 
x ; CNN C a a D ; Ch 
To : pa Sullivan l ^ pate: October 8, 1963 : Due 
E Pu ZEE vo evil o 
NM. i E “siae Belnenb. x Y ter 
FROM : Mr NE : P m l = Mr. Mohr EET 
: j l = Mr. Sullivan . TE errr 
ae Moe susti l = E Callahan E. de 
SUBJECT: GROUPS SEEKING INDEPENDENCE ` . . de Mo 
"P FOR PUERTO RICO 77 01 - Kr. DONO 
V T COUNTERINTELLIGENCE PROGRAM. ` Y i AL 
SUBVERSIVE CONTROL SECTION "ow CONDE Li 
Hie tgs Federacion de Universitarios Pro iodepekdenuia (FUPI) is a 


Marxist oriented student organization at the University of Puerto Rico 
(UPR) which is. affiliated with the commune controlled International 
Union of Students. . . E ee 


Special Agent; .....;. ogof the San Juan Office 
=- recognized newspaper PhotorrabhE t: ‘taken at the noe AGA TALL EA Bes Cuba? 
ally in Brazil during April, 1963, aS including (a jand 
OE Mer officials of FUPI. He sent the newspaper "PhóvOpFaphs 
o pees along with a suggested text in Spanish language to be 
used in a counterintelligence leaflet to be distributed at the UPR. 


The leaflet was prepared at the Bureau and 4,000 copies 
©- sent to the San Juan Office where they were distributed anonymously 
'" ín bulk on 9/5/63 to known anti-FUPI and anticommunist groups at UPR 
and also in the College of Agriculture and Mechanical Arts in Xayaguez, 
Puerto Rico, The leaflet clearly shows the communist influence in FUPI 


* The counto rintelli gence results from this Pv verg 


highly successful, l ee 224 aa 


(1) "El Mundo," a leading Spanish language mc 
newspaper in Puerto Rico, reproduced the photographs ` s 
and part of the text from the leaflets on the front 
page of the 9/16/63 issue of that paper, thus giving 
. the widest possible dissemination of the damaging 
infornation regarding Uds REC- 3 ren 


k . 
m, . (2) The leaflet sented panic and WETSEHGED Dong the 
‘147 ranks of FUPI who believe the leaflfSt la ljrepared by 

an anticommunist organization activo on the campus of UPR. 


mmn d 


of (3) As a result of this pa.ic, FUPI has suspended efforts 
. to recruit new menbers. They,had been in the mi Li 
ewecruie sng drive at the timed » dens Lue Of 
ue edes C 


‘ | 305-93124 = | et” 4 
EGLP:ercoj f fare, P. 4 - Xesdficd | 
(7). Ñ Pe WW. OR aN = 1 UC Excinpt Tes 


- 


JAN EI POF Yn l d ` ~ Pawol 
ce dum Administrative Division page 2a. 
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Biemorfndum to Mr. We C. Sullivan 
RE: GROUPS SEEKING INDEPENDENCE 

FOR PUERTO RICO . E 
105-93124 . l MC T 


(4) The leaflet has made new students aware of the true 
nature of FUPI as evidenced by the several complaints 
received by local police from new students and their 
parents concerning efforts on part of FUPI to Hecate. 
new members. 


cokcLusions: a er a oa 


Special Agent! _ exhibited outstanding initiative ín 
‘recognizing the officials of FUPI in newspaper photographs and 
also in recognizing the counterintelligence potential of the 
photographs. Not only did he recognize the potential but he 
followed through in submitting his suggested Spanish language 
text to the Bureau and in the distribution of the completed 
leaflets. f . i 
RECOMHENDATION: ; : | 
It is recommended tna an appropriate xücantiue award be 

made to Special Agenti i 97 in an anount to be determined 
by the Administrative . 


ADDENDUM: 10/8/63 


Nes Eat is assigned to the subversive Control: ‘Section of the 
Domestic {ntelligence Division and is charged with the supervision of 
pro-Puerto Rican Indevendence groups and the supervision of investi- 
gations thereof, SA‘ | 3 displayed outstanding performance in 
connection with the discharge of his supervisory duties in this matter. 
' He gave instructions and guidance to the field which were clear and 
concise and made suggestions to tke field which were EE 
bringing ins. ie Eee fnen-snecens IRA ce Senciusd mers CU 
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FROM : Mr. G. C, wor] — 


€. 
pP: COUNTERINTELLIGENCE PROGRAM 
— cm BLACK NATIONALIST — HATE GROUPS - 
: RACIAL INTELLIGENCE - 
(BLACK .PANTHER PARTY) 


PURPOSE: 


To recommend attached item be given news media . .-: : 
source on confidential basis as counterintelligence measure $i 
to help neutralize extremist Black Panthers and foster split .. 

between them and Student Nonviolent Coordinating Committee -7 7 


(SNCC). - - MER Teram 


BACKGROUND: 


There is a feud between the two most prominent. ort 
black nationalist extremist groups, The Black Panthers and . ^7... 
SNCC. Attached item notes that the feud fis being continued PE 
by SNCC circulating the statement that; ut 


ES 
UC 
" "According to zoologists, the Piin disfirence NE qe 
a panther and other large cats is that the panther has the . 4 FGIL 
smallest head," "n N 


This is biologically true, Publicity to this effect =.. 
might help neutralize Black Panther recruiting ry 
BE 

| | - 1708 Dy 


ACTION: 


s That attached item, captioned "Panther Pinheads,* ES 

m Bi "furnished a cooperative news media source by the Crime "7j 
"V" Records Division on a confidential basis. Ue will be eatery 
for other ways to exploit this »À =o ; 


Enclosure i 
100-448008 MENU "X Km 
: Mr, C.D. DeLoach A F 

Bir, W,C, Sullivan 


Br. TE. E 
c 


‘{ St ae OTER nga = 
Hi Lo os pai 


SRM SOM MARE e oe : 
Bah ga REAL DorecHLoe-*. mrt 
^ E tc pile M 9 oh 
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FROM P c. ue: T o 
C mG i 


susyect:COUNTERINTELLIGENCE PROGRAM 
BLACK NATIONALIST - HATE GROUPS 
"([, RACIAL INTELLIGENCE | 

( . (BLACK PANTHER PARTY) _ 


Attached T en article concerning the erizimal ^" 
activities of the Black Panther Party (BPP) for the Crime vi, 


on a confidential basis. siok ea e ee ae 


Tne extremist and highly violent BFF has peen =: 
involved in criminal activities since its inception. c 
-BPP has been involved in robberies, attacks on police officers á 
and other serious crimes. Many individual members have long  '- 
criminal records, Details of this ohare have been pained er 
in the attached article. Eu 


Exposure of these activities by sitione d news 
media would show the true nature of this extremist group. 


xD um That attached article be furnished a eoopatutive B uid 
“ty {7 news media source on a confidential basis by the crine Records gk 
Tu Division to PRIS the CEERIPRE nature of the BPP, =n t~ Pe 


52 100- aes — p 
TJD:ekw (9) * | 


l - Mr. DeLoach L 
i ji - Mr. We C. Sullivan 
- Mr. Bishop 
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Pu. incmian POR ee 


"TELETYPE Mr Vickers | 
. . s Tele. Rocm — 65 
E E Kr. Kinle 
NRZ28 SE CODE —— e | 
: 4 p Tir Eor 
"6213 PONT 3-16-73 DCB P nos i 
* HA ER wj 
a DIRECTOR Ha Se rm 
(7 - MINNEAPOLIS Pues 
FROM SEATTLE j¢P) 4PG 
RE BUREAU. TELETYPES TO MINNEAPOLIS AND SEATTLE DATED 
23/9 AND S715475. = - 
EA 22,1912 


/ SEATTLE, WASHINGTON, “ADVISED ON 3-14-73 STATION'S BLACK Neg... 


END PAGE. ONC GE — BESS” 


:SE pack Two” 

' REPORTER, CLARENCE. NC DANIELS, HAD. RETURNED TO SEATTLE FROM 

- WOUNDED KNEE CHK), SOUTH DAKOTA, BUT AT THE REQUEST OF UPI, 

> NEW YORK, HADIRGREED TO RETURN TO wK. ACCORDING TO UPL, NEW 

“YORK, WK INDIANS WILL. NOT TALK TO. THELR CORRESPONDENT; HOWEVER, 
THEY HAVE IMPLICIT TRUST IN MC DANIELS AND: WILL TALK TO HIM. 


“nC. DANIELS LEFT SCATILE 5-14-73 EN. ROUTE Wk, WAS LAST HEARD 
3 FROM 168 MILES FROM WK STUCK IN SNOW STORM, HAD NOT REACHED WK 
-AS OF 12:00 AM, 3-16-73.. MC.DANIELS IS EXPECTED TO. CONTINUE 
. 4 FURNISHING COMPLETE COVERAGE OF ACTIVITIES AT YK IO KIXI BY 
PHONE AND TAPES. HE WILL BE REQUESTED TO 00 Mia STORY 
,ON SEATTLE AREA PARTICIPANTS. HE IS UNAWARE THAT HIS: STORIES 
“ARE NOT BEING PUSLICIZED IN FULL OR THAT THE INTELLIGENCE 


—— 


"INFORMATION AND HIS TAPES ARE BEING FURNISHED THE FBI.  KIXI 
; OFFICIALS REQUEST HE NOI BE CONTACTED AT WK; HOWEVER, IF ANY 


"SPECIFIC INFORMATION IS NEEDED BY Fel, XIXI wILLing TO PASS 
ON REQUEST AS NORMAL DUTY ASSIGNMENT WITH NO REFERENCE TO FBI. 


‘MC DANIELS WILL BE MADE AVAILABLE TO FSI, SEATTLE, FOR FULL 
“INTERVIEW UPON RETURN TO SEATILE AT WHICH TIME IT IS HOPED 
“ALL OF THE SEATTLE AREA PARTICIPANTS YILL BE IDENTIFIED yITH 
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` V Sx f En ea 
* GLADSTONE» ait tie 
t River Editor | ' . 
Charles Abourezk PER In Rapid 
Cdy Friday that the Federal Bureau of 
Jnvestigation report . released . about 
him this week 13 “fabricated: tO serve 
The FBI's own purposes.’ E 
He sald he was referring to the in- 


ost. 
1 


vesligatlve report made available by `. 


his father, Sen. James Abourezk, Tues,’ 
day to the Washington Star, The sena- 
tor declared at that time that the alle-: 
gatons about hls son were part of a 
sme ar campalgn'' to discredit him; ' 


Charles, who sald he is employed 'as' 
4n Oginla Sioux tribal attorney, read à 
red statement prepared by him- 

self, Sam Moves Camp, an Oglala Sioux 
Medicine man,and Rene HeDealix. 
Rapid: City. EN . Va QU 


DOT 
"E P 


It was near, LeDeaux's home: that; 
Rapid City police began digging Thurs: : : 
day m a search, for arms and ammun: T 
ition sm" ^ ; 


“ à 
D oe 


The three- sald iue feel. the “FBI ' 
memo "released by It to all law en- 
forcement agencies and others of this” 
Teese served as a method of provoke 
Ing already tense law enforcement peo- , 

ple; who have been told to expect Me 
thing this summer, to a point where 
‘fear and violence could be. thelr; only 


n 


possible reaction," '. . "d 
P 


‘Young . Abourezk' was, eui y. 
Moves Camp and, LeDeaux as a Wound 
ed Knee Legal, Detense/Qtfense' Çam- 


mittee worker announced, th - 


PH 


. Abourezk would read the statement 
"no questions would be answered, 


"^. The statement went on; “We know, d M 


ani such organization .as a Dog .: 
` Soldiers," a term used in the e 
i ;. provided the senator,:and thét "none at 
* u3 has ever transported or stored am» 
munitlon, guns or explosives and we 
have no knowledge.of any 'gun runy 


é ning. PO mu qul be 
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6/a6/76 

> .99 t CEL OE DA 

“This statement Is. further praven. by 
‘athe fact that Moves Camp ls an Oglala, 
* Sloux’ medicine man‘and cannot carry’ 
“any kind of * be aie, ey the Sacred: 
>Plpe, * m xis 
“Werfeel that this is only one of many) 
"suci memos, nnd that they serve, sevi 
eral purposes: that, because of the de: 
talled descriptions of our: addresses 
and vehicles, it serves as a disguised 
‘shit list’ for the varlous law enforce- 


ANDA RC 


gencles across the country; ‘Ine < 


ment. ‘agencies across ing Cf 


; viting : ‘open harüssment'of the indl- 


»:vlduals named In It and at worst, pro- ` 
toa viding possible targeting for politica) 


pt wos 


: assassinations. i 
| massive domestic Intelligence and 
; pora military operation currently’ in 
, existence within this natlon ppainst 
. those who are working for the rights of, 
Native Americans, These memos can 
only serve to Justify escalation of, "3 

t ETE, operations, 


" m ‘Moves Camp, E 
nyed, "was recently 8 victim ‘of qne or 
these disrupting programs by the,;gpv- 
ernment. He was talled by tho. EBI ali 
the way to Canada where he. was at- 
\tendiag. a conference of Indian spiritual 
leaders. ‘This lüformatlon wps pur- 
. pasely leaked by the FBI to a cpntact 
_ participating’, in the’ conference, Seek- 
Ing : Ja cause anger and disruption 
among those „attending. Later an FBI 


tha 
uic sta tem 


teletype similari to this ono- was re- 
-leased with the same ARE alle- 


gatlons.. ING 
We" strongly? féel- that we. miy 
already be victims of the purpose and 
“intent of this, memo. fresa : 


m 
2x4 iA d . TE 


"Two days ago, an ‘all m bulletin l 


"was Issued for Charles Abourezk con- 
i cerning an Incident that supposedly oc- 

curred In Scenlc while at the time he 
' was at a legal office in Rapid City. 


i We feel thls memo la evidgnée ofa" 


- "Yesterday and today, Rene 


iLeDeaux's residence was under sur- 
velllance by the FBI and local police 
and. they are continuing to dig a large 
hole outsldé her yard, supposedly 


"searching for guns. One of her nelgh- 


bors was offered $500 to give the police 
information and when she hesitated 
they offered to Increase that ten times, 
,Stan Zakinski, Rapid City assistant 
police chlef, sald the department had 
ufered no reward to anyone for Infor- 


Ila 


thea dinalar 
Aic. 


maton s which led [t ine uibh 
sald, "ithe tip came from what we will, 
have to say Is an anonymous source and 


. we puid nothing for It." > 


The statement read by Abourezk con- 
cluded: “We know -that the all points 
- bulletin and the. search for guns are 
fubricated setups by the police, and 
only the beginning of the harassment 


- that we may be recelving In the future, 


posslbly worsened becouse of the re- 
lease of this statement." 
The report which the senator said 


was an FBI memo alleges that the 


"Dog Soldiers" were to meet June 25 or 
immediately thereafter at the resi- 
dence of Howell (LeDeaux) for "final 
assignments to the Dog Soldiers for 
turpets throughout the state on tho 
‘Fourth of July weekend," 

The memo also alleged that Moves 
Camp, "an acting American Indian 
Movement member, allegedly trans- 
sports the weapons from Redman Strett 


' (number unknown), Omaha, to the resl- 


dence of Charlle Abourezk." 

. Rapid City police reported they be- 
gan the digging near the LeDeaux 
residence because they had been told 
that guns, ammunition and cxplos'. 
were burled in the Int. 

“Stdte Radio, the Pennington County 
Sheriff's office, Rapid Clty Police 0e- 
partment and local office af the US. 
Marshal's Service all sald they Kad 
heard no all paints bulletin for young 
Abourezk recently, 
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(Ed. Note: As with other groups targetted by the FBI, the Bureau's analyses and ot 
recommendations for action concerning AIM seem contradictory, The FBI memos excerpted 
below suggest a self-fulfilling prophecy regarding violence, especially through the 
use of “extremist informants" who often become agents provocateur.) 


‘Airtel to Albany 
Re: American Indian Movement (AIM) 


(5/1173) - , T : ; 

A forceful and penetrative interview program of individual 
activists should be instituted. Conduct interviews in accordance 
with existing instructions under SAC authority if facts. necessitating 
Bureau approvel are not present, , Such a program should present 
excellent opportunity for developing extremist informants among 
Indian activists dedicated to violence and SOUESOUEREUOES best exempli- 
fied by the Wounded Knee. situation, 


ZMP 157-1458 | pustü Cose 
(1975 ) 7 ` - "E 
| The goals and ‘objectives of AIM remain 


essentially r the 


Vo XAR 


The 
public are:. 


l 
2 Establish AIM Indian Survival Schools: 
oe throughout d iia LP E 


Causa. thé U. S. tö oner dts iia 
with the Indian tribes. 


4, To acquire separate and independent nation 
Status for Indian tribes occupying 
federal reservations. 


- =h 


am aes RN 


5. To halt strip-mining and similar : 
exploitation of natural resources on "^ 
Indian land. : 

- 6. To generate unification within the 
Indian people. 


‘7. To bring the economic status of the Indian 
Americans up to that of the general > : f 
community. 


SEEE A A A 


Q175) Any full inveztigntion involves a degree of 

privacy invasion and thet of a person's right to free ` 
expression, Informant coverage is the least intrusive t 
investigative technique capable of producing the desired 
results. Thus, because of specific factors surrounding 
-this csse, it is recommended that a full investigation . 

be conducted. 
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Muy" Ae oe ee ee ee oe oe seme ee ee ee ee ee ee ee ee 
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Mr. Gebhafdt 1: un" DATE: 4/24/75 pr^ 000 marc, 
A p l : E rer c ir 
l - Mr. Gebhardt.7° RE aeg 
J. E. O'Cognii g) l - Mr. Bates taoil. 
i VA l - Mr. O'Connell abr. 
? l - Mr. Gordon A d 
THE USE OF “SPECIAL AGENTS l - Mr. Wannall istics, 
OF THE FBI IN A PARAMILITARY 1 - Mr. Mosher ` od 
LAW ENFORCEMENT OPERATION IN l - Mr. Gallagher nieto 
THE INDIAN COUNTRY 1 - Mr. Mintz 
l - Mr. Mooney 
i l - Mr. McDermott 


PURPOSE: This position paper was prepared for use of th T | 
Director of the FBI to brief the Attorney Géneral and the ji 
Deputy Attorney General (DAG) on the role of the FBI \ 

in the event of a major confrontation in -Indian country _  .. 
(Federal jurisdiction) where (1) the President decides — . 
against the use of troops; and (2) the FBI is ordered ^ ^ 

by the President and/or the Attorney General to deploy 

FBI Special Agents in a paramilitary law enforcement 

situation, in iieu of the use of troops. 


Ee Ga ee eer or Re er poe ange 


Throughout the operation there was a definite lack of 
continuity as each senior representative replaced another. 
Colonel Volney Warner (now General), Chief of Staff, 82nd 


. Airborne Division, was dispatched to Wounded Knee at the 


outset to assess the situation and to recommend whether or 
not troops should be utilized. The AG issued instructions 
there was to be no confrontation and negotiations with the 
militants by representatives of the DOJ were to be entered 
into to resolve the matter and have the hostages released. 
There was a divided authority among the many 
agencies present at Wounded Knee, including church and 


social groups. The senior Government representative, 


Departmental Attorneys, and members of the USA's Staff 
i$sued conflicting instructions. Each representative 
present on the scene .took instructions for the most part 
from superiors of his own agency. For example, on ERN 
March 4, 1973, after consulting with Colonel Warner, © n 
Ralph Erickson issued orders that the use of deadly force 
by the law enforcement officers on the scene could only 

be used in self-defense to avoid death or serious bodily 
harm. In the application of force the officers, including 
FBI Agents, were to aim to wound rather than kill. This was 
in direct conflict with the policy of the Bureau that an 
Agent is not to shoot any person except when necessary in 
self-defense, that is, when he reasonably believes that he 


or another is in danger of death or grievous bodily narm. 


Special 


S ial Agents are not trained to shoot to wound. : 
Agents are trained to shoot in selr-dsfense- to neutralize the 


. deadly force The SACs on the scene and officials at FBIHQ 


strenuously objected to orders such as this which had 
previously been a approved by. the AG without consult ation with 
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The FBI encountered extreme problems, both in the '69 


field and at FBIHQ, in adapting to a paramilitary role. 

The FBI was not equipped logistically to operate 

in a paramilitary situation in open terrain which 

ultimately ended in a 71-day siege. The FBI and USMS had 

to be equipped with military equipment, including Armored 
Personnel Carriers (APCs), M-16s, automdtic infantry weapons, ! 
chemical weapons, steel helmets, gas masks, body armor, f 
illuminating flares, military clothing and rations. Authority 
had to be obtained from both the AG (and/or his representative) 
and from the General Counsel, Department of Defense, prior to 
requesting the military logistics adviser, Colonel Jack Potter,. 
to obtain the weapons and material through tbe Directorate 

of Military Support (DOMS). This clearance was often not 
forthcoming when clearance had to be obtained during the 

night hours. This phase of the operation reguired the FBI 
to'maintain a constant 24 hour vigilance so as to equip 

our Special Agents and the other law enforcement officers with 
the weapons and material needed for a defensive operation. 


RECOMHENDATION: The Director neet with the AG and DAG to 
Brier them on the Wounded Knee incident so that they fully 
understand if such an incident occurs in the future or an 
incident similar to Wounded Knee and the FBI is involved, 
the FBI will insist upon taking charge from the outset and 
will not countenance any interference on an operational basis 
with respect to our actions. They should understand the 
FBI due to its long years of experience and training is abie 
to make law enforcement decisions without over-reacting 
to protect the general public, its Special Agent personnel, 
and the violators of the law. The AG and DAG should be 
advised it is our broad policy in such instances as this to 
"get in and get out as quickly as possible" with complete 
regard for the safety of all concerned. . The FBI furthermore 
would seize control quickly and take a definite, aggressive 
stand where necessary. It should be clearly stated that the 
FBI does not desire to become involved in any political 
Situations and definitely not participate in any discussion 
where it is oput pol in nature. 

di E JA get amer e Saas, Ma dnd 


T al-——— "oam lol Y 


; From 1975 FBI Memo Alm 
Dissemination ( MEC. 


TE are disseminated when appropriate, 
interested agencies, including the Department of bite, 
2 Secret Service, DIA, and Military Intelligence. In 
g 7 of foreign travel by AIM leaders and interest dn AIM 
abroad, periodic reports from and to foreign agencies, 
for information relative to above activities, as well ss 
man interchange of information between _the FBI and t the CIA, 
is necessitated. e 


Due to the AIM's violence potenti&gl, which is 
frequently directed toward local and state governments 
„and police officers, timely dissemination of specific 
intelligence information affecting their agencies, is 
of utmost STOR ERD CG 1. este e te 
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^ - Memorandum 


m 
SAC, LOS ANGELES (157-8781).2 pate: 3/29/79 


TO 
2; FROM b G) (c) 
- SUBJFCT: ERNIE LOUIS PETERS 
x LDS.- AIM ^ 
" x à 00: LA 


Pursuant to instructions from Supervisor of Squad 11, 
it is recommended that this case be reassigned to an Agent on 
Squad 11 currently working Dome. investigations. 


Tor sni further recommended that this case be assigned togi 
Saad Sat: mrs DIU who has been briefed on all pertinent facets 


the AIM investigation. 


(415 iFBl Memo 


MP 157-1458 
JOHN FRANCIS TRUDELL i ww 


JOHN FRANCIS TRUDELL continues.as the 
National Chairman of the AIM and of the National 
Leadership has been involved in radical Indian 
activities longer than any other AIM leader. 

TRUDELL is an fatelli ent individual and is an 
eloquent speaker who fad the ability to stimulate 
people-into action. TRUDELL is known as a hardliner 
who openly advocates and encourages the use of violence 
although he bimself never becomes celta involved 

in any fighting. ae meee ea ee oe ceno 


EN ODE TA eee zs ooi TRUDELL = — 
~a seni- -permanent residence in So. Paul, Minnesota, but 
his closest and immediate family ties remain in Nevada. 


‘TRUDELL has appeared. numerous times on the 
Lecture Circuit in behalf of AIM and is usually well- 
received. 


TRUDELL, a Santee Sioux, continually attacks the 
system wherever he goes and is a close friend of AIM 
National Press Secretary GECRGE ROBERTS.  TRUDELL has been 

active in-AIM-type confrontations with authorities at . 
Eagle Bay, New York; Kenora and Ottawa, Ontario, Canada; 
and Shiprock, New Mexico. 
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area of Indian conflicts/demonstrations longer than 


any other AIM member. 
eloquent when he speaks. 


meet with a group of "pacifists" 
lii and screaming ' 


have them ye 


He is intelligent and extremely . 
 TRUDELL has thé ability to 


and in a short time 
'right-on", In short, 


he is an extremely effective Beste; 


i 


TRUDELL is an àrdent racist and has been . - 


active in supporting a variety of racist groups such 
as the Puerto Rican Nationalist Party (PRP) through 


appearances and speeches. 


TRUDELL favors the forming of 


coalitions among ae activist groups for increased ` 


"political clout" 


TRUDELL has spent some time in Lincola, 


TRUDELL is a former U.S. Navy 


dir dnd rgo ue in the review of Indian Treaties b 


Veteran f 
and served in the Vietnam conflict aboard a destroyer. 


How Many More? 
Death at Duck Valley 


Water rights activist, Tina Manning Trudell, 
pregnant wife of American Indian Movement 
National Chairman, John Trudell, was killed in a 
fire on 12 February 1979 aiong with their children 
and her mother Leah Manning. Arthur Manning, 
Tina's father and past. Tribal chairman, was 
critically injured in the blaze. All five were killed in 
an apparent arson attack on their home on the 
Duck Valley Reservation in northern Nevada. 

Theapparentattack follows a pattern of threats, 
repression and murders carried out against 
members of the American Indian Movement. 

Tina Trudell had been a leading organizer in the 


struggle to retain the water rights to the Wildhorse' 


Reservoir. which was built in the 1930's by the 
Bureau of Indian Affairs forthe exclusive purpose 
of supplying irrigation water to the Duck Valley 
reservation. Wildhorse Reservoir is the only 
potential source of water for the reservation but 
local non-Indians have begun using the reservoir 


for recreational purposes and have applied to the . 


state of Nevada for exclusive rights to the water 
as well as the surrounding lands. Tina also 
worked with John to organize the Minnesota 
Citizens’ Review Commission on.the FBI in 
Minneapolis. | 


John Trudell, as one of the coordinators of the 


„Leonard Peltier Defense Commitee, was in D.C. 
‘when he was notified of the deaths. Jahn had 


been a featured speaker at the rally on 11 
February 1979 in front of the FBI building where 
he spoke of the abuses perpetrated by the FBI 
against the Native American peopie and other 
movements for social change. At approximately 
2:00 pm, during the speech, Trudell burned the 
American flag as a symbdl of the contempt and 


anger at the continued policy of genocide of the 


United States government against the Indian 
people. At 2:00 am, some twelve hours later, the 
Trudeii home was burned by a fire which 
consumed the cinder block structure. Local 
pede on the Duck Valley Reservation believe that 
the fire was intentionally set. 

in December 1977, while serving 60 days for 


‘cursing at a U.S. Marshal in the hallway outside 


an adjourned court, word came to John Trudell 
from the FBI that if he didn't cease his activities 
on behalf of the people or leave the country, the 
FBI would get him or his family. 

= AIM has called for a “Red Alert of all our 


members in what seems to be an escalation of the: 


war against Indian people to rip off all our energy 
resources' and water following the critical situa- 
tion facing the United Pratos ex dee their 
defeat in Iran” - bugs 
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ny 


~struggles, 


(Ed. Note: In 1975 
Native American matters. 
confrontation with AIM members; 


a number of 
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titi 


ns were launched into FBI han 


That same year Tihe FBI' stepped up a campaign of cnl 
on several occasions the FBI surrounded homes of 


AIM members and began firing weapons. In one instance, when AIM members defended 
themselves and their families, two FBI agents were killed. Almost immediately 
the investigations of FBI abuses concerning AIM were quietly shelved.) 


* Chi “Chicago | Tribune, Friday. March .14.- 1975 


By William Mullen * 
A KEY AIDE to Dennis Banks, leader: of the American. 
Indian Movement; Thursday admitted he was a paid 


activist ERBI i 


one FBI office, said in response to Durham's stale- | 


informant for the Federal Bureau of Investigation while | 


the worked for Banks. 

E Douglas Durham, 37, told —€— at a press confer- 
:ence.in the lobby ef the Dirksen Federal Building that 
‘he had been on the FBI payrol since joining AIM: in 
i Mareh; 1973. 


z Durham said he became So. closely involved with AIM- 


"escerstlb that he often wrote position papers for the 
¿militant organization, established its national ‘Offices, and 


“was privy to secret, strategy sessions- while he informed. 


“on. AIM. 


At one point, Porkan said, he even used $t ,000 pro-: 


i vided by the FBI to rent a small plane and secretly fly 


: Banks to Canada following the 71- pu 1973 AIM occupation ' 


of Wounded Knee, S. D. : jt 


DURHAM, A FORMER Des Moines fora ein said he ` 


becaine an official ATM spokesman at the same time he 


“was being paid roughly $1,100 a month by the FBI fo pass 


on travel schedules and plans of AIM leaders. 

"[ was supposed to give the government any informa- 
"tion: I could find about foreign involvement in AIM,” 
“Durham said. He said his spy role bothered him as he 
"came to admire AIM's involvement in Indian civil nights 


“I find it to be a moral upstanding organization that . 


ous done nothing illegal," he said. 
. Joseph. Trimbach, special agent in charge of the Minne- ; , 


SUBJECT: 


Memordudum [re^ t Legal CounseE*- 


DATE: 6-27-75 . 


Committee (SSC), dated 6-23-75, 
Edward H. Levi. 


This letter announces the 


ri TCAs 


“Our policy is not to comment on matters which! 
” 


ment, 
are subject to a pending litigation.” R. D. Hurd, assist | 
ant United States attorney for South Dakota and chief | 
' prosecutor at the AIM trial in aürincapelis, said he would į 
not comment. En - | 


. DURHAM'S ACTIVITIES came to light last Friday | 
when AIM officials confronted him in Des Moines with: 
‘intercepted documents, he had been sending to the FBI; 

Durham admitted he gaye the FBI secret information | 
. from defense strategy meetings during the trial of AIM co- į 
leaders Banks and Russell Means when they faced charges ; 
_from the Wounded Knee incident. " i 

He said he had acted as AIM's security chief during the | 


FAS OCU GU 1i ALM S securiv cnet 


trial and was privy to the defense $ teas meetings. Dur- § 
ing the trial the federal. government produced a sw orn! 
affidavit contending the government did not have any i i 
„informants in the AIM defense team. 

Kenneth Tilsen, attorney for AIM, who was with ‘Durham | 
at the press conference along with other AIM officials, | 
said Durham’s involvement may have prejudiced PSP 
cases now pending against AIM members: - 

When the government finally withdrew the Wounded Knee | 
case from the courts, Durham continued to work for; 
Banks, acting mast recently as Banks’ liaison between AIM | 
and police in the Gresham, Wis., monastery occupation in 
January. 

AIM officiais h nave, asked Sen. E Frank ‘ Church ID. ý 

chairman. of the Senate Seiect Committee on In tellige ence, 
to investigate FBI involvement. : 


J. B. Adams 


> Mr. 


SENSTUDY 75 


G i p, 


Attached is a letter from the Senate Select 


“to the Honorable 
SSC'!s intent to 


addresscá 


conduct interviews relating to Douglas Durham, a former 


Bureau infonnant. 


The request obviously relates to our investi- 


gation at "Wounded Knee" and our investigation of the 


/ American Indian Movement (A1M). 
6- 27-15, by Legal Division. 


On 6-27-75, Patrick Shea, 


This request was received 


staff member of the 


SSC requestea we hold in abeyance any action on the reguest 
in view of the killing of the Agents at Pine Ridge Reservation, 


South Dakota. 
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Ye ee ey 
Memorandum Sees... ee 


DIRECTOR, FBI (100- -88006) 
SAC, NEW YORK x (100-161188) (P) 


el E RED NOTER PROGRAM 
BLACK NATIONALIST - HATE GROUPS ` 


RACIAL MATTERS | j & Ue 
(RNA) i . = . Ms n d u^. a pu aa ai d 
ReNYlet, 4/22/69. E UE. ee ae » E rs 
As noted in re NY letter the NYO sent out 32. E 
postcards to RNA members in NYC areaalvising them to | - 
attend meeting of all members at Hotel al Saturday, ear ee 
4/26/69, at 2:00 PH. l oo ort es oe ee 
Pes Se avicea that the RNA members 7. 


scheduled ~ 


recéived dvising them e the, ameg thn 
for h/26/69. An RNA member called raters 
verify meeting and £X X ear schedule 
any meeting on that Este ey deduced-that police .depart- . 
ment had stamp duplicated and scheduled meeting to eet. 211 
RNA hey coe make ma 65 arrer 1 


embelinb ere her Soot 


At another meeting of RNA all members were requested . 
to submit handwriting specimens with their own pens end 
in the exact words used in postcarás. The RNA officieis ~:° 
are trying to determine if this seriek could have been j l 
putteg by an RNA member. -. vor E CN 

The NYO plans to schedule additional puc of t ES 
the RNA, as conditions warrant. The Bureau will be P ar 
advised, 


= ge a uds 3:3, 


| - Qoi T M. 7 = Sear 
{2 Bureau (RM — eee ES 
“A- New York (43) _ 5 " gs sity Heo 
3) XT 18 AS 7 EE : 


zx z T. 
Qt al pS BES avsAZS Bonds Rezslarly on E^ Payroll Savinrs Ples 
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74 
m u- 4viemora ndum. 


DIRECTOR FBI (100-448006) ae eee parez up 


: d e | = 


BLACK EXTREMISTS d A 


. Jackson informants and other Investigat fon by ut 
the Jackson Division has resulted in information being . 
developed that the Republic of New Africa (RNA), which up : 
until this time has only had a swati fnactive consulate a 
in Miss., has recently been making intense efforts sto obtain 
land in Miss, ` In this regard, they have recently obtained | 
temporary use of several acres of land owned by a Negro 
male in a rural area on U, S. Highway 22 near Brownsville, 
Miss., which is located about 15 wiles west of Jackson, 
The RNA supporters t have > begun construct ton of sone buildings 


National People® *s Center Council SCIES will be hefd at this 


location on the i Weekend o£ 3/26- 28/71. 


Ki Sr T NN p NEN ential 
uod o he ee ee the membership and 


the activity of the RNA, Jackson feels that this deveropuede 
warrants counterfntelligence ction., EUN date a as 


MS c ` 


; Jackson Division is currently m Several 
possibilities for counterintelligence proposals in this regard 
and it fs anticipated that requests for approval of a proposal 


will be Portheonng in the Mi E Lens Mo 
fathers Wok 9 Er netti a f 
nae ee X gr. SD Iw " 
£5 Bureau (RM) dr UM n QU 8 MRIS "wn jd 
— 2 -.Jackson 2 Tu SE UE don EE yo 2 
M T a Te t. 4X ue ] L sq VS ALL THCTR 5 BAL As i 
4. 7 TE/pap z C0 gD Hamy LUI 
f „0 iy VC tons ig TAN Br 
eu 2 “pees. 2 S Eure PT WHORE Sp- -y fois tia. 
; E Omgise so 


q 9 3407T 2c" d 
Y 5 P MALA ; U. s Bonds Rigor on "s Payroll Savings Plan’ pu 
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8717770 [2 d 


nee T ` 


ir | ^ RE E T e "x. E^ GE "es » 
E. ROUTE. IN ENVELOPE | 2 


To: SAC, Jackson 


' From: Diretor: FBI 


(2 
COUNTERINTELLIGENCE PROGRAM. 


BLACK NATIONALIST - HATE GROUPS | : 


RACIAL INTELLIGENCE 
AREFÜBLIC OF NEM AFRICA) — 


ReJNairtels 9/3, And 5/70 which advised the’ D. EUN 
Republic of New Africa (RNA) regíonal conference in Jackson xr 
had been disrupted and support by residents of Jackson had 77.. 
been curtailed as result of articles prono in the "Jackson m 
- Dally. News," Jackson, Bisstsei pet: . "E Ad 4 
In reaírtels Detroit and New Orleans were inguidted a 
to advise of any additional tangible results which could be 
attributed to these articles concerning the RNA. Upon analyz- 
ing a all tangible results of this counteriotelligence oj operati.n, 
you should consider recommending commendations for appropriate 


D m re pts ped um : x - d E 
T "E uie Wow : - TRECA? - p re IDEE, E — /7. 
: "ursi eee Mur 


PE 
6) DLE EO C E E x 
o Af py pas Codec fI 00 o VOV v. AUS 18 17 


Jackson recommended and Bureau apthorized that | 
office to furnish dba source data concerning violent ..-;.... 


MAILED 25 


i p nature news source on a confidential . 
Mall st oe pete g 

ee  basis.€ E mt exposing the violent nature. 
158-3. 


teenaa. 1D. ont, RNA iia l DES printed us the front pages of the "Jackson. 
errr ae Pally News,” only state-wide evening newspaper in EU ne ee 


Came ET E 
Mga —— Pr mec jm IR"^PMATIQH CONTAIRED | UE Rc d 
kae cuui uoo HERETW IS UNCLASSIFIED 

fed dee t d hse RLERE stom , NOTE CONTINUED PAGE THO. 
wpaucze gy, (oe AS 

« D G gU TELETYPE UNITI | 7 d sce “AN o " i 
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(Ed. Note: In 1971 the police and the FBI raided the Mississippi home occupied by 


citizens of the Republic of New Africa. The raid was conducted under extremely 
suspicious circumstances and many people believe it was a staged set-up. RNA 
leader Imari Obedele was in the RNA offices away from the home at the time of the 
raid. Despite this fact, Obedele - referred to as "Henry" in the FBI memos - was 
arrested and convicted on charges of conspiracy to assault an FBI agent 
involved in the raid. While the charges were still pending, the Jackson office 
of the FBI agitated vigorously to have Obedle tried on the conspiracy charges, even 
though the Justice Department was worried it had a weak case. Obedele was convicted 
of the charges and spent years in the penitentiary, being released in late 1979, ` 
Whenth 
When the FBI decided to close its case file on the RNA, one of the reasons ered 
in a 1976 memo was that the shootout in Mississippi and other incidents were 
"spontaneous" and "not pre-planned or agreed upon by the leadership," thus showing 
the original conspiracy charges against Obedele to be a fiction created by the 
FBI itself in order to remove Übedele as an organizer, and disrupt the RNA.) 


4:54 PH IMMEDIATE 7712773 VCS . ATES AINE M pP M 
TO DIREGTOR (184-38) CE SM PE vA 
FRON JACKSON (89-24) 7P UL M $ . V 


NA n : + 


“THAT ‘SUFFICIENT EVIDENCE Enters TO CONVICT SUBJECT HENRY Ana: : 
OTHER SUSPECTS AS WELL AS TO ‘OVERCOME THE CURRENT MOTION To : 


THIS CASE SHOULD 1 PROCEED IN COURT AND HENRY AUD THE OTHER 
>A - 
Do BE HELD ACCOUNTABLE FOR ‘CONSPIRING TO ASSAULT -AN - FBI- 


| AGENT. THEY ARE CONCERNED THAT A MISCARRAGE OF JUSTICE IS CIT. 
MM ÀÀÀ— 9" . j s = 
ABOUT TO TAKE PLACE. THEY ARE AVARE” THE JUSTICE DEPARTMENT i iAS : 
SENT ATTORNEYS TO JACKSON DURING PAST SEVERAL YEARS TO HANDLE a 


CASES BELIEVED BY THEM IO BE OF LESS GRAVITY. Cases 
s 
ADVISED HE HAS APPOINTMENTS WITH U.S. SENATORS JAMES Oe ape 
un "cn a 
EASTLAND A AND JOHN STENNIS, FRIDAY, VBa TO REQUEST THEM To a 
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CÁM MÀ MÀ 


INTERVENE WITH THE DEPARTMENT OF JUSTICE To REMOVE WHATEVER. 
K f — ÓMÀ HH 
“OBSTACLES ARE BLOCKING THE ORDERLY PROCEDURE OF THIS CASE INTO 


. - ue i 
zi - 


"USDC FOR TRIAL. A | «o ; ] 

Lo l . - . D 
| THE BUREAU IS REQUESTED TO DISCUSS THIS MATTER WITH THE .. 
DEPARTMENT ON WHATEVER LEVEL IS REQUIRED TO REMOVE ALL OBSTACLES | 


. 
- x 


TO PROSECUTION. mb se Uo 
SSF PRP ERED 
© EF THIS CASE IS MOT VIGOROUSLY PULSHUZ9 AND CHARGES ARE "n 


DBOPPED, PUSLICITY Lit THE MATTER YILL 38 SPREAD TO ALL EXTREWIST- 
BM C———————— nno cl 

ere rarer tt M EET F i £ de = . ^ - 

 IORGAUIZATISS THOUDHOUT THE UNITED STATES BY THE KAA. NEHRY*’S > 
. quM À—ÓMá— —————ÁÁá———— rn ET EN, E: 

PREVIOUS PUBLIC STATEHZUÜIS CAN LEAVE LITILZ QUST THAT Hz YOULD .: 


UTILIZE SUCH ACTION TO ISCAZASE HIS OJN STATURE. THE RESULT - 
5 KENNEN = : o MH 
Danna 0 —ÓÀÀ > " py - yo MI 
COULD SEALOUSLY IiCRIASE SIMILAR ASSAULTS Oi AGENTS ACROSS THE 

ICUNITED STATUS. 0 Gi a O EE ee X NUR 


UEM DIRECTOR, FBI (62-116451) ` -— 
— FROM: SAC, DETROIT (66-4905) (P) 


ATTORNEY GENERAL GUIDZLINES FOR FBI l 
INFORMATION - GATHERING AND RETENTION POLICIES . 


. *tDOMESTIC SECURITY INVESTIGATIONS 


.Re Bureau airtel to Albany, 5/21/76. ` 


ater am ee a ee er ee a te Mn" pe neto 


UACB, Detroit intends to place its national case file 
on the RNA (Defile 157-2413) in pending inactive status, in 
view of the recommendation set forth in summary for discontinuanc 
of investigation of the RNA, its leaders and members. 


LS a BEET ee ee pe 


. The following can characterize the above mentioned . 
. events; . . ee . "m d 


U violations of the State law by the RNA were not 
planned and resulting shootouts were spontaneous. i 


, Violations of Federal law were by members. Their 
actions were not pre-planned or agreed upon by the leadership. 
These violations dealt primarily in the firearms area,- 
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Z | IE 
piii M AGCLOSKEY, JR. - i i 203 Cannon Duomo | 
di D Miss dC ALIFOMIMA : ` : Wasiscros, D.C. 20315 
DU ia d | | | (202) 235-5411 t i, 
comserrree on | ead | I 


covennmunr ores (Congress of the United States EIE 


. ar RN 2 i Paro Acro, Casona 94306 7 " 

dí MERCHANT MARINE Mouse of Representatives 
ANO FPIBHERICS | 

Washington, A.C. 20515  . i 

September 21, 1979! E 


ry 
i 


| 
[i 
| 


Mr. William H. Webster 

Director |" 01 s Ww 
Federal Bureau of Investigation ' ; a 
10th and Pennsylvania Avenue, N. W. 
Washington, D. C. 20535 


Handcarried PERSONAL ` 
; EO us cud 
Dear Director Webster: ‘Re: Geronimo Pratt Case 


I hope yóu will give this letter your immediate attention, 


as it raises a very serious matter. E 


: I have finally had the chance to review your letter of July 12 
on the above case and to compare it with the documents previously ` 
made public by the FBI. I am deeply disturbed to find a statement 
in your letter that is patently untrue. . You say (at page 5): ^ 


"Pratt was not the target of the FBI's COINTELPRO". | 


This may be true as to December, 1968, when the murder allegedly 
committed by Pratt occurred, but it is clearly not true as to the 
period of Pratt's arrest and trial, the period when it would have 
been easiest to frame Pratt. : 


FBI documents are precise and explicit. A Memorandum from 
the Special Agent in Charge (SAC) of the FBI's Los Angeles Field 
Office to the FBI Director, dated January 28, 1970, captioned, 
"COUNTERINTELLIGZNCE PROGRAM, BLACK NATIONALIST -- HATE GROUPS, 
RACIAL INTELLIGENCE, BPP", proposes that the FBI write and dis- 
tribute two fake '"counterintelligence leaflets" and an anonymous 
underground newspaper "to attack, expose, and ridicule the image 
of the BPP in the community and foment mistrust and suspicion 
amongst the current and past membership." Referring to the “first 
leaflet, the Memo states on page 2: i. 


"Operation Number One is designed to cballenge 
the legitimacy of the authority exercised b 
ELMER GERONIMO PRATT, BPP Deputy Minist E Ge 
Defense for Southern Calirornia. 
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Paid Webster DE september 21, Pur ^ 


< The second example is contained in an Airtel from SAC.Los: 
Kngeles to the Director of the FBI, dated August 10, 1970,.which 
bears the same COINTELPRO caption. This Airtel proposes that the 
Bureau send fake letters to Panther leader Huey Newton, upon his 
release from prison, charging that during Newton's absence, Party 
members in Los Angeles had been "brutalized and mistreated" by). 
Pratt and David Hilliard, then National Chief of Staff of the BPP. 
The letters were designed to promote a split in the Party, and.to 
turn Newton against Pratt and Hilliard. I£ the FBI was willing to 
jeopardize Pratt's life by this kind of action, is it not reasonable’ 
to suppose that the FBI might have been pleased to ask an informer 
to contend Pratt had committed a specific crime? Or to'advise the 
victim of that crime that Pratt was located at a certain point ‘in 
a "line up" of potential suspects? It was only four months later 
that Pratt was "identified" for a crime that had occurred two years 


earlier! 
My primary concern is the question of fairness when an individual 
accused of a capital crime is tried and convicted of that offense ` ` 
without being informed that he was a target at the time of a strong 
covert "attack" program such as COINTELPRO, accompanied, as it was, 
by the use of informers and secret campaigns to discredit the 
defendant/target. In such a case, it seems to me there is a basic 
obligation on the government's part to bend over backwards to prove 
that the defendant was in no way prejudiced by the government's 


secret program. 


An Airtel of October 28, 1969,' from the FBI office in San 
Antonio states: i S 


"All offices be alert for any information or 
situations pertaining to these active members 

of the BPP mentioned above which would lend 

itself to counter intelligence measures." god x 


In June, 1970, the Los Angeles FBI office prepared a report 
on Pratt covering an investigating period from 5/6/69 - 6/21/70 


which states: 


i 
"Constant consideration is piven to the possibility 
of the utilization of counterintelligence measures 


with efforts being directed toward neutralizing .. 


ps 


PRATT as an effective BPP functionary." 


I appreciate that the FBI is no longer engaged in deliberate 
attempts to blacken the reputations of political dissenters ori . , 
potentially-violent activists. It is hard to escape the conclusion; 
however, that an organization which would attempt to blacken the 
reputation of a young pregnant woman, Jean Seberg, by publicizing . 
the suggestion that she had become pregnant, not by her husband 
but by a member of the-Black Panther Party (BPP) would take some 
pleasure in seeing a Black Panther leader cogvicted of a crime. 
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0. l ! Sirio: 
Director Webster -3 - , September "n 1979, 


I think it is incumbent upon the government to iar MS 
Mr. Pratt or his attorney were not informed, from the time Pratt ^" 
was indicted cn December 4, 1970 to the*time of his conviction on i’ 
July 28, 1972, that he was a target of COINTELPRO during that period, 
and that the FBI was using,both informers, some of whom were sub- ~~ 
sequently discredited (as in the case of Darthard Perry) as well as 
secret campaigns to discredit the defendant/target. If one FBI 
informer, Darthard Perry, was discredited as you persuasively point 
out, what about the informer who pointed the finger at Pratt over 

a year after the crime was committed for which he was indicted? . 

The FBI's position on protecting informants by FOI Act action can 
only be justified if we can be assured ‘informers weren't used im- 


properly in the COINTELPRO program. 


The more I Taw gotten into this case, the more disturbed I 
have become at thé FBI's actions, both during COINTELPRO and.in 
its FOI posture with respect to COINTELPRO's actions, particularly 
in the cases of COINTELPRO targets who suffered injury, i.e., being 
convicted of crimes, without being advised of COINTELPRO. EU 


From your letter, I am forced to the conclusion that the FBI 
is only acting defensively on COINTELPRO; there is no sense of duty 
on the FBI's part to search out its records and membership and 
explain any possibility that Pratt could conceivably be innocent. 
You properly acknowledge, at page 6 of your letter, that 


- 


"If we had been able to retrieve evidence from our 

records that might exonerate Pratt, we would háve 

made such evidence available not only as a matter 

of law, but also as a matter of professional: 

obligation." 

i 

I would accept your statement but for the obvious discrepancy 
between your statement that Pratt was not a target of COINTET.PRO 
and the FBI records which clearly show your statement to be untrue. i 


As I mentioned in my earlier letter, Pratt's defense attorney, 
now a highly-respected prosecutor in Los Angeles, believes Pratt 
to be innocent. It would have been incredibly easy for an FBI 
informer to both identify Pratt to the police as the tennis court 
murderer and to assist in his lineup identification. Unless the 
FBI is satisfied that this did not occur, ordinary rules of criminal 
justice and burden of proof would dictate that he be granted a new ' 
trial and that the jury be advised of COINTELPRO and its possible 


impact on the facts of the case. l 


The only way E. can satisfy myself that there has not been a 
miscarriage of justice in this case is to personally examine your 
complete files, and to discuss the case squarely with the individuals 
involved. You may be assuxad that I will treat as privileged any 
information you contend is privileged under the FOIA from disclosure 


to persons other than the Congress. 
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Director Webster : T September 21, ; 
3 * : , jo uen 


he yes 
fv. the fer 


i nm > £P] S 
« I will call your secretary on Tuesday, September 25, to;get' 
your preliminary response to these requests. GN WEN 


Sincerely, 


BEC MCtoakey || 


Paul N. McCloskey, Jr. | | 


Li 


Memorandum — 


TO DIRECTOR, FBI (100-148006) DATE: 1/28/10 
M | l : 

"FROM SACL LOS ANGELES (157-l1054)(P) 

73! Ë 

MN 

SUNJECT COUITERIBNTELLIGENCE PROGRAM | s . 


| BLACK RATIONALIS? - HATE GROUPS 
RACIAL INTELLIGENCE . 2 
BPP acu PEL 


— me mr a Ee el ARTE A GNE eR" ee 


It is anticipated that thts counterintellipence 
proposal cculd serve as one phase of a continuous attempt 
to deny unity of action in the effort cf the LA BPP by 
calling to question the actions of the organization and the 
legitimacy of its leadership. ` 


l It is felt thet the production and distribution 
of these leaflets could be such that the identity of the 
FBI as the source of the proposed organization could bc 
effectively concealed, ` 


In this respect, Bureau approval is requested in 
the preparation and dissemination of legflets similar to i 
the enclosed in the vicinities of 4115 South Central, 
79818 Anzac, and 1810 East 103rd Street, locations. of BPF 
activities in Los Angeles. It would be the intention of the 
Los Angeles Divislon to distribute leaflet Ko. 2 seven to 
.ten days following, the introduction of leaflet No. 1,as 
any follow up syvld not only make the effort a tonical onc, 
but stimulate increased reaction within the Los Angeles BPP. 


Operation. Numbe s Gesirne -Oo challenge th 
. loritimacy of the authority exercised by ELMER GERARD PRATT 
. BPP Deputy Minister of Defense for Southern California, and 
JOHN WILLIAM WASHINGTON, an active member of the BPP jn Los 


Angeles. 
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82 pee) us DEAS 
e : oul f m RE MET h 
TO: DIRECTOR, FBI (100-8006) — m f 
a ee (157- aes (p) 9977 
SCC OTNTELPRO" (i810). r 
BLACK NATIONALIST HATE GROUPS n 
- RACIAL INTELLIGENCE - BPP 0s b.e 


In additfon, it is suggested the following - 
handbtill be anonymously sent to NEWTON and all existing - 
BPP Offices in an effort to further provoke NEWTON” g- dis- 


played instability: 24 i 
pu c quc cu 
cen hiemem rrr MANTRD e Seem metn enr ru cens tae 

^ waka! e ME for E E me ^ we j Pa D B a w. ch 
CRIMES AGAINST THE PEOPLE = onor 


HUEY P, NEWTON 


NEWTON has been found guilty of avaricious  ;^.&- 

exploitation of the masses, use of the - dic 
`~ revolution for personal wealth :and recognition, gt 

selling out the people to white mother country 

liberals and wreckless vamping on Elmer Eratt 

and other EVE brothers, 


DANGER 


NEWTON 1s known to be emotionally unstable and 
on the brink of mental breakdown. Use caution 
when approaching. 


ALL POWER TO THE PEOPLE 
AND IMMEDIATELY RETURN GERONIMO 
TO THE PEOPLE'S VANGUARD _ 
MeL dn ol encanta GU ie 


ee - o9 * - 


As usual, if the above proposal is approved: 
appropriate measures Will be used to insure the Bureau'g 
revealed as the source Results of the 


ty is not ource. 
Page 670 of aes al will be immediately forwarded to the Bureau. . 
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Part Four: Deception and Cover-Up 


The illegality of FBI counterintelligence tactics and operations 
creates a great need for concealment and cover-up, an art they have 
perfected to a high degree. As with many false prosecutions, the 
Department of Justice has been a willing partner in many cover-ups 
and manipulations of the judicial system. 


In 1969, Richard Nixon appointed Jerris Leonard as chief of the 
Civil Rights Division of the Justice Department, while Leonard also 
2 secretly headed up a broad based political intelligence apparatus 
within the government known variously as the Inter-divisional Intel- 
ligence Unit(IDIU) and the Special Disturbance Group (SDG). The 
Civil Rights Division then became a focal point of government cover- 
up operations. After the Hampton raid, Leonard was sent to Chicago 
by John Mitchell to "investigate" the police action. Leonard em- 
paneled a Federal Grand Jury, which heard four months of testimony 
but returned no indictments of Hanrahan or his police, despite thé 
overwhelming evidence that the raid had been a "search and destroy" 
mission against the BPP. Leonard, the FBI, and Hanrahan also kept 
the FBI's role in the raid secret from this Grand Jury. Leonard 
also headed up the first Grand Jury investigation into the Kent 
State murders, which similarly returned no indictments after Richard 
Nixon had instructed Leonard that no guardsmen should be charged. 


The FBI and the Justice Department collaborated to suppress over 
200 volumes of inculpatory documents in the Hampton civil rights 
trial; perjured themselves at Wounded Knee trials and the case 
against the Vietnam Veterans Against the War at Gainesville, 
Florida; destroyed evidence germane to the King assassination, 

and evidence of their illegal actions in pursuing the Weather 
Underground; covered up their role in the assassinations of King 
and Malcolm X; repeatedly lied to judges in the Hampton and 
Socialist Workers Party cases; and concealed damning counter- 
intelligence evidence from the Senate Select Committee on Intelli- 


gence. 


In conjunction with such varied and extensive wrongdoing in legal 
proceedings, the FBI and Justice Department often worked secretly 
with judges to further their aims. Judge Irving Kaufman worked 
directly with the Justice Department and the FBI to assure that the 
Rosenbergs would be executed, and later joined with them to spread 
pro-government propaganda about the case; the current Chief Judge 
of the Northern District of Illinois, James Parsons, while a Dist- 
rict Court Judge, made derogatory public statements concerning the 
Nation of Islam and the BPP at the instigation of counterintelli- 
gence agents; former Chief Judge William Campbell intervened in the 
Chicago 8 Conspiracy trial to assure J. Edgar Hoover that a defense 
subpoena for surveillance documents would be quashed, and secretly 
passed information from Judge Hoffman to the FBI concerning possible 
contempt citations against the defendants and their lawyers.  Hoff- 
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man also met secretly with FBI agents and U.S. Attorney Thomas Foran 

to discuss these contempt citations. In the Hampton trial, Judge J. 

Sam Perry met secretly with both the FBI and police lawyers to discuss- 
documents which were to be turned over to the Panther plaintiffs. Perry 
also wrote ex parte letters to then Attorney General Levi praising the 
conduct of FBI agents and their attorneys who had withheld important 
documents, and told the Assistant U.S. Attorney investigating charges 
of misconduct to let the court dispose of the matter at the end of 

the trial. An Appeais Court Judge, Wilbur Pell, who issued a stinging 
dissent protesting the ordering of a new trial in the Hampton case, 
turned out to be a former FBI agent himself, and a long-time member of 


EE 
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M 
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SAC, Newark (100-50166) | ^ — 39/70 
us e t emere 7 
Director, FBI (100-449698) -31 9 


— me a 


r an} 
COINTELPRO =- NEW LEFT Cu - 


ens TAN 
Reurlet 12/22/69. EE | B 


Authority ís granted to make the anonymous mailing 
as suggested in relot. 


In preparing the letter, 211 necessary steps are 
to be taken to protect the identity of the Bureau as the 
source of the letter. Advise of any results noted. 


RAMs den feu 


| New York should insure use of unwatermarked bond 
stationery in connection with the above and utilization of : 
mailing procedures which will not allow the Bureau's identifi- 
cation as the origin of this correspondence. shag AUT 


. You must insure . that Racial Matters Supervisor, 
Special Agent Coordinator for this progran and Agents 
assigned to Racial Matters investigations are aware of 
continued objectives of this program and that meaningful 
proposals are submitted to the Bureau on a timely basis. . 
Insure that such Supervisor and Coordinator are apgressively 
and enthusiastically ramrodding this program and that Agents 
are exercising ingenuity and {initiative to accouplteh this 
program's objectives. 


. 
*- 


You are reminded that counterintelligence operations 
.must be approved by the Bureau. Proposals subuitted must be 
designed to insure there is no possibility of enbarrassment 
to the Dureau. 
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"^ x. d - Ms C.D. Brennan 
FAC, Lon Angolos. (1200-71737) | cy 
x uu i i -. . DEDE $e 
. #, i omes S 7l AE 
: pibector, FBI —100=44 ey 
| grig, mL sto- "Fre 2 
OGINTELPRO - KEW LEFT " 
x Weurlet ae rea toc a a mous ot uoa 
; hd a : E n DD4v5.73 E Qi i Brio 7 
a It is felt that ‘the msiling of a letter under the 
P caption “RBinck Nationalists for Freedom," a fictitious: -.—-—-- - 
= organizntion, as recommonded ín relet has merit and should 
be pursued. Prior to taking this action, you should alter 
your letter-in the following respects —— 
E wr 9 i 
Since 3t ig not likely that a eta black 
"Ame x nalionslist would have information abouti T DP attendance 
t*. at meetings of the CP held in Los Angeles; you should deleto 
cu this particular yetorence rom JOO TETTERE EP 


Your isrecterivstion of "SDS too closely follows , 
i the published Bureau description of that organization. For 
: tbis reason, you should paraphrase the last line of paragraph 
i three so that it will not appear to have been taken from a 


|. © {Bureau document. In this regard, a statement such as "If you 
f|? © sidoa't know it man, the head whitey of the Communist Party in 
tj i z|the United States told newsmen in San Francisco that SDS was .: 
z © $|one of the Party's. sould brothers," ghould be substituted. i. 
3 7 vs T, 
| c : After -—« the above T you are ANOT TES . 
E to make the mailing as suggested. eripi ae 


fou should tako all possible dons to assure that 
the Bureau is not identified as the originator of tbe letter. 
. In this record, the letter should be prepared on locally ` 


FM obtained stationery that cannot be Rokr ait to the Bureau or 
A to the SER E A TEET 
i d - Rr i * lc 
Advise promptly Pr any results óbtained." B x 
: s fra - , a s F E €, a ? 
. / fnmiesj ie di 3 dup qnit Y joes NS. s TOM * aay 
pes e. m ( : .c ze da B a jr 


Sole LL ee ui LL. : nea ON ; 
roset Ais Very. active. in us ap ES SN LUKE A 
reme | trations, has been active and wat 777. ae 


Teofter t. 
‘ela. Boom 4 


OTAU 6 1 21968: M yn a: i * Ld NOTE. "s corum pace m B ! (f, 
eMe Bake 2 gd | 
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FBI Veiled 


With top-leve] approval, the 
FBI carried out hundreds of il- 


legal break-iris under an elabo- 
rate “Do Not File” system that 
"kept all trace‘of the burglaries 
out of regular bureau files. ` 

' Members of the Senate in- 
-telligence . committee, which 
‘began delving into the so 
called “black -bag jobs" yes 
terday, said they were shocked 
by the: devious manner iù 
which the burglaries. ‘of 
“domestic Subversives” were 
authorized .. ,.. 

“Its really‘: the’ F perleti 
€over-up," declared Sen. Rich- 
ard. S. Schweiker (R- Pa.). 

“Pure " frightening." - "Sen. 
Howard H. Baker Jr. (R- Tean) 
agreed later. `- 

The Statistcs on the bürglar- 
jes,’ admittedly “incomplete, 
were not, supplied to the com- 
mittee until the^night before 
yesterday's. hearing, ` “staff 
members Said. 

Chairman Frank Church (D. 
Idaho) said the report showed 
238 break-ins between 1942 
and April of 1968 against 14 
so-called “domestic subversive 
targets.” nost c£ 

‘In addition, at ‘least three 
other. "domestic : subversive 
targets" were subjected to nu- 
merous entries from October, 
1952, to June, 1966..Of these, 
the FBI said, "since there ex- 
ists no precise record of en- 
tries, we are unable to ré- 
trieve an accurate accounting 
of their number." 
` The Washington Post . Te 
ported in July that the FBI 
until 1966 conducted dozens: 
and ‘occasionally’ more than 
100 burglaries -of all Kinds 
each © year, against ^ targets 
ranging from domestic ex-: 
tremist groups and the Com.j 
munist Party to foreign em- j 


legal 
we. 4/28/75 


-By George Lardner Jr. 


bassies and ordinary criminal i 
cases. | 
The Church committee did! 


` not make public any informa-j 


tion concerning FBI break-ins 
at foreign embassies and con- 
sulates. For its :part, the FBI 
apparently did not bother to! 
submit a count of the break-: 
ihs involved in criminal cases, 
gn grounds that all these were 

lone simply for the purpose of 
installing “authorized” eaves 
| dropping devicen. - 


Elaborating on. the proce-, 
dures used to approve "black: 
bag jobs”. "the Sullivan| 
| memo said. the system then in| 
‘effect required detailed re- | 
quests from FBI büreau chiefs; 


for eventual. submission in[| 


memorandum form to ) either 
:Hoover or his longtimé aide, 
the late “Clyde Tgison, for B 
‘proval. A! . : 

“Subseqhently, this memo- 
randum jis filed ‘in the assist- 
ant director's office under `a 
‘Do Not File' procedure,” Sul- 
livan explained. Meanwhile; 
“in the field, the special agent 
in charge prepares an infor- 
mal memorandum showing. 
that he obtained bureau au 
thority and this memorandum 
is filed in his safe until the 
next inspection by bureau in- 
spectors, at which time i ds 
destroyed” 

' Testifying at -yesterday's 
hearing, Sullivan's’ SUCCESSO! 
former Assistant FBI Director 
Charles Brennan, said the sys- 
tem meant, that the headquar. 
ters memos reflecting Ho 
over’s or "Tolson's. approval 
would be tucked nway in the 
safe of the appropriate assist- 
ant director. There, he said 
under , questioning — by 
Schwelker, it would be kept 
out of the regular bureau files 
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;reak-Ins 


Schweiker pointed -Out that 


regular FBI files carry serial . 


numbers. As a result, . those 
records cannot be “destroyed. 
without . 2 : missing; 
nuniber, a “telltale .sign . that 
something has disappeared. 

"The system also guaranteed 
peace 'of mind for agents in 
the field offices, knowing that 
authorizing: memos -could be 
shown to bureau inspectors 
and at the same time’ knowing 
that those memos were going 
to be destroyed, ‘Schweiker 
marveled: 

"It looks to me as fhough 
the burean has perfected a 
better ‘technique - 4. .,2-lot 
more . sophisticated "and: re 
findd than the ‘plausible :de- 
nil of the CIA,” . Schweiker 
‘said. DL think we've just touch- 
ed the ‘tip’ of the iceberg.” 
-Thé > threepage : Sullivan 
memo ended with an edict in 
Hoover's. handwriting decree 
ing that, "no more sueh. tech- 
niques must be sed.” = 7 

;Undek ^ ;questioning ` day 
[EBT directo Brennan said the 


FBI director bad never shown 
any legal ims :about such 
‘Hlicit recando in earlier 
iyearb. Instead, he suggested 
‘that Hoover began to grow un- 
„easy after reaching mandatory 
retirement age (70) in 1965 
about any:.operations that 
imight be embarrassing to the 
j bureau and thua. force, his 
jouster, "M 

. Although president Jonson 


» | waived Hoover's. retirement, 


| Brennan said. that” from :1965 
;on the FBI director-was hold- 
ring. hls jobiargély on. an 
"Annual renewa]" basis. "That 
! put him into a somewhat vul- 
nerable postque Drennan told 
the committee. ri 


(See Sullivan "Black Bag Job" Memo on next two pages) 
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"IELDHIUTOGALGUr 
WY l 
: Mr. C. D. Befasdh DAT: July 19, 1966 
wo: W. C. Sullivan, vit po NOT FILE 
Ut mE : 
F / i Mr. DeLoach 
COT: . "BLACIH: BAG" JOBS! Un 1 Mr. Sullivan. 


DIC The Bulfeuiug is set forth in regard to your 
request concerning the authority we have for "black bag" 
jobs and for the background of our policy and procedures : 
in such matters. ; i 


i We do not obtain authorization for "black. bàg" 
jobs from outside the Bureau. Such a technique involves ` 
trespass and is clearly illegal; therefore, it would be 
impossible to obtain any legal sanction for it. - Despite ys did 
this, "black bag' jobs have been used because they represent" 
an invaluable technique in combating subversive activities 

of a clandestine nature aimed directly at podee and 
destroying our nation. E 


The present procedùre followed in the use of. this 
Machine calls for the Special Agent in Charge of a field 
office to make his request for the use of the technique 

to the appropriate Assistant Director. The Special Agent 

in Charge must completely justify the need for the use of 
the technique and at the same time assure that it can be 
safeiy used without any danger or embarrassment to the . 
Bureau. The facts are incorporated in a memorandum which, 

in accordance with the Director's instructions, is sent to 
Mr. Tolson or to the Director for approval. ^ Subsequently 
this memorandum is filed in the Assistant DESectur s office | 
under a "Do Not File" procedure. . "m i 


= E In the field the Special Agent in Charge prepares 
an informal memorandum showing that he obtained Bureau. 
authority and this memorandum is filed in his safe until 
the next inspection by Bureau Inspectors, at which time it 
is destroyed. | . ; ge i 


V 


-COHTIRUZUL  —— OVER 
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Memorandum to Mr. C. D. DeLoach 
Re: "BLACK BAG" JOBS am 


We have used this technique on highly selective 
basis, but with wide-range effectiveness, in our operattions. 
We have several cases in the espionage field., 3 


: Also, through the use of this technique we have on 
numerous occasions been able to obtain material held highly 
secret and closely guarded by subversive groups and organiza- 
tions which consisted of membership lists and mailing lists 
of these organizations. . 


ils PPn even to our investigation of the 


membershi p 


E SRW operat ion 
-which we have been using most effeftively to disrupt the 
organization and, in fact, to bring about its near disintegration. 


i =~ 


jA EET a eee oe er eer ee ee 


In short, it is a very reliable weapon which we have 
used to combat the highly clandestine efforts OF subversive 
elements seeking to undermine out Nation. 

RECOMMENDATION: 


For your information. 
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WASHINGTON (AP) 


tnat vhen the FBI director 
died in 1972, she system- 
atically destruyed his personal 


files "as Mr. Hoover indicated 
he wanted." 

Helen W. Gandy told the 
House government information 


subcoinmitice that she and an- 
other séCretary Went through 
all the lies in Hoover's offices, 


destroying all marked "'per- 
sonal.” 

“These were 30 or 32 file 
drawers," she testified. ‘I tore 


them up and put them in car- 
tons. They were then taken to 
the Washington FBI field of- 
fice t0 be either incinerated or 
Shredded.” 


é. Sua Dima 1978 
By Ronald J. Ostrow 
Los Angeles Times Special 


` WASHINGTON—Potential- 
Jy crucial evidence in the FB] 
breal-in case was destroyed 
by the FBI after it had been 
turned over to the agency by 
Justice Départment prosecu- 
tors, court records disclosed 
Tuesday. 

The lawyer for. former Às- 
sistant Director . -Edward S. 
Miller, one of -three - ex-FBI 
officials indicted in the case; 
said that up to AO per cent of. 
the material originally seized 
by investigators at FBI offices 
in Washington and New York 
had been destroyed: ` = 

Miller's attorney, Shioiias 
A. Kennelly; said he had been - 
“informally .adyiséd” of the' 
evidence ` destruction- by FBI 
agents, but had been given no ° 
explanation as yet for the -ac- 
tion. e : . 

HE CITED the destryction 
of the evidence in arguing 
that the case against. "Miller 
should be dismissed. í 


uaa E: 
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— J. 
Edgar Hoover's long-time sec- 
retary told Congress Monday 


Mrs Gandy denied that the | 
files she destroyed contained 
any official FBI business or in- 
formation on the personal lives 
of public officials. 

But former FBI Asst. Direc- 
tor William C.. Sullivan said 
Hoover's .personal files were 
filled with political and person- 


al information on public fig- 


ures. 
Miss Gandy also said that 


-she did not consider her ac- 


tions in violation of an order 
by then acting-Atty. Gen. Rich- 
ard G. Kleindienst that Hoo- 
ver's offices be sealed. 

Asked whether he thought 
Miss Gandy's action violated 
his order, Kleindienst said that 
“PU just have to leave that up 


Other soürces'farniliar with 
the case said the: destroyed" 
records were."'licklers" — in 
FBI parlance, copies ‘of docu-- 


ments — that'boré. handwrit- 


ien notations. that could’ have: 
been read: tó, indicate that. 
break-ins had been’ committed. 
The existence. -of - such ` evi- 
dence would help the defense . 
jn its efforts to, show ` “that” 


break-ins were a relatively 
` commonplace- 
"known throughout the.Federal 


tactic well- 


Bureau of Investigation. 

IT COULD NOY be learned 
why the Justice Department | 
prosecutors returned such po- 
tential evidence to the FBI 


before it was used in court. .. 


The material was destroyed _ 
under FBI rules that require 
the destruction of ""icklers" 


"after periods ranging from 30: 


"days to six months, according 


.to the knowledgeable sources.. 


‘An FBI ‘spokesman would 


not-comment on the disclosure 
“and Terrence B. Adamson, the, 
. Justice Department's director. 
` said: 


of public>information, 


‘ficial files were retained by 


. matters, 


| L. Patrick 
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them. Gray succeeded Hoover. 

Rep. Toby Moffett (D-Conn.) 
' told Miss Gandy that her testi- 
: mony contradicted with what 

Gray had told the subcom- 

mittee staff. Miss Gandy ol- 
; fered no explanation. 

Sullivan, who is in poor 
health, gave his statement in a 
taped interview with a com- 
mittee staff member. On Hoo- 
ver's files on public figures, 
Sullivan said: “I think we all 
know that it was there. I've 
scen on a sufficient number of 
occasions that the door was 
open on those special little fil- 
ing cabinets on the wall to 
know that they were really 
filled with material . . . they - 
Were just loaded.” : 


to you to draw your own con- | 
clusions.” : 
Miss Gandy testified that of- ' 


the FBI. 


“Mr. Hoover would not have 
allowed them (his personal 
files) to be used if he had been 
living," she testified. "I had 
my instructions.” 

Miss Gandy repeatedly said 
she found nothing in the per- 
sonal files that did not relate 
strictly to Hoover's personal 


She said Acting FBI Director 
Gray III leafed 
through the personal files be- 
fore telling her it was “per- 
fectly all right" to destroy 


John N. Mitchell, former FBI : 
Director J. Edgar Hoover. and | 
i then-presidentiat aides . Jona : 
! D. Ehrlichman: and n "eH ! 
Krogh. | NI « 


| THÉ "MEETING ook". ae 
“the same day as a phone call 
; between Nixon and Hoover in 
“which the “former “President 
“allegedly. directed Hoover "to 
^'dó something"-about :terror- 
sts who- claimed:responsibil- 
2 ity for murdering several New 
. York : policemen” and added 
- - Fthat. che wanted "' "no; punches 
; pulled." "e 
-Such evidence eod aid the 
; defense im establishing that 
: the break-ins had been ap 
| proved by higher authorities- 
` Miller, in. the court filing’ 
Tuesday; also said he had a’, 
i witness who will testify that 
; Miller on two “occasions be- 
i tween May and. July, , 1973, | 
: A ; discussed ~ —"surreptitious. en- 
Wi a n noire ies” wir then acting ABI . 
Director: William. D- -Ruckels- 


a May 26, 1971,-meeting be- - 
tween tberi-President Richard _ haus, who later became. No 2 


M. Nixon, former Atty. Gen. 


." We'll have lo answer that i in. 
court." - c em mom 


farmer” deting = -rnr? 


Le AVARAANA J AVEAARUA, , SAV LARA A ADAC 


. Director L. Patrick: Gray- W 
and W. Mark Felt, No..2 inan 
under - Gray, . were . indicted- 
April 10 on charges of order- 
‘ing the FBI break-ins to try to 
track down fugitive members 
of the Weatherman terrorist 
organization. Kennelly said he: 
could not specify the nature of 
the destroyed records other 
‘than fo note that they “‘related- 

- directly: to -the ` matters al 

du sut by.the Indictment... 

|: =I CAN ONLY assume: that. 

“Hf the [Justice] department" 
"thought -enough of. it: to sehd , 
agents to seize -it,-they- müst: 
"have. thought. At, was - -àmpor-: 

i tant,” Kennelly said. _ Kennelly 
described Jn his court motion 
another document that he said 
he had been “informally ad- 
vised” had disappeared. 


Tment- le 


FBI lied on 
Socialist data, 
judee says 


'NEW YORK (AP) — A fed- 
eral judge Wednesday said 
that the FBI lied when it said 
it received information on the 
Socialist Workers Party with- 
out resorting to burglaries. 


U.S. District Court Judge 


Thomas P. Griesa said the 
Bovernment was guilty of in- 
tentionally omitting informa- 
tion to protect itself. The party 
is suing the government for $37 
million and is seeking govern- 
ment files before the trial. ` 


The dispute involved Tim- 
othy Redfearn, a Federal Bu- 
reau of Investigation infor- 
mant in Denver. The govern- 
ment told the party last month 
that Redfearn, then identified 
only by a code number, got 
leaflets from a “college 
campus," phone lists, other 


m 


‘lists and financial data *'as 


they were made available" to 
party members. 


But Friday, FBl files from" 


1973 were turned over by court 
order to party lawyers. The 
files showed that materials 
were "stolen" and "removed" 
by Redfearn from an office, a 
bookstore and the home of 


three women affiliated with - 


party. 
Griesa said the FBI's origi- 

na! statement ‘‘was false, and 

the response failed to disclose 


the thing that is crucial . . . 
namely, that documents had . 


been obtained by means of en- 
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tries into premises, something 


© which the plaintiff would char- 


acierize as ‘burglaries’ — and 
they want to try that issue.” 

“Their haste was no ex- 
cuse,” snapped Griesa. “I can 
draw no other conclusion than 
that the person making that 
answer intentionally omitted 
materials that were unfavor- 
able to the government when 
he tried to summarize tha! 
file. 

"lets face it. Let’s not 
waste time talking about 
haste. That was absolute]: in- 
excusable,” 


Was Kng Slaymg Data Destroyed? 


Associated Press 

The House Assassinations Commit- 
tee is investigating an unconfirmed 
report that documents relating to the 
murder of Dr. Martin Luther King 
have been destroyed, according to 
chief counsel Richard Sprague. 

Speaking with reporters after a 
closed meeting of the committee yes- 
terday, Sprague said the information 
about the missing documents was 
uncovered by staff investigators in 
Memphis, where King was killed in 
1968. 3 

Sprague cautioned that the infor- 
mation was “completely unverified.” 
He said he had not yet determined 
that the documents had, in fact, been 
cestroyed or that they related to the 
King murder. 

Sprague's comment appeared con- 
siderably more cautious than his 
earlier statement about the missing 
documents. - EE 

After a morning session, Sprague 


told rcporters that the documents 
were ''relevant to our investigation" 
and that "I have been advised that the 
destruction has been since it was an- 
nounced (in September) that this 
committee would be investigating" 
the King and Kennedy slayings. 
Sprague would not say which law 
enforcement agency had.the docu- 
ments allegedto have been destroyed. 
However, committee member Rep. 
Henry Gonzalez, D-Tex., told a re- 
porter he believed the documents had 
been in the possession of authorities 
in Tennessee, where King was killed 


.in1968. ~ 


THE MEMPHIS Police Depart- 
ment has denied that any documents 
relating to the King case have been 
destroyed. Lt. William Schultz said 
that all of the King files were turned 
over to the state attorney general in 
Mernphis. : 

There have been published allega- 


ithhel 


tions that some of these had been 
burned in September when the de- 
partment destroyed records of its 
intelligence division. These records 
were burned as the department faced 
lawsuits filed by individuals on whom 
the department had allegedly con- 
ducted surveillance during the 1960s. 

At the unexpected public session of 
the House Committee on Assassina- 
tions, Gonzalez asked staff attorney 
Robert Ozer if he had any reason to 
believe that documents relating to the 
King case had been destroyed "since 
the constitution of this committee," . 

“Yes, sir," Ozer replied. “I believe 
there are some documents that have 
been destroyed." ' 

The hearing, originally expected to 
be held in secret, was opened to the 
public after a motion to go into execu- 
tive session failed on a 6-6 vote. Rep. 
Christopher Dodd, D-Conn., led the 
argument to open the hearing. 


CHICAGO SUN-TIMES, March 25, 1976 


Files on Panthers. 


By Dennis Fisher 


The Justice Department has 
withheld massive amounts of 
evidence from lawyers for the 
survivors of a police raid on a 
Chicago Black Panther apart- 
ment in which two Panthers 
were killed, testimony in U.S. 
District Court showed Wednes- 
day. 

The surprising disclosure 
could mean the survivors will 
win the part of their damage 
suit that pertains to federal de- 
lendants, attorneys in ihe case 
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The documentary evidence 
— files on the Black Panther 
Party, informants and plaint- 
iffs in the complicated suit — 
takes up more than 30 feet of 


‘file space. 


After two days of testimony 
from Federal Bureau of In- 
vestigation agent Willlam Dea- 
ton and in several conferences 
in the chambers of U.S. Dis- 
trict Court Judge Joseph Sam 
Perry, attorney for the plaint- 
Iffs James D. Montgomery 
said he will consider seeking 
sanctions against ine federal 
defendants and their lawyers. 


Montgomery described the 
turn of events as highly prej- 
udicial to his clients, in the 
trial; now In its third month. 

The sanctiorts could include 
contempt-of-court citations, 
fines, the costs of Montgom- 
ery's preparation for the case 
over the last six years and, 
most significant ,a default 
judgment against the federal! 
defendants. 

Judge Perry had ordered the 
complete files turned over as 
the trial began last Jan. 5. He 
Baid repeatedly during hear- 
ings Tuesday and Wednesday 


on the withheld documents 
that there was no excuse for 
such flouting of the rules. 

By the close of court 
Wednesday, defense lawyers In 
the case had agreed to make 
coples of all of the withheld 
materialis and to begin 
Thursday to go through. the 
lengthy process of reviewing 
each document to determine 
its relevancy. That could take 
days, lawyers said. 
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Chicag o Dai ly News 


By Rob Warden 

Black Panther lawyers ar- 
gued Tuesday that FBI and 
Justice - Department officials 
should to be held in contempt 
of federal court for trying to 


3/30/76 


conceal a 30-foot stack of sub- 
penaed documents. 

The documents are potential 
evidence in a Panther lawsuit 
asking damages of $47.7 mil- 
lion for the 1969 West Side raid 


© 
in which Fred Hampton and 
Mark Clark were killed. 

U.S. District Court Judge Jo- 
seph Sam Perry ordered all 


FBI files on the local Panthers 
produced weeks ago, and Jus- 


ssun-Llimes E Editorials 


Monday, Aua. 25. 1975 


Panther case revisited 


During the Nixon years, the same government official publicly in charge of 
protecting civil rights was privately named the co-ordinator of all government 
snooping. on political dissidents. 

Indications of that apparent conflict of interest are buried in Chapter 10 of 


the Rockefeller Commission's report on the Central Intelligence: Agency" S do- 
mestic.activities. This was the setup: 

In 1969, Jerris Leonard was publicly named -assistant attorney general in 
charge of all civil rights under Atty. Gen. John N Mitchell. In that job 
Leonard was concerned mostly with the protection of rights for minority 
group members. 

In 1969, Mitchell secretly named Leonard head of two justice Department 
units charged with supervision and co-ordination of the ciandestine gathering 
of information on groups that supposedly posed a threat to peace in the 
nation’s streets — the anti-war protesters of the day and militant minority 
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tice Department lawyers as- 
sured him repeatedly that they 
had complied fully with the or- 
der. 


But it was discovered acci- 
dentally last week that only a 
small percentage of the dócu- 
ments had been produced. Of 
about 1,600 documents in 
Hampton's file, for instance, 
the FBI and Justice Depart- 
ment turned over only 57. 


Because the files contain in- 
formation that might identify 
FBI informants, the judge per- 
mitted the FBI to remove that 


* information before producing 
-the files. 


But in this he relied solely on 
the defendants to decide what 
they should produce to be used 
in the case against them. 


The deletion process wus 
supposed to be supervised by 
FBI Agent Robert T. Piper, a 
defendant in the case, and his 
Justice Department lawyers, 
Edward S. 
Arnold Kanter, 


SEQ 
Christenbury an 


groups, for example. 


In that job, Leonard was to work with the CIA, the FBI, military intelligence 


groups and other government units. 


So publicly we had Leonard- the-protector- of-the- Constitution and, privately, 


Leoward-the-co-ordinator-of-spying-information. 


The problem in this is best highlighted by Leonard's activi- 
ties in the Chicago Black Panther case. After the 1969 raid, 
Leonard was named to head an investigation of possible civil 
rights violations by Chicago police which was, at the time, the 
only known agency invoived in the raid. No indictments re- 
sulted. 


We now know that the FBI had infiltrated the Panthers and 
recently Thomas J. Dolan of the Sun-Times staff reported that 
at least one report was routed to Leonárd's intelligence-co- 
ordinating Interdepartmental Information Unit. Leonard 
denies he ever saw that report. 


He also denies that any conflict of interest existed. We're 
not so sure. Leonard will be giving a civil-suit deposition here 
next month and the conflict should be explored. Further, 
Chapter 10 of the Rockéfeller Commission report should be 
reread by the congressional committees Investigating the CIA. 
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THIS WEEK IT WAS revealed in court that one of the doc- 
uments Initially withheld described the FBI's role in planning 
the Dec. 4, 1969, raid, which was carried out by Chicago po- 
lice under the control of then State's Atty. Edward V. Hanra- 
han. | 

The document — an FBI memo initialed by Piper and dated 
Dec. 8, 1989 — stated that the raid was based on information 
supplied by informant O'Neal. 

The memo, addressed to FBI Director J. Edgar Hoover, said 
the Chicago office of the FBI had supplied local authorities - 
with a detailed floor plan of the apartment to be raided and 


an inventory of weapons kept there. 
“The raid was based on information furnished by the in- 


formant,” the memo stated. : 

This is important in view of the fact that all three FBI 
agents denied flatly on the witness stand that they had any- 
thing tó do with the raid. 


Judge still trusts the FBI 


By Rob Warden 


The judge in a landmark 
Black Panther civil rights 
damage suit has announced 
that his confidence in the FBI 
basn't been shaken by charges 


Judge's actions cite 


that it covered up its role in 
the death of Fred Hampton. 


U.S. District Court Judge Jo 
seph Sam Perry told lawyers 
in the case Wednesday that his 
“confidence in the FBI 
such” that he was entrusting 


lawyer's defense 


By Dennis D. Fisher 


Lawyers for survivors of the 


1969 raid on the Black Pant- 
hers here filed a lengihylist 
Thursday of the trial judge's 
actions, which, they said, were 
so preiudicial that a contempt 
citation against one of the at- 
torneys should be set aside. 

G. Flint Taylor Jr. and Jef- 
frey Dennis Cunningham at- 
tached to tke list submitted to 
the U.S. Court of Appeals a 
sworn statement by a former 
assistant U.S. attorney that 
quoted the trial judge as say- 
ing the FBI never would be 
found guilty of conspiring to 


violate the civil rights of the - 


Black Panthers. 

Sheldon Waxman, the fer- 
mer assistant U.S. attorney, 
who was the government's 
lawyer in the case át one time, 
made the affidavit Dec. 22, 
1975, two weeks before the 
trial began. 


Waxman sald under oath . 


that he had two conversations 
with the U.S. District Court se- 
nior judge, Joseph. Sam Perry, 
one in November, 1975, and 
one a week later on Dec. 1. 


In the first conversation, - 


Waxman said, he asked Perry 
at a political dinner whether 
the judge had seen newspaper 
ariicles about revelations from 


the Senate intelligence com- : 


mittee concerning an FBI 
counterinteligence program 
that focused on the Panthers. 
The former prosecutor said 
the judge. told him he had not 
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„seen the articles and that the 
committee's report wasn't 
relevant ioo ihe Panther case 
before him. 

In the second conversation, 
in the Dirksen Federal Build- 
ing, Perry told Waxman, ac- 
cording to the letter, ''They 
(the Panther lawyers) will 
never be able to prove tbat the 


FBI killed those fellas.” The: 


reierence to killing was to the 


police slaying of Panther lead-' 
i the deaths of Hampton and 


ers Fred Hampton and Mark 


By Dennis D. Fisher 


Lawyers for the Black Pan- 
ther pleintiffz renewed charzes 
that the trial judpe is pre- 


from a-minister Wednesday to 
support their request that the 
judge remove himself. 

G. Flint Tavior Jr.. a plain- 
tiffs’ lawyer. asked U.S. Dis- 
‘trict Court Senior Judge Jo- 
seph Sam Perry to declare a 

mistrial in the case. 


Taylor charged that Perry 
80, "has prejudged the jssurs 


land committed countless pre- 
judicial errors in his efforts to 
make the evidence and ver- 
dicts conform with his pre-set 
opinions." 


is: 


‘Minister telis talk 
aniner [Ut je 


judiced can diiled an affidavit: 


to its care 94 volumes of ir- 
replaceable - documents that 
conceivably could prove or dis- 
prove that there was a cover- 
up. 


WHEN Panther lawyer G. 
Flint Taylor Jr. asked Perry 


Clark on Dec. 4, 1969, in an 
apartment at 2337 W. Monroe. 


Perry cited Panther attorner 


Taylor for contempt lest Nox. 
1l afier the Jawyer knocked 


„over a glass water pircher, 


which broke on the courtroom 
floor, while ine jury was. ab- 
sent. There is a Gispute over 
whether the incident was in- 
tentional. Perry jailed Taylor 
for five hours. 

The FBIs involvement in 


tis impossible. 


= 


Wit 


lc 


i 
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at least to direct the FBI not to 
destroy the documents, the 
judge replied angrily: 


"*F don't need to direct them. 
I don't want to presume that 
they would destroy them." 


inther 


Clark is central to the con- 


spiracy trial over which Perry 
has presided for the last year. 


' Survivors of the raid, asser- 
| tedly conducted in a search for 
| illegal weapons, _ charged thei 
! FBI agents and an FBI infor- " 
mant violated tbeir civil rights 
intentionally in helping to plan 
and carry out the raid. They 
seek $47.7 million in damages. 


e 
Bs ot 


uk 
S 


4, 1969, they might make a 
case. But this conspiracy in- 
volving the FBI and Hanrahan 
This cannot be 


The lawyer attached a two-! true, There is no earthly way. 


_ page affidavit by thc Rev. 


Thomas W. Strieter, pastor of í 
-Grace Lutheran Church;. 


Gien Ellyn, a former Maywood | 
village trustee, to support the 
bias charges and request for a 
mistrial, ' 

Mr. Strieter said that he was 
a chaplain for an American 


Legion parade last May 31 im 


| Glen Ellyn.” During the Me- 
|morial Day festivities, the 
¿minister rode in a car with 
‘Judge Perry and “engaged in i 
E lengthy conversation," he 
“said. 


During the talk, Mr- Strieter | 
‘recalled, “Judge Perry volun- 
Acered in substarce the follow- 
ing: If only the lawyers would: 
stick to what happened on Dec. 


: ta establish that." "- 
The conspiracy reference in-- 
l'volvc charges im the lawsuit 


ithat Federal Bureau of In-, 


‘ vestigation agents teamed up 


| with former State’s Atty. Ed- 


ward V. Hanrahan to violate 
intentionally the civil rights of 
‘the Panthers and.to kill Hamp- 
ton and Clark. M 
i Judge Perry dismissed Han: 
rahan and the FBI as defend- 
:ants from the case last: month. 
: without explaining his decision: 
ES the jury. 

“Mr. Strieter said that shen 
he - read .Hanrahàn was dig- 


missed from the case, he was 


i reminded of his conversation, 


By Chip Berlet 

Judge Joseph Sam Perry, while presid- 
ing over the Black Panther civil case, 
wrote a series of ex parte letters to gov- 
ernment officials exonerating the FBI de- 
fendants and their attorneys from 
charges that they wrongfully withheld 
key documents — charges made by the 
plaintiffs’ attorneys in sanction and con- 
tempt motions which were pending be- 
fore the judge when he wrote the letters. 

Judge Perry also suggested in one let- 
ter that a much-publicized Justice De- 


partment investigation into the charges . 


of wrongdoing be “left to the court" to, 
deal with after the end of the trial. i 

According to the Panther attorneys, 

the letters were part of an attempt to 
“whitewash” the defendants’ actions in 
withholding material; and further, that 
they show Judge Perry “advocated the 
Defendants’ cause” while hearing the 
CABE. 
In a motion filed in mid-November, the 
Panther attorneys ask the U.S. Court of 
Appeals for the Seventh Circuit to imme- 
diately issue its mandate ordering a hear- 
ing "to determine what sanctions to im- 
pose against the FBI defendants and 
their lawyers." The Seventh Circuit pre- 
viously had issued the order along with a 
call for a new trial, but the defendants 
have requested a stay on all matters 
while they ask the U.S. Supreme Court 
to grant a review. 

The Panther attorneys, from the Peo- 
nles Law Office, also have asked that dis- 
ciplinary action be taken against Perry for 
his ex parte letter writing in the middle, 
of the controversial case. The letters, 
marked “confidential” and written on 
Perry’s court stationery, are important 
not only bécause they show improper, ac- 


tions by the judge, charge the Panther 


attorneys, but also because they are part 
of a chain of events whereby the Justice 
Department. was able to postpone its in- 
vestigation into misconduct by the FBI 
defendants and their attorneys, knowing, 
in advance that Judge Perry would even- 
tually exonerate the men. The Justice 
Department apparently clósed the inves- 
tigation, citing the Judge's ruling at the 
end of the trial. : 

Because of this invesjigative shell 
game, there has never been either a hear- 
ing or probe into the charges that the 
FBI agents and their attorneys conspired 
io withhold crucial evidence. The eviden- 
ce links the FBI Counterintelligence Pro- 
gram (COINTELPRO) to the assault on 
Chicago Panther headquarters 

After reviewing the FBI files and de- 
termining they were relevant to the cáse, 
the Panther attorneys alleged bad faith 
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neys. Judge Perry denied the mistrial 
and said he would hear the sanctions 
motions after the case was concluded. 

Meanwhile, two black state legislators, 
Sen. Richard Newhouse and Rep. Harold 
Washington, wrote a letter to then-U.S. 
Attorney General Edward H. Levi charg- 
ing the three Justice Department attor- 
neys with a "massive, illegal cover-up" of 
the FBIs role in Hampton and Clark's 
death. The letter went on to call for the 
firing of the tliree attorneys, saying they 
had utilized their offices to "violate the 
law and the public trust." 

In response to the letter by Newhouse 
and Washngton, the Justice Department 
ordered an internal investigation led by 
assistant U.S. Attorney Charles Kocoras. 
Kocoras sent a copy of the legislators' 
letter to Perry on April 21, 1976, and in- 
vited "any comments you might have. . . 
with respect to the propriety or impro- 
priety of the conduct of the government 
lawyers in this case . . . your observa- 
tions would be of great significance in de- 
termining the validity or invalidity of the 
charge." 


- Two days later, without informing the 


plaintiffs, Perry responded to Kocoras 


and dismissed the charges out of hand. 
“The fact is that the charges about the 
conduct of [the attorneys] were and are 
wholly unwarranted," wrote Perry. Perry 
also said the withholding of the FBI doc- 
uments "could not have been intentional" 
and added, “I am positive that it was an 
unavoidable error and that all of the at- 
torneys for the agents of the FBI who 
participated in the case acted in good 
faith." In the letter, Perry contends that 
there was only one document in the 
30,000 pages of FBI documents belatedly 
produced that was relevant to the case. 
-This view is not shared by plaintiff's 
attorneys, nor the Seventh Circuit, which 
reversed Perry's order exonerating those 
involved and ordered a hearing on 
whether sanctions should be imposed 
against the FBI Defendants and counsel 
representing them at the first trial for di- 
sobeying court orders to produce docu- 
mentary materials. Judge Luther Swygert 
went further and stated:"It is clear that 
the federal defendants . . . and their 


counsel rather than promptly furnishing 
relevant documents as requested, deliber- 
ately impeded discovery and' actively ob- 
structed the- judicial process, thus deny- 
ing plaintiffs the fair trial to which they 
were entitled. Regrettably the trial judge 
permitted these tactics.” 

Perry not only exonerated the defense 
attornerys; he praised them. The same 
day Perry wrote to Kocoras, he sent a 
copy of the Kocoras letter to Attorney 
General Levi with a cover letter marked 
confidential. The letter concluded by say- 
ing: "All of the Attorneys and present 
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and former Agents of the FBI mentioned 
in the [charges] should be cómplimented 
for their high standerd of conduct in the 
case." Perry also noted he did not “know 
Senator Newhouse personally but I do 
know Representative Washington, who 
pleaded guilty [in a civil case] before me 
about two years ago." 

The controversy over the FBI’s con- 
duct in withholding evidence continued 
to grow in early May, 1976, with the 
NAACP's Roy Wilkins calling the FBI's 
actions “outrageous” and “intolerable” 
and seeking an independent probe into 
the alleged federal coverup. 

An outside investigation was not 
launched, but Kocoras, who had ties with 
several of the defendants, was removed 
from the investigation. Kocoras was re- 
placed by assistant U.S. Attorney Ste- 
phen Kadison. Kadison did seek to inter- 
view. the FBI agents involved, but appar- 
ently was told by the Criminal Division 
of the Justice Department that the 
agents could not be interviewed until af- 
ter the trial ended. : 

Kadison then wrote. the Executive Of- 
fice of the U.S. Attorney saying he had 
been forbidden to interview the agents, 
and asked that he be “permitted to conti- 
nue with the inquiry rather than be re- 
quired to wait until the conclusion of the 
trial." There is no answer to this letter in 
the correspondence concerning the mat- 
ter obtained by the plaintiffs' attorneys 
under the Freedom of Information Act. 

Peiry's letters were initially refused 
under the FOIA request, and were re- 
cently produced under appeal. Among 
them is the one addressed to Kocoras 
which suggests the investigation wait un- 
til the trial is over. 

According to the Panther attorneys, 
the scenario shapes up like.this: The FBI 
agents and their attorneys were caught 
withholding key evidence, and contempt 
and other sanctions were sought in court. 
The Justice Department launched a 
widely publicized investigation, but the 
presiding judge informed the investigator 
that the individuals charged were not 
guilty of wrongdoing and to wait for the 
end of the trial when the charges would 
be “disposed of." A new investigator pur- 
sued the investigation, but the Justice 
Department, knowing the judge would 
exonerate the men at the end of the trial, 
stalled the investigation. At the end of 
the trial, the judge dismissed the charges, 
and on the basis of this dismissal, the 
Justice Department dropped the investi- 
gation. The net result is that no investi- 
gation has ever taken place, and given 
the view of the Seventh Circuit that 
wrongdomg may have occurred and that 
a sanctions hearing should beájhelu, tne 
Panther lawyers are seeking an early 


scheduling of that hearing = 
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LIG TED STATES DISTRICT COURT 
219 SOUVH DEARBORN STACLET y 95 
CHICAGO ILLINOIS 6O604 


Tel: 431.6400 
ExrT. 336 


P. Kocoras 
tant U.S. Attorney 


- 


Attorneys Edward Christenbury, Arnold Kanter and Alexandra 
Kvoka have represented all of the present and former FBI egents 
and the former informant for the FBI in the highest tradition of 
€ Bar. They are to be commended for their conduct in a most , 
BiifioculL case. 


ZW 


eM M Coast 


JSP:rTZ 
cc: Honorable Edward H. Levi 


Attorney General cf the United States 
Washington, D.C. 


CONF TREN TIAL 


Honorable Edverda HN. Levi 
Attorney General of the United States April 23, 1°76 
Departwent of Justice 

Tashington, D.C. 20530 


ed 


Dear Attorney General Levi: 


I am sending you a copy of a letter that I have just 
written to the Office of the District Attorney in Chicago 
All of the Attorneys and present and former Agents of the 
FBI mentioned in the caption should be complimented for their 
high stardard of conduct in the case of nawnton, et al. vs. 
‘Hanrahan, et al., No. 70 C 1284. 


2 i * T d . / Am gh 
respectfully yours, j M A UT 
on es C T RUE 
nd mu Qe. tt oe aS LEPER r 
/ fo tn (yb f - n 
^ ROSE Cang Orry i 
dor .lefcUMe 
ISPs rs, , / m uM 
iJ c» ae X sw 


Page 683 of 3957 eC 


Page 684 of 3957 


UNITED STATES DISTRICT COURT 
96 : , 249 SOUTH DEARBORN STREET 
| CHICAGO. ILLINOIS 60604 


TEL: 431-9499 


CHAMBERS OF 
Ext. 336 


SrNIOR JUDGE JOSEPH SAM PERRY 


^ . May 6, 1976 


CONFIDENTIAL 


Mr. Charles P. Kocoras - 

First Assistent United States Attorney 
for the Northern District of Illinois: 

Room 1500, United States Court House 

Chicago, Illinois 60604 


Re: Hampton, et al. vs. Hanrahan, et al., No. 70 C 138% and 
Assistant United States Attorney Arnold Kanter, 
Assistant United States Attorney Alexandra Kwoka, and 
Edward Christentury, Special Attorney from the 

Department of Justice in Washington; and 
Special Agents of the Federal Bureeu of Investigation: 
Richard G. Held, Roy Martin Mitchell, Robert Piper 


and former Special Agent Marlin Johnson. 


Dear Mr. Kocoras:- : 


A controversy arose in the captioned case when the plain- 
tiffs filed one motion. ‘asking the court to hold the three first- 
named persons in contempt and another motion for sanctions 
egainst all of the above named individuals. Those motions were 
taken under advisement. When this case is concluded and a ver- 
dict is returned, I will dispose of them. The derendants have 
filed a motion to hold certain or the plaintiffs! attorneys in 
contempt. That moticn will likewise be taken under advisement. 


There are other collateral matters that can best be Cealt 
with after the verdict. This case has been on trial for four 
months. I cannot take time out to hear collateral motions which 
can better be disposed of after verdict. 


There is still Boc potent reason for so doing. Thet 
is the question of prejudice of the jury which is not segregated, 
the case being-civil and not criminal. Already there has been 
publicity that may be harmful. ` 


It would seem that this whole matter might very vc11 be 


left to the court where it is pending. . 
7 Very truly of] e» 
220 /] L2 127-9 
Ceci CTA a. 


JSP:rz AttacHMr]T H 
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_ By Chip Berlet . 
Attorneys in the Black Panther civil 
suit have filed a motion in the Seventh 


` Circuit Court of Appeals asking that 


` Judge Wilbur F. Pell be recused from 
’ “participation in the Court's deliberations 
, and actions” in the case because the 
: judge is a former FBI agent who until 


* late 1977 was a member of the Society of. 


: Former Special Agents of the FBI. 


: The attorneys, all affiliated with the - 


People’s Law Office, say that Pell's rela- 
~ tionship to the FBI and the society "is 
ynot contained in his official biography” 
: issued to them by the court clerk's office, 
: and that they were not aware of Pell's 
", FBI ties until after the latest round of le- 
* gal motions in the appellate court. Pell's 


connections have been made nublic, how- 


.ever, for example in Who's Who inc 


` America. - 
* Given these relationships, the üitorneya 
.say, Pell should not have heard the re- 
-~ cent appeal in which two appellate 
“Judges ordered a new trial in the Hamp- 
ton case, while Pell dissented and issued 


„a stinging attack oa the plaintiffs and | 


their attorneys. 
: The defendants in the Hampton case 
“have already cited Pell's dissent in an at- 


tempt to have the Seventh Circuit rehear - 


‘their appeal en banc, but this attempt 
failed in a tight 3-3 vote with two judges 
.recusing themselves. The defendants 
‘have indicated that they intend to cite 


‘the dissent, and the "close" vote to re- 


'hear, in petitions for certiorari they ap- 
“parently intend to file with the Supreme 
Court. 

- At one point in his dissent, Pell char- 

_ acterized the Hampton case as a “wide- 
‘ranging witch-hunting type of assault on 
‘public servants across the board,” and 
-complains, “Unfortunately many who de- 
cried the excesses of McCarthyism do not 
“seem equally concerned by the develop- 
ment of the extremity of present day 
witch-hunting directed toward. law en- 
forcement officials." 

. / Comments like these, say the Hampton 
attorneys, are similar to those made by 
deferiders of FBI practices, including the 
Society of Former Special Agents of the 
FBI, which opposes prosecution of FBI 
agents and has been raised funds for the 
defense of FBI agents indicted on charges 
of illegal activity during. operations 
against radical groups. The charge that 
-law enforcement agencies acted illegally 
while seeking to “neutralize” the Black 


Panther Party is central to the plaintiffs’, 
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"?^judge Pell was an FBI special agent 
fen 1942 to 1945, according to the 1978- 
1979 edition of Who's Who in America, 
which also lists him as a member of the . 


Society of Former Agents. 

-Pell has told reporters that he left the 
- society in late 1977. Legal matters in the 
Hampton case were reaching the appeals 
court as early as May, 1975, when Pell 
voted on a Hampton plaintiffs petition 
for writ of mandamus..Pell was also a 
member of the society when he heard se- 
veral other motions in the Hampton case, 
and the Hampton attorneys say his resig- 
nation came too late to avoid the appear- 
ance of a conflict of interest. 

The Hampton case arose from a pre- 
dawn police raid on the Chicago Black 
Panther headquarters the morning of De- 
cember 4,.1969, which left Panther lead- 

` ers Fred Hampton and Mark Clark dead 


and several other Panther members : 


wounded. Revelations about the FBI's 
Counterintelligence program (COINTEL- 
PRO), which emphasized “neutralizing” 
the Black Panther Party, led the Hamp- 
ton attorneys to add the FBI to the civil 

Named as new defendants. in an 
amended complaint filed on December 4, 
1974, were Marlin Johnson, Special Agent 
in Charge of the Chicago FBI office at 
the time of the raid; special agents Rob- 
ert Piper and Roy Martin Mitchell of the 
Chicago FBI's Racial Matters Squad; and 
William O'Neal, a paid FBI informant. | 
FBI documents show that O'Neal drew a 
map of the floor plan of Panther head- 

-quarters, with a special notation fixing 
the location of the bed in which Hamp- 
ton slept. This map was passed to the 
Chicago police, who used it in their raid. 
FBI memos and courtroom testimony by” 
FBI agents show that the FBI provided 
substantial information which assisted in 
the planning for the raid, and encouraged 
the Chicago police to carry out the raid. 

In the amended 1974 complaint, the 
Hampton attorneys alleged a conspiracy 
between the FBI and local law enforce- 
ment officials and police to illegally de- 
prive the Panthers of their civil rights by 
attempting to destroy their organization, 
and, in the 1969 incident, killing and in- 
juring them, then covering up the con- 
spiracy, 

The majority appellate decision, which 
ordered a new trial in the case, recogniz- 
ed that the plaintiffs had presented suffi- 
cient evidence of a conspiracy so that. the 
case should be heard by a jury. 


, of the society was 


Given the importance of the FBI's role 
in the alleged conspiracy and the direct 
affiliation of four defendants with the 
FBL the Hampton attorneys charge that 


* Pell should have recused himself. This is 


especially the case because the law re- 
quires a judge to disqualify himself not 
only in cases of direct conflict of interest, 
but also in "any proceeding in which his 
impartiality might reasonably be ques- 
tioned.” 

Pell’s former membership in the Socie- 
ty of Former Special Agents of the FBI 
seems to be more distressing to the 


"Hampton attorneys than his status as an 
-  ex-FBI agent. 


“The Society i is a powerful political or- 
ganization and lobbying group, knowl- 
edgeably described as a ‘civilian auxiliary 
of the FBI’ composed of men and women 
‘whose devotion to former Director J. 
Edgar Hoover demands expression 
through something midway between: 4 
fan club and an, organized religion,” says 
the recusal brief, quoting from the book 


-The Private Sector by George O'Toole. 


A 1975 internal society membership list 
obtained by the Public Eye, a research 
group affiliated with the National Law- 
yers Guild, shows that-Pell was not the 
only figure involved in the Hampton case 
who was a:member of the society. The 
list. also includes. one defendant, Marlin 


Johnson. 


Pell has told reporters that the organi- 
zation is just a fraternal club. Society 
documents state that the original purpose 
"the preservation of 
friendship and loyalty and the promotion 
of good will among the members." How- 
ever, this was officially changed by ma- 
jority vote of the members on October 9, 
1976, to include a number of other objec- 
tives, including: 

“To encourage respect for our Country 
and its traditions and to foster its securi- 


- ty and freedom from. destructive forces, 


foreign or domestic; 
“To seek to elevate and strengthen the 
public image of the good law enforcement 


. officer as an asset to his community and 


the image of the good law enforcement 
agency as a vital force for the good of 
our Country; 

— “To serve the Nation in any emergency 


' calling for men with FBI training and ex- 


perience and complete dedication to the 
principles of Fidelity, Bravery and Integ- 
rity." i 

-The Hampton attorneys dait that, as 


-: part of this “emergency” assistance, “The 
ET iety T 


reportedly had -a. _ long-standing 
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agreement with the Bureau” to assist in © 
rounding up people for "preventive politi- 
cal detention" under the bureau's recent- 


ly revealed and discredited "Security In- 


dex" or "Agitator Index" programs. 


A policy statement issued by the socie- 
ty's board of directors, prompted by the 
indictments of several former FBI offi- 
cials for alleged illegal activities during 
investigations into the Weather Under- 
ground, outlines the group's stand on in- 
dictments against FBI agents accused of 
* misconduct: 

^*We affirm that any criminal prose- 
cution of FBI Agents for actions taken 

* totally without criminal intent, while per- 
forming their duties with honor and de- 
* termination to protect the country from 

‘criminals and subversives, is completely 

rz unwarranted..Our Society is convinced 

+ that such ill-conceived attempts to prose- 


i cute FBI employees will be regarded by. 


x the American public as abhorrent to our 

* nation's sense of fair play and justice." 

! ' Charles H. Stanley, president of the so- 

<2 ciety, confirms that the group raises 

© funds for the defense of indicted FBI 

5; agents and has helped organize demon- 

"T : strations in their support. 

*.. The society claims to have raised more 
. than $400,000 to defend FBI agents ac- 

: cused of wrongdoing through its "Special 
; Agents Legal Fund, 

"According to Stanley, “FBI put 
= should never be prosecuted for carrying 
£ out tasks assigned to them by their supe- 
: riors. It's just irresponsible. That may be 
` a bit strong, but certainly we feel the 
* prosecution of the NY agents [involved 
, in the Weather Underground probe] is 

Wrong." 

à ' The Hampton attorneys call this posi- 
- tion "morally and constitutionally dubi- 
“ous” and say that this defense has fre- 

ay been used by attorneys for the 

* FBI defendants in both the trial and ap- 

. pellate proceedings. Further, the Hamp- 


ton attorneys charge in their motion that. 


. Pell's dissent on the appeal decision “is 
' an almost purely political statement, gen- 
, erally bereft of legal argument, which re- 


;,Deatedly mirrors and adopts the constitu- . 


. ‘pigs,’ 


in : tionally bankrupt positions taken by the 


FBI defendants and the Society of For- 
mer Agents." 
In his dissent, Pell excuses the COIN- 


;. TELPRO operations of the FBI, which 


have been found unconstitutional and 
Hlegal by the Justice Department, Con- 


. gress and other courts, by saying, "It is 


doubtful that in 1969 attempts to discred- 
it groups thought to be presenting a clear 
and present danger of violence was a vio- 


' lation of First Amendment Rights." 


Pell goes on to say that he assumes 
law enforcement authorities at the time 
thought "it would be in the public good 
to neutralize the Black Panther Party" 
and that "the community would be a saf- 
er place for law abiding citizens to live 
and work if Fred Hampton and his co- 
horts were not on the scene," Pell says, 
"It might not be surprising if those enter- 
ing the premises overreacted in view of 
the knowlédge that they were entering as 


been killed by a BPP member." 

The Hampton attorneys charge in their 
motion that Judge Pell "could not have 
written an opinion of this character in a 
case with this record, unless he had em- 
braced the purposes and goals of the So- 
ciety of Former Agents and adopted the 
position of the Agent defendants.” They 
go on to say that Pell's alleged conflict of 
interest "which appears from his back- 
ground as an agent, and his membership 
in the Society, is confirmed by his treat- 
ment of the case in his dissent.’ 


The motion filed by the Hampton at- 


torneys asks that Judge Pell recuse him- 
self or be recused from all further pro- 
ceedings in the Hampton case. Future 
motions could require decisions on certifi- 
cation of bills for fees and costs, which 
could be as much as $1 million for the 
appeal work. There are precedents grant- 


“ing fees to the prevailing side in civil 


rights cases. 


Recusal alone will not satisfy the 
Hampton attorneys, though; they are also 
asking that Pell's opinion in the dissent 
on the appeal, and his vote for an initial 


some of their colleagues having: 


is. 
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hearing and re-hearing en banc, be with 
drawn or stricken from the record, am 
that “an appropriate addendum or not 
be added to the published decision of th 
appeal, fully setting forth the backgroun: 
and function of the Society of Forme 
Agents, and the circumstances of the re 
cusal.” . 

However, according to Judge Pell, th« 
standard procedure for recusal motions ir 
the Seventh Circuit is that they a1» sub 
mitted to the judge being challenged. Pel 
said that, because the motion was perid 
ing, he could .not discuss specific points 
but he did state that the"only matte 
pending is their claim for attorneys fees." 


Pell said that his relationship with the 
FBI and the Society have never been se 
cret and that he feels free. _to discus: 
them in detail. 


“I was in the FBI from August of 194: 
— engaged in war-related activities — un: 
til October or November of 1945, when | 
left and went back into the private prac 
tice of law,” said Pell. When he left, he 
joined the Society of Former Specia: , 
Agents, which he saw as an organizatior 
primarily for "keeping in touch" 
other former members. "We. would get a 
magazine that would say so-and-so is now 
doing this or that," said Pell. a 

"During the time I was a member, the 
society was not engaged in any political : 
activities, and the entire time I was a 
member I attended one meeting,” Pell 
said. 

Pell said that the first indication he re- 
ceived that the organization was involved 
in political activity was a fundraising let- 


‘ter he received asking for donations to 


support the defense of the NY FBI 
agents indicted in the Weather Under- 
ground surveillance case. He said this let- 
ter prompted him to leave the society: 
“When it appeared they were getting into 


«political activities I sent in my letter of 


resignation.” 

He concluded that, when people “don't 
like what someone has to say, then they 
smear him with this, and that’s what this 


» 


" AD HOC 


‘itizens Legall 


efense Fund For The FIBI 


Enclosed is a study of the Weatherman organization which was prepared and 
distributed by the Society of Former Special Agents of the Federal Bureau of 

Because ouriFund works in close cooperation with 
the Society -- and its Special Agents Legal Fund -- we were given permission to 
give this important study even wider distribution. 


Investigation to its members. 


P sdb d Ld 


Three top FBI men are now under indictment for alleged actions taken in line | 


of duty against this terrorist organization: 


L. Patrick Gray III, the former acting 


director of the Bureau; W. Mark Felt, his number two man; and Edward S. Miller, 


who was chief of counter-intelligence. 


Through the generous participation of 


thousands of Americans, our Fund is helping to cover the enorinous expenses 


ovide these men with the best legal defens 
e resources of the U.S. Government leveled against them. 


e pessible in order 


to com- 
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THE SPECIAL AGENTS LEGAL FUND, INC. 


SUITE 2754, GRAYBAR BUILDING 99 
420 LEXINGTON AVENUE 
NEW YORK, N.Y. 10017 212-687-6222 


March 12, 1979 


ad hoc Citizens' Legal Defense Fund for the FBI 
Suite 808 

95 Madison Avenue 

New York, NY 10016 


My dear Friends: 


I acknowledge receipt of your latest check in the amount of $100,000 
made payable to The Special Agents Legal Fund, Inc. 


= AE AET ae ae ee er er EET wee ee 


The money expended on the John Kearney case, about $158,000, resulted 
in a tremendous victory for all of us early last year when the Justice 
Department's indictments were thrown out of court. But that was just 
the beginning. Our cash requirements now have been trebled and even 
quadrupled. We are covering the legal expenses of three FBI men 
currently fighting indictments certainly as unfair as the one brought 
against Kearney -- L. Patrick Gray III, the former acting director 
of the Bureau; W. Mark Felt, who was his number two man; and Edward 
S. Miller, who was chief of counter-intelligence. We also helped 
Wally LaPrade, former head of the Bureau's New York office, in his 
legal fight against his scandalous dismissal. 


There are still other FBI men, both active and retired, who are 
being made scapegoats of the vendetta against the FBI. We see the 
Bureau, of which we are all so proud, being brought to its knees and 
almost irreparably harmed by those who would welcome weakened law 

. enforcement and vital intelligence-gathering in our country. Never, 
in all its history, has the FBI been in such jeopardy. The only way 
we can save the Bureau is to fight for it by providing legal help 
for every agent threatened with legal harassment, which is the major 


weapon of the opposition. 


We will deeply appreciate anything you can do. I thank you on behalf 
of all the former agents in our own organization and, I daresay, 

for every man and woman actively engaged in the law-enforcement and 
intelligence work of the FBI.....still the greatest and proudest 
organization of its kind in all the world. 


Sincerely, 


The Special Agents Legal Fund, Inc. 
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Chicago Sun-Times, Wednesday, May 31, 1978 
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By David Jackson 

Attorney William Kunstler 
charged Tuesday that William 
J. Campbell, former chief 
judge of U.S. District Court in 
Chicago, acted as an “FBI in- 
formant" during the Chicago 
7 conspiracy trial. 

Kunstler, who was the chief 
defense attorney during the 
1969-1970 trial, showed re- 
porters FBI documents obi 
tained through Freedom of In- i 
formation Act requests that i 
indicated Campbell had dis- 
cussed with Marlin Johnson, 
then the FBI's Chicago bureau 
chief, how he thought trial 
Judge Julius J. Hoffman) 
would rule in the case. 

Campbell also told Johnson 
he would "ensure" that a sub- ` 
pena seeking. surveillance 
data, served on former FBI; 
Director J. Edgar Hoover,i 
would be quashed, Kunstler 
said, quoting another FBI doc- : 
ument. ; 


_ “1 THINK it's a crime": 
Kunstler said of Campbell's: 
alleged communications with 
the FBI. "It violates his oath; 
of office, (and) it certainly is| 
in: contempt of court." 

He said Campbell “was ap- 
parently the chief informant 
in the courthouse for the 
FBI." , 


Campbell, now a senior fed- . 
eral judge, was not available: 


for comment. Johnson, who 


retired from the FBI in May,. 
is vice. 


1970 and currently 
president of the  Canteen 
Corp., declined to comment on 
Kunstler's charges. 

Kunstler said other newly- 


.released documents show tliat 


the FBI kept a "total surveil- 
lance" on the defendants and 
their attorneys, even during 
post-trial strategy meetings. 


He said the documents indicat- 


ed that the attorneys' meet- 
ings either were infiltrated or 
bugged because exact com- 
ments made oy the attorneys 
are reproduced in the confi- 
dential documents. 

He said one. document re- 


corded what occurred during: 


a March 5, 1970, conference 
in defense attorney Leonard 


Weinglass’ Newark (N.J.) of-: 


fice, where appeal strategy 
was discussed. The govern- 


; ment, Kunstler said, “knew 


what our strategy was going 


to be, who was going to do. 


what and when." 
“EVERYTHING was 
leaked," Kunstler said. 
The first FBI document in- 
volving Campbell was a memo 
dated Oct. 29, 1969, from 


Alex Rosen, a high FBI offi- 


cial, to Cartha (Deke) De- 


Loach, described by Kunstler 
as the “No. 3 man in the FBI” 
at that time. 

The memo States that Judge 
Campbell contacted Marlin 
Johnson that day before court 
began and “confidentially ad- 
vised” him that "he believed 
that U.S. District Court Judge 


‘Julius J. Hoffman, who Is con- 


ducting the trial, had ‘had 
enough’ of the conduct of the 
defendants, and that it was 
possible that Judge Hoffman 
might today hold the eight 
defendants as being in con- 
tempt of court, as well as 
some of the attorneys, and 
sentence them to jail.” 

Despite Campbell's warn- 
ing, Hoffman did -not do so 
that day. 

A- second memo displayed 
by..Kunstler, who met report- 
ers at O'Hare Airport during a 
stopover between flights, con- 
cerned a subpena served on 
Hoover seeking records of 
surveillance of the defendants 
and their attorneys. The sub- 
pena was served on Hoover on 
Dec. 2, 1969. The memo, 
dated Dec. 3, 1969, also was 
from Rosen to DeLoach. 

IN IT, Rosen reported that 
Campbell had said he “will 
insure that the subpena is 
quashed.” The subpena later 
was quashed by Hoffman. 


Defendant Jerry Rubin, 
who is writing a book, obtain- 
edboth memos through Free- 
dom of Information Act re- 
quests, Kunstler said. 

Kunstler also said that he 
misplaced his address book 
during the trial, but a Jan. 5, 
1970 FBI document indicates 
that the FBI had it and the 
namés of witnesses, attorneys 
and others listed inside it. 

He said the new informa- 
tion showed that judges and 
the government—rather than 
the defendants and their attor- 
neys, as some have claimed — 
made a "circus" of the 
lengthy trial. "No process of 
the judicial procedure was left 
untrammelled. . .. To me, it's 
an unparalleled perversion of 
the legal process," Kunstler 
said. 

The defendants and their 
lawyers were charged with 
more than a dozen citations of 
contempt. Kunstler sald he 
would file a motion to have 
the records of the contempt 
actions expunged and that he 
was considering suing Camp- 
hell, former U.S. Atty. Thom- 
as Foran, the prosecutor, and 
Hoffman, among others, for 
damages. 


Sa 
TIR 


Friday, December 28, 1070 


—————————————À ———— P": 


Ten years later, “Chicago Seven” attorney William Kunst. 
ler is still charging that the real conspiracy Involved In that 
trial included the judge, prosecutors and the FBI. 

In documents made public Thursday, Kunstler’s federal 
court motion claimed that evidence indicates the FBI forged 
threatening letters purportedly written by the Black Pan- 
thers to prospective jurors who might have becn sympathetic 
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to the defendants. He bases his charge on an FBI memo he 
obtained through the Freedom of Information Act. The memo 
reportedly says that U.S. District Judge Julius Hoffman con- 
curred with an FBI order not to investigate the letters with- 


out permission from top agency officials 


Kunstler fs trying 


to oyerturn contempt of court convictions against the defend: 


ants. 


Chicago Tribune S/F 


used black judge 


to discredit Muslims 


By Rob Warden 


CHIEF JUDGE James B. Parsons of 
US. District Court was “utilized” by the 
FBI in a counterintelligence program to 
discredit the Black Muslims in the 1960s, 
according to bureau documents obtained 
by The Tribune. 

The documents, released under the 
U.S. Freedom of Information Act, are 
memos to the late FBI Director J. Ed- 
gar Hoover from Marlin W. Johnson, 
special agent in charge of the burezu’s 
Chicago office at the time. 

The memos say Parsons, at FBI’s be- 
hest, repeatedly criticized the Black 
Muslims, then known as the Nation of 
Islam, as racist and violent. 

Parsons, 66, the first black ever 
named to the federal bench, denied 
Thursday that the FBI asked him to 
make the statements. 


“IT IS TRUE that I sought informa- 
tion about the Muslims from the FBI 
and that there were occasions quite ear- 
ly in the '60s when I was critical of the 


Muslim movement, but under no cir- 


cumstances did the FBI ever ask me to 
Speak," he said. 

One of the memos, dated Jan. 22, 1969, 
says in part: “Over the years considera- 
ble thought has been given, and action 
taken with bureau approval, relating to 
metbods through which the NOI [Nation 
of Islam] could be discredited in the 
eyes of the general black populace or 
through which factionalism among the 
leadership could be created. 

“Factional disputes have been devel- 
oped—the most noteable [sic] being 
Malcolm X Little. Prominent black per- 
sonages have publicly and nationally 
spoken out against the group—U.S. Dis- 
trict Court Judge James Benton Parsons 
being one example. 

“Chicago, as the bureau is aware, has 
always been on the alert for methods. by 
which the NOI could be directed or dis- 
rupted. As is evidenced by the present 
co-operation with Parsons this policy 
continues." 


ANOTHER MEMO, dated Dec. 22, 
1968, says that ''Chicago continues to 
maintain periodic contact" with Par- 
sons, who was “approved by the bureau 
for counterintelligence usage sometime 
a 0.” 
on the memo adds, “will cer- 
tainly continue to speak out in such 
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Judge James Parsons 


fashion and the contact by Chicago 
productive of such will continue.” 

A third memo, dated Aug. 29, 1969, 
says that “several years ago Chicago 
utilized a local federal judge to speak 
out against the NOI. He has not been 
utilized in this regard since the murder 
of Malcolm X Little as it was not the 
bureau's desire to involve him in a 
name-calling contest.” 

Parsons, interviewed by telephone in 
Delavan, Wis., where he was attending 
a judicial conference Thursday, said he 
has “‘no reaction" to the statements in 
the memos. “To me the language ‘uti- 
lized' is understandable, but from a pub- 
lic standpoint it will not be understood. 

"T think the documents reflect the fact 
that I had been threatened back in '63 
by the Muslims. I was anxious to be 
constantly informed about them, and I 
had a complete FBI file on them. At no 
time did anybody ask me to speak out 
against or use my influence against any- 
one. I am responsible for what I said." 


THE THREAT, Parsons said, “was 


that I was to be physically disciplined." 
He said the threat was not made di- 


"rectly to him, but that he learned about 


it from the FBI. “Frankly, I was quite 
frightened when it occurred,” he said. 

He said his view of the Muslims has 
changed and he no longer criticizes 
them. 
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Chicago Tribune, Friday, April. 28, 1978 


WASHINGTON [AP]—Atty. Gen. Grif- | 


fin Bell undermined the Justice Depart- 
ment's: investigation of the..FBI and 
blocked possible indictments against | 
eight middle-level FBI officials, the man 
who led the probe said Thursday. 

William’ L. Gardner told a Senate ap- 
propriations subcommittee ‘that Bell ef- 
fectively halted the investigation by re- 
fusing to let prosecutors seek perjury 
indictments against an unspecified num- 
ber of FBI officials who the task force : 
believed were lying. 

Without the threat of perjury charges, 
Gardner said, his task force;bad no le- 


verage with ‘which to force agents to tell ` 


the truth “about allegedly Megali TBI pes 
tivities. . ^^ ^ à 


that Bell "was handed a diffitult task 
when he arrived" and that “he gave it 
his full attention and best efforts, and 
The did his duty as he saw it.” 

Adamson said FBI officials and em- 
.ployes arë still ‘subject to disciplinary 
procedures for any role they may have 
. had in the aliegedly illegal surveillance 


E , activities. 


Gardner testified that the task force 
not only learned that FBI agents were 
-involved in burglaries but also turned 
-up a class in breaking and entering that 
. was given by a “‘guest lecturer" at the 
FBI training academy i in Quantico, Va. 


ANOTHER FORMER member of the 
* task force, Stephen Horn, told the sub- 


“ committee’ that” Béll' pleaded with” an 


GARDNER SAID BELL ne efüged- * FBI official to recant his testimony aft- 


to let prosecutors seek indictments ~of~ 
eight mid-level -officials òH- charges of 
wirelapping, mail theft, break-ins or: 
black bag jobs, perjury, and: false state- 
ments to a government agency. 

He said the officials, some of whom ` 
;still work for the FBI, include three 
squad leaders, four special agents in 
charge of divisions and one assistant 
director. ” M 

Gardner did-not- name any of the offi- 
cials. He resigned as head of the task . 
force .in December - 
head of the criminal section of the’ de-' 
partment's civil rights division. , " 

Bell, out-ot town until Monday, had no 
immediate. ; comment. But an aide, Ter- 
ence:B. Adamson;said the attorney gen- 
.eral stands.by his handling of the case 
and does not want to get into a-debate 
with the task force lawyers. Pas “3 


ADAMSON described Bell’s piziosconi- 
cal framework for prosecuting fhe. so- 


but remained as’. 


-er the -task force told the attorney gen- 
eral it anten to indict the official for 


7 


perjury. <: =o te * 
“He told him he did not vant to prose- 


: cute him because -he was an FBI 
- agent," Horn said of Bell “He said it 
would be a disgrace to the FBI.” 

The statements by Gardner and Horn, 
and by two other task force members 
_who resigned last year after a dispute 
with Bell, prompted Sen: Lowell Weick- 
er [R.; Conr] to question Bell's fitness 
for office.. 

“It Seems clear that the “attorney gen- 
eral, despite the advice of top Justice 
"Department prosecutors, willfully select- 
ed nof fo pursue a complete investiga- - 
tion," Weicker said. “What has tran- 
spired here this morning rightfully calls 
into question the suitability of Griffin 
Bell to continue as attorney oe .of 
the United States; a on 


called black-bag abuses as “giving the- [D., S:C.] said such talk was “‘sanctimo- 


highest priority to those with the-great-- 
est degree of culpability.” Adamson said ` 
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nious” and said what really was at issue ` 


` was that Bell and- his subordinates disa- 


greed on how to proceed with a difficult 
investigation. . .,. 

; Gardner said that when his task force 
recommended ‘indictments of eight offi- 
-cials, four of them no, longer were with 
‘the bureau, and: four still worked at the 
FBL... 

He said ‘Bell objected. to indicting so 
many agents and that the attorney gen- 
eral said several times that “he had to 
manage the bureau but couldn't do it 
with £heir officials on trial so often." 


BELL EVENTUALLY ‘decided, Gard- 
ner said, to indict only one man, John J. 
Kearney, fhe former director of the FBI 
bureau in New York. 

Since fhen, the . Justice Department 
bas dropped that indictment and has 
announced indictments against former 

~ Acting FBI Director L. Patrick Gray III 
and two other execttivelevel FBI offi. 
cials on charges resulting from alleged- 
ly illegal break-ins ordered by the agen- 
cy in ihe early 1970s, 

Gray has pleaded innocent to the 
charges, as did the other two defendants 
—W. Mark Felt, a former acting associ- 
ate director, and Edward S. Miller, a 
former assistant direclor of the domes- 
tic intelligence division. | . 

.Bell also has taken administrative ac- 
tion against another. FBI executive, .J. 
Wallace LaPrade, until recently head’ of 
the FBI’s New York office. : 

GARDNER TESTIFIED that Benja- 

. min Civiletti, then head of the depart- 
ment's criminal division, agreed in an 
April 2, 1977, meeting that the eight cases 
should be presented for grand jury 
indictment. . p 
. Gardner also testified that the nature 


~- and extent of recent intelligence agenscy 
HOWEVER, SEN. Ernest - Hollings 


abuses were hidden frem Congress, and 
* that the Senate committee inszestigation 
headed by Sen. Frank- Cheech AB. Tda 
ho] -was deceived. Ts 
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. [SEVEN DAYS SPECIAL REPORT 


(Second of Two Parts) 


FBI corn Beg, Borrow and Steal 


This lias cén a bad month for the FBI. 
First, three top FBI officials—former Act- 
ing Director L. Patrick Gray, 3d, former 
Acting Associate Director W. Mark Felt, 
and the former chief of the Bureau's 
counterintelligence section, Edward S. 
Miller— were indicted by a Federal grand 
jury for conspiring to violate the civil 
rights of American citizens by ordering 

` agents to break into their homes without 
warrants. Ihe break-ins cited in ihe 
indictment occurred in late 1972 and early 
1973 in New York City and Union City, 
New Jersey, against friends and relatives 
of Weather Underground fugitives. 

Attorney General Griffin B. Bell also 
asked current FBI director William H. 
Webster to subject 68 FBI agents to 
administrative discipline for their role in 
the illegal entries. Such action could result 
in dismissal. 

On April 13, three days later, J. Wallace 
LaPrade, chief of the FBI's New York 
office and an unindicted co-conspirator in 
the government's case, was transferred to 
Washington to answer Justice Department 
charges stemming from the same in- 
vestigation. 

LaPrade, a 27-year veteran of the FBI, 
lashed out at Bell, charging that illegal 
searches and surveillances continued 
under the Ford and Carter Administra- 
tions and are continuing today. William 
Safire in The New York Times alluded to 
two specific cases LaPrade might have 
had in mind. These, in addition to the 
elaborate surveillance undertaken in the 
current ‘‘spy’’ case of Ronald Humphrey 
and Truong Dinh Hung suggest that 
current indictments are merely a cover for 
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continuing illegal surveillance. Some 
sources even go so far as to suggest that 
the Justice Department's decision to zero 
in on the FBI's Weather Underground 
investigations offers the FBI defendants 
an easy out, as they can claim their activi- 
ties fell into the national security loop- 
hole. Recent allegations that the Weather 
Underground was.in contact with the 
PLO indicate.that this may be the case. 

At the same time that these unprece- 
dented indictments were being handed 
down, charges were dropped against John 
J. Kearney, a lower-level FBI official who 
had been under indictment for illegal 
wiretapping and mail openings. Bell said 
he dropped charges against Kearney after 
William C. Sullivan, former FBI number 
three man, testified that in 1970 J. Edgar 
Hoover had ordered him to urge Kearney 
to employ illegal measures against the 
Weather Underground. 

If Kearney had gone to trial, it is 
believed Sullivan would have testified on 
his behalf. Sullivan also was reported to 
have been the key witness against Gray, 
Felt and Miller. He was a defendant in 
several multi-million dollar civil suits 
against the FBI and it was known that he 
intended to cooperate with the prosecu- 
tion. A number of people, therefore, had 
good reasons for wanting Sullivan out of 
the way. Last year, shortly after he testi- 
fied for nine hours before a grand jury 
investigating the FBI, he was shot in what 
was described as a hunting accident near 
his home in New Hampshire. ` 

Attorney William Kunstler recently 
charged that Sullivan was murdered and 
called for a full investigation, citing a 


number of suspicious circumstances sur- 
rounding his death. According to Kunst- 
ler, Sullivan was shot 15 minutes before 
sunrise at 243 feet with a sniper rifle 
equipped with a scope that magnified 
objects three to four times their normal 
size. The killer, Robert Daniels, is the 
son of a state trooper and, says Kunstler, 
an expert hunter. 

He allegedly mistook Sullivan, attired 
in a black and white mackinaw and white 
turtleneck sweater, for the white tail of a 
deer. According to officials who examined 
the body, however, Sullivan was wearing 
a black and red mackinaw. The only white 
item of clothing they found was a T-shirt 
entirely covered by outer garments. The 
autopsy report has the fatal bullet travel- 
ing in a downward path through Sullivan’s 
body until deflected upwards by vertebrae, 
while the killer said he shot upwards over 
the brow of a hill. 

The FBI did not investigate at the time 
of the Shooting. “It was a local matter,” 
says FBI press officer Tom Deakin. We 
didn’t see any reason to investigate then 
and we find no reason now.’’ 

Kunstler’s charges are potentially the 
most explosive of all and could have 
extremely serious consequences for the 
FBI, dwarfing the current flap over illegal 
entries, wiretaps and mail openings. 
Here is Part II of Dave Dellinger's inter- 
view with a former FBI agent who sheds 
some light on the kinds of activities that 
led to the grand jury indictments against 
the three top FBI officials. Peter Biskind 
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ABSTRACT 


This thesis explores the history of U.S. Army deception and doctrine, and combines the 
insights gained with the various works on deception, cognitive psychology, 
communications, and decision-making in order to distill a concise handbook for 
deception practitioners. A longitudinal review of U.S. Army doctrine reveals a wide 
variation in the treatment of deception, from emphasized to ignored. This variation can be 
primarily explained by the U.S. preference for the cumulative destruction style of war 
and the perceived balance of power between the U.S. and its adversaries. This thesis 
strives to fill the current doctrinal gap by distilling the existing body of work to create a 
theory of deception in the military context. The theory presented provides a cogent 
structure, taxonomy, and lexicon; as well as, emphasis on how deception functions within 
the frameworks of communications and decision-making. Next, a synthesis of the 
practice of deception is presented, with a focus on deception planning and the essential 
elements of deception practice. Examples of U.S. use of deception from the 
Revolutionary War to Operation DESERT STORM are presented to provide illumination 
on the utility and use of deception. Finally, the thesis provides recommendations on how 


to organize for deception operations. 
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I. INTRODUCTION 


For where the lion's skin will not reach, you must patch it out with the 
fox’s. 


— Lysander the Spartan! 


During the opening phases of the 2006 Israeli-Hezbollah War, Israeli Defense 
Forces (IDF) hammered the network of Hezbollah bunkers along the Lebanese border. 
Hezbollah had been building the bunker network for years, under the watchful eyes of 
IDF surveillance, Lebanese spies working for Israel, and the United Nations Interim 
Force in Lebanon (UNIFIL), patrolled the southern Lebanese border. What the IDF did 
not realize until far too late was the network of bunkers so diligently—and visibly— 
emplaced by Hezbollah were decoys; Hezbollah’s true bunkers were scattered across the 
countryside and covered by layers of security and camouflage. The bunker deception was 
but one of several cunning stratagems used by Hezbollah to blunt the IDF’s technological 
and information advantages, allowing Hezbollah to maintain combat effectiveness in the 


face of the Israeli assault. Deception had once more proven its worth.? 


A. BACKGROUND 


Stratagems are essential in war, as commanders seek to hide their real intentions, 
capabilities, and actions from the enemy, while cunningly showing false intentions 
capabilities and actions to lure the enemy into defeat. From the earliest battles of 
antiquity, commanders have used guile and misdirection for tactical, operational, and 
strategic effect. Hannibal at Cannae, the Greeks’ use of the Trojan Horse, and Gideon’s 
raid on the Midianites are but a few examples of successful deception in the ancient 


world. Operations OVERLORD and BARBAROSA during WWII, British pseudo-operations 


1 Plutarch, John Dryden and Arthur Hugh Clough, Plutarch's Lives, Modern Library paperback ed., 
Vol. 1 (New York: Modern Library, 2001), 588. 


2 David A. Acosta, "The Makara of Hizballah: Deception in the 2006 Summer War" (Master's thesis, 
Naval Postgraduate School), 43 — 45, accessed 15 January 2012, http://handle.dtic.mil/100.2/ADA469918. 
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during the Mau-Mau insurgency in Kenya, and Hezbollah's use of deception against 
Israel during the 2006 war demonstrate the continuing utility of deception in the modern 


era. 


Even within the more limited scope of U.S. Army history, deception has played 
an important role. General Washington utilized numerous stratagems to great effect 
during the Revolutionary war, including deceiving the British about the status of his 
forces at Valley Forge to deter attack, and later about his intentions to attack New York, 
setting the stage for the final showdown at Yorktown. During the Civil War, Confederate 
General Magruder used decoy cannons made of nothing more than painted tree trunks to 
hold Union forces in check for months after the First Battle of Manassas. General 
Pershing deceived the Germans about his intentions in order to gain surprise for the 
assault on the St. Michel salient during World War I? U.S. use of deception reached a 
plateau during World War II. After a slow start, the U.S. Army became adept at using 
deception and by 1947 Chief of Staff of the Army, General Eisenhower [in a 1947 memo 
to the Lauris Norstad, Director, Plans and Operations Division] stated: 

..Do major operations should be undertaken without planning and 
executing appropriate deception measures. As time goes on... there is a 
danger that these two means [psychological warfare and cover and 
deception] may in the future not be considered adequately in our planning. 
I consider it essential that the War Department should continue to take 
those steps that are necessary to keep alive the arts of... cover and 
deception and that there should continue in being a nucleus of personnel 
capable in handling these arts in case an emergency arises. I desire 
therefore that the Director of Plans and Operations maintain the potential 
effectiveness of these arts in order that their benefits may become 
immediately available, as and when desired, in furtherance of national 
security." 


During Vietnam, the Military Assistance Command Vietnam—Studies and 


Observation Group [MAcvsoc] made extensive use of deception in its operations against 


3 Richard Baker, "The Lost and found Art of Deception" (Paper presented at the Conference of Army 
Historians, Arlington, Virginia, 25 — 28 July 2011). 


^ Dwight D. Eisenhower, The Papers of Dwight David Eisenhower: The Chief of Staff, ed. Louis 
Galambos, Vol. VIII (Baltimore: Johns Hopkins Press, 1978), 1763. 
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North Vietnam. During Operation DESERT STORM, U.S. forces deceived Saddam's forces 
into believing the assault into Kuwait would come from the sea, and not from the now 


famous “left hook.” 


In spite of the demonstrated utility of deception in support U.S. military 
operations, the U.S. Army currently falls short on the requirement to provide practitioners 
of deception with a solid doctrinal foundation in the theory and practice of deception. 
Instead, the U.S. Army has for the most part of two decades done little more than pay lip 
service to the importance of deception, or in the case of camouflage and concealment, 
stripped the concepts of their deception lineage. The last dedicated deception manual was 
published in 1988, and is no longer available through official channels. Furthermore, the 
1957 and 1967 editions of the deception field manual have effectively disappeared.° 
Current U.S. Army doctrine, discounting uses of the word “deception” as a buzzword, is 
limited to a 30-page section in the information operations field manual that completely 
ignores essential tenets of deception like perceptual and cognitive biases. There is a need 


for a concise distillation of theory and practice for the military practitioners of deception. 


B. HYPOTHESES 


The degree of emphasis of deception in U.S. Army doctrine is primarily related to 


the perceived balance of power between the United States and potential adversaries. 


There are essential tenets of the theory and practice of deception that can be 


drawn from the existing bodies of work. 


C. SCOPE AND SIGNIFICANCE 


What the literature review shows is there is a definite lack of guidance on the 
theory and practice of deception within current U.S. Army doctrine, despite a continuing 
theme in the doctrine that deception is of utility to operations. On the civilian side, there 


is a diversity of ideas on the theory and practice of deception; however, these ideas are 


5 The author's quest to find these manuals has included contacting each service academy and war 
college, all the proponents for deception; as well as, the U.S. Army Military History Institute, and the 
National Archives. These requests were in addition to the tireless and patient work of the Dudley Knox 
Library Staff. The vanishing of FM 31-40 is indicative of the U.S. Army's habit of purging "obsolete" 
doctrine; a habit that perhaps merits its own thesis on the value of institutional knowledge. 
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dispersed over a large body of work. What is lacking in the civilian literature is an 
equivalent to the Grand Unification Theory in Physics, one work that distills the breadth 
and depth of the deception field into a usable synthesis. While not being so presumptuous 
as to present a Grand Unification Theory of deception, this thesis will bridge the gap in 
U.S. Army doctrine by creating a petite military deception focused synthesis of the body 
of deception work. This work is not intended to be proscriptive or all-inclusive; rather, 
the goal of the work is to provide commanders and practitioners a framework of concepts 
and ideas which can be altered to fit their organizational and operational needs. Central to 
this thesis is a reunification of cover with deception, as cover and active deception are 
mutually supporting concepts. The creation of an unclassified deception handbook will 
fill a doctrinal void and hopefully increase the perceived utility of deception within the 


force. 


D. METHODOLOGY 


The purpose of this thesis is to explore the breadth of U.S. Army military 
deception history and doctrine, and combine the insights gained with the various works 
on deception theory and practice, cognitive psychology, communications, and decision- 
making in order to distill the theory and practice of deception into a concise handbook for 
deception practitioners. Rather than attempting to cover the entirety of deceptive 
practices, the scope of this thesis is deception as employed in support of military 


objectives. 


In order to achieve this goal, the thesis first constructs a longitudinal review of 
U.S. Army doctrine focusing on the capstone operations manual series and deception 
related manuals in order to discern whether there is a pattern to U.S. Army doctrine's 
treatment of deception. The scope of this survey is from the 1905 Field Service 
Regualtions through the 2012 ADP 3-0. Next the thesis examines the reasons commonly 
given for why deception is marginalized within military affairs. This examination is 


conducted through the lenses of doctrine and practice. 


Then the thesis shifts to a distillation of the existing body work on deception to 


create a theory of deception in the military context. Within the theory of deception 
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chapter the focus will be on providing a cogent structure, taxonomy, and lexicon for 
deception with an emphasis on how deception works. The structure provided by Bell and 
Whaley's general theory of deception will be used as the initial framework. To the 
framework is added an understanding of the role of perceptional and cognitive biases in 
deception; a fleshed out lexicon of deception related terms; and a broad set of categories 
for deception techniques. This requires taking the mélange of existing works on 


deception and rendering the concepts down to a cohesive synthesis. 


After deception theory, the thesis presents a synthesis of the practice of deception. 
The practice of deception chapter first presents a planning process that builds upon the 
planning process presented in JP 3-13.4: Military Deception. Next, the chapter reviews 
the various maxims, principles, and considerations presented by deception theorists and 
practitioners to draw out the essential elements of deception practice. Additionally, the 
chapter examines the uses of deception in war illuminated with examples from history. 
The practice chapter ends with a discussion of deception failures in order to reinforce the 


necessity of proper planning and execution. 


A chapter surveying U.S. military use of deception from the Revolutionary War to 
Operation DESERT STORM follows the practice chapter in order to provide additional 
illumination in the context of historic U.S. operations. This chapter serves a secondary 
purpose of priming the mind of the reader by demonstrating the U.S. military has a long 
and storied history of using deception. Finally, a conclusions chapter provides 
recommendations on how to organize for deception operations, with ideas on manning, 


training, integration in the staff, and special resource requirements. 
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II. DECEPTION IN U.S. ARMY DOCTRINE 


Deception is common sense soldiering. 
— General Carl E. Vuono® 


According to FM 1, The Army, “Doctrine is the concise expression of how Army 
forces contribute to campaigns, major operations, battles, and engagements."? 
Furthermore, doctrine creates a shared culture for the force; standardizes operations; and 
provides a common frame of reference. Thus any attempt to understand the role of 
deception within the U.S. Army must begin with an examination of U.S. Army doctrine. 
The U.S. Army has two capstone manuals that serve as the doctrinal foundations of the 
force; currently, these manuals are: FM 1: the Army and APD 3-0: Unified Land 
Operations.? FM 1 serves as a broad overview of the U.S. Army’s “fundamental purpose, 
roles, responsibilities, and functions, as established by the Constitution, Congress, and the 
Department of Defense."10 APD 3-0 serves as the “overarching doctrinal guidance and 
direction for conducting operations."!! In addition to these capstone documents, it is 
necessary to examine other doctrine publications directly related to the various aspects of 
deception. Each of these manuals in its various incarnations over time plays a vital role in 


setting the conditions for the role, or lack of a role, of deception in U.S. Army operations. 


The adjectives best describing the U.S. Army's historical and present guidance on 
deception are haphazard and shallow. Within the operations field manuals are statements 
to “use deception" sprinkled about almost as an afterthought. Only rarely are any 


statements approaching the strength of General Eisenhower’s about the essential 


6 Quoted in Center for Army Lessons Learned, CALL Bulletin 3-88: Deception (Fort Leavenworth, 
KS: Combined Arms Training Activity, 1988), 3. 


7 Headquarters, Department of the Army, Field Manual 1: The Army, 2005 
(Washington, DC: Department of the Army, 2005), 1-20. 


8 Headquarters, Department of the Army, Field Manual 1: The Army, 2005, 1-20 to 1-21. 
9 Each of these manuals has undergone name and nomenclature changes over their history. 


10 Headquarters, Department of the Army, Field Manual 100-1: The Army (Washington, DC: 
Department of the Army, 1994), v. 


11 Headquarters, Department of the Army, Army Doctrine Publication 3-0: Unified Land Operations 
(Washington, DC: Department of the Army, 2011), ii. 
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importance of deceptions in every operation. Discussion of how deception works is either 
missing or disregarded. For example, in FM 3-13, the section on exploiting target biases 
states that the target's biases can be “the most powerful weapon in the MD [military 
deception] planner's arsenal;" however the very next sentence obliterates the importance 
of the target's biases with *However, such information is not essential to preparing a 


viable MD plan.”” 


TIMELINE OF DECEPTION RELATED DOCTRINE AND PROPONENCY 
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Figure 1. Timeline of Deception-Related Doctrine and Deception Proponents from 
1905-2011 


A. PRE-WORLD WAR II ERA 


Discussion of the concept of deception in U.S. military doctrine prior to the 
World War II era was minimal, and when present often negative. The 1905 edition of the 


War Department's Field Service Regulations admonishes there will be no quarter 


12 Headquarters, Department of the Army, Field Manual 3-13: Information Operations: Doctrine, 
Tactics, Techniques, and Procedures (Department of the Army, 2003), 4-9. 
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expected for troops utilizing the enemy's uniform for “treacherous advantage," and 
advised commanders forced to use pieces of the enemy's uniform in extremis to maintain 
sufficient difference from the enemy's ensemble so as to avoid the charge of willful 
deception.!? Where concealment is discussed, it is almost purely in association with force 
protection, with only one mention of concealing trench works in the defense to set the 
stage for an *ambuscade."!^ The 1910 edition eliminates much of the discussion on 
perfidy and wrongful deception, and increases the mentions of surprise and concealment. 
However, discussion of deceiving the enemy is limited to cryptic comments like: “If it is 
desirable to annoy or deceive the enemy, the supreme commander gives the necessary 
orders.”!5 In the 1914 edition of Field Service Regulations the main discussion of 
surprise is in the context of an imperative to not be surprised.!6 While the term deception 
is not used in the manual, deceiving the enemy is given as a primary purpose for holding 
attacks.!7 Amusingly, the other major reference on the topic of deception occurs in the 


guidance on war correspondents. 1? 


The 1923 edition breaks from the preceding editions, representing the hard 
learned lessons of World War I. The manual introduces the concept of 
counterinformation, that is, the measures designed to prevent the adversary from gaining 
information on friendly capabilities, dispositions, and plans. Counterinformation 
effectively constitutes the deception principle of hiding the real. Of particular note is the 
value placed on camouflage throughout the manual. In addition to efforts to deny 


information, counterinformation is supported by means designed to mislead or deceive 


13 War Department, Field Service Regulations, United States Army. 1905, with Amendments to 1908 
(Washington, DC: Government Printing Office, 1908), 200; This is possibly a reaction to the backlash 
against Colonel Funston's use of enemy uniforms during the Philippine Insurrection. 


14 War Department, Field Service Regulations.1905, 102. 


15 War Department, Field Service Regulations, United States Army. 1910 (Washington, DC: 
Government Printing Office, 1910), 76. 


16 War Department, Field Service Regulations, United States Army. 1914 (New York, NY: 
Government Printing Office, 1914), 80. 


17 War Department, Field Service Regulations. 1914, 84 — 85. 
18 War Department, Field Service Regulations. 1914, 168. 
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the enemy.!9 In a complete reversal from the 1914 manual, surprise is now presented as 
vital to all combat actions, with feints and demonstrations presented as ways of gaining 
surprise.20 Furthermore, surprise and deception are considered essential to the successful 
execution certain operations, e.g., river crossings.?! While still insignificant in the context 
of the entirety of the manual, the inclusion of deception concepts indicates some lessons 
learned during World War I, such as General Pershing's use of deception during the 


offensive against the Saint Mihiel salient, were taken to heart.?2 


B. WORLD WAR II ERA 


The intriguing anomaly in U.S. military doctrine prior to and during the World 
War II era is the presence of the concept of deception. Though cursory, the inclusion of 
both the covering and deceiving aspects of deception within U.S. doctrine runs counter to 
the prevailing conventional wisdom that the U.S. military was a deception neophyte until 
the capability was nurtured under the tutelage of its British counterparts. Building on the 
1923 Field Service Regulations, the 1939 operations manual, now FM 100-5: Tentative 
Field Service Regulations: Operations, establishes deception's role in support of surprise, 
stating: “The effect of surprise is dependent on... the effectiveness of the means 
employed to deceive the enemy of our own dispositions and intentions.”23 The cover 
aspect of deception remains incorporated in the section on counterinformation, or 
*...measures taken to prevent the enemy from gaining information relative to our 
dispositions, movements, and plans.”24 Additionally, active deception becomes more 
strongly tied to counterinformation, with the manual stating: “Counterinformation is 
supplemented by positive measures designed to deceive or mislead the enemy as to our 


dispositions and intentions;" however, while counterinformation is provided a page and a 


19 War Department, Field Service Regulations, United States Army. 1923 (Washington, DC: 
Government Printing Office, 1924). 


20 War Department, Field Service Regulations. 1923, 77. 
21 War Department, Field Service Regulations. 1923, 118. 
22 See Chapter VI for further discussion of the Saint Mihiel deception operation. 


23 War Department, Field Manual 100-5: Tentative Field Service Regulations of Operations, 1939 
(Washington, DC: Government Printing Office, 1939), 28 — 29. 


24 War Department, Field Manual 100-5: Tentative Field Service Regulations, 41. 
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half, the “postive measures" are not described in any detail.2° Interestingly, within the 
types of operations, deception—again without detail—is only mentioned in the section on 
guerrilla warfare, as if this is the only appropriate time. Here, the manual states: 
The attack [emphasis in original] on the enemy is made by surprise 
obtained by deception and ambush.... By feint and demonstration... by 


spreading false information, the attacker attempts to mislead the 
enemy....26 


In the 1941 edition, now FM 100-5: Field Service Regulations, the term 
counterinformation is replaced by counterintelligence. The set of tasks bundled under the 
aegis of counterintelligence includes: counterespionage, cover, measures designed to 
deceive the enemy, counterpropaganda, and censorship.2” Thus active deception 
completes the integration into counterintelligence started in preceding editions. The 
counterintelligence section includes three paragraphs on active deception, and includes a 
prompt designed to spur the egos of commanders: “A commander who is ingenious and 
resourceful in the use of tactical stratagems [sic] and ruses often will find methods of 
deceiving or misleading the enemy and of concealing his own intentions.”28 Of note is 
the inclusion of several examples of deception techniques: e.g., feints, demonstrations, 
fake concentrations, and dummies. However, the section also includes a combined 
warning and constraint that since deception creates the danger of misleading one’s own 
forces: “Such measures may be adopted only by the theater commander or by his 
authority.”29 Throughout the manual, deception is integrated into discussions on the 
various types of operations; such as, the use of simulated activities by screening forces to 
facilitate a retrograde maneuver, and the use of feints during mountain operations.?0 


Despite the incorporation of deception across the manual, there are two notable 


25 War Department, Field Manual 100-5: Tentative Field Service Regulations, 42. 
26 War Department, Field Manual 100-5: Tentative Field Service Regulations, 1939, 228 — 229. 


27 War Department, Field Manual 100-5: Field Service Regulations of Operations, 1941 (Washington, 
DC: Government Printing Office, 1941), 57. 


28 War Department, Field Manual 100-5: Field Service Regulations, 1941, 58. 
29 War Department, Field Manual 100-5: Field Service Regulations, 1941, 58. 


30 For deception in support of the retrograde, see War Department, Field Manual 100-5: Field Service 
Regulations, 1941, 169. For deception in support of mountain operations, see page 220. 
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inconsistencies. First in a curious change from the 1939 manual, the section on partisan 
warfare, which replaces the 1939 section on guerrilla warfare, is devoid of deception. 
Second, in opposition to the overall tenor of deception as a useful tool, the manual seems 
to undercut the utility of deception in the offense stating: 
The degree of surprise attained is dependent in a large measure on the 
coordination and timing of the measures taken to deceive the enemy. 
Ruses, demonstrations, feints, and other measures for deception executed 
at the wrong time and place will be obvious to an alert enemy and will 


warn him of the impending attack. Superior mobility and speed of 
execution may be determining factors in achieving surprise.?! 


In addition to the operations manual, during this period there were several other 
manuals directed related to deception. FM 30-25: Basic Field Manual of Military 
Intelligence Counterintelligence expands the guidance of FM 100-5 with sections on each 
of the aspects of counterintelligence. Though the section on tactical measures—feints, 
demonstrations, and ruses—is unfortunately a verbatim repeat of the section in FM 100- 
5, the counterintelligence manual is a de facto deception manual as it provides in depth 
detail on the cover aspects of concealment and denial through the manual's emphasis on 
depriving the enemy access to friendly information. In keeping with the constraint 
imposed by FM 100-5, while the manual encourages commanders to embrace most 
aspects of deception, false information—e.g., the deliberate loss of notional orders—is 
restricted to the discretion of the theater commander out of the risk that friendly plans 


will act on the assumption the enemy has been deceived. 


FM 21-45: Basic Field Manual of Protective Measures, Individuals and Small 
Units, published in 1942, provides further guidance on concealment at the Soldier and 
unit levels; as well as, reinforcement of the vital necessity to protect military information. 
Notably, FM 21-45 sets more stringent guidance for protecting information than current 
doctrine; for example, the manual states: 

Prior to going into combat, all distinguishing marks and insignia on 

vehicles, equipment, or persons will be removed or obliterated under an 


officer's supervision. You must be careful to remove divisional, 
regimental, or company insignia from your clothes and equipment. Search 


31 War Department, Field Manual 100-5: Field Service Regulations, 1941, 109. 
12 


Page 724 of 3957 


Page 725 of 3957 


your pockets for letters, memoranda, orders, souvenirs, or keepsakes 
which might disclose your organization.32 


Additionally, while cover at this time is coupled with deception, the War 
Department and later the U.S. Army have published a separate manual for camouflage 
since at least 1940. Despite being treated separately from cover and deception, 
camouflage was intrinsically linked to both concepts until the late 1960s. The 1940 
edition of FM 5-20: Engineer Field Manual, Camouflage lists three methods of 
camouflage: hiding, blending and deceiving.?? The 1944 edition expands upon the theme 
of camouflage and deception, devoting an entire chapter to the subject of deceiving 
camouflage.?^ Furthermore, the 1944 edition states: 

Camouflage uses concealment and deception to promote our offensive 

action, to surprise, to mislead the enemy, and to prevent him from 

inflicting damage upon us. Concealment includes hiding from view, 


making hard to see clearly, arranging obstructions to vision, deceiving and 
disguising, and deception involving sound.?5 


C. POST WORLD WAR II THROUGH VIETNAM 


While the 1944 edition of FM 100-5 is essentially the same as the 1941 edition, 
the 1949 edition of FM 100-5 differs in two critical ways with regards to deception. First, 
this edition of the operations manual introduces a distinct set of principles of war, with 
surprise being one.26 Second, though counterintelligence continues to include means to 
deceive the enemy, the separate paragraphs on deception present in the two previous 
editions are absent.?7 The separation of deception from counterintelligence possibly 


reflects the shift of deception proponency from the Joint Security Control to the Army 


32 War Department, Field Manual 21-45: Basic Field Manual of Protective Measures, Individuals and 
Small Units (Washington, DC: Government Printing Office, 1942), 137. 


33 War Department, Field Manual 5-20: Engineer Field Manual of Camouflage, 1940 (Washington, 
DC: War Department, 1940), 3. 


34 War Department, Field Manual 5-20: Camouflage Basic Principles, 1944 (Washington, DC: War 
Department, 1944). 


35 War Department, Field Manual 5-20, 1944, 4. 


36 Headquarters, Department of the Army, Field Manual 100-5: Field Service Regulations— 
Operations, 1949 (Washington, DC: Department of the Army, 1949), 21 — 23. 


37 Headquarters, Department of the Army, Field Manual 100-5, 1949, 43 — 46. 
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G3, Plans and Operations Division. The lack of detail on the execution of deception is 
perhaps best explained by a training memorandum from the Office of the Chief of Army 
Field Forces to the commanders of the Armor, Infantry, and Artillery Centers. This 
declassified memorandum reveals the intent of the Army to keep the lessons learned from 
World War II well under wraps: “The security classification of this whole subject 


[strategic cover and deception] is and probably will remain TOP SECRET. ..."38 


In 1950, Brigadier General McClure campaigned for the establishment of a 
psychological warfare division within the Department of Army Special Staff. This 
division was to have purview over psychological operations, cover and deception, and 
unconventional warfare; however, when the Office of the Chief of Psychological Warfare 
was established in 1951, cover and deception were not included in the scope of the 
office's operations.?? In 1954, proponency for deception was assigned to the Ground 
General School, specifically to the Aggressor Center at Fort Riley, Kansas.4° This 
decision was the General Staff’s halfhearted response to a request from the Commander, 
Army Field Forces for a purpose built unit trained in deception along the lines of the 23rd 
Headquarters Special Troops in World War II.4 The decision to place deception under 
the Aggressor Center given the Aggressor Center's role as a professional opposing force 
seems to demonstrate how quickly the Army drifted from General Eisenhower's 


admonishment. 


The 1954 edition of FM 100-5 represents another fundamental revision of the 
manual; as well as, both the apex of discussion of deception activities within the capstone 


document and the beginnings of deception's dismemberment. This iteration of FM 100-5 


38 Office of the Chief of Army Field Forces, Strategic and Tactical Cover and Deception Training 
(Fort Monroe, VA: Department of the Army, 1948). 


39 Alfred Paddock Jr, US Army Special Warfare. Its Origins: Psychological and Unconventional 
Warfare, 1941 — 1952 (Washington, DC: National Defense University, 1982), accessed 12 February 2012, 
http://handle.dtic.mil/100.2/^4DA 118758, 89. 


40 Concepts and Force Design Group, Tactical Cover and Deception: Final Report (Alexandria, VA: 
U.S. Army Combat Developments Command, 1972), accessed 8 August 2011, 
https://www.dtic.mil/DO AC/document?document- ADB966185&collection-ac- 
tr&contentT ype=PDF&citationFormat=1f , 1-3. 


41 U.S. Department of the Army. General Staff, G-3, “Combat Deception,” (1954), Photocopy from 
U.S. Army Military History Institute, Carlisle, PA. 
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separates active deception from counterintelligence into a distinct three page section on 
“combat deception" that includes subsections on the importance of military deception; 
the fundamentals of military deception; security considerations; planning; and means. 
The manual advises: "It is imperative that commanders constantly realize the importance 
of combat deception and that they train their troops and staff in the techniques and 
planning for combat deception.”42 Though the split of deception from counterintelligence 
elevates the status of deception within the manual, the split has the negative effect of 
separating deception from the security aspects of cover. Furthermore, while deception is 
still considered a tool of surprise, a new principle of war, economy of force, admonishes 
that deception—along with limited attacks, retrogrades, and the defense—is only to be 
used in non-critical areas in support of the concentration of forces at the decisive point.4? 
This admonishment runs counter to deception's economy of force role, and could only 


serve to dissuade the use of deception. 


In 1955, the Ground General School was discontinued and deception proponency 
was transferred along with the aggressor cadre to the Command and General Staff 
College.^^ In 1957, the U.S. Army published a field manual dedicated to deception, FM 
31-40: Tactical Cover and Deception; however, this manual was classified ‘confidential,’ 
effectively placing it, and therefore detailed deception guidance, out of reach of much of 
the force. As a consequence of the manual's publication, the 1962 iteration of FM 100-5 
truncates the section on military deception to two paragraphs on the utility of deception 
that close with a reference to FM 31-40. At the same time, the cover aspects of 
counterintelligence and camouflage remain intact. Despite the removal of deception 
guidance to FM 31-40, this FM 100-5 continues the trend of deception being an 


important part of operations: “Tactical cover and deception plans are an integral part of 


42 Headquarters, Department of the Army, Field Manual 100-5: Field Service Regulations— 
Operations, 1954 (Washington, DC: Department of the Army, 1954), 37 — 39. 


43 Headquarters, Department of the Army, Field Manual 100-5: 1954, 47. 


^4 Headquarters, Department of the Army, General Orders no. 20 (Alexandria, VA: Department of the 
Army, 1955), www.armypubs.army.mil/epubs/pdf/go5520.pdf.. The aggressor cadre was a permanent 
opposing force designed to provide realism to Army training exercises. The aggressor cadre was equipped 
with numerous deception aids, including sonic platoons—elements outfitted with loudspeaker equipped 
vehicles and weapon simulation devices for conducting audio deceptions. See FM 30-101 (1959) for more 
information on the aggressor cadre. 
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all operations planning.”*° Furthermore, this edition of the operations manual includes 
tactical deception units as a type of combat support element—possibly a reference to the 
sonic deception units assigned to the aggressor cadre.^9 The 1968 version of FM 100-5, 
Operations of Army Forces in the Field repeats the short section on deception and a 
reference to FM 31-40. However, missing from this edition of FM 100-5 is any reference 
to dedicated deception units as combat support elements; instead, tactical cover and 
deception is listed as a task of engineering units." At some point in the early 1960s 
proponency for deception was transferred from Command and General Staff College to 


the U.S. Army Combat Developments Command.4? 


FM 31-40 was updated with changes in 1960 and 1963, and a still classified 
update to FM 31-40 was published in 1967. 49 In 1969, the U.S. Army published Training 
Circular 30-1: Tactical Cover and Deception (TC 30-1), an unclassified document 
providing guidance on the training of cover and deception from the company to division 
level, with the stated intent of encouraging commanders to include cover and deception in 
their planning process.°° In 1973 an update was drafted but not published. Currently none 
of the editions of FM 31-40 are available for examination, though an idea of their 
contents can be drawn from TC 30-1. The circular provides a basic overview of the 
history of deception; definitions of key terms and concepts; general guidelines, 


responsibilities, and considerations for planning of deception operations; and example 


45 Headquarters, Department of the Army, Field Manual 100-5: Field Service Regulations— 
Operations, 1962 (Washington, DC: Department of the Army, 1962), 50. 


46 Headquarters, Department of the Army, Field Manual 30-101: Aggressor, the Maneuver Enemy, 
1959 (Washington, DC: Department of the Army, 1959), 55 — 57. 


47 Headquarters, Department of the Army, Field Manual 100-5: 1962, 39. 


48 This shift occurred prior to the still classified 1965 U.S. Army Combat Development Command 
report titled “Army Requirements for Tactical Deception.” 


49 The official changes are noted on the entry for the 1967 edition of FM 31-40 on the Combined 
Arms Research Library website. 
http://comarms.ipac.dynixasp.com/ipac20/ipac.jsp?menu=search&aspect=subtab316&npp=25&ipp=20&sp 
p=20&profile=carlcgsc&ri=2&source=~! comarms&index=BIB&term=334188&x=0&y=0&aspect=subtab 
316 


50 Headquarters, Department of the Army, Training Circular No. 30-1: Tactical Cover and Deception 
(Washington, DC: Department of the Army, 1969), 3. 
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applications of deception. Of particular note is the planning consideration of target 


reaction, which demands a thorough understanding of the target: 


Success of cover and deception is dependent on the ability of the deceiver 
to predict the probable enemy reaction. The staff charged with the 
deception planning must be able to think as the enemy does and not react 
as a friendly commander transplanted into the enemy situation. This is 
possible only as a result of a thorough understanding of the enemy, his 
culture, and military system. The enemy intelligence system must be 
evaluated because this system is the vehicle that carries the deception 
story to the enemy commander. Determination must be made regarding 
the enemy's characteristics, his habits that make him vulnerable to 
deception, and those aspects that present the least likely deception target. 
The probable enemy reaction depends on the commander. An uncertain 
commander may react to deception while a steadfast veteran commander 
may ignore all but exceptionally convincing efforts. Some commanders 
may be overanxious, others overcautious; if possible, we should know the 
characteristics of the enemy commander, to include the degree of freedom 
allowed subordinates, his reaction time to new situations, and how this 
fear of the unknown influences his actions. A single known characteristic 
of a commander is more important than the entire statistical record of his 
military career.5! 


The one major drawback of TC 30-1 is that since FM 31-40 was classified, the 
information in TC 30-1 with regards to means, techniques and examples of application is 


unfortunately shallow. 


Looking at the camouflage aspect of deception, the 1959 edition of FM 5-20 
represented the pinnacle of the linkage between camouflage and cover and deception. In 
the manual's discussion of the nuclear battlefield, the manual explicitly states the role of 
camouflage in both denying information and deceiving: 

The best means of reducing the chance of a unit becoming the target of 

nuclear attack is to deny the enemy information as to the unit location and 


strength, or to fool the enemy by deception. Habitual use of proper 
camouflage will greatly assist in denying this information to the enemy.°2 


51 Headquarters, Department of the Army, Training Circular No. 30-1, 15. 


52 Headquarters, Department of the Army, Field Manual 5-20: Camouflage Basic Principles and Field 
Camouflage, 1959 (Washington, DC: Department of the Army, 1959), 3. 
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Additionally, FM 5-20 emphatically bound camouflage to deception via the very 
definition of camouflage: *Camouflage is a French word meaning disguise and is used to 
describe actions taken to mislead the enemy by misrepresenting the true identity of an 
installation, an activity, or an item of equipment."5? Finally, the manual reinforced 
camouflage's linkage to cover and deception to the point of subordinating camouflage to 
deception: *Camouflage, as an element of military deception, permits us to approach 


unseen and to remain hidden within striking distance of the enemy."54 


Between the 1959 edition of FM 5-20 and its successor in 1968, the relationship 
between camouflage and deception was severed. In the 1968 edition of FM 5-20, the third 
method of camouflage was changed from “deceiving” to *disguising."5» Though 
deception was still discussed in the manual, to include a chapter on decoys, the concept 
of camouflage as an element of deception was thoroughly expunged. The divorce of 
camouflage from deception was reciprocated on the deception side of doctrine. The 1969 
TC 30-1 listed FM 5-20 as a reference; however, the 1978 FM 90-2: Tactical Deception 
did not. 


D. POST VIETNAM ERA THROUGH DESERT STORM 


The 1976 edition of FM 100-5 is an anomaly within the operations series as the 
manual is fixated squarely on the operations of a numerically smaller force against 
numerically superior Soviet forces in Western Europe. Though the distinct section on 
deception present in previous editions is absent, deception remains thoroughly integrated 
in the manual. For example, the following guidance is given for the offense: *If a smaller 
force is to concentrate superior combat power at the point of decision... commanders 
must employ surprise and deception as well as the full mobility of the force."56 


Furthermore, one of the basic tasks of the covering force in the defense is to deceive the 


53 Headquarters, Department of the Army, Field Manual 5-20: 1959, 3. 
54 Headquarters, Department of the Army, Field Manual 5-20: 1959, 4. 


55 Headquarters, Department of the Army, Field Manual 5-20: Camouflage, 1968 (Washington, DC: 
Department of the Army, 1968), 20. 


56 Headquarters, Department of the Army, Field Manual 100-5: Operations, 1976 (Washington, DC: 
Department of the Army, 1976), 3-6 to 3-7. 
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enemy, and deny information on friendly force dispositions.57 In the section on desert 
warfare, the manual states, “using deception is a primary means of obtaining success."?? 
However, despite the relatively complete integration of deception into operations, details 
on how to execute deception activities are again absent. Oddly, no mention is made of a 
deception manual within the body of the manual, though FM 90-2 is listed in the 


references.°9 


The 1982 and 1986 editions of FM 100-5 introduce the concept of Airland Battle, 
a fundamental revision of how the U.S. Army conducts operations. The Airland Battle 
approach places the principle of maneuver in primacy and embraces Liddell Hart’s 
indirect approach.®° As a result, deception is integrated into the 1982 and 1986 editions 
of FM 100-5 to an unprecedented—and unrepeated—degree. Deception is included in the 
list of major functional areas alongside maneuver, intelligence, and fires.9! In addition, 
deception is listed as a reason for offensive action, and discussed in depth in the sections 
on defense and retrograde operations.9? Furthermore, echoing General Eisenhower's 
admonishment, the 1986 edition of FM 100-5 states: “An integral part of any plan of 
campaign or major operation is the deception plan.... Deception is a vital part of tactical 
operations as well."63 The dedicated section on deception, though smaller than the one in 
the 1954 edition, is still robust and includes examples of deception integration; as well as, 
some planning guidance.*4 The section on electronic warfare includes mention of 


manipulative electronic deception [MED] and imitative communications deception [ICD] 


57 Headquarters, Department of the Army, Field Manual 100-5: 1976, 5-10. 
58 Headquarters, Department of the Army, Field Manual 100-5: 1976, 14-10 


59 The reference to FM 90-2 is bizarre given FM 90-2 was not published until two years after this 
edition of FM 100-5. FM 31-40 (1967) was the current deception manual at the time of publication. 


60 Headquarters, Department of the Army, Field Manual 100-5: Operations, 1982 (Washington, DC: 
Department of the Army, 1982), 9-1. 


61 Headquarters, Department of the Army, Field Manual 100-5: Operations, 1986 
(Washington, DC: Department of the Army, 1986), 40. 


62 For offensive operations see: Headquarters, Department of the Army, Field Manual 100-5: 1986, 
94; for defensive operations see: Headquarters, Department of the Army, Field Manual 100-5: 1982, 11 — 
12; for retrograde operations see: Headquarters, Department of the Army, Field Manual 100-5: 1986, 158. 


63 Headquarters, Department of the Army, Field Manual 100-5: 1986, 53. 
64 Headquarters, Department of the Army, Field Manual 100-5: 1986, 53. 
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as electronic warfare activities that support the overall deception plan.® In a striking 
departure from previous operations manuals, the 1982 edition removes deception from 
the discussion of surprise as a principle of war, instead moving deception to the principle 


of security.66 


In 1978, the U.S. Army retrieved the dedicated military deception manual from 
classified purgatory and published the unclassified FM 90-2: Tactical Deception. As the 
title implies, the focus of FM 90-2 is with only the tactical fight: “...tactical deception 
here refers to short-term actions of corps or lower units within the battle area."67 Though 
this *How to Fight" manual is rather simplistic, its release marked the beginning of a 
military deception renaissance within the U.S. Army. Of note however, the 1978 field 
manual severs the connection between deception and the term cover, though it maintains 
camouflage and concealment as aspects of visual deception. Despite these limitations, 
FM 90-2 provides a workable foundation of deception practice, principles, and planning 


considerations. 


In 1986 proponency for deception was transferred to the U.S. Army Intelligence 
Center and School at Fort Huachuca. Shortly afterwards, FM 90-2 was updated as FM 
90-2: Battlefield Deception. The 1988 iteration of FM 90-2 is an intellectually weighty 
tome, delving into the cognitive underpinnings of deception as well as providing detailed 
guidance on the planning and execution of deception at both the tactical and operational 
levels of war. This manual was designed to address what the U.S. Army considered to be 


a shortfall in deception integration: 


Today, commanders use little deception in planning, directing, and 
conducting combat operations. As a result, many deception-related skills 
that have served our Army well in the past have been forgotten, and where 
remembered, have not been made part of our war-fighting capabilities 
Armywide.®8 


65 Headquarters, Department of the Army, Field Manual 100-5: 1982, 7-19. 
66 Headquarters, Department of the Army, Field Manual 100-5: 1982, B-4. 


67 Headquarters, Department of the Army, Field Manual 90-2: Battlefield Deception (HTF) 
(Washington, DC: Department of the Army, 1978), 1-1. 


68 Headquarters, Department of the Army, Field Manual 90-2: Battlefield Deception (Washington, 
DC: Department of the Army, 1988), 1-0. 
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Without having access to the editions of FM 31-40 for comparison, the 1988 
edition of FM 90-2 represents the strongest presentation of deception theory and practice 
within U.S. Army doctrine. Shortly after the publication of this edition, deception 


proponency was shifted once more, to the U.S. Combined Arms Center, where it remains. 


E. POST COLD WAR ERA 


Despite the successful use of deception in Operation DESERT STORM, the 1993 
edition of FM 100-5 almost appears to be a repudiation of the prior editions with regards 
to deception, and marks the beginning of deception's descent into a doctrinal abyss. 
Among the principles of war, deception is absent from security, and relegated to a mere 
factor of surprise; furthermore, economy of force demands force allocations for tasks 
such as deception be measures so as to not detract from the ability to mass at the decisive 
point. Deception is not listed as a combat function; rather, deception is relegated to a 
single mention as one of the tasks contributing to mobility and survivability.”° Finally, 
the robust section on deception in the 1986 edition is replaced by a two paragraph 
recitation of the definition of deception and guidance to see FM 90-2 for further 
information. Though the term deception continues to appear throughout the manual, the 
overall marginalization of the concept of deception from the previous manuals is striking. 
A possible explanation for the marginalization of deception lies in the shift of the 
strategic equation with the fall of the Soviet Union. The collapse of the Soviet Union left 
the United States without a peer competitor, and thus without the need for indirect 
approaches to compensate for numerical inferiority and vulnerable lines of 


communication.71 


The marginalization of deception continued outside the operations manual. In 


1997, the U.S. Army's Combined Arms Center rescinded FM 90-2 without replacement. 


69 Headquarters, Department of the Army, Field Manual 100-5: Operations, 1993 
(Washington, DC: Department of the Army, 1993), 2-5. 


70 Headquarters, Department of the Army, Field Manual 100-5, 1993, 2-14. 


71 See Chapter III for further discussion of the relationship between deception integration and 
perceived balance of power. 
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The stated reason was that the manual “no longer represents valid Army doctrine."7? In 
1998, an unofficial military deception planner's guide was published with a SECRET 
classification, again putting the tenets of deception outside the reach of a majority of the 
force. Additionally, since this was an unofficial document, it is given no reference in 
subsequent editions of FM 100-5. With the rescinding of FM 90-2, deception was 
subsumed by the emerging concept of information operations and incorporated into the 
1996 FM 100-6: Information Operations as little more than a buzzword. Absent from FM 
100-6 is any guidance on the planning and execution of deception operations; as well as, 
any mention of the cognitive and theoretical foundations discussed in FM 90-2. FM 3-13: 
Information Operations replaced FM 100-6 in 2003. Though FM 3-13 provides more 
discussion on the integration, planning, and execution of deception than FM 100-6, the 
level is still far below FM 90-2. Furthermore, FM 3-13 has fallen out of favor itself and is 


no longer in synch with ADP 3-0, limiting the manual's appeal. 


In the 2001 iteration of the operations manual, now FM 3-0, Operations, 
deception continues its path into doctrinal oblivion. In keeping with the model of FM 
100-6, deception is relegated to being an element of information operations, and an 
aspect of information superiority. While deception returns to the discussion of the 
principle of security, deception is absent from the principle of surprise.7? The separate 
section on deception is limited to a single paragraph which restates the definition of 
military deception; gone is the guidance to refer to a deception field manual because the 
1988 version of FM 90-2 was phased out without replacement. As with the 1993 FM 100- 


5, the term deception is present, but the concept is not. 


The 2008 edition of FM 3-0 sees deception, now categorized as an information 
task, again limited to a single paragraph with a reference to FM 3-13: Information 


Operations and the joint forces publication on military deception, JP 3-13.4: Military 


72 Memorandum signed by Colonel Clinton J. Ancker III, Director, Corps and Division Doctrine, 
dated 30 September 1996 as cited in Bradley K. Nelson, “Battlefield Deception: Abandoned Imperative of 
the 21st Century" (Monograph, U.S. Army Command and General Staff College, 1997), 28, accessed 2 
January 2012, http://handle.dtic.mil/100.2/ADA 339425. 


73 Headquarters, Department of the Army, Field Manual 3-0: Operations, 2001 (Washington, DC: 
Department of the Army, 2001), 4-14. 
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Deception. For the first time since 1914, the concepts of feints and demonstrations—in 
fact, the very words—do not appear within the operations manual. The early 2011 change 
to FM 3-0 gives deception three paragraphs as an element of inform and influence 
activities, though there is a note stating: “military deception will migrate to another 
functional area in future editions of FM 3-0."" Interestingly, this edition does not 
reference the still current FM 3-13 for deception guidance, rather it points to JP 3-13.4, 
the joint force publication. ADP 3-0: Unified Land Operations superseded FM 3-0 as part 
of the Army’s “Doctrine 2015" program. APD 3-0, weighing in at a concise 32 pages, 
does not mention deception at all, and relegates all inform and influence operations to 


three uses of the term without elaboration or mention of external references. 


The 1990 edition of FM 5-20, renamed FM 20-3: Camouflage, further reduces the 
relationship of camouflage to deception by removing the chapter on decoys and stating 
that camouflage and deception are part of a set of interrelated tactical measures 
supporting survivability.” In 1998, FM 20-3: Camouflage, Concealment and Decoys 
introduces the term Camouflage, Concealment, and Decoys [CCD]. It is important to note 
the level of the disjunction between deception and cover at this point. While at the Army 
level the acronym CCD means the aforementioned Camouflage, Cover, and Decoys; at 
the joint level CCD means Camouflage, Concealment, and Deception [the Army refers to 
the joint version of CCD as JCCD]. Further, whereas the 1990 edition includes deception 
in the interrelated tasks supporting survivability, the 1998 edition removes deception. 
While essentially ignoring the connection between deception and camouflage, FM 20-3 
does ironically state in a standalone paragraph in its introduction: 

Deception helps mask the real intent of primary combat operations and 

aids in achieving surprise. Deception countermeasures can delay effective 


enemy reaction by disguising information about friendly intentions, 
capabilities, objectives, and locations of vulnerable units and facilities.76 


74 Headquarters, Department of the Army, Field Manual 3-0: Operations, Change 1 (Washington, 
DC: Department of the Army, 2011), 6-19. 


75 Headquarters, Department of the Army, Field Manual 20-3: Camouflage, 1993 
(Washington, DC: Department of the Army, 1990), 1-1. 


76 Headquarters, Department of the Army, Field Manual 20-3: Camouflage, Concealment, and 
Decoys, 1999 (Washington, DC: Department of the Army, 1999), 6. 
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The 2010 iteration of the Army’s camouflage doctrine, ATTP 3-34.39: 
Camouflage, Concealment, and Decoys represents a complete reversal of earliest editions 
of camouflage field manuals, calling deception a component of CCD. However, the 


publication offers no discussion or guidance on deception.77 


F. CONCLUSIONS OF DOCTRINE REVIEW 


A review of the U.S. Army capstone document for operations from 1905 to 
present shows the emergence and growth of deception as an operational concept. 
However, the level of emphasis is cyclic, with peaks occurring during and immediately 
after World War II, and during the late 1970s through 1980s. Conversely deception 
integration is at its weakest prior to World War I, and since the end of the Cold War. 
Furthermore, the only time all the aspects of deception were unified under one concept 
was during the World War II era when the aspects were bundled under the aegis of 
counterintelligence. Since that time, deception was slowly and methodically 
dismembered and marginalized to the point that camouflage is no longer considered a 
form of deception and the term “cover” has completely lost its connection to deception 


within U.S. Army doctrine.78 


77 Headquarters, Department of the Army, Army Tactics, Techniques, and Procedures 3-34.39: 
Camouflage, Concealment, and Decoys/Marine Corps Reference Publication 3-17.6A (Washington, DC: 
Department of the Army, 2010), iv. 


78 Headquarters, Department of the Army, Field Manual 1-02: Operational Terms and Graphics 
(Washington, DC: Department of the Army, 2004), 1-49; (Army) 1. Protection from the effects of fires. 
(FM 6-0) 2. A form of security operation whose primary task is to protect the main body by fighting to gain 
time while also observing and reporting information and preventing enemy ground observation of and 
direct fire against the main body. Unlike a screening or guard force, the covering force is a self-contained 
force capable of operating independently of the main body. 
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III. EXPLANATIONS FOR VARIATION OF DECEPTION 
EMPHASIS 


As can be seen from the longitudinal survey of deception within U.S. Army 
doctrine, deception is consistently mentioned; however, the degree of emphasis and level 
of guidance varies significantly over time. The variance in deception emphasis has driven 
deception authors to propose numerous explanations as to why the U.S. Army does not 
treat deception with a greater level of emphasis given deception's demonstrated utility. 
The reason given the most weight is the idea that America's desired style of warfare, 
firmly grounded in cumulative destruction and influenced heavily by Clausewitz, leaves 
little consideration for indirect methods like deception.7? The second reason, espoused by 
Herbert Goldhamer, is the rise of a professional officer class separated officers from the 
political practice of deception.9? A third reason cited is the over-classification of 
deception post-WWII has had the unintended consequence of removing deception from 
consideration by the force. Fourth, various authors have pointed to the perception within 
Western culture that deception is immoral as reducing the desire to embrace deception's 
worth. While none of these explanations completely explain the diminished role of 
deception in U.S. Army doctrine the American style of war best explains the 


fluctuations. 


A. THE AMERICAN WAY OF WAR 


The most frequent explanation of why the U.S. Army has not consistently placed 
the degree of emphasis on deception commensurate of deception's utility is that the style 
of war preferred by the United States does not emphasize indirect approaches, including 
deception. In order to assess this explanation it is necessary to first analyze the styles of 


war to see if there is a variation of deception emphasis between the styles, then examine 


79 Russell Weigley, The American Way of War: A History of United States Military Strategy and 
Policy, Indiana University Press paperback ed. (Bloomington IN: Indiana University Press, 1977), 584. 


80 Herbert Goldhamer, Reality and Belief in Military Affairs: A First Draft (June 1977) (Santa Monica, 
CA: The Rand Corporation, 1979), accessed 25 August 2011, 
http://www.rand.org/content/dam/rand/pubs/reports/2005/R2448.pdf. 
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whether the United States has a preference for one style of war, and finally, what reasons 


might drive any United States preference for a particular style.8! 


1. Styles of War 


Essential to understanding the role, or lack of a role, of deception in the U.S. 
Army is an understanding the two warfighting styles employed by the U.S. Army. On one 
end of the spectrum is cumulative destruction, which includes what Hans Delbrück and 
Russell Weigley refer to as the strategy of annihilation, and what Basil Liddell Hart and 
Edward Luttwak call attrition. On the other end of the spectrum is systemic disruption, 
which includes Delbrück and Weigley’s strategy of attrition; as well as, the indirect 
approach by Liddell Hart, and relational maneuver by Luttwak.9? Cumulative destruction 
seeks to destroy the enemy's capacity for war by decisive defeat of the enemy's military 
forces, and exemplified by the battles of Cannae, Austerlitz, and the trenches of World 
War I, especially the German strategy at the Battle of Verdun. Because successful 
application of the cumulative destruction approach is rooted in the ability of a force to 
effectively inflict greater net damage on the enemy force, the approach is dependent on 
an overall force superiority. Even if an inferior force can achieve a series of tactical 
victories, the additive effect of the losses results in strategic defeat.9? For example, 
General Lee's tactical victories over General Grant in the 1864 campaign came with 
unsustainable manpower losses for the Confederate force, resulting in the final strategic 


defeat and surrender at Appomattox. 


Systemic disruption seeks to achieve victory through attacks against the enemy's 


weaknesses, (e.g., popular will, production capacity, communications, and command and 


81 Author's note: the discussion of styles of war within this thesis is solely in the context of emphasis 
on deception; any evaluation of the superiority of one style of war over the other is beyond the scope of this 
work. 


82 The terms cumulative destruction and systemic disruption are used because the various authors have 
used the term attrition with diametrically opposed meanings. Delbrück and Weigley equate attrition with 
the strategy of exhaustion; see Delbrück's The History of the Art of War. On the other hand, Luttwak, 
Erfurth, and Boyd use attrition with the meaning Vernichtungsfeldzug [annihilation through a series of 
battles]; see Luttwak’s “Notes on Low-Intensity Warfare.” In a similar vein, there is a risk of unintentional 
conflation of relational-maneuver with the maneuver principle of war. 


83 Edward Luttwak and Steven Canby, MINDSET: National Styles in Warfare and the Operational 
Level of Planning, Conduct and Analysis (Pontiac, MA: C&L Associates, 1980). 
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control) which leave the enemy paralyzed and unable to react effectively. The exemplars 


for systemic disruption are the German blitzkrieg, most forms of guerrilla warfare, and 


the AirLand Battle concept. Because the systemic disruption approach places strength 


against weakness, the potential effect is not dependent on overall force superiority. An 


inferior force has the potential for strategic victory over a superior force; therefore 


inferior forces must lean towards a systemic disruption approach in order to have a 


chance at prevailing.84 Guerrilla campaigns and insurgencies by necessity spend most of 


their time tilted heavily toward systemic disruption, as a toe-to-toe fight with government 


forces from a position of inferiority invites defeat. For example, during the Tet Offensive, 


the Viet Cong attempted to shift to a cumulative destruction posture resulting in the 


destruction of the Viet Cong as an effective fighting force. 


Cumulative Destruction 


Systemic Disruption 


Target 


Strength against Strength 


Strength against Weakness 


Endstate 


Incapacitation through attrition of 
resources (e.g., manpower, equipment, 
supplies); Materialschlacht (battle of 
material) 


Incapacitation through strategic 
paralysis 


Focus of Efforts 


Tactical level, with objectives in terms 
of terrain 


Operational level, with 
objectives in terms of shattering 
the enemy 


Outcome 


Predictable, based on “overall 


superiority of net attrition capacity”85 


Unpredictable, based on ability 
to perceive and affect enemy 
weaknesses 


Orientation 


Interior focus on processes to achieve 
maximum efficiency of tasks 


External focus to identify enemy 
weaknesses and limitations 


Force Design 


Systems and formations designed for 
all-around capabilities — infrequent, 
revolutionary changes to capabilities 


Systems and formations 
designed for specific enemy 
forces — frequent, evolutionary 
changes to capabilities 


Table 1. Characteristics of Cumulative Destruction and Systemic Disruption 


841 wttwak and Canby, MINDSET: National Styles in Warfare, 6. 
85 Luttwak and Canby, MINDSET: National Styles in Warfare, 3. 


86 Luttwak and Canby, MINDSET: National Styles in Warfare, 1 — 29; William Lind, “The Case for 
Maneuver Doctrine,” in The Defense Reform Debate, eds. Asa Clark, Peter Chiarelli, Jeffrey McKitrick, 
and James Reed (Baltimore: The John Hopkins University Press, 1984), 88 — 100. 
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Cumulative destruction and systemic disruption as described above actually 
represent a false dichotomy for the sake of analysis. In practical application, pure 
expressions of either approach do not exist. Rather, all warfighting can be envisioned as 
existing on a spectrum between cumulative destruction and systemic disruption, 
exhibiting aspects of each style.97 The degree to which a commander's style tips towards 
cumulative destruction or systemic disruption influences the degree to which deception is 
practiced. Luttwak suggests that forces leaning towards the cumulative destruction style 
tend to be more focused on internal processes and organization than on the enemy since 
victory is achieved by the most effective and efficient application of superior firepower. 
Because of this inward perspective, there is less effort given to understanding the enemy 
to the degree needed for effective deception. Conversely, systemic disruption oriented 
forces are more focused on the external since victory is achieved through the 
identification and exploitation of enemy weaknesses.88 Deception is considered to be one 
of the three interrelated principles of systemic disruption, along with avoidance of the 
enemy's main strength and dominance of momentum.9? As a result of the centrality of 
deception to systemic disruption, the deception plan is elevated *...to full equality with 
the battle plan; certainly deception planning cannot remain a mere afterthought."90 Thus, 
as a force leans towards cumulative destruction, the emphasis of deception decreases, and 
conversely, as the force leans towards systemic disruption, the emphasis of deception 


increases. 


Clausewitz's On War and Jomini's The Art of War are considered the pillars of 
the cumulative destruction mode of warfighting. Sun Tzu's The Art of War and Basil 
Liddell Hart's Strategy are representative of the systemic disruption model. Colonel John 
Boyd's “Patterns of Conflict" provides a thorough comparison between the two styles, 
though Boyd's preference for systemic disruption colors the discussion. Additionally, 

87 Luttwak and Canby, MINDSET: National Styles in Warfare, 10; Huba Wass de Czege, “Army 


Doctrinal Refore,” in The Defense Reform Debate, eds. Asa Clark, Peter Chiarelli, Jeffrey McKitrick, and 
James Reed (Baltimore: The John Hopkins University Press, 1984), 103. 


88 Edward Luttwak, "Notes on Low-Intensity Warfare," Parameters 8, no. 4 (1983), accessed 14 July 
2011, http://www.carlisle.army.mil/usawc/Parameters/Articles/1983/1983%20luttwak.pdf, 13. 


89 Luttwak and Canby, MINDSET: National Styles in Warfare, 20 — 21. 
90 Luttwak and Canby, MINDSET: National Styles in Warfare, 17. 
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Michael Handel's Masters of War offers side-by-side comparison and analysis of 


Clausewitz, Jomini, and Sun Tzu; as well as, Machiavelli and Mao Tse-tung. 


2. American Preference for Cumulative Destruction 


As Lysander suggested, when the skin of the lion—force—will not suffice, then 
the skin of the fox—guile—must be used to cover the gap. The inherent implication to 
this advice is when the skin of the lion is sufficient, the fox is not needed. Several authors 
mention the evolution of Napoleon's warfighting as the exemplar for this relationship. As 
Napoleon's armies grew in power and capability, Napoleon transitioned from a reliance 
on cunning and misdirection to a reliance on force.9! Weigley, in his classic, The 
American Way of War, states as his premise that America fought a war of systemic 
disruption during the Revolutionary War because the nascent nation was too weak to 
fight a war of cumulative destruction; however, after the Revolution as the nation grew 
and strengthened, the strategy of cumulative destruction became the preferred America 
strategy.?? Even during the Revolutionary War there was resistance to the systemic 
disruption approach employed by General Washington, as exemplified by John Adams in 
a letter to Abigal Adams: *I am sick of Fabian systems in all quarters. The officers drink, 
A [sic] long and moderate war. My toast is, A [sic] short and violent war."93 John 
Adams' desires are frequently reflected in U.S. Army doctrine. For example, FM 100-5 
(1939) states: 

The ultimate objective [emphasis in original] of all military operations is 

the destruction of the enemy's armed forces in battle.... Concentration of 

superior forces [emphasis in original], both on the ground and in the air, at 


the decisive place and time, creates the conditions most essential to 
decisive victory and constitutes the best evidence of superior leadership.94 


91 J, Bowyer Bell, “Toward a Theory of Deception,” International Journal of Intelligence and 
Counterintelligence,” 16, no. 2 (2003), 251; 


92 Weigley, The American Way of War, xxii. 


93 John Adams, Abigail Adams and Charles Adams, Familiar Letters of John Adams, and His Wife 
Abigail Adams during the Revolution. with a Memoir of Mrs. Adams (New York: Hurd and Houghton, 
1876), 305. 


94 War Department, Tentative Field Service Regulations of Operations, 1939, 27. 
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Additionally, FM 100-5 (1993) states the American people's desire for short, decisive 
War: 
The American people expect decisive victory and abhor unnecessary 
casualties. They prefer quick resolution of conflicts and reserve the right 
to reconsider their support should any of these conditions not be met.95 
These attitudes are the essence of cumulative destruction, and help demonstrate the U.S. 


Army's preference for that style of war. 


Since the United States tends towards the cumulative destruction side of the 
spectrum, U.S. Army doctrine tends to embrace Clausewitz's positions on the execution 
of war. As a result, Clausewitz's disdain may have an impact on deception's place in 
doctrine. Clausewitz writing about craft and cunning stated: “The fact remains that those 
qualities do not figure prominently in the history of war. Rarely do they stand out amid 


»96 


the welter of events and circumstances.""" As for the act of deception, Clausewitz argues: 


To prepare a sham action with sufficient thoroughness to impress an 
enemy requires a considerable expenditure of time and effort, and the 
costs increase with scale of the deception. Normally, they call for more 
than can be spared, and consequently so-called strategic feints rarely have 
the desired effect." 


Goldhamer suggests this blatant disregard for the historic record as the “bias of a 
professional soldier for whom the conflict of force with force and the destruction of the 
enemy on the battlefield were the principle instruments in the art of war." Handel 
suggests that Clausewitz and Jomini's diminishing of deception and trickery in war was a 
result of the period in which they fought.” Handel further points out that Clausewitz’s 
method of war relied on a concentration of forces at the decisive point, and that deceptive 


feints and demonstrations reduced a commander's ability to mass his forces." 


95 Headquarters, Department of the Army, Field Manual 100-5, 1993, 1-3. 


96 Carl von Clausewitz, On War, trans. Michael Howard and Peter Paret, 3rd ed. (New York: Alfred 
A. Knopf, Inc., 1993), 238. 


97 Clausewitz, On War, 239 
98 Goldhamer, Reality and Belief in Military Affairs, 100. 


99 Michael I. Handel, Masters of War : Classical Strategic Thought, 3rd rev. and expanded ed. 
(London; Portland, OR: Frank Cass, 2001), 216. 
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Regardless of the reasoning at the time behind Clausewitz's diminishment of the utility of 


deception, his work continues to influence the development of U.S. military doctrine. 


3. Balance of Power 


If one accepts that the U.S. Army tends to favor a cumulative destruction style, 
why has U.S. Army doctrine on occasion increased its emphasis on deception? The 
answer may lay in the comments of Weigley and others: perceived and actual balances of 
power influence the proportions of cumulative destruction and systemic disruption within 
a force's particular warfighting style. If there is a significant imbalance between 
opponents, the stronger force can rely on its strength to overcome the opposition. J. 
Bowyer Bell states: 

Power and capacity, as in real life, can make deception unnecessary. 

Napoleon, as the power of his armies increased, relied more on force and 

less on cunning and misdirection. In an invasion of a small country, the 

larger aggressor need only dispatch overwhelming power: how could 

Grenada repulse the forces of the United States.... American military 

strategy has often been based on deploying maximum power and 

technological capability without recourse to duplicity—"more" is more 

and force needs no enhancing... "101 
Because a superior force does not need to rely as heavily on aspects of systemic 
disruption like deception, while conversely an inferior force must shift weight towards a 
systemic disruption approach, there is a trend whereby the level of emphasize on 


deception within U.S. Army doctrine waxes and wanes as the perceived and actual 


balance of power shifts (Figure 2). 


100 Handel, Masters of War, 225. 


101 Bell, “Toward a Theory of Deception,” 251; A similar opinion is stated in Secret Soldiers: “An 
army possessing overwhelming numbers of troops or material would not have to resort to wiles." Philip 
Gerard, Secret Soldiers (New York: Penguin Group, 2002), 5. 
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Figure 2. Comparison of Balance of Power and Doctrinal Emphasis of Deception 


During World War I, the German military was seen initially as a superior 
competitor, thus during World War I deception—especially the covering aspects of 
camouflage and operations security—increased in importance. This increase is reflected 
by the inclusion of sections on counterinformation and surprise in the 1923 Field Service 
Regulations. Similarly, during World War II the Axis was seen as an existential threat, 
and deception reached a crescendo. Post-World War II, the United States operated from a 
position of parity during the Cold War, and over time deception receded from the 


operations manuals.10? 


The 1970s represented a tectonic shift in the perceived balance of power. First, 
the failures of Vietnam, the Mayaguez incident, and the failed attempt to rescue the 


hostages in Iran caused a crisis of faith within the U.S. Army leading to the development 


102 The emergence of the Special Forces and the rest of the special operations community can be 
viewed as the U.S. attempt to keep the conventional forces focused on cumulative destruction while still 
leveraging the value of systemic disruption. 
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of the Airland Battle doctrine.10? Second, the 1976 National Intelligence Estimate on 
Soviet military capability included a second assessment which painted the Soviet military 
as superior to the United States military in both nuclear and conventional forces: 

Within the ten year period of the National Estimate the Soviets may well 

expect to achieve a degree of military superiority which would permit a 

dramatically more aggressive pursuit of their hegemonial [sic] objectives, 

[italics in original] including direct military challenges to Western vital 

interests, in the belief that such superior military force can pressure the 

West to acquiesce or, if not; can be used to win a military contest at any 

level.104 
Additionally, the National Intelligence Estimate addendum reassessed Soviet intentions, 
painting a picture that the Soviet Union was a far greater and imminent threat than 
previously recognized. This radical re-estimation of Soviet capabilities and intentions 
shifted the perceived balance of power, placing the U.S. in an inferior position. As a 
result, U.S. Army doctrine at the time increased emphasis on systemic disruption and 
deception. The 1976 edition of FM 100-5 fixates almost totally on operations in Western 
Europe against a superior force. This manual also marks the reemergence of deception 
emphasis to a degree not seen for decades. Furthermore, the era marks a renaissance of 
deception throughout the U.S. Army culminating with the central use of deception during 
Operation DESERT STORM. The 1982 and 1986 editions of FM 100-5 see the U.S. Army 


doctrine at the apex of systemic disruption. 


With the collapse of the Soviet Union in 1991, the United States was left without 
a peer competitor. As a result, the balance of power shifted decisively in the favor of the 
United States, alleviating the perceived need to emphasize systemic disruption. In the 
absence of an overpowering threat, U.S. military doctrine returned to the comforts of the 
cumulative destruction style of war, and deception emphasis ebbed to the point that the 


current capstone operations manual, APD 3-0, does not mention deception at all. 


103 william Lind, *Defense Reform: A Reappraisal," in The Defense Reform Debate, eds. Asa Clark, 
Peter Chiarelli, Jeffrey McKitrick, and James Reed (Baltimore: The John Hopkins University Press, 1984), 
328. 


104 Team "B", Soviet Strategic Objectives: An Alternative View (Washington, DC: Director of Central 
Intelligence, 1976), accessed 16 April 2012, 
http://www.foia.cia.gov/docs/DOC_0000278531/DOC_0000278531.pdf, 47. 
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B. PROFESSIONAL OFFICER CLASS 


Goldhamer suggests an interesting alternate hypothesis: the rise of the 
professional officer class led to the marginalization of deception in war. The professional 
officer class became specialists in the art of the direct approach as described by 
Clausewitz, and developed a professional pride in using physical force to overcome an 


adversary. The sense of worth as a professional officer was based in the ability to defeat 


105 


the enemy in a stand up fight. " Gerald in Secret Soldiers provides anecdotal evidence 


supporting Goldhamer's assertion stating: 


Not all soldiers are fond of practicing deception. Some American combat 
commanders in World War II instinctively resisted using deception, 
preferring to charge straight ahead like the old-style cavalrymen they 
were.... Others... simply preferred conventional battle as a route to honor 
and glory.106 


Additionally, the political agnosticism of the professional officer class also 
impacted deception, as it separated military action from foreign political involvements— 
foreign political involvements are seen by Goldhamer as more conducive to manipulation 


107 


and deception. ' The divorce of the senior officer class from diplomacy meant a 


degradation of peacetime concerns about national strategy; as well as: 
...those manipulative and deceptive measures that might strengthen in 
peacetime the nation’s position vis-a-vis a potential enemy by misleading 
him and weakening his present and future powers of resistance. Such 
measures require close coordination of military and political leadership, a 
cooperation less likely to occur given the professional soldier’s distance 
from the foreign office and for the most part, the political leader’s and 
parliamentarian’s divorce from strategic and grand strategic concerns.” °° 
Goldhamer’s argument is undermined somewhat by the championing of cover and 
deception by General Eisenhower during and after World War II; however, the idea of 


the U.S. Army as a profession of arms is a recurrent theme that may serve to reinforce 


direct approaches. 


105 Goldhamer, Reality and Belief in Military Affairs, 103. 
106 Gerald, Secret Soldiers, 7 

107 Goldhamer, Reality and Belief in Military Affairs, 103. 
108 Goldhamer, Reality and Belief in Military Affairs, 104. 
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C. OVER-CLASSIFICATION 


A third potential explanation for the dearth of deception in U.S. Army doctrine is 
the over-classification of deception. While security is essential for the execution of 
deception operations, classification of the very concept can be immensely detrimental to 
the inculcation of the utility of deception to the force. If future leaders are not exposed to 
deception during their formative years as junior officers, how can they be expected to 
appreciate deception's utility later? The negative impact of classification can be seen in a 
1948 memorandum from the Office of the Chief of Army Field Forces to the 
commanders of the Armored, Artillery, and Infantry Centers on the subject of training 
cover and deception. The cursory introduction to strategic cover and deception was 
restricted to confidential level with no questions authorized and contained the comment: 
“The security classification of this whole subject [strategic cover and deception] is and 
probably will remain ToP SECRET [emphasis in original]..." leaving one to wonder the 
utility of the training.1°9 Tactical cover and deception was subjected to similar 
classification. Classification of the first two editions of FM 31-40: Tactical Cover and 
Deception effectively removed deception from the playing field. The 1954 edition of FM 
100-5 contained several pages on the planning and execution of tactical cover and 


deception; however, this was cut to a couple of paragraphs in the 1962 edition. 


In addition to the classification of doctrine, the classification of the actual 
deception operations negatively impacted the institutional memory of the force. The 
mission of 23rd Headquarters Special Troops, a purpose built deception unit in World 


War II, was not declassified until 1996.!? 


With the information on operations 
compartmentalized behind walls of classification, the memory of deception resting in the 
minds of the practitioners could not be effectively passed on to future generations of 
leaders. Thus as the personnel with firsthand knowledge of deception operations retired 


from the force, the institutional knowledge retired with them.!!! The double impact of the 


109 Office of the Chief of Army Field Forces, Strategic and Tactical Cover and Deception Training, 9. 


110 National Army Security Agency Association, “The 23rd Headquarters Special Troops (World War 
ID)" accessed 1 January 2012, http://www.nasaa-home.org/23rdhqs.htm. 


111 Bell, *Toward a Theory of Deception," 251. 
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classification of both deception doctrine and historic examples of deception placed an 


extremely high barrier against access of deception resources by junior leaders, inhibiting 


the development of new institutional memories on the use of deception. The lack of 
exposure at the junior levels translating into a feeling at higher levels of command that 


deception is unnecessary—after all, it was not needed at the lower levels. 


D. MORALITY 


A fourth potential explanation touched on by Jon Latimer, John Bell, and Barton 
Whaley is that deception is immoral. Honesty has long been considered a virtue within 
American life as expressed by maxims such as “Honesty is the best policy,” and the 
apocryphal tale of George Washington and the cherry tree. The idea of the American 
military as moral paragons is also frequently present in official and unofficial military 
guidance and writings. For example, General Dempsey [in his paper “America’s 


Military- a Profession of Arms" ] recently stated: 


The Profession of Arms demands its members live by the values described 
in the *City on the Hill" metaphor. We must provide an example to the 
world that cannot be diminished by hardships and challenges. This 
example is based upon the words and intent of the US Constitution that 
each of us takes a personal oath to support and defend. Our oath demands 
each of us display moral courage and always do what is right, regardless 
of the cost. We are all volunteers in our willingness to serve and to place 
others' needs above our own. As shared values, our calling cards are Duty, 
Honor, Courage, Integrity, and Selfless Service. Commitment to the rule 
of law is integral to our values which provide the moral and ethical fabric 
of our profession.1!2 


Deception in particular has been viewed as dishonorable, an idea exemplified by 
the some of the responses over Colonel Funston's use of deception to achieve victory 
over the insurgents during the Philippine Insurrection; rather than lauded, Funston was 


113 


vilified for winning by deceit. " On the floor of the Senate, Senator Patterson of 


112 Martin Dempsey, “America’s Military—a Profession of Arm" (Washington, DC: Joint Chiefs of 
Staff, 2012), accessed 24 February 2012, http://www.jcs.mil/content/files/2012- 
02/022312120752 Americas Military POA.pdf, 3. 


113 J, Bowyer Bell and Barton Whaley, Cheating and Deception (New Brunswick, NJ Transaction 
Publishers, 1991), 45. 
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Colorado accused Funston of violating the rules of civilized warfare.!!14^ Colonel Funston 
was also the subject of a sermon decrying the use of underhand methods which lower the 
standard of honor. However, while it may be that deception is viewed as immoral, 
little in U.S. Army doctrine conveys this view. The 1905 edition of Field Service 
Regulations stands almost alone in its level of condemnation of illegal acts of 
deception.116 Furthermore, a survey of the use of deception by the U.S. Army across the 
span of its history shows that even if deception is viewed by the organization as immoral 
the view is not a serious impediment to the execution of deception. Rather, the attitude of 
Ulisse Guadagnini seems to hold more sway: “Moral considerations have validity only in 


civilian life and should not interfere with preparations for war."117 


E. CONCLUSION 


The primary explanation for the undervaluing of deception in U.S. Army doctrine 
is the emphasis on the cumulative destruction style of war; however, the other 
explanations play their part in further reducing the level of emphasis. Taken together, the 
composite effect of the explanations leads to the creation of an organizational bias against 
deception. Daniel and Herbig state that organizational bias presents itself in two ways. 
First, there is a “bureaucratic imperative that organizations trained for particular tasks 
will seek to perform them." Second, due to availability bias, people will think and act in 
ways familiar to them.!18 Allison and Zelikow in Essence of Decision present a model for 
organizational behavior that suggests the behavior is linked more to standard operating 


procedures and established doctrine than to deliberate choices. Formalized doctrine 


114 "Gen. Funston's Action," The Washington Post (1877 — 1922) March 28, 1902, ProQuest 
(144350948). 


115 "Funston Subject of Sermon," New York Times (1857 — 1922) April 15, 1901, ProQuest 
(96118056). 


116 while acts of perfidy are frequently cited in doctrine as illegal, the 1905 Field Service Regulations 
described illegal acts of deception using terms like treacherous, fiendishness, and infamy. War Department, 
Field Service Regulations, 1905, 214. 


117 Quoted in Waldemar Erfurth, Surprise, trans. Stefan T. Possony and Daniel Vilfroy (Harrisburg, 
PA: Military Service Publishing Company, 1943), 51. 


118 Donald C. Daniel and Katherine L. Herbig, "Propositions on Military Deception," in Strategic 
Military Deception, eds. Donald C. Daniel and Katherine L. Herbig (New York: Pergamon Press, 1982), 
14. 
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serves to constrain behavior.!!9 Thus the degree of emphasis on deception in doctrine 


translates to the degree of deception operations in practice. 


Another area where the organizational bias has impacted deception is the lack of a 
stable proponency. Since 1923, deception has shifted proponency numerous times, and 
has never been in the position of being the primary focus of whatever command held 
purview. Additionally, some aspects of deception have been separated under difference 
proponents, such as camouflage under the U.S. Army Engineer School. The lack of a 
stable proponency with deception as its central focus further undermines the integration 
of deception into U.S. Army doctrine three important ways. First, the frequent changes of 
deception proponency impede continuity of knowledge. Second, since deception is never 
the primary focus for a proponent, deception is always at risk of marginalization in favor 
of the primary focus. Third, some efforts implemented are abandoned when the 
proponency changes. For example, while deception was under the U.S. Army Intelligence 
Center and School, the tables of organization for corps and divisions were modified to 
add deception cells. After deception proponency shifted to the U.S. Army Combined 
Arms Center, the deception cells were dropped in order to support the emerging 


requirement for unmanned aerial vehicles.120 


119 Graham Allison and Philip Zelikow, Essence of Decision: Explaining the Cuban Missile Crisis, 
2nd ed. (New York: Addison Wesley Longman, Inc, 1999), 143 — 145. 


120 Nelson, “Battlefield Deception,” 29 — 30. 
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IV. THEORY OF DECEPTION 


Every means is permitted which deceives the enemy and induces him to 
take wrong steps. The lion's bravery and the fox's cleverness must 
combine to wrest victory from the enemy. 


— General Waldemar Erfurth121 
A. WHAT IS DECEPTION 


Despite deception's long and storied place in the history of war, J. Bowyer Bell 
and Barton Whaley assert in, Cheating and Deception, that their theory was the first 


»122 


attempt to create a “general theory of cheating." ^" Bell and Whaley’s theory of deception 
is elegant in its simplicity. The theory categorizes all deceptions into two interdependent 
sets: showing the false and hiding the real. These categories are further subdivided into 
six categories. Hiding the real is divided into the categories of masking, repackaging, and 
dazzling, while showing the fake is divided into the categories of mimicking, inventing, 
and decoying. Each category has myriad characteristics that can be drawn from for the 
deception plan. The categories of deception and the chosen characteristics are used in 
ruses to create one of five effects: unnoticed, benign, desirable, unappealing, and 
dangerous. The purpose of the ruse is to create a perception in the target that causes the 
target to generate an illusion the target interprets as reality, causing the target to act in the 
desired manner to achieve the deception goal and thus the strategic goal."? While Bell 
and Whaley's theory provides a neat and tidy structure for the taxonomy of deception, 
one weakness of the theory is that it does not delve in the cognitive psychology allowing 


deception to occur. 


Michael Dewar offers a different theory of deception in The Art of Deception in 
Warfare. Dewar's theory is a less structured discussion than Bell and Whaley's theory; 
nevertheless, the theory provides important insights into the inner workings of deception. 


Dewar provides an overview of deception means, principles, and techniques. Of 


121 Erfurth, Surprise, 198. 
122 Bell and Whaley, Cheating and Deception, 45. 
123 Bell and Whaley, Cheating and Deception, 45 — 74. 
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particular note are his comments on the prevalence of preconceived ideas on the 


battlefield, and the role of doctrinal and technical innovation in achieving surprise. "^ 


1. Deception Defined 


According to Random House Webster’s, deception is “something that deceives or 
is intended to deceive; fraud; artifice.”125 While this is a sufficient definition for casual 
uses, this definition is not sufficient for deception in the context of military operations. 
Daniel and Herbig in their work “Propositions on Military Deception” define deception 
as: “the deliberate misrepresentation of reality done to gain a competitive advantage.” 126 
One problem with Daniel and Herbig's conceptualization of deception is their fixation on 
deception as being based in falsehood or lies. This concept of deception ignores the ideas 
of deception by omission and deception by selective truth. Furthermore, the definition 
makes no mention of the target of the deception. In the definition's defense, the concept 
of gaining a competitive advantage is important. Deception in military operations is not 


undertaken for deception's sake; deception is undertaken to achieve some goal. 


The definition of deception used in U.S. Army doctrine since at least 1969 is a 
better starting point for a working definition of deception: *Activity designed to mislead 
an enemy by manipulation, distortion, or falsification of evidence to induce him to react 
in a manner prejudicial to his interest." 127 While the current U.S. Army definition is a 
good starting point, this definition too is not quite sufficient. The first deficiency with the 
current doctrinal definition is that *induce" is an imprecise term for what deception does: 
manipulating the enemy's decision-making process. Second, the best deceptions rely on a 


foundation of truth to reinforce and support the falsehoods, an idea the definition seems 


124 Michael Dewar, The Art of Military Deception in Warfare, 1st ed. (Newton Abbot, UK: David & 
Charles, 1989), 9 — 20. 


125 Random House Webster's Unabridged Dictionary, 2nd ed., revised and updated ed. (New York: 
Random House Reference, 2001), 516. 


126 Daniel and Herbig, Propositions on Military Deception, 3. 


127 Headquarters, Department of the Army, Training Circular no. 30-1: Tactical Cover and 
Deception, 5; An almost identical definition is given in the 1957 Special National Security Estimate: Soviet 
Capabilities for Deception by the Central Intelligence Agency: Director of Central Intelligence, Soviet 
Capabilities for Deception (Washington, DC: Central Intelligence Agency, 1957), accessed 30 January 
2012. http://gateway.proquest.com/openurl?url_ver=Z39.88- 
2004&res dat-xri:dnsa&rft dat-xri:dnsa:article: CSE00201 
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to ignore with the modifiers used to describe the evidence. Finally, the term enemy is 
unnecessarily constraining, as deception can be applied against any target. A strength of 
the doctrinal definition is its acknowledgement of the role of intent in human deception. 
While biological deceptions exhibited in the plant and animal kingdoms can be 


unintentional, human deception requires intent. 128 


Taking in account the shortcomings of the existing definitions of deception, a 
modified definition of deception can be crafted: 

Deception is the deliberate misleading of a target into taking actions 

prejudicial to the target's interests by manipulating the target's decision- 


making processes through the communication of true, manipulated, 
distorted, and/or falsified information. 


This revised definition of deception requires some elaboration. Deliberate 
misleading does not obligate the practitioner to a formal planning process; while formal 
planning is preferable, rapid ad-hoc planning by a nimble practitioner can in extremis 
achieve the objective in time constrained or fluid situations, though with increased risk of 
failure. Successful deception is more than creating a perception; successful deception is 
about the target taking action. Furthermore, the goal of a deception can be the target 
taking no action at all, e.g., the failure of a regime's security apparatus to breach a special 
reconnaissance element's cover or the German armored divisions remaining in place at 
Pas de Calais during the opening phases of Operation OVERLORD. The interaction 
between the practitioner and the target occurs in the framework of communication. 
Finally, the perceptions used by the target in its decision-making process rely heavily on 


the indicators created by the practitioner. 


2. Deception: Truth and Lies 


Many definitions of deception conflate deception with lies; however, this 
conflation is incorrect as deceptions and lies are not synonymous. In order to discuss the 


difference between a lie and deception it is first necessary to establish an adequate 


128 For a discussion on biological deceptions see: Scott Gerwehr and Russell W. Glenn, Unweaving 
the Web: Deception and Adaptation in Future Urban Operations (Santa Monica, CA: Rand, 2002), 78. For 
a discussion on the requirement for intent in human deception see: Roderick M. Chisholm and Thomas D. 
Feehan, "The Intent to Deceive," The Journal of Philosophy 74, no. 3 (March, 1977), 143 — 159. 
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definition of each. One definition defines a lie as occurring when a person asserts to a 
second person a proposition that the first person knows to either be false or not true with 
the intent of causing the second person to have a justified belief in the proposition.129 
Since a deception can contain truth—an actual training exercise used as part of a 
deception is still a true event—it is immediately apparent that deception and lies are not 
equal; however, this still leaves the proposition that lies are a subset of deception.!29 For 
example, Daniel and Herbig's model of deception has lies and the act of lying subsumed 
by deception (Figure 3). The definition of deception used here requires injury to the 
target or advantage for the practitioner; this leaves lies undertaken without the intent of 
injury or advantage [white lies] to exist outside the sphere of deception. Thus, while the 
sets of lies and deception overlap, neither subsumes the other (Figure 4). While lies are 
used in deception, not all deceptions are lies. Judicious use of the truth can be far more 


supportive of deception than outright falsehood. 


DECEPTION 


- 
T 


Figure 3. Daniel and Herbig's “Deception’s Subsidiary Concepts." (From: 13!) 


129 Chisholm and Feehan, The Intent to Deceive, 152; This work presents an in-depth parsing of what 
it means to lie and what it means to intend to deceive. 


130 Chisholm and Feehan provide another illuminating example attributed to Immanuel Kant: *For 
there are types of intended deception that cannot properly be said to be cases of lying. Kant's example will 
do: ‘I may, for instance, wish people to think that I am off on a journey, and so I pack my luggage; people 
draw the conclusion I want them to draw . . .' But although I thus succeed in deceiving them, Kant insists, 
‘I have not lied to them, for I have not stated that I am expressing my opinion.’ Chisholm and Feehan, The 
Intent to Deceive, 149. 


131 Daniel and Herbig, Propositions on Military Deception, 4. 
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DECEPTION 


ACTIVE DECEPTION 
as 


Figure 4.  Interrelationship of Truth, Deception, and Lies 


B. TAXONOMY OF DECEPTION 
1. Taxonomy of Method 


Taxonomies are systems of categorizing items in a set into subordinate sets based 
on a defined system of characteristics. The most recognizable example for taxonomies is 
the system of classifying living things into kingdoms, phyla, classes, orders, families, 
genera, and species. Within the field of deception, there are several suggested taxonomies 
for deception, four of which are: method, sophistication, effect, and commission- 
omission. Taxonomy by method focuses the mode of the deception, such as a display. 
Taxonomy by sophistication categorizes deceptions by the degree to which the deception 
adapts or does not adapt to changing circumstances. Taxonomy by effect focuses on what 
the deception does, e.g., dazzling. Finally, taxonomy by commission-omission breaks 
down deceptions based on whether the deception causes the target to acquire a false 
belief or contributes to the target continuing a false belief. For this purposes of this work, 
taxonomy by method is used as it closely matches existing U.S. Army doctrinal concepts 
of deception (Figure 5). Brief descriptions of the alternate taxonomies are provided at the 


end of this section. 
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Simulation 
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Counterintelligence 


hysical Destruction 


Figure 5. Taxonomy of Deception 


2. Deception 


Deception is the set of actions designed to deliberate mislead a target into actions 
or inactions prejudicial to the target's interests by manipulating the target's decision- 
making processes through the communication of true, manipulated, distorted, or falsified 
information. Deception is subdivided into two broad categories: active deception and 
cover. Active deception consists of those actions designed to convey deceptive indicators 
to the target. Cover, as used here, is the set of actions designed to prevent the target 


access to the indicators necessary for constructing a correct perception of the situation 


44 


Page 756 of 3957 


Page 757 of 3957 


and environment, and thus necessary for proper decision-making.!2? Though some of the 
actions included in the category of cover are not usually considered to be part of 
deception in U.S. Army doctrine, the obfuscation of indicators is an intrinsic part of 


deceiving a target. 133 


3. Active Deception 


Active deception is comprised of actions which convey deceptive information to 
the target, also referred to as simulation or showing the false. The set of active deception 
includes those modified versions of the actions traditionally associated with military 
deception. Active deception is divided into four broad categories: displays, feints, 


demonstrations, and disinformation. 


a. Displays 


Displays are static depictions of activities, forces, or equipment for the 
purpose of deceiving the target's collection apparatus.!?^ Though the formal Army 
definition of a display limits the type of target collection to visual, displays can also occur 
in all physical senses; as well, as in the electromagnetic spectrum. Displays are divided 


into two categories: simulation and portrayal. Simulations use decoys and other devices 


132 This usage of cover is consistent with historic Army and DOD usage, and in numerous civilian 
works. See: Headquarters, Department of the Army, Field Manual 1-02, 1-48 to 1-49; Concepts and Force 
Design Group, Tactical Cover and Deception: Final Report, 1-4; Daniel and Herbig, Propositions on 
Military Deception, 4; Robert Goldsmith and Ralph Gerenz, Techniques for Detecting Cover and 
Deception, (Billerica, MA: Betac Corporation, 1983), accessed 16 May 2012, 
http://handle.dtic.mil/100.2/ADP002896, 145. 


Cynthia Grabo provides an alternative definition for cover which is more constrained: *Cover (here 
meaning the “cover plan’’ or “cover story’’) is a form of military deception which should be distinguished 
from active military deception, although it may often be used in conjunction with it. Cover will be used 
when it may be presumed that the military buildup itself cannot be concealed from the adversary, and its 
purpose therefore is to offer some seemingly plausible explanation (other than planned aggression) for the 
observable military activity." Cynthia Grabo, Anticipating Surprise: Analysis for Strategic Warning, ed. 
Jan Goldman (Washington, DC: Center for Strategic Intelligence Research, Joint Military Intelligence 
College, 2002), accessed 14 May 2012, www.ni-u.edu/ni press/pdf/Anticipating Surprise Analysis.pdf, 
125. 


133 Bell and Whaley, Cheating and Deception, 49; Roy Godson and James J. Wirtz, "Strategic Denial 
and Deception," in Strategic Denial and Deception: The Twenty-First Century Challenge, eds. Roy Godson 
and James J. Wirtz (Piscataway, NJ: Transaction Publishers, 2002), 1 — 2. 


134 Adapted from official Army definition: “In military deception, a static portrayal of an activity, 
force, or equipment intended to deceive the adversary’s visual observation.” Headquarters, Department of 
the Army, Field Manual 1-02, 1-83. 
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to create a dummy force or capability. Decoys are models or dummies used to replicate 
actual equipment, buildings, and personnel.!35 Magruder's Quaker guns were decoys 
used to create the perception that the Confederate lines were more heavily fortified than 
they were in reality. MACVSOG's ruse of an active resistance movement in North Vietnam 


contained major elements of simulation and portrayal.136 


Portrayals use actual forces to present either the image of a unit which 
either does not exist, or that the unit is of a different type than it actually is.1?7 An 
infantry company presenting itself as an infantry battalion or brigade is a form of 
portrayal. Pseudo-operations and "false flag" operations are specialized forms of 
portrayals where the unit being portrayed is either a third party or an element of the 
target's forces. Colonel Funston's ruse during the Philippines Insurrection involved his 
force portraying the insurgent force in order to gain access to the insurgent camp.138 
British forces in Kenya used pseudo-operations to masquerade as Mau-Mau elements for 
the purposes of intelligence collection.13? Soviet forces engaged in “false flag" operations 
during the suppression of resistance movements in Lithuania by posing as the Lithuanian 
resistance while attacking the population in an effort to separate the resistance from the 
population.!4° Portrayals also encompass the cyberwar concepts of the honeypot and 


social engineering.!4! 


135 Headquarters, Department of the Army, Training Circular No. 30-1, 5. 

136 See Chapter V for more information on MACvsoG deception operations. 

137 Headquarters, Department of the Army, Training Circular No. 30-1, 10. 

138 See Chapter V for additional details on Colonel Funston's operation. 

139 Kitson, Frank, Gangs and Counter-gangs, (London: Barry and Rockliff, 1960). 


140 John Prados, Presidents’ Secret Wars, revised and updated ed. (Chicago: Elephant Paperbacks, 
1996), 38. 


141 A honeypot is an enticing computer or server designed to draw attacks by adversarial forces. 
Honeypots may also be classified as a form of feint here since they must survive contact with the target 
without revealing their true nature. The purpose of the honeypot is typically to gain intelligence about the 
adversarial forces’ capabilities, identities, and location. 
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b. Feints 


Feints are operations designed to deceive the target into reacting as if the 
feint is an actual decisive operation.!4? Feints differ from demonstrations in that some 
manner of contact with the target is sought. The degree of contact varies significantly. 
Feints are used for several purposes; for example, to distract the target from the actual 
decisive action, facilitating relative superiority at the point of decision; luring the target 
into exposing artillery positions; or to trick the target into prematurely committing the 
reserve. Field Service Regulations (1914) describes a stronger variant of the feint: 
holding attack. In addition to distracting the enemy from the main effort, the holding 
attack seeks to fix the enemy in time and space.!4? Also, the covering force concept in 
FM 100-5 (1976) has an element of feint, though its primary mission is not deception.!44 
In addition to traditional offensive and defensive operations, feints also encompass lures 
designed to draw the target into an unequal fight, e.g., the bait and ambush tactics of 


guerrilla and insurgent forces. 


C. Demonstrations 


Demonstrations are deceptive shows of force where actual engagement 
with the target is not sought.!49 Because contact is not sought with the target, the forces 
used for a demonstration can be considerably smaller than those used for a feint. While 
the traditional U.S. Army doctrinal definition of demonstrations implies demonstrations 


occur in the vicinity of the enemy lines, almost as a less aggressive form of a feint, this is 


142 Adapted from the DOD and Army definitions of feint: *In military deception, an offensive action 
involving contact with the adversary conducted for the purpose of deceiving the adversary as to the location 
and/or time of the actual main offensive action. (Army) A form of attack used to deceive the enemy as to 
the location or time of the actual decisive operation. Forces conducting a feint seek direct fire contact with 
the enemy but avoid decisive engagement." Headquarters, Department of the Army, Field Manual 1-02: 
Operational Terms and Graphics, 1-76. 


143 War Department, Field Service Regulations, 1914, 84 — 85. 
144 Headquarters, Department of the Army, Field Manual 100-5, 1976, p5-10 to 5-13. 


145 Adapted from the DOD, NATO, and Army definitions of demonstration: *An attack or show of 
force on a front where a decision is not sought, made with the aim of deceiving the enemy. 2. (DOD only) 
In military deception, a show of force in an area where a decision is not sought; made to deceive an 
adversary. It is similar to a feint but no actual contact with the adversary is intended. (Army) 1. A form of 
attack designed to deceive the enemy as to the location or time of the decisive operation by a display of 
force. Forces conducting a demonstration do not seek contact with the enemy." Headquarters, Department 
of the Army, Field Manual 1-02: Operational Terms and Graphics, p1-57 to 1-58. 
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not the case. Demonstrations include training events and exercises well away from the 
target. For example, a demonstration of increased airborne training in the United States 


can be used to create the perception of a pending airborne assault. 


d. Disinformation146 


Disinformation is the exposure to target collection assets of false, 
modified, or selectively true information with the intent to deceive.!4” Disinformation has 
no set form or design; any communication from a presidential proclamation to a scrap of 
paper left in a waste basket can be used to convey disinformation. The British DOUBLE 
CROSS system during World War II is considered the exemplar for disinformation, with 
British intelligence using its control of the German HUMINT networks in Britain and 
North Africa to great advantage.!48 Disinformation also includes the flooding of the 
information environment with notional information for the purposes of overloading the 
target's systems.149 Deceptions of this type are similar to the jamming denial type, but 
different in that disinformation flooding contains deceptive indicators intended to mislead 
the target; whereas, the jamming of a radio net with static does not. Using multiple radio 
networks to obscure the actual location of a unit is an example of this form of 
disinformation, as is swamping a regime's police hotline with false reports in order to 


overwhelm the response system. 


146 Disinformation is used here because most deception literature uses the term “ruse” to mean any 
manner of deception. Disinformation differs from misinformation in that disinformation requires intent to 
deceive; whereas, misinformation does not require intent to deceive, though the intent may be present. 


147 Adapted from the DOD definition; Headquarters, Department of the Army, Field Manual 1-02, 1- 
82. Also see Barton Whaley, Stratagem: Deception and Surprise in War (Cambridge, MA, Center for 
International Studies Massachusetts Institute of Technology, 1969), accessed 16 February 2012, 
http://www. vietnam.ttu.edu/virtualarchive/items.php?item=2171516001, 17. 


148 See David Mure’s Master of Deception and Ben MacIntyre's Agent Zigzag for further information 
on the British DOUBLE CROSS system. 
149 Barton Whaley, Stratagem: Deception and Surprise in War (Norwood, MA: Artech House, 2007), 
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4. Cover 


Cover is the set of actions taken to protect the actual mission by preventing the 
deception target from receiving the indicators of real actions, capabilities, or intentions. ^? 
Whereas active deception seeks to provide misleading information to the deception 
target, cover seeks to obfuscate by masking indicators and closing channels. There are 


two categories of cover: camouflage and denial. 


a. Camouflage 


Camouflage seeks to prevent indicators from being detected by the target's 
collection assets. Within camouflage, there are four broad methods: hiding, blending, 
disguising, and securing. In hiding the item is concealed by a physical barrier; such as, a 
bunker, cave, forest canopy, or netting. The physical barrier itself may be visible, blended 
into the background, or disguised. In blending, the item is concealed by means that merge 
the item with the background. This can be accomplished in the field through the 
application of camouflage paint or natural materials. In disguising, the item is concealed 
by making it look like something innocuous, such as a bunker disguised as a 
farmhouse.!5! In securing, indicators are reduced via the use of operations security, 
information security, and emissions control. While not traditionally considered aspects of 
camouflage, securing functions serve the same purpose—suppression of friendly 
indicators. The concepts of camouflage are applicable across the spectrum of operations. 
A special operations team operating out of a safe house is hidden within the safe house, 
which in turn is blended into the surrounding neighborhood. A HUMINT team attached to 
a maneuver element is blended in with the element. An intelligence officer conducting 
special reconnaissance while posing as a tourist is disguised. Through proper document 


disposal procedures, information is secured. 


150 Headquarters, Department of the Army, Training Circular No. 30-1, 5; see Note 130 for more 
information on this definition of cover versus the competing definition. 


151 Headquarters, Department of the Army, Field Manual 5-20, 1968, 17 — 20. 
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b. Denial 


Whereas camouflage focuses on masking indicators, denial attacks the 
channels indictors travel on to the target. Denial seeks to degrade target collection 
channels so that the adversary is either not able to receive indicators, or is herded onto a 
smaller set of channels. Forcing the target to depend on a smaller set of channels reduces 
the ability of the target to validate intelligence using multiple sources, reducing the effort 
necessary in telling the deception story. Additionally, if the target can be herded onto 
channels controlled by friendly forces, deception indicators can be fed directly into the 
target's intelligence cycle, as was the case with the British DOUBLE CROSS operation in 
WWII. Denial methods include counterreconnaissance, jamming, counterintelligence, 
and physical destruction of collection tools. While these methods are not normally 
considered aspects of deception by U.S. Army doctrine, they are forms of cover to be 


considered during any deception planning and execution. 


5. Alternate Deception Taxonomies 


In addition to the method-based taxonomy of deception, there are other 
taxonomies for deception. Three alternate taxonomies are: commission and omission; 
level of sophistication; and effect-based. These taxonomies are useful for expanding the 


ways to think of deception. 


a. Commission and Omission 


Chisholm and Feehan in "Intent to Deceive" delineate eight types of 
deception divided into two categories. Deceptions by commission are typified by the 
deceiver contributing causally to the belief of the target. Deceptions by omission are 


typified by the deceiver facilitating the target's maintenance of an existing belief. 
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Deception by Commission 

1- Deceiver contributes causally to target acquiring belief in the proposition 

2- Deceiver contributes causally to target continuing to believe in the proposition 

3- Deceiver contributes causally to target stopping belief in the negation of the proposition 

4- Deceiver contributes causally to target not acquiring belief in the negation of the proposition 


Deception by Omission 

5- Deceiver allows target to acquire belief in the proposition 

6- Deceiver allows target to continue belief in the proposition 

7- Deceiver allows target to cease belief in the negation of the proposition 

8- Deceiver allows target to continue without the belief in the negation of the proposition 


Table2. Chisholm and Feehan’s Eight Ways to Deceive.152 


b. Level of Sophistication 


Gerwehr and Glenn in Unweaving the Web: Deception and Adaptation in 
Future Urban Operations present a way to categorize deceptions based on the level of 
sophistication used in the deception. Sophistication is determined by the degree to which 
the deception takes in count the variables of a situation, e.g., environmental factors, target 
capabilities, target preconceptions, and the context of the situation. There are four levels 
of sophistication, ranging from least to most sophisticated: static, dynamic, adaptive, and 
preemptive. Static deceptions are the least sophisticated of deceptions and *...are in place 
regardless of state, activity, or the histories of either the deceiver or target.”!53 The Army 
Combat Uniform is an example of static camouflage. *Dynamic deceptions are those that 
activate under specific circumstances. The ruse itself and the trigger do not change over 
time, nor do they vary much by circumstance or adversary."154 A howitzer battery having 
established procedures to erect camouflage netting upon occupying a firing position is an 
example of a dynamic deception. *Adaptive deceptions are triggered like dynamic 
deceptions, but either the trigger or the ruse itself can be modified with experience. This 
category covers deception improved through trial and error.”!55 Wearing cloths of local 


design in order to blend into crowd during a special reconnaissance mission is an 


152 Chisholm and Feehan, The Intent to Deceive, 143 — 159. 
153 Gerwehr and Glenn, Unweaving the Web, 33. 
154 Gerwehr and Glenn, Unweaving the Web, 33. 
155 Gerwehr and Glenn, Unweaving the Web, 34. 
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example of adaptive camouflage. Premeditative deceptions display the greatest level of 
sophistication. “Premeditative deceptions are designed and implemented based on 
experience, knowledge of friendly capabilities and vulnerabilities, and, moreover, 
observations about the target’s sensors and search strategies.”!56 Complex deceptions, 


such as Operation FORTITUDE, are at the premeditative level of sophistication. 


c. Effect-Based 


Bell and Whaley in Cheating and Deception present an effect-based 
taxonomy of deception that categorizes deception by what the deception does. This 
taxonomy has two broad subdivisions: hiding and showing. Hiding deceptions seek to 
obscure indicators, and consist of masking, repackaging, and dazzling. Masking 
deceptions hide by blending the object into the background, as in camouflage. 
Repackaging deceptions hide the real by making the object appear as something 
innocuous, e.g., a bunker made to look like a food stand. Finally, dazzling seeks to 
confound the target about certain aspects of an object, such as using multiple radio 
transmitters to confuse the target of a unit's true location. Showing deceptions seek to 
present misleading indicators to the target and consist of mimicking, inventing, and 
decoying. Mimicking deceptions recreate the characteristics of an object for advantage, 
such as using a company of soldiers to replicate a division. Inventing deceptions mislead 
via creation of new objects, as in notional documents. Decoying misleads by presenting 
alternate options as the actual option, such as the First U.S. Army Group being used to 


mislead German leadership as to the actual target of Operation OVERLOAD.157 
C. DECEPTION AND UNCERTAINTY 


1. Uncertainty 


Uncertainty is an unavoidable aspect of military operations. Despite the desires of 


every commander, a perfect understanding of the situation is impossible.158 Among the 


156 Gerwehr and Glenn, Unweaving the Web, 35. 
157 Bell and Whaley, Cheating and Deception, 49 — 61. 


158 Indeed, the belief that a perfect understanding is even possible sets the stage for deception, whether 
self-inflicted or enemy induced. 
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phenomena creating uncertainty are inadequacy of collection channels, infiltration of 
noise corruption, and the fundamental inability to read the opponent's mind. The 
compounded result of these phenomena is an obscuration of the situation, as if a 
metaphorical fog had settled over the field. As Whaley states: 
It [“the fog of war"] refers to the chaos of information inherent in the fast- 
breaking crisis of battle--the confusing muddle of delayed and mislaid 
messages, garbled and misunderstood orders, fragmentary and 
misinformed intelligence, pridefully exaggerated claims of successes and 
cringingly suppressed reports of blunders. In other words, “the fog of war” 
is the state of uncertainty resulting from the inability of a military 
information system to either accurately or speedily monitor the events of 
battle. The battle maps and situation reports become jangled 
representations of fiction and fact. The Commander neither knows what he 
knows nor can be certain of what he doesn’t know. Crucial decisions 


about deployment, tactics, and strategy are made with the most 
fragmentary information. 159 


Deception and uncertainty enjoy a complex relationship. The fog of war created 
by uncertainty provides the necessary environment for deception. If the enemy possessed 
perfect situational awareness deception would be almost impossible. Deception in turn 
can be used to either thicken the fog of war—increasing the target’s uncertainty—or 
deception can be used to present a false parting of the fog—decreasing the target’s 
uncertainty—by revealing vista of the deceiver’s making. Deception used to increase 
uncertainty is often referred to as ambiguity increasing, or A-Type, deception. Deception 
used to create a false reduction of uncertainty is often referred to as misleading, or M- 


Type, deception.160 


2: A-Type Deception 


A-type deceptions seek to increase the ambiguity of a situation so that the target 
becomes “...unsure as to what to believe.”161 Ambiguity can be increased through the 


use of covering deception to obscure the real situation, through the use of active 


159 Whaley, Stratagem (1969), 257 — 258. 


160 Daniel and Herbig, Propositions on Military Deception, 5-7; Additionally, FM 90-2, 1988 calls M- 
type *misdirection." Headquarters, Department of the Army, Field Manual 90-2, 1988, 1-9. 


161 Daniel and Herbig, Propositions on Military Deception, 5. 
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deception to present a number of reasonable alternatives to the real, or a mixture of both 
aspects. A-type deceptions can be attempted solely through the use of covering aspects, 
such as a unit camouflaging itself in a wood line. One of the goals of A-type deceptions is 
to cause the target to delay decision-making in the hopes of further information, thereby 
allowing the deceiver to seize or retain initiative. Another goal is to cause the target to 
spread their forces in an effort to cover every potential outcome, thus affording the 


deceiver the opportunity to achieve relative superiority at the point of decision.162 


3. M-Type Deception 


M-type deceptions “...reduce ambiguity by building up the attractiveness of one 
wrong alternative."163 All M-type deceptions utilize covering deception to obscure the 
true situation, while using active deception to present the false situation. One goal of M- 
type deceptions is for the target to concentrate resources against the deception, allowing 
the deceiver opportunity to successfully conduct the true plan.!164^ For example, the 
ambush of the Japanese fleet at Midway was facilitated by deceptive radio traffic which 
created the perception that Admiral Halsey’s fleet was still in the vicinity of the Solomon 


Islands.165 


D. THE WHY OF DECEPTION 
1. Overview 


As discussed previously, deception is not undertaken for the sake of deception; 
deception is conducted to drive the behavior of the target to achieve some benefit for the 
practitioner or some deleterious effect for the target. Four reasons are typically given for 


the use of deception: to achieve surprise, to gain freedom of action, to save lives, and to 


162 Daniel and Herbig, Propositions on Military Deception, 5 — 6. 
163 Daniel and Herbig, Propositions on Military Deception, 6. 
164 Daniel and Herbig, Propositions on Military Deception, 6. 


165 Katherine Herbig, “American Strategic Deception in the Pacific: 1942-44,” Strategic and 
Operational Deception in the Second World War, ed. Michael Handel (New York, Routledge,1987), 262 — 
263. 
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mislead the enemy.!66 In addition to these reasons, there are four other reasons for 
attempting deception: to secure relative superiority at the point of decision, security, 


subversion, and mental isolation. 


2. Surprise 


Surprise is the most common reason cited for the use of deception. Surprise in the 
military context is defined as: “[striking] the enemy at a time or place or in a manner for 
which he is unprepared."!67 There can be no question of the role of surprise in war; of 
122 battles surveyed in Whaley's classic study, the casualty ratio in battles without 
surprise was one-to-one; however, the casualty ratio where surprise was achieved was 
one-to-five in favor of the initiator.!68 Deception is the handmaiden of surprise as the 
secrecy necessary for surprise to succeed “...cannot be obtained by ‘saying nothing.’ 


Secrecy requires the systematic confusion and deception of the enemy."169 


3. Freedom of Action 


Deception can enhance freedom of action by decreasing the chance of enemy 
interference. Disguising movements of personnel, materials, and equipment as something 
innocuous can facilitate staging for future operations. Deceptions designed to prevent the 
target from interdicting lines of communication support freedom of action. Deception can 
also be used to assist the movement of key leaders. For example, President Roosevelt's 
secret meeting with Prime Minister Churchill to hammer out the Atlantic Charter in the 
fall of 1941 was facilitated by a portrayal depicting the president as being on a fishing 
trip off Cape Cod.170 


166 Jock Haswell, The Tangled Web: The Art of Tactical and Strategic Deception (Buckinghamshire, 
UK: John Goodchild Publishers, 1985), 23. 


167 Headquarters, Department of the Army, Field Manual 3-0: Operations, Change 1, A-3. 
168 Whaley, Stratagem (2007), 102 — 103. 
169 Erfurth, Surprise, no. 1, 33. 


170 James F. Dunnigan and Albert A. Nofi, Victory and Deceit: Dirty Tricks at War (New York: 
William Morrow and Company, Inc., 1995), 203 — 205. 
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4. Save Lives and Resources 


Deception can be used to save lives and resources in three ways. First, through the 
achievement of surprise, gaining of freedom of action, and securing of relative 
superiority, deception can reduce the amount of fighting necessary to reach a decision, 
thus reducing casualties and material costs. Second, deception can be used to elicit 
surrender, thereby avoiding conflict all together. Nathan Bedford Forrest used a ruse 
involving a notional secret weapon to successfully elicit the surrender of four Union 
blockhouses during the Civil War.!7! Finally, deception can be used in the retrograde to 
decrease the risk to the withdrawing troops. During the Korean War, 7" Division used the 
fact that the Chinese forces in the vicinity of Pork Chop Hill were conditioned to seeing 
armored personnel carriers resupplying U.S. forces on the crest of the hill. When the 
decision was made to withdraw the forces, rather than risk a night withdrawal, the forces 


were withdrawn using armored personnel carriers mimicking a supply run.!72 


5. Mislead the Target 


“Deception is by itself an asymmetric approach to warfighting: tricking the 
opponent into misapplying strengths and revealing weaknesses.”!73 A 1948 Department 
of Army memorandum on strategic and tactical cover and deception training provided ten 
specific examples of desired outcomes for deception operations (Table 3). These 
outcomes were divided into positive reactions—the target takes an action to its detriment- 


-and negative reactions—the target fails to take an action to its detriment. 


How deception can be used to mislead the target into not exploiting a weakness is 
illustrated by an example from the Vietnam War. A brigade commander was ordered to 
detach two battalions to support another operation, and the brigade commander realized 


that to do so would offer the Viet Cong an opportunity to exploit the reduction in forces 


171 The Editors of the Army Times, The Tangled Web: True Stories of Deception in Modern Warfare 
(Washington, DC: R. B. Luce, 1963), 3. 


172 U.S. Army Command and General Staff College, Reference Book 31-40: Techniques for Deception 
(Fort Leavenworth, KS: U.S. Army Command and General Staff College, 1976), p6-9 to 6-10. 


173 Scott Gerwehr and Russell W. Glenn, The Art of Darkness: Deception and Urban Operations 
(Santa Monica, CA: RAND, 1999), 10. 
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in his area of operations. In order to support the requirement while preventing the Viet 
Cong from seizing the advantage, the brigade commander directed support personnel to 
portray the advance parties of another division while spreading the rumor that the 
portrayed division would be assuming control of the area of operations. The combination 
of the portrayal and the ruse caused the Viet Cong to go to ground, denying them the 


opportunity to exploit the brigade's temporary loss of maneuver forces.!74 


Positive reactions by target to deception 

1- Movement of reserves and their premature commitment to erroneous positions 

2- Engagement by enemy in activities which exhaust his resources and/or prohibits their use elsewhere 
(i.e., extensive defensive preparations) 

3- Dispersal or over-extension of enemy forces 

4- Diversion of enemy thrusts 

5- Disclosure of enemy positions 


Negative reactions by target to deception 

1- Failure to move reserves to meet intended offensives 

2- Failure to exploit our weaknesses 

3- Failure of counterattack 

4- Failure to disengage 

5- Failure to locate and act against true positions of artillery, reserves, dumps, etc. 


Table3. | Examples of Target Responses to Deception.!75 


6. Relative Superiority 


Relative superiority is the “condition that exists when an attacking force... gains a 
decisive advantage over a larger or well-defended force."!76 Deception, along with 
surprise and maneuver is an essential tool for gaining relative superiority.!77 
Demonstrations and feints that draw away the defender's reserves from the point of 
decision assist in the achievement of relative superiority. The aspects of Operation 
FORTITUDE that caused the German command to retain forces in Pas de Calais even after 


the Normandy landing assisting in the Allies gaining and maintaining relative superiority 


174 U.S. Army Command and General Staff College, Reference Book 31-40, 6-12. 
175 Office of the Chief of Army Field Forces, Strategic and Tactical Cover and Deception, 13. 


176 william H. McRaven, Spec Ops: Case Studies in Special Operations Warfare Theory & Practice 
(Novato, CA: Presidio Press, 1995), 4. 


177 Headquarters, Department of the Army, Field Manual 100-5: 1976, 3-6 to 3-7. 
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at the Normandy beachhead. Use of deception to bait a superior force into an ambush is 


time honored technique used by inferior forces to gain relative superiority. 


7. Security 


Deception can be a vital asset for maintenance of security. *Real secrecy can only 
be achieved if, in addition to the correct information which the enemy receives, he is also 
provided with incorrect information. Confusion is the only effective method of 
maintaining secrecy.”!78 This is especially true for irregular warfare and intelligence 
operations. Deception in support of security typically relies heavily on camouflage and 
denial. In addition to the cover aspects, ruses in the form of cover stories and notional 
documents are used frequently. Status for cover and status for action are terms for the 
cover stories developed to protect intelligence operatives and facilitate their missions. 
MAcvsoG utilized a set of cover stories for the overall organization, subordinate 
elements, and even missions in an effort to obscure its activities.!7? The cover for status 
of MACVSOG stated the organization was simply a special staff section focused on the 
comprehensive study of counterinsurgency operations, with no implementation 


authority. 189 


8. Subversion 


Subversion is defined as: “Action designed to undermine the military, economic, 
psychological, or political strength or morale” of a targeted organization.!®! Deception 
can be used in a subversion role, by exploiting internal cleavages within the targeted 


organization in order to foment mistrust and discord. In addition to mistrust and discord, 


178 General Alfred Krauss as quoted in: Erfurth, Surprise, 6. 


179 Special Assistant for Counterinsurgency and Special Affairs (SACSA), Draft MACSOG 
Documentation Study Appendix H Security, Cover & Deception (Washington, DC: Joint Chiefs of Staff, 
1970), accessed 2 September 2011. 
http://www.dod.gov/pubs/foi/International_security_affairs/vietnam_and_southeast_asiaDocuments/520- 
18.pdf. 


180 Special Assistant for Counterinsurgency and Special Affairs (SACSA), Draft MACSOG 
Documentation Study Appendix H Security, Cover & Deception, H-10. 


181 This definition is modified from the official definition by substituting targeted organization for 
regime in order to allow for targeting of non-state actors. Headquarters, Department of the Army, Field 
Manual 1-02, 1-178. 
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subversive deception can be used to introduce friction into the target's decision cycle and 
actions; thereby, reducing the overall effectiveness of the target.!92 Subversion by 
deception may be particularly effective when used against organizations sensitive to 
internal threats; such as, networked terrorist groups and authoritarian regimes. 
MACVSOG's use of poison pen letters to increase distrust within the North Vietnamese 


leadership is an example of deception to achieve subversion.182 


9. Mental Isolation 


Deception Mental isolation occurs when the target is unable to perceive or make 
sense of the situation.184 The ultimate goal of mental isolation is to reduce the target to 
passivity or paralysis as the target is unable to appreciate or cope with the practitioner's 
actions.!85 Deception in support of mental isolation seeks to create an impenetrable fog 
of war through camouflage and denial, while increasing uncertainty and ambiguity by the 
presentation of conflicting information through what channels the target retains access 
to.186 The effective mental isolation and subsequent paralysis of a target can negate the 
target's fighting power and thus ability to resist.18” During the Six-Day War, Israeli 
Military Intelligence attempted a form of mental isolation against Arab forces. Operation 
FOG OF BATTLE “misled top enemy commanders, drew them into traps, diverted their 
forces in the wrong directions, spread confusion and chaos within upper level enemy 
headquarters, and speeded up the process of demoralization and disintegration of the 


channels of command.”188 


182 Friction is defined as “the accumulation of chance errors, unexpected difficulties, and the 
confusion of battle.” Headquarters, Department of the Army, Field Manual 100-5, 1986, 16. 


183 Richard H. Shultz, The Secret War Against Hanoi : Kennedy and Johnson's Use of Spies, 
Saboteurs, and Covert Warriors in North Vietnam (New York: HarperCollins, 1999), 136. 


184 John Boyd, "The Strategic Game of ? and ?" (Presentation, John Boyd Compendium, 1987), 
accessed 19 February 2012, http://www.danford.net/boyd/strategic.pdf, 36. 


185 Boyd, The Strategic Game of ? and ?, 47. 


186 Mao Tse-tung, "On the Protracted War " in Selected Works of Mao Tse-Tung, Vol. 2 (Peking: 
Foreign Language Press, 1965), 166. 


187 Basil Henry Liddell Hart Sir, Strategy, 2d rev ed. (New York: Meridian, 1991), 212. 


188 Leo Heiman, "War in the Middle East: An Israeli Perspective," Military Review 47, no. 9 (1967), 
60. 
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E. COMMUNICATIONS PROCESS OF DECEPTION 
1. Overview of Communications 


In order to understand deception, it is necessary to look at the context in which 
deception is practiced. Of importance to the understanding of deception are the 
communications environment and the target's decision-making process. Roberta 
Wohlstetter's Pearl Harbor: Warning and Decision provides insight to the role of noise 
within the communications process. Wohlstetter defines noise as competing or 
contradictory signals that are useless for understanding a situation.!9? William Reese's 
“Deception within a Communications Theory Framework" presents an overview of 
communications theory that is critical to understanding the process by which information 
is transmitted from the practitioner to the target. Reese includes in his work the roles of 
channels and indicators; as well as, the ways by which errors enter the process.!90 
Whaley and Bell’s collaboration Cheating and Deception; as well as, Bell’s “Toward a 


Theory of Deception” discuss how deception works through communication. 


Deception occurs within the framework of communication (Figure 6). An actor is 
constantly emitting indicators of his actions, capabilities, and intentions into the 
environment, and is likewise constantly receiving indicators from other actors. Indicators 
travel from one actor to another via channels. Some indicators are not perceived by the 
target due to the lack of a viable channel to convey the information. Other indicators are 
corrupted by errors of encoding, transmission, or decoding. The corruption of indicators 
is a form of noise. The indicators an actor receives from other actors in the environment 
constitute another form of noise. The limited set of indicators that do reach the target are 
what the target relies on to form the perceptions of the practitioner for use in the target’s 
decision-making process. Because the target does not have access to all the indicators of 
the practitioner, the target never has a complete picture of the actor’s intentions, 


capabilities, and actions. 


189 Roberta Wohlstetter, Pearl Harbor: Warning and Decision (Stanford, CA: Stanford University 
Press, 1962), 3. 


190 William Reese, "Deception within a Communications Theory Framework," in Strategic Military 
Deception, eds. Donald C. Daniel and Katherine L. Herbig (Elmsford, NY: Pergamon Press Inc, 1982), 99 
— 114. 
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ENVIRONMENT 
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Figure6. | Communications Cycle 


As Figure 6 shows, deception works within the communications process. The 
practitioner is constantly emitting indicators of his actions into the environment. Some 
indicators are not seen by the target as there is no channel to convey the indicator to the 
target. The white indicators represent indicators of the practitioner's true capabilities and 
intentions. The grey indicators represent deceptive indicators. The dashed line indicator 
represents an indicator obscured through cover means. The In8j-kator indicator 
represents an indicator corrupted by errors in encoding, transmission, or decoding. The 
cross-hatched channel is a channel closed through denial means. Finally, the noise arrows 
represent indicators from other actors or the environment that interfere with the target's 
perception of the practitioner's indicators. The process depicted is one-half of the 
complete communications process. There is a mirror process running from the target to 


the practitioner as indicated by the black arrow. 


2. Indicators 


Indicators are individual snippets of information about the capabilities, intentions, 
and actions of an actor created through the actor's interaction with the environment. 
Indicators can take myriad forms and include exercises and training events; personnel and 
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equipment movements; updates on social network sites and other communications 
activity; and solicitations for contracts.!?! These pieces of information can be real or 
deceptive. The purpose of deceptive indicators is to provide the target with the 
information required for the target to draw the conclusion that the deception story is 


reality. 


Indicators, whether real or notional, are subject to errors in encoding, 
transmission, and decoding. Errors in encoding occur at the origin of the indicator and 
may result from typographical or syntax errors, improper execution of guidance, and 
translation errors. For example, a notional identification document with an outdated 
stamp is an error in encoding. Errors in transmission alter the indicator as it transits a 
channel from the transmitter to the receiver and can occur due to noise causing 
corruption, interaction with the channel causing changes to the indicator, or the failure of 
the channel to pick up the indicator. Technical faults in the target's reconnaissance plane 
resulting in indicators of troop movements not being observed is an example of an error 
in transmission. Errors in decoding enter the indicator as it is being processed by the 
receiver, and can include mistakes in interpretation and failures in perception. An 


imagery analyst mistaking a tank for a truck is an error in decoding.!9? 


3. Channels 


Channels are "the specific ways in which information about a given subject 
reaches an audience.”!93 For deception, the most commonly used channel is the 
intelligence collection capabilities of the target. Intelligence channels consist of the suite 
of intelligence collection capabilities, e.g., human, signals, open source, and imagery. 
Examples of intelligence channels range from the double agents used by Britain in World 


War II as part of the Double Cross system to notional radio traffic.194 In addition to 


191 To reinforce the variety of indicators, one— possibly apocryphal—indicator of crisis planning at 
the White House is said to be late night pizza deliveries. 


192 Reese, Deception within a Communications Theory Framework, 99 — 114. 
193 Godson and Wirtz, Strategic Denial and Deception, 19. 


194 Abram Shulsky, "Elements of Strategic Denial and Deception," in Strategic Denial and Deception: 
The Twenty-First Century Challenge, eds. Roy Godson and James J. Wirtz (Piscataway, NJ: Transaction 
Publishers, 2002), 19 — 26. 
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intelligence collection channels, there are many other channels for indicators to reach the 
target (Table 4). One of the goals of cover is to reduce the number of channels available 
to adversarial intelligence collection, as restricting channels makes the intelligence 
collection more dependent on the remaining channels, and reduces the likelihood of 
indicators of the actual plan reaching the target. Channels can be preexisting or created in 
support of the deception plan. The use of a corpse by British intelligence during WWII to 


convey notional plans to German intelligence is an example of a created channel. 


Intelligence Human, Signal, Imagery, Measures, Electronic 
Traditional Media Newspapers, Radio, Television, Handbills, Leaflets, Loudspeakers 
Internet Social Media Sites, Commercial Email, Notional Sites 


Military Communications | Radio, Official Email, Orders, Radar 


Diplomacy Negotiations, Communiques, Official statements 


Other Word-of-mouth, Surveys, Telephone 


Table 4. | Examples of Channels 


4. Deception's Role in the Communications Process 


In addition to deception operating within the communications framework, 
deception affects the communications process itself on a number of levels. Indicators can 
be camouflaged to prevent the target from recognizing the indicators. Alternatively, 
indicators can be reduced through various security measures. Channels can be closed off 
via denial capabilities. For indicators that cannot be hidden from the target by cover tools, 


simulations and portrayals can be used to drown the indicator in a sea of noise. 


F. DECEPTION AND TARGET DECISION-MAKING 


To understand how deception affects the target, it is imperative to understand how 
decisions are made. Decision-making is not a rigid process of whereby two individuals 
can see the same indicator, reach the same conclusion, and act the same way; rather, 


decision-making is subject to numerous schemata—cultural, personal, and cognitive—the 
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composite of which is unique to every individual. Colonel John Boyd’s “Organic Design 
for Command and Control" introduces a framework for the decision-making process, the 
Observe-Orient-Decide-Act (OODA) loop.!9° The Oopa places decision-making in an 
iterative process where perceptions are created by the synthesis of new information and 
existing perceptions through the schematic lenses. From the revised perceptions, 
decisions are made, driving actions and inaction. While Boyd includes the lenses in his 
decision-making framework, he does not go into depth discussing how culture, personal 


experiences, and genetic heritage impact decisions. 


Richard Heuer's Psychology of Intelligence Analysis, though intended as a tool 
for intelligence analysts contains a trove of information for the deception practitioner. Of 
particular use is Heuer's discussion of cognitive biases. Cognitive biases are defined by 
Heuer as “mental errors caused by our simplified information processing strategies... a 
cognitive bias does not result from any emotional or intellectual disposition towards a 
certain judgment, but rather from subconscious mental procedures for processing 


»196 


information. Heuer categories the cognitive biases by their effect on intelligence 


analysis: "evaluation of evidence, perception of cause and effect, estimation of 


probabilities, and retrospective evaluation of intelligence reports.” "° 


Michael Bennett and Edward Waltz’s Counterdeception Principles and 
Applications for National Security expands the discussion of biases by adding three 
additional categories: personal, cultural, and organizational. Personal biases “are the 


result of personality traits and the firsthand experiences that affect a person's world view 


9198 


throughout the course of their life. Cultural biases are “the result of interpreting and 


judging phenomena in terms particular to one’s own culture and is influenced by the 


knowledge, beliefs, customs, morals, and habits, and cognitive styles that are acquired as 


195 John Boyd, “Organic Design for Command and Control,” (Working Paper, 1987), accessed 19 
February 2012, http://www.danford.net/boyd/organic.pdf. 


196 Richards J. Heuer Jr., Psychology of Intelligence Analysis (Reston, Virginia: Pherson Associates, 
LLC, 2007), 111. 


197 Heuer, Psychology of Intelligence Analysis, 112. 


198 Michael Bennett and Edward Waltz, Counterdeception Principles and Applications for National 
Security (Norwood, MA: Artech House, Inc., 2007), 73. 
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9199 


a member of one’s specific social environment." ~ Organizational biases are “the result 


of the goals, mores, policies, and traditions that characterize the specific organization in 


200 


which the individual works. Bennett and Waltz’s expansion of biases increases the 


number of potential levers a deception practitioner has to influence the deception target- 


In order to explore how deception affects the target, an expanded version of the 
OODA process is used to represent the target’s decision-making process. The OODA 


process consists of four interconnected phases: observe, orient, decide, and act (Figure 7) 


OODA Process 
Observe Orient Decide Act 
Implicit Guidance ici 
Unfolding end Cond TEE ae m mplicit Guidance and Control. 
ae Traditions 
i Feed Genetic ana Feed Decision Feed Action 
Observations Forward Heritege and Forward (Hypothesis) Forward (Test) 


Synthesis 


wa 


Information New Previous 
Information Experiences 


Feedback: 


Feedback: 


Unfolding Interaction with Environment: 


Figure 7. | Expanded OODA Process (From: 201) 


1. Observe 


During the observe phase, the target interacts with the environment, actively and 
passively collecting indicators in an effort to gain an understanding of the situation. 
Despite the wishes of every actor, it is impossible to collect a perfect picture of the 


situation as some indicators are missed and others corrupted by transmission and coding 


199 Bennett and Waltz, Counterdeception Principles, 72. 
200 Bennett and Waltz, Counterdeception Principles, 74. 


201 Robert Coram, Boyd: The Fighter Pilot Who Changed the Art of War (New York, NY: Back Bay 
Books, 2002), 344. 
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errors. The inability to perceive the total picture is the *fog of war." Additionally, the 
target's existing perceptions of the environment and situation affect which indicators the 
target observes.20? As Thomas Kuhn states: *What a man sees depends both upon what 
he looks at and also upon what his previous visual-conceptual experience has taught him 
to see."203 Tt is during the observation phase the deception practitioner interacts with the 
target. Through camouflage, indicators of friendly activity are obscured from target 
collection. Furthermore, through denial, target collection channels are closed off, 
preventing the collection of unobscured indicators—both friendly and other actor. 
Finally, through active deception, manipulated or manufactured indicators are presented 
for collection, which taken together tell the deception story. Through these means, the 
fundamental effects of deception in the observe phase are to either thicken the fog of war 
by increasing ambiguity or uncertainty by obscuring indicators, or to part the fog of war 
by seeming to decrease ambiguity or uncertainty through the presentation of indicators 
revealing a misleading picture of the situation. It is necessary to understand the collection 
capabilities of the target in order to increase probability of reception of the manipulated 
indicators; as well as, to prioritize camouflage and denial activities towards protecting 
vulnerable indicators. Equally important is an understanding of what the target expects to 
see from the practitioner; in other words, the practitioner needs to develop a detailed 


understanding of self through the lens of the target. 


2. Orient 


After the observe phase, the target transitions to the orient phase. During the 
orient phase, the target processes the collected indicators through a series of schemata 
and synthesizes the result with the target's existing perceptions to create revised 
perceptions of the environment and situation. Schemata are defined as: *...the dynamic, 


cognitive knowledge structures regarding specific concepts, entities, and events used by 


202 Heuer, Psychology of Intelligence Analysis, 8 — 10. 


203 Thomas Kuhn, The Structure of Scientific Revolutions, 3" ed. (Chicago: University of Chicago 
Press, 1996), 113; This is an important point; an engineer, infantryman, and helicopter pilot looking at a 
wooded glen will see different things. The engineer may see the glen in terms of soil substrate suitability 
for a road; the infantryman may see the glen in terms of cover, concealment, and avenues of approach; 
while the pilot sees in terms of potential landing zones. 
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individuals to encode and represent incoming information efficiently.”2°* These schemata 
create biases in the way the target perceives and processes information. Schemata can be 
categorized as cultural, personal, and genetic. Cultural schemata include the collective 
experiences, legacies, biases, and heuristics developed by organized groups. Personal 
schemata include personal experiences and the resultant biases and heuristics. Genetic 
schemata include the cognitive biases and heuristics developed through conflict based 
natural selection. Schemata and the resultant biases can both aid and hinder deception 


efforts. 


a. Cultural Schemata 


Cultural schemata are the collective set of knowledge, beliefs, 
experiences, values, and norms for a distinct aggregate of people with similar 
characteristics, e.g., state, ethnic group, region, religion, and organization. A target can be 
influenced by several different sets of cultural schemata, for example, a Sunni Muslim 
Iraqi Kurd is influenced by the schemata for his Sunni Islam, Iraqi, and Kurdish aspects. 
While members of a particular culture are not perfectly uniform in their cultural 
schemata, understanding the culture of the target is vital to the success of deception. 
Culture can be a source of trappings for a deception to increase its legitimacy, for 
example, the Sacred Sword Patriots League deception in Vietnam was based in a 
Vietnamese legend of a divine sword given to a prince to drive out the occupying 
Chinese.205 Additionally cultural biases can impact the credibility given to different 
channels. For example, in a country without a tradition of free press, there may be less 
credibility given to traditional media channels. Likewise, in societies with a strong oral 
tradition; such as Arab societies, word of mouth channels may have higher credibility 
than in societies without a strong oral tradition. Understanding the degree to which a 
culture values certain channels can help in deciding which channels to priorities for 
exploitation or denial. 

204 Hazel Markus, "Self-Schemata and Processing Information about the Self," Journal of Personality 
and Social Psychology 35, no. 2 (1977), 63 — 78. as cited in Stanley G. Harris, "Organizational Culture and 


Individual Sensemaking: A Schema-Based Perspective," Organization Science 5, no. 3 (August, 1994), 
310. 


205 Shultz, The Secret War Against Hanoi, 139 — 140. 
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Much like the social groups, organizations possess a distinct set of 
schemata that influence information processing. These schemata in turn generate 
organizational biases. An example of an organizational bias with applicability to 
deception operations occurred in the Burma Campaign of World War II. The Japanese 
command in Burma did not trust its intelligence analysts. British efforts to deceive the 
Japanese commander failed because of this bias against the intelligence analysts, the 
deception indictors presented by the British never impacted the Japanese commander's 
decisions.206 A second example of organizational schemata impacting deception, this 
time to negative results, occurred as part of British plans to invade Italian controlled 
Abyssinia [Ethiopia]. The British plan called for an attack into northern Ethiopia, and a 
deception to make it appear the attack would come from the south. The British 
successfully deceived the Italians into believing the attack would come from the South; 
however, the British failed to account for the Italian Army's desire to avoid combat. 
Rather than reinforcing the southern approaches to repulse the perceived British 
offensive, the Italians withdrew northward, towards the actual British offensive.297 [This 
episode led to Dudley Clarke's admonishment to plan deception in terms of the target's 


actions, and not the target's perceptions] 


b. Personal Schemata 


Whereas the cultural schemata are the result of the social environment, 
personal schemata are the result of the one's experiences, motivations, and emotions. 
Four variables impacting the degree to which an experience might affect an individual's 
worldview: whether the experience was first hand; how early the event occurred in the 
individual's lift; how important the consequences of the event were to the individual or 
his nation; and whether the individual has a sufficient range of experience to develop 


alternative perceptions.208 


206 Dewar, The Art of Military Deception in Warfare, 10. 


207 Dudley Clarke, 6 September 1972, *Some Personal Reflections on the Practice of Deception in the 
Mediterranean Theatre from 1941 to 1945," memorandum included in David Mure, Master of Deception: 
Tangled Webs in London and the Middle East (London: William Kimber & Co. Limited, 1980), 273. 


208 Robert Jervis, Perception and Misperception in International Politics (Princeton, NJ: Princeton 
University Press, 1976), 239. 
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Within the context of deception, personal create exploitable 
vulnerabilities. For example, the paranoia of Stalin about internal security threats created 
a vulnerability which German intelligence exploited by creating a set of notional dossiers 
detailing Soviet officers’ interactions with German intelligence officers. In a brilliant 
move, the dossiers were not created from scratch; rather Abwher used dossiers from an 
actual episode of German-Soviet military cooperation in 1927 as the basis for the 
notional dossiers. By modifying existing documents, Abwher managed to expediently 
create dossiers with an air of believability—the best deceptions are built on truth. While 
it cannot be proven the deception led to the subsequent purge by Stalin of not only the 
officers in the dossiers, but over 20,000 personnel, including a majority of senior leaders, 
the timing would seem to indicate a connection. The decimation of the Soviet armed 
forces during the 1937—1939 purge significantly reduced the effectiveness of the Soviet 


armed forces prior to Operation BARBAROSSA.?0? 


c. Cognitive Biases and Heuristics 


Cognitive biases and heuristics are what the OODA loop considers to be 
genetic heritage; that is cognitive biases and heuristics have developed through natural 
selection. There are many cognitive biases and heuristics; the ones most pertinent to 


deception are: small numbers, anchoring, confirmation, Rubicon, and availability. 


Small numbers bias, also known as representativeness, is the tendency to 
overestimate the reliability of a small sample to be representative of the total set. 
Furthermore, this bias creates overconfidence in observed patterns and early trends. 
Taken together, this means that the perceptions of individuals are created by a smaller set 
of information than is thought.?!? Deception benefits from the small number bias by 
lessening the number of indicators needed to generate the required perception. However, 


the small numbers bias also increases the difficulty of shifting initial perceptions. 


209 Edward Epstein, Deception: The Invisible War between the KGB and the CIA (New York, NY: 
Random House Value Publishing, 1991), 140 — 143. 


210 Amos Tversky and Daniel Kahneman, "Belief in the Law of Small Numbers," Psychology Bulletin 
76, no. 2 (1971), 105 — 110. 
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Anchoring heuristic also impacts how an individual adjusts an existing 
perception based on new information. There is a tendency for the starting perception to 
act as friction on any adjustments so that the adjusted perception may be closer to the 
starting position than appropriate.2!! Anchoring's importance to deception is twofold. 
First, anchoring reinforces the maxim that deceptions should use the target's existing 
perceptions. Second, anchoring indicates a need to ensure when deception is in support of 
a specific plan that the deceptive indicators are transmitted before indicators of the actual 


plan begin transmission. 


Confirmation bias exhibits itself in the tendency of individuals to interpret 
new information in ways supportive to the individual's established perceptions.?!? 
Confirmation bias is one reason why deceptions that exploit existing target perceptions 
are preferable to deceptions that seek to change target perceptions. Additionally, 
confirmation bias is another reason to seek to implement deception prior to the target 
forming its initial perceptions. If the initial perceptions are formed relying on deceptive 


indicators, then confirmation bias will generally work to support the deception. 


Rubicon bias is the tendency of individuals to place greater confidence in 
a decision once the decision is made. Prior to making a decision, an individual tends to 
evaluate the benefits, costs, and risks of the various options in reasonably deliberative 
manner—subject to the lenses of personal experience and other biases and heuristics. 
However, once a decision is made, the individual tends to view that decision as being the 
best possible decision.2!3 Along with confirmation bias, the Rubicon bias suggests that 
deceptions should seek to leverage existing perceptions; rather than seeking to create new 


perceptions. 


The availability heuristic expresses itself in the tendency of a person to 


evaluate the likelihood of an event based on *...the ease with which they can imagine 


211 Heuer, Psychology of Intelligence Analysis, 150 — 151 
212 Thomas Gilovich, How We Know What Isn't So (New York: The Free Press, 1991), 33. 


213 Dominic Johnson and Dominic Tierney, “Crossing the Rubicon: The Perils of Committing to a 
Decision" (Cambridge, MA: Belfer Center for Science and International Affairs, Harvard Kennedy School, 
2011). 
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relevant instances of the event and the number or frequency of such events that they can 
easily remember."?!4 In addition to recall, the availability heuristic also depends on the 
ability of a person to imagine an event. The availability heuristic impacts deception on 
several levels. First, since successful deceptions are often related to significant events, the 
availability heuristic can cause the perception of deception where none exists. Next, since 
the availability heuristic relies on recall and imagination, deception can be used to reduce 
or increase the perceived probability of an event. Finally, since the availability heuristic 
utilizes the probable, deception can be used to protect the unexpected by providing 
plausible explanations; for example, protecting human agents by attributing collected 


information to signals intelligence assets. 


d. Results of Orientation 


The results of the orient phase are revised perceptions of the situation and 
environment that are fed into the decide phase. Gaps in information identified during the 
analysis and synthesis can result in new requirements for the observe phase. Additionally, 
the revised perceptions impact how the expectancy bias affects the collection of new 
information. Successful deception corrupts the outputs of the orientation phase causing 


the target to perceive the situation as the deceiver intends. 


3. Decide 


Once the indicators are synthesized and analyzed, and the target's revised 
perception of the situation is created, the process transitions to the decide phase. During 
the decide phase, the target uses his perception to develop his courses of action. This 
phase marks the transition of the target from a deliberative mind-set to an implementation 
mind-set.215 In addition to the decide phase feeding forward into the act phase, feedback 
from the decision phase feeds back into the observe phase as new information 


requirements. 


214 Bennett and Waltz, Counterdeception Principles, 102. 


215 Johnson and Tierney, *Crossing the Rubicon," 1. 
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4. Act 


Finally, the chosen courses of action are implemented. These activities create 
indicators via interaction with the environment. It is at this point a successful deception 
plan reaches fruition though the target's implementation of the decided actions or 
inactions based on the manipulated perception. If the deception story is accepted and 
acted upon, there should be evidence in the indicators created by the target's activities. 
While indicators of successful deception are important, equally as important are 
indicators of deception failure; the deception practitioner should seek to collect indicators 


looking for feedback that the deception did not work. 


G. DECEPTION PROCESS 
1. Bell and Whaley 


Bell and Whaley present the deception process as a deception planning loop that 
begins with the development of a desired deception goal in support of the strategic goal. 
The first half of the loop is the decision sector where the potential stratagem, illusion, 
channel, ruse, and characteristics are considered. The second half of the loop, the 
perception sector, executes the characteristics to drive the ruse through the selected 
channel in order to generate the intended illusion to activate the chosen stratagem to 


achieve the deception goal?! 


(Figure 8). Bell and Whaley's process is demonstrated 
using their example from Cheating and Deception in figure 9. Bell and Whaley's 
deception planning process is thorough, but falls short of its potential. One key 
shortcoming is that the process ends with what the target thinks, rather than what the 
target does. This runs the risk of the target thinking what the deceiver desires, but not 


acting in the desired way. 


216 Bell and Whaley, Cheating and Deception, 71. 
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Figure 8. 
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Bell and Whaley’s Deception Planning Loop (From: 217) 
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Figure 9. Example of Bell and Whaley's Deception Planning Process in Action 


(From: 218) 


217 Bell and Whaley, Cheating and Deception, 71. 
218 Bell and Whaley, Cheating and Deception, 70 — 72. 
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2. See-Think-Do 


An alternate deception process is articulated in Joint Publication 3-31.4: Military 
Deception. JP 3-13.4 utilizes a three step deception process: See-Think-Do. In the See- 
Think-Do model, the deception practitioner first decides what action or inaction the target 
must do in order to support the overall plan. This behavior becomes the deception 


objective. Next, the practitioner considers what the target must think in order to cause the 


deception goal. Finally, the practitioner formulates what the target must see in order to 
create the necessary perceptions to drive the target's thoughts. The set of indicators the 
target needs to see becomes the deception story.2!9 While this process offers a direct, to 
the point, tool for deception planning, the model oversimplifies the complexities of target 


decision-making. 


3. Revised Deception Process 


Merging Bell and Whaley's deception planning loop together with the See-Think- 
Do process in the context of the communication and decision-making frameworks 
provides a potentially fuller understanding of the deception process (Figure 10) The 
process starts with the identification of a strategic, operational, or tactical objective, e.g., 
establish a beachhead on the mainland of Europe. From this objective a deception 
objective is derived, e.g., German forces reinforce Pas de Calais, leaving Normandy 
thinly defended. Potential deception objectives must be feasible, that is, the target must 
be capable of performing the action or inaction, and the action or inaction must be 
reasonable. Once the deception goal is determined, the next step is to evaluate what the 
target must think in order to drive the desired action, e.g., Pas de Calais is the Allied 
objective. This phase corresponds to the orient and decide stages of the OODA process. 
Critical to the determination of what the target needs to think is the knowledge of what 
the target already thinks; as well as, what cultural, organizational, and personal schemata 
influence the target's decision-making. In the case of the example, knowing the Germans 


already viewed Pas de Calais as the likely landing zone greatly aided the deception 


219 Joint Staff, JP 3-13.4: Military Deception, (Washington, DC: Department of Defense, 2006), pIV- 
1 to IV-2. 
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process. Likewise, had this phase revealed the Germans viewed Normandy as the most 
probable target the entire deception, and in deed the entire plan, would have to be 


reevaluated. 


After the desired perception is decided, then the set of indicators necessary to 
create the perception must be designed, e.g., feints in the form of bombing and 
reconnaissance flights over Pas de Calais; disinformation through DOUBLE CROSS 
system; and simulated Allied forces staging across the English Channel from Pas de 
Calais. This set of indicators is what will paint the deception picture for the target to see. 
Again it is vital to understand what the target already perceives, as the existing perception 
not only drives how new indicators are interpreted through filters like the expectancy and 
confirmation biases, but also what the target sees the indicators as. Additionally, the 
channels available for the target to receive indicators must be identified, and of those 
channels which will be denied the target. Finally, based on the analysis of the available 
channels, and the indicators needed for the deception story, a prioritized set of indicators 
of the actual plan lays out what must be hidden from the target. In the example, many of 
the indicators of the Normandy Invasion did not contradict the Pas de Calais deception, 
and thus did not need to be covered; such as, the airborne training operations, and the 
general build up of materials and personnel. This allowed cover efforts to focus on 
protecting critical indicators like the Mulberry harbors. Once the deception plan is 
implemented, collection of enemy indicators is essential. These indicators help the 


deceiver to determine if the deception succeeded or more importantly if it failed. 
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DECEPTION PROCESS 
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Figure 10. Revised Deception Process 
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V. PRACTICE OF MILITARY DECEPTION 


I feel that deception and cover plans or operations are fully justified and 
that the employment of cover and deception should . . . be an accepted and 
organized procedure for any campaign. 


— General George S. Patton?20 


FM 90-2: Battlefield Deception provides a five-step deception planning process. 
Step one— situation analysis—focuses on friendly and enemy situations, target analysis, 
and a stated desired situation. Step two—deception objective formulation—consists of 
determining the five w's of the deception objective: what action/inaction is necessary to 
achieve the desired situation; who must perform the action/inaction; when and where 
must they act; and who must be affected. Step three—desired perception—develops an 
idea of what the enemy must think to make him act in the desired manner, and what 
perceptions must be created in order to persuade the enemy to think in the desired way. 
Step four—deception story—generates the information that when conveyed to the target 
paints the perception picture for the target. Step five— deception plan—focuses on 
producing the overall plan for how to convey the necessary information to the enemy, as 
well as the recommending the intelligence requirements to look for indicators that the 


plan is working or not.^! 


FM 3-13: Information Operations provides a five-step deception planning process 
designed to nest within the Army’s military decision making process [MDMP]. The steps 
to the process as outlined in FM 3-13 are: receipt of the mission; mission analysis; course 
of action development; course of action analysis, comparison, and approval; and orders 
production. Though the names are different than the steps in FM 90-2, the processes 
within the steps are very similar. In addition to the planning process, FM 3-13 provides 
guidance on the preparation, execution, and assessment of the deception plan. 
Interestingly, the initial iteration of the information operations field manual, FM 100-6, 


published in 1996, did not contain a discrete deception planning process. 


220 Quoted in Center for Army Lessons Learned, CALL Bulletin 3-88, 7. 
221 Headquarters, Department of the Army, Field Manual 90-2: Battlefield Deception, 4-4 to 4-15. 
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JP 3-13.4: Military Deception, provides a six-step deception planning process 
based on the Joint Operation Planning and Execution System [JOPEs]. The six steps are: 
deception mission analysis; deception planning guidance; staff deception estimate; 
commander's deception estimate; deception plan development; and deception plan 
1,222 


review and approva 


FM 3-13, with the addition of the SEE—THINK—DO methodology. 


The content of these steps is similar to the steps in FM 90-2 and 


In addition to the preceding examples of doctrinal deception planning, there is a 
vast body of official and unofficial research addressing the planning and practice of 
deception. Exemplars of the official research include the CIA Deception Research 
Program’s Deception Failures, Non-Failures and Why and Deception Maxims: Facts and 
Folklore; the U.S. Army Research Institute for the Behavioral and Social Sciences’ 
Doing Deception: Attacking the Enemy’s Decision Processes; and Hans von 
Greiffenberg’s Deception and Cover Plans Project #29, which analyzes German 
deceptions during World War II. Representative of the unofficial research is Benjamin 
Higginbotham’s “On Deceiving Terrorists,” which looks at using deception against non- 


state actors. 


Finally, there are a number of historic accounts of deception planning and 
execution to draw from, with much of the work covering the World War II era. For 
example, Roger Hesketh’s Fortitude represents the official history of the London Control 
Section’s pinnacle operation. Similarly, the Official History of the 23rd Headquarters 
Special Troops details the unit’s creation and conduct of tactical deception in the 
European Theater of Operations. David Mure’s Master of Deception covers Dudley 
Clarke’s A-Force in North Africa, and includes a memo from Clarke outlining his 
thoughts and observations on deception. Anthony Cave Brown’s Bodyguard of Lies is a 
massive tome covering nearly the totality of Allied deception, espionage, and clandestine 
operations in the European Theater of Operations. The critical value of these works is 


their discussion of deception in real world application—outside the realm of theory. 


222 Joint Staff, JP 3-13.4, IV-3. 
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A. DECEPTION PLANNING PROCESS 


The 2012 edition of JP 3-13.4 utilizes a six-step process for planning deception: 
deception mission analysis, deception planning guidance, staff deception estimate, 
commander's deception estimate, deception plan development, and deception plan review 
and approval.??? This planning process will serve as the framework for the discussion of 


deception planning, with modifications derived from other works.224 


1. Mission Analysis 


The current U.S. military guidance on planning military deception has the military 
deception process overlaid on either MDMP or JOPES planning processes. This is not 
sufficient. Aspects of military deception planning must occur before the beginning of 
formal planning, and ideally the introspective analysis of friendly forces should be a 
continuous process even prior to receipt of a mission. For example, development of 
profiles of potential target leaders must be integrated with ongoing intelligence 
preparations, so that when the planning process begins this vital groundwork is already in 
place. Additionally, a firm understanding of friendly force indicators is necessary in order 
to plan on how to cover critical indicators; as well as, determining what indicators are 
necessary to create the perception of particular activities, e.g., the indicators created by 
pre-deployment preparations. These friendly force indicators should be collected and 


analyzed during routine garrison operations, field training, and actual missions. 


a. Information Requirements 


Information requirements for deception operations are complex, but not 
overwhelming. “In developing such [deception] plans the commander must visualize and 


understand the enemy viewpoint. ...”225 As TC 30-1 states: 


223 Joint Staff, JP 3-13.4, IV-4 to IV-14. 


224 This discussion is not meant to prescribe the way to plan and execute deception operations; rather, 
this section is meant as a discussion of the broad concepts associated with planning and execution. 


225 Headquarters, Department of the Army, FM 100-5: 1962, 50. 
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Success of cover and deception is dependent on the ability of the deceiver 

to predict the probable enemy reaction. The staff charged with the 

deception planning must be able to think as the enemy does and not react 

as a friendly commander transplanted into the enemy situation. This is 

possible only as a result of a thorough understanding of the enemy, his 

culture, and military system. The enemy intelligence system must be 

evaluated because this system is the vehicle that carries the deception 

story to the enemy commander. Determination must be made regarding 

the enemy's characteristics, his habits that make him vulnerable to 

deception, and those aspects that present the least likely deception target. 

..if possible, we should know the characteristics of the enemy 

commander, to include the degree of freedom allowed subordinates, his 

reaction time to new situations, and how this fear of the unknown 

influences his actions. A single known characteristic of a commander is 

more important than the entire statistical record of his military career.226 
Note, while TC 30-1 talks in terms of the *enemy commander," it is important to realize 
when targeting non-hierarchal organizations such as networked non-state actors, the 
target may not be a “commander;” rather, the target may be someone like a low level 
leader, key financier, or technician. Additionally, the target may not be an “enemy” at all. 
As stated previously, enemies, adversaries, neutral parties, and even friendly parties are 
viable targets of deception, though the risk versus benefit calculations when looking to 


deceive neutral and friendly parties must be examined closely. 


The practitioner must also have knowledge of the channels available for both real 
and deceptive indicators to reach the target; as well as, what channels are available for the 
collection of feedback in order to assess the deception operation's effectiveness. The 
deception practitioner should take every effort reasonable within the constraints of time 
and resources to develop a full understanding to the target. Fortunately, there are several 


products generated by others which are useful in the practitioner's analysis (Table 5). 


226 Headquarters, Department of the Army, Training Circular No. 30-1, 15 
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Element Product 

Intelligence Intelligence Estimate 

Intelligence Summaries 

Intelligence Preparation of the Battlefield 
Network Link Analysis 

Counterintelligence Threat Analysis [CITA] 
High Value Individual Target Packets 


Civil Military ASCOPE Analysis 
CMO Estimate 
Military Information Support Target Audience Analysis Worksheets [TAAW] 
MISO Estimate 
OPSEC Critical Information 
OPSEC Indicators 
Chaplain Religious Assessment 
Interagency Country Studies 
Key Leader Profiles 
Commercial Databases Open Source Information 


Table5. Sample Deception Planning Resources 


Not only must the practitioner understand multiple targets’ personal 
characteristics, organization, and culture, the practitioner must also know his own 
organization in order to have a firm grasp of the indicators the organization generates, 
specifically the indicators comprising critical information. Critical information is the set 
of indicators that if pieced together could reveal the friendly force plans, capabilities, and 
intentions. The list of critical information should normally be produced by the OPsEC 
officer. A thorough knowledge of friendly forces is required as well for effective 
portrayals and simulations. One of the critical tasks for the 23rd Headquarters Special 
Troops was the reconnaissance of friendly formations. The signals units collected “...an 
unequalled library of combat [Standard Operating Procedures], [Signal Operating 
Instructions], and radio peculiarities." Likewise, the 603rd Combat Engineers studied unit 
“atmospherics” and collected samples of unit patches, command post signs, and bumper 


markings to facilitate the impersonation of any unit in the 12th Army Group.??7 


The degree to which a practitioner needs to understand his own unit means this 


requirement cannot wait for a specific mission. Ideally, the practitioner's estimate of the 


227 Official History of the 23rd Headquarters Special Troops (Photocopy from National Archives), 9. 
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friendly forces should be a continuous process, carried out in garrison, training, and 
actual operations. For this, military deception planning must also be continually nested 
with operations security planning. Understanding the myriad indicators an element on the 
move generates, prior to the start of formal mission planning, allows the military 
deception planner to implement early in the process the necessary cover plans to mask 
real indicators and the necessary deception plans to show the required false indicators. 
Waiting until the beginning of the formal planning process to start will result in delays 
that could allow the indicators of the real plan to be received by the target before the 


military deception plan is even implemented. 


All the information is compiled into a deception estimate. Drawing from various 


sources, suggested elements of the deception estimate include: 


e Potential target decision makers, to include biographical data and 
psychological profiles 

° Existing preconceptions about friendly plans, capabilities, and intentions 

° Target organization for systems of decision-making, information flow, and 
command and control; as well as, organization structure 

. Target intelligence capabilities in order to identify channels 

° Target potential plans, capabilities, and intentions 

. Friendly force plans, capabilities, and intentions to identifying indicators 

° Friendly force critical information 

e Friendly force characteristics; such as, unit designations, leaders, 
insignia?28 

2. Planning Guidance 


Deception planning guidance from the commander should focus on the deception 
goal: what the commander wants the target to do, or not to do. Identification of the 
deception goal must be accomplished as early as possible in the planning process so that 
the deception plan has sufficient preparation and execution time to allow the target 
opportunity to take the desired action prior to the execution of the actual plan.229 


228 Headquarters, Department of the Army, Training Circular No. 30-1; Joint Staff, JP 3-13.4; Official 
History of the 23rd Headquarters Special Troops. 


229 Headquarters, Department of the Army, Training Circular No. 30-1, 13. 
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Part of the planning guidance is an analysis of the risks and benefits for the 
various aspects of deception. Deception should be considered for all operations, and 


€ 


cover aspects always implemented, as FM 100-5 (1954) states: “...deception is a 
continuing action carried out by all echelons of command in activities such as cover and 
concealment, individual combat, use of dummy positions and installations, and 


decoys.”230 


There are situations where active deception may not be appropriate, or where 
deception should focus on supporting operations security and force protection instead of 
offensive operations. Reference Book 31-40 recommends the following questions be 


considered in order to determine whether active deception should be implemented: 


° Is the... situation such that the [target] is susceptible to deception? 

. Is there a logical opportunity for deception? 

° Are there resources, to include time, available to support the deception? 
° Is the [target] likely to react in the desired manner in this situation?23! 


The final decision on when and how to implement deception rests with the commander. 
3. Planning Methodology 
a. DO 


With the deception objective identified, the next step is the development 
of the deception story. The story should be developed using the SEE—THINK—DO 
methodology.222? Backwards planning with this methodology starts with the DO step. 
This step takes the deception objective and couples it with a specific target. The result is 
phrased in terms of what the specified target does or does not do—this correlates to the 
act phase of the OODA decision-making process discussed in Chapter IV. For example, a 
deception objective might be: “Republican Guard commander keeps his forces in vicinity 
of Kuwait City." The deception objective must be evaluated in terms of capability, 


reasonability, and feasibility. If these criteria are not met then the deception objective or 


230 Headquarters, Department of the Army, FM 100-5: 1954, 38. 
231 U.S. Army Command and General Staff College, Reference Book 31-40, 1-2. 
232 Joint Staff, JP 3-13.4, IV-1to IV-2. 
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target needs to be reassessed. For example, the target of the deception may not have to 
authority to order the desired action; in this case, the target should be shifted to the 


individual with the appropriate authority. 


b. THINK 


The next step of planning the deception story is THINK. During this step, 
the deception practitioner must determine what perception the target needs to develop in 
order to cause the desired action. THINK encompasses the orient and decide phases of 
the Oopa decision-making process. A firm understanding of the target’s existing 
perceptions, organizational decision-making processes, and schemata is vital to the 
success of this phase of planning, as each of these influence the target's decision-making 
process (Figure 7, Chapter IV). Continuing the previous example, if the Republican 
Guard commander is a coward then he may need to think U.S. forces do not intend to 
attack Kuwait City; whereas, if he is not a coward, then he may need to think U.S. forces 


intend to attack Kuwait City. 


c. SEE 


The final step in the SEE—THINK—DO methodology is SEE. During 
this step, the practitioner determines what indicators the target needs to receive in order 
to develop the desired perception. SEE is the observe phase of the OODA decision-making 
process. The deception practitioner must know what channels are available for the target 
to collect indicators. The available channels serve as a limit on the range of deception 
techniques used to create the desired indicators—it is a waste of resources to craft an 
indicator the target cannot see. Finishing the previous example, after assessing that the 
Republican Guard commander is not a coward, it is determined that the channels 
available are best suited for demonstrations of amphibious training, simulations and 
portrayals of force build up along the border of Kuwait, and disinformation activities. 
Paralleling the development of what the target needs to see is the determination of what 
the target cannot be allowed to see. The indicators which might reveal the actual 
operation become the focus for covering deceptions to either obscure these indicators via 
camouflaging actions or by denying the channels capable of conveying the real 
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indicators. The set of desired indicators are then woven together to create the deception 
story. The deception story is the: “scenario that outlines the friendly actions that will be 


portrayed to cause the deception target to adopt the desired perception.”233 


4. Deception Means 


From the list of desired indicators developed during the SEE phase, a series of 
deception events is developed. Deception events are “deception means executed at a 
specific time and location in support of a deception operation.”234 The desired indicators 
are generated by the execution of the deception events. Deception means are the 
“methods, resources, and techniques that can be used to convey information to the 
deception target."235 The number of deception means is effectively limitless and is only 
constrained by the imagination and resources of the practitioner. Deception means are 
subdivided into three broad categories: physical, cyber electromagnetic, and 


administration. 


a. Physical 


Physical means are those which activate the senses, principally the senses 
of hearing, vision, and smell. A static display of decoy tanks is an example of a physical 
deception means, as are smoke screens. Physical deception means include morphological 
deceptions that alter the physical characteristics of an object; such as, camouflage paint 


schemes or the frames used to disguise tanks as trucks during World War II.236 


Physical means also utilize actions and behavior to convey or hide 
information from the target.227 Demonstrations and feints are common forms of actions 
as physical means. Behavior can be used to create the perception of a pattern in order to 


condition the target to expect this pattern to continue; for example establishing a routine 


233 Joint Staff, JP 3-13.4, GL-3. 

234 Headquarters, Department of the Army, Field Manual 1-02, 1-52. 
235 Headquarters, Department of the Army, Field Manual 1-02, 1-52. 
236 Gerwehr and Glenn, Unweaving the Web, 39 — 40. 

237 Gerwehr and Glenn, Unweaving the Web, 39-40 
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supply convoy for the purposes of setting an ambush. Alternatively, behavior can be used 
to prevent the target from perceiving a pattern, such as using night movements to conceal 


a build up of forces before an assault. 


Physical means also include sonic deceptions, as in artillery simulators 
and loudspeaker systems. It is important to note that not all sonic deceptions need to 
employ mimicry. One method of sonic deception employed by the 4th Infantry Division 
in Vietnam was the use of artillery fires to mask the sounds associated with infantry units 
occupying night positions.238 Prior to the use of the fires, infantry units risked 
compromising their location due to the sounds associated with preparing and fortifying 
the positions. In an urban environment, or other environments not permissive to artillery 
fires, the sounds of operations on the ground could be masked using helicopter flights or 


loudspeaker operations in the areas surrounding the activity. 


b. Cyber Electromagnetic 


Cyber electromagnetic means utilize cyberspace and the electromagnetic 
spectrum [other than visual] in order to communicate deceptive indicators.2°9 Deception 
activities within cyberspace include the transmission of notional documents as 
disinformation, portrayals in the form of honeypot systems to bait targets into the 
Cyberspace equivalent of ambushes, and the use of camouflaging programs such as an 
onion router or proxy server to provide cover for cyberspace activities. Furthermore, 
overt hacking can be used as a feint in order to distract a systems administrator from 


other cyber warfare activities. 


Deceptions within the electromagnetic spectrum are categorized into three 
types: manipulative, simulative, and imitative. Manipulative electromagnetic deceptions 
eliminate existing or convey misleading indicators, as in transmitting misleading 


information on a network known to be compromised. Simulative electromagnetic 


238 Office of the Adjutant General, Lessons Learned, Headquarters, Ath Infantry Division Artillery 
(Washington, DC: Department of the Army, 1969). http://handle.dtic.mil/100.2/AD0505964, 
http://handle.dtic.mil/100.2/AD0505964. 


239 Cyber electromagnetic means replaces the traditional category of technical means in order to 
include capabilities that did not exist when the technical means category was created. 
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deceptions replicate existing or create notional capabilities, such as using radio operators 
to create the emissions of a notional unit. Imitative electromagnetic deceptions introduce 
emissions into the target's own systems; for example, transmitting false GPS coordinates 


to the target's navigation system.240 


Targets who make use of electronically disseminated policies and orders 
offer a rich resource for exploitation. These documents reveal a perfect template of what 
right looks like, and if they include copies of official signatures provide a valuable source 
of added credibility. Electronically disseminated notional documents can be used to 
increase friction within the target organization by forcing verification of every 
electronically disseminated documents, or by forcing the target organization to drop this 


method of information distribution altogether. 


C. Administrative 


Administrative means include organizational methods to convey 
misleading or hide real indicators. Examples of administrative means include operations 
security and information security to deny indicators; as well as, Human Intelligence 
officers’ use of agents as channels in support of a ruse. Administrative means also 
include the creation of misleading documents; such as, doctored photographs, notional 


orders, or fake identification. 


One method for developing notional documents is to use existing 
documents as the base. This expedites the work, and helps to ensure that the notional 
document looks like a real document. The exemplar for use of existing documents is the 
German use of decade-old dossiers on Soviet officers as the basis for deceptive dossiers 


implicating these officers in anti-Stalin activities.241 


240 Eor the types of electromagnetic deceptions see: Headquarters, Department of the Army, Field 
Manual 3-13: Information Operations: Doctrine, Tactics, Techniques, and Procedures, 4-7; For spoofing 
GPS transponders see: Erica Noane, "Hijacking Satellite Navigation," Massachusetts Institute of 
Technology, http://www.technologyreview.com/computing/21452/ (accessed February 25, 2012). 


241 Epstein, Deception: The Invisible War, 140 — 143. 
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5. Execution and Assessment 


a. 


Execution 
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The deception events needed to generate the desired indicators are 


incorporated into a time-phased execution matrix in order to create and maintain the 


desired perception (Table 6). The deception execution matrix should be constructed and 


centrally controlled by the command exercising control of the overall plan. Additionally, 


the deception execution matrix must be nested within the overall mission's execution 


matrix; however, the deception execution matrix must be kept separate to ensure security. 


Task # Date-Time Objective Action Unit Termination Remarks 
1 Not later than | Demonstrate Conduct amphibious | 2nd Marine Not earlier than Coordinate for 
0001 5 Jan preparations for assault training event | Expeditionary 28 February 1991 | press coverage 
1991 amphibious Force of training 
operations 
2 Notlaterthan | Iraqi forces focus Conduct training 1st Cavalry Not earlier than Coordinate for 
0001 5 Jan defensive operations against Division 28 February 1991 | press coverage 
1991 preparations replicas of Iraqi 2nd Armored of training 
against attack from | fortifications Division 
Southeast 2nd Marine 
Expeditionary 
Force 
3 Not earlier Cover movement of | Camouflage XVIII Corps On order 
than 0001 17 XVIII Corps in movement of XVIII 
Jan 1991 preparation for Corps elements 
‘Hail Mary’ through radio silence 
3 Not earlier Cover movement of | Conduct radio traffic | XX Signal On order 
than 0001 17 XVIII Corps in mimicking XVIII Battalion 
Jan 1991 preparation for Corps elements in 
‘Hail Mary’ assembly area 
4 Not earlier Iraqi forces remain | Conduct feints and 1st Cavalry On order 
than 0001 13 in defensive probing attacks Division 
Feb 1991 positions against Iraqi lines in | VII Corps 
tri-border area Artillery 
5 Not earlier Draw Iraqi Conduct simulation Seal Team Not later than 
than H-3 attention to Kuwaiti | of amphibious Mimke H+1 
coast operations 
Table 6. ^ Notional Execution Matrix Based on Events of Operation DESERT STORM?4? 


Emphasis on attention to detail during execution is critical to crafting a 


believable story. In an after action review of Operation ELEPHANT during World War II, a 


member of the 23rd Headquarters Special Troops lambasted the “bad theatre” of the 


operation. The mission was to portray the 2nd Armor Division so that the actual division 


242 Daniel Breitenbach, “Operation Desert Deception: Operational Deception in the Ground 
Campaign,” (Paper, Naval War College, 1991), accessed 24 May 2012, 
http://handle.dtic.mil/100.2/ADA253245. The date-time information in the table is notional for the 


purposes of presenting a complete matrix. 
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could move to the front lines unmolested. Personnel were instructed to inflate the decoy 
tanks and then go to sleep with no thought of portraying the activities normally seen in a 
tank unit. Also, the personnel of the 23rd did not wear the patches of the 2nd Armor 
Division units, nor were the decoys painted with the appropriate bumper numbers. These 
shortcomings, taken with the blatant disregard of the 2nd Armor Division for operations 
security during its move, resulted in a very weak ruse.?9? It is paramount that attention to 
details be observed during deception operations, as a weak deception execution can result 


in the target recognizing the deception and exploiting it in turn. 


b. Assessment 


One problem with accessing deception effectiveness is that some 
assessments would have to rely on counterfactual information. A comment from Secret 
Soldiers sums up this dilemma: *How many American and British fighting men didn't 
die because, instead of striking the Allied line at a vulnerable point, the Germans 
discovered a regiment of dummy tanks concealed—but not too well—in the Normandy 
woods and pulled back instead? How many Old Hickories survived the push across the 
Rhine because the Germans were preparing to meet the attack thirty miles away, where 
the Special Troops were sending up their racket on heaters [loud speakers] and radios and 


massing their decoys with the help of stagecraft and impersonation?"244 


This is not to say measures of effectiveness are not necessary; rather, 
measures of effectiveness should be tied to observable indicators that will reveal whether 
the target is acting on the deception. For example, in the case of a feint, a measure of 
effectiveness might be the target moving his reserves to support his lines at the point of 
the feint. In the case of deception for subversion, a measure of effectiveness might be 
reports of red-on-red violence, defections, or an increase in absenteeism with in the 
targeted organization. Measures of effectiveness are turned into intelligence requirements 


for collection. 


243 Gerard, Secret Soldiers, 153 — 156. 
244 Gerard, Secret Soldiers, 334. 
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Collecting for deception requires a witting actor on the unit's intelligence 
staff. This actor serves several functions. First, the individual helps to ensure any 
information requirements for the deception plan are included in the unit's overall 
collection plan. Second, as information comes into the intelligence section for processing, 
the witting actor looks for indicators that show the target is accepting or rejecting the 
deception. Care must be exercised when looking for indicators that the deception is 
working as this can activate the confirmation bias, causing indicators to the negative to be 
overlooked and ambiguous indicators to be interpreted as positive. Finally, the actor must 
work to ensure the deception indicators do not corrupt the friendly force's understanding 


of the situation. 


6. Termination 


At some point a deception operation will lose its utility; therefore, deception 
operations need to have a plan for the termination of the deception. JP 3-13.4 provides a 
list of possible termination triggers (Table 7). The termination plan should detail the steps 
taken to dismantle the deception, e.g., the release of units from a feint or demonstration 
and cessation of portrayal radio traffic. It is important to note that the termination plan 
should not be set in stone; as the mission progresses, there may be unforeseen 
opportunities to leverage the deceptions past the original objective. For example, 
Operation FORTITUDE SOUTH remained effective past D-Day with the First U.S. Army 
Group being “transferred” to France in order to maintain pressure on German forces; the 


last parts of FORTITUDE SOUTH were not terminated until early September 1944.245 


245 Roger Hesketh, Fortitude: The D-Day Deception Campaign, (Woodstock and New York, NY: The 
Overlook Press, 2000), 289 — 302. 
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Trigger 


Description 


Successful deception operation 


The deception objective has been achieved 
its objectives, or run its course 


Change in mission 


The mission which the deception supports 
changes to a degree the deception no longer 
has utility 


Recalculated risk or probability of success 


Some element of the deception estimate 
changes such that the risks or costs to 
friendly forces are no longer acceptable 


Poor timing Deception is proceeding too slowly, or the 
window of opportunity has closed 
New opportunity Circumstances change where deception 


may be less risky or more effective if 
deception efforts are realigned 


Deception compromise 


There is cause to believe the target is aware 
of at least some aspects of the deception 
plan 


Table 7. 


B. PRINCIPLES OF DECEPTION 


Potential Termination Triggers?46 


In addition to the detailed planning processes, a number of authors have published 


sets of deception principles, factors, and maxims. FM 100-5 (1954) and FM 3-13 each 


present their own doctrinal set of principles. The CIA's maxims from Deception Maxims: 


Fact and Folklore are included in slightly altered form in FM 90-2 (1988) and JP 3-13.4 


(2006). Michael Dewar, Jon Latimer, and Jock Haswell each offer their own take on 


deception principles; though there is a good deal of overlap. Finally, Daniel and Herbig 


provide a set of deception success factors; while Dudley Clarke muses on deception 


reflections. From these various sets of deception guidance, it is possible to synthesize 


seven broad principles for deception practitioners?^? (Table 8). 


246 Joint Staff, JP 3-13.4, IV-13. 


247 Daniel and Herbig acknowledge the strategic initiative factor is more of an observation than a 
controllable factor for the deception practitioner; therefore, this factor is not included as a principle in the 
composite list. Daniel and Herbig, “Propositions on Military Deception,” 24 — 25. 
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FM 100-5 (1954) CIA Maxims |FM 3-13 Michael 
Fundamentals [Principles Dewar 
Principles 


[must be executed in a IMagruder's 
[realistic and natural manner|principles 
land must fit logically into 


e overall situation [Limitations to 


countermeasures to conceal 
our activities from the 
lenemy 

he method or means of 
deception should be 
constantly varied 


[The multiple 
forms of surprise 


Jones’ dilemma 


[Combat deception is a 
Icontinuing action carried 
out by all echelons of 
command in activities such 
[as cover and concealment, 
individual combat, use of 
dummy positions and 
installations, and decoys 
[must be reasonably certain 
lof causing the enemy to 
discard certain capabilities 

hich are unfavorable to 

e success of our plan 


[must support and be based |Axelrod's 
pon the main tactical plan. |contribution 


[The importance 
eopardize the real plan. of feedback 
[Enemy intelligence must bel 
given the opportunities and 

ime to develop the 
deception picture which 
las been planned 


[Deception is effective only 
for a limited period of time 


Table 8. 


[Be what the 
enemy expects 


[Focus on the 
target 


[Exploit target 
biases 


Avoid windfalls 


Enforce strict 
|OPSEC 


Employ variety 


Minimize 
falsehood/ 
leverage truth 
Centralize control |Centralized 
coordination and 


control 


Cause the target 


integration 


[Ensure timeliness 


[Timing is crucial 


Utilize space 
effectively 


[Work within 
available 
competencies and 
resources 
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Jon Latimer |Jock Haswell [Daniel and [Dudley Clarke|Synthesized 
Principles Principles Herbig [Reflections Deception 
[Factors Principles 


Credibility and 
confirmation 


[Focus 


Credibility Plausibility and 


confirmation of 


| 
know ledge of the 
[enemy is an asset 


[Predispositions 


Security Security Secrecy, 
(Organization, and 
Coordination 


centralized 
control 


[Preparation and 
timing 


Adaptability of 
deception 


centralized 
control 


Iplanner needs 


[Deception plan 


[Building a false 
order of battle is 
lessential 


Deception Fundamentals, Principles, and Maxims248 


[Know the target 
and exploit 


Variety, and 
Conditioning 


|Coordination and 
Control 


[Requirement for 
Target Action 


[Preparation and 


Consequences 


[The Offense 
Offers Better 
Opportunity for 
[Deception 


248 Headquarters, Department of the Army, Field Manual 100-5: Field Service Regulations— 
Operations, 1954, 37 — 38; Deception Research Program, Deception Maxims: Fact and Folklore 
(Washington, DC: Office of Research and Development, Central Intelligence Agency, 1980). Variations 
included in Headquarters, Department of the Army, Field Manual 90-2: Battlefield Deception, 1-3 and 
Joint Staff, JP 3-13.4: Military Deception, A1-A2; Headquarters, Department of the Army, Field Manual 
3-13: Information Operations: Doctrine, Tactics, Techniques, and Procedures, 4-4; Dewar, The Art of 
Military Deception in Warfare, 14 — 15; Jon Latimer, Deception in War (New York: The Overlook Press, 
2001), 60 — 70; Haswell, The Tangled Web: The Art of Tactical and Strategic Deception, 39 — 41; Daniel 
and Herbig, Propositions on Military Deception, 16 — 25; Dudley Clarke, 6 September 1972, *Some 
Personal Reflections on the Practice of Deception in the Mediterranean Theatre from 1941 to 1945," 


memorandum included in Mure, Master of Deception: Tangled Webs in London and the Middle East, 273 — 


275. 


Page 804 of 3957 


92 


Page 805 of 3957 


1. Know the Target and Exploit Existing Perceptions 
a. Understand the Target 


Knowing the target is essential to successful deception as every target is 
unique. British deception efforts in the Pacific during World War II had to be 
significantly modified from the model of deception operations in North Africa and 
Europe; the Japanese commanders did not trust their intelligence staff like the German 
commanders did.2*9 Every reasonable effort should be taken to develop an understanding 
of the target's personal, organizational, and cultural schemata; as well as, to identify any 


existing perceptions. 


b. Exploit Existing Perceptions 


Deception can be used to both reinforce the target's existing perceptions 
and to change the perceptions. Whenever possible, deceptions should seek to leverage 
existing perceptions as is the far easier of the two endeavors. The anchoring bias 
discussed in Chapter IV works against changing perception, as do several other cognitive 
biases. The idea of using the target's existing perceptions and beliefs is a common 
admonishment in deception writings, as shown in Table 8. The Magruder Principle from 
the set of deception maxims compiled by in the CIA's Deception Maxims: Fact and 
Folklore states: “It is generally easier to induce an opponent to maintain a preexisting 
belief than to present notional evidence to change that belief. Thus, it may be more 
fruitful to examine how an opponent's existing beliefs can be turned to advantage than to 
attempt to alter these views."?50 Reinforcing existing perceptions also leverages 
confirmation bias as discussed in Chapter IV. Operation FORTITUDE SOUTH during World 
War II is an exemplar of using deception to reinforce the target's existing perceptions. In 
this case, the German command expected the inevitable invasion of Europe would come 


at the Pas de Calais. 


This principle is not a hard and fast rule; operational necessity may require 


changing the target's existing perceptions, as was the case with General Pershing and the 


249 Clarke, *Some Personal Reflections," 273 — 274. 


250 Deception Research Program, Deception Maxims: Fact and Folklore, 5. 
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reduction of the St. Mihiel salient during World War I. German forces expected General 
Pershing to attack where he intended to attack. General Pershing used a convincing 
demonstration supported by several pieces of disinformation to convince the Germans the 
attack would come elsewhere. As a result, the German's shifted forces away from the 


point of decision, facilitating General Pershing’s success.251 


c. Avoiding Windfalls 


While the deception practitioner wants the target to receive the deception 
indicators, care must be taken that the deception indicators are not too easily presented to 
the target. Given how difficult intelligence collection can be, there is a natural tendency 
to be suspicious of information too freely gained. FM 3-13 offers two methods to reduce 
target suspicion of windfalls. *The first is the unintentional mistake, designed to make the 
target believe that he obtained the indicator due to a friendly error or oversight.”252 An 
example of an unintentional mistake ruse occurred during deception operations in support 
of the American Expeditionary Force's assault on the Saint Mihiel salient during World 
War I; General Pershing's chief of staff left a crumpled sheet of carbon paper with the 
imprint of a disinformation laden memo in the wastebasket of his hotel room, knowing 


the German agents on the hotel staff would find the carbon paper.253 


The second method of reducing suspicion of deception indicators is bad 
luck, which is designed to make the target believe the information was obtained “because 
the source fell victim to uncontrollable circumstances.”254 Though now considered 
apocryphal, Meinertzhagen's haversack ruse is still a good example of how this method 
can be employed.255 In order to deceive Turkish forces of British intent to capture 


Beershaba, Meinertzhagen developed a notional set of documents indicating the focus of 


251 See Chapter VI for a detailed account of the deception in support of the St. Mihiel operation. 
252 Headquarters, Department of the Army, FM 3-13, 4-10. 

253 The Editors of the Army Times, The Tangled Web, 71. 

254 Headquarters, Department of the Army, FM 3-13, 4-10. 


255 Meinertzhagen has been accused of fraudulently taking credit for both the idea and execution of 
the haversack ruse. See: Brian Garfield, The Meinertzhagen Mystery: The Life and Legend of a Colossal 
Fraud 
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British efforts was the capture of Gaza, not Beershaba. Next, Meinertzhagen rode toward 
Turkish lines until he made contact with a Turkish patrol. Once the Turkish patrol began 
pursuit, Meinertzhagen fled, and in his haste lost his haversack containing the notional 
documents. Meinertzhagen took pains to increase the legitimacy of the lost haversack. 
First, Meinertzhagen spattered his haversack with blood so it appeared he had been 
wounded during the encounter. Second, in the days after the encounter, numerous British 
patrols were observed scouring the site of the encounter as if searching for the missing 


haversack.256 


2. Security is Paramount 


Maintenance of security is vital to a successful deception operation. Failure to 
properly secure the deception plan can result in leaked indicators that tip the hand to the 
target. If this occurs, there is a significant risk that the target will in turn deceive the 
practitioner, turning the tables. Hesketh states in the conclusion of his work that one of 
the cases against physical deception is the necessity to let too many people in on the 
secret, increasing security risks.?57 Similarly, von Greiffenberg admonishes: “If the 
strictest secrecy is not observed all deception projects—even the smallest—are doomed 


to failure from the very start.” 258 


However, security must be balanced with the need for coordination, as too much 
security can undermine the coordination necessary for the deception to succeed. This is 
exemplified by British raid at Saint-Nazaire. The British Air Force was tasked with 
conducting a bombing mission on Saint-Nazaire as a feint to distract the German forces 
from the raiding force; however, the bomber crews were not told of the reason for their 
mission, so when low clouds obscured the target, the mission was called off with minimal 


bombing conducted. The short bombing mission put German forces on alert, rather than 


256 John Ferris, **FORTITUDE' in Context: The Evolution of British Military Deception in Two World 
Wars, 1914-1945,” in Paradoxes of Strategic Intelligence: Essays in Honor of Michael I. Handel, Richard 
K. Betts, and Thomas G. Mahnken, eds. (London: Frank Cass, 2003), 120. 


257 Hesketh, Fortitude, 353. 


258 Hans von Greiffenberg, Deception and Cover Plans Project #29, ed. Harald Kehm, trans. J. B. 
Robinson (Koenigstein, Germany?: Foreign Military Studies Branch, 1950), 81. 
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the intended effect of providing cover for the raid force. In the after action review, the 
bombing crews were adamant that had they known the true purpose of the bombing 


mission, they would have not have cut the mission short.259 


3. Utilize Flexibility, Variety, and Conditioning 
a. Flexibility 


Deceptions must be flexible and the practitioner ready to revise and adapt 
the plan based on feedback from the target. For example, Operation FORTITUDE SOUTH 
was expected to be terminated shortly after the Normandy landings as the landings would 
betray the Allies true intentions. However, in order to keep the German Fifteenth Army 
from assaulting the Normandy beachhead from its position in the Pas de Calais region, 
the Allies decided to adapt and continue OPERATION FORTITUDE SOUTH’s fiction that the 
Allies still had the capability to attack Pas de Calais. The modified deception plan 
became Operation FORTITUDE SOUTH II, and succeeded in keeping the Fifteenth Army in 


place.260 


b. Variety 


Deceptions should employ variety, both in terms of indicators and 
channels in order to increase the likelihood of the deception story reaching the target. 
Reliance on a limited indicators or channels risks the indicator not being received by the 
target. This can occur either due to noise disrupting the indictor, or if the target is not 
monitoring the channel when the indicator is transmitted. The number of indicators and 
channels needed is dependent on the practitioner's knowledge of the target. While it is 
possible for a single indicator and channel to be used if the practitioner has direct access 
to the target; such as, General Nathan Bedford Forrest's' portrayal of additional troops 
during a parley with a Union stronghold's commander. However, in general practice, 


there should be multiple indicators and channels. For example, in support of Operation 


259 McRaven, Spec Ops, 131 and 154. 
260 Hesketh, Fortitude, 241. 
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FORTITUDE SoUTH, the Allies used a number of indicators and channels to include: 
several agents of the DOUBLE CROSS system, decoys and dummies to simulate units, radio 


teams to portray units, and disinformation. 


c. Conditioning 


Conditioning, also referred to in literature as “crying wolf," is a deception 
technique that relies on desensitizing the target to friendly actions. Conditioning seeks to 
create three misconceptions in the target's mind. First, friendly activities are following a 
routine. Second, the routine is set, with deviation unlikely. Third, because the friendly 
activities are following a set routine, the risk to the target is reduced.26! The 
quintessential example of conditioning is the Egyptian preparations leading up to the 
1973 Yom Kippur War. The Egyptian Army undertook a series of training exercises on 
its side of the Suez Canal, establishing a pattern of behavior. The staging of forces for the 
war followed the pattern of the training exercises, lulling Israeli intelligence into a false 


sense of understanding. 


Stonewall Jackson provides an additional exemplar for conditioning the 
target. Early in the Civil War, the Baltimore and Ohio Railroad had been allowed to 
maintain its East- West line between Washington and the West, despite a portion of the 
line crossing through Virginia. Jackson, while serving as commander at Harper's Ferry, 
complained that the trains disrupted his men's sleep and requested all east bound trains 
run between 11pm and 1am. The railroad company complied in an effort to maintain 
good will. After a while, Jackson requested all west bound trains run at the same time as 
the east bound trains; again the railroad complied. Once the schedule was up and running, 
Jackson used his detachments at Point of Rocks and Martinsburg to trap all the rolling 
stock between them. The trains were then diverted to the south for use by the 


Confederacy.?6? 


261 Gerwehr and Glenn, The Art of Darkness: Deception and Urban Operations, 21. 


262 G, F. R. Henderson, and Garnet Wolseley, Stonewall Jackson and the American Civil War 
(London, New York [etc.]: Longmans, Green and Co., 1936), 1:121 — 122. 
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4. Coordination and Control 
a. Control 


Control of deception planning and execution should reside at the lowest 
echelon capable of executing the plan. For example, an infantry platoon conducting the 
camouflage aspects of cover should maintain control of the plan at the platoon level. 
Control of deception plans requiring external support, e.g., airborne jamming, should be 
controlled at the level capable of coordinating for the support. This allows for von 
Greiffenberg’s guidance that: “One responsible agency issues the order, assigns what 
equipment may be necessary, and supervises the course of the operation as a whole."263 
At the same time, the commander overseeing the deception operation must “make one 
individual responsible for overseeing a [deception] operation.”264 Having too many 


people “in charge” results in no one being in charge. 


b. Coordination 


Coordination for a deception plan must be made with adjacent units and 
higher headquarters so that deceptive indictors do not contaminate the other units’ 
intelligence collection efforts. Additionally, coordination helps to ensure the deception 
plan nests with and compliments higher and adjacent unit plans, and does not conflict or 
degrade these plans. An example of poor coordinate occurred during the assault on the 
German garrison at Brest during the summer of 1944; the 23rd Headquarters Special 
Troops executed a sonic simulation of tank activity to distract the Germans from the main 
effort. Through a lapse of coordination, Company D, 709th Tank Battalion assaulted 
through the area the 23rd had been conducting its simulation; as a result, the German line, 


alert and reinforced thanks to the deception, decimated the company.?65 


263 Von Greiffenberg, Deception and Cover Plans, 80. 
264 Headquarters, Department of the Army, FM 3-13, 4-16. 
265 Gerard, Secret Soldiers, 183 — 184. 
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5. Requirement for Target Action 


For deception to succeed, the target must execute the desired action or inaction; to 
merely change the target's perception is to waste time and resources. This requirement 
demands the deception practitioner never lose sight of the deception goal. As Dudley 
Clarke declares: 

It is important to appreciate from the start that the only purpose of 

Deception is to make one's opponent ACT in a manner calculated to assist 

one's own plans and to prejudice the success of his. In other words, to 

make him do something. Too often in the past we have set out to make 

him THINK something, without realizing that this was no more than a 

means to an end. Fundamentally it does not matter in the least what the 

enemy thinks; it is only what line of action he adopts as a consequence of 

his line of thought that will affect the battle. As a result we resolved the 

principle that a commander should tell his Deception staff what he wants 

the enemy to DO... while it is the duty of the latter to decide, in 


consultation with the Intelligence Staff, what he should be made to 
THINK in order to induce him to adopt the required course of action.266 


6. Preparation and Timing 


As German General Hans von Greiffenberg states in his survey of German 
deception during World War II: “Deception requires detailed preparation, in which 
details and seeming trifles cannot be overlooked. Only seldom will results be produced 


through improvisation."267 


Adequate resources must be balanced with economy of force. Economy of force 
dictates that the minimum resources necessary to secondary tasks in order to maximize 
forces available for the main effort. Too many resources diverted to secondary efforts 
may leave insufficient forces for the main effort; conversely, too few resources allocated 
in support of deception can lead to failure. For example, one of the reasons for the failure 
of Operation COCKADE was insufficient forces in support of the deception. Operation 
COCKADE was an Allied deception designed to conceal the weakness of Allied Forces in 


Britain, and to discourage Germany from transferring forces out of Western Europe to the 


266 Dudley Clarke as quoted in Michael Howard, British Intelligence in the Second World War: 
Strategic Deception, vol. 5 (New York: Cambridge University Press, 1990), 41. 


267 Von Greiffenberg, Deception and Cover Plans, 80. 
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Eastern Front.?68 The plan required significant resources for execution, but the supporting 
commands successfully resisted tasking efforts, resulting in an ultimately unconvincing 


deception.269 


With regards to timing, two adversaries arrive at the same conclusion. Von 
Greiffenberg states: “The enemy intelligence must be given opportunities to develop the 
picture which has been arranged.”279 While on the Allied side, Clarke states: “Every 
Deception Plan must be given time to work. It is no good telling a Deception Staff to try 


and influence an enemy ‘at once.’”271! 


7. Beware Unintended Consequences 


As with any operation, a deception can cause unintended consequences. These 
consequences can vary from insignificant to potentially catastrophic. “Under certain 
circumstances deceptions can produce effects exactly opposite to the planned objective. It 
is therefore advisable to reflect how such a reversal can be detected in time."?7? The 
famous example of a reversal was Dudley Clarke's deception of the Italian force in 
Abyssinia; rather than reinforcing the southern flank as intended, the Italian force 


withdrew to the north, directly into the intended path of the actual attack.273 


Operation Desert Storm experienced unintended consequences of the deception 
operations as a result of the deception being perhaps too successful. The threat of an 
amphibious assault caused the Iraqi forces to pull their defenses forty kilometers north of 
the southern Kuwaiti border in an attempt to prevent any amphibious assault from 
flanking the lines. The lack of resistance in southeastern Kuwait allowed coalition forces 
operating in this area to rapidly outpace other elements in the attack. This caused the 


synchronization of coalition efforts to be disrupted; some initiative was sacrificed as units 


268 Deception Research Program, Deception Failures, Non-Failures, and Why (Washington, DC: 
Office of Research and Development, Central Intelligence Agency, 1982), 25. 


269 Charles Cruickshank, Deception in World War II (London: Book Club Associates, 1979), 61 — 84. 
270 Von Greiffenberg, Deception and Cover Plans, 81. 

271 Dudley Clarke as quoted in Howard, British Intelligence, 41. 

272 Von Greiffenberg, Deception and Cover, 82. 

273 Clarke, “Some Personal Reflections,” 273. 
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were held back in an effort to regain synchronization. Additionally, the amphibious 
demonstrations sparked the withdrawal of Iraqi forces more quickly than expected, 


complicating the destruction of several key Iraqi elements.274 


C. DECEPTION IN SUPPORT OF IRREGULAR OPERATIONS 


History is replete with examples of deception in support of conventional 
operations; deception can support irregular operations as well. Irregular operations 
include unconventional warfare, counterinsurgency and foreign internal defense, stability 
and humanitarian assistance, counterterrorism, and cyber warfare.?7» While theoretically 
any deception technique can be used in support of any type of operation, certain 
deception techniques lend themselves to the nature of the various types of irregular 


operations. 


1. Unconventional Warfare 


A critical concern for unconventional warfare operations is security, especially 
during the nascent phases of the campaign when the state holds a distinct force advantage 
over the movement. Deception is a vital tool for maintaining the security of both the 
forces working with the guerrilla force and for the guerrilla force as well. Otto Heilbrunn 
in his work Partisan Warfare quotes extensively from an unnamed Vietminh manual on 


the utility of deception in support of guerrilla operations: 


We must act above all when the enemy, full of self-confidence, is 
underestimating us. We then order our men to disguise themselves as 
coolies, as enemy soldiers, as hawkers on their way to the market place. 
Our disguised fighters must exploit the element of surprise in order to 
wipe out the enemy in his fort or garrison. This technique requires 
constant and detailed information; one must be fully informed about the 
enemy’s situation, from the first preparations to the time of execution.276 


274 Breitenbach, “Operation Desert Deception,” 22 — 24. 


275 While cyber warfare and humanitarian assistance are not normally included in the set of irregular 
warfare, they are included here since they are not conventional operations. 


276 “Guerilla selon l'ecole communiste," Bulletin Militaire (Leopoldville: Etat-Major de la Force 
Publique, 1955) as quoted in Otto Heilbrunn, Partisan Warfare (New York: Frederick A. Praeger, 1962), 
95. This is perhaps from Vo Nguyen Giap’s People’s War, People’s Army. 
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The camouflaging aspects of deception would seem to be of particular importance to an 
unconventional warfare campaign in order to allow the special operations force and the 


guerrilla force to move amongst the population like Mao's fish. 


The adoption of Afghan sartorial and grooming standards by special operations 
forces elements during the opening phase of Operation ENDURING FREEDOM served two 
purposes. First, the standards were adopted for the purposes of bridging the cultural 
divide between the SOF elements and the Northern Alliance forces, reducing the “out- 
groupness" of the SOF elements and leveraging the influence principle of liking. Second, 
the sartorial and grooming standards increased security for the SOF elements by serving 
as a form of blending cover, decreasing the visual signature of the SOF elements by 


merging them visually with the Northern Alliance forces. 


FM 31-21: Guerrilla Warfare and Special Forces Operations suggests another 
method of deception in support of security: 

False rumors and false information concerning guerilla strength, location, 

operations, training, and equipment can be disseminated by 

counterintelligence through clandestine nets. Facts may be distorted 

intentionally to minimize or exaggerate guerilla’ capabilities at any given 

time. Although such activities are handled within the intelligence section, 


they must be coordinated with the security section in order to prevent 
inadvertent violations of security.27” 


In this method, deception can cause the targeted regime to expend resources chasing 
ghosts, such as MACVSOG creating the perception there were far more agents operating 


within North Vietnam than actually present. 


Finally, deception in support of subversion can be used to introduce friction to the 
regime's decision-making process through the use of ambiguity increasing measures. 


Slowing down the adversary's OODA process is as effective as increasing the speed of 


277 Headquarters, Department of the Army, FM 31-21: Guerrilla Warfare and Special Forces 
Operations (Washington, DC: Department of the Army, 1958), 106. 
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one's own. Sufficient ambiguity increasing active deceptions coupled strong cover 
deceptions increase friction to the point of inducing mental isolation, with the regime's 


leadership unable to act.278 


2. Counterinsurgency/Foreign Internal Defense 


Pseudo-operations like those employed by the British in Kenya during the Mau- 
Mau uprising may be of use in overcoming the information advantage enjoyed by the 
insurgency through intelligence gathering.?7? For example, a pseudo-operation might be 
designed to lure in supporters and potential supporters of the targeted group for the 
purposes of intelligence collection and nuanced influence activities. Care must be 
exercised with pseudo-operations as they thread a fine line with perfidy, international law 
stipulates that while combatants may wear enemy uniforms may be worn, combatants are 
prohibited from fighting in them.28° The Selous Scouts of Rhodesia crossed the line into 
perfidy by attacking an insurgent base camp while portraying Mozambique military 


forces.281 


In addition to pseudo-operations, other deceptions may work to illuminate the 
insurgency. For example, disinformation in the form of forged orders inserted into an 
insurgent network can be used to fix cells of the network in time and space for targeting 
by directing the cell to attend a meeting. The effectiveness of this approach depends on 
the nature of the insurgent group; a strict hierarchal structure will be more susceptible 
than a loose-knit structure. Likewise, disinformation about friendly collection capabilities 
can be used to canalize network communications onto less secure or fewer channels, 
facilitating collection efforts, or to protect existing collection capabilities. For example, 
during World War II, ULTRA was protected at times by attributing the intelligence 


collected to other means. 


278 Boyd, The Strategic Game, 47. 
279 See: Kitson, Gangs and Counter-gangs. 


280 Marie Anderson and Emily Zukauskas, eds., Operational Law Handbook: 2008 (Charlottesville, 
VA: The Judge Advocate General's Legal Center and School, 2008), 23. 


281 Lawrence Cline, Pseudo Operations and Counterinsurgency: Lessons from Other Countries 
(Carlisle, PA: Strategic Studies Institute, 2005), accessed 20 April 2011, 
http://www-.strategicstudiesinstitute.army.mil/pubs/download.cfm?q=607, 12. 
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Deception for the purpose of subversion could be used to sow discord amongst 
the insurgent network. This tactic could be particularly disruptive if the practitioner has a 
firm understanding of the network and is able to target the individuals serving as links 
between cells. The British used deception in support of subversion against the Irish 
Republican Army by creating the perception the IRA was riddled with British agents. The 
IRA acted on the perception by conducting an internal witch hunt. The resultant purge of 
misidentified *agents" greatly weakened the organization and allowed the British to reach 
favorable terms for a ceasefire.282 Additionally, since there is an inverse ratio between 
security and efficiency, deception for subversion can be used to cause the target to 
increase security measures to the point of operational ineffectiveness.28? Finally, as 
discussed in the unconventional warfare section, deception in support of subversion and 
mental isolation can be used to introduce friction in the OODA decision-making process, 


potentially negating an inherent advantage of networks. 


One note of caution, as tempting as the idea might seem, false flag attacks on the 
populace for the purposes of discrediting the insurgent group are a fundamentally bad 
idea. The effects on popular support for the host nation government and the U.S. mission 


would be catastrophic if the true nature of the operation were revealed. 


3. Stability Operations / Humanitarian Assistance Operations 


Deception operations in support of stability operations and humanitarian 
assistance operations are probably most appropriate when in support of force protection 
or operations security. For example, in areas where banditry is a problem, a 
demonstration convoy might be useful to draw attention away from an actual relief 
convoy. Blending and disguising aspects of deception may be appropriate if a lower 
signature is desired. Rules of engagement and political sensitivities may significantly 


constrain the palette of deception techniques available. 


282 Benjamin Higginbotham, *On Deceiving Terrorists" (Master's thesis: Naval Postgraduate School), 
accessed 4 January 2010, http://handle.dtic.mil/100.2/A4DA 401353, 3 — 5. 


283 J, Bowyer Bell, “Aspects of the Dragonworld: Covert Communications and the Rebel Ecosystem,” 
International Journal of Intelligence and Counterintelligence 3, no. 1 (1989): 17. 
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4. Counterterrorism 


Benjamin Higginbotham, in his thesis *On Deceiving Terrorists," presents three 


compelling methods where deception can be used against terrorists and terrorist 


organizations: 
° Create and exploit inefficiencies and weaknesses in the terrorist 
organization 
° Facilitate counter-terrorist operations 
° Conceal counter-terrorist capabilities and intentions284 


Deception in support of subversion as discussed in the previous section on 
counterinsurgency is equally applicable against terrorist groups, and could prove quite 
useful at creating and exploiting internal inefficiencies and weaknesses of terrorist 
groups. For example, disinformation spread via rumors that there is an informant within 
the terrorist group could be spread in areas where the terrorist are suspected of operating 
in order to sow dissension. Alternatively, if previous purges have occurred, a 
disinformation program that suggests the group leadership is planning another purge 
could be used to increase distrust of the leadership, and perhaps an internal preemptive 


strike against the leaders. 


Deception can facilitate counter-terrorist operations by creating surprise. In the 
Israeli raid on Entebbe, deception in the forms of portrayal and masking played a critical 
role in achieving surprise and retaining initiative. First, the Israeli aircraft masked their 
approach behind the signature of a regularly scheduled aircraft. Additionally, the Israeli 
commando force portrayed Ugandan military forces through the use of Ugandan 
uniforms and a Mercedes disguised to look like a Ugandan staff car. These techniques 
sowed confusion amongst the terrorists and their Ugandan guards, with the terrorists 


initially believing the Ugandans had turned on them.?285 


284 Higginbotham, “On Deceiving Terrorists,” 25 — 26. 
285 McRaven, Spec Ops, 341 — 376. 
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5. Cyberwarfare 


Cyberspace as an emerging arena for military operations presents as many 
opportunities for deception as the physical world. For example, honeypots can be used to 
mislead the target for the purpose of intelligence gathering. Disinformation in the form of 
spoofed emails could be used to prompt any manner of actions by the target. Pseudo- 
operations in the form of websites portraying adversary websites can be used for 


disinformation, intelligence gathering, or influence operations. On the defense, ambiguity 


increasing deception can be used to protect sensitive information—e.g., operations plans, 
personnel rosters, or technical data—through the use of multiple files where only one is 


the true information 


D. MILITARY DECEPTION FAILURES 


Finally, no discussion of the practice of deception is complete without addressing 
deception failures. Somewhat optimistically, the CIA report, Deception Failures, Non- 
Failures, and Why, states the following with regard to deception failures: “It can 
accurately be stated that deception nearly always succeeds, at least to some degree. 
Indeed it should be emphasized that deception may succeed even when one or more ... 
causes for failure is present.”286 Despite this assertion, the report provides eleven reasons 
why a deception may fail. These reasons were derived from an analysis of Allied and 


Axis deception failures during World War II: 


° Detection by the intended victim 

. Incomplete or incorrect understanding of the target's intelligence 
apparatus 

° Incomplete or incorrect modeling of the deception process 

. Inadequate or improper channels or vehicles to convey the deception story 

° Incomplete or inadequate control over the significant variables of the 
deception process 

. Incorrect assessment of the target's reaction 

° Deception story falls outside the deception window, e. g., too sophisticated 


to be received or too simplistic to be believed 


286 Deception Research Program, Deception Failures, Non-Failures, and Why, 45 — 46. 
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e Unreasonable expected result 

° Target unable to react in the intended manner even if deception considered 
credible 

. Inadequate time for the deception process to run its course 


° Bad luck287 

With the exception of bad luck, each of these failures represents a shortcoming in 
the planning and/or execution of the deception plan. For example, “detection by the 
intended victim” can be caused by failure to properly cover the indicators of the true 
operation, by a poor deception story, or by shoddy execution of the deception tasks. 
Likewise, “inadequate or improper channels or vehicles to convey the deception story” 
represents a failure to either assess the channels available the target, or a failure to revise 
the plan after discovering the channels were insufficient. While no deception plan is 
perfect, proper adherence to the information requirements and principles laid out in this 


chapter can reduce the risk of deception failures. 


287 Deception Research Program, Deception Failures, 3 — 4. 
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VI. HISTORIC U.S. ARMY USE OF DECEPTION 


Always mystify, mislead, and surprise the enemy. 
— General Thomas *Stonewall" Jackson?88 


This chapter surveys the use of deception by the U.S. military from the 
Revolutionary War to Operation DESERT STORM. The purpose of this chapter is twofold; 
first to present additional examples of deception in action as prompts for the deception 
practitioner's creative processes, and second to reinforce the idea that deception has been 


of great utility for the U.S. military throughout its history. 


A. REVOLUTIONARY WAR - BATTLE OF TRENTON 


January 2, 1777 saw George Washington trapped against the banks of the 
Delaware River outside Trenton, New Jersey by a superior British force under General 
Cornwallis. Despite suggestions to attack straight away, Cornwallis was sufficiently 
satisfied that Washington was trapped and so waited to attack the next day. The British 
set camp inside Trenton. During the night, the American force built large bonfires of 
cedar rails along their lines and continued through the night working to reinforce the 
earthworks. British sentries could see movement and hear the sounds of the digging. 
Sporadic cannon fire from the American lines kept the British in Trenton jumpy. When 
Cornwallis and his men arose the next morning to quash the rebellion all they found was 


an abandoned camp with piles of fresh dirt and smoldering fires. 


The fires and work crews served as demonstrations; and the cannon fire as a feint 
in order to reinforce Cornwallis's perception that Washington was trapped, and to mask 
the noise of the American army quietly marching away to attack Princeton. Wagon and 
cannon wheels were wrapped in cloth to deaden the noise of movement over the frozen 


ground. A group of 500 stayed behind to work the deception. These men pulled out 


288 General Jackson in a letter to Brigadier John Imboden, as quoted by Imboden, as quoted in: 
Henderson, Stonewall Jackson, 1:420. 
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before dawn to rejoin the main body.??? Security of the plan was so tight that “no one 
below the rank of brigadier was privy to the plan; officers who were quartered in outlying 


farmhouses awoke the next morning to find the army gone. ..."290 


Deception Objective (DO) British forces do not impede withdrawal 
Deception Target General Cornwallis 

Deception Story (THINK) American Army preparing for morning battle 
Deception Events (SEE) Demonstration — bon fires 


Demonstration — men building fortifications 

Feint — cannon fire 

Securing — tight security on plan 

Masking - noise of work obscuring noise of movement 
Termination Trigger Main force withdrawal completed 


Table 9. Deception Analysis of Battle of Trenton 


B. CIVIL WAR 
1. Peninsula Campaign 


A classic example of an inferior force using deception to transform certain defeat 
to a tactical stalemate and strategic victory occurred during the Civil War. Major General 
Magruder was tasked with preventing the largest Union army yet assembled from 
reaching Richmond. To achieve this objective, Magruder utilized a number of deceptions, 
including the use of soldiers portraying deserters to feed General McClellan 
disinformation exaggerating the size and composition of the Confederate force. The 
“deserters’” information was confirmed by aerial observation which reported on the troop 
movements, cavalry, and camp fires carefully choreographed by Magruder. When 
McClellan approached the Confederate breastworks, he was presented with a now famous 
simulation—Quaker guns. In order to inflate the number of cannon available to the 
Confederate force, Magruder had tree trunks stripped, bored, and painted so that they 
simulated cannon to the casual eye. In McClellan's perception, the Confederate force was 
larger and better equipped than his, and so McClellan delayed his attack for over a month 


while he assembled the forces he felt necessary for the attack. This delay allowed ample 


289 Richard M. Ketchum, The Winter Soldiers, 1st ed. (Garden City, N.Y: Doubleday, 1973), 344 — 
351. 


290 Ketchum, The Winter Soldiers, 348 
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time for the Army of Northern Virginia to place itself between McClellan and Richmond. 
Additionally, the delay subjected McClellan's force to the bad weather and mosquitos of 
the peninsula, resulting in many soldiers combat ineffective from illness. When 
McClellan finally attacked in early May, he found the Quaker guns, but not Magruder. 
Magruder had used the delay to withdraw his force back to the Army of Northern 


Virginia lines; Richmond was safe.?91 


Deception Objective (DO) Union forces do not press attack until after arrival of Army of 
Northern Virginia 

Deception Target General McClellan 

Deception Story (THINK) Confederate force too large to attack without significant Union 
reinforcements 

Deception Events (SEE) Simulation — Quaker guns 
Portrayal — cavalry and infantry units replicating additional units 
Simulation — additional camp fires 

Termination Trigger Army of Northern Virginia in position 


Table 10. Deception Analysis of Peninsula Campaign 


2. Capture of Atlanta 


During the summer of 1864, Major General Sherman attempted for several 
months to capture Atlanta, Georgia; however, the city was well fortified and Sherman 
was unsuccessful in compelling the surrender of the Confederate defenders under General 
John Hood. Unable to crack the nut that was Atlanta via siege, and unwilling to mount a 
potentially disastrous frontal assault, Sherman resorted to deception and the indirect 


approach. 


The deception used by Sherman was a feigned withdrawal. Prior to 26 August, 
Sherman ordered his men be provisioned with 20 days rations, the unit trains reduced to 
what was absolutely necessary, and all sick and wounded evacuated. Additionally, 
Sherman cut communications with higher headquarters to reduce the chances of a leak or 
captured courier.?9? As part of the preparatory movements, Sherman had one brigade of 


dismounted cavalry from the 2nd Cavalry Division occupy the trenches of the 12th and 


291 The Editors of the Army Times, The Tangled Web, 4 — 13. 
292 The Editors of the Army Times, The Tangled Web, 15 — 17. 
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4th Corps in order to prevent the defenders from noticing the corps’ movements.?9? After 
midnight on the 26th, in a move reminiscent of Washington at Trenton, Sherman's force 
began a near silent withdrawal under the cover of darkness. The withdrawal was not 
discovered by the Confederate defenders until the next morning. Initial caution 
transitioned into celebration as the defenders viewed the now empty Union positions 
strewn with cast off materials. The idea that the Union forces had withdrawn was 
reinforced by reports of Union cavalry to the west scrounging for rations.29* The Hood 
telegraphed Richmond reporting his belief that *...the hungry Union army was giving up 
the siege and withdrawing across the Chattahoochee."?95 Sherman's forces maintained 
tight security until seizing Jonesborough, south of Atlanta. By 2 September, Atlanta was 


in Union hands.296 


Deception Objective (DO) Confederate forces fail to react to flanking maneuver 
Deception Target General Hood 

Deception Story (THINK) Union forces have retreated in defeat 

Deception Events (SEE) Portrayal — 2nd Cavalry Division posing as 12th and 4th Corps 


Demonstration - withdrawal 

Disinformation — cavalry claim to be short on rations 
Blending - silence during withdrawal and movement 
Securing — communications silence 

Termination Trigger Seizure of Jonesborough 


Table 11. Deception Analysis of Atlanta 


3. Athens, Alabama 


In 1864, Nathan Bedford Forrest elicited the surrender of a Union stronghold at 
Athens, Alabama through the artful use of portrayal. After a short siege of the fort, 
Forrest arranged a parley with the fort's commander, Colonel Wallace Campbell. During 
the parley, Campbell was provided with a seemingly impromptu tour of the Confederate 


camp. Unbeknownst to Campbell, as he completed the tour of a campsite, many of the 


293 william Sherman, Memoirs of General William T. Sherman, 2nd ed. (New York: D Appleton and 
Company, 1904), 2:105; Basil Liddell Hart, Sherman: Soldier, Realist, American (New York: Dodd, Mead, 
and Company, 1929), 296. 


294 The Editors of the Army Times, The Tangled Web, 17 — 22. 
295 Liddell Hart, Sherman, 298. 
296 The Editors of the Army Times, The Tangled Web, 21 — 22. 
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Confederate infantry from first campsites were portrayed by dismounted cavalry. After 
Campbell passed, the cavalry remounted and moved to other campsites to be counted 
again. Artillery pieces were similarly shuffled around, so Campbell was presented the 
image of a Confederate force four times its actual size. Rather than risk his men against 
this overwhelming force, Campbell surrendered the fort without further bloodshed.??7 
Though Forrest could have reduced the fort through traditional means, the deception both 
saved lives, and afforded Forrest the freedom of maneuver to turn his force on the Union 


relief column heading for the fort. 


Deception Objective (DO) Union stronghold surrenders 

Deception Target Colonel Campbell 

Deception Story (THINK) Confederate force is overwhelming, so resistance is futile 
Deception Events (SEE) Portrayal — troops replicating additional forces 
Termination Trigger Surrender by Colonel Campbell 


Table 12. Deception Analysis of Athens, Georgia 


C. PHILIPPINE INSURRECTION - RAID ON PALANAN 


By February 1901, the United States had lost over four thousand Soldiers in two 
years of combatting insurrection on the Philippines island of Luzon, with no end in sight. 
The leader of the insurrection was Emilio Aguinaldo. Aguinaldo fought a classic guerrilla 
campaign, with his troops seemingly everywhere but himself nowhere to be found. On 8 
February 1901, a U.S. Army brigade commanded by Colonel Frederick Funston captured 
one of Aguinaldo's couriers with a message from Aguinaldo which *...ordered insurgent 
General Lacuna to send 200 soldiers from his brigade to Aguinaldo's headquarters."298 
The courier revealed that the headquarters was located six miles inland at Palanan, in an 
isolated region of Luzon. As important as the location was the information that there 


were only 50 rebel troops guarding Aguinaldo.299 While Funston wanted to act on the 


297 Dunnigan and Nofi, Victory and Deceit : Dirty Tricks at War, 124 — 125; John Weyth, Life of 
Lieutenant-General Nathan Bedford Forrest (New York and London: Harper and Brothers Publishers, 
1905), 491 — 493. 


298 Barton Whaley, “The One Percent Solution," in Information Strategy: A Guide to Theory and 
Practice, edited by John Arquilla and Douglas Borer, 127 — 159 (New York and London: Routledge, 2007), 
151. 


299 Frederick Funston, Memories of Two Wars (London: Constable & Co., Limited, 1912) 384 — 389. 
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information, he knew there was no way for a large American force to reach Aguinaldo's 
lair without providing enough forewarning to give Aguinaldo opportunity to escape. 
Funston, not willing to let the opportunity to strike a hard blow to the insurrection, turned 
to deception.?00 Funston in his memoir states: 

So the only recourse was to work a stratagem, that is, to get to [Aguinaldo] 

under false colors. It would be so impossible to disguise our own troops 

that they were not even considered, and dependence would have to be 

placed on the Macabebes... As it would be absolutely essential to have 

along some American officers to direct matters and deal with such 

emergencies as might arise, they were to accompany the expedition as 

supposed prisoners who had been captured on the march, and were not to 

throw off that disguise until there was no longer necessity for 

concealment.201 

With approval from General MacArthur, Funston ordered 85 Macabebe troops to 
be outfitted with the weapons and uniforms of the insurgents. Funston and the four 
American Soldiers accompanying him were dressed as privates and pretended to be 
prisoners of the disguised Macabebe force. In addition to the disguises, Funston carried 
several pieces of Lacuna's personal stationary with his forged signature. These would be 
used to send messages from the insurgent leader to Aguinaldo legitimizing the arrival of 
the *reinforcements."302 After a month's training for the Macabebe force, Funston's 
group set off for Palanan. The pseudo-operation worked exquisitely; when the force 
arrived in Palanan on March 26th, Aguinaldo was captured with only five casualties—all 
rebels.303 The forged letters played an essential role in the ruse with Aguinaldo admitting 
the letters were key to his letting his guard down and allowing the band into his camp.204 
Shortly after Aguinaldo's capture, he ordered the end of the insurrection. Of the 


operation, Aguinaldo opined: “It was a bold plan, executed with skill and cleverness, in 


the face of difficulties which to most men would have seemed insurmountable."305 


300 The Editors of the Army Times, The Tangled Web, 24. 

301 Funston, Memories of Two Wars, 393. 

302 The Editors of the Army Times, The Tangled Web, 24 — 25. 

303 pell, Cheating, 42 — 43. 

304 Funston, Memories of Two Wars, 394. 

305 As quoted in The Editors of the Army Times, The Tangled Web, 29. 
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It's interesting to note that while Funston's deception was a tactical and strategic 
victory, breaking the back of the insurgency; Funston was pilloried in American press, 
and even on the Senate floor for committing a war crime. Indeed, but current 
international law, Funston would be accused of perfidy for allowing the Macabebes to 


attack while wearing the enemy’s uniforms.206 


Deception Objective (DO) Allow entry of Funston's force into Aguinaldo's camp 
Deception Target Aguinaldo and rebel forces enroute to camp 

Deception Story (THINK) Funston's force is the requested reinforcements with prisoners 
Deception Events (SEE) Portrayal — Macabebe troops dressed as rebel troops 


Portrayal — Funston and other Americans as captured privates 
Disinformation — forged messages 
Termination Trigger On order after arrival into camp 


Table 13. Deception Analysis of Raid on Palanan 


D. WORLD WAR I - SAINT MIHIEL 


While a deception practitioner should seek to leverage existing target perceptions, 
there are times when this is impossible. For example, when the true objective is already 
perceived by the adversary to be the objective, reinforcing this perception would be—to 
say the least—counterproductive. In these cases, deception can be used to change the 
target's perception. General Pershing’s use of deception in support of the assault on the 
Saint Mihiel salient during World War I demonstrates a successful execution of this 


scenario. 


Pershing saw the reduction of the salient as a necessary step to winning the war; 
however, the German High Command fully expected an attack by American forces at Saint 
Mihiel. To increase the prospects of success, Pershing undertook a deception to make the 
German High Command believe the true focus of the American attack would be the Belfort 
Gap, 125 miles southeast of Saint Mihiel, with the deception goal of the German High 
Command shifting resources from Saint Mihiel. On 25 August, 1917, a French liaison 
officer informed the American press corps—off the record—that the American objective 
might be further to the South, perhaps the German town of Mulhouse that located on the 
other side of the Belfort Gap. Not surprisingly, this leak made it by military censors. On 27 


306 The reaction in the U.S. to Funston's operation is discussed in detail in Chapter 3. 
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August 1917, General Pershing sent Major General Bundy, Commander VI Corps, to the 
town of Belfort on secret orders to plan for an offensive through the gap. Major General 
Bundy was an unwitting actor and took to his mission with alacrity. Soon American 
reconnaissance parties were seen around Belfort marking out locations for supply depots, 
field hospitals, and artillery positions. To create the impression of troop movements, radio 
sets from the 91st Infantry Division were used to mimic the transmissions of the VI Corps. 
The military preparations were reinforced with civil-military operations as pained efforts 
were made to ensure the local populace had evacuation plans. The crowning piece of 
disinformation supporting the deception was a piece of carbon paper discarded by Colonel 
Conger, Pershing's witting actor on the scene, in the waste basket of his hotel room in 
Belfort. Conger had used to carbon paper for a letter to the American Expeditionary Force 
Headquarters detailing the Belfort preparations as only needing an execution date. After 
depositing the carbon in the trash, Conger took a walk, and the German spies on the hotel 


staff did their part stealing the carbon. 


In response to the deception, German High Command moved three divisions from 
Saint Mihiel to reinforce the Belfort Gap. With German perceptions changed and 
behavior suitably modified, Pershing's 12 September attack against the Saint Mihiel 
salient was a success. After the war, Colonel Conger received confirmation from the 
German commander at Belfort that when he requested the additional divisions he 
understood the buildup might be a ruse, but could not risk it being real. A deception using 
a minimum of resources was able to alter the perception of the German High Command 


in 19 days.307 


Deception Objective (DO) German High Command shifts forces from Saint Mihiel 

Deception Target German High Command 

Deception Story (THINK) American Expeditionary Force plans on attacking through the 
Belfort Gap 

Deception Events (SEE) Demonstration — Major General Bundy 


Demonstration — reconnaissance parties 

Disinformation — leak to press 

Disinformation — Colonel Conger memorandum 

Portrayal — 91st Division creating radio traffic of VI Corps 
Termination Trigger Execution of attack on Saint Mihiel 


Table 14. Deception Analysis of Saint Mihiel 


307 The Editors of the Army Times, The Tangled Web, 61 — 75. 
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E. DECEPTION IN WORLD WAR II 
1. Operation FORTITUDE SOUTH 


With an Allied invasion of Western Europe inevitable, the Allies sought to 
obscure the true landing site—Normandy. Operation FORTITUDE SOUTH sought to 
convince the Germans the true location of the invasion would be at Pas de Calais so that 
the German forces located there would not react to the Normandy landings. Fortitude 
South consisted of two phases. During phase I, the objective was to cause the German 
forces to make faulty troop dispositions by convincing German High Command that Pas 
de Calais was the true target for invasion, with a target date of 45 days after the 
Normandy landings. For phase II, the objective was to cause German High Command to 
keep the units in Pas de Calais in place. This was to be accomplished by convincing 
German High Command the Normandy landings were a diversionary feint, and that once 
the German reserves were committed at Normandy, the true invasion would take 
place.308 FORTITUDE SOUTH leveraged the existing German perception that Pas de Calais 


was the logical invasion choice. 


The primary elements of FORTITUDE SOUTH were a simulated command and 
disinformation transmitted via the DOUBLE CROSS agents. The First U.S. Army Group 
[FUSAG] was a real headquarters without forces. General Patton was assigned as the 
FUSAG commander as part of the deception plan. FUSAG simulated and portrayed an army 
group through the use of decoys, dummies, and tasked units.309 Many of the simulated 
units assigned to FUSAG were not created for FUSAG; rather, they were part of a long 
running effort to inflate the Allied order of battle and had been used in previous 
deceptions. In addition to the simulated units, a number of real units were notionally 
assigned to FUSAG, while actually remaining under the command of the 21st Army.310 
Much of the information on the location, composition, and activities of FUSAG was fed to 


German intelligence through the DOUBLE CROSS system.?!! Additional indicators were 


308 Hesketh, Fortitude, 384. 
309 Whaley, Stratagem (2007), 376 — 377. 
310 Hesketh, Fortitude, 174 — 185. 


311 Hesketh, Fortitude, 174 — 185. Agents GARBO and BRUTUS were the primary channels used. 
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presented by radio nets portraying the notional units. The few German reconnaissance 
aircraft flying over the FUSAG simulation were fired upon for realism, but intentionally 
missed so the photos would make it back.31? As D-Day neared, additional events were 
staged in support of FORTITUDE SOUTH. Pas de Calais was included in the preparatory 


bombings to reinforce that it was the target.313 


After the successful landings at Normandy, FORTITUDE SOUTH was continued into 
July, until a sequel plan could be executed. The objective of Operation FORTITUDE SOUTH 
II was “To contain the maximum number of enemy forces in the Pas de Calais area for as 
long as possible."31^ As elements notionally assigned to FUSAG arrived to reinforce the 
Normandy beachhead, local German commanders quickly realized the Pas de Calais 
threat was over; however, FORTITUDE SOUTH II convinced Hitler of the threat, keeping 
the German Fifteenth Army unable to respond to the growing threat in Normandy.?!5 


Elements of FORTITUDE SOUTH II remained in effect until the beginning of September.?16 


Deception Objective (DO) Phase I — German forces commit to faulty troop distributions 
Phase II — German forces in Pas de Calais do not respond to 
Normandy landings 


Deception Target Hitler and German High Command 

Deception Story (THINK) Pas de Calais is the primary target of Allied efforts, the Normandy 
landings are a diversion 

Deception Events (SEE) Simulation — Decoy and dummy equipment 


Simulation — Radio traffic 

Portrayal — Assigned units 

Demonstration — Assignment of Patton as FUSAG Commander 
Disinformation — plans fed through DOUBLE CROSS agents 
Feint — Inclusion of Pas de Calais in preparatory bombing 
Termination Trigger Initially successful Normandy landings, extended via sequel 


Table 15. Deception Analysis of Operation FORTITUDE SOUTH 


312 The Editors of the Army Times, The Tangled Web, 133 — 134. 
313 Whaley, Stratagem (2007), 377. 

314 Hesketh, Fortitude, 414. 

315 Hesketh, Fortitude, 267 — 268. 

316 Hesketh, Fortitude, 302. 
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2: 23rd Headquarters Special Troops 


The 23rd Headquarters Special Troops was a purpose built unit specifically 
intended to conduct deception operations at the tactical level. The unit consisted of a 
Headquarters and Headquarters Company; the 603rd Engineer Camouflage Battalion 
(Special); the Signal Company (Special); the 402nd Engineer Combat Company 
(Special); and the 3132nd Signal Company (Special).?!7 The 23rd utilized a variety of 
means to simulate or portray other army units to include: decoys, dummies, loudspeakers, 
pyrotechnics, and imitative radio transmissions. Furthermore, the 23rd employed 
disinformation—the 23rd called this “Special Effects—to corrupt the German perceptions 
of the Allied Order of Battle. “Special Effects” included the wear of other unit’s patches, 
stenciling vehicles with other unit designations, creating phony generals, and crafting 
fictional stories; all to be picked up by the German agent networks operating behind 


Allied lines.318 


The techniques implemented by the 23rd played a vital role in operations 
throughout the campaign in Western Europe by depriving German intelligence of the true 
picture of Allied force dispositions. In particular, the 23rd played a critical role in the 


relief of Bastogne during the Battle of the Bulge. The objective of Operation KODAK was: 


To confuse German radio intelligence as to the real location of the 80th 
Infantry Division and the 4th Armored Division, both of which were 
committed to action in a counterattack against the south flank of the St. 
Vith-Bastogne salient, by giving radio indication of those Divs in an area 
to the southeast of that in which they were employed. The area chosen for 
the radio deception was such as to indicate their presence as a reserve in 
case of extention [sic] of the German counterattack through 
Echternacht.319 


The surprise arrival of two divisions of reinforcements broke the back of the siege 


of Bastogne.320 


317 Official History of the 23rd Headquarters Special Troops, 2 — 3. 
318 Official History of the 23rd Headquarters Special Troops, 8 — 9. 
319 Official History of the 23rd Headquarters Special Troops, 42. 
320 Gerard, Secret Soldiers, 232 — 233. 
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Deception Objective (DO) 

Deception Target Field Marshall von Rundstedt — German commander outside 
Bastogne 

Deception Story (THINK) The 4th Armored Division and 80th Infantry Division were being 
held in reserve 

Deception Events (SEE) Portrayal — Radio traffic by 23rd 
Securing — Radio silence by actual units 

Termination Trigger Arrival of the 4th and 80th at Bastogne 


Table 16. Deception Analysis of Operation KODAK 


3. Operation WEDLOCK 


In 1943, Joint Security Control—the staff element of the Joint Chiefs of Staff 
charged with coordinating U.S. strategic deception—directed Lieutenant General Simon 
Bolivar Buckner Jr., the commander of the Alaska Department to develop a strategic plan 
for the North Pacific. The objective given Buckner was: 

...to deceive the Japanese about US plans for Alaska and the Aleutians by 

exaggerating current American forces and their activities there, and more 

specifically, to convince the Japanese of a build-up intended to invade the 


Kurile Islands. Tentatively this fictional assault was first slated for 1 
August 1944.321 


Buckner’s initial plan was altered after consultation with Admiral Nimitz. Nimitz 
assumed command of the strategic aspects of the deception, while Buckner retaining 
command of the tactical aspects. Nimitz also accelerated the target date for the assault to 
15 June so as to provide cover for Operation FORAGER, the planned real assault on 
Saipan. The revised deception plan became Operation WEDLOCK. In order to present the 
appearance of increased U.S. preparations for the invasion of the Kurile Islands, 
WEDLOCK called for the simulated activation of the 9th Amphibious Force consisting of 
five U.S. and one Canadian division. Additionally, the 9th Fleet would be notionally 
increased in size in order to support the assault. To create the simulated radio traffic 


necessary for these formations, a joint communications center was established.322 
y J 


321 Katherine Herbig, *American Strategic Deception in the Pacific," in Strategic and Operational 
Deception in the Second World War, edited by Michael Handel, 260 — 300, (London: Frank Cass, 1987), 
266. 


322 Herbig, *American Strategic Deception," 266 — 267. 
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In addition to the notional forces, WEDLOCK included a number of other deception 
events in support of the story. WEDLOCK coopted the American press—ULTRA intercepts 
confirmed that Japanese intelligence used the press as a means of collection. Rather than 
keeping the meeting between Buckner and Nimitz a secret, the press was encouraged to 
report the meeting and speculate on its meaning. In addition, Joint Security Control fed 
disinformation directly to Japanese intelligence through double agents in the U.S.; via 
military attaches in neutral countries; and by incorporating disinformation into shared 
intelligence with Russia—expecting the disinformation to be collected by Japanese 
agents. Furthermore, troops embarking for the tropics through Seattle were issued artic 
gear so as to appear that they were heading north. Finally, an entire simulated airbase was 


constructed at Holtz Bay on the westernmost Aleutian island.323 


After the invasion of Saipan was completed, it was decided to maintain aspects of 
the WEDLOCK deception, specifically the simulated divisions. Therefore, a sequel plan 
was implemented under the name Operation HUSBAND. Operation HUSBAND was later 
followed by another sequel plan, Operation BAMBINO, which in turn was eventually 
followed by Operation VALENTINE. Each of the sequel plans maintained the simulated 
forces, though with less and less effort in maintaining the deception. As a result, the 
Japanese Imperial Command over time withdrew ships and planes from the Kurile 
Islands to meet more imminent threats; however, the troop levels remained steady 


throughout the series of deceptions.324 


The effect of WEDLOCK can be seen in Japanese troop strengths in the Kurils. 
Whereas there were initially 25,000 troops and 38 aircraft stationed in the Kurils before 
WEDLOCK, after WEDLOCK the garrison had grown to 70,000 troops and 590 aircraft.225 
However, while WEDLOCK succeeded in convincing the Japanese of a serious threat from 
the North: 


323 Herbig, “American Strategic Deception,” 270 — 272. 
324 Herbig, “American Strategic Deception,” 279 — 281. 


325 Milan Vego, Joint Operational Warfare (Newport, RI: United States Naval War College, 2007), 
VII-103 — VH-105, as cited in Leonard Wells, “Military Deception: Equivalent to Intelligence, Maneuver 
and Fires” (Paper, Navy War College, 2008), accessed 20 May 2012, 
http://handle.dtic.mil/100.2/ADA494225, 9 — 10. 
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...it failed to convince him that this menace was immediate or of primary 
importance. Rather than misleading the Japanese into reordering their 
priorities for the threats which faced them, the deception added another 
plausible threat to an already ambiguous situation.226 


While not as successful as desired, WEDLOCK could be classified as good enough. 


Deception Objective (DO) Japanese shift forces to defense of Kurile Islands 

Deception Target Japanese Imperial Command 

Deception Story (THINK) U.S. intends to liberate Kurile Islands from Japanese occupation 
Deception Events (SEE) Portrayal — increased size of the 9th Fleet 


Portrayal — Troops issued artic gear 
Simulation — radio traffic 

Simulation — 9th Amphibious Force 
Disinformation — Press stories 

Disinformation — Double agent network 
Disinformation — Military attaches 
Disinformation — Russia information exchange 


Termination Trigger 


Table 17. Deception Analysis of Operation WEDLOCK 


F. KOREAN WAR - INCHON LANDING 


In 1950, General MacArthur approved Operation CHROMITE, an audacious plan to 
conduct an amphibious assault at Inchon to break the impasse with North Korean forces 
to the South. To conduct the operation, General MacArthur directed the formation of X 
Corps under the command of Major General Edward Almond, General MacArthur's 
Chief of Staff. As cover for the preparations for Operation CHROMITE, Major General 
Edward Almond remained as the Chief of Staff, while the staff for X Corps was formed 
as the Special Planning Staff, and the forces assigned to X Corps were carried as GHQ 


reserves.327 


Since it was impossible to camouflage the amphibious assault preparations, a 
deception plan was needed to mislead the North Korean People’s Army [NKPA] 
command as to the true point of decision. A multi-faceted effort was undertaken to 


mislead the NKPA command into believing the port city of Kunsan as the actual target so 


326 Herbig, *American Strategic Deception," 275. 


327 Headquarters X Corps War Diary Summary for Operation Chromite: 15 August to 30 August 1950 
(1950), accessed 24 January 2012, 
http://cgsc.cdmhost.com/utils/getfile/collection/p4013coll1 1/id/831/filename/832.pdf, 2. 
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the NKPA would not disrupt the actual landing. Kunsan, located one hundred miles to the 
south of Inchon, was a likely target for assault—it had been one of the three courses of 
action during planning. First, Kunsan was given particular attention during the 
preparatory bombing operations, to include a massive operation four days prior to the 
Inchon landing. Second, the 1st Marine Division was publicly given briefings on the 
hydrology at Kunsan. Third, an amphibious feint/portrayal was conducted at Kunsan 
using an ad hoc special operations element, whose purpose was to create the perception 
of a much larger force.328 Additionally, the 1st Marine Brigade, which was the primary 
landing force at Inchon, was assigned to the Pusan 'general reserve' in an effort to blend 
it in with other less essential units.329 In order to add a bit of ambiguity to the situation, 
similar efforts—preparatory naval bombardments—were made for Samch'ok, a plausible 
amphibious landing objective on the east coast of the peninsula.?9? The Inchon landing 


could not have succeeded without the operational surprise created by the deception plan. 


Deception Objective (DO) North Korean forces do not disrupt Inchon landing 

Deception Target North Korean People's Army command 

Deception Story (THINK) Actual amphibious landing will occur at Kunsan or Samch'ok 
Deception Events (SEE) Feint/Portrayal — Special Operations Company landing at Kunsan 


Feint — Kunsan focus of major bombing attack at D-4 

Feint — Samch'ok focus of preparatory naval bombardment 
Demonstration — public briefing on hydrology at Kunsan 

Blending — preparatory bombings at Inchon blended into larger 
bombing operation 

Blending — assault element assigned to the Pusan ‘general reserve’ 
Blending - Major General Almond remaining Chief of Staff 


Termination Trigger 


Table 18. Deception Analysis of Operation CHROMITE 


328 Whaley, Stratagem (2007), 448. 


329 George Womack, “Operational Deception and the Principles of War” (Paper, Naval War College, 
1994), accessed 20 May 2012, http://handle.dtic.mil/100.2/ADA 279632, 13. 


330 Reference Book 31-40: Techniques for Deception, 6-8. 
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G. VIETNAM WAR 
1. MACVSOG 
a. Sacred Sword Patriots League 


When MacvsoG was established in 1964, one of the objectives in OPLAN 
34A was to "create the impression that an active, unified, internal opposition exists in 
North Vietnam."33! OPLAN 344A directed the creation of an impression because MACVSOG 
was prohibited by policy decisions made in Washington from implementing an actual 
unconventional warfare campaign in North Vietnam.332 As a result, MACVsoG 
implemented a complex deception program to create the perception of a growing and 
active underground movement with the objective of forcing the North Vietnamese 
government to withdraw support for the Viet Cong. The notional resistance movement 
was part of Project HUMIDOR, MAcvsoG's psychological operations program.?33 The 
centerpiece of MACvsoG’s plan was the Sacred Sword Patriots League [SsPL]. The SsPL 
was presented as an anti-foreign power, Vietnamese nationalist party with its roots in the 


anti-colonial struggles against the French.334 


The SsPL deception was supported by a number of operations. First, North 


Vietnamese fishermen captured as part of MACVSOG’s maritime operations were taken to 


331 Special Assistant for Counterinsurgency and Special Affairs (SACSA), Draft MACSOG 
Documentation Study Appendix A Summary of MACSOG Documentation Study (Washington, DC: Joint 
Chiefs of Staff, 1970), accessed 2 September 2011, 
http://www.dod.gov/pubs/foi/International security affairs/vietnam and southeast asiaDocuments/520- 
22.pdf, a-18. 


332 Special Assistant for Counterinsurgency and Special Affairs (SACSA), Draft MACSOG 
Documentation Study Annex A to Appendix C Psychological Operations (Washington, DC: Joint Chiefs of 
Staff, 1970), accessed 2 September 2011, 
http://www.dod.gov/pubs/foi/International security affairs/vietnam and southeast asiaDocuments/520- 
1.pdf, C-a-7 to C-a-13. MACVSOG attempted on three separate occasions between 1965 and 1968 to gain 
approval to execute an actual unconventional warfare plan against North Vietnam. 


333 John Plaster, SOG: The Secret Wars of America's Commandos in Vietnam (New York: Penguin 
Group, 1998), 125. 


334 Special Assistant for Counterinsurgency and Special Affairs (SACSA), Draft MACSOG 
Documentation Study Annex A to Appendix C Psychological Operations, C-a-14 to C-a-15. The sacred 
sword was a reference to a Vietnamese legend about a heaven-sent sword used by Le Loi during his 
nationalist campaign to drive the Chinese from Vietnam in the 15th Century. The SSPL story reflects an 
exceptional attention to detail with regards to the targeted culture. See Shultz, Secret War, 139 — 14. 
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the Paradise Island facility that portrayed an active SsPL camp.?35 While the fishermen 
were subjected to SsPL indoctrination, the primary objective was not to actually turn the 
fishermen into operatives; rather: 

The primary objective of capturing prisoners and leading them to believe 

that they were captives of the SsPL was to establish credibility for the 

organization and convince elements of the populace of [North Vietnam] 

that an opposition organization does exist in [North Vietnam].336 
In addition to the Paradise Island facility, support for the SsPL deception included the 
Voice of the Sacred Sword Patriots League, a portrayed radio station ran by MACVSOG's 


psychological operations element, and leaflet drops of SsPL propaganda.??7 


While the SsPL program did not achieve its primary objective of forcing 
the North Vietnamese government to stop or reduce support for the insurgency in the 
South, the program was effective at forcing the North Vietnamese government to increase 
internal security measures. A study of North Vietnam's response to covert operations, 
concluded that *Hanoi interprets allied special operations in North Vietnam as a major 
facet in the US strategy. As such it views these operations with considerable alarm."338 
Additionally, the end to all covert activities in North Vietnam was included in the initial 
‘price for peace’ demands by the North Vietnamese contingent at the Paris peace talks.339 


The SsPL program was effectively ended with the 1 April 1968.340 


335 Special Assistant for Counterinsurgency and Special Affairs (SACSA), Draft MACSOG 
Documentation Study Annex A to Appendix C Psychological Operations, C-a-40. 


336 Special Assistant for Counterinsurgency and Special Affairs (SACSA), Draft MACSOG 
Documentation Study Annex A to Appendix C Psychological Operations, C-a-62. 


337 Shultz, Secret War, 142 — 144. 


338 Special Assistant for Counterinsurgency and Special Affairs (SACSA), Draft MACSOG 
Documentation Study Annex A to Appendix C Psychological Operations, C-a-129 


339 Special Assistant for Counterinsurgency and Special Affairs (SACSA), Draft MACSOG 
Documentation Study Annex A to Appendix C Psychological Operations, C-a-110. Additionally, Ho Chi 
Minh issued several directives aimed specifically at suppressing internal dissent. 


340 Special Assistant for Counterinsurgency and Special Affairs (SACSA), Draft MACSOG 
Documentation Study Annex A to Appendix C Psychological Operations, C-a-40. 
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Deception Objective (DO) North Vietnam reduces support to South Vietnamese insurgency 

Deception Target Ho Chi Minh and North Vietnam leadership 

Deception Story (THINK) The SsPL is an active resistance movement challenging the 
Communist government of North Vietnam 

Deception Events (SEE) Portrayal — Paradise Island operations 
Disinformation — SSPL radio station and leaflet drops 

Termination Trigger Since deception was in support of the overall campaign there was no 
defined termination trigger. Termination occurred in response to 
North Vietnamese negotiation demands. 


Table 19. Deception Analysis of SSPL 


b. Deception in Support of Security 


In addition to the SsPL program, MACVsOG utilized deception in support 
of a robust organizational security program. As part of the security program, MACVSOG, 
as well as all the major subordinate components, had an official cover story in an attempt 


to disguise the true nature of the organization. The official cover story for MACVSOG was: 


Studies and Observations Group (SoG): “Studies and Observations Group 
is a special staff section of Headquarters, United States Military Assistanct 
[sic] Command, Vietnam (USMACV) under the supervision of the Chief of 
Staff, USMACV. It is responsible for the study an observation of joint or 
combined counterinsurgency operations of a comprehensive nature. The 
studies and observations include intelligence and psychological activities 
as well as combat actions that may involve any forces or resources of any 
service of the Republic of Vietnam Armed Forces (RVNAF) and USMACV. 
SoG is not an implementing agency, the operations it studies and observes 
are conducted by the RVNAF commands which have responsibility for the 
areas of observations.34! 


In addition to the overarching cover stories, individual missions were 
given cover stories. For example, if an aircraft conveying agent teams or equipment 
between South Vietnam and Thailand had an incident necessitating an explanation for the 
mission, the explanation was that the aircraft was diverted from routine operations in 


South Vietnam in order to respond to a distress call.342 


341 Special Assistant for Counterinsurgency and Special Affairs, Draft MACSOG Documentation 
Study Appendix H Security, Cover & Deception, H-10. 


342 Special Assistant for Counterinsurgency and Special Affairs, Draft MACSOG Documentation 
Study Appendix H Security, Cover & Deception, H-12. 


126 


Page 838 of 3957 


Page 839 of 3957 


Deception Objective (DO) Ignore MACVSOG 

Deception Target Everyone without need-to-know 

Deception Story (THINK) MACVSOG is a staff element used to collect data, not an operational 
headquarters 

Deception Events (SEE) Disinformation — cover stories 

Termination Trigger Since deception was in support of the overall campaign there was no 
defined termination trigger 


Table 20. Deception Analysis of MACVSOG Security 


2. MACV 


Elements of the Military Assistance Command, Vietnam (MAcv) utilized 
deception in their operations against the Viet Cong and the North Vietnamese Army. In 
one case, the 25th Infantry Division learned of an inexperienced NVA regiment with 
orders to seek out an allied base as a way of building experience and morale. At the 
recommendation of the division staff, the commander of the 25th decided to provide the 
enemy with a suitable target. In February 1969, an infantry company established firebase 
DIAMOND I in the vicinity of the enemy force. What the NvA saw as a vulnerable target 
was in reality ringed with sensors and ground radar systems, and supported by three 
artillery support bases and air support. When the NvA decided to attack the firebase the 
sensor array deprived the NvA of surprise. Supported by the artillery bases and air 
support, the firebase repulsed two attacks with minimal casualties, while the NvA 
regiment was decimated. This stratagem was repeated by the 25th Infantry Division with 
at three additional firebases with similar successes. Repetition of the stratagem was 
achievable because establishing new firebases was a routine occurrence. While using 
troops as bait may seem distasteful, the stratagem was effective; moreover, by 
establishing DIAMOND I, the 25th Infantry Division was able to influence the NvA into 
attacking on the 25th's terms. The alternative would have meant allowing the NvA force 


to attack any one of a number of bases.343 


In analyzing this deception, it is interesting to note that the deception was not the 


force, rather the purpose of the force. As the report noted, had the NvA not acted on the 


343 Reference Book 31-40: Techniques for Deception, 6-16. 
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deception, the unit was still available to conduct patrolling operations.24^^ The deception 
goal was to incite the NVA to attack a specific firebase in order to neutralize the threat. 
The deception story was that the DIAMOND firebases were just more of many firebases, 


but conveniently located for attack: a variation of cry-wolf with an element of honeypot. 


Deception Objective (DO) NVA attacks DIAMOND firebases 

Deception Target NVA leadership in 25th Infantry Division area of operations 
Deception Story (THINK) DIAMOND firebases are perfectly positioned for NVA attack 
Deception Events (SEE) Portrayal - DIAMOND as typical firebase 

Termination Trigger On order once threat around firebase was disrupted 


Table 21. Deception Analysis of DIAMOND I 


In another example, prior to an attack on a Viet Cong (VC) stronghold, a ranger 
battalion conducted operations with heavy artillery support leading away from the VC 
base area. At the same time an Army of the Republic of Vietnam (ARVN) battalion 
similarly conducted operations moving away from the stronghold. After the feints were 
completed, the Ranger and ARVN troops were airlifted back to attack the stronghold. A 
prisoner captured during the assault on the stronghold indicated that the Ranger and 
ARVN battalion's movements lulled the VC into believing the base area was not the target 
of the operation. Usually feints are used to draw enemy forces away from the decisive 
point, but knowing how the enemy will react allowed the feints to achieve the opposite 
result. In this case, the feints of the Ranger and ARVN battalions were successful in 


convincing the VC to remain at the decisive point.345 


Deception Objective (DO) VC force remains at the stronghold 

Deception Target VC stronghold commander 

Deception Story (THINK) It is safe to remain at the stronghold because the Ranger and ARVN 
battalions do not know about it 

Deception Events (SEE) Feint — Ranger battalion operation moving away from stronghold 


Feint — ARVN battalions operation moving away from stronghold 
Simulation — additional camp fires 
Termination Trigger Assault on stronghold 


Table 22. Deception Analysis of Ranger Assault 


344 Reference Book 31-40: Techniques for Deception, 6-17. 


345 Headquarters, U.S. Military Assistance Command, Vietnam, Combat Experiences 2-69 (San 
Francisco: Headquarters, U.S. Military Assistance Command, Vietnam, 1969), accessed 11 July 2011, 
http://handle.dtic.mil/100.2/AD0504303, 3. 


128 


Page 840 of 3957 


Page 841of 3957 


H. OPERATION DESERT STORM 


Operation DESERT STORM provides an exemplar of how the concepts of deception 
work together to achieve the desired effect. According to General Schwartzkopf, 
Coalition forces implemented the *Hail Mary" plan because unfavorable force ratios— 
the Iraqi forces in Kuwait had numerical superiority and were in the defensive— 
precluded a frontal assault. Therefore, the flanking maneuver was essential for countering 
the Iraqi force advantage. 346 Deception became key to distracting Saddam from the “Hail 
Mary" preparations: 

The goal of the deception was to convince the Iragis that the main attack 

would come up Wadi Al Batin along the Kuwaiti-Iraqi western border. 

This attack would be supported by an amphibious attack from the northern 

Gulf and attacks directly into the defenses along the southern Kuwaiti 

border. The desired effect was to hold the RGFC and the professional 

army, the regular armor and mechanized divisions, oriented upon the Wadi 


and coast. This disposition would expose them to the VII and XVIII 
Airborne Corps enveloping maneuver and facilitate their destruction.947 


This deception plan played to Saddam's expectations, as early intelligence reports 
indicated a concern about amphibious operations and a belief that an attack through the 


desert was impossible.348 


The first step of the deception plan was the removal of Saddam's primary channel 
for intelligence—the Iraqi Air Force.°49 Prior to the start of the air campaign, 
reconnaissance and logistical preparations for the envelopment were prohibited, with all 
activity limited to reinforcing the perception of the main effort coming through Wadi Al 
Batin. In response to the staging of forces at the mouth of the wadi, Iraqi forces 
reinforced their positions on the other side. Within the assembly areas, "Virtually every 


division constructed replicas of Iraqi defensive positions and conducted extensive 


346 H, Norman Schwarzkopf, “Central Command Briefing,” Military Review, 71, no. 9 (September 
1991): 96 — 97. 


347 Breitenbach, “Operation Desert Deception,” 2 — 3. 
348 Breitenbach, “Operation Desert Deception,” 10 — 11. 
349 Schwarzkopf, “Central Command Briefing,” 97. 
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training against them."350 The press pool was allowed access to report on this training, 
but not to the maneuver training necessary for the flanking maneuver. Once the air 
campaign was started, and the threat of the Iraqi Air Force removed, VII Corps and 
XVIII Corps moved from their staging areas south of Wadi AI Batin to their new staging 
areas in the western desert. As a security measure for the movement, and to maintain the 
illusion that the two Corps were still in place, other units still located in the original 


staging areas portrayed the XVIII Corps using false radio traffic.95! 


Portraying a secondary effort, the II Marine Expeditionary Force conducted 
several amphibious training exercises, including Operation IMMINENT THUNDER. These 
demonstrations had the intended effect of causing seven Iraqi divisions to shift to the 
Kuwaiti Coast.5? The press was given access to cover these amphibious training 
operations as well, providing another channel to Saddam on the Coalition's intent to 
conduct an amphibious landing.25? The amphibious demonstrations were further 
reinforced by Psyop leaflets showing a tidal wave shaped like a Marine washing over 
Iraqi soldiers.254 On the morning of 24 February, SEAL Task Force Mimke conducted an 
amphibious feint, supported by naval gunfire, to reinforce the threat of landings in order 


to prevent the reallocation of the Iraqi divisions on the coast.35° 


The deception operations may have worked a little too effectively. When the 1st 
Cavalry Division launched its feint on 24 February through Wadi Al Batin, it met little 
resistance. The Joint Forces Command East and I Marine Expeditionary Force similarly 
met little resistance along the coast. The Iraqi forces were so concerned with being 
flanked by an amphibious landing they had withdrawn forty kilometers north. The quick 


advance of these forces necessitated the launch of the Hail Mary eighteen hours early. 


350 Breitenbach, *Operation Desert Deception," 5. 
351 Breitenbach, *Operation Desert Deception," 5. 
352 Breitenbach, “Operation Desert Deception,” 4. 


353 Schwarzkopf, “Central Command Briefing,” 102. It’s important to note that the press were not 
actively deceived or given disinformation to publish. They were afforded the opportunity to observe actual 
training and allowed to draw their own conclusions and report on it as they saw fit. 


354 Herbert Friedman, “Leaflets of Operation Desert Shield and Desert Storm,” accessed 25 May 
2012, http://www. psywartrior.com/HerbDStorm.html. 


355 Breitenbach, “Operation Desert Deception,” 7. 
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The rapid withdraw of Iraqi forces and the resultant rapid advance of Coalition forces 
into Kuwait sufficiently upset the operation's synchronization that Schwarzkopf and his 
ground commanders were forced to sacrifice some initiative in order to reset 


synchronization.356 


Deception Objective (DO) Iraqi forces concentrate away from “Hail Mary” flanking movement 

Deception Target Saddam 

Deception Story (THINK) Coalition main effort will come through Wadi Al Batin with 
supporting amphibious landing 

Deception Events (SEE) Demonstration — 1st Cavalry Division entry into Wadi Al Batin 
Demonstration — II Marine Expeditionary Force’s amphibious 
training 


Demonstration — Training facilities in the assembly areas 
Disinformation — PSYOP using amphibious imagery 
Portrayal — Radio traffic of XVIII Corps 

Blending — Radio silence by XVIII Corps 

Termination Trigger On order 


Table 23. Deception Analysis of Operation DESERT STORM 


356 Breitenbach, “Operation Desert Deception,” 21 — 25. 
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VII. CONCLUSIONS AND RECOMMENDATIONS 


As a nation we are bred up to feel it a disgrace even to succeed by 
falsehood... we will keep hammering along with the conviction that 
*honesty is the best policy,' and that truth always wins in the long run. 
These pretty little sentences do well for a child's copy-book, but the man 
who acts upon them in war had better sheathe his sword forever. 


— Colonel Sir Garnet Wolseley257 
A. CONCLUSION 


Deception has demonstrated its utility in the exercise of war since the dawn of 
recorded history. Even within the more limited scope of U.S. Army operations, deception 
has proven its worth time and again, from helping to save the Continental Army from 
sure destruction during the Revolutionary War to assisting in the rapid and complete 
defeat of a numerically superior foe during Operation DESERT STORM. Likewise, 
deception has proven its worth against conventional foes such as the German and Iraqi 
Armies, and against irregular foes like the Viet Cong and the Philippine insurgents. 
Given the demonstrated worth of deception across the spectrum of operations and against 
myriad opponents, it is unacceptable to see the lack of emphasis given deception in 


current Army doctrine. 


The level of emphasis of deception within U.S. Army doctrine has waxed and 
waned between 1905 and 2012. A number of explanations for this fluctuation have been 
presented, e.g., morality, the American style of war, and a professional officer class. The 
fluctuation is perhaps best explained by the perceived balance of power with the nation’s 
adversaries and the resultant leaning towards either the cumulative destruction or 
systemic disruption styles of war. When the U.S. Army perceives it has a force 
advantage—as has been the case since the end of the Cold War—then weight is given 
towards cumulative destruction, while systemic disruption and deception wanes. 
Conversely, when the U.S. Army perceives a force disadvantage—as was the case during 


World War II and the period of the 1970s through Operation DESERT STORM—then 


357 Garnet Wolseley, The Soldier’s Pocket-book for Field Service, 2nd ed. (London and New York: 
MacMillian and Co., 1871), 81. 
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weight is given systemic disruption and deception, while cumulative destruction wanes. 
If this is indeed the case, then the emerging era of austerity and economy of force roles 
would seem to suggest a shift towards systemic disruption and with it deception is in the 
offing. Furthermore, since balance of power ratios are essentially meaningless against 
adversaries relying on heavily systemic disruption approaches—e.g., Al Qaeda and other 
non-state actors—deception would appear to be of increased utility. However, the most 
recent capstone doctrine publications ADP 3-0 and ADRP 3-0 between them have a 
single bullet point mentioning deception without elaboration.258 As the U.S. Army seeks 
to do more with less, it must take to heart Whaley's observation about the cost of 
deception: 

Stratagem is cheap. It requires a very small initial investment of men and 

materiel. Effective stratagem can be the part-time work of only one man, 

particularly if he is the commander. And the most elaborate of such 

operations involved only diverting for a few weeks the services of several 

hundred men, a dozen or so small boats, a few aircraft, a fair amount of 

radio and other electronic gear, some wood, canvas, and paint, and bits of 


aluminum scrap. None of this was permanently lost to inventory, except 
the aluminum.259 


B. RECOMMENDATIONS 


What follows are some recommendations the U.S. Army should adopt to address 
the current shortfall of deception emphasis within doctrine and operations. These 
recommendations are an economy of force middle ground between the current doing 
nothing, and the actions of a resource rich U.S. Army. If resources and personnel were as 
effectively unlimited as they were in World War II, these recommendations would 
include a call for purpose built deception support battalions—modern versions of 23rd 
Headquarters Special Troops. However, this recommendation is unfeasible in the current 
fiscal and force cap environment, thus the recommendations focus on increasing the 


capabilities of existing units and personnel. 


358 Headquarters, Department of the Army, Army Doctrine Reference Publication 3-0: Unified Land 
Operations (Washington, DC: Department of the Army, 2012), 3-2; Headquarters, Department of the 
Army, FM 100-5, 1954, 37. 


359 Whaley, Stratagem (1969), 232. 
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1. Doctrine 


*Capstone doctrine establishes the Army's view of the nature of operations, the 
fundamentals by which Army forces conduct operations, and the methods by which 
commanders exercise mission command;" therefore, in order for deception to be fully 
integrated into U.S. Army operations, deception must be fully integrated into U.S. Army 
doctrine.36? The current single bullet guidance in Army Doctrine Reference Publication 
3-0: Unified Combat Operations of "conduct military deception" without further 
elaboration must change to something along the lines of the guidance in FM 100-5 
(1954), which stated: “It is imperative that commanders constantly realize the importance 
of combat deception and that they train their troops and staff in the techniques and 


planning for combat deception."361 


To achieve full integration of deception within Army doctrine, an office dedicated 
to the proponency of military deception must be created at either the Mission Command 
Center of Excellence or the Special Warfare Center and School. The office must have the 
single mission of proponency for deception, because prior history indicates that deception 
suffers when it is a secondary task. This office must have the mandate for active military 
deception and coordination authority with the proponents for the cover aspects of 
deception, e.g., camouflage, OPSEC, and counterintelligence. In addition to coordination 
authority, the deception office must be incorporated into the approval process for doctrine 
related to the covering aspects of deception so as to ensure unity of effort in the 
presentation of deception doctrine. Finally, all formal education on active deception must 
be either consolidated under the auspices of, or the programs of instruction approved by, 


the deception office; again to ensure unity of effort and message. 


In the development of deception doctrine, the focus should be on theory with 
illustrative examples illuminating the theory in an operational context. The purpose of the 
doctrine should be to spark creative thought on how deception might be practiced, not to 


dictate how deception is practiced. Additional emphasis should be given to the 


360 Headquarters, Department of the Army, Army Doctrine Publication 3-0, 1. 
361 Headquarters, Department of the Army, Army Doctrine Reference Publication 3-0, 37. 
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information requirements needed to develop a full understanding of the target. Particular 
care must be taken to ensure that doctrine does no prescribe particular techniques or 
template approaches; a doctrinaire or dogmatic approach would create the potential 


disastrous situation of predictable deception. 


2. Leadership, Education, and Training 


Integration of deception into U.S. Army operations demands that leaders embrace 
the potential of deception as part every operation. There are two ways to inculcate a 
respect for the utility of deception in leaders. First is for senior leaders at the upper 
echelons of the U.S. Army to direct deception integration into all training operations as a 
forcing function, especially at the combined arms training centers. Commanders who are 
accustomed to integrating deception into field training exercises beginning during the 
formative stages of their careers will be more apt to integrate deception into actual 
operations. Care must be exercised to ensure that the integration of deception into 
training does not degenerate into a templated, predictable process, as the use of variety is 


an essential factor in deception success. 


Second is for leaders at the lowest echelon practical to receive formal education in 
deception (Table 24). As the earlier a leader is trained and aware of the utility of 
deception the more likely deception will be integrated into the leader's planning 
methodology. Additionally, the educating and implementing at the lowest levels helps to 
ensure that as personnel advance, their experience with deception advances as well. If 
company commanders receive formal education on deception, then as they move up into 
senior leadership and staff positions they will carry the education with them, so that the 
majority of staff members from battalion and up will have training and experience in 
deception. The combination of the top down forcing function coupled with the bottom up 
education will serve to inculcate the idea of deception in the force more thoroughly than 
either approach by itself. This will help to bring the situation described in 1941 Field 


Service Regulations of Operations to fruition: 
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A commander who is ingenious and resourceful in the use of tactical 
strategems [sic] and ruses often will find methods of deceiving or 
misleading the enemy and of concealing his own intentions.3€? 


As with deception doctrine, formal deception education should focus on the 
theory of deception, especially the target’s decision-making process, and the concepts of 
biases, schemata, and heuristics. In addition to theory, formal education should include an 
emphasis on the information requirements for profiling potential targets. Illustrative 
examples drawn from prior uses of deception should be used to illuminate the theory 
within an operational context, but not as examples of *how to conduct" deception. What 


must be avoided in the formal education are any deception planning templates or guides 


that could result in a dogmatic approach to deception. 


Organization Echelon Minimum Optimum 
(In addition to minimum) 
General Purpose Corps/Division Commander Deputies 
Forces G3 G3/NCOICs 
G2 MISO OIC / NCOIC 
G5 Inform and Influence OIC 
Brigade/Battalion Commander Command Sergeant Major 
S3 $3/S2 NCOICs 
S2 Inform and Influence OIC 
$3 Plans MISO NCOIC 
Company Commander First Sergeant 
Platoon Leaders 
Platoon Sergeants 
Special Forces Group/Battalion Commander Assistant S3 / S2 
S3 Command Sergeant Major 
S2 $3/S2 NCOICs 
S5 
Battalion Operations Warrant 
Company Commander Company Operations 
Company Operations Sergeant Major 
Warrant Operations Sergeant 
Operations/ Intelligence 
Sergeant 
Detachment Asst Detachment Detachment Commander 
Commander Operations Sergeant 
Operations/ Intelligence 
Sergeant 
Military Information Command/Group/Battalion | Commander Deputy Commander 
Support Operations S3 S3/S2 Deputies 
S2 Command Sergeant Major 
$3/S2 NCOICs 
Company Commander First Sergeant 
Detachment OIC NCOIC 
Team NCOIC 


Table 24. 


Recommended Personnel for Formal Deception Education 


362 War Department, Field Service Regulations of Operations, 1941, 58. 
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3. Personnel Selection 


The personnel holding the positions in Table 24 are the recommended recipients 
of formal deception education; however, this should not be interpreted as saying these 
personnel are the only ones involved in deception planning. Depending on the deception 
plan, other personnel may be needed, e.g., developing a notional order of battle will 
require a witting actor in the personnel section. Additionally, the fact a person occupies a 
position indicated in Table 24 does not imply the person is cut out for deception 
planning; more important than either the rank or the position are the personal 
characteristics of a deception planner. Deception planning requires a certain type of 
strategic thinker who has initiative and is creative, intelligent, mentally agile, and security 
conscious. A deception planner does not need to be “immoral” or “morally flexible;" 
rather, a planner needs to be able to set aside personal considerations for the 
accomplishment of the mission. Lieutenant Colonel Simenson, the operations officer for 
23rd Headquarters Special Troops, was personally against the use of deception, but he 
did not let his personal feelings interfere with the mission.363 That said, a person who is 


unable to set aside personal feelings on deception is best left as an unwitting actor. 


A commander may feel the need to reach outside his staff for the best candidate; 
much like General Wavell requested Dudley Clarke by name to head up British deception 
efforts in North Africa during World War II.364 Regardless of whom the commander 
chooses to lead his deception planning, the planner must be assigned to the unit. It is 
unrealistic and counterproductive to expect an outside element to assume deception 
planning for a unit. First, delegating responsibility to an outside element undermines the 
integration of deception into unit training and operations; when the outside element is not 
present during routine field training exercises neither is deception. Second, attaching a 
deception planning function serves to inhibit the growth of an organic capacity for 
deception within the unit by absolving the supported commander and staff of the 
planning responsibility. The commander responsible for the overall mission must also 


plan and execute the supporting deception stratagem. 


363 Gerard, Secret Soldiers, 85. 


364 Mure, Master of Deception, 58. 
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4. Facilities 


Deception planning requires a segregated facility in order to control access to the 
deception plan. The segregated facility can be as simple as a lockable room to secure 
compartmentalized information. The critical requirement is that the facility is 
commensurate with the level of classification of the plan and supporting resources. At the 
same time, the deception planner cannot work in complete isolation from the rest of plans 
and operations. In order to ensure the deception plan is fully nested in the supported plan, 
the deception planner must also be physically integrated into overall operations planning, 


and therefore also needs to have a space that is connected to the plans space. 


C. FINAL NOTE 


As a final word of caution, the deception practitioner must remember that the past 
is a guide not a blueprint. As Roger Hesketh notes in his report on Operation FORTITUDE: 
“It is always unsafe to apply too literally the experiences of one war to the changed 
circumstances of another."365 A good example of a historic technique which may no 
longer be appropriate is the use of troops to convey disinformation as prisoners. 
Magruder used troops portraying deserters to convey disinformation to McClellan; this 
tactic would be rightfully unacceptable today for U.S. planners—though interrogators 
must still watch for this deception in use by our adversaries.?66 Likewise, the use of a 
corpse as the central prop in Operation MINCEMEAT might have trouble making it through 
legal review today, or more importantly, the target's forensic capabilities. And the 
deliberate use of the press to convey disinformation as was the case with Operation 
WEDLOCK would surely cause significant blowback today. 367 This is not to say that these 
techniques cannot be adapted for use in the current operational environment; rather, that 
historic examples of deception must be adapted for usage in the current operating 
environment, with careful consideration given to the changes since the time the deception 


was executed. 


365 Hesketh, Fortitude, 351. 
366 The Editors of the Army Times. The Tangled Web, 5. 
367 Herbig, *American Strategic Deception," 270 — 271. 
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EXECUTIVE SUMMARY 


The Information Assurance Architecture (IAA) Panel was tasked to review the 
implementation of the 1996 Defense Science Board Task Force on Information Warfare Defense 
recommendations, to identify specific issues associated with information assurance goals of Joint 
Vision 2020 (JV2020), and to evaluate the adequacy of progress made in achieving these goals. 
The panel addressed the status of the Department of Defense's (DoD) efforts to establish an IAA 
framework and standards, and to develop promising IAA techniques. The panel invited 
representatives from the Services, various agencies, and information technology industries to 
brief on IA related technologies, trends and market demands. In general, the panel found that 
significant progress has been made in implementing the 1996 DSB recommendations, but critical 
issues need to be resolved in the context of JV2020. 


The ability to achieve information superiority is the pacing item in realizing the goals of 
JV2020. The Global Information Grid (GIG) is the underlying infrastructure that will support 
information superiority. The panel believes the key to success is in implementing a standards- 
based, metric-driven, end-to-end integrated global information grid. The GIG will incorporate 
near-term information technologies to globally interconnect information capabilities, associated 
processes and personnel. Further, the GIG must exploit technologies, standards and architectural 
frameworks based on commercial information technologies (IT). The panel believes that the 
implementation of the GIG, in the context of JV2020, is one of those significant events that occur 
once every decade or two, and that how it is managed and architected will have a major impact 
on DoD for the next decade or more. 


The panel argues that the GIG should be viewed as a weapon system since it leads to 
information/decision superiority and therefore will be attacked by our adversaries. However, 
unlike traditional weapons systems, the DoD does not own the critical elements of the GIG; it 
will be built from rapidly evolving commercial-off-the-shelf (COTS) components. In addition, 
the GIG can be more readily attacked due to low cost of entry for attackers and the fact that 
attack attribution is difficult. 


The GIG today comprises the Non Secure Internet Protocol Router Network (NIPRNET), 
Secure Internet Protocol Router Network (SIPRNET), Joint Worldwide Intelligence 
Communications System (JWICS) and Service Tactical Command, Control, Communications, 
and Intelligence (C3I) systems. The panel found that each service is pursuing its own 
architectural implementation of the GIG and observes that, absent an office of primary 
responsibility, the GIG will not achieve Joint Weapons Systems status. The panel identified a set 
of DoD strategies for providing information assurance for the GIG: (1) pursue a disciplined 
implementation through consistent architectural framework; metrics; and commercial standards; 
(2) segment the communities, i.e., separate DoD from the general public and segment by 
classification and enclaves; (3) counter denial-of-service by segmentation, redundancy, diversity, 
and a restricted set of Internet access points; and (4) establish fine grained access control of 
computing and communication resources. 
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In addition to developing a strategy, the panel made several assumptions. The first is that the 
DoD will establish the Internet protocol (IP) as the convergence layer for the GIG. The second is 
that the Defense Information Infrastructure will migrate from Asynchronous Transfer Mode 
(ATM) to Internet Protocol (IP) services. The third is that the DoD will fully execute its Public 
Key Infrastructure/Public Key Enabler (PKI/PKE) strategy. 


The panel recommended an Information Assurance (IA) reference model protocol stack that 
is almost consistent with the reference models used by International Organization of 
Standardization (ISO) and by the Transmission Control Protocol/Internet Protocol (TCP/IP) 
community, and is based entirely on commercial protocols. The panel also recommended a 
standard defense-in-depth approach that spans common user networks, command enclaves, and 
Workstations or servers. It is recommended that all common user networks (SIPRNET, JWICS, 
and NIPRNET) adopt this approach, which has the feature of providing significant barriers to 
insider attacks. 


The panel observed that the GIG includes commercial as well as DoD wireless connectivity 
and that the best protection for all wireless systems is at the physical layer. DoD has developed 
and deployed techniques for such protection; however, commercial wireless systems do not offer 
equivalent capabilities. Furthermore, both military tactical internets and commercial wireless 
systems depend on higher-level network processing (routers, user location databases, etc.) that 
are largely unprotected. Protection needs to be extended to these facilities to ensure robust 
mobile wireless operations. It will be essential to establish a consistent engineering approach for 
wireless use in the GIG. 


The panel observed that metrics for information assurance are an important and inadequately 
addressed need. Researchers, designers, vendors and operators of information systems need a 
broad spectrum of metrics to achieve their respective objectives. The panel observes that it will 
be necessary to develop different sets of metrics for technical-, systems-, and mission-level 
evaluation. For instance, mission-level metrics would involve time to complete a mission, 
targeting and situation awareness accuracy. System-level metrics might include system downtime 
and response time to neutralize attacks. Technical-level metrics might include probability of 
attack detection vs. false alarms. The panel also observes that an architectural 
environment/testbed will be required for development of metrics and measurement of system 
performance in DoD-relevant operational scenarios and related information traffic flows. To 
achieve these objectives the testbed must facilitate collaboration and participation of research and 
development, evaluation and operational communities (services and agencies). 


Based on the above, the panel made four principal recommendations: 1) the Secretary of 
Defense (SecDef) should establish a board of directors to provide oversight of the GIG (Deputy 
SecDef [Chair], Under Secretary of Defense for Acquisition, Technology & Logistics, VCJS, 
ASD/CSI, DCD; 2) the Board should establish an Executive Director and systems engineering 
organization to implement the GIG; 3) the executive director should be given responsibility for 
implementing the GIG based on a consistent systems architecture; and 4) the executive director 
should establish a GIG IA research and development (R&D) testbed to meet the need to 
continually test, evaluate, and evolve the GIG. 


By implementing the recommendations and pursuing the layered architectural strategy, 
vulnerability to attack will be significantly reduced and attribution capabilities will be increased. 
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CHAPTER 1. INTRODUCTION 


Terms of Reference 


Review and assess progress on DSB network security 
and architecture-specific recommendations associated 
with information assurance 


Identify network security and architecture-specific 
issues associated with the information assurance goals 
of Joint Vision 2020 


Determine the adequacy of progress toward achieving 
the information assurance goals of JV 2010 on the basis 
of the network-security-specific requirements 


Develop and submit to the DSB Task Force a summary 
report 


T 


Help Develop a Strawman IAA 


Figure 1. Terms of Reference 


The Information Assurance Architecture (IAA) Panel was asked to review progress made by 
DoD toward implementing the recommendations made by the Defense Science Board's (DSB) 
1996 Study on Information-Warfare-Defense (IW-D).! The panel was asked to specifically focus 
its analysis on those recommendations related to issues associated with DoD information 
infrastructure architecture initiatives. 


At the first meeting of the IAA Panel, the members decided to extend their tasking to include 
a review of the status of DoD's efforts to establish an IAA framework. The panel felt that such a 
framework is a necessary foundation for deploying, over time, a DoD information infrastructure 
that provides a reasonable and understood degree of IA. The panel reviewed the following DoD 
information-system architectural components: (1) operational architecture (OA), (2) system 
architecture (SA), and (3) joint technical architecture (JTA). For purposes of IA, the panel added 
to this triumvirate the need for a reference model for IA — a model that sets a high level 
perspective of where and how IA services should be provided within the DoD information 


! — Reference 1996 DSB Study “Tactics and Technology for 21" Century Military Superiority” 
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infrastructure. The need and utility of an IA reference model was predicated upon the fact that 
such a tool exists and is used in the private sector. We sought to determine if a parallel was 
developed within DoD as part of its architectural framework for IA. The panel's Terms of 
Reference (TOR) are provided in Figure 1. 


Membership 


a Chair: Dr. Mike Frankel (SRI) 
* Members: Dr. Stephen Kent (BBN) 
Dr. Pat Lincoln (SRD 
Mr. Al McLaughlin (MIT-LL) 
Mr. Peter Steensma (ITT) 
Mr. John Woodward (MITRE) 


= Government Advisors: Mr. Lee Hammarstrom 
Dr. Jaynarayan H. Lala (DARPA) 


Figure 2. Panel Membership 


The members of the IAA Panel who undertook the challenge of addressing the TOR are listed 
in Figure 2. The members include internationally recognized experts in IA. Their collective 
expertise included a deep understanding of IA technologies, systems and concepts for both wired 
and wireless information systems. This understanding included both commercial practices as 
well as DoD IA implementation and research/development initiatives. 


The panel was supported by two government advisors who brought complementary 
backgrounds and knowledge regarding DoD IA initiatives. One advisor has been a key member 
of the DoD community architecting, developing, and deploying DoD IA technology for use by 
DoD Services and Agencies; the second individual brought an understanding of the present DoD 
IA Science and Technology (S&T) programs. 


Brief biographies of the IAA Panel members are provided in Appendix B. Relevant IA 
backgrounds and experience are noted therein. 
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Method of Approach 


Review DoD Information Assurance Architecture efforts 
Review commercial IA technology base 


Formulate strawman IAA 
+ Augment DoD efforts 
Or 
+ Start from scratch (not necessary!) 


Identify commercial IA technology shortfalls 


Identify DoD S&T investment strategy 
+ DoD-unique needs 
« Accelerate private sector efforts 


Define IA metrics 


Keep closely coordinated with IA Technology subpanel 


Figure 3. Method of Approach 


The panel’s method of approach for addressing its TOR was to invite DoD representatives 
from the various organizations supporting DoD IAA programs to brief the panel. Representatives 
from Office of the Secretary of Defense (OSD), the Services, and Agencies were selected. In 
addition, representatives from the private-sector information technologies (IT) industry were 
invited to brief the panel on IA-related technologies, trends, and market demands. Because 
DoD’s information infrastructure, including IA elements, is highly dependent on the private- 
sector offerings, the panel felt that understanding the needs, goals, and IA architecture 
frameworks from both perspectives was critical to formulating the panel’s findings and 
recommendations. 


Based on this dual track assessment, the panel provided inputs to its companion IA 
Technology Panel. These inputs were intended to help identify DoD IA requirements for which 
the private sector would not necessarily provide solutions; thus, a DoD Science and Technology 
(S&T) investment would be appropriate. 


Finally, the panel noted that to measure progress in achieving adequate IA for DoD’s 
information infrastructure, metrics are necessary. At the outset, the panel realized that the 
definition and development of IA metrics within DoD has only started. The panel, therefore, 
decided to make IA metrics a key part of its deliberations, as noted in Figure 3. 
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Meeting Schedule/Planned Topics 


a o 
Received 
[Feb2223 | n | Kick-off and IA Service Overviews and Threat Briefings 
March 27-28 ED Panel Chairs Outbrief Progress and DoD requirements 


April 19-20 Joint Vision 2010-2020, DARPA Initiatives, Adequacy of DoD 
neater capable of meeting forecasted service and joint 


ol DSB awe DIO Panel briefings to DSB Members. Briefings 
from Industry and DARPA perspectives. 


| _7__|tAmetrcs, security standards, briefing on Chessmaster. | metrics, security standards, [IA metrics, security standards, briefing on Chessmaster. | on Chessmaster. 


EIM 12-13 Network information assurance protection measures and 
Common operating environment. Present findings, develop 
recommendations and write draft report. 


August 7-18 | o | DSB Summer Study, final report. 


Figure 4. Meeting Schedule 


The pane! was formed in February 2000 and conducted its business over a period of six 
months. The first several meetings were dedicated to receiving briefings and the latter to panel 
discussions and formulation of the findings and recommendations provided in this report. 


As noted in Figure 4, a total of 52 briefings were received covering the topics and 


organizations 


noted therein. The major themes for each of the six meetings held are also noted in 


the figure. The specific briefings and briefers presented are provided in Appendix C. 


The briefings and the backgrounds of the panel members provided the contextual and 
technical information that formed the basis of the findings and recommendations provided 


herein. 
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CHAPTER 2. VISION 


“The Vision” 
Integrated Information Infrastructure: 
A Conceptual View 


Entities 

— Sources and users of information 
— Diversity of information needs 
| b Moo — uc - Type, quantity, timeliness 
4 ENT M - Change as a function of 

mission & situation 

Information infrastructure (II) functional 
decomposition 

— Layered concept. Each layer: 


- Provides services to layer 
above 


Receives services from layers 
below 


Dynamically adapts to meet 
. : information needs of entities 
* Agents =a software entity that is — - Tightly coupled to each other to 
autonomous, is goal directed, is migratory, permit adaptation as an 
is able to create other entities and provides integrated system 
a service or function on behalf of its owner 


Figure 5. III Vision 


In prior DSB studies, a vision, called the Integrated Information Infrastructure (M), was 
developed for DoD”. This vision, as discussed below, has become the foundation within DoD for 
many of its information infrastructure initiatives today. The vision sets goals and directions for 
DoD-wide information services that will come about through the exploitation of private sector 
information technology (IT), to include associated IA technologies. The III then sets both a long- 
term vision and a road map for the evolution of the DoD infrastructure. Figure 5 provides a 
conceptual view of the III. 


The ability to achieve information superiority is the pacing item in realizing the goals of Joint 
Vision 2020. The inadequacies of current service information infrastructures prevent 
commanders from realizing the full benefit of the current family of intelligence, surveillance, and 
reconnaissance (ISR) systems — space-based, airborne, or surface — much less profiting from 
advances in sensors and weapons. Because of uncertainties whether crucial information will be 
available when needed, commanders are driven to develop unique, local-only reconnaissance, 


? Reference 1996 DSB Study "Tactics and Technology for 21* Century Military Superiority"; 1998 DSB Summer Study 
“Joint Operations Superiority in the 21? Century"; 1999 DSB Summer Study *21* Century Defense Technology Strategies" 
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surveillance, and target acquisitions (RSTA) systems. Overall, this tendency has resulted in 
redundant investment in, and proliferation of, “stovepipe*” communication and sensor systems. 


Increasingly, the armed forces are shifting to an operational concept wherein surveillance and 
targeting sensors are separated physically from the command node location, which in turn may be 
remote from the weapons launch platform. In the case of air platforms, for example, no longer 
will the sensors, commander (pilot), and weapons necessarily be collocated in a single aircraft. 
Further, third party targeting data sources and weapons magazines are proliferating. Examples of 
this evolving trend appear in such concepts as forward pass, cooperative engagement capabilities 


(CEC), the arsenal ship, and the transfer of tactical situation data derived from a variety of off- 


board sources directly into cockpits. 


This evolution promises major improvements in the tactical flexibility and combat 


effectiveness of forces. The realization of this promise is not without challenges, however, . 


because the operational concept is inhibited by the inadequacy of the traditional military 


communication and information-services infrastructure as well as continuing interoperability © 


problems between military services and between systems within a given service. 


To realize the potential benefit of this new concept, our future information infrastructure 
must be capable of reliable transmission, storage, retrieval and management of large amounts of 
data. Today all systems are segmented into communications links, computers, and sensors that in 
turn are stovepiped to support specific functions (i.e., intelligence, logistics, and fire control). 
Furthermore, these component entities are now constrained by a lack of (1) the bandwidth 
necessary for high-resolution imagery transfer; (2) the processor capacity needed for target 
recognition and interpretation; (3) memory sufficient to handle massive amounts of archival data; 
and (4) software to search the many data repositories quickly in order to provide commanders 
with tactical information in a timely manner. These constraints are magnified by difficulties in 
integrating a myriad of legacy information systems with newly developed, service-unique 
stovepipe and joint systems. These limitations can be overcome, and the full capability of joint 
forces realized, if we set as our goal the integration of all military CAISR* systems into a 
ubiquitous, flexible, interoperable C4ISR system of systems — the Integrated Information 
Infrastructure. 


The Integrated Information Infrastructure must meet several key requirements if it is to 
enable future combat operations to support a wide spectrum of missions, threats, and 
environments. 


As stated in Joint Vision 2020, a military force must be able to receive or transmit all of the 
information it needs for the successful and efficient prosecution of its mission, from any point on 
the globe, in a flexible, adaptive, reconfigurable structure capable of rapidly adapting to changing 
operational and tactical environments. The information infrastructure must support this need, 
while allowing force structures of arbitrary composition to be rapidly formed and fielded. 
Furthermore, the infrastructure must adapt to unanticipated demands during crises, and to stress 
imposed by adversaries. 


3 — “Stovepipe” systems are those designed with one application or uses in mind without consideration of interfaces with other 


Systems. 


^ C4ISR: Command, control, communications, computers, and intelligence surveillance and reconnaissance. 
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The infrastructure must allow information to be distributed to and from any source or user of 
information at any time: its architecture must not be constrained to support a force-structure 
(enterprise) hierarchy conceived a priori. Most importantly, the information and services 
provided to an end user through the infrastructure must be tailored to the user's needs, and be 
relevant to the user's mission, without requiring the user to sort through volumes of data or 
images. 


The information infrastructure must include multimode data transport including landline, 
radio, and space-based elements. All of these media must be integrated into a ubiquitous, store- 
and-forward data internetwork that dynamically routes information from source(s) to 
destination(s), transparently to the user. This data transport segment of the infrastructure must be 
self-managed, be adaptive to node or link failure, and provide services to its users based on 
quality-of-service (QoS) requests. These services include bandwidth, latency, reliability, 
precedence, distribution mechanisms (point to point, point to multipoint), and the like. 


The infrastructure interface will link the user to a distributed processing environment that 
includes all types of computers situated at locations appropriate to their needs for power, 
environment, and space. This distributed computing environment will be integrated via the 
transport component of the infrastructure, thus enabling these processors to exchange data 
dynamically, share computation loads, and cooperatively process information on behalf of and 
transparent to the user. 


The infrastructure should be an adaptive entity that integrates communication systems, 
computers, and information management resources into an intelligent system of systems. Each 
component of the III will exchange state information with each other, in order to enable the entire 
infrastructure to adapt to user requirements and any stresses imposed on the network by an 
adversary. This adaptability will also enable the infrastructure to change its scale as necessary to 
support force structure(s) of arbitrary size, or to incorporate new processing, network, and 
communication technologies as they are developed. Thus, this infrastructure is a scaleable 
computing environment. 


The information infrastructure must provide tailored information services to diverse users 
ranging from a single person to a collection of people, sensors, and/or weapons by means of 
intelligent agents — software entities, under the general control of the user, that are goal-directed, 
migratory, and able to create other software entities, and provide services or functions on behalf 
of the user. 


Each user will be served by one or more intelligent software agents that proactively provide 
and disseminate appropriately packaged information. These agents will perform such functions as 
fusing and filtering information and delivering the right information to the right user at the right 
time. They must be proactive in the sense that they are aware of the user's situation and needs, 
and can provide information relevant to those needs without a specific user request. 


These agents will multiply the personnel resources available to combat units by gathering and 
transforming data into actionable information to support unit operations, just as unit members 
would have to do, were the software agents not provided. Warfighters will therefore be freed of 
routine chores in favor of actual operations. 
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To the maximum extent feasible, the infrastructure's transport layer will take advantage of 
commercial technology and networks, by utilizing open-systems standards and protocols, and 
will minimize the use of service- or function-unique hardware and software. For applications 
where military-unique capabilities (such as antijam, low probability of intercept, spread-spectrum 
waveforms and the like) are required, military products will be developed or adapted to interface 
with the overall architecture. 


We must set as a goal the realization of the III vision in an evolutionary manner. As we 
succeed, we will enable, over time, the following military capabilities: 
e Geographic separation and functional integration of command, targeting, weapons 
delivery, and support functions 


e Support for split-base operations, force projection, information reach back, combat, j 
and force protection for units large and small 


e Common situational understanding, common operating picture, and informed and 
rapid decision making for joint forces 


e Enhanced operational flexibility for commanders at all levels 
e Reduced logistics footprints in immediate combat areas 
e Full exploitation of sensor, weapon, platform and processing capabilities 


e Real-time or near real-time responsiveness to commanders’ requests for information, 
fire support, and urgent logistics support 


The first phase for realizing the III is the implementation of the Global Information Grid 
(GIG). The GIG will incorporate near-term information technologies to provide the warfighting 
capabilities noted above. The GIG will, over time, evolve into the longer-term vision for the III. 
As we proceed to implement and secure the GIG, we must keep the evolution toward the III in 
mind. 
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Global Information Grid (GIG) 


Definition 


Globally interconnected, information capabilities 
associated processes and personnel for 
collecting processing 
storing disseminating 
managing information 
on demand to warfighters, policy makers, and 


Ba a5 


; | Warrior Components 


National Security activities 
Intelligence community 
missions in war and in peace 


supporters " 
The GIG includes: g: z 
all owned and leased communications =| e 
computing systems and services E ; S 
Software, applications and data S L x 
security services z Computing g 
[M na z E1 
The GIG supports: E E 
Department of Defense E E 
z z 

5 

E 


The GIG provides capabilities from all operating 
locations: 
bases posts camps stations 
facilities mobile platforms deployed sites 


The GIG provides interfaces to coalition, allied, 
and non-DoD users and systems 


Figure 6. Global Information Grid 


The III vision was formulated in 1996. It, along with similar visions such as Network Centric 
Warfare (NCW) and the Advanced Battlefield Information System (ABIS), has helped DoD 
formulate and articulate a vision for a near-term version of the III. This near-term vision is shown 
in Figure 6. The GIG is intended to be the means by which information superiority (IS), as 
envisioned in the Joint Vision 2020, is achieved. The following quotes define the GIG. 


The GIG is the vision of the Assistant Secretary of Defense for Command, 
Control, Communications, Computers, and Intelligence (ASD/C3I) for 
achieving IS. The GIG is focused on the warfighters’ needs for IS plus the 
critical concerns of frequency spectrum and improving the management of the 
information infrastructure investment along with the coevolution of Doctrine, 
Organization, Training and Education, Materiel, Leadership, Personnel, and 
Facilities (DOTMLPF).? 


The September 22, 1999, Office of the Assistant Secretary of Defense Director, Command, 
Control Communications and Intelligence Systems (ASD/C3I) memorandum, Subj: Global 
Information Grid, defines the Global Information Grid (GIG) as: 


5 Reference: Enabling the Joint Vision, The Joint Staff, C4 Systems Directorate, Information Superiority Division (J6Q), 
Pentagon, Washington, D.C., March 2000 


11 


age 882 of 3957 


Page 883 of 3957 


The globally interconnected, end-to-end set information capabilities, 
associated processes and personnel for collecting, processing, sorting, 
disseminating and managing information on demand to warfighters, policy 
makers, and support personnel. The GIG includes all owned and leased 
communications and computing systems and services, software (including 
applications), data, security services and other associated services necessary 
to achieve Information Superiority. It also includes National Security Systems 
as defined in section 5142 of the Clinger-Cohen Act of 1996. The GIG supports 
all Department of Defense, National Security, and related Intelligence 
Community missions and functions (strategic, operational, tactical and 
business), in war and in peace. The GIG provides capabilities from all 
operations locations (bases, posts, camps, stations, facilities, mobile platforms 
and deployed sites). GIG provides interfaces to coalition, allied, and non-DoD 
users and systems. 


The GIG’s interoperability builds upon the existing Defense Information 
Infrastructure (DII) Common Operating Environment (DII-COE). The building 
blocks of Joint Technical Architecture, Joint Operational Architecture, Joint 
Systems Architecture, a shared data environment, the migration of legacy 
systems, and adherence to commercial standards provide the necessary 
structure for the GIG. 


The key to achieving information superiority lies in implementing a standards based, metric- 
oriented, end-to-end integrated Global Information Grid. The concept of IS may be situational 
but the GIG, which will implement IS, is quantifiable. Important initiatives to implement the GIG 
are described in the following sections. 


The emphasis on the standards-based and metrics-oriented aspect of the GIG description is 
believed by the panel to be key to its being successfully deployed, used and evolved to 
continuously meet DoD needs. 
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Integrated Information Infrastructure 


The evolution of today's GIG into the III envisioned by the DSB requires that the GIG exploit 
technologies, standards and architectural frameworks based on information technologies (IT). It 
is within the private sector that significant investment in and rapid evolution of IT is occurring. 
DoD must position its evolving GIG to take advantage of this technological evolution. 


Figure 7 shows the evolution of the GIG. As noted, its foundation architectural framework 
must be sufficiently flexible to allow transition from more conventional relational/procedural- 
based information services to services supported by intelligent mobile code (software agents). 
Keeping this evolution in focus today will help DoD augment the GIG when necessary as well as 
help to guide DoD’s science and technology (S&T) investments over the next several years. 
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Figure 7. III Roadmap 
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The GIG From a Service Perspective 
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Figure 8. The GIG from a Service Perspective 


In addition to hearing the OSD perspective, plans, and strategy for the GIG, the panel heard 
the service views on GIG. In each case, as shown in Figure 8, the Services presented an overview 
of the GIG that was consistent with the notion of an integrated infrastructure connecting post, 
camp, or station to deployed forces. The infrastructure, from each service's perspective, would 
support warfighter applications, combat service functions, and business functions for each of its 
user communities wherever they are situated. 


The panel noted, though, that each service presented and talked to its implementation of a 
global information grid — none presented a concept of a single, joint, DoD-wide GIG which 
would be leveraged and used for its information needs. The panel did not hear how the services' 
need for various levels of security (unclassified through top secret) would be supported in their 
respective implementations. In fact, the panel noted that the primary focus of the Services' 
presentations was supporting post/camp/station unclassified information services. The panel also 
heard that each service anticipated having wireless access media integrated into its respective 
segment of the GIG. This wireless media is necessary to support our highly mobile, forward- 
deployed forces. In addition, the panel noted that wireless point-to-point extensions exist in the 
"wire-based" (fiber or copper) segments of the GIG that support the interconnection of the 
post/camp/station locations. These wireless media need to be considered when one addresses 
IAA for the GIG. This issue, not discussed in DoD briefings, is addressed more fully in | 
subsequent sections of this report. 
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Panel Findings 


An amazing amount of progress has been made during the 
past year in formulating an IAA strategy, framework, 
associated architectures and implementation of 
infrastructure 


“people, resources, technology 


+ 
the IATF* “reference manual” 
But: 


Additional work remains 


* Information Assurance Technica! Framework 


Figure 9. Panel Findings 


From the DoD and service-related briefings, the panel noted that significant progress has 
been made in formulating an IAA strategy, framework, and associated architecture and in 
implementing infrastructure. The IAA Panel noted that significant people, funds and technology 
have been allocated and deployed toward providing a more robust DoD information 
infrastructure. This section of our report presents the panel’s findings related to this progress. 
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CHAPTER 3. IAA FRAMEWORK 


3.1 IAA REFERENCE MODEL 


IAA Reference Model 


No DoD LAA reference architecture found 


However some possibilities follow... | 


*An IA reference model has not been presented 


Figure 10. IAA Reference Model 


As shown in Figure 10, no single IAA reference model (RM) has been selected or developed 
by DoD. Such a reference model would help the DoD IA community understand where 
appropriate IA standards and services are provided within the GIG. Given that a RM has not been 
selected, the panel noted that various options do exist. 
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ISO Reference Model eSecurity Protocols 


X.400, MSP, PEM, S/MIME, OPGP 
; X.500, DNS Security 
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Figure 11. ISO Reference Model and Security Protocols 


Figure 11 presents one option. This figure illustrates the International Organization of 
Standardization (ISO) reference model (ISO 7498) annotated with a mix of International 
Telecommunications Union (ITU-T) (see ISO and Consultive Committee on International 
Telegraph and Telephone [CCITT]) and Internet Engineering Task Force (IETF) security 
protocol standards. (The term "synchronous link encryption" is non-standard and refers to 
physical layer cryptographic devices employed on a per-link basis. The term “key and certificate 
management protocols" is also non-standard.) The standards highlighted in italics are obsolete, 
either superceded by newer standards or never adopted by vendors and integrated into products. 


The protocols noted in Figure 11 include: 


e Standard for Interoperable LAN Security (SILS), Institute of Electrical and 
Electronics Engineers (IEEE) 802.10 


e Network Layer Security Protocol (NLSP), an ISO protocol 


e Encapsulating Security Payload (ESP) and Authentication Header (AH), Internet 
Engineering Task Force (IETF) protocols defined in RFCs 2402 and 2406 


e Transport Layer Security Protocol (TLSP), an ISO protocol 
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e Secure Sockets Layer (SSL)/ Transport Layer Security (TLS); the former is a 
commercial security protocol, the latter is the IETF version 


e X.400, Message Security Protocol (MSP), Privacy Enhanced Mail (PEM) Secure 
MIME (S/MIME) and Open PGP (OPGP), all are secure e-mail protocols. X.400 is a 
CCITT standard, MSP is a DoD standard, and PEM, S/MIME and OPGP are IETF 
standards 


e X.500 and DNS Security are directory security standards from the CCITT and IETF, 
respectively 


ISO Reference Model: 
Mapping Services to Protocol Layers 


Connectionless Confidentialit 
Selective Field Confidentialit 


Non-repudiation, Origin 
Non-repudiation, Receipt 


Figure 12. ISO Reference Model 


Figure 12 illustrates the mapping of security services (as defined in ISO 7498-2) to the seven 
layers of the ISO reference model shown in Figure 11. It is extracted from a more comprehensive 
larger table in ISO 7498-2. The table is intended as a guide for protocol developers, suggesting 
which security services may be appropriate to offer at which layers. Even without examining 
each cell in detail, several issues are apparent. The question marks at layer 2 represent a 
disagreement between ISO and IEEE, which was eventually resolved in favor of the IEEE (re 
SILS). Layers 3 & 4 offer similar security features. No security services are recommended for the 
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session layer (5), and little is appropriate for layer 6. Any security service can be offered at layer 
7. 


Note that the same service may be offered at multiple layers without being redundant, 
because different layers provide different communication services. So, for example, excellent 
traffic flow confidentiality can be offered at layer 1, but end-to-end confidentiality requires use of 
layer 3, 4 or 7. 


In the IA reference model recommended by the panel, we propose adoption of standard 
security protocols at layers 3, 5, and 7. We also emphasize the use of layer 1 (physical layer) 
security technology (i.e., link encryption or Transmission Security [TRANSEC]. for wireless 
links) to connect DoD network elements. 


COE Reference Model 
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Figure 13. COE Reference Model 


A second option for a GIG RM is extending the Common Operating Environment RM (COE) 
shown in Figure 13. This reference model illustrates the segmentation and layering of code and 
services in the COE. The panel noted, however, that the COE does not yet address IA (security) 
services within either its RM or within the run time environments or segmented code libraries it 
provides to DoD customers. Through discussions with DoD COE representatives, the panel 
learned that IA extensions to the COE RM, to identify IA services, are presently underway, but 
there are no near-term plans to add IA (security) code to the COE run time environments. The 
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panel also noted that the COE is a product-centric framework as opposed to a standards-centric 
framework that is one of the underlying tenets of the GIG (see discussion in Figure 6). 


TAFIM Reference Model 


Arch & Apps 
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t 
S m Mgmt 
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Figure 14. TAFIM Reference Model 


A third possible IA reference model is shown in Figure 14. This model comes from an earlier 
DoD initiative to establish a vision and framework for information systems and services within 
the Department. This earlier effort, called the Technical Architecture for Information 
Management (TAFIM), attempted to compile industry and DoD standards, practices and 
architectures associated with enterprise-scale, distributed, information systems. In this reference 
model, security services are identified as a backplane of the application platform. The security 
services provided to the “mission-area” applications include: authentication, access control, 
integrity, non-repudiation, availability, system management, and security labeling. 


The TAFIM RM did not provide sufficient information to allow system implementers to 
select a specific set of protocols to provide IA services for their users. Because of its lack of 
specificity the TAFIM has been replaced with more current and focused technical guidance 
documents (i.e., the Joint Technical Architecture — [JTA]) and run time environments (i.e., the 


COE). 
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Of the three possible IA RMs presented, the panel suggests that DoD select the Open Systems 
Interconnect (OSI) framework. In the section of this report entitled ^what can be done," (see 
Section 4) the rationale for this suggestion is presented. 


3.2 SYSTEM ARCHITECTURE 


GIG—Internetmorked Tiered Transport 


JWICS | 
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(SECRET) 


NIPRNET 
(UNCLAS) 
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Interconnection = Utility = Vulnerability 


Figure 15. GIG—Internetworked Tiered Transport 


As shown in Figure 15, the system architecture for the telecommunications component of the 
GIG, as it exists today, comprises three virtual, worldwide data networks. These networks 
include the non-secure Internet Protocol (IP) network (NIPRNET), the secret IP network 
(SIPRNET), and the Joint World-Wide Intelligence Communication System (JWICS). The 
NIPRNET, which supports unclassified (but possibly sensitive) DoD data communications, has 
been part of the private sector World Wide Web (WWW). It is accessible, in principle, by all 
WWW users and is connected to the packet-switched routing infrastructure (the public Internet) 
that underlies the WWW. Interconnection points between DoD NIPRNET systems (host, routers, 
and access points) and the public Internet have been many hundred and mostly unmanaged by 
DoD. 


Recently, DoD has decided to limit these access points to 8 to 11 monitored gateways 
between a virtual NIPRNET and the public Internet. Additional connection points could be 
allowed but are planned, at present, to be few in number and carefully controlled by DoD. 


22 


Page 893 of 3957 


Page 894 of 3957 


The SIPRNET is a secret-high virtual private DoD network. This system uses encrypted links 
between the routers that connect user sites, to secure transmission of secret data. User sites, and 
their corresponding competing resources, are all run at secret high. The panel notes that the 
SIPRNET traffic can (and probably does) transit the same physical transmission links (fiber, 
copper, and wireless systems) as does NIPRNET traffic — the former being encrypted, the latter 
being transferred primarily in the clear. 


JWICS is also a virtual private network supporting the exchange of Top Secret (TS), 
Sensitive Compartmented Information (SCI) between user sites. JWICS, similar to SIPRNET, 
appropriately encrypts information for transmission over the communication links that connect 
the routers at each user site and transfers this data across the same commercial (and government- 
owned) transmission facilities used by the NIPRNET. Thus, JWICS, SIPRNET, and NIPRNET 
are cryptographically segmented virtual private networks (VPNs) that likely share common 
physical communication media. In the current system, these VPNs are implemented at the 
physical layer, which offers good security in many respects. Somewhat different features arise if 
one also creates VPNs at the IP layer, as we discuss later. 


The panel was also informed that traffic can flow between JWICS and SIPRNET and 
between SIPRNET and the NIPRNET via trusted guards. These guards automatically filter the 
type and quantity of data that flows between these virtual networks. Their use is a risk/benefits 
tradeoff that has placed user and enterprise value on allowing limited traffic flow of appropriately 
sanitized information between virtual networks of different classification levels while accepting 
the risk of having unfiltered information pass the network boundaries or possibly opening covert 
channels of information flow from the classified to the unclassified communities (possibly by 
virtue of an insider threat). 


Another key aspect of the system architecture suggested by Figure 15 is that all DoD general 
information resources are on the NIPRNET. Thus, private sector users needing access to this 
general, public information are required to gain access to the DoD computer servers storing this 
information. Although DoD has had issues with hackers and malicious entities trying to deface or 
gain access to their Web sites, the present plan is still to filter access to these sites — yet everyone 
must still be granted access to this general information at many DoD sites maintaining this 
information. The DoD is aggressively deploying a defense-in-depth strategy, as discussed in the 
next figure, but it must still provide and support access to all NIPRNET DoD sites for the general 
public and those elements of the private sector with which DoD conducts e-commerce. This 
planned approach makes it harder to design and deploy an effective defense-in-depth approach. 


The panel also noted that the GIG is really, today, the aggregation of the JWICS, SIPRNET 
and NIPRNET virtual private networks. These networks, together, constitute the starting point 
for the GIG. Consequently, one should think of the SIPRNET as the VPN that provides (secret 
level) secure data/information transfer from post/camp/station to the “foxhole.” Thus, all service 
secret-level combat mission functions and their supporting computers and communications 
should be viewed as being integrated into the SIPRNET. Similarly, the NIPRNET VPN should 
be viewed as the network supporting unclassified but sensitive (UBS) combat information 
services such as in-the-field logistics and medical and troop deployment/movement. If this 
perspective is taken, a means of more fully protecting the NIPRNET is required. A suggested 
architecture will be provided in the section of this report entitled "What Might Be." 
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Finally, the panel notes that both the SIPRNET and JWICS provide virtually no protection 
against the insider threat. This issue is also addressed Chapter 4 entitled "What Might Be Done" 
later in this report. 
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Figure 16. Defense-in-Depth 


Figure 16 shows the "defense-in-depth" (DiD) strategy DoD is employing to try to protect its 
publicly accessed sites on the NIPRNET. The basic concept of defense-in-depth is to provide 
multiple layers of security mechanisms between computing elements (workstations and servers) 
in a particular enclave and computing elements in other enclaves, the DoD Intranet, or external 
networks. There are four focus areas of defense-in-depth: defend the computing environment; 
defend the enclave boundary; defend the network; and establish supporting infrastructures. 
Defending the computing environment includes properly configuring operating systems and 
application software, along with using host-based security services such as anti-virus software, 
intrusion detection, and public key cryptography. Defending the enclave boundary includes 
identifying all enclave boundaries, employing firewalls at these boundaries, and detecting 
intrusion at the enclave-level. Defending the network includes using link encryption for classified 
networks, firewalls, and intrusion detection. Supporting infrastructures include PKI (public key 
infrastructure) services and services that support network management, intrusion detection, and 
intrusion response. 
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Army LAA System Deployment 
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Figure 17. Army IAA System Deployment 


The Army is applying a defense-in-depth (DiD) strategy to their NIPRNET post/camp/station 
enclaves as shown in Figure 17. In this particular system architecture, the Army is accepting that 
Defense Information Systems Agency (DISA) is providing asynchronous transfer mode (ATM) 
services to the enclave boundary. A router then provides a translation from the native ATM 
backbone to an IP-based network interface in the demilitarized zone (DMZ) and to an Ethernet 
interface within the enclave itself. 


In the Army’s implementation of DiD, the Army’s public information servers are within the 
installations DMZ. All access from the WWW (public use) comes from the Internet through the 
NIPRNET, to the installation perimeter, then through the ATM switch, perimeter IP router and 
an Ethernet switch (at which point intrusion detection is conducted) to the installation servers. 
Thus all public users are funneled to the installation’s DMZ for general information services. 


In this implementation, there is then an additional IP router, a firewall and an ATM switch to 
convert from IP back to native ATM. These are then the backbone for the installation server farm 
and tenant organization’s local area networks (LANs). This multiple conversion from ATM to IP 
to Ethernet to IP to ATM can cause latency and throughput problems (due to multiple protocol 
translations). This system architecture does provide the opportunity to use higher bandwidth 
(relative to existing IP network encryptors) ATM network encryptors where necessary. There 
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does appear to be uncertainty, however, as to why this multiple protocol translation is necessary 
or desirable. 
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Figure 18. Air Force IAA System Deployment 


The Air Force has taken an alternative approach to implementing DiD as compared to the 
Army. As shown in Figure 18, the Air Force is deploying different protocol translation 
architecture as well as different locations for performing its enclave-level intrusion detection. 
Furthermore, the Air Force has combined both firewall and router filtering to provide access 
control to their enclave infrastructure. 


The Air Force implementation is, however, similar to the Army's in that they both invite the 
general public into their enclave DMZ's for general information services. Thus, the general 
public is required to transit the NIPRNET for these services; everyone on the WWW is an 
"insider" on the NIPRNET, with access control being levied only at the installation boundary. 
Malicious behavior detection for both the Army and the Air Force is conducted at the common 
access point to the DMZ information services and at the Army/Air Force installation (managed) 
services. In both cases, the general public can reach this access point as well as the access points 
associated with the actual installation boundaries. 
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The Navy's IAA is to be determined (TBD). The Navy has chosen to outsource its 
GIG/Intranet, including IA services. The Navy does have concepts for how to protect its 
enclaves, but it has decided to procure IA as an incentivized service in the acquisition. The panel 
was not able, therefore, to comment on the IA system architecture that the Navy will have. What 
is evident, however, is that each service is pursuing its own solution to the problem of providing 
IA for its specific GIG/Intranet component of the DoD NIPRNET VPN. Each service's solution 
is different and attendant interoperability issues will arise given that all components must be 
integrated into the NIPRNET. Intrusion Detection System (IDS) information must be readily 
shared as must information to dynamically set filtering in firewalls and routers given indicators 
and warnings of information operations against the DoD GIG. Such coordination is especially 
difficult in the context of diverse defense-in-depth implementation strategies. 
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Figure 19. DoD PKI Policy Timeline 


An important element of the DoD IAA system architecture is the deployment and use of 
commercial-based public key infrastructure (PKT). Figure 19 depicts the current DoD PKI policy 
timeline. This policy applies to all DoD components and provides timelines for the issuance of 
class 3 and class 4 PKI certificates. 


Class 3 certificates are designed to protect administrative, mission support, and some 
mission-critical information when being transferred within a single security classification level. 
Class 3 certificates can be issued with a private key contained in a software token. Class 4 
certificates protect sensitive but unclassified mission-critical information passing over 
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unencrypted networks, and the corresponding private keys are intended to be contained in 
hardware tokens. 


The policy establishes timelines for issuing class 3 and 4 certificates to users. It also 
establishes the timeline for using certificates for web server access control and for email. The 
timeline shown above has dates that are not aligned with the Common Access Card (CAC) 
program. The CAC program will provide, via the Defense Enrollment Eligibility Reporting 
System/Real-time Automated Personnel Identification System (DEERS/RAPIDS), the ability to 
issue smart cards to DoD personnel that can contain at least class 3 certificates. It is anticipated 
that class 4 certificates may be able to be issued via the CAC, though this policy was not yet in 
place at the time of this study. Because the current PKI timeline is not aligned with the CAC 
timeline, a new PKI policy has been drafted. Though not yet finalized, this policy is expected to 
move the June 2000 dates to December 2000. 


3.3 OPERATIONAL ARCHITECTURE 
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Figure 20. IA Operational Architecture 


In addition to the progress made in establishing an IAA system architecture, DoD has begun 
the process of establishing an IAA operational architecture. Figure 20 depicts one product that 
has resulted from this effort to date. In this figure, operational facilities (OPFACS) that would be 
involved in IO processes are identified. The IAA OA has also identified the IA-related 
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information exchange requirements (IERs) between these OPFACS that is necessary to 
coordinate and conduct IA activities. The figure represents a limited non-combatant evacuation 
operation (NEO), height-of-operation, scenario in the Pacific. 


As part of the operational architecture effort, information exchange metrics, activity models, 
and logical data models are being developed. The panel noted that this IA operational 
architecture effort is important and will make a critical contribution to understanding IO mission 
processes, responsibilities, and required information flow for specific concept of operations. 
Furthermore, this operational architecture will be important in helping to define how IO 
can/should be process-reengineered to allow for more efficient and timely response to IO 
missions and threats in the future. 


Although establishing an IA operational architecture is a difficult and time-consuming task, 
the panel feels this effort will provide important insights into the mission, organization and 
tactics, techniques and procedures (TTPs) required to effectively execute IO. For example, the 
panel noted that the number of OPFACs associated with the limited scenario represented in 
Figure 20 implies a substantial IO coordination and information exchange overhead in support of 
the mission. From such “as-is” operational architecture efforts, “to-be” architectures can be 
investigated that would simplify the prosecution of IO missions to achieve information 
superiority as envisioned in JV2020. It is noted, though, that a single IA operational architecture 
is not sufficient. A representative set of IAA operational architectures for various types of 
missions and areas of responsibility should be developed in order to more fully understand the 
entities, processes, and supporting IERs for IA. 
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3.4 TECHNICAL ARCHITECTURE 
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Figure 21. JTA—Security Section 2.6 


The remaining component of the IA architectural framework is an associated technical 
architecture. This latter component is the third element of the DoD C4ISR architectural 
framework methodology. The set of IA architectural components, IA operational architecture 
(IA-OA), the IA system architecture (IA-SA), and the IA technical architecture (IA-TA), will 
provide the perspective to support securing and protecting the Global Information Grid. 


The panel received two briefings on IA-TAs. The first was a briefing on Section 2.6 
(Security) of the DoD Joint Technical Architecture (JTA). The JTA identifies the services, 
interfaces, standards, and their interlocations and provides the technical guidelines for 
implementation of information systems and services. The standards selected for the JTA are 
selected primarily from the private sector IT industry although some military specific 
(MILSPEC) standards are included where no commercial counterpart exists. Figure 21 provides a 
summary of the JTA security chapter. 


The panel noted that the standards called out in the JTA for mandated standards are 
consistent with those noted in the ISO security reference model presented previously. The 
concept, processes, and content of the JTA, and specifically Section 2.6, are strongly endorsed by 
the IAA Panel. 
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Figure 22. Information Assurance Technical Framework 


The second technical architecture briefing to the panel concerned the Information Assurance 
Technical Framework (IATF), an excerpt of which is provided in Figure 22. The panel found this 
document to be a tutorial and collection of useful generic information on IA. The panel noted, 
however, that the section of the IATF associated with standards and protocols for providing 
security to system applications is incorrect and inconsistent with the JTA. The IATF, unlike the 
JTA, is not a standards setting or selection document. Rather, the IATF Forum has been 
organized to encourage participation by vendors of (largely COTS) IA products and services. The 
major focus of the IATF is the development of protection profiles (under common criteria) that 
will be used to evaluate products, i.e., under the national Information Assurance Partnership 
(NIAP) program operated by NIST and National Security Agency (NSA). There is no unified 
architectural underpinning for the IATF. This is to be expected, i.e., security evaluation criteria 
such as the Common Criteria (CC) (and product profiles based on the CC) tend to be architecture 
independent. As a result, the collection of standards cited by the IATF, as briefed to the panel, 
lacks architectural continuity and it is not an appropriate alternative to the work of the JTA. 


Many of the security standards that are collected in the IATF are experimental or did not gain 
acceptance in the Internet. For example, secure hypertext transfer protocol (S-HTTP) is not 
implemented in any commercial browsers or servers; it lost the protocol battle to SSL/TLS. SPKI 
is not a standard, but rather is the experimental output of a failed IETF working group, not 
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supported in commercial products. The Public Key Infrastructure Working Group (PKIX WG) of 
the IETF produces standards based on X.509, which are implemented in a wide variety of 
products. Moreover, the other IETF security protocol working groups make use of the PKIX 
standards, not SPKI. The IATF referenced a wide range of security labeling standards that are a 
mix of redundant and/or superceded documents. 


The IATF thus suffers from the same problems associated with the TAFIM; it is a collection 
of history and general information — not a document that can be used to implement interoperable, 
secured information systems for DoD. 


The panel notes, with concern, that DoD policy requires that the JTA be used as the "building 
code" for the DoD information infrastructure. On the other hand, the recent document from the 
Deputy Secretary of Defense, subject "Department of Defense Chief Information Officer 
Guidance and Policy Memorandum no. 68510," Department of Defense Global Information Grid - 
Information Assurance (ASD/C3I) suggests that the IATF and published Common Criteria 
Protection Profiles be consulted “for guidance... and IA solutions that should be considered to 
counter attacks." 


The panel's concern is the apparent confusion these two policy statements could cause within - 
the IA community. The IATF standards are incorrect and inconsistent with the JTA and private 
sector practice. The panel believes the JTA is the better reference on IA standards and protocols, 
and it should be referenced as such in all GIG IA policy documents. 
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3.5 METRICS 


Joint Staff J6, [A Metrics 


* Performance-based 
* Integrated into operational readiness reporting 
* CINCs report as part of JMRR process 


"some deficiencies .... with limited impact on capability to perform required missions. 
„ Significant deficiencies ... prevent it from performing some portions of required missions, 
... major deficiencies .... that preclude satisfactory mission accomplishment. 


Plans — Planning involves both those specialized IA plans and IA portions of operations plans. 


iA Planning should identify necessary resources in detail. 
1A portion of concept of operations and operations plans; standard C1 | C2 | C3 | C4 
operating procedures (SOP), continuity of operations plan developed and 

effectively implemented. 

Operations — ongoing execution of daily IA support procedures... I| 


Garrison Operations -IA strategy should support military operations wei 
IA integrated sufficiently in current/ongoing operations 
[122 | Deployed JTF operations E ee 


= 
= 
m 


Figure 23. J6 IA Metrics 


As noted in the GIG reference material (see Figure 6), metrics play an important role in 
architecting and deploying this infrastructure. The panel, therefore, chose to address this topic as 
a stand-alone topic outside of the DoD C4ISR architectural framework. Only two specific 
initiatives addressing IA metrics with DoD were presented to the panel. They are described next. 


Figure 23 provides an overview of IA operational readiness metrics developed by the Joint 
Staff. These metrics are used by the CINCS to assess and report on IA readiness as part of their 
overall readiness assessment. The panel noted that these metrics are a good starting point to raise 
the awareness and importance of IA as a critical warfighting requirement. Although these metrics 
are difficult to measure, are not yet comprehensive in nature, and do not address the CINC's 
warfighting capabilities as supported or hindered by the IA capabilities, they do raise IA 
awareness within a CINC's organization, and they do begin to raise the importance of IA to the 
warfighter. The panel recognizes that this set of metrics will evolve and improve over time. 


33 


age 904 of 3957 


Page 905 of 3957 


Assessment Framemork 
Nottonal Metrics Criteria 


* Defense-wide Information Assurance Program Initiative 
* Goal: Operationalize IA readiness 
" Objectives: 
* Define IA readiness in operational context 
* Establish metrics for measuring IA readiness 
- Establish standard criteria for applying IA readiness metrics 
- Establish IA readiness assessment process 


+ Integrate IA readiness assessment into existing DoD processes 


Examples: 


[Category | Metric (Aggregated) [Metric (Non-Aggregated) [Rating | Criteria for C2 Function 
1, ANIA billes | The following Ci 90% manned, replacements identified for 
billets are outbound personnel 


i identified as 1A 90% manned, replacements not identified for 
DoD policy xxxx | billets e Outbound personnel 
2. AIL lA billets 
c3 


must be 75% to 89% manned 


accounted for 
Less than 75% manned 


Figure 24. Assessment Framework 


The second initiative on establishing IA metrics is being conducted under the auspices of the 
Defense-wide Information Awareness Program (DIAP). A team has been established and is 
tasked to develop an IA readiness assessment framework and associated metrics. The team has 
begun the process of defining quantifiable IA metrics and associated ratings, as indicated by the 
example in Figure 24. The panel noted that the metrics presented by the speaker overlapped to 
some degree with those presented by the J6 briefer. The panel understood that the J6 metrics are 
intended to be integrated with the DIAP metrics in a process that will provide a DoD-wide IA 
readiness assessment. 


Based on the two briefings, however, the panel felt that greater coordination is necessary 
between the two efforts. The message conveyed by the speakers tended to leave the impression 
that these efforts were not tightly coordinated, could lead to duplication of effort, and, of greatest 
concern, could lead to confusion within the user organizations that are being assessed. 


The panel felt that a single DoD IA effort should exist that addresses the spectrum of IA 
metrics that are necessary. This spectrum is much greater than the sets of metrics presented by 
the J6 and DIAP. For example, IA technology and system-architecture related IA metrics should 
also be developed and used to assess progress and residual vulnerabilities in the GIG as it is 
deployed and improved over time. The panel could identify no specific, focused initiative on 
developing such technical metrics. The panel’s suggestions regarding metrics are provided in the 
next section of this report. 
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3.6 WIRELESS 


The panel noted that wireless-infrastructure IA issues were not raised in any of the briefings it | 
received. Although wireless data communications over military owned/operated systems is well | 
understood and IA is typically provided through transmission security (TRANSEC) at the 
physical layers and communication security (COMSEC) at the application layer, the private 
sector wireless infrastructure that today is embedded in the GIG was not addressed as an area of 
concern within DoD. The panel notes that private sector wireless media can be used as a means 
to gain access and control of the “wired” part of the commercial infrastructure (at network 
management layers). This wireless segment of the infrastructure must be carefully protected. As a 
result, this issue is addressed in greater depth in the next section of this report. 


DSB IAA Matrix of 
Recommendations 


l Define threat conditions sand respons 


| Assess IW-D readiness. —— 


"Raise the bar" w " with high: sot low-cost items. 


: | Establish and maintain 2 a minimum i essential information ‘infrastructure, 


Figure 25. DSB IAA Matrix of Recommendations 


3.7 SUMMARY OF FINDINGS 


As part of our findings, the panel notes that the 1996 DSB Summer Study made four 
overarching recommendations related to IAA. These recommendations are listed in Figure 25. 
From the preceding discussion, the panel makes the following observations. 


Recommendation 1: Assess infrastructure dependencies and vulnerabilities. The DoD 
today is relying primarily on the private sector to assess NIPRNET infrastructure dependencies 
and vulnerabilities. As vulnerabilities are identified, the DoD implements the associated fixes 
within the NIPRNET (software patches, virus filtering, IDS templates) using DiD as the basis for 
its system architecture. However, the panel notes that there is currently no methodology for 
"engineering" DiD. There are processes for implementing DiD updates, but there is no 
engineering discipline that allows for the design of a DiD solution with confidence in the security 
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it offers in the face of various threats. The premise underlying DiD is that an acceptable level of 
protection can be achieved through layering of defenses, even though each defensive technology 
is known to be imperfect, i.e., each one is known to have residual vulnerabilities or functional 
shortcomings. Also, central to the DiD premise is the assumption that each layer of defense 
exhibits functional deficiencies or vulnerabilities that are independent (ideally orthogonal), and 
thus the ability to penetrate one defensive layer dos not imply the ability to penetrate other layers 
(by the same means). However, to the extent that many of these defenses are built upon COTS 
operating systems (OS) that are known to be vulnerable, but for which not all residual 
vulnerabilities are known, this premise is questionable. Moreover, not all the flaws in each 
defense mechanism are likely to be known because they are COTS products with low to medium 
assurance. Thus it is not possible to estimate the extent to which such layered defenses increase 
the work factor for an attacker, above and beyond the OS problem cited above. (Nonetheless, 
there is reason to believe that the work factor is increased, at least for low-grade threats.) None of 
these observations implies that DoD should not pursue DiD. Rather, they suggest that additional 
effort is needed to develop a suitable methodology that will support DiD engineering and 
deployment. They also suggest that prospective users of a DiD strategy should be apprised of the 
uncertainty associated with both the strategy and its implementation. 


Recommendation 2: Define threat conditions and responses. The DoD information 
condition (INFOCON) policy and procedures are well established, promulgated and understood. 
The panel does not believe, however, that DoD has experience in understanding (how consistent 
and timely the responses will be executed throughout DoD) upon INFOCON status changes. 
Furthermore, the panel believes that experience is lacking in assessing how effective the 
INFOCON procedures wil be in thwarting an attack. Gaining this experience, through 
continuous exercises and the assessment of INFOCON responses to varying red-tem attacks, is 
an important process to establish. 


Recommendation 3: “Raise the Bar” with high-payoff, low-cost IA Initiatives. The panel 
notes that a great deal of progress has occurred here as well. DoD has established an IAA 
framework, it has selected a systems architecture, and it is deploying DiD solutions; it has 
increased user/community awareness of the IA problem. The panel does note, however, that work 
remains to be done. Simple but strict IA configuration management practices at all DoD 
information sites is still a critical issue; closing all NIPRNET connections to the public Internet 
(other than through the 8-11 DoD gateways) remains an unresolved issue; and the insider threat 
on the SIPRNET and JWICS remains an open issue although suitable IA technologies and 
processes to mitigate this risk are available. 


Recommendation 4: Establish and maintain a minimum essential infrastructure. The 
panel did not receive any indication that this recommendation was being pursued by DoD. In 
fact, DoD has focused on deploying a GIG with integrated IA services. The panel does support 
the goal of deploying and securing the GIG, but notes the following: the GIG is being deployed 
based on a security strategy referred to as "risk management," not one aimed at achieving an 
impenetratable minimum essential in infrastructure. It has been suggested that, in the past, 
security experts focused on achieving “perfect” security, which can be viewed as a "risk 
avoidance" strategy. In fact security experts have long acknowledged that perfect security is 
unattainable. Risk management argues for explicitly making a decision to accept a certain level 
of risk as a condition of deploying a system. This is a fine principle, but it is based in part on the 
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premise that one can evaluate (and quantify) the residual risks associated with a system 
composed of components that are known to be imperfect. This is a questionable assumption. 
First, although one might be aware of some set of residual vulnerabilities in the system 
components, it also is likely that these components contain other, unknown vulnerabilities of 
undetermined severity. Second, there is no algebra that allows the computing of the risk 
associated with deploying a system composed of components with known vulnerabilities, much 
less a system in which the components have unknown vulnerabilities. Thus it seems certain that 
risks of unknown magnitude are being accepted when the phrase "risk management" is part of the 
security design and accreditation process. This issue can, at this time, only be addressed through 
empirical means whereby a representative segment of the deployed GIG is subjected to a 
comprehensive and continuous IA vulnerability assessment process. A “testbed” concept will be 
proposed in the next section as a means to address this need. 


GIG IA: Summary of Findings 


GIG today = NIPRNET + SIPRNET + JWICS + Service 
Tactical C3I systems 

+ All transit commercial communication media (including wireless) 
+ All leveraging commercial IT 

+ All cryptographically segmented into virtual networks 

+ Insider threat not addressed (special concern in JWICS/SIPRNET) 


* Multiple efforts causing some confusion and misdirection 


a Rigorous, consistent DiD engineering not occurring 


=" Immature IA metrics address only force readiness 


a Denial of service and attack attribution not well addressed 


= Mobile code still an issue but a critical future technology 


Absent an office of primary responsibility, the 
GIG will not achieve joint weapons system status 


Figure 26. GIG IA Summary of Findings 


In closing this section of our report on panel findings, Figure 26 provides a summary of our 
observations. The Global Information Grid does comprise multiple virtual worldwide data 
networks, the NIPRNET, SIPRNET, JWICS and service tactical C3I systems. These networks 

. use shared commercial communications media and commercial information technologies. In 
addition, all are cryptographically segmented into virtual networks. However, the panel noted 
that there is virtually no protection against the insider threat, especially for the classified 
networks. All services are adopting a Defense-in-Depth (DiD) strategy, with different 
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implementations. For example, the Air Force is employing a different strategy from the Army: a 
different protocol translation architecture; a different location for performing enclave level 
intrusion; and different measures for enclave access control. The panel notes that while there is a 
general framework for implementing DiD, there is no engineering discipline that allows for 
design of a DiD solution that provides confidence in security against a variety of attacks. 


The current emphasis on information assurance metrics is focused on readiness and is not 
addressing the metrics needed to assess and measure mission, system or technical level 
performance. In addition, denial-of-service measures and attack attribution metrics are not well 
addressed. 


Finally, the panel believes that today's DoD organizational structure is inadequate to deliver a 
GIG. Although both the DoD Chief Information Officer (CIO) Executive Panel and the Military 
Communications and Electronics Board (MCEB) are working on defining and providing 
guidance for the GIG, the panel feels that a new organizational structure, with a centralized 
primary point of responsibility, will be required to develop a GIG worthy of weapons system 
status. 


Specifically, the current charter of the DoD CIO Executive Board is contained in the 
DepSecDef Memo Subj: DoD Chief Information Officer Executive Board, 31 March 2000. This 
charter states that the Council is the principal forum to advise the DoD CIO on the full range of 
matters pertaining to the Clinger-Cohen Act (CCA) of 1996 and the Global Information Grid. 
Additionally, the board also coordinates implementation of activities under the CCA, and 
exchanges pertinent information and discusses issues regarding the GIG, including DoD 
information management (IM) and information technology (IT). The primary mission of the 
board is to "advance the DoD's goals in the areas of IM, information interoperability and 
information security between and among Defense Components." The Board also coordinates 
with the IC CIO Executive Council on matters of mutual interest pertaining to the GIG. Its 
management oversight includes recommending, reviewing, and advising the DoD CIO on overall 
DoD IM policy, processes, procedures and standards, as well as overseeing all aspects of the GIG 
to support the DoD's and IC's mission and business applications. This includes the collaborative 
development of IT architectures and related compliance reviews; management of the information 
infrastructure resources as a portfolio of investments; collaborative development of planning 
guidance for the operation and use of the GIG; and identification of opportunities for cross- 
functional and/or cross-component cooperation in IM and in using IT. The board's architecture 
management responsibilities include ensuring the collaborative development of architectures as 
specified in the CCA, and ensuring that processes are in place to enforce their standardized use, 
management and control, as well as aligning IT portfolios with the GIG. Although the board has 
budgetary review authority for IT investments, and can make recommendations, it has no direct 
budgetary authority. It also has no authority, either review or management oversight, over the 
warrior components of the GIG. The membership of the DoD CIO Executive Board includes: 


e Chair: DoD CIO (ASD (C3D) 
e Members: CIOs of the Military Departments 
- CIO, Joint Staff 
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- USD(AT&L) 
- USD (P) (Policy) 
- USD (C) (Comptroller) 
- USD (P&R) (Personnel and Readiness) 
- ASD (C31) (usually the Deputy CIO) 
'- Director PA&E (Program Analysis and Evaluation) 
- J6, Joint Staff 
- OPNAV N6 
e . Director, Communications and Information, USAF, AF/SC 


- ICCIO 
- CIO, JFCOM (Joint Forces Command) 
e Security Advisor: Director, National Security Agency (DIRNSA) 


e Technical Advisor: Director, DISA 
e Legal Advisor: DoD General Counsel 


The charter of the MCEB is contained within DoD Directive 5100.35 dated 10 Mar 1998. 
The MCEB considers those military communications-electronic matters, including those 
associated with national security systems (NSS) referred to it by the SecDef, CJCS, the DoD 
CIO, secretaries of the military departments, and heads of DoD components. The mission of the 
MCEB is to obtain coordination among the DoD components, between the Department of 
Defense and other governmental departments and agencies, and between the DoD and 
representatives of foreign nations on matters under the MCEB jurisdiction. The MCEB provides 
guidance and direction to the DoD components and advice and assistance as requested. The 
membership, as listed below, is primarily composed of those in charge of the communications 
activities in the listed components, which have little, if any, authority over IT issues in other 
portions of their component. The MCEB has no budgetary review or execution authority over any 
component, nor is there any mechanism within the MCEB structure for enforcement of non- 
compliance with decisions. The relationship between the MCEB and CIO Executive Board is still 
being discussed, but in effect, the MCEB is a subordinate activity under the direction of the CIO 
Executive Board and its recommendations are referred to that Board for final decision. 
Membership of the MCEB includes: 


e Chair: Joint Staff, J6 
e Members: Vice, J6 


- DISC4, U.S. Army 

- OPNAV, N6 

- HQUSAF, SC 

- HQMC, C4 

- USCG, Assistant Commandant for Systems 
- Director, DISA 
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- Director, NSA 
- Director, DIA 


Thus, neither the DoD CIO Executive Board nor the MCEB has the membership or authority 
over budgets and execution activities that the panel believes are necessary to ensure the GIG is 
built and managed as intended by the IAA Panel. Without that level of authority over all 
elements of the GIG, the architecture is subject to interpretation by each component based on its 
needs, rather than the needs of the entire DoD enterprise. There is also little incentive to address 
crosscutting issues in a coherent fashion when the funding for these programs is provided via 
Title 10 channels without some mechanism to encourage cooperation. Because of the Title 10 
and DoD versus intelligence community issues, the only level of management senior enough to 
cross this bridge is at the DepSecDef level. Additionally, neither of these two boards has a direct 
oversight responsibility over any specific office or organization that carries out its direction. 
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CHAPTER 4. “WHAT MIGHT BE DONE” PANEL 
SUGGESTIONS 


4.1 THEGIG ISA WEAPON SYSTEM 


The GIG zs a Weapon System 


= It leads to information/decision superiority, therefore it 
will be attacked by our adversaries 


* Built unlike a traditional weapons system 
+ Critical elements not owned by the DoD 
+ A platform shared by all DoD users 
+ Built primarily from COTS components 
« Components evolve very rapidly 


= Attacked more readily 
e Low “cost of entry" for attackers 
+ Easy to deny service globally 
« Attacks escalate rapidly (compressed Observe, Orient, Decide, Act 
[OODA] loop) 
+ Attack attribution is difficult 
« Forensics processes & technology are immature 


Figure 27. The GIG is a Weapon System 


Information superiority is the pacing item in realizing the goals of JV2020, and the Global 
Information Grid is the underlying information superiority infrastructure. The panel argues, in 
Figure 27, that because of its importance, the GIG should be viewed as a weapons system, one 
that will present a lucrative target for our adversaries. However, unlike traditional weapons 
systems, the critical elements of the GIG are not owned or controlled by the DoD. Furthermore, 
the GIG is shared by all DoD users and is built primarily from COTS components, which are 
rapidly evolving. 


A significant weakness of the GIG is that it can be more readily attacked than traditional 
systems, which are far less ubiquitous and have limited interfaces and stricter controls. This is 
due to several factors, but first and foremost is the low capital cost of entry for attackers. A few 
people with personal computers and Internet access have demonstrated the capability to deny 
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service and penetrate DoD systems. Attacks have a non-linear characteristic in that they can 
escalate rapidly, as evidenced by the recent distributed denial-of-service attacks. Unfortunately, 
attacker attribution is difficult if not impossible today. The attacker enters third party machines 
and uses those facilities to launch attacks. Current processes and forensics for identifying and 
tracing attackers are primitive and do not provide adequate support for attribution. 


Assumptions for IAA S$ uggestions 


"= DoD establishes the Internet Protocol (IP) as the 
convergence layer for information services on the GIG 


* Private sector parallel 


+ Recommended in DSB Tactical Battlefield Study* 


=" DISA migrates Defense Information Infrastructure (DII) 
from native ATM backbone to IP services 


* Requires development/deployment of high-speed 


(Gigabit) IP network encryptors 


* Reference: DSB Task Force Report on Tactical Battlefield Communications, February 2000 


Figure 28. Assumptions for IAA Suggestions 


Figure 28 provides the assumptions that are the foundation of the panel’s IAA suggestions. 
These assumptions are based on the following. In the private sector, a trend is underway to 
develop a single infrastructure providing integrated voice, video and data services. This trend to a 
common, shared infrastructure for all multimedia services is termed “convergence.” The 
convergence is facilitated by and expected to occur through a common, ubiquitous protocol — IP. 
This protocol is an open standard supported worldwide by the data telecommunications industry; 
it is rapidly becoming the convergence layer for all information services on the Internet. 


The common IP layer separates the task of telecommunications (transport) from the tasks of 
service types, information types, and application development. Network engineers concentrate on 
moving IP packets from one place to another, independent of their content. Application and 
service developers concentrate on applications and count on the IP layer to provide requested 
telecommunications services. 
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The present version of the IP, designated Internet Protocol Version 4 (IPv4), does not yet 
support QoS-based dynamic resource allocation, a capability needed to support real-time, stream- 
oriented information flow (i.e., real-time voice and video). In the near term, this limitation is 
being addressed through higher-layer protocols such as the Real-Time Protocol (RTP), and the 
Resource Reservation Protocol (RSVP) and via tag switching. In addition, extensions to IPv4, to 
include a minimum level of QoS, are being investigated by the Internet Engineering Task Force 
(IETF). The IETF is also working on the next generation of IP, called IPv6, which will include 
QoS (called differentiated services) and a much larger IP address space, permitting the 
integration into the Internet of embedded processors (sensors) and many more addressed devices 
as users. 


Today IP is used over many dissimilar networks including: ATM, Ethernet, wireless 802.11, 
Cellular Digital Packet Data (CDPD) and the like. IP was designed to be the mechanism for 
transparently moving bits across such networks. Thus, IP is the mechanism that permits the 
integration of these many types of networks into a network-of-networks — that is, the Internet. 


The panel noted that a prior DSB study made a strong recommendation that DoD establish IP 
as its convergence layer for the GIG.Ó In our discussions with DISA, the briefer observed that he 
was strongly in favor of migrating the Defense Information Infrastructure (DII) to an IP service 
infrastructure, resulting in IP being the standard interface to the DISA-supplied point of presence 
(POP) at all DoD sites supported on the DII. This migration would place DII in the mainstream 
of the private-sector migration toward a converged infrastructure. Thus, DoD, through DISA 
services, could fully take advantage of private sector IT. 

It was noted that to support this migration, DISA would need high-speed, Type 1, IP network 
encryption technology. Today DISA uses ATM encryptors developed by DoD, given that DISA 
provides ATM service to POPs. The panel noted that DoD is supporting the development of 
equivalent IP devices. 


Thus, the panel assumes, in what follows, that DoD will migrate to IP as its convergence 
layer for the GIG. By doing so the DoD benefits significantly not only in leveraging commercial 
IT transport technology and services, but also from the perspective of leveraging emerging 
private-sector IA and IAA technologies, protocols and services. | 


6 Reference: Defense Science Board Task Force Report on Tactical Battlefield Communications, February 2000 
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4.2 ARCHITECTURE SUGGESTIONS 


Recommended Reference Model €» 
Security Protocols 


Assumptions cem S/MIME, 


* DoD establishes í ' s 
Internet Protocol (IP) 8 e | 
as the convergence 
layer for the GIG* 


Defense Information 
Infrastructure (DID) 
migrates from ATM 
to IP services 


DoD fully executes 
PKI/PKE strategy 


LINK CRYPTO, 
TRANSEC 


* Reference: DSB Task Force Report on Tactical Battlefield Communications, February 2000 


Figure 29. Recommended Reference Model and Security Protocols 


The panel's suggested IA reference model is shown in Figure 29. This protocol stack assumes 
the use of internet protocols in a wide range of environments, including both tactical and 
strategic. It parallels the ISO reference model (ISO 7498), with the substitution of a 
"middleware" layer in lieu of the presentation layer, and is consistent with the TCP/IP protocol ! 
suite. (This substitution seems appropriate because modern systems do not make use of separate | 
presentation layer functions; these functions are assumed by applications.) | 


Physical layer protection is afforded via link crystographic systems (ie. KG 84, KG 
189,etc.) on a hop-by-hop basis, where warranted by threat concerns. No data link security; i.e., 
LAN security protocols such as IEEE 802.10, is recommended. This technology has not been 
adopted by product vendors and is generally not warranted in switched LANs, when higher layer 
security protocols are employed. IPsec is recommended for end-to-end, enclave-to-enclave, or 
end-to-enclave protection. No transport (ie., TCP) layer security protocol is recommended 
because there are no widely used standards yet available, and because the services provided at the | 
IP and session layers obviate the need for transport layer security. | 
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Although the Internet protocol stack does not include a session layer per se, the introduction 
of SSL, SSH, and analogous security protocols has created one. SSL is widely deployed and 
DoD policy calls for its use for secure web access. We recommend its use with client (not just 
server) certificates, for high quality user authentication and access control, with transition to TLS 
(the IETF standard) as it becomes more widely available. 


The panel has inserted a “middleware” layer to accommodate systems such as Common 
Object Request Broker Architecture (CORBA), distributed computing environment (DCE), or 
Enterprise Java Beans (EJB). However, such systems are not universally required and there is no 
clear appropriate choice among these competing middleware technologies at this time. Finally, 
several critical protocols exist at the application layer, and more may emerge. For secure e-mail, 
S/MIME (v3 with enhanced security services) is the preferred protocol, and it is widely available 
in COTS products. Secure DNS is an essential infrastructure security component requiring DISA 
as well as base-level support. Internet Key Exchange (IKE) is the key management protocol used 
by IPsec. As the extensible markup language (XML) becomes more common, the digital 
signature standards developed for it will become critical elements of more sophisticated web 
security designs, supplementing, but not supplanting, SSL/TLS. 


GIG IA/SA Strategies 


Discipline implementation 
+ Use consistent architectural framework & metrics 
« Ensure interoperability via commercial standards 


Segment the communities 


« DoD vs. general public, by classification, by enclaves (COD), by 
user authorization within enclave 
+ Invest in PKI/PKE & high speed, inline IP encryption 


Counter denial of service 


« Use segmentation, redundancy, diversity, restricted set of Internet 
access points, & non-switched commercial infrastructure 


+ Improve net infrastructure security (e.g., S-BGP) 


Enhance indicators, warnings, and attribution 
« Correlate multi-layered IDS outputs, use as inputs to 
- intelligence-enabled tracing systems 
modus operandi detection 
+ Use PKI to increase S/N ratio 


Figure 30. GIG IA Strategies 


Figures 30 and 31 outline the GIG IA system architecture strategies recommended by the 
panel, representing the underlying themes that are embodied in the later recommendations. The 
first strategy is to use a consistent architectural framework and metrics across the entire DoD 
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GIG. This strategy lies in contrast to the current divergence of approaches between the services. 
It is important to foster interoperability via commercial standards, so that commercial and 
government off-the-shelf technology can be employed throughout the system. The defense-in- 
depth approach leads to the strategy of segmentation. Segmentation is recommended between the 
DoD and the general public Internet, between levels of classification, by enclaves (COD, and by 
individual user within an enclave. In order to support segmentation, investment will be needed in 
high-speed in-line IP encryption devices, and in large scale PKI and PKE. 


Segmentation, redundancy, diversity, a restricted set of Internet access points, non-switched 
commercial infrastructure, and improved overall net infrastructure security, such as S-BGP 
(Secure Boundary Gateway Protocol), used in concert can partially mitigate the denial-of-service 
threat. 


Another important element of the strategy is to enhance indicators and warnings and attack 
attribution. By correlating multi-layered IDS outputs, one can detect patterns of behavior that 
may indicate a modus operandi. This can be useful in tracing the sources of unwanted behavior. 
The correlated outputs of host- and network-based IDS at various levels can also be used to 
direct attention to potential threats. Resources such as human system administrators and various 
intelligence assets can be directed in this way. The use of a PKI and PK-enabled applications can 
greatly reduce the noise level of amateur attacks coming into the GIG, and thus increase the 
signal to noise ratio of the existing indicators and warnings in the GIG. 


Fine-grained access control (FGAC) is the principle that allows access to computing and 
communication resources to be shared, in a safe manner, among a large number of users and user 
communities. Technology is available to enforce FGAC with an acceptable level of 
computational overhead, but tools must be available to enable local administrators and users to 
efficiently manage FGAC for WANs, LANs, and individual hosts and servers. 


Accountability is supportive of FGAC and acts as a deterrent to inside attacks. Fine-grained 
identification and authentication, i.e., via use of level-4 PKI, provides the inputs needed to make 
FGAC decisions. Intrusion detection mechanisms help detect attacks that have eluded access 
controls, or activities that represent inappropriate use of resources by authorized personnel. 
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GIG IA/SA Strategies (concluded) 


" Establish DoD-wide IA testbed 
« Use “nation-state-level” technical red team 
+ Tightly integrate blue team 
« Transition lessons learned to operational GIG 


= Qualify suppliers 


« Use commercial service level agreements, warranties 

« Ensure standards compliance 

« Assess vendor response to bug fixes 

« Use IA testbed to continuously test, evaluate, and improve 


" Focus R&D investment 
« Develop countermeasures in anticipation of attacks 
* Intrusion tolerant systems (e.g., self healing) 
+ Security for mobile code 
« IA forensic technologies 


Figure 31. GIG IA Strategies Concluded 


The fifth strategy is to establish a DoD-wide GIG IA testbed. This testbed would draw blue 
team members and current configuration information from GIG operations, and employ a nation- 
state-level technical red team. The lessons learned through these exercises should be used to 
upgrade the IA properties of the testbed, and if successful in defense, should be transitioned to 
the operational GIG. Building an IA testbed avoids the costs and other issues inherent in red- 
teaming the live operational GIG. 


A sixth strategy is to more stringently qualify suppliers of GIG IA technologies than is 
current practice in government procurement. It is imperative that the DoD becomes a smart buyer 
of commercial information and information assurance technology and services. Commercial 
information services can often be bought with service level agreements (SLAs) and/or 
warranties. SLAs can cover a variety of service aspects. For example, an SLA for a 
communications service might cover: 1) communication speed, 2) link availability, and 3) 
notifying the customer within certain timelines of problems. In the future, we expect that SLAs 
may also address security issues. 


It is also important to assess suppliers’ conformance with applicable standards. There are 
numerous organizations that measure and certify compliance with a wide range of standards, 
such as Underwriter's Laboratory. In the information security area, conformance with the 
Common Criteria, evaluated under the auspices of the National Information Assurance 
Partnership (NIAP) is particularly important. The NIAP is a collaboration between the National 
Institute of Standards and Technology (NIST) and the National Security Agency (NSA). The 
NIAP encourages the development of commercial products with security features as specified in 


47 


Page 918 of 3957 


Page 918 of 39 


o Page 919 of 3957 


the Common Criteria, and certifies commercial laboratories to evaluate products against the 
criteria under NIST’s National Voluntary Laboratory Accreditation Program (NVLAP). In 
implementing the GIG, strong preference should be given to products evaluated under the NIAP. 


Another way to qualify suppliers is to gauge their commitment to fixing security-related 
flaws found in their systems. There are numerous organizations that compile information about 
vulnerabilities in commercial systems, among them the CERT at Carnegie-Mellon University 
(www.cert.org), the SANS Institute (www.sans.org), Security Focus (SecurityFocus.com), and 
NTBugtraq (www.ntbugtraq.com). In implementing the GIG, strong preference should be given 
to suppliers who have a track record of quickly fixing reported flaws. Furthermore, preference 
should be given to products that are compatible with the Common Vulnerabilities and Exposures 
(CVE) list. CVE is a list of information security vulnerabilities and exposures that aims to | 
provide common names for publicly known problems. The goal of CVE is to make it easier to 
share data across separate vulnerability databases and security tools with a “common 
enumeration.” 


Furthermore, while the vulnerabilities of commercial technology need to be understood, the 
impact on the overall GIG architecture of adding the technology needs to be weighed before 
employment. We recommend that the GIG IA testbed be used to address this issue. As mentioned 
above, there is a great deal of publicly available information about technology and product 
vulnerabilities. The testbed should use this information as a starting point for developing a 
knowledge base of technology and product benefits and vulnerabilities. 


The DoD should develop a deep understanding of how commercial services are provided, so 
that they can be properly specified when purchased. For example, buying communication lines 
from multiple suppliers in order to gain redundancy and diversity may not yield the desired 
results, if each supplier's fiber goes through the same physical switch or runs over the same 
physical bridge. Instead, when buying a second communication line, DoD should specify that the 
line share no physical components or transit mechanisms with the first communication line. 


The final strategy recommended is to adequately resource a focused GIG IA R&D program. 
Current DoD IA R&D does not adequately address the IA needs of the GIG. Countermeasures 
must be developed in anticipation of attacks. The GIG IA testbed the panel recommends can be 
used to experiment with potential fixes before any form of specific attacks are found live on the 
GIG. The development of self-healing systems that are intrusion-tolerant and fault-tolerant is an i 
important step in deploying a reliable GIG infrastructure. Self-healing, recovery, and | 
reconstitution of GIG components could provide continuity of operation throughout and after 
significant attacks. Clear commercial trends point toward mobile code as an increasingly 
important software distribution and maintenance mechanism. Current practices in some networks 
of stripping mobile code out of incoming e-mail and disabling Java and J avaScript are stopgap 
maneuvers. Significant focused research is called for to contain and verify mobile code, to 
discover new methods of utilizing mobile code to defend against attacks (i.e., throttling incoming 
traffic at the routers during a denial-of-service attack), and to automatically install *good' viruses 
that upgrade system survivability. R&D focused on forensics, tagging, and traceback could 
provide GIG administrators with the tools necessary to trace attacks back to their source. Non- 
repudiable identification of malicious attackers and wayward insiders can provide a level of 
deterrence not currently in evidence. 
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4.3 DEFENSE-IN-DEPTH 


Uniform Defense-in-Depth 
Implementation Suggestion 


(e.g., NIPRNET*, 
Common - € pd (if level sos) SIPRNET i 
User WAN 1^ PRE IDS o Ics) 


Pca 


| Command M rud 
Enclave AE 


p———————Ó— B oe 


Host based IDS : 
$ IPsec, S/MIME, i 
| SSL, DNSSEC... | 


Workstation 
or Server 


Figure 32. Uniform Defense-in-Depth Implementation 


Figure 32 provides an example of layered defense, or defense-in-depth, from a traffic flow 
perspective. All DoD common user networks, SIPRNET and JWICS as well as NIPRNET, 
should reflect this architecture. This is a departure from current practice in which the classified 
networks do not provide significant barriers to attacks launched from sites in the same 
community, i.e., other subscribers to the same common user network. 


The outer perimeter represents an interface between a single-level, common user WAN, i.e., 
NIPRNET, SIPRNET, or JWICS, and a less sensitive WAN, i.e., the public Internet. (If a 
sensitivity level is crossed, i.e., from SIPRNET to NIPRNET, then a guard is employed.) This 
perimeter is protected by the use of a (stateful) packet filtering firewall (PFF) and an IDS. Non- 
IPsec or SSL protected traffic, i.e., e-mail, DNS, and web traffic, is screened via the PFF, and 
restricted to destinations inside the WAN that are well-defined web servers, e-mail servers, etc. 
The IDS here is used to screen traffic (at very high data rates) to detect patterns of attacks against 
multiple sites on the WAN, through correlation of analytic data from each of these IDS systems. 
Virus scanning might even be applied to (non-encrypted) e-mail attachments at this point, via the 
use of implicit mail relays. 
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At the enclave boundary, IPsec is the primary defense mechanism, preventing 
unauthenticated connectivity to external sources. A PFF is used for traffic that would not be 
afforded IPsec protection, i.e., e-mail and DNS services. (As illustrated in later discussion, web 
data designed to be available for public access will be maintained outside of the enclave 
boundary.) The enclave IDS has access to some plaintext data (except when IPsec or SSL is used 
all the way to a workstation or server) and thus can perform more analysis than the WAN IDS. 
Virus scanning can be applied to (non-encrypted) e-mail attachments at this point, if it is not 
applied at the WAN boundary. 


Each workstation or server is equipped with an IDS, which is monitored by the enclave 
security administrator. IPsec, SSL, and S/MIME are available for end-to-end cryptographic 
security, including authentication, integrity, confidentiality, and access control. A secure DNS l 
resolver interacts with secure DNS servers. . 


Example: NIPRNET Site Security 


Community 


Web Servers a "T ë 
(SSL required) Demilitarized 
Zone 
Intranet Servers: 
HTTP, DNS, 
SMTP, LDAP, ... 


Figure 33. Example: NIPRNET Site Security 


Figure 33 illustrates the IA components that would be employed at the interface to a typical 
NIPRNET site to implement the panel’s suggested defense-in-depth architecture. The Packet 
Filter Firewall (PFF) at the attachment point to the NIPRNET filters out traffic that should never 
access the web server. The IPsec device in the DMZ is the primary access control mechanism. It 
implements a basic PFF, as required by the IPsec specifications (RFC 2401). This device, or one 
immediately behind it, incorporates an IDS that focuses on non-encrypted traffic that traverses 
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the IPsec device. Examples of such traffic include transport mode IPsec or SSL traffic destined 
for machines on the base LAN. (Note, S/MIME protected mail cannot be scanned for viruses at 
the SMTP server, but any e-mail with viral attachments can be tracked to its sender when 
S/MIME has been used. This provides reliable attribution of such e-mail, which acts as a 
deterrent and provides excellent forensics. The host-based IDS will examine incoming e-mail 
attachments for malicious code upon receipt and decryption.) 

The DMZ IDS monitors traffic that bypasses the IPsec device (i.e., DNS traffic or SMTP 


traffic from the Internet) as well as decrypted traffic from other NIPRNET sites and from 
contractor sites. (A LAN-based approach may also be employed if technology permits.) 


The servers behind the IPsec device are accessed via a mix of plaintext and crypto-protected 
traffic streams. For example, DNSSEC and e-mail protection is at the application layer, whereas 
LDAP traffic may be unauthenticated or may be SSL/TLS protected. The latter will be required 
for access to sensitive directory entries and for all infrastructure management functions. 


Example: SIPRNET/JWICS Site Security 


Type 1 IPsec 


IDS 
ENT Web Servers 
[SM (SSL required) 


Enclave 


Figure 34. Example: SIPRNET/JWICS Site Security 


Figure 34 is similar to the NIPRNET example. Note that there are no DMZ community 
servers, because all traffic is IPsec protected. This approach is feasible because there is no direct 
communication with sites not on the same, common user WAN. All sites on SIPRNET or JWICS 
will be equipped with Type 1 IPsec devices and thus all traffic entering or leaving a site is 
protected and subject to access controls. 
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Example: DoD/Public Internet Interface 


IPsec tunnel to NIRPNET 


"m d site perimeter 


Web Servers 
for DoD data 
for the public 
IPsec, S/MIME, ME Use SSL server 


SSL/TLS certificates 
(DISA or ISPs) 


| prea S| 


—Á a 


Web Servers Nested IPsec connection 
ey (SSL required) t° host in LAN (future) 


Base LAN 


s 


DNS & LDAP servers accessible 
via controlled IPsec bypass 


Figure 35. DoD/Public Internet Interface 


Figure 35 illustrates the suggested interface between NIPRNET sites and the public Internet. 
In this approach, all DoD data that is releasable to the general public should be housed on web 
servers that are outside of NIPRNET. This segregation keeps traffic associated with this data off 
of NIPRNET, avoiding potential congestion on NIPRNET due to “legitimate” access. It' also 
minimizes opportunities for denial-of-service attacks against NIPRNET that masquerade as 
legitimate access to public Web pages. The web servers holding this data could be operated by 
DISA on behalf of all DoD activities, or could be outsourced to commercial providers, i.e., ISPs. 


Contractors, universities performing DoD sponsored R&D, and other users authorized to 
access resources on NIPRNET must use secure protocols and employ individual certificates. For 
example, access to a web server at a NIPRNET site will requires SSL/TLS, with client 
certificates. E-mail will be protected using S/MIME. The assumption is that each organization 
will establish a PKI and issue certificates to its employees in order to support these security 
protocols. 


These requirements seem quite feasible. SSL/TLS is integrated into freely available browsers. 
IPsec is built into Windows 2000 and should soon be available in Sun OS and Linux. (After- 
market IPsec implementations are available for Windows 95 and 98.) Access to web servers 
behind the enclave IPsec device makes use of SSL, which is bypassed by the IPsec device (when 
the destination is one of a set of selected web sever at the site). Most IPsec traffic to a site will 
terminate at the IPsec device, which enables local IDS examination of the traffic. However, a site 
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may authorize nested IPsec traffic for true end-to-end security where appropriate. S/MIME e-mail 
(with triple wrapping) from approved sources is protected all the way to the recipient, while other 
e-mail is subject to scrutiny at the SMTP server, i.e., attachments will be scanned for viruses and 
some types of attachments may be prohibited. 


Many organizations have, or have plans to establish their own PKIs. Small scale CAs are | 
either free, i.e., Windows 2000, or inexpensive, i.e., the Netscape Certificate Server (which costs | 
about $1,000). The major costs of instituting an organizational (local) PKI are administrative, not 
capital. Thus it does not seem unreasonable to mandate that organizations doing business with 
the DoD establish a PKI for secure communication purposes. (The DFAR might explicitly | 
authorize some of the costs of PKI establishment and maintenance as chargeable to DoD 
contracts.) 


Example: SIPRNET/JWICS Traffic Flows 


IPsec for inter-site 1Psec connection to 
secure connections host in LAN (future) 


SIPRNET 


IPsec 


DNS & LDAP servers 
transparently accessible 1Psec connection to 
host in LAN (future) 


Figure 36. SIRPNET/JWICS Traffic Flows 


Figure 36 illustrates connections between users or between a user and server at two SIPRNET 
or JWICS sites. The Type 1 IPsec devices at the perimeter of each enclave provide 
confidentiality, authentication, integrity, and access control for all traffic, transparently. Because 
all inter-enclave traffic is protected by these devices there is not need to bypass traffic. (Special 
provisions may be required for dual-homed enclaves that need to exchange BGP traffic with 
routers in the SIPRNET or JWICS backbone.) Thus all servers, including e-mail, DNS, and web 
servers are “behind” these devices. Each site is responsible for managing the access control lists 
in the Type 1 IPsec device(s) at its enclave boundary. 
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When a user in one enclave needs to send or receive data to or from a computer in another 
enclave, if further protection is required (in support of FGAC), IPsec, SSL/TLS, or S/MIME is 
employed. For example, all web server access is SSL/TLS protected. S/MIME is used to protect 
all e-mail. IPsec is employed when accessing other systems where SSL/TLS is not appropriate, 
i.e., where UDP (vs. TCP) is employed for transport. 


Guards, which provide controlled upgrade/downgrade connectivity to networks at different 
sensitivity levels, are located in enclaves, and thus communication with them follows this same 
paradigm. 


Suggested LA Functions in the Host 


Host-based intrusion detection and response 
+ Attack signature detection 
« Anomaly detection 


End-to-end security 
* IPsec trust termination 
* S/MIME 
+ SSL 


DNSSEC 


* High assurance domain name resolution 


Malicious and mobile code eradication 
* Virus detector 
« Malicious code scanner 
* Mobile code filter 


Figure 37. Suggested [A Functions in the Host 


In addition to boundary protection provided by the DiD architecture, there are a variety of 
functions that should be employed to defend the hosts in the GIG. The panel suggests that these 
be used in all DoD common-user networks, including NIPRNET, SIPRNET, and JWICS. 


IPsec, SSL, and S/MIME should be used for end-to-end cryptographic services such as 
confidentiality, authentication, nonrepudiation, integrity, and access control. A secure DNS 
resolver should be deployed with secure DNS servers to provide high assurance that a domain 
name is resolved correctly. A virus scanner, malicious code detector, and mobile code filter 
should be used to strip any attachments or content violating mobile code policies established 
within an enclave. 
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In keeping with the defense-in-depth strategy, host-based intrusion detection and anomaly 
detection tools should also be deployed. When IPsec is used all the way to the host, the host has 
the only opportunity to apply serious IDS scrutiny to incoming packets. Since the hosts will 
experience relatively small data rates, the IDS can be tuned to high levels of sensitivity. The host- 
based IDS should communicate alert information to other enclave IDS services which can 
correlate data from network IDS and other host-based IDS deployed in the enclave to obtain a 
more accurate enclave-wide view of intrusive and other network activity. Signature-based IDS 
should be kept up-to-date and output monitored by the enclave security administrator. 


Suggested Secure Net Management 


Network components require secure, remote management 
capabilities 
SNMP & Telnet are widely used for management today 


« Not secure 


SNMP v3 security is not PKI-enabled 


+ A commercial-sector focus 
Suggestions: 
+ Use Kerberos v5 (or TLS) with SNMP & Telnet 


+ Use PKI-enabled link crypto (e.g., STE) for physical 
layer switch management 


Figure 38. Suggested Secure Net Management 


Today, most layer 3 and above network components are managed remotely using a mix of 
SNMP and Telnet, although some offer web interfaces as well. Simple Network Management 
Protocol (SNMP) v1 offered no security, and so was used only for getting information from 
managed devices (for reading MIBs, but not for modifying them). Telnet, even if used with 
plaintext, reused passwords, was often employed. SNMP v2 had static, symmetric key 
cryptographic security added, but was not commercially successful. SNMP v3 has improved 
security services, but still uses manually distributed, symmetric keys. This is not consistent with 
our proposed use of PKI for user authentication and authorization everywhere else in the GIG. 
The use of Kerberos for SNMP v3 security has recently been proposed. Version 5 of Kerberos 
supports X.509 certificates and thus may provide a means of PKI-enabling SNMP v3. 
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Telnet, secured by Kerberos, is available and used today in some products for secure SETs, 
and web interfaces for management can make direct use of SSL/TLS. Telnet can also be secured 
using SSL/TLS. 


For the most part, the GIG will not own or directly manage circuits, but when it does, the 
circuit switches, SONET switches, and the like often require or offer out-of-band management 
interfaces, i.e., via the PSTN. These interfaces should be secured via link crypto devices that 
make use of PKI technology, to provide authenticated, integrity-protected, and confidentiality- 
secure channels. Some such devices are commercially available, and one can use STU-IIIs (or, 
preferably, the next generation technology, STEs) in this fashion as well. 


Suggested DoD PKI Strategy 


DoD must own and manage its own PKI 


DoD must deploy level 4 PKI as a top priority 


DoD PKI should be organizationally aligned, to ensure 
accountability, and minimize risks associated with errors 
and attacks 


NSA's Key Management Infrastructure (KMI) must 
provide 


* Unified ordering interface for users 
* External interfaces to non-DoD CAs 


+ High level of assurance 


Figure 39. Suggested DoD PKI Strategy 


As suggested in Figure 39, DoD should focus on deployment of level 4 PKI. If this requires 
delaying Common Access Card (CAC) deployment that delay should be tolerated. A PKI is a 
central element of system security and subversion of a PKI can undermine most layers of a 
defense-in-depth scheme. Thus it is critical that DoD take responsibility for its own PKIs. The 
DoD should not make use of commercial CAs, although the DoD PKIs must interoperate with 
commercial PKIs, i.e., to support authentication of DoD contractors. 


The DoD PKI should be aligned with organizational boundaries and should use alternate 
(subject/issuer) name extensions to incorporate DNS names and RFC822 names in order to 
facilitate native support of security protocols such as S/MIME, IPsec, and SSL/TLS. The NSA 
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key management infrastructure. (KMI) could provide a suitable infrastructure for these 
requirements. It is critical that certificates be issued along organizational boundaries, to constrain 
the damage that might result from local security compromises. For example, it must not be 
possible for an Army CA to issue a certificate that purports to be for an Air Force employee. 
Current plans for the KMI do not necessarily adhere to this principle and should be modified 
accordingly. Also troubling is the so-called “bridge CA" concept, developed for inter- 
organizational cross certification in the federal PKI. Several important PKI security features do 
not operate properly when a bridge CA is part of a certification path. A bridge CA should be used 
only to facilitate acquisition of public key certificates of other organizations, so that local security 
administrators can issue cross certificates directly to the other organizations with which they 
need to interoperate. 


DNSSEC is a PKI-like system that provides secure name/address translation support for most 
Internet protocols. The DNS is global in scope and thus the DoD should encourage widespread 
adoption of DNSSEC. Within the DoD, high assurance (cryptographic) technology should be 
employed to protect DoD domains, i.e., the DoD should implement DNSSEC for the .mil and 
.sml domain and sub-domains. 


Directories are essential for widespread deployment of e-mail security (S/MIME), because a 
sender must retrieve the certificate for a recipient prior to encrypting a message. IPsec and TLS 
do not rely on directories, except for certificate revocation status information. LDAP is the 
current, commercial directory interface standard; it is a rapidly evolving standard, of growing 
complexity. Security for directory access, i.e., via TLS, is improving, but implementations will 
probably remain significantly vulnerable for some time. The DoD must ensure that the directory 
systems it deploys make use of the best available load sharing, replication, and security. 
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Countering the Insider Threat and 
Providing Survivability 


= Suggested Systems Architecture addresses insider attacks 
via: 


* Use of IDS's to detect anomalous behavior (including 
insiders) 

* Use of IPsec, SSL/TLS, and S/MIME to provide 
intranet & extranet confidentiality for traffic 

* Use of IPsec and SSL/TLS for intranet & extranet 

access control 


= Systems Architecture addresses survivability via 


* Spatial, temporal, and information redundancy 


+ Design diversity (vs. monoculture) 


+ Reconfigurabilit 
Figure 40. Countering the Insider Threat and Providing Survivability 


The panel’s suggested system architecture and DiD address the insider threat previously 
discussed. Intrusion detection systems deployed in enclaves, on user workstations servers and 
other devices, monitor activity to detect inappropriate (i.e., suspicious) behavior by authorized 
personnel, as well as attacks by outsiders, which should provide a deterrent to some class of 
insiders, as well as aid counter-intelligence efforts. | 


The security protocols cited above (IPsec, SSL/TLS, and S/MIME, level-4 PKT) support fine- 
grained access control to information in storage on servers and in transit. This fine-grained access 
control helps prevent a subverted insider from eavesdropping on communications inside enclaves 
and helps prevent insiders from gaining access to servers or to other enclaves without explicit 
authorization. Because all of these protocols make use of PKI technology for authentication, the 
resulting audit trails also help to detect and deter insider misuse. 


Survivability is addressed through the use of redundant servers, access lines, and local | 
interfaces (i.e., multi-homing), and via dynamic routing in common user WANS. 
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Countering Denial of Service and 
Enabling Attribution 
IA Architectural Feature Benefits 


Packet Finding Filters Blocks DoS attack at edge Provide 
(PFF) and IPSec Certificate-based attribution 


Nested IPSec Provides tracking 
Provides locatization of target 


Anomaly Detection on 
Military Patterns of Use 


Improves response time 


Content Distribution Disperses DoS attacks 
Provides geographic attribution 


Inline IPSec Devices Fosters commercial robustness to 
DoS attacks 


Figure 41. Countering Denial of Service and Enabling Attribution 


In Figure 41, the panel suggests architectural elements that counter denial-of-service and 
provide partial ability to attribute attacks back toward their origins. The stateful packet-filtering 
firewalls installed at the boundaries should be configured to reject Internet Control Message 
Protocol (ICMP) echo and reply messages, and to throttle SYN messages to limit the number of 
half-open connections. Smurf attacks depend on ICMP echo reply (as well as other questionable 
mechanisms) that can easily be stopped at firewalls. Synchronization (SYN) floods depend on 
overflowing the fixed-length queues of TCP, so by throttling the number of SYNs allowed into a 
network, perhaps contingent on the completion of connections, one can limit the DoS potential at 
the firewalls. 


There is a potential performance penalty associated with such throttling, but this can be 
managed. In the Feb 2000 distributed denial-of-service attacks, approximately 80% of the attacks 
were Smurf, and 15% were SYN floods. Thus approximately 95% of Feb-2000-style DoS attacks 
would be mitigated by present and suggested firewalls at the enclave boundaries. 


The panel recommends the use of IPsec, which prevents denial-of-service within the 
enclaves. Further, future nested-IPsec implementations can counter denial-of-service and assist 
attribution by target localization and path tracking. The panel recommends research and 
development of networked IDS visualization tools for semi-automated sysadmin response, which 
would improve the time to response to a DoS attack. (It took days for sysadmins to identify the 
first DoS attack for what it was.) The panel also recommendation to employ anomaly detection 
can be configured to exploit known military patterns of use, and can trigger responses perhaps 
including dynamic user reauthorization. Content distribution networks, such as those run 
commercially by Akamai and Digital Island, provide additional mechanisms to counter DoS 
attacks. The static content of public DoD web sites can be replicated in a similar way. For public 
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DoD web sites using SSL server certificates to prevent web site defacement the current 
commercial offerings are inappropriate. Some content-distribution approaches provide a partial 
geographic attribution. Finally, the panel recommendation to support development of high-speed 
inline IP cryptographic device could foster widespread commercial IPsec use, initially in large 
multinational corporations. Together, the panel recommendations partially address denial-of- 
service attacks on the GIG and provide initial attribution capabilities. 


4.4 METRIC SUGGESTIONS 


Suggested Measures of Merit for IA 


* A spectrum of metrics is necessary 


" Researchers, designers, vendors, users and operators of 
information technology systems need metrics or measures 
of merit 


* R&D community needs to compare competing approaches, 
evaluate effectiveness of an approach on an absolute scale, and 
mark progress 


* Designers need to make systems engineering trade-offs 


* Vendors need to be able to certify their products, claim 
quantifiable advantage over competing products, and tell 
customers how much protection their products provide 


* Users need to evaluate competing products against their own 
requirements for information assurance and survivability 


* Operators need to assess the risks to their systems 


An important and inadequately addressed need... 
A difficult problem 


Figure 42. Suggested Measures of Merit for IA 


Metrics for information assurance and surveillance architectures are an important and 
inadequately addressed need. Researchers, designers, vendors, and operators of information 
systems need a broad spectrum of metrics to achieve their respective objectives. From a systems 
perspective there is a need to develop metrics for technical-, system-, and mission-level 
evaluation. This development will require collaboration amongst technical, evaluation, and 
operator communities. A testbed is required to provide a means for measurement of system 
performance given different scenarios and related information traffic. The defense-in-depth 
systems architecture and metrics-measuring capability facilitate new capabilities for indications 
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and warning. Figures 42 and 43 provide a few examples of how the metrics may be utilized by 
different communities at different stages of the lifecycle of a system. 


The research and development community must compare competing approaches, evaluate 
effectiveness of an approach on an absolute scale, and mark progress as a function of time. This 
paradigm of common metrics, validated training, and test data has proven to be extremely 
successful in areas such as speech, speaker, and language recognition. 


Designers need to make systems engineering trade-offs. This is particularly true when 
attempting to trade complexity for performance. 


Vendors need to certify products, claim quantifiable advantage over competing products, and 
tell customers how much protection their products provide. Metrics enable an Underwriters 
Laboratory (UL) approach to evaluating commercial products, i.e., common data, measurements 
and analysis. There has been progress on this front over the last 17 years, starting with the 
Trusted Computer System Evaluation Criteria (TCSEC) "Orange Book," progressing to the 
Information Technology Security Evaluation Criteria (ITSEC), and now the Common Criteria 
(CC) version 2. However, there are still questions about the viability of such security evaluation 
criteria, as noted in the recent National Research Council report, “Trust in Cyberspace."" Thus 
one should not expect that component evaluation will, by itself, “solve” the problems we face in 
engineering secure systems. Thus the approach described below, which emphasizes development 
of IA metrics for fielded systems, is critical. 


7 Users need to evaluate competing products against their own requirements for information 
assurance and survivability. Operators need to assess the risks to their systems. Measures of merit 
or metrics for information assurance and survivable architectures is an important and 
inadequately addressed need. 


7 Trust in Cyberspace, Committee on Information Systems Trustworthiness, Computer Science and Telecommunications 
Board, Commission on Physical Sciences, Mathematics, and Applications, National Research Council, National Academy 
Press, Washington, DC 1999, Fred B. Schneider, Editor 
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Suggested LA Metrics (Cont.) 


The goal is to evolve a set of information assurance metrics through evaluation, 
measurement and analysis of system performance / resistance to attacks: 
" Mission-Level 
- Task-oriented blue traffic and red team attacks 
- Mission effectiveness (mission specific parameters) i.e., time-to-complete, 
targeting, losses, situation awareness accuracy 
= System-Level 
Availability 
Response-time to neutralize attack 
- Time to reconstitute / repair damage 
- Percentage of successful attacks 
- (information latency 
= Technical / Component-level 
- Pp vs. PF, (intrusion detection) 
- Lost packets 
- Data integrity 


The need to develop metrics for technical-, system-, and mission-level 


evaluation will require collaboration amongst technical, evaluation, and 
operator communities 


Figure 43. Suggested IA Metrics 


The overall challenge, based on the architectural environment and an evolutionary 
experiment, evaluation, and analysis process, is to develop a set of information assurance metrics 
to measure system performance in the face of a wide-ranging set of attacks. At the mission-level, 
the metrics will involve task-oriented blue team operations and traffic and red team attacks to 
evaluate overall mission effectiveness. Mission level metrics would cover such topics as time-to- 
complete, targeting success, losses, situation awareness, timelines and accuracy, etc. Systems- 
level metrics are related to mission-level metrics but are finer grained and would cover overall 
system availability; response time to neutralize attacks, reconstitute and repair damage; 
percentage of successful attacks; and C2 information latency. At the technical and component 
level, suggested metrics include specific measurements of probability of intrusion detection vs. 
false alarms, to provide a basis for performance quantification. In addition, measurements of 
packet loss and data integrity and losses will provide a means for evaluating the overall 
performance of information systems. The relationship of measurements and performance at all 
levels will require collaboration amongst the technical, evaluation and operator communities. 


62 


Page 933 of 3957 


Page 934 of 39 


Test, Evaluate, Improve IA and IA Metrics 


ESC, CECOM 
SPAWAR AFRL, NRL 


DARPA 
DISA Metrics ARL, NSA 


technology 


i D de Test results 
Blue team 


Scenarios 


ipd Virtual GIG... 


Environment Testbed : 
Technical | 
Red team 


Attacks Users / Operators (e.g., Services, NIMA, NRO) Lessons Learned 


Operational 
+ Establish a distributed testbed & processes GIG 
« Develop technical metrics of IA effectiveness 


« Measure & evaluate the ability of IA systems to 
protect, detect, and react to attacks 


Figure 44. Test, Evaluate, Improve IA 


The goal of information assurance metrics is to evaluate the ability of information assurance 
systems to protect, detect and react to attacks. As noted in Figure 44, to achieve this goal it will 
be necessary to establish a distributed testbed and processes for developing information 
assurance effectiveness metrics. Testbed nodes should be located at the U.S. Air Force Electronic 
Systems Center (ESC), U.S. Army Communications Electronics Command (CECOM), Space 
and Naval Warfare Systems Command (SPAWAR), Air Force Research Laboratory (AFRL), 
NSA, etc. The participants in the evaluation process will include research and development, 
evaluation, and operational communities (services and agencies). The testbed will provide a 
means for measurement of system performance in the face of red team attacks on blue team 
scenarios and related information traffic. The testbed will also serve as a primary means for 
DARPA information assurance technology insertion and evaluation. The metrics and 
measurements will evolve as results are analyzed and lessons learned are derived from the data. 
Lessons learned will be fed back to red and blue teams to refine and update strategies and will be 
used by developers to improve system defenses. Lessons learned will also be made available to 
the GIG architects and system engineers to improve IA. 


This evolutionary process is essential to achieving a commonly accepted basis for measuring 
effectiveness of information assurance systems. The overall process represents a journey rather 
than a destination. Change is inevitable for offense, defense, infrastructure and particularly for 
COTS components. Measurement and evaluation of the ability of information assurance systems 
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to protect, detect, and react to attacks by adversaries must track these changes to achieve 
continued protection. 


Example: Experimental Measurement 
of IA Effectiveness 


Experimental Setup Adjustable Latency 


Hypothesis: Fast, automated reaction 
is needed to defeat attacks 


Experiment: Conduct attacks and vary 
response latency 

Observations 
Metric: Percent of attacks defeated 


Experiment Elements: 


- 


esBESZESESS 


* Network test facility 
* information assurance system 
* Range of attacks -- e.g. buffer 
overflow attacks giving root 
access 
500 1000 1500 2000 * Performance metric -- success 
Response Latency (msec) rate in killing attack process 


Percent 
Attacks Defeated (%) 


Figure 45. Example: Experimental Measurement of IA Effectiveness 


Figure 45 is an example of a recent experiment to measure information assurance 
effectiveness. In this case, an experiment team including information assurance systems 
developers, and attack developers, was assembled to measure the effectiveness of an Information 
Assurance System response to detected attacks. The IA system has the capability to detect attacks 
and to respond in a variety of ways, i.e., by killing the attack process and removing attack Scripts 
that may have been planted by an attacker. The latency of response time is an experimental 
variable — by waiting longer to respond, the IA system learns more about the attack, but might be | 
too late to defeat the attack. The example set of attacks is built around “buffer overflow” attacks, 
where the attacker exploits weaknesses in the operating system to become “root,” or “superuser.” 


An example of the experimental results is shown, where it is seen that a fast response (< 1 
sec) defeats all attacks, while a slower response (>1.5 sec) fails to defeat any attacks. The 
experiment metric — percent of attacks defeated — is simple, but the experiment design, the team 
required, and the scenario development, illustrate the major components required for 
experimental measurement of information assurance effectiveness. 
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IA Indications and Warnings 


= The defense-in-depth systems architecture and metrics measuring 
capability facilitate new capabilities for indications and warning 


« Intrusion detection systems: 

- Provide warnings at intranet, command enclave, and host level 
+ IPsec Access control 

~ Catalogs rejection of attempts to access segmented/restricted 


areas 


+ Firewalls 
- Provide filtered information that can be correlated with 
intrusion detection systems 


+ Hostlevel/ process level indicators 
.. Can be correlated with information from other levels 


Fusion of information from these sources provides 
a powerful new means for I&W 


Figure 46. IA Indications and Warnings 


As stated earlier, metrics for information assurance and survivable architectures are essential 
to achieving the broad spectrum of objectives of researchers, designers, vendors and operators of 
information systems. By implementing the defense-in-depth system architecture previously 
described, not only is system performance significantly improved, but a new set of system data 
(metrics) becomes available for indications and warning, as noted in Figure 46. The indications 
and warning data derive from a number of sources: 1) intrusion detection systems provide 
warnings at intranet, command enclave and host levels; 2) IPsec access controls provide data on 
illegal attempts to access segmented and restricted areas; 3) firewalls provide filtering 
information which can be correlated with data from intrusion detection systems; and 4) host-level 
and process-level indicators can be correlated with data from all of the above sources. The net 
result is that this multilevel, highly filtered data can be fused together to provide a powerful new 
means for facilitating indications and warning at multiple levels of the defense-in-depth 
architecture. 
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4.5 WIRELESS SUGGESTIONS 


GIG Wzreless Concerns 


Why Worry Potential Consequences 


No physical control of access 


perimeter Interception 


* Traffic (privacy) i 
: . : * Personnel location 
Essential to mobile tactical + Dialed number / packet address 
operations analysis 
+ Desire to use commercial 
waveforms, services and 
equipment in theatre 


Denial of access locally 
Used in post, camp and station Denial of service 
+ Provides quick insertion system wide 
infrastructure 
Network disruption 


DoD use of commercial carriers 
worldwide 


Figure 47. GIG Wireless Concerns 


Since before WWII, wireless facilities have been part of military operations. They have been 
used in radio trunking throughout the upper echelons of the force and in tactical radio nets in the 
lower echelons of the force. From an information assurance perspective, wireless links merit 
special consideration, as noted in Figure 47, because they are not confined to a physical perimeter 
and can be observed from as far off as space. 


Recognition of wireless observability and the Soviet radio electronic combat doctrine caused 
these links to be both encrypted and protected against jamming. In the last twenty-five years the 
tactical forces have procured a wide variety of secure radio systems. Wireless facilities will 
continue to enable mobile military operations. Recently, efforts to "digitize" the battlespace have 
demanded an increased bandwidth. Increased bandwidth systems will typically have shorter 
ranges and thus require “ad hoc" networks to move the data around the battlefield. As a result, 
networked communications will move further forward in the tactical area. 


Projections indicate that data will be an ever-increasing part of mobile military operations, 
while.the level of voice information will be relatively static. Consequently it can be expected that 
voice and data services will ultimately be provided above a common wireless/wired tactical 
Internet (the GIG). Thus the security of the wireless networking is essential to the performance of 
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the system. In the civilian world, the use of wireless has been rapidly exploding. Mobile personal 
communications systems, such as terrestrial cellular services and satellite-based services, 
represent large economic investments. They provide ubiquitous, near-global access to the public 
switched telephone network from small, inexpensive user devices. 


JV2020 envisions similar universal, on-the-move, information access for the military. 
Similarly, there are a number of emerging fixed wireless systems in use for wideband data and 
video access to the home. These systems are commercially attractive because they can provide 
service with a minimal infrastructure. For the military they can also provide "instant 
infrastructure" in existing and deployed post, camp and station facilities. While the use of these 
commercial capabilities in the GIG is attractive, these systems will be subjected to attack and, if 
compromised, could have system-wide impact. 


Passive interception and observation of links can provide information on user location, traffic 
content, called party, and pattern of use. Commercial providers are incorporating some forms of 
privacy in their systems to prevent well publicized eavesdropping and fraud. However, network 
signaling information is generally available and can be used to deduce information or attack the 


system. 


Active intervention in a wireless system, either by jamming or the use of equipment to render 
a system "busy," can deny access to communications service in a geographic area. More 
sophisticated attacks can deny particular users, or user communities, use of wireless facilities. AII 
mobile systems depend on some system level database to allow calls to find a user. Attacks on 
these databases, either outright or through exploitation of fraud prevention safeguards, can 
disable use of worldwide wireless facilities. 


Finally, as discussed subsequently the exploitation of network control structure can cause 
failure of the entire network. There have been examples of such failures in commercial networks 
due to software defects, and similar scenarios can occur due to either induced misbehavior or the 
use of wireless links to introduce false control signals into the network. 
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DoD Tactical Wireless 


Protection Tactical Internetting 


TRANSEC driven spectrum 
spreading 

+ Direct sequence 

- Frequency hopping 
Antenna steering 


COMSEC protection of 
information 


Networking 
Tactical Internet 
* Interconnected radio nets 


Internetting 
+ Extends range 
- Supports virtual nets 


Figure 48. DoD Tactical Wireless 


The DoD has led the technology development of a wide range of countermeasures to physical 
level attack on wireless links. These techniques may be employed individually or in concert. As 
noted in Figure 48, the standard technique for countering jamming is the use of spread spectrum 
techniques, which can be carried out with either frequency hopping or direct sequence spreading 
or a combination of both. The basic strategy common to both is to spread the information across 
a wide range of frequencies so that the jammer has to dissipate his power over the whole 
spectrum, while the desired user can exploit his private spectrum access information to reject the 
jamming signal. Adaptive antenna arrays have also been used to spatially reject a jammer. On 
most tactical radio links today the information is protected by COMSEC, typically embedded in 
the radio. 


In the forward tactical area, radio nets have traditionally served single organizations. Recently 
there has been a desire to move digital information across multiple radio networks to achieve 
wide area connectivity and coordination. Initially this has been accomplished by using routers to 
interconnect secured radio nets, with the routers operating on decrypted traffic (system high). The 
Army’s interconnected system is referred to as a Tactical Internet. Various exercises have shown 
that the routers are vulnerable to intrusion. 
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With a demand for higher bandwidth and robust connectivity, the emerging system concept is 
to separate the radio resource from the application. In this model the radios form an intranet 
where each radio handles all traffic in its area. The organizational communications are then 
achieved as a “virtual” net — above the radio infrastructure. 


Commercial Intelligent Network 
Architecture 


" gua Signal Point (SSP) 
> Originates service requests 


+ Receives signaling 
commands 


« Controls traffic path 
connectivity 


CCITT 47 * Signaling Transfer Point (STP) 


Signaling E ech in CCITT#7 
+ Conveys signaling 
messages 


» Service Control Point (SCP) . 
+ Network processing 


ven resource 
Traffic Path * Determines call progress 


actions 
Generdly Fixed 


Figure 49. Commercial Intelligent Network Architecture 


The GIG will use communications links in the Public Switched Telecommunications 
Network (PSTN). In the 80's, telecommunications providers developed and deployed a system 
architecture termed the "Intelligent Network" (IN) noted in Figure 49. This system architecture 
separated the signaling and control portions of the network from the interconnection process, so 
that advanced, revenue-producing, call-handling services could be provided. In this system 
model, a Service Switching Point (SSP) takes a subscriber's request for service and forwards 
messages through a network of Signal Transfer Points (STP). STPs are packet switches deployed 
throughout the telecommunications network. The originating SSP uses these messages to request 
information from Service Control Points (SCP) on how to respond to the service requests. 
Service Control Points (SCP) contains system-level data and processing services. In response to 
these requests, messages are sent to all switching points required to complete the response to the 
call request. The suite of protocols used to communicate these control operations has been 
standardized by the CCITT international standards body and is referred to as Signaling System #7 
(SS7). 
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Access to the Signal Switching point is across an access facility. Traditionally this point has 
been twisted pair and considerable effort has been made to move ever-increasing data rates 
across this copper plant. In the 1980s, Integrated Service Digital Network (ISDN) was deployed 
to provide144 kbps to subscribers. More recently, higher rates have been made available through 
Digital Subscriber Line (DSL) technology. 


Emerging Commercial Wireless 


* Mobile Personal Communications 
+ Terrestrial cellular 
+ Satellite (e.g., Globalstar) 
+ Mobile data 
Local Multipoint Distribution (LMDS) 
+ Wideband Data / video distribution to the home 
Direct Broadcast Satellite (DBS) 
+ Assymetric data communications 


Satellite Wideband Internet (Teledesic, Skybridge, 
Spaceway, etc.) 


Figure 50. Emerging Commercial Wireless 


The majority of the recent wireless explosion has been in the area of wireless access to fixed 
infrastructure. Cellular and personal communications systems (PCS) technologies, for example, 
use wireless access to deliver mobile users both switched voice services and narrowband data 
services. Low earth-orbiting satellite systems are in the early stages of deployment. These | 
systems allow a user access to the fixed infrastructure across a wider roaming area where ! 
terrestrial base stations may not be available. In addition, as shown in Figure 50, there are high- 
speed wireless access technologies, such as the Multichannel Multipoint Distribution System 
(MMDS) and Local Multipoint Distribution System (LMDS), whose services are based on high- , 
bandwidth radio segments in the spectrum at the 20 GHz frequency range. Emerging wireless | 
access methods include Direct Broadcast Satellite (DBS), which employs Ka band satellite 
technology to distribute entertainment programming. DBS systems also offer asymmetric, two- 
way data transmission supporting high-speed data transmission to the user (from the satellite 
system) and low-speed data reception from the user. 
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Wireless wide area transport systems are planned to provide low-cost, high-bandwidth data 
and voice service to remote areas. These systems operate from either low earth orbit (Teledesic 
and Skybridge) or geostationary orbit (Spaceway). Most of these systems use the 20-30 GHz 
band, where wide bandwidths and small antenna apertures are possible. 


Cellular Wireless Arc hitecture 


Cellular Wireless Application C 
= Mobile Switching Center 


Subscriber Service — (MSC) and Base station 


‘Management « Wireless Access Point to 
System Fixed Infrastructure 


« Signaling Transfer Point (STP 


+ Packet switch in CCITT#7 
Network 


System Data Bases 
+ Authentication Center 
(AuC) 
+ Home Location Register | 
(HLR) 
* Visitor Location Register 


(VLR) 


Figure 51. Cellular Wireless Architecture 


The widest deployment of commercial wireless is in the mobile cellular system for which the 
system model is shown in Figure 51. Commercial mobile wireless services are furnished largely 
within the context of the Intelligent Network Architecture. The figure shows the standard 
wireless model. In the case of the cellular wireless application, the Mobile Switching Center 
serves the role of the Service Switching Point. The Mobile Switching Center and its associated 
Base Stations receive call requests from the mobile subscriber population. Call handling 
information is then requested from several key system databases, via the CC7 network. Messages 
are space-based on the (ANSI)-41 standard protocol suite. 


These databases are: 1) the Home Location Register (HLR) which contains all of the 
information about the user and his current location within the system; 2) the Visitor Location 
Register (VLR) which contains information about all subscribers within an area served by a 
Mobile Switching Center (MSC); and 3) an Authentication center which validates the billing 
validity of the subscriber and accumulates the billing information. There may also be an 
Equipment Identity Center that holds information on particular devices in use within the system. 
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In the future, other processing resources are anticipated for new wireless-based services. One 
is a group of voice-controlled services, i.e., voice-controlled dialing, that allows the wireless user 
to control features and services through spoken commands. Another is a suite of services offering 
incoming-call options, where the subscriber can customize call-forwarding or call-blocking 
instructions for different types of incoming calls or receive calling name identification. 


Cellular Reference Model 


= Spectrum 
$ Link/LAN ; 


Network Infrastructure 


s 
LIII 48094229BPPRBERObRROROEODAEEEE 2 


Figure 52. Cellular Reference Model 


The next level of detail in the cellular communications systems model is presented in the 
cellular reference model shown in Figure 52. This figure illustrates the Base Station and Mobile 
Station that provide the subscriber access to the system. Base stations are sometimes split into 
one or more Base Transmission Systems (BTS) at a cell site and a Base Switching Center (BSC). 
Multiple BTS’s can be served by a single BSC and a single Mobile Switching Center (MSC) can 
serve multiple BSCs. 


There are several potential attack points in this system. The first is an attack on the cell 
spectrum or a wireless point-to-point link between a BTS and a BSC or a BSC and an MSC. The 
information that is accessible at this point primarily pertains to subscribers currently within the | 
serving area of an MSC and thus has a more localized effect. Wider ranging network attacks can | 
be mounted against wireless point-to-point links that move signaling and traffic information 
between system nodes, either SS7 messages to system databases or internal information such as 
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cell handoffs. Finally, classical cyber attacks can be mounted against any of the infrastructure 
databases, which are available through the SS7 network or increasingly through the Internet. 
While some protection mechanisms are in place, they likely will yield to a determined attack. 


The key point to note is that while commercial wireless services may give the appearance of 
infrastructure independence, they are in truth a vulnerable extension of a vulnerable 
infrastructure. 


Utilization of Countermeasures 


Available s 
AJ 


Spectrum Access |Waveform Multiple Access 
TRANSEC LPI LPD Objective uses 
Spatial filtering Strong TRANSEC | Weak TRANSEC 
Some Spatial 
filtering 


Encryption 
AccessContol 
Intrusion Detection 


Figure 53. Utilization of Countermeasures 


A number of countermeasures are classically available to attacks mounted at different points 
in the composite system, as indicated in Figure 53. Attacks in the radio frequency spectrum are 
the most familiar threat to the military user, and there are a variety of techniques for countering 
them such as random waveforms driven by high quality Transmission Security (TRANSEC) and 
spatial filtering of jammers by adaptive antennas. Although commercial wireless systems employ 
similar waveforms (GSM uses frequency hopping and IS-95 uses spread spectrum), they are 
designed to combat interference from other users and provide no margin against jamming. 
Additionally, these systems are designed for easy access. 
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Tactical military systems also typically protect each link with strong encryption, but only 
some commercial wireless systems employ any encryption, and that encryption is weak. Above 
the link level neither system has much protection. The tactical internet operates its routers at 
system high security level, while commercial systems employ rudimentary protection if any. 


End-to-end Type 1 confidentiality is being provided through the NSA CONDOR program 
that is making commercial wireless available with embedded strong encryption. 


4.6 GIG IA SUMMARY 


GIG IA $ummary 


Figure 54. GIG IA Summary 


Figure 54 provides a summary of the panel's suggestions for GIG IA. As we noted, the 
Global Information Grid is the underlying infrastructure to support information superiority for 
JV2020. The implementation of the GIG is one of the significant events that occurs once every 
decade or two. The architecture that is designed today will impact the DoD in the next decade or 
more. To meet this challenge, the panel has identified a layered architectural approach for 
providing information assurance to the GIG by pursing a disciplined architectural approach: 


e Link encryption at the physical layer 


e ISO-like reference model with commercial protocols, i.e., IPsec for end to end 
protection 
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e Segmentation of DoD from Internet, and segment by classification and enclaves 


e Adopt PKI/PKE 


e Use fine-grained access control of computers and communication resources 


In addition to the architectural layers, the approach also includes use of correlated multi- 
layered IDS data (i.e., at common user, command and host levels) as inputs to intelligence- 
enabled tracing systems and modus operandi detectors. Attribution is facilitated by highly filtered 
data for signal-to-noise enhancement and IPsec for path tracing and target localization. The 
approach of the layered defense, combined with measurement, rapid response, and attribution, 
results in significantly reduced vulnerability and dramatically improved GIG information 
assurance. 
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CHAPTER 5. RECOMMENDATIONS 


Architecture Recommendation I 


= Information Superiority Board 
+ SecDef establish a DoD “Information Superiority” Board of Directors (BoD) 
to provide oversight and governance for the realization of DoD-wide Global 
Information Grid (GIG). Board to be impaneled immediately 
-- Members include: Dep SecDef (chair), USD/AT&L, VCICS, ASD/C3I 
+ Board should establish an Advisory Group that draws on senior, private- 
sector individuals (with prior DoD experience) who are leaders in the area 
of internetwork technologies, commercial security technologies, emerging 
commercial satellite systems and the like 
- The advisory group will: 
* Bring knowledge of existing and emerging commercial 
technologies useful to DoD 
* Provide independent counsel to board regarding achieving the 
goals set in Recommendations 2 through 4 
* The advisory group should be established under federal advisory 
committee regulations and impaneled immediately 
« Time: 180 days from Summer Study conclusion 


« Cost: $100,000 


Figure 55. Recommendation I—Information Superiority Board 


Consistent with its findings that under current organization (see discussion specifically 
associated with Figure 25), methods, and procedures the DoD is unlikely to realize a measured, 
consistent, and effective approach to creation of a Global Information Grid (GIG), the panel 
recommends the formation of a DoD Board of Directors for Information Superiority. 


The Secretary of Defense should impanel the Information Superiority Board immediately, 
with membership consisting of the Deputy Secretary of Defense (as chair), the Undersecretary of 
Defense (Acquisition Technology and Logistics), the Vice-Chair of the Joint Chiefs of Staff, the 
Assistant Secretary of Defense (Command, Control, Communications, and Intelligence), and the 
Director of Central Intelligence. 


It is further recommended that the Information Superiority Board create an advisory group 
under Federal Advisory Committee regulations (or as a permanent DSB Panel) consisting of 
senior private sector IT leaders. The Advisory Group's purpose would be to provide the board 
with up-to-date knowledge of current and emerging commercial information systems, services, 


8 — Reference: Defense Science Board Report on Tactical Battlefield Communications, February 2000 


77 


Page 948 of 3957 


Page 949 of 3957 


and network technology of potential use to the DoD in the realization of its Global Information 
Grid. It would also offer experience-based advice from industry as to the best technical and 
management methods for creating such an infrastructure. 


The advisory group should consist of recognized industry experts in inter-networking 
technologies, commercial information and network security technologies, emerging information 
transfer technologies and systems, and other commercial activities such as standards 
development, infrastructure development, and the like. The advisory group charter should also 
ensure that the group provides independent assessments and counsel to the Information 
Superiority Board concerning the achievement of the goals and objectives set forth in panel 
recommendations that follow. 


Architecture Recommendation II 


* Implementing the GIG 
* The board should establish an executive office responsible for 
leading and implementing the DoD-wide, common-user 
internetwork (transport component of GIG) 
Executive director should be a minimum five year appointment 
and tasked to develop an implementation plan and processes, 
including resources to permit completion of GIG by 9/30/03 
-- The board should provide system engineering resources to the 
executive office through a dedicated system engineering team 
comprising 20 to 30 outstanding network systems engineers 
drawn from throughout DoD 
+ Time: 
~- Office and leadership position established by 6/1/01 
- Systems engineering office and billets set up by 6/1/01 


+ Cost: $10M per year 


Figure 56. Recommendation II—Executive Director and GIG Implementation Process" 


Placing the proper emphasis on GIG implementation and ensuring adherence to the policies 
established in accordance with the previous recommendations requires continuous oversight. It is 
therefore recommended that the Board of Directors for Information Superiority create, by 
1 June 2001, an executive office responsible for leading the implementation of the DoD-wide 
common user internetwork on behalf of the board. The executive office director should be | 
a senior DoD leader appointed for a minimum of five years. The executive director should be ! 
provided programmatic oversight for all DoD C4ISR systems acquisitions (including those 
procured by the services) and through this oversight ensure that all such systems are 
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interoperable within and as part of the GIG. It would be the executive director's primary 
responsibility to deliver the GIG. 


Several additional, more specific actions needed to accomplish the GIG objectives follow: 
1. The executive director should be tasked to develop a GIG implementation plan, to 
include technical milestones, measurable interim goals, and an estimate of the 
resources necessary to complete transition and realization of the GIG by 
30 September 2003. 


2. The board of directors should provide manpower billets for a system engineering 
team to support the Executive Director. A cadre of 20 to 30 outstanding system 
engineers with backgrounds in Internet telecommunications and security 
technologies should be selected from throughout DoD. These individuals must be 
deep technically and visionary in their system engineering skills. This system 
engineering team would provide independent technical inputs to the executive 
director regarding the many responsibilities this individual will be given, as noted 
in the next paragraph. 


3. The executive director should immediately establish a process to transform DoD 
information infrastructure systems from their present stovepipe configurations 
into a global DoD-wide common-user virtual intranet, the GIG. This 
transformation must embody the current and evolving commercial IT standards, 
protocols, and technology, with the goal of reducing inefficiency in spectrum 
usage and the costs of information transport, storage, retrieval, and management. 

` Most important, this transition should enable new operational flexibility that can 
be leveraged by warfighters. 
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Arc hitecture Recommendation III 


* Executive director should establish a consistent IA strategy 
for all GIG networks 


* Select reference model 
* Define a single system architecture 
* Address tactical & strategic systems integration issues 


* Utilize JTA security chapter as single source IA 
standards 


+ Time: by 10/1/01 
* Cost: already included in recommendation II 


Figure 57. Recommendation III—A rchitecture 


The GIG executive director should immediately set policy and guidance for GIG IAA. 
Specifically, ambiguities regarding an IA reference model, system architecture, and technical 
architecture (as noted in the body of the IAA report) should be clarified. The executive director 
should establish this unified strategy and framework no later than October 2001. 
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Architecture Recommendation IV 


« Executive director should implement the system architecture through DoD CIO 
and Service CIOs 

« Continue to aggressively deploy PKI, address scalability issues 

e Aggressively pursue NSA KMI initiative, address scalability issues 

+ Deploy PKI-enabled subscriber security protocols: IPsec, SSL/TLS, S/MIME 

+ Develop Type 1, high speed (multi-gigabit) IPsec devices 

« Constrain SIPRNET & JWICS network connectivity security policies 

« Deploy network infrastructure security technology: DNSSEC & S-BGP 
(under development now) 

» Deploy diverse intrusion detection systems at WAN & enclave boundaries 
and in hosts 

« Move all public DoD web sites off NIPRNET 

+ Direct DISA to transition subscriber interfaces to IP (consistent with 
availability of suitable Type 1 crypto) 

« Employ spatial redundancy and design diversity for critical servers 

+ Time: incrementally deploy with FOC NLT 2006 

> Total = $1.5B over 5 years (a 50% increase over POM’d PKUPKE initiative) 
& leverage IA R&D investment 


Figure 58. Recommendation IV—A rchitecture 


Finally, the GIG executive director should work through the CIO Executive Panel and the 
MCEB to implement the GIG system architecture. Specific system architecture and 
implementation issues that need immediate attention are noted in Figure 58. These include: 


e Continuing to aggressively deploy PKI, and addressing scalability issues 

e Aggressively pursuing NSA KMI initiative, addressing scalability issues 

e Deploying PKI-enabled subscriber security protocols: IPsec, SSL/TLS, S/MIME 
e Developing Type 1, high speed (multi-gigabit) IPsec devices 

e Constraining SIPRNET and JWICS network connectivity security policies 


e Deploying network infrastructure security technology: DNSSEC and S-BGP (under 
development now) 


e Deploying diverse intrusion detection systems at WAN and enclave boundaries and in 
hosts 


e Moving all public DoD web sites of NIPRNET 


e Directing DISA to transition subscriber interfaces to IP (consistent with availability of 
suitable Type 1 crypto) 


e Employing spatial redundancy and design diversity for critical servers 
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To support GIG implementation and to accelerate the DoD PKI/PKE strategy, the panel 
recommends an increase in budget of 50% over what is presently planned. This increase should 
not only accelerate the strategy, but also fund the development of Type 1 high-speed IPsec 
devices. This funding increase should be complemented and supported by the IA S&T 
investments called for in the companion report of the IA Technology Panel of the Defensive 
Information Operations summer study. 


Architecture Recommendation V 


= Executive director's system engineering office should establish a 
GIG IA R&D testbed 
* Develop metrics for protect, detect, and react (consistent w/ 
JV2020) 
* Combine real networks with simulation to achieve sufficient 
scale 
* Relate testbed experiments to real world via selected exercises 
and experiments 
* Test, evaluate, and determine vulnerabilities, including wireless 
* Transfer results to GIG as P3I 
* Provide feedback to industrial base 
> Time: 
-- Establish version 1 testbed by 7/1/01 
-- Support test, evaluation, and analysis efforts and testbed 
upgrades through 2006 
+ Cost = $200M over five years 


Figure 59. Recommendation V—Testbed 


The panel recommends that the executive director's system engineering office establish a 
GIG IA research and development testbed. The testbed nodes should be located at ESC, 
CECOM, SPAWAR, AFRL, NSA, etc. The participants in the evaluation process will include 
research and development, evaluation, and operational communities (services and agencies). The 
testbed will provide a means for measurement of system performance in the face of red team 
attacks on blue team scenarios and related information traffic. The testbed will also serve as a 
primary means for DARPA Information Assurance technology insertion and evaluation. The 
metrics and measurements will evolve as results are analyzed and lessons learned are derived | 
from the data. Lessons learned will be fed back to red and blue teams to refine and update 
strategies and will be used by developers to improve system defenses. Lessons learned will also 
be made available to the GIG architects and system engineers to improve IA for the deployed 
system. 


82 


Page 953 of 3957 


ENNNMNENEEEEEEEEEEEEEEEEEEEE————————————————J''/"——————— ' ''J7J——————— — A 


Page 954 of 3457 


Finally, the testbed should be used to engineer, evaluate, and update defense-in-depth (DID) 
strategies and technologies. The testbed will provide the means to understand residual DiD (and 
GIG) vulnerabilities and thus facilitate cost/benefit analysis for GIG IA investments. As noted in 
the panel's findings, no rigorous means for evaluating DiD systems, architectures, or 
technologies exist today. 


The testbed should be implemented no later than July 2001, and augmented to support GIG 
IA technology, architecture, and metric evaluation over a five-year period. 


Architecture Recommendation VI 


= Director DII COE office should develop IA infrastructure 
consistent with GIG system architecture 


+ Select operational application and integrate PKI with 
services (e.g., Common Operating Picture-COP) 


« Establish COE generic IA services using NSA KMI 


« Provide generic services as COE infrastructure and 
DoD PKI as available 


+ Develop and deploy PKE COP by 9/1/02 


+ Cost = $10M over two years 


Figure 60. Recommendation VI—IA Infrastructure 


The panel recommends that the DoD begin the process of incorporating IA, and specifically 
PKI/PKE into the DII COE. In discussing alternatives with representatives from DISA, it was 
noted that the Common Operating Picture (COP) application is critical to CINC and services 
Joint-Task-Force-mission success. For a modest investment focused on PKE of this application, 
an acceleration of PKI into the COE, as generic, run-time utilities, can be accomplished. In 
addition to gaining important experience with PKE in battlefield applications, PKI could be 
integrated into the COE setting software standards and infrastructure for use in other service and 
CINC C4ISR systems. 


Although IA infrastructure is planned to be incorporated into the COE “sometime in the 
future," the panel feels that accelerating this process is critical to ensure consistent PKE with 
tactical CAISR systems. Experience gained sooner rather than later is key to effectively deploying 
an IA-enabled COE for the GIG. 
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THE UNDER SECRETARY OF DEFENSE 


3010 DEFENSE PENTAGON 
WASHINGTON, DC 20301-3010 


JAN O 4 2300 
ACQUISITION AND 
TECHNOLOGY 
MEMORANDUM FOR CHAIRMAN, DEFENSE SCIENCE BOARD 


SUBJECT: Terms of Reference -- Defense Science Board Task Force on 
information Warfare - Defense 


You are requested to form a Defense Science Board (DSB) Task Force to review and 
evaluate DoD's ability to provide information assurance to carry out Joint Vision 2010 in the 
face of information warfare attack. 

Tasks to be accomplished: 


Using the “1996 DSB report on information Warfare — Defense" as the departure point, 
address the following: . 


e What is the status of action on the recommendations? 
e Where there are shortfalls, what are the barriers to action and what should be done? 


- » What important aspects did the 1996 Task Force miss that should have been 
addressed? 


e Assess the recommendations of other important reports that have addressed 
information assurance issues. 


The Information Warfare - Defense Task Force will determine: 


ə Adequacy of the process toward the information assurance goals needed to carry 
aut Joint Vision 2010. 


e Adequacy of the Department's readiness to project and sustain power in the face of 
information warfare attacks. 


ə The appropriate role(s) and capability of DoD to provide information assurance in 
support of Homeland Defense and in support of Critical Infrastructure Protection. 


e Recommendations for research and development which are uniquely in DoD's 
interest, and thus not likely to be accomplished by the private sector in the time 
required to meet DoD's Information Warfare - Defense objectives. 


+ Areas in which DoD should seek strong partnering relationships outside DoD, such 
as with the Critical Infrastructure Assurance Office (CIAO). 


| e The Task Force should provide an interim report by June 30, 2000. 


ó 


Page 958 of 3957 


Page 958 of 39 


Page 959 of 3957 


The study will be co-sponsored by the Under Secretary of Defense (Acquisition, 
Technology and Logistics) and Assistant Secretary of Defense for C3l. Mr. Larry Wright will 
serve as the Task Force Chairman: Colonel Gregory Frick will serve as the Executive 
Secretary;and Major Tony Yang, USAF, will serve as the Defense Science Board Secretariat 
Representative. 


The Task Force will be operated in accordance with the provisions of P.L. 92-463, the 
"Federal Advisory Committee Act,” and DoD Directive 5104.5, "DoD Federal Advisory 
Committee Management Program." It is not anticipated that this Task Force will need to go Into 
any "particular matters" within the meaning of Section 208 of Title 18, United States Code, nor 
will it cause any member to be placed in the position of acting as a procurement official. 


J. S. Gansier 
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DR. MICHAEL S. FRANKEL (Chair) is vice president and director of SRI International's 
Information, Telecommunications, and Automation Division. Dr. Frankel's expertise is in 
survivable command, control, and communication system design and implementation, radio 
frequency systems design and analysis, remote sensing, and data acquisition, reduction and 
analysis. Dr. Frankel is a Fellow of the IEEE and a member of the Cosmos Club, AFCEA, 
ADPA, Sigma XI and Tau Beta Pi. He received his B.S., M.S., and Ph.D. degrees in electrical 
engineering from Stanford University, California in 1968, 1970 and 1973, respectively. He was a 
member of the Army Science Board from 1992 through 1998, and served as its chair from 1996- 
98. When he left the Army Science Board, the U.S. Army awarded Dr. Michael Frankel the 
Distinguished Civilian Service Award. This award is the highest commendation that can be given 
to a civilian providing volunteer services to the Army and can only be bestowed by the Secretary 
of the Army. Dr. Frankel is presently a member of the Defense Science Board. He is the author or 
co-author of seventy SRI technical reports, over twenty publications in technical journals, and 
two textbook manuscripts. Dr. Frankel holds patent disclosures on passive satellite systems, a 
passive frequency-steerable microwave repeater system, an emitter location system, as well as 
one on the TeleEducation concept and a passive, high gain, frequency-steerable satellite repeater. 


DR. STEPHEN THOMAS KENT is Chief Scientist- Information Security, BBN 
Technologies, Director- Security Practice Center, GTE Internetworking, and Chief Technical 
Officer, CyberTrust Solutions. Dr. Kent holds the following degrees: Ph.D, Computer Science, 
Massachusetts Institute of Technology, September, 1980; E.E., Electrical Engineering and 
Computer Science, Massachusetts Institute of Technology, February, 1978; S.M., Electrical 
Engineering and Computer Science, Massachusetts Institute of Technology, May, 1976; B.S., 
Mathematics, summa cum laude, Loyola University of New Orleans, 1973. 


In his role as Chief Scientist, Dr. Kent oversees information security activities within BBN 
Technology, and works with government and commercial clients, consulting on system security 
architecture issues. In this capacity he has acted as system architect in the design and 
development of several network security systems for the Department of Defense and served as 
principal investigator on a number of network security R&D projects for almost 20 years. In his 
capacity as Director of the SPC, Dr. Kent monitors all security-related aspects of the service 
offerings of GTE Internetworking Services. He reports to the President of GTE Internetworking 
and coordinates with engineering, operations, and marketing to ensure the security quality of 
offerings. As CTO for CyberTrust Solutions, Dr. Kent provides strategic direction for this 
certification authority business, reporting to the President of CyberTrust. | 


During the last two decades, Dr. Kent's R&D activities have included the design and 
development of user authentication and access control systems, network layer encryption and 
access control systems, secure transport layer protocols secure e-mail technology, multi-level 
secure (X.500) directory systems, public-key certification authority systems, and key recovery 
systems. His most recent work focuses on public-key certification infrastructures for government 
and commercial applications, security for Internet routing, and high assurance cryptographic 
modules. 
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Dr. Kent served as a member of the Internet Architecture Board (1983-1994), and chaired the 
Privacy and Security Research Group of the Internet Research Task Force (1985-1998), both now 
under the auspices of the Internet Society. He chaired the Privacy Enhanced Mail (PEM) working 
group of the Internet Engineering Task Force (IETF) from 1990-1995 and co-chairs the Public 
Key Infrastructure Working Group (1995-). He was a charter member of the Board of the 
International Association of Cryptologic Research (1982-89) and served on the editorial board 
for the Journal of Telecommunication Networks (1982-1984). He currently serves on the 
editorial board of the of Journal Computer Security (1995 and on the board of the Security 
Research Alliance, a consortium of leading information security companies. 


Dr. Kent served on the Information Systems Trustworthiness Committee (1996-98) of the 
Computer Science and Telecommunications Board (CSTB) of the National Research Council 
(NRC). He was major contributor to the committee report, “Trust in Cyberspace." Previous 
CSTB/NRC service includes the committee on Rights and Responsibilities of Participants in 
Networked Communities (1993-04), the Technical Assessment Panel for the NIST Computer 
Systems Laboratory (1990-1992), and the Secure Systems Study Committee, which produced the 
"Computers at Risk: Safe Computing in the Information Age" report (1988-1990). Dr. Kent has 
often been called upon as a reviewer of CSTB committee reports. 


The Secretary of Commerce appointed Dr. Kent as chair of the Federal Advisory Committee 
to Develop a FIPS for Federal Key Management Infrastructure (1996-08). The output of that 
committee forms the underpinning for a FIPS on Key Recovery. He previously served on the 
Presidential SKIPJACK Review Panel (1993-1994). 


Dr. Kent has been an active participant in a number of professional conferences, as a speaker, 
session chair, program committee member, etc. He chaired the steering committee for the 
Symposium on Network and Distributed System Security (1990-1998) and was General Chair of 
the IEEE Symposium on Security and Privacy (1996-97). He has appeared as an invited speaker 
at security conferences throughout the United States, Europe and Asia. 


Since 1977, Dr. Kent has lectured in the United States, Europe, Australia, and Asia on the 
topic of security in computer communication networks on behalf of various organizations, 
including the National Cryptologic School, George Washington University, M.IT., University of 
Southern California, UCLA, various government agencies, and several private firms. 


DR. PATRICK LINCOLN is the Director of the Computer Science Laboratory of SRI 
International, a leading center for research on the fundamental issues of computer security, 
networks, and automated formal methods. Under his direction, the lab is expanding its presence 
in these areas and is extending its research agenda into new areas. Dr. Lincoln joined SRI in 1992 
after completing Ph.D. work at Stanford University in Computer Science. He holds a B.Sc. from 
MIT and has previously held positions at MCC and Los Alamos National Laboratory. Dr. 
Lincoln is an active researcher in the fields of networks, security, language design, and mobile 
code. He has published widely and made significant contributions to the formal analysis of 
systems, languages, and protocols in computer security, safety, and fault tolerance, and to their | 
integration into survivable systems. He serves on the Digital Island (Nasdaq: ISLD) Strategic 


Advisory Board. http://www.csl.sri.com/-lincoln 
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ALAN J. MCLAUGHLIN received BS and MS degrees in Electrical Engineering from 
Northeastern University in 1957 and 1959, respectively. During 1959-60 he served as a 
Lieutenant in the U.S. Army Signal Corps Laboratories at Fort Monmouth, NJ. He was awarded 
the Army Commendation Medal for meritorious service. From 1961-71 he was a Lecturer at the 
Northeastern University Graduate School of Engineering. 


From 1960 to 1962 he was a project engineer with Contronics, Inc., engaged in the design 
and development of automatic test equipment. He joined the engineering staff of Deco 
Electronics, Inc. in 1962, where he designed digital communications equipment. In 1965 he 
became a systems engineer with General Instrument Co., where he was involved with the design 
of sonar systems and associated signal processing equipment. 


In 1967 Mr. McLaughlin joined the staff of MIT Lincoln Laboratory. Initially he was engaged 
in the design of special-purpose processors for anti-jam communications systems and later with 
the design of high-speed signal processors. He established a laboratory for the investigation of 
GaAs laser diode parameters and participated in the design of an optical communications system. 
In 1972 he joined the Education Technology Group where he was responsible for the design of 
Computer-Aided Training systems. In 1974 he was appointed Leader of the Education and 
Computer Technology Group. 


In 1975 he was appointed Associate Head of the Computer Technology Division and a 
member of the Lincoln Laboratory Steering Committee. In 1978 he was appointed Head of the 
Computer Technology Division with management responsibility for laboratory programs in 
speech, radar and image signal processing, computer networks, digital processor technology, 
digital integrated circuits and machine intelligence technology. In 1992 he was appointed 
Assistant Director of Lincoln Laboratory. He is currently responsible for Advanced Electronic 
Technology, Air Traffic Control and Surface Surveillance programs at the Laboratory. 


In 1978-79 Mr. McLaughlin served on an Air Force steering committee for advanced 
computer technology planning. In 1980-81 he served on a National Academy of Science study 
committee on modernization of Air Force computerized administrative support systems. In 1984- 
85 he was a member of a senior advisory committee to the Director of ARPA in the area of 
information processing. Since 1986 he has been a member of the ARPA Information Science and 
Technology Study Group. In 1988-89 he served as co-chairman and in 1990-91 chairman, of the 
ARPA Study Group. In 1991-92 he served on a National Academy of Science study committee 
on Modernization of the Worldwide Military Command and Control Information System. In 
1993 he served on the Air Force Scientific Advisory Board Study on Information Architectures. 
In 1994-95 he served on a National Research Council Committee on Future Technologies for 
Army Multimedia Communications. He has served on a variety of Defense Science Board task 
forces: 1994-95 Acquiring Software Commercially, 1996 Defensive Information Warfare, 1996- 
97 Aviation Safety, 1997-98 Military Excess and Surplus Material, 1999 Investment Strategy for 
DARPA. Mr. McLaughlin is a member of Eta Kappa Nu and a Senior Member of the IEEE. 
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PETER STEENSMA is Chief Scientist and Senior Technical Director, ITT Aerospace 
Communications Division. He received his B.S. degree at Calvin College in Physics, 
Mathematics, and German Literature; his M.S. was received from the Polytechnic University of 
Brooklyn; and he was a Research Associate at Princeton University. 


Mr. Steensma has 30 years of communications systems design and development experience, 
including mobile tactical networks, tactical switching, radio and optical fiber transmission, 
secure command and control networks, and satellite and terrestrial radio navigation. 


Recent highlights include: 


e Initiated and provided technical leadership to several programs aimed at establishing 
the next generation of mobile tactical communications systems, including Hand-held 
Multimedia Terminal and Small Unit Operations DARPA programs 


e Formed international consortium of 12 nations and established a multinational joint 
venture company, TACONE, to set next generation NATO post 2000 
communications standards 


e  Ledconceptualization and development ITT communications products in the Tactical 
Internet, including SINCGARS radios (SIP and ASIP), Near Term digital Radio 
(NTDR), and the Internet Controller. These supported the US Army TF XXI exercises 
and subsequent digitization efforts 


e Technically led a winning US/UK team for UK Project Bowman, a total Forward 
Area Battlefield Communications System for the United Kingdom Ministry of 
Defense. Led the development and demonstration of a Product Demonstrator, the first 
mobile tactical internet system. Continuing responsibility and support for developing 
production solution 


Past positions include, Director of Systems Engineering, Director of Internal Research and 
Development, Manager of C2 Systems Engineering, Senior Scientist Transmission Systems. 


JOHN WOODWARD is the Technical Director of the Intelligence and Special Programs 
Division, which executes MITRE's $35M Air Force intelligence program. Mr. Woodward also 
serves as corporate Director of Information Warfare, where he is responsible for ensuring that 
MITRE’s varied information warfare activities are coordinated, responsive to broad government 
objectives, and of high quality. 


Mr. Woodward has more than 25 years of experience in software engineering with MITRE, 
and has specialized in information system security for the past 22 years. Prior to his present 
position, he was the Associate Technical Director of the Information Systems Security Division, 
where he shared management responsibility for MITRE's technical center providing information 
security and defensive information warfare expertise throughout MITRE, and to MITRE's 
Department of Defense, intelligence, and Federal Aviation Administration customers. 


In earlier positions at MITRE, he managed the prototype development of the Joint Worldwide 
Intelligence Communications System, and was responsible for MITRE's intelligence information 
system support to the Defense Intelligence Agency, North American Air Defense/U.S. Space 
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Command/Air Force Space Command, and the Strategic Air Command. He also led MITRE's 
Artificial Intelligence Technical Center. He was responsible for inventing, prototyping, and 
specifying compartmented mode workstations, which are now available commercially from 
multiple vendors. He also created and was the original chairman of MITRE's Information Policy 
Committee. 


Mr. Woodward received masters and bachelor's degrees in applied mathematics/computer 
science in 1974 from Brown University. 
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DSB Agenda 22-23 Feb 2000 


To be held at the offices of 
Strategic Analysis, Inc. 
3601 Wilson Blvd., Suite 600 
Arlington, VA 22201 


Tuesday, February 22, 2000 


0845 — 0900 Administrative Remarks Mr. Wright and Col Frick 
0900 - 1000 Eligible Receiver/Solar Sunrise Lt Col Perry Luzwick, OSD 


1000 - 1100 * Classified (Network Intrusion) CDR Bob Gourley, JTF-CND 


1100 — 1200 DoD Insider Threat IPT results Mr. Tom Bozek, OSD 
1200-1300 | Lunch/FreeDiscussion — — — —  — | — | 


1300 -1400 Global Information Grid Architecture Mr. John Osterholz/Mr. Terry 
Hagle, OSD 


1400 - 1500 DoD Web Security Initiatives Ms. Linda Brown, OSD 
1500 — 1630 * Classified DIA Threat/I&W John Yurechko 
1630 Summary/Wrap-up/Time for Panels as needed EMEN 


Wednesday February 23 


0845 — 0900 Administrative Remarks: Mr. WrighuColFrik| — | 


0900 — 1100 * Classified NSA Overview to include Mr. Larry Castro/CAPT Ed 
threat/red teaming/strategy Kinerva 


1100 — 1200 Navy IA overview/capabilities CAPT James Newman 


(200-1300 | LuscbDiscussins ——— | So 


1300 — 1400 AF IA overview/capabilities Lt Col Dave Warner/Lt Col 
Susan Pardo 


1400 — 1500 Army IA overview/capabilities Mr. Phil Loranger/LTC Krist 


1500 —1600 | DISA IA overview/vision (pending) or time for 
panel breakouts 


Note: morning and afternoon breaks will be taken as needed. Original plans for this plenary 
session included a brief from DTRA (ruling was that it can be given at the future but only at SCI 
level) and Kosovo Lessons Learned (still trying for this, but releasability issue with Joint Staff at 
this time). 
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DSB Agenda 27-28 March 2000 


To be held at the offices of 
Strategic Analysis, Inc. 
3601 Wilson Blvd., Suite 600 
Arlington, VA 22201 


Monday, March 27, 2000 


[199-129 |  PaeChisOswbifogewhwerioDue | 
[mo-1m | lueeeDhamim O | — 


Tuesday, March 28, 2000 


0800 —0830 | Opening Remarks Dr. Mike Frankel 
miu) b RR 1 —  — M 
0830-0930 | Defense in Depth II Col Pat Phillips 
nnl RR Dice 
0930 —1030 | Information Assurance Technical Framework | 
(ATP) NSA 


Network Management System (NMS)/ 
Base Information Protect Air Force 


COL Roger Robichaux 
Air Force 
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AGENDA 
DSB Task Force on Defensive Information Operations 
April 19-20, 2000 
Booz-Allen & Hamilton 
Hamilton Building Room 2014 


00 
00 
00 
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DSB IAA PANEL 
Agenda 20 April 2000 


Thursday, April 20, 2000 


0800 — 0830 Opening Remarks Dr. Mike Frankel 

mm eam 
0830 — 0930 Navy/Marine Corps Intranet Mr. Scott Henderson : 
pee [evinces Saat 
0930 — 1030 DII Security Architecture Mr. Richard Hale 
ae eee ee 


wono [wa  — — | — — — 7] 

1100 — 1130 ISO Security Reference Model Dr. Stephen Kent Up 

11:30-12:00 Lincoln Lab Security Metrics Mr. Alan McLaughlin 
pem mm 


LUCNHCNETUOT OC -——-——— — —— 
zos |se | — 
[35-50 | Diseusionand Wrapup —— 1] — — — — —] 
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Agenda 
Defense Science Board Spring Quarterly Meeting 
May 24-25, 2000 
Thursday, May 25, 2000 (3E869) 


Lunch in Blue Room (3D854) hosted by Hon. 
Jacques S. Gansler, Under Secretary of Defense 
(Acquisition, Technology & Logistics) 


1315 Annual Group Photo (River Entrance) MEER 


1330 Intelligence Needs for Civil Support Dr. Ruth David 
Mr. Peter Marino 


Closing Comments DSB Chairman 
Mim ||] 
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DRAFT AGENDA 


MAY 26, 2000 
DSB TASK FORCE ON DIO 
STRATEGIC ANALYSIS, INC. 
3601 WILSON BLVD. SUITE 600 
ARLINGTON, VA 22201 


Pervious DARPA IA perspective Sami Saydjari A 


[ me| uma Od 
[ me| Mmm  —  ]- . ——— —] 


S 
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DRAFT AGENDA 
DSB TASK FORCE ON DIOAT 
SAIC SCIF 
4001 N. Fairfax Drive, Suite 500 
Arlington, VA 
Tuesday, June 13, 2000 


DSB IAA PANEL 
Agenda 
June 14, 2000 
To be held at the offices of 
Strategic Analysis, Inc. 


3601 Wilson Blvd., Suite 600 
Wednesday, June 14, 2000 


8:00 — 9:00 TA Security Standards Mr. James Barnette DISA 


Results of a DARPA sponsored study on Mr. Al Mclaughlin/MIT/LL 
"Information Assurance for Mobile Operations” 

An approach and some preliminary results on: 
"Intrusion Detection for the Lower Tactical Internet" 


930-945 [ Break gg NN 
9:45 — 12:00 Architecture Development and Recommendations o] 


12:00 — 12:30 Working Lunch 
12:30 — 3:30 Architecture Development and Recommendations 
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DSB IAA PANEL 
Agenda 
July 12-14, 2000 
To be held at the offices of 
Strategic Analysis, Inc. 
3601 Wilson Blvd., Suite 600 


Wednesday, July 12, 2000 


BRIEFER 

[800-8530 | CWe-Sp O O O a 
[1030-1085 | ee — — — — o 
hms-ma [lm SSS 


12:30 — 1:30 Reference Model Dr. Stephen Kent 
Dr. Patrick Lincoln 
Mr. John Woodward 
Technical Architecture Dr. Stephen Kent 
Dr. Patrick Lincoln 
Mr. John Woodward 
Dr. Stephen Kent 
Dr. Patrick Lincoln 
Mr. John Woodward 


3:30 — 4:30 System Architecture 
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Thursday, July 13, 2000 


8:00 — 8:30 Coffee — Sign-in Lee OS 


8:30 — 10:00 COE Mr. Ken Wheeler 
DISA 

10:00 — 11:30 JWICS Mr. Jim Watson 
DIA 


11:30 - 12:30 General Issues Discussion 
1:00 — 5:00 Integrate Briefings 


Friday, July 14, 2000 


ES RN 


9:45 — 10:00 Findings & recommendations — Technology Panel Rich Mendelowitz 


10:00 — 10:15 Findings & recommendations — IAA Panel Mike Frankel 


9:30 — 9:45 Findings & recommendations — Organization Panel 


10:15 — 15:00 Task Force Discussion on outbrief and other issues 
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ASD/C3I Assistant Secretary of Defense for Command, Control and 
Communications 


Asynchronous Transfer Mode 


Base Switching Center l 
Base Transmission System 
Command and Control 
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COP Common Operational Picture 
CORBA 
COTS 


Common Object Request Broker Architecture 
Commercial off the shelf 

Common vulnerabilities and exposures 
DARPA 
DBS Direct Broadcast Satellite 


Defense Advanced Research Projects Agency 


DCE Distributed computing environment 
DDR&E 


DEERS/RAPI | Defense Enrollment Eligibility Reporting System/Real-time Automated 
DS Personnel Identification System 


Director Defense Research and Engineering 


Department of Defense Federal Acquisition Regulation Supplement 
(DoD) 

DEPSECDEF | Deputy Secretary of Defense 
IA Defense Intelligence Agency 

Defense-wide Information Awareness Program 


DiD Defense in Depth 


IU z 


Defense Information Infrastructure 


DISC4 Director of Information Systems, Command, Control, Communications, 


and Computers 
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EXECUTIVE SUMMARY 


Within the Department of Defense, the next several years will be marked by steadily 
increasing reliance on automated information systems. In accord with Joint Vision 2020 
(7V2020), the Department will be proactive in supporting and shaping this evolution. 


In recognition of this reliance on information systems and in reaction to attacks on DoD 
computer systems, the Department has begun a wide range of activities that focus on prevention 
of problems through protection of computer networks. The rapid advances in information and 
communications technology mean that as the years pass, entirely new infrastructures, embodying 
new technologies, will emerge — and each will be accompanied by its own set of new 
vulnerabilities. As a result, protection of networks will necessarily require continuous 
improvement. These protections will require vigorous and focused research. It is the view of this 
Technology Panel that an increase in research beyond current levels is required to minimize the 
vulnerability gap that will always exist between network vulnerabilities and network protection. 
It should be noted that DoD requirements for protection are likely to go well beyond what is 
required by the private sector. 

As computer networks and weapon systems lose their individual identity and merge into one, 
protection will be necessary, but not sufficient to assure that networked information will be 
available when required. As this Defense Science Board has noted, despite the best network 
protection, attacks will occur and some will succeed. When a computer network has been 
attacked, the commander must be able to know: 

e When will the system be restored? 

e How much of the system will be restored? 

e How much of the original system will operate? 

e What are the consequences of limited network availability? 

e Will the information on the network be reliable? 

e How will the commander know for sure that the information is reliable? 


e What options will be available to the commander? 


Today, the answer to these questions would be, “We do not know." This is clearly a bad 
answer in peacetime and a totally unacceptable answer during a military operation. 


The Department has ieached a milestone with its awareness of computer network 
vulnerabilities, and with funded programs to address protection and defense of networks. 
Unfortunately, while restoration of network service, data integrity, and confidence in the data on 
the network are as important to success of JV2020 as network protection, these activities remain 
largely ignored and are essentially unfunded. Successful development and implementation of 
these “consequence management" functions are the next major milestone for DoD Information 
Assurance (IA). 
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The Department must also aggressively address its information assurance (IA) research and 
development (R&D) personnel requirements now, in order to avoid more serious problems in the 
next few years as more personnel leave the Department and fewer high-caliber R&D managers 
remain. Although this topic is addressed more extensively by another Panel report, we believe it 
is so fundamental that we endorse and highlight the finding. Education and training issues must 
be among the very first steps that the Department should take in this area. As urgent as the other 
IA technology issues are that we discuss below, this issue is the highest priority in the 
technology area. Without enough qualified and well-trained technical people, virtually all of the 
issues that the Department faces in IA will be even more difficult to resolve. 


Protection of DoD networks is fundamental to the success of future operations, and this... _ 
protection depends upon a very focused R&D program. However, this Panel finds that IA R&D l 
activities are distributed among the Defense Advanced Research Projects Agency (DARPA), the 
services, and defense agencies. Some long-term research is ignored, and some short-term 
research is redundant. Accordingly, this Panel proposes a new and very focused management of | 
IA R&D. Establishing an information assurance R&D office in the Office of the Secretary of 
Defense (OSD) that reports to the Global Information Grid (GIG) architect is the first step in 
bringing focus to IA R&D management. This R&D office will assure that DoD research for IA” 
be coordinated, be subject to multi-year planning, take into account private-sector research, and 
be adequately resourced to minimize DoD network vulnerabilities on a rapid but achievable 
timetable. Given today's commercial product cycles, it is unlikely that any new DoD-sponsored 
research will produce protection results that can be transferred within three years into critical 
networks. DoD research must therefore be a long-term, continuous investment activity that 
should not be expected to play a significant role in the near term. 


Moving resources from minimally funded protection activities to network restoration 
activities will not result in an acceptable solution for either problem. Establishing a new 
milestone of consequence management calls for additional funding. Since the commercial world 
has largely ignored this issue, solutions will have to start with a vigorous DoD R&D program. 
This Panel believes that the minimum R&D investment that should be added to current efforts to 
improve the overall security of the GIG is $350 million over five years— about twice the level of 
funding today. 
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INTRODUCTION 


The 1996 Defense Science Board (DSB) Summer Study brought attention to the increasing 
reliance of DoD on networked computer systems. The DSB report noted the vulnerability of 
these computer systems, and the fragility of the information residing on and passing across these 
networks. It made strong recommendations that the Department increase emphasis on the 
protection of these systems and the information they held. The report also recommended that 
computer network defense (CND) become integral to the development and deployment of DoD 
networks. 


During the four years since that report, the Department has made considerable progress on 
these recommendations. Awareness of computer network vulnerabilities is much higher, and 
various system components have been deployed specifically for network security. Research 
programs, principally at DARPA and the National Security Agency (NSA), have emphasized 
those defensive technologies that DoD requires but commercial systems are unlikely to include. 


However, during that same period of time: 


e DoD has greatly increased its reliance on information contained in, processed by, and 
distributed over networked computer systems. 


e Information superiority has become essential to achieving JV2020. This vision 
requires highly secure networked systems. 


e Intrusions into DoD networked computer systems have become more sophisticated 
and more frequent. (The frequency of these intrusions is similar to what is being 
experienced in the non-DoD environment.) 


e Development and deployment of new network technology has greatly outpaced 
information assurance technology, increasing the vulnerability of DoD systems. 


As a result, despite the considerable progress that is apparent within DoD, a computer 
network vulnerability gap has continued to increase. Systems complexity is growing faster than 
solutions. And while new network capabilities will most certainly always outpace defensive 
technologies, considerable DoD R&D must be devoted to computer network defense to manage 
and reduce the vulnerability of this critical capability. 


Potential adversaries have recognized both the increasing reliance of DoD on networked 
computer systems and the opportunity they now have to diminish the effectiveness of DoD 
operations through active network attacks. For example, representatives of both China and 
Russia have expressed the belief that they can neutralize U.S. capabilities through information 
operations. The “Unrestricted War" concept from China and the Russian nationalist Vladimer's 
comment that “we can bring the entire West to its knees with our computer specialists” are 
examples of that thinking. 


In order to assure the availability and integrity of critical DoD computer networks, the 
Department must develop a long-term strategy that posits a desired end-state for information 
assurance that is consistent with JV2020 and provides a roadmap for achieving that end-state. 
While many areas need to be included in an overall roadmap, the information assurance R&D 
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roadmap is fundamental. The key for DoD to be prepared on the scale required is an information 
assurance R&D program supporting the protection needs of the global information grid. 


The information volume that JV2020 will need to handle and protect will be vast. It is 
already possible to project data rates that will require protection in the range of multiple terabits 
per second. These rates are comparable to moving the current Library of Congress electronically 
every minute. The DoD and intelligence databases in 2020 almost certainly will be many 
hundreds of times those of the current Library of Congress. While secure remote access to data 
will reduce somewhat the requirement for data rates and bandwidth that increase in proportion to 
the size of databases, it is still obvious that protecting information in the volumes required for 
successful execution of JV2020 will be a daunting task. 


It has recently been understood that no matter how sophisticated defense of computer 
networks becomes, they will remain vulnerable to a determined adversary, disgruntled employee, 
or simply natural events. Experience shows that as our defensive capabilities increase, so will 
the adversary's offensive ones. U.S. adversaries over the next 20 years will be developing a 
range of attack capabilities that will likely cover every possible node and path of DoD networks. 


There will certainly be attacks against DoD networks. Many will be ineffective, but more 
importantly some attacks will succeed. The results of a successful attack will range from an 
irritation or embarrassment all the way to serious disruption of critical DoD networks or 
information. The severity will depend on the attacker's skill level and resources, and the defenses 
DoD has in place. These attacks could result in serious damage to a critical DoD network, but 
could also compromise a warfighter's confidence in the information system he or she has to rely 
on — no matter what the attack actually accomplished. 


Unfortunately, today DoD has no methodology for dealing with the consequences of a 
successful attack and restoring integrity in its systems. And so, with the ever-increasing reliance 
of DoD on computer networks as an integral component of war fighting, this Defense Science 
Board finds that it is now necessary to develop technologies to help recover and restore its 
networks and the data they contain. One of the key tasks in this area will be to restore the 
integrity of networked computer systems that have been attacked, or are thought to have been 
attacked, and restore confidence that they remain ready for their intended purpose. Warfighters 
must have confidence in their information and the technology that provides it. The technologies 
that will deliver effective defense in depth of DoD, be able to recover and reconstitute those 
networks after an attack, and restore their integrity, need considerable emphasis. 


It should be noted that any list of research areas compiled today would certainly not be a 
complete list for tomorrow. Part of the information assurance R&D management challenge in the 
rapidly evolving world of information technology, is the frequent examination of those research 
areas most needed to provide defense of and integrity restoration to the latest computer network 
developments and deployments. Against the tide of technological advances and determined 
adversaries, considerable R&D will be required just to maintain the level of security we have 
today. Much of the R&D required by the DoD will not come from the private sector. To achieve 
and maintain the higher levels of protection required by JV2020, it will be necessary for DoD 
R&D investment to keep pace. 


The DoD must provide the support for an aggressive R&D program that has the breadth and 
depth to deal with the entire spectrum of information assurance issues. These issues range from 
near-term needs to thwart the latest threats that surface, to long-term basic research. The latter 
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must be coupled with an examination of the R&D strategies necessary to satisfy the full range of 
JV2020 requirements. Further, the R&D program must result in products that are unique to DoD 
requirements and which complement and enhance commercial systems. Many of these research 
programs will necessarily be long term—not suited to short-term evaluations. 


The specific amount of R&D funding required is likely to be a matter of debate, but the 
general level needed is at least a factor of two over the DoD information assurance R&D 
spending of today. There are many areas that are today minimally funded, which this report 
highlights. There are certainly many more areas that time did not allow us to pursue, or that have 
simply not yet been articulated. 
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RESEARCH TOPICS 


The pace of technology growth guarantees that any list of needed research topics will be 
incomplete shortly after it is written. Part of the information assurance R&D management 
challenge in the rapidly evolving world of information technology is the frequent examination 
and re-evaluation of those research areas most needed to provide defense of and integrity 
restoration to the latest computer network developments and deployments. 

Keeping in mind the need for frequent re-evaluation of R&D programs in light of 
commercial developments, research successes, and new deployments, there are four general topic 
areas that prove useful in categorizing R&D for computer network defense. This report provides 
findings on areas of necessary research in each category of a network attack timeline, namely: 


1. Early Capability Assessment 


2. Prevention and Protection 
3. Consequence Management 
4. Attribution 


What follows is a general description of each of these topics together with some 
representative technologies that this Panel feels currently need increased attention. 


EARLY CAPABILITY ÁSSESSMENT 


Computer network defense, like any defense, is most effective if the intentions and 
capabilities of an identified adversary are understood, and when it is known that offensive 
operations have, in fact, begun. The technology for this entire area of intelligence, indications 
and warning, intention, and identity-determination is complicated by legal and policy issues, 
which are discussed elsewhere in this report. Examples exist today of attacks which have gone 
unnoticed, of intrusions with unknown purpose, and of network disruptions that have remained 
un-diagnosed. This is a technology area that must mature as JV2020 develops. Some necessary 
research topics include the following. 


Cyber Intelligence Tools 


One of the weakest aspects of U.S. defensive information operations is our extremely limited 
ability to detect, assess, and understand both hostile information operations (IO) capabilities and 
precursor indications and warning of attack. A program is required to develop tools to attenuate 
these shortcomings. Advanced active agents using secure mobile code would be developed that 

| could gather information without taking any hostile actions. "Picket" or "sentinel" agents could 
provide early warning of hostile action or intent. This program will ideally result in an array of 
tools that will provide a much greater understanding of hostile IO capabilities against the United 
States and its allies and better warning of incipient attacks. 
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Attack Pattern Discovery 


No methods exist for automated or assisted discovery of existing or novel attack patterns or 
signatures, particularly for those attacks that are distributed across many computers or networks. 


PREVENTION AND PROTECTION 


Much of the progress within DoD since the 1996 DSB report has been in the area of 
protection of DoD networks and prevention of unauthorized access. These are very important 
and sensible places to begin the defense process. However, as DoD becomes more and more | 
dependent on networks, and as the complexity of these networks increases, the opportunities for i 
disruption will also increase. R&D is required that is specifically designed to prevent problems | 
caused by both insiders and outsiders, to prevent unknown attacks, and to guard against | 
commercial systems with unknown flaws. The science of network security is currently immature, 
but with proper R&D infusion, the foundation for the protection required by JV2020 can be put ! 
in place. 


Representative areas of research to enhance protection of DoD networks and prevention of 
unauthorized access would include those that follow. 


Scalable Global Access Control 


Current DoD network architecture calls for a secure network with authorized access via 
tokens — a public key infrastructure (PKI). The scope of this security apparatus is enormous. It 
will involve distribution of secure capability to multiple locations in many countries. It will 
require limited access for foreign coalition partners. It will necessitate the distribution of millions 
of tokens — some number of which must be issued and revoked on a daily basis. It will require 
rapid implementation and expansion during a period of crisis. It cannot burden the user. It must 
withstand insider attacks. 


These are severe requirements. PKI has not been modeled and tested under extremes of this 
type. It is the security backbone of the future, and must be supported by a vigorous R&D 
program that addresses its scalability, its extremes, and any vulnerability. It requires the same 
attention to detai] that continuous testing of high-grade cryptographic systems has had over the 
past several decades. 


Malicious Code Detection and Mitigation 


The need to nullify malicious code is acute for both the defense information infrastructure 
and the national information infrastructure because of increased connectivity and reliance on the 
Internet, increasing prevalence of mobile code, and likely development of and access to code by 
disgruntled insiders and outsiders. 


Malicious code is defined as a program that is written or introduced into a system by 
someone with malicious intent. The program is intended to damage system function without the 
operator's knowledge or consent. It is the most rapidly emerging and least understood cyber 
threat to DoD information systems. Examples of such code are Trojan horses, viruses, worms, 
trap doors, and time bombs, and each has had notorious successes in worldwide attacks against 
commercial and military networks and systems. Ominously, the latest versions of these codes 
represent a merging of the characteristics and capabilities of these existing threats into new, more 
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powerful forms. Code mobility provided by the World Wide Web has further facilitated the 
spread of malicious code. 


Presently, malicious code is being countered by firewalls, virus-checking software, and 
similar defensive mechanisms. These mechanisms rely on knowledge of past attack modes. The 
response to new attacks is reactive, i.e., the response occurs after the attack has been initiated, 
significant damage to data has been done, and systems have been shut down to cleanse them. 
Well-designed attacks are succeeding, with such denial-of-service events as Trinoo scripts and "I 
love you" viruses not only damaging services, but also eroding confidence in the security of both 
commercial information and the systems required for national defense. 


Future research needs to enable malicious code defenses to become more proactive. It must 
enable real-time detection and neutralization of attacking codes, the development of tolerant 
system architectures, and the creation of security policies and policy enforcement mechanisms. 
Though security policy may seem a vague abstraction, it is crucially important in controlling 
malicious code. Without a security policy that defines what actions are prohibited, it is difficult 
to argue that any code is malicious and even harder to define policy enforcement mechanisms. 


Mitigating and eliminating malicious code in its many forms is crucial for protecting the 
information infrastructures that are an integral part of our society and the backbone of JV2020. 
Research for the following areas will require a multi-disciplinary approach that brings together 
experts from computer science, information security, and real-time systems design. Overarching 
research needs to be undertaken in the following areas: (1) defining a malicious code taxonomy 
to facilitate research discussion, (2) providing a mapping between this taxonomy and the kinds of 
mechanisms that would be needed to protect and detect malicious code, and (3) designing new 
software architectures and tolerance measures that would facilitate elimination of malicious 
code. In addition, specific research is required for addressing malicious code, including: (1) 
semi-automatic source code inspection for existing attacks (static), (2) dynamic code scanning, 
(3) system integrity checking, (4) reverse engineering, and (5) code signing. This research will 
broaden coverage of the information assurance spectrum, advance an emerging information 
assurance industry, and contribute to a deeper understanding of defensive information 
operations. 


Mobile Code Security | 


Mobile code security decomposes into three challenges: 

e Protect hosts from malicious inbound code 

e Protect code from malicious hosts 

e Construct survivable distributed systems capable of tolerating compromised elements 


Although the question of protecting hosts from malicious code is far from resolved, this 
challenge represents a special case of the general malicious code. The distributed nature of 
malicious mobile code opens opportunities not available to isolated systems. 


Protecting individual parts of mobile code from malicious hosts represents a more difficult 
problem given natural dependencies on the executing platform. Although general solutions seem 
distant and speculative at this point, the potential at least bears further exploration. 
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Conversely, it may be possible to leverage code mobility in constructing survivable 
distributed systems more capable of tolerating compromised elements. This potential stems from 
the ability to dynamically distribute an application across many hosts. Such dynamic 
fragmentation could eliminate a priori information necessary for adversarial strategic targeting. 
Moreover, if future network bandwidth and computing power facilitate shipping both internal 
memory structures (e.g., stack) and code snippets around the network, architectures could be 
constructed with far less exposure at any given time. The challenge of leveraging code mobility 
to increase survivability seems quite promising as a general area of research. 


Anomalous Behavior Detection 


The technologies for detecting anomalous behavior are too brittle to produce robust and 
useable results. Outcomes are laden with false alarms and missed events, both of which increase 
human and system workload, while reducing confidence in results. These technologies are badly 
needed for mitigation of the insider threat, as well as for underpinning downstream technologies 
for detection of related threats. 


Fault Tolerance 


There is a paradigm-shift taking place in the technical approach to information assurance 
and defensive information operations. The decades-old approach of resisting attacks and trying 
to keep all intruders out does not work in the new Internet age. Prevention and avoidance 
techniques must be augmented with fundamentally secure architectures that can tolerate mobile 
and malicious code, active content, distributed denial-of-service attacks, and insider threats. We 
must strive to make systems inherently more tolerant and resilient to attacks, malicious faults, 
and insider misuse and abuse. 


Fault-tolerance technologies have been successfully used to construct highly available and 
reliable systems for transportation and financial sectors as well as real-time control of plants, 
vehicles, and command and control systems. Such fault-tolerant systems have been designed to 
cope with naturally occurring faults and failures such as hardware component faults, design 
errors in software, and environmentally induced faults such as transients caused by lightning. 
Advanced research is needed to adapt these technologies for intentional faults and attacks 
mounted by a human adversary. Research is also needed in creating fundamentally new 
intrusion- and attack-tolerant systems that use and exploit design diversity, stealth, randomness, 
and uncertainty as built-in system attributes. 
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Investment in the following specific technologies is important to achieve the goals of 
survivable, fault-tolerant systems: 


Proof Carrying Code 

Secure Mobile Code Languages 

System Health Monitors/Tolerance Triggers 
Stealthy System Structures 

Dynamically Reconfigurable System Architectures 
Data Recovery Schemes 

Composability of Trust 

Design and Implementation Diversity 
Uncertainty, Randomness, Agility, and Deception 
Code Execution Real-Time Monitors 
Fragmentation, Redundancy, and Scattering 
Security Policy Specification 


High-Speed Encryption 


Over-the-network access, both to classified and unclassified-but-sensitive information, is of | 
critical importance, as the Global Information Grid becomes reality. The near-instantaneous | 
global access available once one is “inside” the protected network raises the issue of how to 
recover quickly from problems such as the loss of an encryption device. There is also the 
necessity to rapidly add or remove coalition partners from a network during international 
operations. 


For the DoD to conduct operations using the GIG, it must have the ability to almost 
instantaneously remove selected (compromised) users from the grid, while at the same time 
permitting the remaining users to continue to conduct their operations. Important pieces of this 
complex problem are being solved. The STU-III model was a start, but the supporting 
infrastructure does not scale to required levels. There are upgrades underway, but they are not of 
the scope necessary to address JV2020 requirements. 


At least three major technical challenges exist. First is the development of a high-speed 
encryption device that can scale to the 10 Gbps rate and beyond. A second challenge is to build 
an encryption device that is protocol-, algorithm-, and key-agile. This class of device is required 
if the GIG is to be interoperable with legacy devices and with coalition partners. The third 
challenge is to reduce the cost of the security functions and to integrate them into embedded 
capabilities that are transparent to the users. The more transparent the security functions are, the 
more they will be used and not bypassed in time of crisis. The DoD needs to work with vendors 
in the earliest stages of developments to integrate highly scaleable security into their products. 


Advanced Intrusion Detection/Monitoring 


Intrusion-detection technologies currently produce only moderately reliable results in simple 
environments, and even less-reliable results in complex environments. In terms of correlating 
and fusing information from distributed sensors in distributed attacks, what little technology 
exists is too immature to be useful. Intrusion-detection technologies are critically dependent on 
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monitored sensory data. However, with respect to what is monitored and the places from which 
the monitoring data are taken, little to nothing is known about either how to decide what should 
be measured, or how to determine the most effective placement of sensors in an operational 
environment. 


CONSEQUENCE MANAGEMENT 


Some network attacks will be successful, and DoD does not have adequate technology in 
place to address the consequences of the successful attacks. Even as we improve our ability to 
protect networks and systems from attacks, some attacks will be successful. When a successful 
attack occurs, we must have tools, techniques, and procedures in place to limit the consequences. 
The need to continue operations, even at a reduced level, is critical in military operations. 
Research is needed to improve our ability to address the impacts of successful attacks. Some of 
the areas that should be included in a research program are self-healing networks and systems, 
network isolation, integrity restoration, and recovery and reconstruction. 


DoD needs to fund research that will allow networks and systems to isolate attacks, 
gracefully degrade performance if necessary, and automatically heal themselves to a level that 
will allow users to be confident in using the networks and the information on the networks. 


Integrity Restoration 


DoD does not have a methodology for restoring integrity in its systems. If a user loses trust in 
a system, because of an attack (internal or external), or because of a perceived problem, there is a 
need to validate that the system is performing all functions accurately. Trust in a system can be 
lost as a result of bad data, natural events, degraded performance, fear of tampering, inconsistent 
data or decisions, or anything that causes the user to question the usefulness of the system. Tools 
and methodologies are needed to address system user questions such as: 


e Was something done to the system? 
e What was done to the system? 

e Is the system OK? 

e Is the data reliable? 


Only if the integrity of the network can be assured to the satisfaction of the user will the 
system be used as intended. 


Recovery and Reconstitution 


When a network or system is successfully attacked, there is a need to return it to a useable 
level of service and ensure that the same attack will not produce the same negative result. 
Recovery is the process of taking a system from an unacceptable level of performance to a 
minimum level. Reconstitution is the process of taking a system from the unacceptable or 
minimum level of performance and returning it to full performance. In addition, the reconstituted 
system should not be susceptible to fail in the same way from the same attack. The ability to 
recover and reconstitute a system will increase trust, improve protection against future attacks, 
and provide systems that have increased availability. 
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ATTRIBUTION 


Once it is determined that a network has been attacked, automated tools are necessary to 
understand exactly who initiated the attack. Attribution is essential to establish the attacker's 
motive and to determine an appropriate response. 


Observed and reported attacks against DoD computer networks are growing at a rapid rate. 
As better defense audit tools become available, the number of incident reports will most certainly 
increase. In general, it is impossible at present to determine the origin and intent of the incident 
originator. Such incidents could be the result of accidents, curiosity, thrill seeking, intelligence 
gathering, or deliberate attempts to damage DoD computer networks. The identification of the 
originator of the incident is one of the pieces of information necessary to scope the response. 
However, attribution tools are slow at best, are complicated by legal issues, and often fail to 
reach the masked identity of a skillful attacker. 


An extensive R&D program focused on attribution needs to be developed. This is an area 
where extensive civil, law enforcement, and DoD interaction is essential. Some suggested areas 
of research include those that follow. 


Message Signature Processing 


Advanced research is needed to develop algorithms that transform extremely high-bandwidth 
Internet traffic channels into near-real-time searchable signature spaces such that an attack can 
be quickly correlated against the passively collected signature stores at multiple nodes. Near- 
real-time correlation capabilities could narrow the potential set of attributable source points and 
facilitate rapid engagement of appropriate traps and traces. 


Active Code Beacons 


Attacks that rely on covert target responses could theoretically be co-opted by the infusion of 
active code beacons in the return traffic — beacons that would provide attribution information. 
Research is needed to develop this and other active attribution concepts. 


Identification Friend or Foe (IFF) tools 


Research in this area would determine if the Identification Friend or Foe concept could be 
extended to cyberspace to support authentication functions with minimal resource requirements. 
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CROSS-AREA RESEARCH 


There is a broad category of needed R&D that does not fit within the attack phases described 
earlier, but rather is common to most or all of them. Precisely because of this somewhat non- 
specific nature, there is much less research being conducted than necessary for the long-term 
health of the GIG and DoD's overall information infrastructure. In most cases, this R&D lacks a 
logical *ownership" — it often does not fall clearly within the responsibility of an organization or 
an industry, and as a result is insufficiently funded. 

Below we provide a list of what this Panel believes are the most important areas of research 
that cut across the attack timelines. Each is discussed in turn. 

1. Modeling and Simulation 
Theory of Vulnerabilities 
Interdependencies 
Broad-Based Fundamental Research 
GIG Research Coordination 


Ur me um po 


MODELING AND SIMULATION 


Progress in defending and protecting the GIG will require a far greater ability to model and 
simulate the performance of information infrastructures than we have today. Currently, much of 
today's modeling and simulation is based on ad hoc, relatively inaccurate techniques that are 
specially — and slowly — developed for each specific application. Advanced modeling and 
simulation techniques will be necessary to characterize and observe the behavior of networks and 
systems, especially under stressed conditions. Such capabilities will be essential to using an IA 
test bed effectively. A successfully executed R&D program should result in tools that accurately 
characterize a wide variety of information infrastructures. Even more advanced versions would 
allow a rapid, automated way of performing such modeling and simulation exercises. 


-— 


THEORY OF VULNERABILITIES 


Neither system administrators nor commanders can fully rely on today's vulnerability 
analyses, which are ad hoc, incomplete, unreliable, and unrepeatable. Although some ad hoc 
analyses can be useful, no theory or associated science exists whereby vulnerabilities can be 
systematically and completely discovered, assessed, and measured in terms of their effect on 
operational readiness. 


As has been pointed out in earlier studies, one of the most significant gaps in IA research is 
system-level security engineering, particularly in the area of system-level security architectures. 
System-level security engineering must be further supported by basic research in IA 
fundamentals, particularly in the areas of availability and integrity. 


INTERDEPENDENCIES 


To date there has been very little research into the interdependent effects that can accompany 
the interconnection of multiple infrastructures, both of the same general type and completely 
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different ones, e.g., the interdependencies between information networks and the electric power 
grid. The possibility of cascading and nonlinear effects from such interdependent systems is 
rhetorically acknowledged but little understood or studied. While responsibility for networks or 
other infrastructures is often easily identifiable, no organization has an institutional responsibility 
for interdependent effects. As networks and infrastructures become ever more tightly 
interconnected, the likelihood and magnitude of such effects will become greater. 


This research would seek to understand the nature and origin of interdependent effects and 
how they propagate between and among infrastructures of varying degrees of complexity. 
Feedback control theory, network analysis, advanced modeling techniques, and other disciplines 
would be used in conducting this research, which would seek to assess both intentional (hostile) 
attacks and naturally occurring instabilities (such as network “storms”). As research progressed, 
infrastructures with increasing numbers of nodes and interconnections would be studied. At 
some point, an IA test bed would become an invaluable tool for such analysis. 


This research program would seek to shed greater light on the mechanisms and modes of 
propagation of interdependent effects and suggest technical, management, and policy steps that 
could serve to both reduce the likelihood of these effects occurring and damp them out once they 
occur. 


BROAD-BASED FUNDAMENTAL RESEARCH 


There is relatively little fundamental research on information science, network theory, and 
network failure. In the private sector, the chief focus is on product development. Private-sector 
research rarely looks beyond a two-year time horizon. Government and academia have more of a 
charter to do this kind of research, yet they are not as attuned to needs as is the private sector. At 
an October 1999 meeting at the White House, the chief technology officers of 15 
telecommunications and information technology companies agreed that the private sector had 
little incentive to conduct such research, although they, along with academia and government, 
certainly had the necessary resources. 


GIG RESEARCH COORDINATION 


Management of IA R&D in DoD is fragmented and not focused to meet the rapidly changing 
threat environment. 


The recognition of the GIG as a weapon system calls for a different model for the planning 
and execution of an IA R&D program to support system implementation. A focused research 
program will involve academia, industry, and government researchers. Other findings in this 
report have identified areas where increased funding needs to be applied. This report also points 
out that the IA environment has changed significantly over the past four years and is likely to 
change rapidly in the coming years. Such rapid change requires that a flexible R&D plan be 
developed, one that maintains a balance between near- and long-term problems. 


The GIG Executive Office established by the Information Superiority Board (see 
Architecture Recommendation #1) will develop an R&D plan to execute the additional funding | 
recommended by the DSB. 
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e The plan will be developed in cooperation with the Under Secretary of Defense 
Acquisition, Technology and Logistics, the Assistant Secretary of Defense C3I, 
service laboratories and centers, and appropriate DoD agencies. 


e The Information Superiority Board will approve the plan. 


e The approved plan will be executed through existing DoD R&D activities (service 
laboratories and centers, and DoD agencies). 


In conjunction with increased research, there is a need to increase the number and quality of 
people available to conduct IA research. While progress has been made in IA R&D over the last | 
four years, the number of qualified researchers to conduct required research does not meet 
demand. There is a need to attract more students and faculty in IA research areas. Consistent 
funding levels and long-term commitments to specific technical thrusts are needed to have a 
significant impact on the academic community. Qualified researchers will not only allow for 
increased amounts of research to be performed, but it will also provide a talent pool for industry 
and government to reduce current projected hiring shortfalls. 


COSTS 


The Panel was briefed on existing DoD IA and related R&D programs, which were noted 
earlier. These programs are budgeted at about $350-400 million per year. Given the major role 
that the GIG will play in the decade ahead, this figure represents a serious underfunding of a 
critical defense requirement. The Panel's first compilation of R&D that would make a useful 
contribution to the IA challenge had a total five-year price tag of $3-5 billion. A program of this 
magnitude would not only be fiscally unaffordable, but it would also likely exhaust the human 
resources available to execute the program. Accordingly, the Panel prioritized the research 
options and developed three categories of IA R&D programs. | 


Category 1 R&D is of the highest priority and encompasses R&D that the Panel believes is 
the minimum that should be added to current efforts to improve the security of the GIG. This 
R&D category has a five-year estimated cost of $350 million. 


Category 2 R&D is intermediate in priority and is considered important to securing the GIG 
and providing a sustained basis on which to maintain GIG security well into the future. It has a 
five-year estimated cost of an additional $1.2 billion. 


Category 3 R&D is lower in priority but would make useful contributions to GIG security 
and would minimize chances of major vulnerability surprises to both the DoD-unique 
information infrastructures and the civilian information infrastructures that directly support DoD. 
It has a five-year estimated cost of an additional $2.7 billion. 
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These programs are presented below at their recommended funding levels at each level of 
funding: l 


Category 1 
$M) 


Category 2 
$(M) 


Category 3 
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Scaleable network architectures, sensing, 
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Malicious code detection and mitigation: 
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Self-healing networks and systems: 
Remediation, recovery, and 
reconstitution: 

Attribution, traceback, forensics, 
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Advanced IA modeling and simulation: 
Global key management and scalable 
global access control: 

Integrity restoration: 
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Metrics research: 

Interdependent effects: 

Advanced network sensors: 

Cyber intelligence tools: 

Mobile code security: 

Anomalous behavior detection: 
Fault-tolerant systems: 

High-speed encryption: 

Network fault management: 
Network isolation: 

Electronic friend or foe identification: 
Theory of vulnerabilities: 
Automated vulnerability assessment 


-— N 
© 
i " 
eit Jo CA 


[um 


00 


45 
75 
0 


ADM - load iad 
UiU[t 
Mi nian 


180 


N 


NIU 
nj Nj CA 


20 
20 


g 
iz 


p — 


me} OO NO] Go 


Advanced visualization tools: 
Advanced intrusion detection and 


Attack pattern discovery: 

Advanced biometrics research: 
Integration tools for coalition warfare: 
Research on related societal-issues: 
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CONCLUSIONS AND RECOMMENDATIONS 


The rapid advances in information technology and telecommunications have created a 
comparably accelerated need for a vigorous, sustained, and balanced program of information 
assurance R&D. This Panel emphasizes in the strongest possible terms that the IA R&D 
challenge will be dynamic, growing, and likely never-ending. There are several reasons for this: 

e Those who would wish to attack our information infrastructures will constantly be 

. developing new techniques to do so. 

e The rapid advances in information and communications technology mean that as the 

years pass, entirely new infrastructures embodying new technologies will emerge — 
and each will be accompanied by its own set of new vulnerabilities. 

e These new technologies will offer entirely new tools to those who would attack these 

systems. | 

e As both current trends and the dictates of complexity theory suggest, systems will 

become ever more tightly connected and coupled. This will provide new avenues for 
non-linear and interdependent effects to exhibit themselves, whether through attack or 
' just non-hostile information “storms.” 


The Department has been alert to the issues that the IT revolution poses to the composition of 
future forces. However, the Department is: 


e Not addressing its IA R&D personnel requirements with sufficient aggressiveness or 
creativity, which will likely lead to more serious problems in the next few years as 
more personnel leave the Department and fewer high-caliber R&D managers remain. 
Although this topic is addressed more extensively by another Panel report, we believe 
it is so fundamental that we also need to emphasize the finding. Education and 
training issues must be among the very first steps that the Department should take in 
this area. As urgent as other IA technology issues are that we discuss below, this issue 
is the highest priority in the technology area. Without enough qualified and well- 
trained technical people, virtually all of the issues in this field that the Department 

"faces will be made much worse. 


e Providing insufficient R&D funding to help ensure that the GIG, on which it is 
placing virtually complete reliance for all future operations, will be secure enough 
that decision-makers and field commanders will have confidence in the system. 


e Managing its current information assurance R&D in a fragmented way that is not 
sufficiently focused on the information assurance requirements of the GIG. The 
Department is strongly committed to the Global Information Grid. This commitment 
requires that those responsible for building and managing the GIG must implement a 
more robust IÀ R&D program to assure GIG security in the future. 


While the Department's information assurance capabilities are today increasing with time, its 
dependence upon its information infrastructure is increasing even faster. Unless the Department 
moves aggressively to address its IA R&D issues, the vulnerability gap will definitely increase. 
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To strengthen information assurance, the Panel recommends changes to DoD R&D management. 
Specifically it suggests the following: 


e Establishing an information assurance R&D office within OSD that reports to the GIG 
architect. 


e Providing funding of IA R&D above the current baseline to this IA R&D office. The 
actual R&D should then be executed through DARPA, NSA and the service 
laboratories. Over time, we believe that much of the existing baseline R&D should 
be shifted to the IA R&D office. 


e Providing the IA R&D office with the flexibility to shift some level of funding to 
meet rapidly emerging threats and vulnerabilities. 


Finally, it must be emphasized that these technologies will require new investment. Moving 
resources from minimally-funded protection activities to network restoration activities will not 
result in an acceptable solution to either problem. Establishing a new milestone of consequence 
management calls for additional funding. Since the commercial world has largely ignored this 
issue, solutions will have to start with a vigorous DoD R&D program. This Panel believes that 
the minimum R&D investment that should be added to current efforts to improve the overall 
security of the GIG is $350 million over five years— about twice the level of funding today. 
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EXECUTIVE SUMMARY 


Although the Department of Defense (DoD) has responded to most of the recommendations 
of the 1996 Defense Science Board (DSB) report!, progress has been hampered by an incomplete 
policy framework, insufficient funding, and, most significantly, the fact that the Defensive 
Information Operations (DIO) challenge has grown more difficult. The goalposts have been 
moved during the play. The entire DIO landscape continues to be populated with conflicting 
definitions and policies, unclear roles and responsibilities, and apparent competition among the 
information operations, information assurance, and critical infrastructure protection (IO/IA/CIP) 
policy focus areas. The General Accounting Office aug DoD Inspector General's office, in 
several reports? issued since the 1996 DSB report? , have identified persistent policy and 
resource issues associated with IA implementation. The National Security Telecommunications 
and Information Systems Security Committee (NSTISSC) raised the same concern in its Ninth 
Assessment of the Information Security Status of Government Systems.’ The Organization and 
Operations Panel recommends improving this situation by declaring a moratorium on changes to 
existing IO/IA/CIP-related definitions, while progressing toward agreement on definitions for 
terms used in common by the DoD and intelligence community, but for which agreed definitions 
do not now exist. Simultaneously, the panel recommends that specific service- and agency-level 
policy documents be prepared as required to locally implement aspects of policy established at 
the Secretary of Defense/Office of the Secretary of Defense (SecDef/OSD) and/or Chairman of 
the Joint Chiefs of Staff (CICS) level. The panel recommends the Network Operations 
(NETOPS) framework be adopted throughout DoD, with Commanders-in-Chief (CINCs), 
services and agencies collocating their network management and IA/computer network defense 
operations in the same center. The panel further recommends that the U.S. Space Command be 
authorized to establish a DoD-wide DIO threat detection and warning capability, using the 
modified GIG as a technology baseline. This capability should include a feed to the National 
Operations and Intelligence Watch Officer Network (NOIWON) system. The panel also 
recommends that a Defense Science Board study be commissioned to specifically address 
information-attack (cyber) indications and warning. 


The panel recognizes that few of the needed improvements cited in this report will come free 
of cost. However, seen against the value of the underlying equities, the resource requirements 
identified are small. More to the point, the panel recognizes that military operations and national 
security, writ large, cannot be successfully prosecuted in the information age without heavy 
reliance on networked information technologies in public and private hands. Military operations 
and national security activities must acknowledge and plan for the unintended consequences of 
commercial infrastructure interdependencies, and networked information technologies must be 
ever more secure, reliable, and available to meet the full range of foreseeable scenarios and 


! Defense Science Board, Information Warfare-Defense 1996. 

? GAO/AIMD-96-84, GAO/AIMD-98-92, GAO/AIMD-99-107, GAO/NSIAO-00-107; DoD IG Reports 99-069, D-2000-058, 
D-2000-124. 

* Defense Science Board Report, IW-D 1996. 

^  NSTISSC Report, Feb 2001 (draft). 
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contingencies. There is simply no other option. The panel recommends that DoD develop a DIO 
funding strategy and profile, establishing priorities where sufficient funding does not exist; 
continue to conduct front end assessments (FEA) to shape DIO issues for program and budget 
decisions; establish a program element (PE) structure for all DIO resources; require mandatory 
migration of all DoD DIO resources into the new PE structure; address DIO requirements in the 
Joint Requirements Oversight Council (JROC) (CINC/Service participation); and establish 
program funding support for DIO requirements. Fully staffed requirements and Planning 
Program and Budgeting System (PPBS) visibility of all information assurance activities, 
especially the services' execution of Title X "staff, equip, and train" responsibilities, will greatly 
assist the U.S. Space Command in planning and executing its more focused and limited 
operational missions of computer network defense and computer network attack. 


The "human face" of DIO is seen through qualitative and quantitative assessment of 
personnel — military, civilian and contractors — engaged in critical information-protection 
functions. The panel has identified serious deficiencies in each of these areas, while recognizing 
that the primary threat to total system security takes the form of trusted — but untrustworthy — 
insiders. Absent a broad based and sustained effort in the areas of hiring, training, retention, and 
security, all progress and expense associated with DIO hardware and policy could be for naught. 
The panel recommends DoD provide recruitment, retention, and proficiency pay for critical DIO 
skills (authorities exist to do this); develop formal career paths for DIO officer, enlisted, and 
civilian personnel; develop an outsourcing strategy to complement DoD key DIO resource needs; 
establish policy to develop and implement formal education training and awareness (ETA) 
programs for DIO; and require contractor personnel performing outsourced DIO functions to 
meet ETA criteria required for government employees. Furthermore, the panel recommends that 
the department strengthen and expand the role of the Reserve Component in DIO by 
implementing the Reserve Component Study and the DSB Task Force on Human Resources 
Strategy Study recommendations. 


The panel focused primarily on the operational readiness aspects of DIO given its belief that 
Joint Vision 2020 cannot be achieved without assured access to information. While topics such 
as policy, personnel, and resourcing are closely related matters of concern, the readiness of joint 
forces to protect their access to superior information is the prime consideration. Readiness itself 
can be dissected into issues of metrics, the adequacy and currency of doctrine, rules of 
engagement, etc. Supporting processes such as red teaming, while addressed in the 1996 DSB 
report, have not progressed satisfactorily, and existing efforts fall far short of visible needs in this 
area. The panel recommends DIO be integrated into all operational mission planning to better 
assure information superiority; DIO be incorporated into formal readiness reporting mechanisms 
to better measure unit readiness; DIO red teams be formalized and empowered throughout the 
DoD to stress and evaluate readiness; and computer emergency or incident response teams 
(CERTs/CIRTs) be established and supported in the department to provide standard alerting and 
emergency response procedures. 


The point is made in the Policy section of the DSB DIO report that national-level policies are 
deficient in this area. At the same time, policy discontinuities exist both internally in DoD and 
between DoD and other components of government necessarily engaged in total governmental 
DIO efforts. Issues of concern in their own right, these unresolved policy debates also stymie 
efforts to achieve much-needed progress in areas of resource management and training. 
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INTRODUCTION 


The Organization and Operations Panel met between January and August 2000 to review 
DoD policy, military readiness, organization, training, and resources, and the relationship of each 
to DIO. Its charter was to examine how the department is organized to execute DIO missions and 
maintain its readiness for DIO operations. 


In the course of conducting this assessment, the Organization and Operations Panel met as a 
group, received briefings, and considered topics related to its mission, while also participating in 
task force-wide meetings and discussions. This approach permitted division of effort to focus on 
the categories of activity listed below. At the same time, it also facilitated identification of 
cooperative associations between and among issues. An example of the latter would be the 
relationship between structured readiness reporting by operational units and special-purpose 
units such as Red Teams. Readiness is measured against defined standards. Red Teams have 
specific criteria that they operate against which may or may not address those standards, but are 
a test against a stated level of readiness.], engaged in the level of readiness against defined 
standards. To provide some background support for proposed recommendations, the 
Organization and Operations Panel sponsored a DoD questionnaire about Information Assurance 
(IA) ‘activities to solicit input on issues of concern to the DIO Task Force. The questionnaire 
results, analysis, and conclusions are provided in Appendix D to this Annex. 


The Organization and Operations Panel identified four major categories of findings related to 
the DoD's execution of the IA/CND/DIO mission areas. These findings are supported by the 
survey results and are organized into the focus areas enumerated in Figure 1. Discussion of the 
panel's findings and recommendations follows. 


Organizational Policy 
1.1 Policy and Definitions 
1.2 Organizational Roles, Missions, Responsibility Confusion 
1.3 Collocation of Network Management and Computer Network Defense Operations 
1.4. Threat Warning and Attribution; Indications and Warning 
Resources and Management 
2.1 DIO funding throughout DoD 
2.2 Program Element Structure 
Personnel Issues 
3.1 Career Path Management 
3.2 Education and Training 
3.3 Know Your Insider 
3.4 Reserve Component 
| . Operational Readiness 
4.1 Integration of DIO into mission planning and execution 
| 4.2 Readiness Assessments, Reporting, and Metrics 
43 Red Teams 
4.4 Computer Emergency Response Teams 


Figure 1 - Organization and Operations Panel Focus Areas 
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I. ORGANIZATION AND OPERATIONS POLICY 


A. Policy and Definitions (Internal to DoD and the Intelligence Community) 


FINDINGS: Conflicting definitions and usage related to IO, IA, and CIP within the DoD and 
Intelligence Community (IC) causes resource and equity fights within the national security 
community and inhibits progress in resource management, training, and other important areas. 


DISCUSSION: This problem exists on several levels. Some DoD/IC definitions and terms are 
not fungible across government and/or acceptable within the civil sector working cooperatively 
with government on critical infrastructure protection; those issues and recommendations are 
found elsewhere in this report. 


Traditionally, the Defense Department and intelligence community have worked closely and 
cooperatively on many issues of great importance to national security. DIO is another issue 
requiring close inter-working, given the importance of the mission and clear need each. 
organization has for the other in this still-new area. However, in fact, the two are divided by 
definitional gridlocks that are sometimes subtly nuanced, but behind which lie equity and 
resource stakes considered important by one or both parties. Some progress has been made in 
these areas, but many important terms and understandings remain unresolved at present. 


Authenticity Taxonomy Delta Process 


Integrity wability | IT-Based: Systems 
Confidentiality AYIMRDIUDY . Pan Assets 


Non-Repudiation * Systems 
* Asset 


"Content" "Means" 
(Cyber focus) (Physical focus) 


Figure 2 - OSD-Internal Taxonomy Differences: A Case In Point (IA vs. CIP) 


At another level, the newness of IO, IA, and CIP within DoD has resulted in tremendous 
acceleration of the normal evolution of thinking on matters of doctrine, policy, organization, 
roles and missions, and resource priorities. The frequency with which proposed new approaches 
to basic definitions and organizational associations have been framed and put forward is matched 
only by the vehemence of the partisan advocacy for or against any such suggested refinement in 
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operational procedures or capabilities. If permitted to continue unchecked, the resultant 
continuous “churning” of the size, shape, and ownership of IO and/or its underlying parts, 
including IA/CIP/DIO, would significantly handicap broader efforts to inculcate awareness and 
support for this field within the total force. 


Several of the most important aspects of a total DIO management and capability structure are 
dependent on a relatively stable set of definitions. For example, the goal of providing senior 
decision makers with the ability to sense, manage and defend “DIO resources" in the aggregate 
is clearly dependent on a stable understanding of exactly what is included in DIO and what is 
excluded Reports that have reached the task force that some resource holders have cynically 
“redefined” IO to include or exclude certain resources on a case basis are particularly disturbing 
in this regard. 


Training is another area very dependent on a clear and common understanding of basic facts 
regarding definition, doctrine, authority, and thus roles and missions. Trainees — whether 
executives or entry-level personnel — all require the benefits of a broadly-based, rigorous, and 
progressive DIO education, training, and awareness program, as discussed elsewhere in this 
section of the report. All of them must hope that what they learn will remain valid for some 
useful period of time. 


In order to assess policy for DIO, the panel created a matrix identifying public law, executive 
orders, national security decision directives, and DoD and other issuances. This matrix is found 
at Appendix C of this Annex. The extent of the matrix supports the panel's finding that policy 
formulation and thought development in this area has been both recent and intensive. The panel 
identified some ninety-five (95) policy documents related to this topic, with fully 39% of them 
having been authored or updated within the past three years. 


> ihe ee eta Foo TS 
Public Law & Executive Branch 
Issuances 24 

3, 


DoD Issuances | | 50 


Joint, Agency & NSTISSC 
Issuances — - 


TOTAL 


Figure 3 - DIO Policy Assessment 


RECOMMENDATIONS: 


e Deputy Secretary of Defense (DepSecDef) declare a two-year moratorium, effective 
immediately, on changes to any IO/IA/CIP definitions reflected in joint documents 
(DoD DIR 3600.1, JP 3-13, etc.). Services and agencies should use this time to 
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prepare and publish component-level policy documents as required to implement 
aspects of policy established at the SecDef/OSD and/or CJCS level. 


e Leadership of the Bilateral IO Steering Group (BIOSG) Under Secretary of Defense 
(Policy) (USD(P) and Director, Intelligence Community Management staff) agree to 
establish, within one year, common/agreed definitions for IO/IA/CIP terms not now 
resolved in joint documents. 


e  BIOSG develop and distribute, at the end of the one-year period of resolution, a 
common lexicon as an aid to facilitating government-wide IO-related definitional 
commonality. 


Time: To be implemented by October 2001 


Estimated cost of implementation: Minimal other than administrative costs. 


B. Organizational Roles, Missions, Responsibility Confusion 


FINDINGS: 


e Roles, missions, and responsibilities of organizations in DIO conflict and frequently 
overlap (unclear/inconsistent chains of command). 


e Concepts of Operations (CONOPS) for DIO mission execution are immature or do 
not exist. 


e Where mission assignments have been made, lack of resources inhibits execution 
(e.g., USSPACECOM, JPO-STC). 


DISCUSSION: 


IO SUPPORT 


NIAC 
PARTNERSHIP FOR CIP 
ISAC’s 


INCIL. 
INTELLIGENCE COMMUNITY 


Figure 4 - IO/IA/CIP Organizational Relationships 


As the concept of DIO has evolved and matured, concerns have been raised about the 
appropriate roles, missions, and responsibilities of the CINCs, Services, and Agencies in this 
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area. Recent-real world events and exercises have illustrated that clarification of who is 
responsible for what activities in DIO is essential. In response, the DoD established the Joint 
Task Force-Computer Network Defense (JTF-CND) and its component activities in 1998, along 
with a number of other activities and commands within the military Services to carry out those 
operational activities deemed necessary for this new mission area. Unfortunately, none of this 
activity was accompanied by clear policy on who was supposed to do what. Existing policy does 
not address this mission area, and extrapolation of existing policy has resulted in inconsistent 
interpretations of roles, missions, and responsibilities across the DoD, as illustrated in Figure 4, 
above. The department has conducted a number of studies, front end-assessments, and working 
groups to clarify the issue, but guidance in this area has fallen behind reality. Additionally, where 
these new missions have been taken on, funding and manpower have been taken out of hide and 
are inadequate to accomplish what is required. Even where specific responsibilities have been 
tasked, inadequate resources have hampered the activities’ abilities to accomplish taskings. 
Specific examples of this lack of funding include the Defense-wide Information Assurance 
Program (DIAP), the JTF-CND, and the Joint Program Office for Special Technology 
Countermeasures (JPO-STC). None of the activities listed has been funded or staffed 
appropriately to accomplish its assigned mission. 


Another problem arising out of unclear roles, missions, and responsibilities is the distinction 
between the entirety of DIO, IA, and CND. DIO, as defined in DoD directives and joint 
publications, includes all activities within IA and some additional activities. CND is an activity 
within DIO, but is not IA. The relationships among these activities are illustrated in Figure 5, 


below. 


. International 
Public information 
- Public Diplomacy 
- Public Affairs 
» international 
Military 
"information 


sical 51 


Figure 5 - Information Operations Problem Space 


The problem these overlaps in responsibility present is that organizations performing these 
activities can and do conflict over who is responsible for accomplishing what activity. An 
example is JTF-CND. Its mission is specifically CND, yet it is not clear what IA responsibilities 
may or not be included in that mission. 


The lack of clarity in roles, missions, and responsibilities has also affected those 
organizations responsible for carrying out Critical Infrastructure Protection (CIP) activities or 
homeland defense activities and their relationship to the DIO organizations. Two examples 
illustrate the problem: (1) the existence of the CIP and DIAP as separate entities within 
ASD(C3I and (2) the responsibility of USSPACECOM for Computer Network Defense 
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(CND)(these are titles and should be capitalized) as opposed to the responsibility of USJFCOM 
for Homeland Defense when there is a computer network attack against the homeland. 


RECOMMENDATIONS: 


e SecDef and CICS clearly define roles, missions, and responsibilities of organizations 
tasked with DIO functions, including clarifying chains of command and relationships 
with other organizations. 


e When tasking organizations to perform these additional functions, resources should 
be provided, along with priorities of execution of missions. 


Time: To be implemented by October 2001 


Estimated cost of implementation: Minimal for definitions. Resources for tasking 
addressed in separate recommendation. 


C. Collocation of Network Management and Computer Network Security 


FINDINGS: DoD does not universally collocate its Network Operations Centers with 
information assurance (IA)/computer network defense (CND) activities. 


OBSERVATIONS: Significant operations and security synergy is being realized by the 
collocation of the DISA Global Network Operations and Security Center (GNOSC) and the Joint 
Task Force for Computer Network Defense (JTF-CND). The United States Marine Corps 
(USMC) Network Operations Center at Quantico Marine Corps Base (MCB) is an outstanding 
example of the efficiencies, security control, and responsiveness that can be provided by 
collocated network management and IA/CND operations. 


USSPACECOM’s recent efforts to establish the first Theater C4 Coordination Center 
(TCCC) with similar potential network operations and network security functionality is a 
convincing case for similar organizations being established at each CINC headquarters. - 


The Navy, Air Force, Army, and most agencies do not collocate their network management 
and security operations. 


The Joint Staff Vice J6 briefed the DSB stressing the criticality of realizing NETOPS for the 
actual operations of the Global Information Grid (GIG). 


The DSB was not briefed on, nor is aware of, any DoD initiative to establish an alternate 
JTF-CND location should the current DISA location be unable to support GNOSC/JTF-CND 
operations. 


The DSB is convinced the NETOPS concept proposed as part of the GIG vision has 
significant merit and should be adopted throughout DoD — specifically, the collocation of 
network management and IA/computer network defense operations in the same center. 


BACKGROUND: The operation of the network, or NETOPS, is the primary means of | 
operating the GIG. NETOPS meets these needs by means of the standardized organizational and 
operational integration of three functions: network management, information assurance, and 
information dissemination management (IDM) (these are all usually referred to as titles). 
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Network management provides visibility of extent and intensity of activity, traffic load, and 
throughput potential. Network management will enable dynamic rerouting based on priority, 
system status, and capacity. The effects of disruptions and intrusions will be minimized through 
allocation of traffic to unaffected available network paths. Network management will also allow 
the rapid reconfiguration of networks in order to isolate an incident (e.g., malicious code) to a 
specific location. 


- JA is focused on protecting information and information systems. IA provides the organized, 
manned, trained, and equipped workforce to guard and secure information and information 
systems. IA incorporates protection, detection, deterrence, and defense capabilities and processes 
to shield and preserve information and information systems. 


e CINCS, Services, and Agencies take appropriate action to collocate their Network 
Operations Centers with their comparable IA/Computer Network Defense operations. 


e DISA and JTF-CND, in conjunction with U.S. Commander in Chief Space Command 
(USCINCSPACE), determine the optimum alternate location for collocated GNOSC 
and JTF-CND missions should the current DISA location become combat 
ineffective.. 


Time: To be implemented by 1 October 2002 
Estimated cost of implementation: $10-25M over the FYDP 


D. Threat Warning and Attribution, “Indications & Warning” 


FINDINGS: Recommended improvements in GIG architecture and security provide a . 
technology baseline to permit creation of a tactical time-sensitive, information-attack, warning 
sensor grid. Such a network would also support goals of assigning attacker attribution 
confidently and rapidly. Any plan to achieve this outcome would span the domains of policy, 
law, technology, and organization, and would require actions in several sectors of government, 
as well as private industry. 


DISCUSSION: The recommended actions to secure the GIG architecture, taken together, have 
the effect of "raising the bar" of protection for DoD information infrastructures. At the same 
time, however, the panel acknowledges that at least some attacks will succeed in penetrating the 
security of the GIG. In all cases, there is a need and value in understanding that someone is 
trying to penetrate and degrade the GIG, even if the attack is not entirely successful. The ability 
to rapidly, reliably, and confidently identify, characterize, and attribute information attacks 
against the GIG — and thus, against the nation — is a major national security requirement in the 
information age. 


The recommendations in this report that are related to technology can all be accomplished 
within the authority of the Secretary of Defense. However, as noted elsewhere in this report, 
issues related to timely sharing and use of information-attack data are currently unresolved in 
policy, as they relate to various equities of the federal government. If the scope of interest is 
expanded to include the extensive commercial infrastructures upon which critical DoD processes 
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and missions depend, the problem becomes not merely one of policy but also of law, culture, and 
public sentiment. 


If one may presume the availability of timely sensory inputs from GIG-derived sources as a 
minimum, along with commercial inputs, what remains is to identify the physical and 
organizational focal point(s) for conduct of an information-attack indications and warning 
mission, associated personnel requirements, and the chartered authorities and responsibilities 
those watch-standers would have, including interfaces with larger, classic governmental warning 
structures. 


The I&W Process: Indications and Warning (I&W) is conducted today within a policy 
framework that assigns roles and responsibilities to a distributed set of organizations throughout 
the Defense Department and the Intelligence Community. 


This structure is well designed to act upon the availability of credible and coherent data, 
permitting it to "ring the bell," rapidly engaging various authorities to respond as appropriate. 
However, the problem in the case of information attack is that at present and heretofore, there 
has been no structured sensory network to reliably provide timely data on which to act. 


Precedent may be found in the North American Air (later, Aerospace) Defense Command 
(NORAD). NORAD is predicated upon an architecture of sensors, reporting links, and analytic 
nodes, supported by appropriate authorities and focused on a single — but very large, complex, 
and important — mission: the air defense of the North American continent. The output of the 
NORAD system is an input into the dissemination architecture displayed and described above. 


IMPLEMENTATION: The panel sees the “NORAD model” as a potentially promising 
approach to information-attack detection, analysis, and warning. Using the upgraded and 
modified GIG as a sensory baseline, relatively minor modification to the U.S. Space Command's 
current Computer Network Defense charter and responsibilities would permit identification of an 
organizational focal point for information-attack threat detection and attack warning within the 
joint military command structure, feeding the existing NOIWON process as discussed above. 


Having established a baseline DoD-internal capability in technology, policy, and 
organization, the next step will be to expand the information-attack I&W process across the 
federal government, with the goal a truly national information-protection regime. The 
information-sharing and trust issues related to this objective are readily acknowledged to be 
serious and complex, and will have to be addressed [or “treated as such”? treated as such will 
work] throughout the federal government and across the government-civil interface. The panel 
immediately acknowledges that the required degree of cooperation is only achievable within a 
process including extensive discussion and negotiation with private stakeholders; legislative and 
policy initiative; and continued technological effort, all of which must occur over time. There is 
cause to be hopeful, however, as the panel has noted the progress being made by such 
organizations as the National Security Telecommunications Advisory Committee, the 
Partnership for Critical Infrastructure Security, and other organizations. No specific date targets 
are established by this panel for the creation of an information-attack I&W regime of national 
dimensions. However, the requirement is embraced and the vision is put forward, with hope that 
future study groups and scholars will continue to add specificity and support to this vital 
initiative in the national interest. 
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RECOMMENDATIONS: 


e SecDef modify the Unified Command Plan as necessary to authorize Commander in 
Chief, U.S. Space Command (USCINCSPACE) to establish a DoD-wide DIO threat 
detection and warning capability, using the modified GIG as a technology baseline. 


e USCINCSPACE develop the required capability as a feed to the NOIWON system. 


.*« USD (AT&L) commission a Defense Science Board study to specifically address 
information-attack indications & warning and make detailed recommendations for 
implementation of such a program. 


Time: Initiate implementation by 1 Oct 2002 and reach Full Operational Capability 
(FOC) by October 2006. 


Estimated cost of implementation: $150M over the FYDP. 


H. RESOURCES 


Despite all of the rhetoric and press coverage associated with the threats to and 
vulnerabilities associated with critical infrastructures, there is scant evidence that the Department 
has allocated sufficient resources--dollars, people, and leadership--to defensive information 
operations. The Report of the President's Commission on Critical Infrastructure Protection? and 
the National Intelligence Estimate on Information Warfare® both highlighted the growing 
vulnerabilities to our networks and the evidence that both nation-states and transnational groups 
are aware of the vulnerabilities and are seeking ways to exploit them asymmetrically. No nation 
on earth, and certainly no transnational group, can match the U.S. military “bomb-for-bomb” and 
“bullet-for-bullet”; however, several have the capacity, and apparently the intent, to develop 
capabilities that can affect our ability to plan and conduct military operations and that touch the 
lives of ordinary Americans in ways that are physically and economically dangerous. The 
physical sanctuary that the American people and their military have long enjoyed does not exist 
in the information age. l 


A. DIO Funding Throughout DoD 


FINDING: The Department has not sufficiently funded protection of its networks and DIO 
programs. Of particular concern is the Sensitive- but-Unclassified (SBU) information critical to 
JV 2020. For example: 

e Exploding SBU network infrastructures are at risk while pressure increases for more 

interconnectivity between various security domains and public domains. 


e Network interconnectivity in and of itself is causing DoD to invest in non-traditional 
security initiatives to provide information integrity, electronic identification and 
authentication, non-repudiation, and availability over and above traditionally funded 
legacy confidentiality (i.e. Communications Security (COMSEC)) programs 


5  PCCIP Report, Oct 1997. 
NIE for IW, mmm yyyy. 
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e The Insider threat is largely ignored, raising trust issues with both SBU and classified 
networks. 


e The looming COMSEC modernization bill to replace aging infrastructure will add 
further strain on commitment to the SBU problem. 


DISCUSSION: In 1996, the DSB recommended funding levels to address deficiencies 
identified in the Department's DIO budget. Since that time, the funding levels for DIO have 
increased only slightly in relative dollars, but the requirements and the situation regarding DIO 
have changed significantly In 1996, funding was primarily for classified systems. 
Subsequently, the Department has realized that its unclassified systems and networks that 
process sensitive and mission-critical information require protection, but the requirements in this 
arena have far outstripped the funding available [pick one] to address the problem. Although it 
may look to the uninformed observer that funding has increased slightly, the reality is that the 
problem has grown much more comprehensive in scope and funding has failed to keep up with 
requirements. The result is unfunded mandates and the robbing of critical long-term programs to 
pay for immediate short-term concerns. 


Exacerbating the situation, the DoD has yet to articulate a clear strategy for funding and 
implementing DIO. There are documents that describe some pieces of a strategy (DoD Chief 
Information Officer Information Technology Management Strategy? and the Global Information 
Grid?, but they are incomplete and/or immature and insufficiently detailed to provide a clear 
picture of the DoD's priorities in this arena. The result of this lack of strategy has been an 
inconsistent DIO funding profile across the Department, with components making internal 
decisions about what they can afford regardless of the impact on the overall needs of the DoD. In 
a shared risk environment, this inconsistent implementation of DIO requirements results in | 
uneven levels of assurance, increasing the risk to all. The lack of an overall strategy, coupled 
with outdated, incomplete policy, also makes it difficult for the components, and therefore the 
DoD as an organization, to justify the increased funding levels that they need to address the 
requirements. 


i 


?  DIAP PDIT Brief of 14 Jul 2000 
* DoD DIO ITM Strategy, Oct 1999) 
DoD CIO P&GM No. 6-8510, 16 Jun 2000. 
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RECOMMENDATIONS: 


OSD should direct the following actions: 
e ASD(C3D): Develop DIO funding strategy and profile, establishing priorities where 
sufficient funding does not exist. 


e Conduct front end assessments (FEA) in February 2001 to shape issues for the 
summer program reviews (PRG) of the 03-08 POMs: 


- DIO Research & Development (R&D) investment: Under Secretary of | 
Defense for Acquisition, Technology & Logistics (USD (AT&L)) lead, 

- COMSEC Modernization: ASD(C3D lead, 

- CND investment: USCINCSPACE lead, 

- GIG implementation investment: ASD(C3D, AT&L, J6 co-leads, and 

- Training/personnel investment: USD(P&R), ASD(C3TI) co-leads. 


Time: To be implemented by 1 October 2001 
Estimated cost of implementation: $250K contract support to FEAs 


B. Program Element Structure 


FINDINGS: The curent DoD DIO resource management structure hampers effective 
oversight and executive review. 


DISCUSSION: Numerous efforts over the years have attempted to capture, categorize, and 
manage DIO resources with little success. In the past, DoD captured the bulk of the costs 
associated with protecting IT resources within its Information Systems Security Program (ISSP). 
While this program accounted for the bulk of the Department's information security investment, 
the program does not cover the following information security costs: 

e Costs embedded within acquisition programs/initiatives 


e Intelligence Community (IC) costs 

e Costs within the operating support funds for base/camp/post/stations 
e DoD law enforcement (cyber-crime activities) costs 

e DARPA information security research programs 


e The information security programs of those Agencies not part of the ISSP program 
(all agencies other than NSA and DISA) 


The Defense-wide Information Assurance Program (DIAP) was tasked with the 
responsibility to provide “oversight, coordination, and integration of the Department's IA 
resource programs." The DIAP has spent the three years since its inception trying to 


10 OASD(C31) Memo, 12 Feb 1999. 
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understand what is and is not included in the ISSP, where additional DIO expenditures within the 
Department may exist, and how to gain sufficient visibility into these expenditures. The 
objectives of these efforts have been to understand the scope of the DIO funding and where 
deficiencies may exist, to provide DoD leadership with the ability to make informed decisions 
concerning funding. A briefing was given to the DSB DIO Task Force that presented the results 
of that work (Annex E). It was apparent however, that visibility into DoD components’ budgets 
to determine IA expenditures is still incomplete and the current PE structure does little to correct 
the problem. The panel’s conclusion is that without a Program Element (PE) structure, the 
ability to accomplish effective management of the DoD's funding resources for DIO will 
continued to be hampered by lack of visibility. 


There are, however, potential negative repercussions that could result from this PE structure 
and the resulting increase in visibility. The most significant of these repercussions is that DoD 
components may continue to "hide" DIO expenditures in other funding lines to ensure that they: 
retain flexibility to reallocate internally as conditions dictate. Ensuring that the components 
retain overall control of their funds, with the understanding that they may receive tasking 
requirements that they will have to fund somehow, may reduce this activity. Additionally, DoD 
leadership should refrain from taxing the components' DIO resources during the next Future 
Year Defense Plan (FYDP) while this key information superiority area is undergoing critical and 
extensive change. In return, the components need to be honest about the risk management 
decisions they have made about what to fund and what not to fund and where shortfalls may 
exist. With that information, DoD has a better chance of justifying additional resources where 
shortfalls exist. 


In addition to establishing a PE structure, DoD needs to ensure that DIO requirements, where 
appropriate, are vetted and approved through the formal requirements processes. The absence of 
this step has resulted in unclear priorities on programs and funding, leaving the components to 
make arbitrary decisions about what they can afford to fund. By vetting through the formal 
requirements processes, the DIO requirements are both documented and justified, allowing the 
CINCs who have a major role to play in the actual execution of the DIO mission to have a voice 
in funding priorities that they currently do not have. Additionally, once the requirements are 
formally documented, components responsible for funding can be held accountable for decisions 
made contrary to that requirement — something that is impossible to do under the current 
situation. 


RECOMMENDATIONS: 


Director, Program Analysis and Evaluation(PA&E), in concert with ASD(C3D), should effect 
the following: 
e Establish a program element (PE) structure for all DIO resources 


e Require mandatory migration of all DoD DIO resources into new PE structure 


Address DIO requirements in the JROC (CINC/Service participation) 


Establish program funding support for DIO requirements 
Time: To be implemented by 1 October 2002 
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Estimated cost of implementation: Total IA budget for DoD should be around $3B/year, an 
increase of about $1.4B over the current documented funding. 


IIl. PERSONNEL 


A. Find and Keep the IT Talent 


FINDINGS: The DoD shortage of IT professionals is serious and growing. 


DISCUSSION: The complexities of solving the DoD shortage of IT professionals, when 
viewed in the larger context of the private sector, are serious. Shortages in the supply of IT 
professionals are not confined to the DoD — they exist for other federal agencies, nationally and 
globally. More than one million information technology jobs are vacant around the world and the 
number is likely to increase. By 2002, there will be 850,000 vacancies in the United States and 
more than one million in Europe. 


Recruiting is difficult when colleges and universities are only producing enough IT graduates 
to fill half of the growing annual requirement. Several U.S. companies have begun recruiting 
foreign nationals to fill their IT jobs. Under the H-1B non-immigrant category of U.S. 
immigration law, U.S. employers may sponsor 65,000 professional foreign nationals each year. 
to The turnover rate among IT professionals in the private sector is 30%, five times the rate for 
the private sector as a whole. The private sector is, therefore, providing a number of incentives to 
combat these shortages. 


The Department's ability to compete with the private sector in the area of compensation is 
limited by personnel practices and guidelines, and by law, in the case of military personnel. The 
private sector is able to react quickly to any substantive compensation change made in the 
government, making it difficult to maintain comparability in pay and benefits.], There are a few 
government authorities that offer limited relief. 


The Office of Personnel Management (OPM) authorized specific flexibilities for civilian 
personnel to help address the government-wide recruiting and retention problems facing 
managers. A recent Integrated Process Team (PT) within DoD revealed that few of these 
flexibilities are being used within the Department. Many reasons can be given for this 
situation, including an unwillingness to differentiate between civilian employees on different 
types of pay scales, but the most significant reason is lack of funding. As the DoD has sought to 
reduce its size, the funding for personnel and personnel incentives has also suffered. Instead of 
targeting reductions to functions that are no longer needed, most activities have taken percentage 
reductions across the board, exacerbating shortages for key skills. 


On the military side, the Services have recognized the need for key IT skills and have begun 
targeting recruiting and retention bonuses to encourage individuals to remain on active duty. 
Although these bonuses cannot compare with those offered by the civilian community, they are a 
tacit recognition of the pay discrepancies. Additionally, other incentives, such as choice-of-duty 
assignments and DoD schools are used to entice military personnel to remain. 


1 “OPM Report, Nov 1998. 
12 ^ [A/IT HR IPT Report, 27 Aug 1999. 
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Even with adequate incentives, there will be insufficient personnel with specific technical 
skills available for DoD. This means that a realistic approach to solving the problem must 
consider outsourcing as an alternative. This approach was explored in some detail by a separate 
Defense Science Board Task Force on Human Resources Strategy. This DSB recommended 
pursuing military and DoD civilian tasks only on those tasks essential to the business of 
governing. All others should be addressed by the private sector for those functions it does best. 
This alternative, however, should not be seen as a way to save money, but instead as a method to 
augment and acquire key IT skills. A Government Accounting Office (GAO) report of August 
2000 reports that there are some savings associated with outsourcing, but the documentation of 
such savings is inadequate." Unfortunately, in the rush to outsource, little thought has been 
given to careful planning of what should and should not be outsourced. This planning requires a | 
clear statement of “Inherently Governmental” that is understood and executed in a consistent 
way. . Although there is a policy document that describes “Inherently Govermental,” the 
applicability to the IT arena is not clear." There is a current effort to provide this clarification 
with an Integrated Process Team (IPT) consisting of USD(P&R), USD(AT&L), and ASD(C3D 
membership. With this clarification, DoD should develop an outsourcing strategy for key IT skill 
sets that complement those available from DoD civilian and military personnel. 


Other, more creative alternatives should also be considered. It is a well-established fact that 
IT personnel move around more frequently in their jobs than those in other skill areas. This fact 
can be a problem for encouraging individuals to take on government service if one expects that 
the choice is a full career choice. If it is accepted that these frequent moves are part of a valid 
career choice, then alternative employment programs should be encouraged that facilitate this 
fluid work force. One alternative may be an “Education and Training for Service (ETS)” model 
that requires a minimum payback of employment for education. This program could provide dual 
benefits in encouraging more students to consider an IT career, as well as providing education 
incentives with a promise of employment. It could also provide a constant refreshment of talent 
in a constantly changing IT environment. 


RECOMMENDATIONS: 


e SecDef direct more aggressive recruitment, retention, and proficiency pay for critical 
DIO skills (authorities exist to do this) 


e ASD(C3D, in coordination with USD(P&R), develop formal career paths for DIO 
officer, enlisted, and civilian personnel 


e Develop an outsource strategy to complement DoD key DIO resource needs 


e Develop an Education and Training for Service (ETS) model — 3-5 years tenure | 


Time: To be established by 1 October 2001 
Estimated cost of implementation: | S25M per year 


5 Defense Science Board Report, Feb 2000, p. vii. 
"  GAO/NSIAD-00-107, Aug 2000. 
55 OFPP Policy Letter 92-1, 23 Sep 2000. 
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B. Sensitize and Train Users 


FINDINGS: The DoD workforce at all levels is ill-prepared to execute the DIO mission 
because current training efforts are fragmented, inadequately scoped, and poorly documented 


DISCUSSION: The attacks against the DoD's information infrastructure have heightened 
awareness of the importance of training in protecting the department's information resources 
against attacks. Because of the shared risk environment created by highly connected and 
interdependent information systems, all individuals using, administering, maintaining, and 
managing systems and networks must understand the threats and the policies, procedures, and 
equipment designed to mitigate these threats. A training continuum (from cradle to grave, from 
the lowest civilian and military to the highest) must ensure that all personnel understand the 
threat and their role in protecting DoD's networks. An analogous program that can provide 
insight into how training affects successful mission performance is the DoD safety program, 
particularly aviation safety. 


Training for all users of DoD computer systems is mandated by statute, with additional 
guidance provided by Office of Personnel Management (OPM) regulation, U Office of 
Management & Budget (OMB) circular," and DoD directive? In spite of this direction, user 
training was unevenly implemented, requiring issuance of additional guidance by ASD(C3I) and 
USD(P&R) in 1998.^ This policy memo also levied an initial requirement for system 
administrator and maintainer training and certification. Outside of user training the level and 
content of training for other personnel with DIO responsibilities (i.e. systems administrators, 
auditors, accreditors etc) in the Department varies. In some areas there are comprehensive 
training programs available for all DoD personnel. Unfortunately, the Department does not take 
full advantage of these programs. In other cases, training has been either unavailable or too 
expensive for the IA workforce. As a result, the level of training for the DoD IT/IA workforce is 
uneven at best. The training content also varies across the Department, which is a potentially 
serious threat to the Department's joint warfighting capability. The previously mentioned policy 
did not address this issue, nor did it address training for personnel performing other IA functions, 
or establish a permanent, recurring requirement for those identified functions. That task was 
taken on by an IPT established in September 1998 by ASD(C3I) and USD(P&R).”! This IPT 
produced a report that made a series of recommendations to begin establishing permanent 
training and certification requirements for critical IA functions.” The report resulted in a 
recently signed DepSecDef policy memo. i 

The Department has made great strides in developing and implementing a DIO training 


continuum, but much work remains to be done. As the training requirements are developed, they 
need to not only incorporate the emerging OPM civilian personnel standards and be validated 


16 Public Law 100-235, 1987. 

U OPM Regulation 5CFR930.301-305, 3 Jan 1992. 
?» OMB Circular A-130, 8 Feb 1996. 

7? DODD 5200.28, 21 Mar 1988. 

2 OSD Memo, 29 Jun 1998. 

? DepSecDef Memo, 14 Jul 2000, 

? IA/IT HR IPT Report, 27 Aug 99. 

5  DepSecDef Memo, 14 Jul 2000. 
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against commercial/private sector standards (where those exist), but also included in the formal 
training mechanisms of the Department. Without this formalizing of the requirements into the 
normal training mechanisms, they will not become institutionalized into how the Department 
does business. Additionally, it makes little sense to require military and DoD civilians to be 
trained to a standardized requirement if contractors performing the same functions are not held to 
those same standards. The recent CIO GIG Guidance & Policy Memo (G&PM) establishes the 
initial requirement for these training standards.” Realizing that [this] may require modification 
to existing contracts, contracting officers need to ensure that any new contracts or modifications 
to existing contracts providing DIO services/functions contain standardized requirements and 
performance metrics to hold contractors accountable for meeting these requirements. 


RECOMMENDATIONS: 


SecDef (ASD(C3I) & USD(P&R), USD(AT&L)) should: 
e Establish policy to develop and implement formal education training and awareness 
(ETA) programs for DIO throughout DoD to do the following: 


o Codify the DIO training program within the formal DoD Joint Training 
System (JTS) 


o Ensure DIO programs are consistent with commercial and DoD certification 
standards 


o Require contractor personnel performing outsourced DIO functions to meet 
ETA criteria required for government employees 


Time: To be implemented by 1 Oct 2001 
Estimated cost of implementation: $150M over the FYDP 


C. Know Your Insiders 
FINDINGS: 
e Insiders are our first line of defense and the most dangerous cyber threat 


e Systems administrators have the “keys to the kingdom,” yet often require no special 
“reliability” investigations, such as those in the Personnel Reliability Program 


DISCUSSION: The Insider Threat is one that has long been recognized as having the potential 
to cause the most damage to systems as compared to damage caused by outside attackers— both 
inside the government and in the private sector. An insider is identified as anyone who “is or has 
been authorized access to a DoD information system, whether a military member, a DoD civilian 
employee, or employee of another Federal agency or the private sector.” An insider has the 


^ DoD CIO P&GM No. 6-8510, 16 Jun 2000. 


2 Department of Defense, “DoD Insider Threat Mitigation: Final Report of the Insider Threat Integrated Process Team”. 24 
April 2000, p.3 
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capability to disrupt interconnected DoD information systems, to deny the use of information 
systems and data to other insiders, and to remove, alter, or destroy information. Documentation 
of this recognition exists in many fora — including a number of DoD documents that discuss the 
issue and make recommendations on how to mitigate the risk of the insider. The most 
comprehensive of these is a recently released report listing the recommendations of the Insider 
Threat Integrated Process Team, chartered by ASD/C3I. *6 This report identifies the basic 
sources of insider security problems as (1) maliciousness, (2) disdain of security practices, (3) 
carelessness, and (4) ignorance of security policy, security practices, and proper information 
system use. The key elements of a strategy to minimize the impact of the insider threat are: 


e Establish criticality of systems 

e Establish trustworthiness 

e Strengthen personnel security and management practices 
e Protect information assets 

e Detect problems 


e React and respond 


The report goes on to make a total of 59 recommendations in 7 areas, which, if adopted, will 
significantly improve the ability of DoD to mitigate the insider threat risk. 


A separate report addressing training and certification issues for critical IA functions also 
makes recommendations to mitigate the insider threat for personnel performing critical IA 
functions?" This report specifies that personnel performing critical IA functions — defined as 
those that require the individual to have privileged access to networks and operating systems — 
require special attention to ensure that they can be trusted. These critical IA personnel include 
systems administrators who have the most ability and access to both protect and damage DoD 
networks. A third report, issued by the National Security Telecommunications and Information 
Systems Security Committee (NSTISSC), also addresses the insider threat,” as does a 1997 DoD 
IG report.” : 


There are many ways to address the problem, but all require knowledge of who the critical 
personnel are, and what the critical processes and systems are. The Y2K effort provides a model 
of how to distinguish between critical and non-critical systems and processes. The results of this 
discrimination process can provide a mechanism to focus attention and constrained resources on 
those systems and processes that are most critical to the Department. However, there is as yet no 
mechanism to identify critical personnel, although the recommendations by the Information 
Assurance/Information Technology Human Resources Integrated Process Team (IA/IT HR IPT) 
begin to accomplish that objective. These recommendations were recently approved by 


?5 Insider Threat IPT Final Report, 24 April 2000. 
7 — IA/IT HR IPT Report, 27 Aug 1999. 
28 NSTISSC Report, Feb 2001 (draft). 


? DoD Office of the Inspector General, “DoD Management of Information Assurance Efforts to Protect Automated 
Information Systems," Report PO 97-049, 25 September 1997 
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DepSecDef; however, it will take several years just to identify who are systems administrators. "? 
This step is absolutely essential because systems administrators are the most critical of all those 
who perform IA functions. Systems administrators can be military personnel who are performing 
this function in a full-time or part-time capacity, DoD civilian personnel (also full-time or part- 
time), or contractor personnel performing functions, which have been outsourced. Regardless of 
their status, all individuals performing these functions must be held to a consistent-and high-- 
standard. 


It is not enough, however, to ensure that those performing critical functions are trustworthy, 
because the most rigorous screening may still miss identifying a potential problem insider. 
Screening also does not prevent someone who had no intention of misusing the system initially | 
from doing so at a later date. Therefore, monitoring of both personnel and systems must be done 
to detect those who are not using the system as intended. Such observation requires 
establishment of a clear, legal, and enforceable monitoring policy so that all personnel using the 
systems are aware that their activities will be monitored. This policy can also act as a deterrent to 
anyone who may contemplate unauthorized activity and aid in holding those accountable who 
violate the policy. The Department has a monitoring policy, but it needs revision to accomplish 
the objectives stated. The technical means to monitor are available, but require proper 
configuration and deployment within the network architecture. 


Access control processes and mechanisms are also required to prevent individuals from 
unauthorized access to information and processes. Passwords can provide some measure of 
control, but require a management process to ensure they are regularly changed. Furthermore, 
the files need to be protected from disclosure and users need to be aware of their responsibility in 
protecting passwords. Passwords have their flaws; other access control mechanisms should be 
employed, such as PKI and biometrics. The DoD PKI program?! will address many of the issues 
presented by access control, and the DSB DIO Task Force applauds this effort. However, 
deployment could be jeopardized by insufficient funding and lack of follow-up in the enabling of | 
applications for PKL” The biometrics program, with the Department of the Army as the 
executive agent,” also shows promise in addressing this issue, but inadequate funding could also 
jeopardize this program. 


The Insider Threat is, therefore, well-documented, and numerous recommendations and 
programs in several fora exist that, if implemented, would significantly reduce the impact of this 
threat. However, a number of the recommendations have yet to be implemented. The reasons for 
this situation vary, but lack of resources and difficulty in developing appropriate policy appear to 
be the primary factors. This DSB recognizes that the Department has acknowledged the problem, 
but the lack of policy and resources to address a very real and growing problem is of concern. 


9  DepSecDef Memo, 14 Jul 2000. 

3  ASD(C3I) Memo, 12 Aug 2000. 

?  OASD(C3D) DIAP Report Apr 2000. 
55 National Security Act, 1947. 


20 


Page 1040 of 3957 


Page 1041of 3957 


RECOMMENDATIONS: 
e ASD/C3I identify those IT personnel who are critical for DIO activities 


e DepSecDef mandate the following processes and procedures: 


e System administrator auditing software 

e Open-source, commercial-style background investigations 

e Peer accountability 

e Pre-employment agreements 

e Credit checks 

e Standardized procedures for access to and control of systems 


e Two-person integrity (TPD) for specific critical functions that must be 
accomplished on a network/system 


e Policy for system monitoring and reporting of improper/unauthorized actions 


e Contractor personnel standards identical to those established for DoD personnel in 
similar positions 


E Time: To be implemented by 1 Oct 2001 
Estimated cost of implementation: $5Mper year 


D. Reserve Component 


FINDING: Significant personnel resource shortfalls affect execution of the DIO mission at all 
levels in DoD. 


The Reserve Component Study of February 2000 was chartered to provide recommendations 
to the ASD(C3I) on the subject of expanding the role of the Reserve Component (RC) in 
domestic preparedness in two specific areas of defensive information operations: information 
assurance and computer network defense. The study made two recommendations: 1) bolster RC 
support for USSPACECOM and JTF-CND, and for the Services by strengthening the RC support 
to the Service component commands (Land Information Warfare Activity (LIWA), Fleet 
Information Warfare Command (FIWC) and Air Force Information Warfare Command 
(AFIWC) and 2) establish Service Joint RC Virtual IA/CND units.?* 


Virtual RC support to LIWA, FIWC, and AFWIC can provide several advantages. The | 
increase in virtual manning could result in improved mission accomplishment and extended | 
"normal business hours" coverage (the United States’ Reserve Components in states encompass 
six time zones from the east coast to Hawaii); an increase in Service component commands' | 
talent pool (RC members with high technology skills can be reassigned or recruited to perform 
inactive duty training near home); development of a skilled pool to man the Service component 


*  ASD(RA) Study, Feb 2000. 
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commands during annual training periods of the virtual JWRAC virtual reservists and 
guardsmen; and an increase in Service component commands' mobilization base. Using the RC 
in these ways would require little or no addition of on-site staff or facilities. Issues that must be 
addressed include how to identify reservists with the right skills; the management challenge of 
virtual drilling; and possible Service reluctance to depend on the RC for full-time support. 


Increased RC support to the Service component commands would leverage the expertise of 
skilled reservists with civilian-acquired skills, capable of conducting virtual operations in support 
of service missions. The virtual augmentation could perform portions of the service missions that 
are not completed due to real-world mission pressure or could augment staff during weekends 
and during summer months. ; | 


In addition to the Reserve Component Study, there were recommendations made in the. 
Defense Science Board Task Force on Human Resources Strategy published February 2000.” 
The task force identified a number of priority areas for shaping both the civilian and military 
workforce, including the Reserve Component: 1) moving to a seamless integration of active and 
reserve components with a single, integrated personnel and logistics system, and 2) constituting 
a task force to study and develop a plan that will merge, over time, the Army and Air Force 
reserve units with their respective National Guards. The report asserts that the transformation is 
necessary to prevent the personnel problem from worsening. 


According to the report, the benefits of integrating these forces include: 
e An organization that supports the way the Department operates and deploys 


e Amore simplified relationship between the active and reserve components 


e Reduced overhead from the separate administrative and support structures that exist 
today 


e Stronger ties with U.S. communities 


Although the Services have made significant progress towards the goal of full integration, 
now is the time to leverage that progress by eliminating the separate personnel and logistics 
structures under which the Reserve Component now operates. Further improvement in the 
presentation of forces could be achieved by the integration of the reserve force with the National 
Guard force. This consolidation would require vision and persistence in the face of political 
pressures, and the challenge would have to be taken up by both the Administration and the 
Congress. 


The DoD increasingly relies on its reserve component to fulfill its mission, both from a 
resources and skills available standpoint. However, because the two systems remain separate, 
management of the joint configuration must be relearned each time the reserve component 
deploys. The report identifies several issues that will have to be addressed to make the 
integration a reality, including legal, psychological, and administrative hurdles that must be 
overcome. The report sums it up this way: 


The Department should move to a more seamless integration of active and 
reserve components with a single, integrated personnel and logistics 


5  DSB Report, Feb 2000. 
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system. The task force recommends that the Secretary of Defense 
constitute a special task force to make specific recommendations to move 
toward a single reserve component for the Army and Air Force. However, 
the task force emphasizes that the move to a more seamless military force 
should not be delayed awaiting the integration of the reserve components, 
but should be undertaken as a high priority project under the current 
active duty and reserve organization. 


RECOMMENDATION: 


. The Deputy Secretary of Defense should direct USD(P&R) and ASD(C3I) to implement 
e Reserve Component Study recommendations and 


è Defense Science Board Task Force on Human Resources Strategy recommendations. 


Time: To be implemented by 1 October 2001 
Estimated cost of implementation: 
- For Reserve Component Study: $10.5M over the FYDP 


- For Human Resources Strategy DSB: as determined by the study, applicable to IT 
workforce. 


IV. OPERATIONAL READINESS 


A. DIO Integration into Mission Planning & Execution 


FINDINGS: DIO is not adequately integrated into mission planning and execution. 


DISCUSSION: 
e Control conflicts exist between operational and support equities when services are 
disrupted. 


e Network discipline and CND compliance are issues of concern (e.g.,training, standard 
operating procedures (SOPs), command emphasis). 


e Issue of what Components should support the U.S. Space Command's CND mission 
is still under discussion. 


e CINCSPACE should develop a Continuity of Operations Plan (COOP) should JTF- 
CND lose capabilities. 


e It has not yet been determined what CND information should be posted on DOD 
Global Command and Control System's (GCCS) Common Operational Picture 
(COP). 


e [tis not clear what the U.S. Space Command should protect as part of its CND 
mission beyond the SIPRNET and NIPRNET. 


3% Ibid., p. 52. 
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Integrating DIO into all phases of operational exercises, testing and evaluation, and 
operational assessments will better ensure that network systems fully consider DIO from design 
through acquisition and to integration and employment. Implementing DIO into training and 
plans will ensure that operational plans consider the assuredness of the information they are 
depending on, and that networks and network personnel are exercised and stressed to better 
respond when failures and attacks do occur. Planning and exercising for network attacks better 
prepares the on-scene commanders and operators to respond to attacks or failures in a measured 
and appropriate manner. Accordingly, as part of exercises and operational plans, developing a set 
of responses, or delineating the rules of engagement for responding, will ensure any response is 
appropriate, measured, and authorized. 


RECOMMENDATIONS: 


e The SecDef, through CJCS, should issue guidance to make DIO a key element of all 
military planning and operations, to include promulgating Rules of Engagement 
(ROE) and continuity-of-operations plans and conducting unit training and exercises. 


Time: To be implemented by 1 October 2001. 
Estimated cost of implementation: Approximately $500k for initial actions. Additional 
- funding requirements will need to be identified and submitted for funding via the 
PPBS process. 
B. Readiness Assessments, Reporting, and Metrics 


FINDINGS: There is no adequate system for assessing DIO readiness across DoD. 


DISCUSSION: i; 
e Readiness assessment mechanisms are incomplete and fragmented. 


e Numerous efforts are ongoing to measure IA/CND/DIO readiness of DoD activities 
(e.g., CJCSI 6510.04 and DIAP IA metrics efforts). 


e CJCSI 6510.04 does not address or apply to all DoD agencies. 


e DoD IA readiness includes assessing, evaluating, and enhancing the readiness 
posture of DoD IA capabilities. 


The success of operational missions is now more than ever dependent on the assured and 
timely delivery of information from operational commanders to operating forces. Planning for, 
testing, exercising, protecting, and resourcing the assuredness of those systems that deliver that 
vital information has not kept pace with the emphasis placed on using the information in some 
operational manner. Yet, assuring the security and availability of information is critical to DoD's 
Success in peace and war, and is a key element of achieving information superiority. DIO 
readiness must be measured, assessed, evaluated, and understood for operational commanders to 
understand and achieve information superiority. 
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The DoD's information systems have been, and will continue to be, under attack. When 
disruptions occur to the flow of information, either through attack or system failure, operations 
suffer. 

e System failures are often unpredictable and unavoidable. Network operations 

reconstitution after a system failure depends on the skill, experience, training, and 
ability of network technicians. 


* System attacks are also often unpredictable and unavoidable. Responses and network 
reconstitution to network attacks also vary depending on system administrator skill, 
experience, training, and ability. 


e Disabling a network as a response to the threat of attack has the same effect as a 
successful attack. 


e The ability of any given command to better face the challenge of a system failure or 
attack is improved through planning, training, assessment, and practice. 


Policy needs to be established which will lead to a structured, mandated, and recurring DIO 
assessment capability across all elements of the Global Information Grid. An effective DIO 
readiness reporting mechanism, accompanied by a viable response mechanism to provide 
proactive and responsive solutions, is as important as anticipating ammunition shortfalls and 
assessing more traditional critical warfighting systems, and will in the end save money and 
conserve other resources. Many different organizations, elements, and activities must be brought 
together within the DIO readiness system to achieve synergy, efficiency, and effectiveness 
throughout all facets of the system. 


Critical success indicators for the readiness system include the people, operations, training, 
equipment, infrastructure, and processes that characterize the DIO readiness posture of the DoD 
described as follows: 

e People: The ability to attract and retain qualified, cleared, available, accountable, and 

motivated personnel to sufficiently staff DIO-related mission requirements 


e Operations: The ability of CINCs/Services/Agencies to ensure organizations, 
procedures, and tools are effectively synchronized to execute DIO actions in order to 
defend information capabilities; thus providing timely, reliable, integrated, and secure 
information to achieve mission objectives 


e Training: The ability to specify and then satisfy DIO training requirements across the 
DoD by external and internal education, training, and awareness programs that meet 
nationally and/or internationally recognized quality and curriculum criteria and that 
generate qualified and certified DoD DIO work force and users. 


e Equipment and Infrastructure: The ability of the DoD's defense-in-depth architecture 
to ensure authenticated and authorized access to information across service and 
mission boundaries, throughout all applicable equipment and infrastructures (cyber 
and physical), and with adequate levels of confidence in information availability, 
confidentiality, and integrity while being processed, stored, or in transit 


e Processes: The ability of the DoD to institutionalize across the Department 
measurable, repeatable, reliable, valid, cost-effective, streamlined, consistently 
applied, and well-documented DIO processes 
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RECOMMENDATIONS: 


SecDef, through CJCS, should: 
e Promulgate guidance in the Joint Mission Readiness Review (JMRR) and other 
appropriate Service readiness reporting systems. 


e Specify policies to hold commanders accountable for aspects of DIO readiness within 
their control. 


Time: Initial actions by June 2001, with completion not later than June 2002. 
Estimated cost of completion: $12.5M over FYDP 


C. Operational Readiness Assessment (Red Teams) 


FINDINGS: Due to lack of clear policy and resources, aggressive, comprehensive, effective 
operational Red Team activities are lacking across DoD. 


DISCUSSION: 
e Operational readiness assessment involves the Cyber Operations Readiness Triad 
(CORT): vulnerability assessments, vulnerability evaluations, and red teaming. 


e Vulnerability assessments, vulnerability evaluations, and an aggressive, no-notice 
red-teaming program are lacking across DoD. 


e  Red-teaming that is being done is inadequately funded, insufficiently staffed, poorly 
coordinated, and hampered by lack of clear policy. 


e Formal Computer Network Attack (CNA) red-teaming efforts, definition, and 
authorities have yet to be defined. 


The purpose of an operational readiness assessment (ORA) is to examine and test an 
information system or product to determine the adequacy of security measures, identify security 
deficiencies, provide data from which to predict the effectiveness of proposed security measures, 
and confirm the adequacy of such measures after implementation. 


The ability of a network system to survive a focused attack and continue to provide the 
information needed by operational commanders in a timely manner is intrinsically part of 
information superiority. The ability of any particular system to survive an attack can be 
attributed to the technical health of the system and the skill, experience, training, and ability of 
the system technicians. Due to the networked nature of the Global Information Grid (GIG), a 
weakness within any particular system may cause a vulnerability within the network as a whole. | 


Evaluating network technical health through testing for system upgrades and patches, proper 
password management procedures, and firewall standards - just to name a few methods- is 
necessary to ensure administrators have maintained their systems according to manufacturer 
updates and established procedures. Similarly, system administrators must be trained and 
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exercised in recognizing and responding to unauthorized attacks and intrusions, from both within 
and without of the system. Training and assistance teams provide a vulnerability assessment of 
networks and help provide the local system administrators with the skills they need to maintain 
system operations. 


The different equipment and software that make up information systems have known and 
unknown vulnerabilities associated with them. Timely installation and maintenance of 
manufacturer upgrades and patches for known vulnerabilities helps maintain a higher level of 
security and assuredness, but often comes after vulnerabilities have been widely known and 
exploited. This may put operations at risk if the military community does not aggressively test, 
appraise, and evaluate the hardware and software that makes up the information systems. 
Evaluations of hardware and software identify vulnerabilities not widely known within the public 
domain and permit the military to work with developers to correct the vulnerability before 
hackers can exploit it. This level of evaluation, however, is best done during Research 
Development Test and Evaluation (RDT&E) and Operational Test and Evaluation (OT&E) so 
that the best network systems can be acquired that meet the overall DoD information superiority 
objectives. 


Actual readiness of in-place information systems can be measured only through the 
aggressive testing of a system by an independent (red) team. Red team assessments are 
conducted throughout the DoD, but often with inadequate resources and limitations placed on 
their ability to conduct an aggressive assessment. Additionally, red teams are being applied 
unevenly throughout DoD, which results in some commands being highly effective in thwarting 
network attacks while others may only have minimal capability in doing so. Also, different red 
teams evaluate systems using different standards and measures of effectiveness, which may lead 
to a false sense of security within certain commands. Since a potential aggressor seeks out the 
most vulnerable system to penetrate or attack to achieve his ends, this uneven approach to red 
teams may lead to an unrealistic sense of security when in fact, little exists. 


It is important for doctrine to be developed that would guide the CORT process to ensure all 
of DoD is at the same level of DIO readiness. Specifically, red-team structures, authorities, 
responsibilities, and functions should be specified for all DoD activities, and organized in a 
manner to make maximum synergistic use of the teams and in-place assets. Accordingly, 
Operational Readiness Assessment Teams should be aligned for each of the military 
departments, Defense Threat Reduction Agency (DTRA) for weapons of mass destruction 
(WMD) purposes, NSA for DoD and national requirements, and Joint Forces Command to 
organize reserve forces for appropriate missions. 


Operational readiness assessments should be conducted often and randomly because any 
introduction of a new equipment or software upgrade changes the design, and hence the 
vulnerabilities, of the system. Highest priority should be given to upper echelon command-and- 
control systems, highly classified systems, and the systems of those forces preparing for 
operational deployment. But each system within DoD should receive complete CORT assistance 
not less than every five years. 


Because of the nature of networked systems, and DoD's reliance on contractors and vendors, 
policy should be extended to subject those contractors and vendors who are involved in 
applicable DoD activities to the same red-teaming standards as DoD. 


21 


Page 1047 of 3957 


age © 


RECOMMENDATIONS: 


Formalize and empower DIO Red Teaming throughout the DoD by: 
e Developing a three-level CORT assessment capability: 
- Level I: Vulnerability Assessment (VA) 
- Level I: Vulnerability Evaluation (VE) 
- Level I: DIO Red-Team 
e Establishing policy that defines authorities and responsibilities 
e Expanding the number, scope, and frequency of Red Teams to include: 
- Once every 3 years for specified LAN-W AN elements 
- As soon as possible after major system/network changes 
- Prior to all force deployments 


- Not less than once every 5 years for all systems and networks 
- That include contractors/vendors to the extent it applies to those government 
activities 
e Providing adequate staffing and resources to accomplish expanded mission 
e  Reinvigorating and updating draft DoDD 3600.3 to include the CORT process 


e Designating NSA as the DoD element responsible for developing tools, tactics, 
techniques, procedures (TTP), standards, and training to operationalize ORA 


e Resourcing NSA to expand its ORA team to meet mission need 
Time: 1 October 2001 
Estimated cost of implementation: $30M per year. 


D. Computer Emergency Response Teams / Computer Incident Response Teams 
(CERT/CIRT) 


FINDINGS: DoD CERT/CIRT activities vary in their execution and are not inclusive of 
all DoD CINCs/Services/Agencies (C/S/A). 


DISCUSSION: 
e Not all Defense agencies have or have access to CERT-/CIRT-like services for 
their enterprises. 


e An overall DIO readiness posture cannot be clearly understood today. 
e Tools, response procedures, and reports differ among CERT/CIRTs. 


e Doctrine is inconsistent. 
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CERT/CIRTs provide initial indication of external attack against DoD network systems by 
using automated monitoring tools to determine when unauthorized probes, scans, intrusions, and 
service denials occur. The information provided by the CERT/CIRTs permits a clearer 
understanding of the level, severity, and scope of network attack. This information is also used to 
alert other DoD network users of attack, and to permit counter measures to be implemented 
which would mitigate the attack. The sum of all this information is a significant indicator of the 
readiness and ability of information systems to achieve information superiority. 


Today, the various CERT/CIRTs use different tools to monitor network activity and, when 
suspicious activity is noted, report the information using differing methods and procedures. 
Further, the tools the CERT/CIRTs use are based on identifying recognizable and known 
network security vulnerabilities, and are not easily configured to protect against emerging or 
changing technological threats. These differences and shortcomings mean inequities exist when 
CERT/CIRTs measure and assess network health, which leads to inefficiencies throughout the 
system or a false sense of assuredness. For the assessments to be valuable, it is important that 
they be derived from measurements that are accurate and timely, and able to be dynamically 
updated to identify and warn against the most up-to-date threats. Additionally, to be easily 
accessed and understood throughout DoD, the assessments need to have a common format and 
reporting guidelines. 


Because of the nature of their mission, technicians at CERT/CIRTS are particularly adept at 
understanding and mitigating network vulnerabilities. Therefore, CERT/CIRT technicians 
provide a critical technical capability and expertise for other commands to draw from when 
needed, especially in preparation for or during operational employment. However, the current 
number of CERT/CIRTs and the number of technicians within the CERT/CIRTs, do not 
adequately meet all the assessment and on-site assistance needs of all CINCs/services/agencies. 


USSPACECOM, supported by OSD/JCS policy and procedure, should improve the DoD 
CERT structure and scope by: 
e Developing doctrine/TTPs on emergency response, including a deployment policy 
when necessary 


e Implementing CERT/CIRT clearinghouse capabilities 

e Providing access to standardized and advanced tools and methodologies 
e Establishing common reporting formats and a shared common database 
e Developing a standardized alerting process 

e Establishing additional CERT/CIRTs where needed at C/S/A 


Time: To be implemented by 1 October 2001 


Estimated cost of implementation: $50-70M over FYDP 
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CONCLUSION 


The Findings, Discussion and Recommendations described in this report were those that the 
Panel felt necessary to address the situation and correct deficiencies in organizational and 
operational issues noted during their investigation of the state of DIO within DoD. A number of 
activities had been initiated by the Department in response to previous reports (both DSB and 
others), but were too immature to determine whether the activities would be successful or were 
actually addressing the identified problems satisfactorily. The strongly held opinion of the 
majority of the Panel members was that, although there were some technological issues to be 
addressed in DIO, the majority of the issues impacting the ability of the Department to execute 
this mission were unclear, conflicting or non-existing policies, non-existing or conflicting 
operational procedures and inadequate resources. Lack of success in resolving the problems in 
these areas will continue to hamper the Department irrespective of the availability of 
technological solutions. The number of activities identified within the Department demonstrates 
a growing awareness of this fact and the need to develop a solid foundation for action. None of 
the recommendations mentioned in this report are particularly new or original to the Panel, nor 
are they difficult to understand or implement with strong, consistent leadership from OSD. That 
leadership is the key to success. 
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APPENDIX D: ORGANIZATION AND OPERATIONS PANEL 
QUESTIONAIRE 


1.00 | INTRODUCTION 
1.1 Organization and Operations Panel Questionnaire 


The Organization and Operations Panel of Defense Science Board (DSB) Task Force for 
Defensive Information Operations (DIO) issued a questionnaire in May of 2000 to assess 
information assurance (IA) organizational perspectives regarding current Information Assurance 
functions across DoD. The questionnaire was distributed to 132 organizations, drawn from the 
Services, CINCs, Agencies and related entities. Each of the selected organizations is currently 
engaged in IA missions across a wide spectrum of functional areas. The questionnaire sought to 
elicit information from major IA entities to determine existing roles, mission objectives, 
organizational relationships, and connectivity as well as to assess the community's self-perceived 
level of confidence and obtain information regarding perceived needs and future requirements. 
The results of this questionnaire were also intended to aid in measuring progress toward meeting 
the specific recommendations of the 1996 DSB DIO report and to develop future policy. The 
questionnaire presented a series of questions to participants ranging from the identification of 
each organization's IA missions to the assessment of funding methods for information assurance 
functions. 


The DSB Organization and Operations Panel identified 132 organizations involved in IA 
activities to represent the DoD IA Community and to serve as the pool of respondents for the 
questionnaire. Of the 132 organizations that were sent the questionnaire, 56 responded for a 
response rate of 42%. Table 1 presents the distribution of the respondents by organization type. 


Table 1. Questionnaire Response Breakdown | 


No. of Responses “e Distribution 


The organizations that responded to the questionnaire constituted a broad cross section of overall 
and IA mission areas and it is therefore possible to extract some general trends from the results. 


The initial questions requested the organizations to identify and prioritize both their overall and 
specific IA missions from the categories below: 
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OVERALL MISSION  BUNUUES 


OBJECTIVE Be 32% of the respondents chose C3 as their overall 
s mission priority 
Intelligence G C3 E - 30% of the respondents chose "other" operations 
Logistics Q Plans i their overall mission objective 
Training D Operations E. 14% of the respondents chose IG/Audit as 
Acquisitions © IG/Audit — their overall mission objective | 
Z Other B. The remaining 24% was relatively equally | 


divided among the remaining categories 


FINDINGS 
* 31% of the respondents chose 
management as overall IA mission 


OVERALL IA MISSION OBJECTIVE 


priority Certification & Accreditation ^ i 
* 15% of the respondents chose ERIGI ESSI IER CIE THE E : 
CERT as overall mission priority -] Operations 3 Attack | 
* 9% of the respondents chose WEEG TER ETT TET AMET EN | 


certification and accreditation as Systems/Product Acquisition ^ 

overall mission priority ; Computer/Network Crime = | 
~ e The remaining 45% was divided Cryptography 3 Threat Assessment . | 

among the remaining categories N* x 


= Web Security 
Logistics © Plans 


The organizations were also given the opportunity to provide feedback and comments to the 
DSB with respect to issues of particular concern in the IA arena’. The comments provide a 
window into the opinions and concerns of the IA community that was not necessarily consistent 
with the specific questionnaire responses. These comments appear to suggest that while DoD has 
succeeded in formulating "high level" policy and guidance with respect to IA issues, the 
implementation of these policies in the ranks and the development of detailed operational 
requirements and regulations is an area that must continue to be addressed. 


The questionnaire results suggest that the absence of a consistent process to implement IA policy 
has led to inconsistent actions being taken across the DoD. Many respondents also suggested that 
policy updates should be issued in a more timely manner, so as to keep pace with technological 
advances and to avoid the implementation of a patchwork of policy. The questionnaire responses 
provide a great deal of information and insight into current DoD IA posture, and identify issues 
that will be of significance in the near term future. 


This appendix will provide an analysis of the questionnaire responses and the implied trends 
throughout the IA community as represented by the pool of questionnaire respondents. 


l The comments are presented in greater detail in subsequent sections and Attachment A. 
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1.2 DSB Questionnaire Methodology 


Fifty-six organizations responded to the DSB questionnaire. Each organization was treated as an 
independent entity within the IA community. The analysis, therefore, strives to demonstrate a 
number of trends present throughout both the IA community and the Department. 


The distribution of respondents is heavily Service-oriented and within that group, Army 
comprised the majority of the responses. However, the trends noted below appear to be 
consistent across all groups that responded to the questionnaire. Furthermore, the significance of 
the heavy Service representation is offset by the fact that the Services retain the bulk of the 
execution responsibilities as delineated by Goldwater-Nichols, and so retain primary 
responsibility for implementing IA programs across the Department. Accordingly, the fact that 
the Services constitute the bulk of respondents serves to provide an accurate depiction of the 
composition of the [A community on the ground. This, in turn, lends credence to the purpose of 
this analysis; namely to provide a window into the current state of the DoD IA community as 
perceived by the participants. The results also constitute a "pulse check" on the perceived 
availability of proper resources, policy, and funding throughout the DoD IA community. 


2.0 ` DSB QUESTIONNAIRE ANALYSIS 
2.4 ^ Mission characterization 


2.1.1 What is your specific organization's overall mission and overall mission priority? 


The first question posed in the questionnaire sought to capture the distribution and priority of the 
overall mission objectives of organizations within the IA community. Respondents were given a 
list of missions to choose from and requested to select all that applied to their organization. 
Respondents were then requested to prioritize each mission objective. Figure 1 illustrates the 
diverse nature of missions within the IA community. On average, each of the 56 respondents 
chose 2 to 3 mission objectives. Most organizations included C3, operations, and planning 
among their overall mission objectives. 


Figure 1. DoD Overall Mission 


Law Enforcement 
Counter Intelligence Intelligence 
3% 5% 
Acquisition 
8% 
IG/Audit 
7% 


Logistics 
c3 
3% 


Operations 


15% 


Training 
14% Plans 1096 
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The graph illustrates that there is a great deal of variation across the DoD IA community, in 
terms of mission objectives. As IA continues to gain strength and recognition as a critical 
element of Defense in Depth, IA issues, and the availability of IA services within the mission 
areas will continue to grow, placing further pressure on IA organizations for resources, training 
and other services. Further, while the majority of respondents are involved in C3, planning, 
training, or some other activity outside of the questionnaire choices, the results suggest that IA 
activities have become more routine, and an inherent function of DoD business processes. 


Figure 2. DoD Overall Mission Top Priority 
Intelligence Logistics 

Acquisition 3% 3% 
3% Plans 
3% 


Operations 
6% 


R&D 
6% 


Other 
30% 


In addition to identifying their mission objectives, respondents were also asked to prioritize their 
overall mission objectives. Figure 2 illustrates that C3 and IG/Audit were the highest priorities 
identified by the respondents. The category of "other", which was the choice of a significant 
number of respondents, suggests that there is a sizable portion of the IA community involved in 
activities, which have expanded beyond the scope of the traditional mission objective choices. 
The results seem to suggest that IA is slowly being integrated into the routine of all organizations 
throughout DoD. Thus, while IA activities continue to be concentrated in organizations with a 
C3 mission, the results suggest that the [A community is expanding into areas such as R&D and 
operations. 


2.1.2 What is your organization's IA mission and IA mission priority? 


Respondents were asked to check and prioritize the overall IA mission objectives that applied to 
their organization. On average, respondents chose six different objectives from the provided list. 
Figure 3 illustrates the distribution of the frequency with which each category was chosen. 


This graph illustrates that the missions of the IA community are quite diverse and cut across 
numerous focus areas, with training and web security being the most frequently cited IA 
objectives. The graph further suggests that the [A community's activities are not simply limited 
to information security issues, but have also become a part of the business processes that exist in 
the background. IA appears to be developing into a discipline that is increasingly found in a full 
range of services, suggesting that IA is continuing to evolve into a mainstream activity. 
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Figure 3. Overall IA Mission 
(Respondants were requetsed to chose all categories that applied) 


Web Security Management pcd Certification & Accreditation 
: Threat Assessment 9% 8% i 7% 
7% = W 
Vulnerability Assessment 
7% 
Operations 7 
-Indications & Training/ 
Warning Education 
5% 10% 
Operations- 
Configuration Operations-Access Contro 
Management 7% 
& Control 
6% Operations- 
Operations-Attack Info. Sys. Network Management 
Computer/ Characterization & Response Security Engineering Th 
Network Crime 6% 5% 
2% 
Systems/Product Acquisition 
6% 
The questionnaire also asked the respondents to prioritize their overall IA mission objectives. As 
shown in Figure 4, management was the top IA mission priority chosen by respondents, with 
nearly one-third of the respondents engaged in some sort of management or oversight role. 
Figure 4. DoD IA Mission Priority 
Computer/Network 
Crime Cryptograph 
2% 2P 2% d 
Management Operations 
31% 22% 
Vulnerability 
om ; Assessment 
em ——Máà 2% 


Info. Sys. Security 
Engineering 
4% 
Systems/Product 
Acquisition 


CE 
cally Certification & 4% 
e Training/Education Accreditation 
9% 9% 
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Further analysis of the results illustrated in Figure 4 suggests that the IA community has a clear 
management role, or at least believes it dedicates a great deal of resources towards general 
management (i.e. accounting, requirements, and funding). The frequency with which respondents 
chose management as a priority is consistent with the fact that IA is a pervasive issue that 
reaches almost every organization and activity. As there is a great deal to manage, the 
infrastructure must be in place to execute all IA activities and initiatives throughout DoD. 
Management, training, and C&A accounted for 48% of IA priorities, operations as a whole 
accounted for 22%, CERT accounted for 15%, and general support functions accounted for 13%. 
However, while these numbers suggest a great deal of variety in terms of the IA priorities 
throughout the community, it may also indicate that there is divide among the community in 
terms of mission objective. 


2.1.3 Additional observations 


In characterizing the IA community's "overall mission objective" and "IA mission objectives", 
the data suggests that the IA community continues to grow in both scope and in depth. The 
results also indicate that IA functions are present in a growing number of organizations with a 
burgeoning variety of overall IA objectives. IA should continue to expand into other 
organizations and mission objectives as the ability to deliver information in a safe, secure, and 
highly trusted manner becomes increasingly crucial to the day-to-day operations of the 
Department. This will be especially true as the Department's E-commerce initiative continues to 
grow and become standard practice. 


22 Requirements and Resources 


To achieve an overall perspective on the IA community, it is helpful to assess the community's 
perceptions of its ability to meet the responsibilities set forth in policy both at the departmental 
and organizational levels. To this end, the questionnaire sought to assess the availability of 
resources in the form of funding, personnel, and policy. 


22.1 Have your IA requirements been identified? 


Figures 5 through 8 illustrate that the respondents feel that the majority of their requirements 
have either been fully identified or partially identified, suggesting that they are well able to 
articulate their IA needs. Almost two-thirds of the respondents have been able to identify their 
requirements through normal processes, with organizations integrating IA into their standard 
requests for funding every year. This suggests that there may be sufficient procedures, processes 
and organizations in place to address IA issues within the PPBS cycle and the POM process. 


These graphs also show that about 80% of the community is able to at least partially identify 
their requirements; however, 42% percent of these requirements have only been partially 
validated. The relatively large percentage of partially validated requirements implies that it is 
important to continue to investigate why there is such a substantial amount of requirements that l 
remain only partially identified to facilitate the overall ability of the community to fund its 

activities. 


Page 1074 of 3957 


Figure 5. Requirement Identification Process 


Other Process 
32% 


Normal Process 
68% 


Normal process: PPBS, JROC, etc. 
Other process: Vulnerability assessment or other 
assessment/inspection process 


Figure 7. Requirements identification using Other 
Processes 


Partially 
Validated 
42% 


» Validated 
37% 


Not Validated 
21% 


Figure 6. Requirements Identification Using Normal Process 


Partially Validated 
41% 


Validated 
42% 


Not Validated 
17% 


Figure 8. Requirements identification - Process independant 


Partially 
Validated 
` 42% 


Not Validated 
18% 


2.2.2 Have your IA requirements been resourced? 


Figures 9 through 13 illustrate the perceptions among the respondents regarding the effectiveness 


of their investment and resources. 


Figure 9. Do you have enough capital investment funding for 


lA? 


Yes 
51% 


Figure 10. Do you have enough capital Investment on facilities? 


57 
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Figure 11. Do you have enough of the right people working IA? Figure 12. Are your people properly trained? 


Figure 13. Do you have enough capital investment for 
lA operations? 


The graphs above illustrate that only about half of the respondents believe they have enough 
capital investment for IA in general. However, almost two-thirds of the respondents believe they 
have enough capital investment for facilities and IA operations. This implies that, while the 
respondents feel that they do not necessarily have enough total resources for IA activities, they 
feel they are adequately funded for facilities and operations. As almost one-third of the 
respondents feel they do not have the proper investment capital, further investigation would seem 
to be warranted. 


With regard to personnel requirements, the majority of the respondents felt that they had 
adequate numbers of people, but that these people do not have the proper training. This 
correlates to the low placement of education on the IA priority list as seen in Figure 3, and 
suggests a need to raise the profile of IA education and training throughout the IA community. 


2.23 Does performance of your IA mission conflict with any other responsibilities? 
Figure 14 presents the results from the inquiry regarding potential mission conflict. This figure 


suggest that the overwhelming majority of respondents do not feel that their IA mission conflicts 
with their other responsibilities. 
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Figure 14. Does performance of your IA mission conflict with any of 
your other responsibilities? 


Yes 
29% i 


In theory, an organization's IA mission should not conflict with its overall responsibilities 
because IA is designed to enhance the majority of IA mission objectives engaged in by the 
community. However, there may be instances when the practical outcome of DoD's IA policy 
(i.e. smart cards or PKI) may inhibit the tactical world. These services are designed to provide 
another layer for DoD's Defense-in-depth strategy, yet some organizations may view the 
additional layers of security as a liability rather than a safeguard. 


2.2.4 Do you think you have the right tools to carry out your IA mission? 


As a general rule, securing adequate resources in the form of funding or people is a constant 
challenge for any organization, regardless of the specific issue or technology. However, these 
issue present only one part of the overall picture. An analysis of the respondent's data implies 
that, for IA organizations, policy and authority tools are becoming just as important as funding. 
If Department policy does not clearly communicate the roles and responsibilities that 
Components are required to implement than it becomes nearly impossible to carry out the IA 
mission effectively or to cultivate change and growth. 


Figures 15 through 17 suggest that while the respondents believe they have generally good 
information, they do not overwhelmingly believe that the proper policies are in place or that they 
have the proper authority over subordinates and/or organizations. 


Figure 15. Do you think you have adequate and clear IA Figure 16. Do you think you have adequate authority over 
policy/guidance from above to carry out your IA mission? subordinates/organizations to carry out your tA mission? 


Yes 
5495 
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Figure 17. Do you have adequate information you execute 
your IA mission? 


No 


This becomes especially important in the case of Agencies and CINCs who are often dependent 
on the Services for the delivery of IA services. The results also point to the growing 
interdependence of organizations in the IA community that has developed as a result of 
information sharing and enhanced communication within the community. 


23 Infrastructure Availability 


2.3.1 Activity Situation 


Figure 18 illustrates that the majority of DoD IA activities sit on major DoD installations. 


Figure 18. What best describes your activity situation? 


Remote activity not 


on installation Tenant on other than 


S DoD installation 
296 5% 


Activity not on 
installation in major 
urban area 

19% 


Tenant on major DoD 
installation 
55% 


Installation 
commander 
responsible for 
providing 
infrastructure services 
19% 


The second most common situation is activities where the installation commander is responsible 
for delivering infrastructure services. These may be minor installation or installations in an urban 
area. An additional twenty- percent of the respondents are situated in remote locations. 
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2.3.2 Availability of DoD Infrastructure 


Figure 19 addresses the availability of essential infrastructure. 


Figure 19. Do you consdier DoD Infrastructure 
servvices in mission planning? 


DoD infrastructure in mission planning. This suggests that organizations are considering both 
information assurance and infrastructure assurance issues, which have a symbiotic relationship. 
Without the availability of the various elements of the DOD infrastructure, it becomes difficult if 
not impossible to meaningfully execute the IA mission. 


Figure 20. How do you consider DoD Infrastructure 
availability in mission planning? 


Policy Memo Contract Vehicle 


Other 
796 


13% 12% 


Continuity of 
Operations Plan 
(COOP) 


75% 
The results of this question illustrate that about three-fourths of the respondents consider the 
31% 


Memorandum of 
Agreement 
25% 


Figure 20 suggests that most respondents consider DoD infrastructure for Continuity of 
Operations Plans (COOPs) and for memoranda of agreement (MOA). Since the availability of 
the infrastructure drives COOPs and plays a key role in MOAs, it is not surprising that the 
respondents chose these two most frequently. In addition to assessing those situations where 
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organizations consider infrastructure issues, it is also important to ascertain the level of an 
organization's confidence in the availability of infrastructure at critical times. 


Figure 21. Are you confidence in that the services you 
require will be available whenever needed? 


Very Confident 
28% 


Not at all 
Confident 
0% 


Somewhat 
Confident 
50% 


Neutral 
12% 


Not Very Confident 
10% 


Figure 21 illustrates that only about one quarter of the respondents are confident that the 
infrastructure services upon which they rely will be available whenever needed, while over 50% 
of the respondents are only somewhat confident that the services they need will always be 
available. Such results suggest that there is a pronounced absence of confidence in the current 
ability of the DoD infrastructure to deliver services on demand. 


2.4 Impact of IA Activities on Mission Performance 


2.4.1 How do the following IA processes impact your mission performance? 


Figures 22 through 28 illustrate the impact of IA activities on mission objectives. 


| 
| 
Figure 22. Vulnerability Alert Process Figure 23. INFOCONS | 


Strongly Strongly 


degrades Moderately degrades mission 
mission degrades Strongly improves performance Moderately 
performance mission mission 3% degrades mission 
3% performance perfomance performance 
8% 17% 7% 
Strongly 
improves y No impact on 
mission mission 1 
erformance 
7 39% P ME Moderatley 
improves mission i 
. performance 
20% i 
No impact on | 
mission 
Moderatley performance 
improves 3 53% 
mission 
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Figure 25. Accreditation Process 


Figure 24. Incident Reporting Process 


Strongly 
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S ' Strongly improves mission 
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Figure 26. Vulnerability Assessment Process Figure 28. Recovery/Reconstitution Process 
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43% 


The results suggest that Vulnerability Alert Process and Vulnerability Assessment most 
significantly influence the respondents’ mission objectives. Most of the IA activities have only 
very little or a moderate impact at all on mission. While virtually no IA activities have a strongly 
negative impact on mission objectives, threat assessment and the accreditation and certification 
activate moderately degrade mission performance, with respondents reporting that about one- 
third of the these activities were at least moderately degrading mission objective. 
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Figure 29. Issues Warranting Attention 
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6% ° Organization 
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2.5. Issues Warranting Attention 


While IA has made significant progress in expanding its reach throughout the Department, there 
are still a variety of issues that must continuously be examined and reevaluated. As with any 
~ program or initiative, funding and well-trained personnel will always be issues to program 
managers. Perhaps the most interesting result of the questionnaire analysis is the fact that policy 
was identified as the single biggest concern of the respondents. These results were borne out by 
the “Comments” received at the end of the questionnaire and presented in full in Attachment A. 


The small numbers for acquisition, organization, and horizontal coordination suggest that 
communication among organizations is adequate and that the organizational structure of the LA 
community itself is not of great concern. However, issues such as roles and responsibilities as 
well as new money allocated for various IA efforts continue to challenge the organizations that 
are charged with implementing the changes. The concerns reflected in Figure 29 are consistent 
with the trend found throughout the questionnaire indicating that the community is generally 
confused, and in need of a greater guidance as well as policy that has more detail and 
applicability to their own organization's day-to-day functions. 


2.6. Coordination and Interface 
Respondents were asked to provide insight into the organizations they work with and draw 
support from in both the public and private sectors. Please see Attachment B for the results of 


this inquiry (i.e., a full list of organization’s coordination and interface from questions 10a, 10b, 
and 10c). 
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3.0 COMMENTS 


In addition to the specific data represented in the graphs set forth in the previous sections, 
organizations were also asked to provide more general feedback on those issues not specifically 
covered by the questionnaire. These comments were intended to give participants the opportunity 
to highlight any areas of particular concern in the IA community with respect to the subject 
matter of the survey, and to provide the DSB with greater insight into those concerns. A frequent 
focus of these concerns is the expressed need for clear policy, and resources, both with respect to 
funding and qualified people. While many organizations responded positively to the specific 
survey questions directed towards the adequacy of policy and guidance, respondents true 
feelings about their IA posture was clarified in the comments, and presents a somewhat less 
sanguine view of the state of policy at the organizational level. . This apparent discrepancy 
between the comments and the specific survey responses may be indicative of a desire on the 
part of the respondents to provide a "politically correct" response to the direct questions in the 
survey. 


A detailed review of the comments seems to indicate that most organizations would welcome 
clearer policy and guidance from OSD, which would enable them to better develop policy 
specifically applicable to their own organizations. Many of the respondents expressed the belief 
that there was sufficient be "high level" policy", however, this policy was of limited use when 
applied to the organizational structures of the community, and their day-to-day tasks. The 
comments further suggest that efforts on the part of policy makers to clarify roles and 
responsibilities at the organizational level to facilitate the implementation of IA initiatives would 
be well received, as would requests for suggestions about the process at the operational level. 
The comments also indicated that that a lack of "low level" policy was leading to the creation of 
multiple concurrent and possibly inconsistent policies with respect to the delineation of varying 
roles and responsibilities. It was suggested that such situations should and could be addressed by 
undertaking a more comprehensive and wide-ranging policy effort. A related undercurrent in the 
comments, was the expressed desire for the IA community to begin to think and act across 
organizational lines and to coordinate efforts and hare information. 


Respondents also suggested that policy formulation difficulties might stem from the incremental 
nature by which DoD develops IA policy. Which contributes to the "patchwork" of polices 
currently in use. This policy "incrementalism" is perceived as a barrier to timely updates, which 
would allow policy to keep pace with developments in technology. 


Many respondents expressed the belief that the visibility of IA in the PPBS cycle must be raised 
in order to assure that resourcing priorities are adequately addressed in the FYDP. These funding 
needs are further complicated by the great diversity of IA mission objectives as represented by 
the survey respondents. Respondents also expressed a desire to see further discussion in order to 
identify activities that support multiple missions and to harness domain knowledge in support of 
further policy and program development and implementation. This process will be invaluable in 
overcoming the inherent limitations of the PPBS too allow for the full identification and 
validation of IA requirements in the future. 
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A final area of concern was the IAVA and accreditation processes. There was a general 
consensus that the feedback and reporting loop on the IAVA process needs to be tightened, 
leading to better and more timely communication. Additionally, many respondents felt that the 
accreditation process was both too complex, and too "paper intensive", leading to delays and 
frustration. 


Overall, the comments indicate that the IA community is beginning to view itself as a functional 
community that cuts across organizational lines. There is also a high level of awareness of the 
fact that many of the organizations are dependent on each other, as well as outside institutions, 
and, a broad sense of the need for better coordination and cooperation in the IA community. | 


40 CONCLUSION 


The responses received to the questionnaire came from a broad cross section of IA organizations 
engaged across the full spectrum of IA missions. The respondents accurately reflect those 
organizations and components, which are charged with the primary responsibility of 
implementing IA programs across the DoD. The questionnaire results support the proposition 
that IA is becoming instantiated across all functional areas of DoD, and that while high level 
policy is adequate, significant work remains to be done to assure that the broad goals and 
objectives of DoD policy are accurately translated into usable polices at the operational level. 
Front line IA personnel must be provided with sufficient organizational tools and resources to 
competently implement their IA missions on a day to day basis. Furthermore, policy must keep 
pace with technology, developed and implemented in a consistent manner across the various 
organizations that comprise the IA community. This becomes especially crucial as the demand 
for IA services continues to evolve into an important element of each Component's activities. 
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Attachment A: Noted Trends in Respondents' Comments 


Unclear and Outdated Guidance from Above 


We write the IA policy for the AF, however, we do not always get clear policy/guidance from 
OSD. 


There is too much policy that is not related to performing the functions required to do the job. 
The problem is the incremental adding of policy over the years. We need to throw it all out and 
start over. 


DA IA Policy needs further clarification on roles and responsibilities. Typical, rapid technology 
change places us in the position of not always having desired information on hand for decisions. : 


Adequate & clear IA policy/guidance from above - NO - as an example, there is still no clear 
authoritative reporting policy from JCS on IA incidents. l 


There are various policies out there but the focus is still at the highest (DOD) levels. The 
personnel putting these policies into action, need more clarity to carry out this mission. 


Although large strides are being made in regard to IA/CND policies, policy is not keeping up 
with the speed of technology. A paradigm shift is necessary to ensure that security policy is 
addressed in a more timely manner. 


Policy is still being formulated from the national level on down. It seems to be mile wide and 
inch deep. Much improvement has been made in the last two years. 


Several IA policy documents are old/out of date (e.g. DODD 5200.28, Public Law 100-235, 
DOD 5200.28-STD (Orange Book), etc). 


IA policy which addresses Certification and Accreditation (DODI 5200.40, DoD Information 
Technology Security Certification and Accreditation Process (DITSCAP)) is difficult to 
understand and use. It expanded the process via required steps and paperwork, with vague 
guidance. Recommend Interim Authority to Operate be allowed at completion of Phase I vice 
Phase III. 


Question 6: IA policy between DoD and the separate services sometimes parallels or conflicts, 
particularly in locations where there are multiple policy makers. 


Little Authority over Subordinates/Organizations 


Have NO authority over service component organizations - they have their own reporting lines - 
the Title 10 issue all over again. 
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As a CINC who must respond for their respective Components, we have little say when the 
reporting structure and infrastructure is based upon a Service-centric model. That's why we face 
difficulties with the real C2 of the networks, as evidenced with disparities in INFOCON levels, 
as just one example. 


The IA organization at DSS has no real authority over subordinates/organization. IA's role is 
more an advisory/oversight function without true authority to control systems or system owners. 


Limited Financial Resources 


We are not funded adequately for that protection to be maximized to the extent necessary to 
protect our infrastructure. Our CO is very supportive but funding limits and sets our priorities. 


NCIS is currently not funded for this mission. We have made extraordinary strides in meeting 
this challenge, which are not being replicated within DoD, and are maximizing the limited 
resources we have. 


While there is guidance from above with respect to IA policy/guidance, limited resources 
constrain programs to a (illegible) that could be deemed unacceptable. There are several DoD 
mandates that DSS is not in compliance with. 


A strong commitment of "resources" and "will" is required by leadership at all levels to be the 
warfighter's IA agency of choice! 


Limited Human Resources 


Finding qualified people is difficult, more so on the GS side than on the contractor side. 
Accreditation is a big obstacle for us because we have so many systems and so few people. 


Suggestions for Change 


IA should be budgeted as a separate program to ensure you get the required resources (personnel, 
training and tools). 


I recommend having an area IA assigned to an IG area that provides full time support and 
overwatch to all IG offices within a pre-determined geographic location / area support. 
Responsibility for all IG offices within the assigned sector or geographic locations. 
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APPENDIX E. DIAP PROGRAM DEVELOPMENT AND 
INTEGRATION TEAM (PDIT) BRIEFING 


Defense-wide Information Assurance Program * 


(DIAP) Program Development and Integration 


David Wilcox 
DIAP 


703.604.0500 
Ju ly 2000 david.wilcox @ osd.pentagon.mil 
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* How much is the DoD spending on IA? | 


* How much does a pound of IA cost? | 


e What is the real IA requirement? 
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DIAP 


? What We Don't Know SN 


e |A costs embedded within acquisition 
programs/initiatives 

e IC Community 

e Services use post, camp, station/base 
operating support funds for IA 

e DOD law enforcement (computer 

crimes, computer forensic lab) 


Program | FY99 A  FYOO — FYO1 
ISSP 9660 1,115.9 1,299.5 
Non-ISSP 1136 1859 2605 


TOTAL 1,079.6 1,301.86 1,569.0 


E-3 
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What We Know ($M)* 


MILPAY RDT&E 
3% 1% 33% 


* Does not include Intel JA funding 


DISA DHRA 
1% 2% 


E-4 
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Defense information Operations 
Training 
Other M 


Industry IA Estimate =~ 


° 5% to 8% * of industry Information Technology spending should be 
Information Assurance. 


- This observation is for network centric IT and does not take into 
account systems such as the DoD's Strategic and Tactical 
Weapons/Space Systems (i.e. GPS, NC2, NMD) nor IA Research 
and Development 


* Applied to the DoD 
- $267B Total DoD | 
- $ 15.8B DoD IT - (Avg. FYO2-07) 
- 5-8% = $.8 - 1.3B 


* Source(s) Gartner Group, others 


E-5 
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1997 DSB IW-D 
Recommendation 6.1 


* Designate ASD(C3l) as the accountable focal point for all IW issues. 
* Establish DASD(IW) 
FY99 — FYOO  FYO1 


j July 2000 Update - ; 


OASD(C3I) information Operations Sirategy & Integration chartered as DoD 
focal point for 10 


OASD(C3I)(I&IA) and DIAP Office focal point for lA 
FY99  FYOO  FYO1 
41.5 +25 +26 
For intel-related IA 
FEv99. FYOO. FYO1 
unable to obtain associated resources 


1997DSBIWD — C. 
Recommendation 6.2 ^ 


* 6.2.1 SECDEF request DCI to establish a Center for Intelligence 
Indications & Warning, Current intelligence, and Threat Assessment at 
NSA with CIA and DIA support 


FY99 — FYOO — FYO1 
+60 +35 +30 


3 July 2000 Update : 


NSA's National Security Incident Response Center 
FY99 — FYOO . FYO! 
2 2 2 
intelligence Resources 
Fy99_ X FYOO  FYO 
unable to obtain associated resources 


1997 DSB IW-D GR: 
Recommendations 6.2.2 & 6. 2 


* 6.22 Establish a Center for IW-D Operations 
FY99 — FYOO — FYO1 
+60 +60 +60 
* 6.2.3 Establish a Center for IW-D Planning and Coordination 
Fv99  FYOO . FYO1 
+10 +10 +10 


| July 2000 Update 


JTF CND / DISA GNOSC/ DoD CERT; 
FY99  FYOO . FYOT1 i 
. 9.8 12.1 22.0 
USCINCSPACE assumed CND role for ep in Oct 1999 
Fv99  FYOO  FYO1 
- 3.9... 44.5 


1997 DSB IW-D 
Recommendation 6.2.4 


* 6.2.4 Establish a Joint Office for System, Network, and Infrastructure 
Design within DISA 


FY99  FYOO — FYO1 
455 +50 +50 


July 2000 Update 


OASD(C3I) Architecture & interoperability Directorate established i in 2000 
FY99  FYOO  FYO! 
- 4.80 | ~3.1 
DISA D6 Engineering & interoperability/Joint information Engineering 
Organization (JIEO) 
FY99  FYOO FY01 
unable to obtain associated resources 
NSA Information Assurance Technical Forum, 
Fvo9  FYOO - FYO1 
5 3 3 
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1997 DSB IW-D 


Recommendation 6.2.4 (Gawd: 
M 


* 6.2.4 Establish a Joint Office for System, Network, and Infrastructure 
Design within DISA 


EY99  FYOO FYO /«— 
+55 +50 +50 


: July 2000 Update - pii 


Joint 1A Architecture Working Group -- -JA Info Exchange Requirements 
FY99 — FYOO FYOT: 
-o «10 C10 z i 


DARPA Info Assurance and Survivability R&D Project 


~ Research efforts include fault tolerant and survivable network architecture 
development (see Recommendation 6.9 for DARPA resources) ` 


1997 DSB IW-D Cura: 


Recommendation 6.3 ML) 


* increase Awareness 


— Establish IW-D awareness campaign for public, industry, CINCs, Services, 
Agencies 


— Expand IW Net Assessment in 1994 Summer Study 

— Review Joint Doctrine for IW-D Emphasis 

— Large scale IW-D demos, understand cascading effects 
— Develop simulations to demonstrate IW-D effects 

— implement Policy to include IW-D realism in exercises 
FY99 — FYOO  FYOl 

+85 +135 +135 


July 2000 Update ` 


See next 3 slides for update 
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1997 DSB IW-D 
Recommendation 6.3 Gea: 


NO 


e increase Awareness 


— Establish IW-D awareness campaign for public, industry, CINCs, Services, 


Agencies 


IA awareness raised to highest levels throughout Bop 
DepSecDef strong IA proponent: 
-.OASD(CGI)(I&IA) and DIAP active advocates ofA 
: -Eligible Receiver 97 demonstrated IA impact on operations ” 

. Continuous series of attacks/probes on DoD networks. `- ` 
USSPACECOM assigned CND/CNA operational mission : 
Quality and degree of DoD IA Training/awareness significantly raised ^ i 
DoD and Services have "IA Awareness" days and conferences 
Awareness processes exist that once v with industry and academia 

FY99 FYOO . FYO1 
14 16 19 


1997 DSB IW-D 
Recommendation 6.3 Gar: 


e) 


* Increase Awareness 
— Expand IW Net Assessment in 1994 Summer Study 
~ Review Joint Doctrine for IW-D Emphasis 
— Large scale IW-D demos, understand cascading effects 


" July 2000 Update. 


Status and efforts to expand 1994 IW. Net Assessment are unknown 


OASD(C3I)(Info Ops Strategy & Integration) 
— Conducting IO Broad Area Review with DoD Cómooneiiti; déluding: A 
— Services and JS, in conjunction with lo review, are reviewing IO and A 
doctrine ; 


Joint Warrior Interoperability Demonstration (JWID) e. 
— Ongoing right now, some IA technologies to be demonstrated 
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1997 DSB IW-D 
Recommendation 6.3 


e Increase Awareness 
— Develop simulations to demonstrate IW-D effects 
— Implement Policy to include IW-D realism in exercises 


July 2000 Update 


Components have some modeling and simulation efforts to demonstrate IA 
effects and to collect data. Most of thasa efforts reside at NSA 


JS is staffing CJCSI 6510.01 to: 
~ include integration of CND (IA) into joint exercises and. wargames 
= instruct components to exercise CND in realistic scenarios 
- task J7 to ensure IA and CND operations are exercised and coordinated 


Components are implementing IA (to varying degrees) into exercises 
—-. INFOCON 99, Blue Flag 00-2, 00-3, UFL, Steel Puma, Power Sweep... 


1997 DSB IW-D 
Recommendation 6.4 


* Assess Infrastructure Dependencies and Vulnerabilities 


prior FY9S9FY99 FYOO — FYO! 
490 +0 +0 +0 


July 2000 Update’ 


DoD Critical Infrastructure Protection (CiP) 


CIP Office with staff of nine 
FY99 FY00 Evo: 
«1 <1 «1 


CIP Analysis and Assessments . 


Joint Program Office n ocepiones Countermeasure (Navy) 
FY99 EYOO . 
14 14 = 
Balanced Survivability Assessments (DTRA) 
Fy99 EYOO Evo 


ASD(C3I) Y2K/CIP 
FY99 FYOO 
20 - 


E10 


sr 
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1997 DSB IW-D 
Recommendation 6.5 


* Define Threat Conditions and Responses 


FY99 — FYOO . FYO1 
+0 +0 +0 


July 2000 Update 


INFOCONs. — — 

= VJCS signed memo March 10, 1999 on INFOCON procedures and 
policy `- 

- JS revising CJCSM 6510. 01 to include INFOCON, hopeful this Fall 


1997 DSB IW-D GRN: 


Recommendation 6.6 


* Assess IW-D Readiness 
— Establish standardized readiness assessment system 


— Incorporate IW preparedness assessments in Joint 
Reporting systems and Joint Doctrine 


= July 2 2000 Update 


cJcsi 6510.04 IA Readiness Metrics issued May 15,2000 :- 

.— Provides standardized IA metrics and supplemental policy IA guidance to 
support DoD components self-assessment of IA status for consideration 
in Joint Monthly Readiness Report (JMRHs) 

— Future guidance/policy on er into SORTS type Eus is under 
consideration i 
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1997 DSB IW-D 
Recommendation 6.7 


* “Raise the Bar" with high-payoff, low-cost items 
— Improve access control (get rid of fixed passwords) 
— Identification and authentication 
— Examine products, use approved products 
FY99  FYOO  FYO1 


L H0 +10 +10 
duly 2000 Update = 


DoD Public Key infrastructure pr Program (managed by NSA). 
FY99 EYOO |. FYOT: 
20 56' —:;/ 127 


Enabling of applications to utilize a public key infrastructure 
— PKE to be resourced from components’ programs 
~ PKE study estimates total resources to PK-Enable 690 aplication will be 
around $175M — 
National Information Assurance Partnership (NIAP) 


FY99 EX FYO1 
3 4 


1997 DSB IW-D Grn: 


Recommendation 6.8 — S) 


* Establish and maintain a minimum essential information infrastructure 
Define options with associated costs and schedules to determine MEII such that 
infrastructures can failsoft to support critical functions while under attack 
Define minimum essential conventional force structure and supporting information 
infrastructure needs 
Prioritize critical functions and infrastructure dependencies 
Design a Defense MEII and a failsafe restoration capability 
Direct Components to fence funds for Defense MEII and restoration capability 
FY99 FYOO EYO1 


+100 +100 +100 


July 2000 Update ' 


Separate & limited efforts ongoing to define MEI. 

e CIP office analyzes defense sectors and identify MElis, but not all. 

* OASD(CSI) is working to define supporting info infrastructure. 

* The National Security Telecommunications Advisory Committee (NSTAC) 
coordinates with industry to assess telecommunications interdependencies 
for Governmental critical mission operations and may address MEIis. 
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1997 DSB IW-D [e 


Recommendation 6.9 ML) 


* Focus the R&D on following areas: 
Robust survivable system architectures 
Techniques and tools to model large scale distributed network systems 


Tools for synthesizing & projecting performance of survivable distributed 
systems 


Testbeds and simulation-based mechanisms for evaluation of emerging 
technologies 


Research in US Computer science and engineering programs 


Educational programs for curriculum development at undergrad and 
graduate levels 


FY99 — FYOO . FYO1 
...:125 +160 +160 


- July 2000 Update 


“See next slide for update 


1997 DSB IW-D 
Recommendation 6.9 Gre, 
* Focus the R&D effort 


FY99  FYOO  FYO! 
. 3125 4160 +160 


July 2000 Update f 


NSA IA Research and Development 
.Fv99 -  FYOO - FYOi . 
—49 . 8]. 8&0 " 
DARPA Info Assurance and Survivability R&D Project 
FY99  "EYOO . 'FYO! 
78 99  . 115 
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1997 DSB IW-D 
Recommendation 6.10 


* Staff for Success 
— Establish career paths, training & certification of systems administrators 
— Establish a skill specialty for IW-D 
— Develop specific IW awareness courses with focus on DoD's professional 
schools 
FY99 moe or 


Jely 2000 Update 


1A mobile training teams © Re 
DoD irs training and certification of military, civilian, and contractor: 
AS Administrator/Security Manager/Security Offi icer. ; 
“AS Professional technician 
EY99.  FYOO — FYO1 
518^; .24 26 
IA &IT Training, Certification, and Personnel Management Report 
“c= With DEPSECDEF for review and signature 
:: Estimates $77.5M over FYDP to implement all recommendations 


What We Should Know ^— 


e DOD's total IA resources 


e What it buys us 
— Risk return on investment 


* What is the total requirement 
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APPENDIX F. ACRONYMS 


B 
DTRA 


Education and Training for Service 
Front End Assessments 
Fleet Information Warfare Command 
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"Hj 
a 


Q 
O 


e 
=< 


O Full Operational Capability 


A Government Accounting Office 


GCCS Global Command and Control System's 


GIG Global Information Grid 


GNOSC Global Network Operations and Security Center 


Information Assurance 


Dif 


Guidance & Policy Memo 


HR IPT Information Assurance/Information Technology 


Human Resources Integrated Process Team 


Intelligence Community 


< 


Information Dissemination Management 


IO/IA/CIP Information Operations, Information Assurance, and 
Critical Infrastructure Protection 


- 


Integrated Process Team 


ISSP 


Information Systems Security Program 
&W Indications and Warning 
Joint Mission Readiness Review 


JPO-STC Joint Program Office for Special Technology 


Countermeasures 


Joint Requirements Oversight Council 


J 


JTF-CND Joint Task Force-Computer Network Defense 


JTS Joint Training System 


MCB Marine Corps Base 


NETOPS Network Operations 


NOIWON National Operations and Intelligence Watch Officer 


Network 
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R&D Research & Development 


Under Secretary of Defense for Acquisition, 
Technology & Logistics 
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ANNEX D 


Defense Science Board Task Force 
on 
Defensive Information Operations 


Panel Report on Policy Implications 


REPORT OF FINDINGS, 
DISCUSSION/OBSERVATIONS 
AND RECOMMENDATIONS 
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EXECUTIVE SUMMARY 


“We can't solve problems by using the same kind of thinking we used when we created them.” 


Albert Einstein 


The American homeland is becoming increasingly vulnerable to non-traditional attack, 
including information warfare, the focus of this report. Rapid advances in technology have and 
will continue to create new vulnerabilities and challenges to U.S. security. Recent studies by 
both the Government Accounting Office (GAO) and the Computer Security Institute found that 
the number of cyber security threats to both the government and the private sector is on the rise. 
The damage caused by a successful attack, both to physical infrastructures and to the 
psychological health of U.S. institutions, could prove immense, and the Department of Defense 
is not exempt from this danger. 


In many circles within the U.S. defense and broader international security community, the 
term "information warfare" is increasingly being used to encompass a far greater set of 
information-age “warfare” concepts than was attributed to it in the past. These emerging new 
warfare concepts are directly tied to the prospect that the ongoing rapid evolution of cyberspace, 
the global information infrastructure, could bring both new opportunities and new vulnerabilities. 
At least one of these vulnerabilities, the prospect that the information revolution could put at risk 
high-value national assets outside the traditional battlespace boundaries, will affect U.S. national 
security strategy, and thus U.S. military strategy. The fact that assets that are critical to the 
conduct of military operations would also be put at risk compounds this problem. 


There is an emerging element of information warfare, one that appears to be common to 
almost all currently evolving uses of the term, which warrants identification and definition. 
Strategic information warfare, in essence, the intersection of evolving information warfare and 
post-cold war "strategic warfare" concepts, warrants special recognition and attention as a 
legitimate new facet of warfare, one with profound implications for both U.S. military strategy as 
well as overall U.S. national security strategy and policy. 


A fundamental aspect of strategic information warfare is that there is no front line. 
Strategic targets in the United States may be just as vulnerable to attack as in-theater command, 
control, communications, and intelligence targets. As a result, there exists a need for broadening 
strategic understanding beyond the single traditional regional theater of operations to four 
distinct separate theaters of operation: 1) the battlefield, 2) the allied or regional zone of the 
interior, 3) the intercontinental zone of communication and deployment, and 4) the U.S. zone of 
the interior. 


The post-cold war “over there" focus contained in the persistent emphasis on the regional 
component of U.S. military strategy has been rendered incomplete and is of declining relevance 
to the likely future international strategic environment. When responding to information warfare 
attacks of this character, military strategy can no longer afford to focus on conducting and 
supporting operations only in a region of concern. 
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What are the basic features of strategic information warfare as best we understand them 
today? The following represent a synthesis of observations about these basic features. There is, 
most definitely, a cascading effect inherent in these observations; each helps to create the 
enabling conditions for subsequent ones. 


1. Low ENTRY CosT 


Interconnected networks may be subject to attack and disruption not just by states but also by 
non-state actors, including dispersed groups and even individuals due to the low cost of entry. 
Potential adversaries could also possess a wide range of capabilities. Thus, the threat to U.S. 
interests could be multiplied substantially and will continue to change as ever more complex- 
systems are developed and requisite expertise is ever more widely diffused. 


Cyber attacks have moved beyond the realm of the mischievous teenager and are now being 
learned and used by terrorist organizations as the latest weapon in a nation's arsenal. In June 
1998 and February 1999, the Director of the Central Intelligence Agency testified before 
Congress that several terrorist organizations believed information warfare to be a low-cost 
opportunity to support their causes. Both Presidential Decision Directive 63 (PDD-63) issued in 
May 1998 and the President's National Plan for Information Systems Protection, version 1.0; 
issued in January 2000, call on the legislative branch to build the necessary framework to 
encourage information sharing to address cyber security threats to our nation's privately held 
critical infrastructure. ! 


Effective attribution and swift response to attacks would nullify the appeal of the low cost of 
entry by making the chances of “getting caught” much higher. Perceived increased risk by the 
attacker should be an added deterrent to preventing information warfare attacks. 


2. BLURRED TRADITIONAL BOUNDARIES 


Given the wide array of possible opponents, weapons, and strategies, it becomes increasingly 
difficult to distinguish between foreign and domestic sources of information warfare threats and 
actions. We may not know who is under attack by whom, or who is in charge of the attack. This 
greatly complicates the traditional role distinction between domestic law enforcement, on the one 
hand, and national security and intelligence entities on the other. 


Not only are borders becoming more porous, but they are increasingly irrelevant in 
cyberspace. According to a long-time CIA operative and FBI consultant, “Globalization and 
technology were lowering traditional boundaries between what constitutes an international or 
domestic threat, and terrorists, drug cartels, spies, and hackers were all leaping those boundaries 
with impunity.”” 


3. EXPANDED ROLE FOR PERCEPTION MANAGEMENT 


Opportunities for information warfare agents to manipulate information that is essential to 
public perceptions may increase. For example, political action groups and other non-government 
organizations can use the Internet to galvanize political support, as the Zapitistas in Chiapas, 


' — Statement of Representative Tom Davis on the Introduction of The Cyber Security Information Act of 2000, April 12, 2000. 


? John McGaffin, in Covert Counterattack, by James Kitfield, National Journal, September 16, 2000, pg. 2858. 
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Mexico, were able to do. Furthermore, the possibility arises that the very "facts" of an event can 
be manipulated via multimedia techniques and widely disseminated. Conversely, there may be 
decreased capability to build and maintain domestic support for controversial political actions. 
One clear implication is that future U.S. administrations may include a robust Internet 
component as part of any public information campaign. 


4. LACK OF STRATEGIC INTELLIGENCE 


For a variety of reasons, traditional intelligence-gathering and analysis methods will be of 
limited use in meeting the strategic information warfare challenge. Collection targets will be 
difficult to identify using existing national technical means; allocation of intelligence resources 
will be difficult because of the rapidly changing nature of the threat; and vulnerabilities as well 
as target sets will not be well understood. In sum, the United States may have great difficulty 
identifying potential adversaries, their intentions, and their capabilities. 


5. DIFFICULTY OF TACTICAL WARNING AND ATTACK ASSESSMENT 


Warning and attack characterization and assessment involving information warfare presents 
fundamentally new problems in a cyberspace environment. A basic problem exists: 
distinguishing between attacks and other events such as accidents, system failures, or hacking by 
thrill seekers. This challenge is exacerbated by the speed of events in cyberspace. The main 
consequence of this feature is that the United States may not know when an attack is underway, 
who is attacking, or how the attack is being conducted. 


6. DIFFICULTY IN BUILDING AND SUSTAINING COALITIONS 


Many allies and coalition partners will be vulnerable to information warfare attacks on their 
core information infrastructures. For example, the dependence on cellular phones in developing 
countries could well render telephone communications in those nations highly susceptible to 
disruption or deception. Other sectors in the early stages of exploiting the information revolution, 
such as the energy or financial sectors, may also present vulnerabilities that an adversary might 
attack to undermine coalition participation. Such attacks might also serve to sever weak links in 
the execution of coalition plans. 


Conversely, tentative coalition partners who urgently need military assistance may want 
assurances that a United States deployment plan to their region is not vulnerable to information 
warfare disruption. 


7. VULNERABILITY OF THE UNITED STATES HOMELAND 


As stated earlier, information warfare has no front line. Potential battlefields are anywhere 
networked systems allow access. Current trends suggest that the United States economy will rely 
on increasingly complex, interconnected network control systems for such necessities as oil and 
gas distribution management, electric grids, telephone service, air traffic control, and much, 
much more. The vulnerability of these systems is currently poorly understood. This lack of 
understanding and recognition inhibits a thorough assessment of the vulnerabilities that may 
exist in both the technology-driven control systems and in the fiscal marketing processes that can 
directly affect energy distribution. In addition, the means of deterrence and retaliation are 
uncertain and may rely on traditional military instruments in addition to information warfare 
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threats. In summary, the United States homeland may no longer provide a sanctuary from outside 
attack. 


The U.S. concept of national security must adapt to this changing world. The existing 
national security decision-making and execution apparatus is not well suited to ensure this type 
of security. Among other things, the apparatus that is needed must be able to: 

e Act quickly, avoiding the delays of inter-agency processes, yet represent appropriate 
concerns 


e Deal with threats functionally instead of geographically 


e Bring law enforcement, national defense, and intelligence functions to bear on a 
threat seamlessly without endangering civil liberties 


e Engage with the private sector 


Rebuilding the national security apparatus cannot be done in one step. The bipartisan 
Commission on National Security in the 21* Century has begun to address this problem. It must 
evolve and adapt as the world changes. The key will be to create a flexible, agile, adaptive 
apparatus that embraces experimentation and keeps what works. ] 


In the interim, this panel submits a series of recommendations, grouped into four areas, 
the implementation of which would go a long way to meet the emerging information warfare 
threat. The panel believes that actions taken in the near term would materially benefit the 
effective execution of Defensive Information Operations (DIO) within the Department. 


RECOMMENDATION 1 


Create an Executive Order (EO) on Common DIO Terminology 


Multiple definitions for the same DIO-related terms are in wide usage within DoD, DOJ, and 
the Intelligence Community (IC). The absence of common definitions produces differing 
interpretations of authorities and knee-jerk reactions in both the private sector and the legal 
community, e.g., monitoring, attack, armed attack, etc. This decreases the likelihood of 
coordination and increases the potential for confusion and turf battles. We believe the problem 
can be solved by using existing mechanisms without changing current laws, policies; and 
regulations. The recently signed Presidential Review Directive (PRD) will institute an 


Interagency Working Group (IWG) process that will help. 


The SecDef and the Director of the Critical Infrastructure Assurance Office (CIAO) 
should jointly sponsor an effort to produce an authoritative document (perhaps an EO) 
containing the maximum number of DIO-related terms, which would be useful to Information 
Assurance (IA) in a national, DoD, civil agency, and civil context. 
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RECOMMENDATION 2 


Establish a National DIO Coordinator 


The nation has no means of providing either tactical Indications and Warning (I&W) of a 
widespread cyber attack on critical infrastructures or a coordinated response to it. No one is 
assigned the clear responsibility for rationalizing law enforcement and national defense equities 
when a cyber attack is detected. There is currently a bias in favor of law enforcement procedures, 
even if their use impedes response and recovery. There is no governing authority with the 
responsibility to make response-and-recovery decisions effective across stovepipes. Moreover, 
coordination often depends on the personalities of those involved. 


The SecDef should propose creation of a national DIO coordinator. Initial 
responsibilities and authorities would be limited to policy and planning, but would increase as 
the job matures and Congress engages, to potentially include: oversight, direction and control, 
responsibility for information resource policy and strategic planning and adjudication among 
agencies. 


RECOMMENDATION 3 


Identify Critical Infrastructure Dependencies 


Critical infrastructures are those systems that are essential to the minimum operations of 
the economy and government. The critical infrastructures of the United States are predominantly 
owned by the private sector, and the DoD is extremely dependent upon them. Industry has 
indicated a willingness to share information with the DoD, but will not necessarily be motivated 
by the same factors that motivate government. Industry fears regulation and unfunded mandates 
and will not go beyond what makes financial sense. 


DoD must make a concerted effort to identify what is critical in terms of its private 
sector infrastructure dependencies. The DoD effort to produce sector Critical Infrastructure 
Protection (CIP) plans was a step in the right direction; however, lack of funding is hindering 

| this action. DoD must energize its local outreach by local DoD installation commanders to 
build the relationships necessary and to identify dependencies on local commercial and 


mun nuQ 
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RECOMMENDATION 4 


Gain Consensus on DIO Security Standards 


There are few information security technical standards to which DoD program managers 
can turn. Moreover, Global Information Grid (GIG) Information Assurance Technical 
Architecture Framework (IATF) Standards and Protocols for providing security are inconsistent 
with the Joint Technical Architecture (JT A). 


A clarification memorandum should be issued making it clear the JTA will be adhered.. 
lo for all GIG implementations, especially in the IA domain. The JTA is the better reference 
on IA standards and protocols, and it should be referenced as such in all GIG IA policy 
documents. 


CONCLUSIONS 


Following the end of the Cold War, and the subsequent changes in the geopolitical climate, 
the United States now faces a different kind of threat. This threat is characterized by the ability 
of numerous potential adversaries to engage in an information attack upon the United States, 
enabled by the lower entry costs associated with such an attack. Further, an attack could be at a 
lower threshold as a concerted effort to undermine or gradually erode our strategic or tactical 
position, our economic strength and fiscal processes, societal confidence in our government's 
ability to respond to crisis, or other less traditional targets. America's ability to attribute and 
respond is woefully insufficient to pose a significant deterrent to would be-attackers. And on the 
other end of the spectrum, early tactical indications and warning capabilities are virtually non- 
existent in cyberspace. These factors converge to create a newly and differently vulnerable 
United States homeland. 


It is our contention that immediate actions can work to decrease the threat and potential 
damage to United States national security, including infrastructures, institutions, and individuals. 
The United States national security apparatus must continue to evolve over time to deal with 
these emerging trans-national threats, including trans-boundary threats where the differences 
between law enforcement and national defense, between foreign and domestic, between national 
and transnational, and between government and civilian are increasingly irrelevant. In the 
interim, there are a few discrete policy related actions we as a nation and military institution 
should take: 

e We all need to be able to speak the same language and should take action toward a 

common DIO-related lexicon. 


e Someone needs to be in charge to ensure government-wide coordination. 
e We need to identify our dependencies on and protect our critical infrastructures. | 


e DOD systems developers need a single source for DIO security standards. 
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I. TOWARD A COMMON TERMINOLOGY 


New technologies and new concepts inevitably require new terminology. Unfortunately, 
terminology and definitions related to DIO vary widely throughout government and the private 
sector. DoD has expended considerable effort to standardize Information Operations (IO) related 
definitions, but differences and controversy remain. The Intelligence Community (IC) and DoD, 
in spite of a great incentive to share definitions, have managed to formally agree on only about a 
dozen. Industry and the private sector use a wide variety of definitions depending on 
convenience and circumstance, and these often differ from those within the IC and DoD. 


How one defines a concept or an action has a direct bearing on which laws may be applicable 
to a situation and which authorities may hold sway. It may also affect how actions are funded. 
Consequently, definitional issues often masquerade as surrogates for deeper struggles over turf 
and resources. 


The situation is made more complicated by the fact that some terms arrive on the scene laden 
with semiotic baggage. For example, “monitoring,” means one thing to the National Security 
Administration (NSA) in a foreign intelligence context, another to the FBI in its law enforcement 
role, and something quite different to the ACLU when discussing the Fourth Amendment. 
Likewise; the term “attack” may mean to destroy, to penetrate for purposes of monitoring, to 
trace back for purposes of defense, or to temporarily disable, depending on who is conducting 
the “attack” and the intent of his or her actions. 


Fortunately, the law does not need to be changed to create a common lexicon and direct its 
use throughout government. Most, if not all, of the problems associated with definitions can be 
solved using existing processes and organizations. However, a necessary precondition of such a 
lexicon would be an improved consensus on authorities, roles, and responsibilities to perform 
DIO. The process of building a common lexicon would force many such issues into the open for 
discussion and resolution. Additionally, if such a lexicon were developed with utility to the civil 
sector in mind, it might have the added benefit of helping industry consolidate its efforts to 
defend critical infrastructures. 


A Presidential Review Directive (PRD) has recently been signed, which calls for an 
Interagency Working Group (IWG) to reach consensus on several matters important to IO in 
general and DIO in particular. Doing so will do much to clarify roles and responsibilities. The 
subject of definitions is among the matters to be discussed, but the PRD stops short of calling for 
a comprehensive common lexicon to be used throughout government. 


FINDINGS 
e Multiple definitions exist for common DIO-related terms. This is so within both DoD 
and the IC. The law enforcement community, the private sector, and the rest of 
government use either their own terms for DIO-related concepts or create new ones as 
the need arises. 


e Within DoD and the IC, the use of multiple definitions for the same concept has the 
potential to cause operational confusion. Outside of DoD and the IC, the use of 
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multiple terms can exacerbate problems associated with overlapping authorities and 
complicate efforts to coordinate a response to an attack. 


e The absence of common definitions produces differing interpretations of 
authorities and differing ideas about the purpose of an action. This can be 
particularly troublesome when particular words (e.g., monitoring) have widely 
accepted meanings in the private sector and legal communities, which are based 
on case law or popular misconceptions. 


e A common lexicon would not only facilitate mutual efforts to defend infrastructures, 
but it would help clarify authorities, roles, and responsibilities as well. 


e Creating a common lexicon of useful DIO terms would not require changes to law, 
policy or regulation. Existing mechanisms and organizations are sufficient to mandate 
and develop such a lexicon. 


e The challenge will be to reach out beyond DoD and the IC to include the private 
sector, the law enforcement community, and the rest of government in the process. 
For this reason, the effort requires sponsorship at the National Security Council 
(NSC), National Economic Council (NEC), or Executive Office of the President 
(EOP) level. 


RECOMMENDATIONS 


e SecDef and the Director of the CIAO should jointly sponsor an effort to produce an 
authoritative document (perhaps an Executive Order) containing DIO-related terms, 
which would be useful in both the national security and civil sectors of government. 
This effort should draw upon the work of the IWG established by the PRD on IO. 


e To assist this effort, the following Office of the Secretary of Defense (OSD) actions 
should be undertaken: 


- DOD & IC General Counsels (GCs) should work with the DOJ to develop a 
common concept for and set of terms to be used when conducting "investigations" 
in cyberspace. 


- The Bilateral IO Steering Group (BIOSG) should create a joint DOD/IC working 
group to produce the largest possible set of common IO-related definitions. The 
term DIO should be included. 


- USD(P) should initiate a dialogue with the State Department and the Office of 
Management and Budget (OMB) regarding common DIO definitions. The goal of 
these talks would be to encourage the use of common DIO-related terms 
throughout top levels of government, the international community, and the DoD. 
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Il. REQUIREMENT FOR GOVERNMENT-WIDE 
COORDINATION 


Prior to the Information Age, protecting the nation from external attack was clearly the 
province of the DoD, supported by the IC. Law enforcement assisted with counter-intelligence 
efforts and other domestic responsibilities. The situation is more complex today. An attacker in 
cyberspace may do harm to our critical infrastructures without our knowing his identity or 
location. The infrastructures he is attacking may be private property and not clearly under the 
purview of the national security apparatus. Similarly, uncertainty about the origin, severity, and 
target of an attack may lead to confusion over whose authorities are preeminent in responding to 
it. Obviously, coordination becomes critical in such circumstances. 


Warning is another issue that will be seen through different lenses in the Information Age. 
Traditional intelligence collection and analysis methods might provide some measure of 
strategic warning of an IO attack, but the nation has no means of providing tactical Indications 
and Warning (I&W) in cyberspace. In fact, there is no reliable means of even detecting a 
widespread, subtle, *slow and low" attack, let alone warning of it. Some would argue that such 
an attack is already ongoing. Even if an attack were detected, there is no consistent, widely 
understood process for reacting to it or recovering from its effects. Furthermore, there are no 
formal mechanisms for balancing equities between law enforcement and national security when 
reacting to it. 


Any cyber I&W effort will require visibility into a large number of domestic networks, if not 
for content, at least to characterize the health of their operations. Obviously, the IC is limited in 
its ability to perform such a function. Likewise, law enforcement is proscribed from monitoring 
actions in the absence of compelling legal grounds. Nevertheless, there is much that can be done 
within existing law, policy, and regulation. (For a more complete discussion of this subject, see 
the legal section of the report.) 


A few systems in government and industry (e.g. monitored command networks and 
Telecommunications Service Providers) have limited capabilities to detect an attack within their 
own “stovepipes,” but reaction options are limited and local. Coordination and "spreading the 
word" generally falls to Computer Emergency Response Teams (CERTs) and individual 
initiative. In no case is there a robust means of characterizing diverse attacks occurring in 
separate segments of government and industry or of rationalizing large-scale reaction and 
recovery. The National Information Protection Center (NIPC) was originally created to help 
coordinate information on such attacks, but has devolved primarily into a cyber-crime 
investigation body. In fact, the predominant FBI (law enforcement) culture of the NIPC has 
made information sharing difficult in a practical sense, within government or with industry. As 
always, well-meaning individuals with initiative have built informal coordination mechanisms, 
but these are personality dependent. 

Since the NIPC, by default, considers a cyber intrusion to be a crime, rules of evidence and 


strict investigative procedures are applied and information sharing is restricted. This practice, 
which appears to have little justification in law, biases reactions in favor of law enforcement and 
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stands in the way of effective information sharing and the coordination that would be necessary 
to mount an effective national defense. Finally, no one is assigned the responsibility or the 
authority (other than through Cabinet level cooperation) to make the decision that an ongoing 
attack has progressed from a law enforcement case to a national security matter. 


A similar vacuum is seen when one looks for someone in authority to coordinate a recovery 
from a nationwide or large-scale cyber attack. Obviously, some activities would be covered 
under standing contingency plans for disaster recovery or continuity of government. Likewise, 
many segments of industry, (e.g., banking and the stock markets) have elaborate backup and 
recovery plans. On the other hand, if an attacker were to mount a carefully coordinated assault on 
several segments of our infrastructure simultaneously, it would be difficult to recover without 
massive dislocation. For example, if phone service and the power grid were lost at the same time 
gas lines were disrupted during winter, the combined effect could be catastrophic. Even worse 
would be a scenario combining such cyber attacks with traditional bomb blasts or the release of.a. - 
biological agent. It does not take much imagination to see that coordinating a recovery would 
require difficult tradeoff decisions about whose infrastructure should be recovered first. 
Questions of liability aside, these hard choices must be made by someone with visibility across 
infrastructure stovepipes and the authority to compel actions that will affect lives and finances. 


As matters stand today, a declaration of martial law might be required to answer the demands 
of the desperate situation described above. However, a more palatable, more effective, and less 
costly recovery could be made using the offices of a standing official charged with the 
responsibility for national critical infrastructure protection. It is true that there is a coordinator 
for counterterrorism, security and critical infrastructure protection, but realistically his authorities 
are constrained to his powers of persuasion. Likewise, CINC, Joint Forces Command is charged 
with homeland national defense, but confusion may arise from the fact that CINCSPACE is 
responsible for Computer Network Defense. Realistically, neither CINC can do much to prepare 
for homeland cyber defense without asking hard questions about posse commitatus, the legal 
aspects of dealing with private industry, and public perceptions of the military taking on such a 
role in peacetime. 


Finally, there is the question of international allies and corporations with close ties to U.S. 
firms. Geographic boundaries mean little in cyberspace. Effective reaction to and recovery from 
a serious cyber attack almost certainly will require coordination with allies and foreign partners. 
Consequently, the State Department must engage on these issues in the immediate future. In fact, 
State is already involved in several DIO-related matters, such as a Russian proposal to limit work 
on Information Warfare. As matters progress, State will have to join more fully with the DoD, 
the IC, and law enforcement communities in coordinating responses to cyber issues. 


In sum, the nation needs a well-staffed, designated official with direct access to the principals 
of the National Security Council (NSC) who is charged to plan for and respond to the type of 
crisis described above. Perhaps the growing discussion about creating a Federal CIO within the 
Executive Office of the President will answer these concerns, provided that the position is given 
the required authorities and that national security matters are coordinated through the NSC. Such 
an official will require explicit authorities that can only be granted in law by Congress. 
Consequently, anyone appointed to fulfill these duties will require Congressional confirmation. 
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FINDINGS 


e We have no means of providing tactical I&W of a widespread, well-coordinated 
cyber attack, other than reporting within a few stovepipes (e.g., local telcos and DoD 
networks). 


e There is no clear responsibility for rationalizing law enforcement and national 
defense equities when certain types of cyber attack are detected. 


e There is currently a bias toward using law enforcement authorities and procedures 
when a cyber incident is detected. Although this will be satisfactory in the vast 
majority of cases, no formal means exists to review cases to determine if national 
security procedures might be more appropriate. 


e Noone has the responsibility or authority to make response and recovery decisions 
and take actions across stovepipes. Coordination depends on personalities. 


« The State Department is potentially very important to DIO, but is not sufficiently 
engaged. 


e A great portion of government does not understand DIO issues or appreciate the 
potential impact of information technology vulnerabilities on their operations. 


RECOMMENDATIONS 


e The SecDef should propose the creation of a national DIO coordinator. Prior to 
congressional action, the Coordinator's authorities will be limited. In the interim, he 
could serve as the nexus of DIO policy development. Eventually, this individual 
should sponsor the development of national-level, coordinated DoD/IC/law 
enforcement mechanisms to provide I&W of a cyber attack, respond to it, and recover 
from its effects. 


e To support this effort the SecDef and DCI should: 


- Create a joint DoD/IC panel to work with the DOJ, NSC, and OMB staffs to draft 
a DIO Executive Order (EO). The EO should clearly establish the preeminence of 
the national security response over the law enforcement response in cases having 
a national security impact. 


- Create a panel to examine EO12333 and other law, policy, and regulations in light 
of emerging DIO realities. 


- Create a standing GC's working group to monitor legal precedents for decisions 
useful and inimical to DIO efforts and to explore the latitude available for DIO 
under existing law. 


- Task the Bilateral IO Steering Group (BIOSG) to propose mechanisms for the 
military services and the IC to deconflict DIO (especially related to Computer 
Network Operations). 
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IIl. CRITICAL INFRASTRUCTURE PROTECTION 


The Defense Department is increasingly reliant on a broad range of vital infrastructure 
services provided by the private sector, municipal utilities, and other non-DoD sources. While 
DoD's communications, energy, transportation, logistics, and supporting requirements grew 
significantly over recent decades, DoD has become far more dependent on non-DoD-owned and 
-operated systems and networks. The underlying private sector infrastructures have undergone an 
explosion in technical capability, complexity, and integration, adopting new technologies and 
processes, particularly evident in communications and energy infrastructures. This revolution in 
technology and system interoperability has empowered infrastructure owners and operators to 
better serve their customers while expanding capabilities and building corporate strength. 
Technological interoperability, a feature inherent in these infrastructures, was market economy 
driven, and thus the infrastructures are exceedingly interdependent. As the infrastructures 
advanced in capability, capacity, and complexity, DoD took advantage of their availability. 


Private sector dependencies have direct implications for the availability and reliability of 
DoD’s Global Information Grid (GIG) — leased private sector systems incorporating our nation's 
fiber optic network, twisted wire, and wireless systems provide the GIG's backbone outside 
DoD's information infrastructure gateways. The dependencies go much further than this vital 
information backbone; the breadth of defense operations requires much more energy, logistics, 
and other vital services than ever before. For DoD to fully understand its private sector 
dependencies, it must analyze and assess those dependencies, a process that cannot be done 
without dialogue and partnering with the private sector or municipal owners and operators of 
those infrastructures. 


DoD's expanded use of private sector infrastructures should logically require a more detailed 
assessment of potential risks inherent in the interdependent, underlying infrastructure. The 
private sector built and operated these infrastructures while using a very different risk model than 
those used within DoD. Private sector risk analyses are based on economically driven models, 
focusing on profitability and customer service, with modernization reliant on anticipated returns 
on investment. Threats and risks are plausible in peacetime scenarios, where the threats may be 
backhoes and risks considered are seen as natural disasters or competitive business practices. 
DOD risk models focus on more sinister threats — where a bad actor or nation state could 
purposefully deny infrastructure to degrade our global projection of force or otherwise 
undermine the national security of the United States. 


The Presidential Decision Directive on Critical Infrastructure Protection (PDD-63, 1998) 
focused national efforts to implement critical infrastructure solutions, including expanded 
partnership between government and the private sector. Many national initiatives began, 
including establishment of the National Infrastructure Protection Center at FBI and the initiation 
of Infrastructure Sector Analysis Centers (ISACs), attempting to expand partnership between 
government and the private sector within individual infrastructure sectors. Arguably, though 
much has been done to advance national CIP efforts, the broad ranging initiatives have not 
seemed to gel into the desired partnerships, including interagency coordination and partnerships 
between government and the private sector. Similarly, many agencies and departments have not 
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funded CIP efforts consistently across government. DoD began recognizing its need to consider 
critical infrastructure issues and proceeded somewhat independently and separately from other 
government agencies to focus on vital aspects central to DoD. 


In 1997, DoD accelerated its exploration of dependencies on non-DoD infrastructures, 
standing up individual infrastructure sector teams and coordinating them through organizational 
processes such as the Critical Infrastructure Protection Integration Staff (CIPIS). Administrative 
and organizational efforts within OSD and the services were supplemented by operational 
initiatives, such as Joint Service Integrated Vulnerability Assessment (JSIVA) efforts, 
accelerated Red Teaming, DoD readiness exercises such as Eligible Receiver, and expanded 
infrastructure initiatives at the Joint Program Office for Special Technology Countermeasures- ` 
(JPO-STC) and the Defense Threat Reduction Agency (DTRA). Most infrastructure vulnerabili 
assessments focused on our key defense sites and facilities. E 


The risk environment, especially as it pertains to the critical infrastructures on which DoD 
relies, has changed. Threats to our homeland are becoming far more real, leading to important 
explorations of new risks: information warfare, biological and chemical warfare, and 
unconventional nuclear risks. While the risk environment has evolved, the infrastructures on 
which we rely, both domestically and in forward-deployed areas, have become more 
technologically advanced, concentrated in increasingly critical nodes, with complex distribution 
that DoD may not fully understand. Further, these infrastructures are less within the 
government's and DoD's control. Market pressures drive technological advancement within 
these networks, with fiscal realities no longer shaped by government needs. 


The potential for a smart adversary to undermine the reliability or availability of our critical 
infrastructures is increasingly real. In the context of DoD's evolving Global Information Grid 
backbone, protecting information architectures and their content does not necessarily protect the 
underlying cyber and physical infrastructures. Similarly, protecting DoD's GIG within the 
gateways that connect it to private-sector-owned and -operated information infrastructures does 
not guarantee GIG availability should the leased connectivity outside those gateways be denied. 


DoD should accelerate its efforts to identify its private sector dependencies and 
vulnerabilities, for DoD's information backbone as well as for other infrastructure dependencies 
that support energy requirements, logistics and transportation, water, and other critical 
infrastructure reliances. Without broad-based consideration of the full scope of critical 
infrastructure dependencies, mission constraints are unknown but potentially significant. 


Relationship building and the resultant trust takes time. It is likely that both the government 
and private sector leaders at a localized level have multiple overlapping requirements and 
interests that contribute to both national security and the corporate prosperity of the 
infrastructure provider. For the purposes of critical infrastructure protection, it is important that 
these relationships advance toward the mutual benefits of government interests, including those 
of national security, and those of the critical infrastructure providers. Accordingly, it is important 
that efforts taking place at the local DoD installation level to define local dependencies on 
private infrastructures be explored and assessed in depth. More work needs to be done to identify 
vulnerabilities outside the lifelines of DoD, yet within the infrastructures on which DoD is very 
reliant. 


Partnership between government and the private sector remains a vitally important yet 
elusive goal. Efforts to expand partnership with the private sector are hampered in many ways. 


14 


Page 1127 of 3957 


Page 128 of 3957 


The private sector sees a lot of the government wrangling and interagency squabbles (some of 
these indicate the shortfalls in PDD-63 implementation), confusing the infrastructure owners and 
operators and making it easier to question the government's seriousness in partnering. Further, 
especially in the context of information sharing among government and the private sector, the 
owners and operators need relief from Freedom of Information Act (FOIA) to protect their 
proprietary data and interests and their competitive position. 


Industry has indicated a willingness to help, but will not necessarily be motivated by the 
same things that motivate government. Industry fears regulation and unfunded mandates and will 
not go beyond what makes financial sense in the market economy. The private sector level of 
trust in government is low. In particular, the public is least trusting of three specific government 
sectors. They are law enforcement in particular, and to a lesser degree, the intelligence 
community and DoD. Government must be willing to openly respond to industry concerns if it 
hopes to overcome the hurdles in achieving partnership. While the government and the public 
perceive that industry has the answers, true partnering with industry remains the prime challenge. 
Best practices within the private sector and within government should be shared, not only as an 
element of trust and partnering, but to enhance the security and economic implications of 
infrastructure operability and assurance issues. Partnership challenges will become even more 
difficult in the future, as companies grow even more global. 


FINDINGS 
e There is a lack of understanding that it is not enough to simply protect one's own 
information systems. The DoD depends enormously on the commercially owned and 
operated telecommunications, transportation, electric power, and gas and oil 
industries, and on the financial sector. 


e The level of trust in government is low. The outreach efforts by the government in the 
aftermath of PD-63 have not produced an outpouring of trust of government in the 
private sector. 

e Industry has indicated a willingness to help, but will not be motivated by the same 


things that motivate the government. Industry fears regulation and unfunded 
mandates and will not go beyond what makes financial sense in the market economy. 


è DoD is extremely reliant on private sector systems, networks, and infrastructures. 
Increased analysis is needed to pinpoint and assure vital reliances on the private 


sector. 


e DoD must partner with the private sector to better protect networks and enhance 
national security. 


RECOMMENDATIONS 


è DoD should accelerate actions to identify critical infrastructure dependencies on the 
private sector — the DoD effort to produce sector CIP plans is a step in the right 
direction, but we would note that it is not moving along very quickly, primarily due to 
lack of funding. 


e DoD must expand its interactions with the private sector and municipal providers of 
critical infrastructure services. This is best achieved on a localized level, between 
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base commanders (or other DoD leadership) and the infrastructure owners and 
operators. Direct DoD installation commanders (with support of JPO-STC) to identify 
critical infrastructure vulnerabilities, assess mission impact, and take corrective action 
with private sector service providers. 


* DoD should work with Sector Lead Agencies to ensure that its requirements are 
incorporated into the information-sharing processes with the owners and operators of 
critical infrastructure. 


e Advocate FOIA and other related legal relief to remove impediments to private sector 
information sharing. . l 


e Fund and resource JPO-STC appropriately to support critical infrastructure 
assessments. As a minimum starting point, increase funding for such focused efforts 
to at least $25M per year. 


e DoD should modify or develop a process to assess the fiscal impact of infrastructure 
impact. 


16 


Page 1129 of 3957 


Page 1130 of 3957 


VI. SECURITY STANDARDS 


During the course of this DSB Task Force, it became increasingly clear that, as with the 
definitional issues addressed earlier, understandings regarding use of information technology 
standards for desktop, system, and network security mean different things to different people--so 
much so that in the same organization responsible for promulgating the JTA, a new document, 
the Information Assurance Technical Architecture Framework (IATF), was developed for the 
purpose of setting forth guidance with respect to IA standards for the Global Information Grid 
(GIG). 


The IATF document is a tutorial and collection of useful generic information on Information 
Assurance (IA). It should be noted, however, that the section of the IATF associated with 
standards and protocols for providing security to system applications is incorrect and inconsistent 
with the JTA. 


The IATF, unlike the JTA, is not a standards setting or selection activity. Rather, the IATF 
Forum has been organized to encourage participation by vendors of largely commercial off-the- 
shelf (COTS) IA products and services. The major focus of the IATF is the development of 
protection profiles (under the Common Criteria [CC]) that will be used to evaluate products, e.g., 
under the National Information Assurance Partnership (NIAP) program operated by the National 
Intelligence Support Team (NIST) and the National Security Administration (NSA). There is no 
unified architectural underpinning for the IATF. This is to be expected, i.e., security evaluation 
criteria such as the CC (and product profiles based on the CC) tend to be architecture 
independent. As a result, the collection of standards cited by the IATF in their briefing to our 
panel lacks architectural continuity and it is not an appropriate alternative to the work of the 
JTA. 


Many of the standards that are lumped together are experimental or dead. For example, S- 
HTTP is not implemented in any commercial browsers or servers; it lost the protocol battle to 
SSL/TLS. SPKI is not a standard, but rather is the experimental output of a failed Internet 
Engineering Task Force (IETF) working group, not supported in commercial products. The 
PKIX WG of the IETF produces standards based on X.509, which are implemented in a wide 
variety of products. Moreover, the other IETF security protocol working groups make use of the 
PKIX standards, not SPKI. 

The IATF referenced a wide range of security labeling standards that are a mix of redundant 
and/or superceded documents. The IATF thus suffers from the same problems associated with 

| the TAFIM; it is a collection of history and general information--not a document that can be used 
to implement interoperable, secured information systems for DoD. Figure 1 shows the numerous 
protocols issued as guidance in the IATF, most of which are inconsistent with the JTA. 
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Global Information Grid Standards & Protocols for 
Providing Security = Inconsistent with JTA 
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* Public Key Infrastructure 
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Secure FTP (S-FTP) (DNSSEC) 
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Epiri pie purpose Internet Mall Extensions Processing Standard (FIPS) 188 Standard 

( ) Security Label 
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Data Link Layer Military Standard (MIL STD) 2045-48501 
Point-to-Point Protocol (PPP) (Common Security Label) 
Serial Line Internet Protocol (SLIP) SDN.801 Reference Security Label 

ISO MHS.411 Security Label 


Figure 1. Ms 


DoD policy requires that the Joint Technical Architecture (JTA) be used as the “building 
code” for the DoD information infrastructure. On the other hand, the recent document from the 
Deputy Secretary of Defense, “Department of Defense Chief Information Officer Guidance and 
Policy Memorandum no. 68510,” Department of Defense Global Information Grid Information 
Assurance (ASD/C3I), suggests that the IATF and published Common Criteria Protection 
Profiles be consulted “for guidance, and IA solutions to be considered to counter attacks.” A 
major concern is the apparent confusion these two policy statements could cause within the IA 
community. 


There is an urgent need to provide JTA education to all personnel working with the GIG 
architecture. Though the IATF effort may be viewed as being helpful in several ways, such as 
documenting what is available in the commercial sector and what has not survived the “test of 
time,” the JTA should be positioned as the compelling document for guiding the use of standards | 
within the GIG. Commercial standards should be used for security in the GIG wherever 
practical; however, there will be DoD-unique requirements for certain security implementations 
not available from the commercial sector. For this reason, we support the R&D/technology 


18 


Page 1B1lof 3957 


Page 1132 of 3957 


initiatives documented in the Technology chapter of the DIO Task Force report as well as the 
recommendations put forth by the Architecture Panel of the DIO Task Force. 


FINDINGS 


e The IATF suffers from the same problems associated with the TAFIM; it is a 
collection of history and general information—the IATF is not a document that can 
be used to implement interoperable, secured information systems for DoD. 


e The IATF standards are incorrect and inconsistent with the JTA and private sector 
practice. 


RECOMMENDATIONS 


e A clarification memorandum should be issued making it clear that the JTA will be 
adhered to for all GIG implementations, especially in the IA domain. 


e The JTA is the better reference on IA standards and protocols, and it should be 
referenced as such in all GIG IA policy documents. 
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EXECUTIVE SUMMARY 


“Yesterday, December 7, 1941 — a date which will live in infamy — U.S. forces in 
Pearl Harbor suffered numerous criminal trespasses. I have mobilized a team of 
prosecutors and FBI agents to investigate and take action.” 


In 1941, FDR never even considered giving that speech. Today, he might have to. 


If critical U.S. information networks were attacked tomorrow in an “electronic Pearl 
Harbor,” FBI agents and Justice Department prosecutors would in fact be on the front lines. 
Unfortunately, this report concludes, law enforcement and national security agencies have not 
learned to work together well to defend against attacks on U.S. information networks. Legal and 
cultural roadblocks have made it difficult for the Defense Department to rely on the FBI and 
Justice for full information about potentially dangerous attacks. This report proposes an agenda 
for new leadership and new compromises to break through these roadblocks. 


THE OVERLAPPING OF NATIONAL SECURITY AND LAW ENFORCEMENT MISSIONS 


Why have Justice Department entities like the FBI assumed such a large role in defending 
against network attacks? In a word, because attacks on American networks are typically the 
work of hackers, not foreign states. They are crimes, nothing more. 


But that will change, and soon. Hackers’ tools will become weapons in the hands of hostile 
nations, because U.S. information systems are a tempting target, especially for countries that 
cannot confront our armed forces directly. Network attacks are anonymous — or at least 
deniable. They are asymmetric. They allow hostile nations to pick a battlefield that minimizes 
American strengths in conventional and nuclear forces — indeed, one that turns strength into 
weakness by exploiting the United States' unique dependence on computer networks. The next 
Saddam Hussein — or the current one, for that matter — could win a symbolic victory just by tying 
up Manhattan traffic for a day. But some believe network attacks will soon be able to cause 
deaths and chaos across the country — especially if offensive capabilities continue to outpace our 
defenses. 


In short, network attacks have a national security as well as a law enforcement dimension. 
DoD must be involved, both because it has a responsibility to defend the country and because it 
depends so heavily on a civilian infrastructure that is particularly vulnerable to network attacks. 
But DoD cannot act alone; it may not be possible to tell at the start of an attack whether the 
matter can be treated as a crime or an act of war or something in between. This means that the 
defense, intelligence, and law enforcement communities must be prepared to work together in a 
smooth and coordinated way. 


Based on what the task force has seen, that day is a long way off. While they have been 
quick to take the lead in protecting information networks, the Justice Department and the FBI 
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have been slower to recognize the need for cooperation with the Defense Department and other 
national security agencies. 


WHY INFORMATION SHARING Is SO IMPORTANT 


This tendency toward limited information sharing has harmed the country's preparations for 
attacks on U.S. critical information infrastructure. The first order of business in preparing to 
defend against network attacks is to gather information about the attacks now being mounted 
against U.S. information systems. The more we know about today's attacks, the better prepared 
we will be to deal with tomorrow's. Information warfare cannot be launched blindly. Like any À 
weapon, it must be tested. Indeed, to be most effective, information warfare should be planned 
and preliminary intrusions should be launched years before an overt attack — defenses must be 
probed, vulnerable systems reconnoitered, logic bombs planted. To judge the extent of the 
danger, we should be watching intently for just such activities — sifting those patterns from the: 
noise of "script kiddy" hackers. We should be alert for the subtle signals that governments and 
terrorists are in fact beginning to turn the theory of information warfare into practice. 


Thus, gathering information about the kinds of attacks now being launched is the crucial first 
step of any defensive effort. Unfortunately, this task has become the subject not of effective 
initiative but of continuing political and bureaucratic conflict. Although it has responsibility for 
national defense, the Defense Department must rely on law enforcement agencies such as the 
FBI and the Justice Department to gather information about network attacks and then decide 

- what DoD needs to know. Thus far, however, the FBI and the Justice Department have been far 
too focused on their own missions to provide the kind of information sharing that DoD needs. 


WHY INFORMATION-SHARING IS So HARD 


The FBI is the principal "intake point" for information about network attacks, in large part 
because it is easy to use the tools of criminal investigation to gather information about an attack, 
especially in its early stages. That is why the National Infrastructure Protection Center (NIPC) 
was housed within the FBI. Although staffed by defense and intelligence personnel as well as 
FBI agents, it relies heavily on criminal investigative tools that could not easily be deployed by 
other agencies. 


But the effectiveness of NIPC in protecting national security depends on sharing information 
about attacks, and the FBI has a remarkably bad reputation on that score. A wide range of 
different communities — local police, intelligence analysts, civilian agencies, and business 
executives — all complain with regularity that however much information they share with the 
Bureau, the Bureau never reciprocates. 


The NIPC has struggled to avoid the same reputation, but the culture of reticence cannot be 
turned on and off, particularly when the Justice Department, for its own reasons, has raised 
additional barriers to information sharing with defense and intelligence agencies. To some 
extent, the atmospherics surrounding the dialogue between the NIPC and the agencies it supports 
has made it difficult to arrive at ground truth, but the task force believes that what it has found 
warrants action. Without substantial improvement, the NIPC cannot live up to its initial promise. 


As things now stand, DoD cannot count on NIPC, Justice, or the FBI for a free flow of 
information about network attacks. On the contrary, the task force identified numerous policies 
and legal interpretations at NIPC, the FBI, and the Justice Department that have prevented 
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effective information sharing about potential national security risks. The task force concludes 
that these barriers must be swept away, and soon, if DoD is to continue to support and rely upon 
NIPC. Unless NIPC, FBI, and Justice overcome their narrow crime-fighting perspectives — in a 
formal high-level agreement with the Defense Department — then DoD and the intelligence 
community should pull out of NIPC and create an independent center for gathering and sharing 
information about the most serious network attacks. This should, however, in the view of the 
task force, clearly be a measure of last resort. 


RECOMMENDATIONS FOR THE DEFENSE DEPARTMENT AND THE JUSTICE DEPARTMENT 


Rather than splinter the government's limited resources further, the task force recommends 
several specific changes in the policies and legal interpretations that have prevented NIPC from 
achieving its full potential as an information-sharing center. It is the view of the task force that 
the necessary changes cannot be achieved without leadership from the very top of both 
departments, and that the issues raised below should form the agenda for a series of talks that 
will, we hope, culminate in a new agreement over information sharing between the law 
enforcement and national security communities. 


e First, all information available to NIPC should also be available to defense and | 
-. intelligence analysts (who are already trusted with rather more sensitive information) | 
; unless there is an express legal bar on sharing or an interagency consensus that 
sharing the information is imprudent. The task force found that there may be 
misperceptions about the "law enforcement sensitive" label that is placed on 
- information flowing from the NIPC to the Department. The Justice Department 
should clarify for the department that the label is attached to sensitize its readers 
rather than to prevent its flow to those requiring the information within the 
department. Likewise, the task force also believes that DoD agencies (including 
NSA) should share all available information on events with the NIPC. 


e Second, the Justice Department has blocked NIPC from easy and natural 
communication with the National Security Council (NSC) about infrastructure 
attacks, despite the NSC's central role in national security decision making generally 
and infrastructure protection in particular. The DoJ is plainly reluctant to share 
information about criminal investigations with White House personnel, but DoJ's 
general policy, should not be applied to information about network attacks. 


e Third, DoD should have access to information about network attacks gathered under 
Title III (the wiretap statute). The Justice Department opinion refusing to provide this 
access shows little appreciation of the need for interagency cooperation on national 
security matters and should be reconsidered. 


e Fourth, concerns about grand jury secrecy have made it difficult to know what 
material in a criminal investigative file may be shared with DoD and what may not. 
These concerns are mostly derived from very conservative readings of the rules on 
grand jury secrecy (readings adopted in part to serve the prosecutors' interest in 
avoiding public disclosures of their investigative priorities). They are also derived in 
part from the Justice Department's failure to discipline investigators of infrastructure 
attacks. These investigators could gather information without using grand jury 
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subpoenas and thereby avoid later information sharing difficulties, but the FBI and 
Justice Department do not require their investigators to use these less problematic 
tools in the first instance. The rules on sharing grand jury information should be 
clarified to permit sharing for national security purposes; until this is accomplished, 
computer crime investigators should be prohibited from using grand jury subpoenas 
without interagency approval. While the amount of grand jury material that has been 
withheld is disputed, and may be relatively small, the failure to address this issue 
continues to create tension. 


e Fifth, NIPC is buried so deep in the Justice and FBI bureaucracy that it cannot 
perform its interagency role effectively because it cannot assure its counterparts in — ^ 
other agencies that decisions can be rapidly referred to high levels in the bureau and 
the Justice Department. NIPC should report directly to the Office of the Director FBI 
as well as the Office of the Deputy Attorney General. 


e Sixth, DoD has not taken all the steps necessary to ensure a large and strong 
contingent of DoD detailees at NIPC. Assuming a successful resolution of the issues 
raised in this report, DoD should upgrade its contribution to NIPC, both in numbers 
and in quality, and it should treat NIPC service as a "joint" appointment for purposes 
of military promotion. 


e Seventh, NIPC has much to offer DoD on questions such as when to block a 
particular hacker from further access and when to let the hacker continue in an effort 
to learn more about his techniques and purposes. DoD should agree on a role that 
clarifies NIPC's purely advisory position while guaranteeing that NIPC has a voice in 
such decisions. DoD should further clarify the commander's decision-making 
authority in this area so that responsibility is unambiguous. 


e Eighth, NIPC and the Justice Department's computer crime experts have exceeded 
their jurisdiction in trying to limit what information intelligence agencies may 
receive; neither NIPC nor the Justice Department's Criminal Division should have a 
role in deciding whether and how DoD entities share information with NSA or other 
intelligence agencies. 


e Finally, the task force notes that “red team" exercises, though vital, have been slowed 
in the past by multiple legal signoffs and supervision at DoD. This concern is 
diminishing as red teaming becomes more common, but it remains true that a 
standardized and simple set of procedures should be adopted to allow unannounced 
"red team" attacks on all DoD networks without excessive high-level intervention by 
DoD officials. 


RECOMMENDATIONS FOR CONGRESS 


All of the recommendations above could be implemented without changing any statute. That 
is the preferred solution. Nonetheless, there are areas in which U.S. laws have failed to 
anticipate the need for effective critical infrastructure protection. For that reason, the task force 
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recommends that the Defense Department support a variety of relatively limited changes in 
existing law. 


e Most important, DoD should have its own civil authority to seek information about 
network attacks with national security implications. Under existing law, network 
service providers may give away information about hacking attacks on street corners, 
but they are legally prohibited from giving the information to a government agency 
unless the agency begins a criminal investigation. This is unfortunate for all. It 
forces hacker investigations into a criminal posture, which is likely to be bad for the 
hacker as well as for the opportunity to share information among agencies. The 
government should justify any request for information about its citizens, but it should 
not have to launch a criminal investigation before it can gather information needed to 
protect national security. 


e Second, the task force encountered a disturbing limitation in the ability of the 
government to maintain wiretap coverage of persons engaged in long-term hacking 
campaigns against government networks. lronically, the more likely it is that the 
attackers are sponsored by foreign governments, the less likely it is that wiretap 
coverage will be maintained, because the likelihood of successful prosecution will 
decline over time. In the end, criminal wiretap authorities are inadequate for this 
problem, and a statutory solution should be sought that protects both national security 
and the civil liberties of Americans. One possibility is a provision denying network 
trespassers an expectation of privacy for their actions in attacking a victim's 
information system. 


e Third, current law concerning “trap-and-trace” orders often requires that law 
enforcement agencies seek multiple, sequential orders as they trace a single hacker 
from system to system. This provision should be modified to allow a single, 
nationwide order aimed at a single attacker who uses multiple computer systems. In 
addition, there is currently no statutory provision allowing the government to obtain 
certain types of information without the requisite order in situations of extreme 
urgency. This is an oddity, since under the Electronic Communications Privacy Act, 
wiretaps may be initiated without a judicial order in an "emergency situation." In the 
interest of enabling law enforcement officials to obtain the crucial information they 
need for the prompt investigation of critical infrastructure attacks, the provision 
allowing emergency wiretaps should be extended to court orders and subpoenas as 
well. 


e Fourth, if agreement cannot be reached with the Justice Department concerning the 
Title III and grand jury rules that currently restrict information sharing with DoD, 
Congress should clarify its intent that the confidentiality of criminal investigations 
not trump the national security interests of the United States. 


e Finally, though the majority of the problems outlined here focus on information- 


sharing deficiencies between and among government agencies, greater efforts could 
be made to encourage voluntary private-sector cooperation in hacking investigations. 


age 1144 of 3957 


957 


Page 1145 of 3957 


To this end, the use of nondisclosure agreements in gathering information on network 
attacks should be expanded, and narrowly tailored legislation that would restrict the 
Freedom of Information Act disclosure of information shared pursuant to a hacking 
investigation should be considered. 
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I. INTRODUCTION: WHY SHARING INFORMATION ABOUT 
NETWORK ATTACKS IS IMPORTANT - AND HARD TO 
ACHIEVE 


Like everyone else in America, the armed forces depend heavily on sophisticated 
communications networks — not just their own, but those of the civilian industries that support 
them. U.S. adversaries know this. That is why information warfare attacks on our networks are 
a near certainty — because they are likely to work. How great is this risk? We do not know, and 
this panel report focuses on what we don't know, and why. 


We do know that attackers have had disturbing success in penetrating sensitive systems 
essential to carrying out the Defense Department's mission. Worse, the attackers who have 
succeeded are mostly vandals and petty criminals, and the tools they have used are offshoots of 
existing technology. But no one estimates the military might of the United States by studying 
the weaponry of American street criminals, and by the same token, the technology of information 
warfare will soon bear little resemblance to the viruses and denials of service that currently 
annoy Internet users. The problem is likely to get worse before it gets better. 


Better information about network attacks is the first line of defense. To launch a serious 
information warfare attack on the United States would likely require considerable preparation — 
probing defenses, testing tactics, leaving behind logic bombs or back doors. If the government is 
to have warning of future attacks, it needs to gather information about current attacks in a 
systematic way and to analyze the information for patterns. 


While gathering and sharing information on attacks is the foundation of a defense against 
information warfare, so far we do it badly. The private sector is reluctant to share information 
for both competitive and legal reasons. Information sharing comes no more easily to 
government. Intelligence agencies classify information in order to limit sharirig to those with a 
*need to know." Law enforcement agencies restrict sharing to protect witnesses and keep their 
targets in the dark. And almost everyone in government treats information as currency, to be 
offered only sparingly and in return for value. 


In short, sharing information does not come naturally. Despite this reluctance, the need to 
centralize and share information about network attacks is so obvious that an interagency entity, 
the National Infrastructure Protection Center (NIPC), was created to do just that. 


Specifically, NIPC has two primary practical goals. One is to investigate (and, wherever 
possible, prevent) attacks on critical infrastructure systems. Critical infrastructure systems are 
the backbones that allow U.S. cities and towns to function; they include the electrical power grid, 
the water works, and the telecommunications pipelines. Half of NIPC's mission is to coordinate 
the collection and dissemination of information about the security and defense of these systems. 
The other part of NIPC's mission is to coordinate the sharing of information on network attacks 
within the law enforcement and intelligence communities, which includes, of course, DoD. 


When NIPC was established, there was some debate about where it should be housed. 
Agencies like the Commerce Department were rejected because they lacked independent 
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investigative and intelligence capabilities. Intelligence agencies were rejected because their 
mission is focused on foreign countries, and their capacity to gather intelligence on Americans is 
rigorously limited. While information warfare itself is an entirely appropriate concern of the 
intelligence community, most network attacks are not state-sponsored. Indeed, the thousands of 
hackers whose activities obscure the acts of foreign governments are as likely as not to be 
Americans. By the same token, while DoD is the proper agency to respond to information 
warfare, it has little or no authority to deal with simple vandals. 


Given those constraints, it seemed that the logical "intake point" for information about 
infrastructure attacks was the FBI, which has authority to investigate both common criminals and 
foreign agents. Despite this logic, the FBI was a controversial choice. It was handicapped by a. 
remarkably deep and pervasive reputation — among other law enforcement agencies, in the 
intelligence community, and in the private sector — as a black hole for information. Everything 
goes into the Hoover building, according to this view, and nothing comes out. = 


For that reason, many steps were taken to keep NIPC from falling heir to the FBI's reputation ` 
for restricting information. A well-regarded Justice official was transferred to head the office, 
and detailees from the Defense Department and intelligence agencies were put in charge of 
information-sharing offices within NIPC. Based on what the task force learned in the course of 
interviewing numerous DoD, Justice, NIPC, and intelligence sources, however, this was not 
enough. Putting information-sharing responsibilities in the hands of law enforcement agencies 
has produced serious problems that were not adequately foreseen when NIPC was established. 


Because of legal and cultural restrictions, NIPC staff, even personnel detailed from DoD 
itself, have found it difficult to share information about network attacks in an easy, Cooperative 
fashion with agencies outside law enforcement. The problems have been many. The National 
Security Council, for example, has been denied timely information on the status of network 
attacks under investigation; whole categories of information (Title III intercepts, for example, 
and materials obtained via grand jury subpoena) have been set aside by the Justice Department as 
the domain only of law enforcement agencies. Other information has been designated as “law 
enforcement sensitive" and subjected to dissemination restrictions in a fashion that lacks the 
safeguards usualfy relied upon to prevent overclassification. 


Of course there are explanations for all of these roadblocks, and in many cases NIPC has 
worked to overcome them and to establish at least the beginnings of an effective information- 
sharing facility. The task force does not underestimate that achievement. NIPC has faced 
pressures from many directions other than defense and the intelligence communities. 
Businesses, civil liberties advocates, competing law enforcement agencies, and even foreign 
governments have all claimed the right to help set one or another aspect of NIPC policy, though 
they have been notably more reticent when resources have to be put into the effort. In these 
circumstances, to create a functioning entity with its own esprit has proved to be no easy task. 


That said, the task force finds it unlikely that NIPC, operating under current constraints, can 
consistently provide the kinds of information needed by DoD to protect against attacks with a 
national security dimension. NIPC is still far too dominated by the law-enforcement culture and 
by legal interpretations by the FBI and Justice Department that tend to reinforce the NIPC's 
reputation for not sharing information. While NIPC has managed to work around some of these 
obstacles, the current structure for sharing network attack information still is not responsive 
enough to the interests of national security and intelligence agencies. 
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This situation is not tolerable, particularly for the Department of Defense. To a very great 
extent, DoD depends on NIPC for the information it needs to defend itself and the nation. 
Reliance on law enforcement agencies for such a crucial element of support will only work if 
those agencies seamlessly share with DoD any and all information likely to have a bearing on 
DoD's defense mission. Current policies suggest that the FBI and Justice Department are not 
willing (or perhaps think themselves unable) to share information in this seamless way. The 
restraints on NIPC have significantly restricted its ability to play an adequate interagency 
information-sharing role. 


The task force provided early drafts of conclusions to NIPC, and NIPC strongly, sometimes 
stridently, disagreed with task force conclusions on this point. NIPC says that it has managed to 
find ways to share virtually every useful piece of information about network attacks that has 
come into its hands. While the doctrines and difficulties laid out in this report are acknowledged 
as obstacles, NIPC believes that in the end they can all be overcome — indeed that almost all have 
been overcome — with creativity and care. NIPC urges us to focus on its successes and its need 
for substantial additional resources from DoD to conduct the necessary analyses of data already 
being shared. 


The task force agrees that there have been successes, and that more analytic resources are 
needed — at NIPC or elsewhere. But that does not alter the fact that substantial legal and policy 
roadblocks exist, and that those roadblocks have prevented sharing already. Change will not 
come quickly. While in some cases NIPC has worked around the problem successfully, we must 
not wait until there is a catastrophic failure to address these concerns. The legal and policy 
issues identified here are continuing threats to the effort to build a seamless and effective 
information-sharing system for network attacks. 


The task force recommendations go to the heart of this concern. 
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H. RECOMMENDATIONS 


RECOMMENDATION I: 
DoD Should Insist on a High-Level Agreement with Justice and the FBI that Reforms 
NIPC's Role and Structure. 


Part of the information sharing problem has been a lack of clear leadership. After the initial 
cabinet-level activity to establish NIPC, little high-level attention was paid to how preparations 
for information assurance were actually functioning. In that atmosphere, each agency asserted 
its prerogatives without much fear of oversight. Issues related to information sharing practices 
were not readily resolved because political decision makers did not intervene to force reasonable 
compromises in the interest of NIPC's overall mission. l 


The task force's central recommendation, therefore, is that this problem be addressed at the 
highest levels of the Justice and Defense Departments, and that DoD insist on major changes in 
exchange for augmenting its support for NIPC. 


Currently, DoD is the largest contributor to the staffing of NIPC, other than the FBI itself. 
Present staffing levels at NIPC are roughly as follows: 


FBI: 82 
DoD’: 14 
United States Postal Service: 1 
CIA: 2 
Energy Department Labs: 1 
Local Law Enforcement: 1 
Foreign Liaisons: 2 


There is no high-level agreement between DoD and Justice/FBI about the terms of details to 
or the information-sharing practices of NIPC. Instead, information-sharing policy is set by a 
two-page memorandum of understanding (MOU) that is to be signed by DoD, FBI, and each 
detailed employee. The MOU is an inadequate and entirely one-sided document, essentially 
imposed on the detailees and their agencies. Some provisions are unexceptionable — such as 
those making clear that each employee sent from DoD will be tasked exclusively by his or her 
superiors at NIPC, will be removed from the chain of command in DoD, and will have access to 
information in FBI files and to other sensitive information. 


Unfortunately, the MOU goes further. It requires that dissemination of information from 
NIPC, including dissemination back to the detailee's home agency, be governed by FBI policy as 
well as applicable statutes and other guidelines or procedures. 


! The DoD elements represented include NSA, NCIS, Air Force OSI, DCIS, air force, army, navy, and OSD. 


2 — NIPC argues that the MOU is necessary to protect against claims that DoD personnel are acting in violation of posse 
comitatus rules and that NSA and CIA personnel are violating rules governing intelligence agency handling of U.S. person 
information. This is open to question, and should be more carefully reviewed. In practice, posse comitatus is rarely a bar to 
assistance to law enforcement, and while intelligence agency restrictions may require intelligence personne! on detail to 
obey the laws governing law enforcement, it is not clear that these personnel must submit to additional and unspecified 
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Those policies are by no means limited to information-sharing restrictions imposed by law. 
It is of course understandable that anyone handling law enforcement information would be 
subject to any restrictions imposed by law on the use of such information. But the MOU goes 
beyond that to impose sweeping restrictions that are not required by law. Such a sweeping 
approach is inconsistent with NIPC's mission and with the participation of other agencies in that 
mission. Some restrictions based on law enforcement policy rather than law may well be 
appropriate, but the burden of identifying and justifying each separate restriction should be on 
the FBI and Justice. (It is not enough in an interagency context, to say, as NIPC has, that 
equivalent restrictions are imposed on FBI personnel. The point of an interagency task force is 
that the personnel bring different skills and traditions to the task.) 


Agencies that detail staff to NIPC still pay the salaries of their detailees. It makes no sense to _ 
pay those salaries unless the employees' participation in NIPC provides ongoing value to the 
agency that details them. Potential restrictions on detailees’ communications limit their value to. . 
the sending agency. Some agencies are already cutting back their participation. The Secret 
Service, for example, has ended its participation. After initially insisting on sending seven 
people, it has pulled all of its representatives back, in part because of reluctance to accept FBI 
information-restriction policies. The Department of Energy has also failed so far to replace one ^ 
of its detailees; it too has had conflicts with the FBI and NIPC over information sharing. 


Although DoD originally planned to send eighteen detailees, only fifteen have ever been 
assigned to NIPC, and the likelihood of replacement once they rotate to a new assignment is 
uncertain. Some DoD elements, notably the National Security Agency, have also had conflicts 
with NIPC over information-sharing policy; NSA's participation in the NIPC, as well as that of 
the CIA, has been sporadic. With this track record as a backdrop, it is at least fair for the NIPC 
to make the claim that pulling back detailees by agencies, as well as sporadic participation, will 
indeed hamper the NIPC's efforts at information sharing. 


Currently, the participation of other agencies, including DoD, is dwarfed by the contribution 
of the FBI itself to the office's staffing and funding. This will soon turn NIPC into an FBI office | 
rather than an interagency office, and that will have a serious impact on all aspects of the | 
operation. (NIPC's preferred solution would be to increase staffing from other agencies. The | 
task force agrees, but this will happen only if information-sharing problems can be solved.) | 
| 


DoD should not follow the example of the Secret Service and simply decamp — at least not 
without attempting to negotiate a broader and more reasonable framework agreement with 
Justice and the FBI. The task force does not believe that NIPC's problems are necessarily fatal, 
or that a "go it alone" approach is a better solution for DoD. NIPC continues to be the best 
window into law enforcement information about network attacks. While its reputation in the 
private sector is decidedly mixed, it does obtain important information from cooperating 
companies as well. And so many network attacks are ultimately of little practical interest to 
DoD that it should allow other agencies to take the lead in addressing them. Withdrawing from 
NIPC would run a risk of weakening both NIPC and DoD. If possible, it would be far better to 


NIPC and FBI policies on handling law enforcement information. Moreover, the FBI required other law enforcement 
agencies — such as the United States Secret Service — to abide by the same agreement, even though posse comitatus was not 
an issue. Indeed, the Secret Service balked at signing the MOU, because it was unduly restrictive, believing as we do that 
there was no sense in agencies detailing personnel if the detailed employee could not share information more freely with his 
or her agency of origin. 
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reform NIPC to make it truly interagency in spirit rather than a captive of law enforcement 
policies. 


While information-restricting law enforcement doctrines need to be addressed in any 
framework agreement, they are not the only issues that should be covered in high-level talks 
between DoD and Justice. DoD's own practices in sharing information and choosing detailees 
are appropriate matters for concern on the part of NIPC. So too is the current placement of NIPC 
within the FBI hierarchy, which hinders the functioning of NIPC as a truly interagency body.? 
Finally, there is no written agreement on NIPC's role in such obvious questions as whether it is 
better to lock a particularly dangerous intruder out of a system or to let him in and watch him in 
the hopes of learning what damage he is capable of causing. 


Drafting an agreement that covers all of these aspects of NIPC's operations may be the only 
way to engage the attention of decision makers within DoD and Justice/FBI, and to ensure that 
NIPC's critical early-warning mission will be given higher priority than each agency's turf 
concerns. 


The remainder of this section recommends specific reforms that the task force believes 
should be incorporated into a framework agreement between DoD and Justice/FBI. 


All information held by NIPC about infrastructure attacks should be available to DoD 
unless sharing the information would violate a legal prohibition. DoD should provide 
similar assurances for information in the hands of its agencies. 


Neither NIPC nor DoD has been a model of information sharing. Complaints about 
unnecessary barriers to information sharing can be heard in both camps, and with good reason: in 
each agency, there are cultural limits to information sharing. Nonetheless, the task force judges 
the problem to require more attention on the NIPC side, primarily because that is where the 
information about network attacks is being centralized. 


It is easy to understand the sensitivity of some law enforcement information. The name 
of a suspect, the identity of a source inside a criminal organization, the effectiveness of a 
particular investigative technique — this kind of information is jealously protected by law 
enforcement agencies. Indeed, NIPC fears that if FBI agents were told that NIPC intended to 
distribute such information throughout the government, they would stop talking freely to NIPC, 
leading to a new wall between the FBI and other agencies — but this time with NIPC on the other 
side of the wall. 


NIPC has tried to satisfy law enforcement concerns while at the same time finding ways 
to share information with others. In general, it uses two methods. First, it sanitizes its reports to 
remove the most sensitive law enforcement sources and methods while still providing useful 
information. Second, it supplies information marked “law enforcement sensitive,” a designation 


3 Concer has been expressed at DoD that, in the latest reorganization, NIPC has found itself "buried" in the terrorism 
division of the FBI. Treating NIPC like any other FBI program heightens the impression that it is simply an FBI office that 
happens to benefit from free labor provided by other agencies. It is also difficult to run an interagency process that, when 
complete, must climb the FBI and Justice bureaucracies through several levels. This issue is not without its difficulties. 
Viewed as a "line" office, NIPC is not big enough to be an FBI division by itself, and so giving it a direct report to the 
Office of the Director would require treating it more like the FBI staff offices, such as Office of General Counsel. 
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that is similar to the designation "Originator Controlled (ORCON)" in the classified world, 
telling readers that the information may not be further circulated without the approval of the 
originating agency. According to NIPC, including the CIA detailee in charge of information 
sharing, these methods have allowed NIPC to share ae everything of value to other 
agencies. 


NIPC sees the use of the “law enforcement sensitive” concept as a valuable tool that 
favors sharing. The task force is more troubled by it, particularly because the doctrine is both 
vague and broad. As set forth in a more detailed NIPC protocol on information sharing 
procedures, dissemination may be limited to shield “a protected source, sensitive method, [or] i 
confidential witness,” categories where restrictions might be justified if interpreted narrowly.. 
But the protocol also protects even broader and more questionable categories of information, 
such as information identifying juvenile suspects, or information about cases that are awaiting 
trial. Even information in cases that have been closed can be restricted. if the investigating 
agency thinks disclosure would compromise its sources and methods. 


Understandable as the concerns of law enforcement may be, they do not justify such a 

broad set of restrictions — especially if the interpretation is left solely to law enforcement. Such a 

decision-making process lacks checks and balances. It does not utilize the more recognized (and 

in the view of the task force, more disciplined) classified information system familiar to national 

security agencies. And it makes law enforcement agencies the final authority in disputes about 

information sharing. The task force welcomes NIPC's assurance that the doctrine is rarely used 

- to prevent sharing of relevant information. If so, it should be possible to adopt a default rule that 

calls for sharing in the absence of specific factors — and that allows DoD to participate in the 
decision about whether sharing is justified." 


In the task force's view, sharing of information about serious attacks should be automatic 
unless the sharing would violate a specific legal ban (such as Rule 6(e) of the Federal Rules of 
Criminal Procedure, which prohibits the sharing of grand jury information) or unless there is an 
interagency determination that the risk of compromising sources and methods requires the 
restriction. The task force discusses in later recommendations ways to minimize the adverse 
effects of legal restrictions on sharing. The recommendation that the risk of compromise be 
weighed against the value of the information bears further discussion here. 


It is worth remembering that the principal justification for the “law enforcement sensitive” 
doctrine is preventing the compromise of a current or future criminal investigation. And it is 
obvious that this is a severe risk in some criminal contexts: investigations of organized crime, for 
example, are susceptible to compromise with consequences that can be fatal for the investigators. 
But the likelihood that sharing NIPC information with DoD will have such effects is vanishingly 
small, particularly because NIPC will have information mainly, if not exclusively, about criminal ! 
investigations of hackers, who are not known for bribing officials to gather intelligence or for | 
adopting the other techniques of organized crime. More importantly, there is no reason to think | 
that sharing NIPC information with DoD officials is more risky than sharing the information 
with criminal investigators or prosecutors. DoD is entrusted with far more serious secrets than a 


^ NIPC has pointed out that DoD and other agencies do, in fact, have detailees at NIPC, and some of these detailees are 


already in a position to approve dissemination of information that is law enforcement sensitive. This is a good thing, but it 
is not the same as giving DoD an institutionalized voice in the decision. 


14 


Page 1153 of 3957 


age 154 Of 3957 


handful of investigative details in a hacking case, and its record of protecting secrets is at least as 
good as the FBI’s and the Justice Department's. 


In fact, NIPC does not defend its restrictions on strictly law-enforcement grounds. It argues 
that the risk of compromise extends not only to individual criminal investigations, but also to 
general investigatory techniques, many of which are likely to be important to DoD as well as law 
enforcement. In these circumstances, the issue more closely resembles a classic intelligence 
“sources and methods" problem, and the usual tactics employed by the intelligence community 
to solve such problems should work. 


It is for this reason that the decision as to whether to share information about an investigation 
should not be made exclusively by prosecutors and investigators. DoD must be given a voice in 
that decision, perhaps by designating an official from the Office of General Counsel who would 
always be trusted with investigative information as part of the interagency sharing process. (The 
task force notes that twenty-five years ago, intelligence agencies objected to the involvement of 
the Justice Department in their activities because they feared that prosecutors would be unable to 
protect intelligence sources and methods; those concerns have now been resolved by long 
practice. That prosecutors and investigators fear for the security of their special secrets is 
equally understandable -- and equally wrong.) Involvement of decision makers with different 
perspectives is an important guarantee of objectivity, but in the end the important thing is not just 
the process itself, but the principle that those who want to restrict information sharing must 
justify that view to other parts of the government. The default should be that the information is 
available to DoD and its agencies. 


A second reason often advanced for not sharing investigative information is privacy. This 
report will address statutory privacy protections separately, but even where statutory restrictions 
do not apply, the task force agrees that protecting privacy is an important value that NIPC and 
other agencies need to bear in mind at all times. At the same time, it is worth remembering that 
NIPC can only share information about private citizens that it already possesses — in other words, 
information that is already in the hands of at least one and probably several government 
agencies. It is reasonable to question how well privacy is protected by keeping information that 
has already been widely shared within the law enforcement community out of the hands of 
Defense Department analysts. A more effective protection would focus on preventing misuse by 
all the parties that have access to the information. 


As stated at the outset, in focusing on the barriers to information sharing that have been 
erected at NIPC, the task force does not mean to suggest that this practice runs only one way. 
NIPC has cited its own examples of information withheld arbitrarily by NSA and perhaps other 
DoD elements. NSA and NIPC are seen as competing for similar missions and resources, and as 
is typical in such cases, each side has a store of grievances against the other. The task force 
recommends that DoD and its elements also make binding assurances that information will be 
shared with NIPC unless it is subject to legal restrictions. Both parties should ensure that NIPC 
personnel have clearances that are adequate to facilitate this information sharing and that there is 
a process for resolving disputes about which classified information may be shared with NIPC. 


5  ]n rebuttal, NIPC and Justice point to an occasion on which a high-ranking DoD official briefed an ongoing attack and 
investigation to Congress only to have details leak to the press. This of course is unfortunate, and it has happened too often 
to every agency that depends both on secrecy and on Congressional favor. But every agency tends to remember the times 
when other agencies have been the source of a leak and to forget those in which it was the source. Keeping information 
away from DoD is not an appropriate solution to the problem of “political” leaks. 
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RECOMMENDATION 1.2: 


NIPC should share all information about network attacks with the National Security 
Council and its staff unless the information is likely to compromise an investigation of a 
White House official. 


If NIPC is to participate in national security planning and decision making, it must obey the 
same rules as other participants in that process. This includes providing all necessary 
information to the interagency process administered by the National Security Council (NSC). 
Currently, NIPC is unable to do so — a serious handicap that should be cured either by agreement 
between DoD and the Department of Justice or by the President. 


Restrictions on FBI communications with the White House were imposed in 1994 in an 
agreement between the White House Counsel's Office and the Office of the Attorney General. 
Under that agreement, the FBI may not provide any information to a member of the White House `- 
staff except with the approval of the Deputy Attorney General (DAG). The purpose of this 
restriction is to prevent actual or apparent White House interference with or influence over: 
criminal investigations. The arrangement gives the Deputy Attorney General an assurance that ` 
he is fully aware of any communications between the FBI and the White House. 


In the context of NIPC, this restriction on sharing information is dysfunctional. During the 
Clinton Administration, defense against foreign-based infrastructure attacks was coordinated by 
a senior NSC official. Delaying the delivery of information to the NSC is not good management, 
and NIPC itself has asked Justice to modify the rule in this context, so far without effect. The 
NSC is a well-established mechanism for coordination of national security issues with 
interagency dimensions. In their defense, the Justice Department and NIPC emphasize that in 
the end practically everything the NSC wanted to know was provided by NIPC. The task force 
found that, on some occasions, the transfer of information to NSC has gone smoothly — as one 
official told us, “DAG approval can take 20 minutes.” But in other cases, there have been 
Significant delays in delivering information to the National Security Council due to 
disagreements between Justice and NIPC over what information should be supplied to the 
national security staff. Justice officials said they sometimes felt forced to choose between 
having their best technicians respond to attacks and having the technicians respond to what they 
called “drive-by tasking” from the NSC. 


The task force did not try to decide whether NSC had asked for unnecessary or burdensome 
briefings, although it was noted that this is a widely held view at NIPC and the Justice 
Department. But even if that view is correct, Justice should not have responded by claiming the 
legal right to withhold information from NSC. DoD depends on the NSC to address interagency | 
issues that arise when national security is threatened. The NSC process is well-oiled and has | 
functioned predictably in a host of conflicts, and NSC is the logical place to address network 
attacks with national security implications. If agencies can refuse to provide information to that 
interagency process, they will always be tempted to withhold information that makes them look 
bad. Again, the default should be in favor of sharing information. In the long run, busy NSC 
officials are unlikely to ask for information that is not relevant to their jobs. 


What of the concern that led to the no-White-House-briefings rule in the first place? The 
task force does not denigrate the concern that White House communications can lead to charges 
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of interference in a criminal investigation. For that reason, the task force agrees that NIPC 
should be free to refuse to provide information that would compromise an investigation of White 
House staff. But there is little reason to use a broader rule in this context. Criminal 
investigations of hackers will often have national security dimensions. So far, however, no one 
has raised the slightest suggestion of political interference. Until the risk of politicization of 
network investigations is something other than theoretical, this restriction should be lifted. 


This change could be accomplished by a blanket approval by the Attorney General for the 
sharing of information on attacks with national security significance. But such approval has not 
been forthcoming, and it therefore should become the subject of high-level agreement between 
DoD and Justice. 


Once again, the task force notes that this restriction falls into a pattern, in which FBI and 
Justice entities that are tasked with interagency responsibilities attempt to justify restrictions by 
saying that they are simply applying the Justice/FBI rules that usually apply to "criminal 
investigations." That is precisely the problem: these investigations are not exclusively matters of 
concern to prosecutors and investigators, and they cannot be treated as though Justice 
Department policies are the beginning and end of analysis. Unless the "business as usual" 
mentality at Justice and the FBI can be shaken loose in some form of agreement, DoD will have 
to create its own, separate capabilities, free of parochial constraints imposed for law enforcement 
reasons. 


RECOMMENDATION 1.3: 


Title III intercept information should be shared with DoD for purposes of assisting DoD in 
preventing attacks on its computer networks. 


Sooner or later, usually sooner, any serious investigation of a network attack requires a 
wiretap. This allows investigators to intercept the communications between an attacker and the 
sites the attacker uses to launch (or launder) his attacks. Electronic intercepts are a fundamental 
tool in combating network attacks. But as things now stand, they usually can only be performed 
as part of a criminal investigation using the authority conveyed by Title III of the Omnibus 
Crime Control and Safe Streets Act of 1968. (Foreign intelligence intercepts can also be used 
inside the United States, but only if the target is an agent of a foreign power — something that is 
difficult if not impossible to determine at the outset of a hacker investigation.) 


Use of criminal wiretap authority is in some respects easy. Hacking into other people’s 
computers is a crime, so that the prerequisites for a Title III intercept order for data may be 
quickly met. But there's a catch. Once the data has been gathered under a Title III order, it may 
not be shared with DoD or other national security bodies. At least that is the view of the Justice 
Department, which interprets Title III as prohibiting such sharing. In the task force's view, the 
Justice Department's reading of Title II is at best arguable, and shows far too little concern for 
national security. 


The statutory language in dispute is not lengthy. Under Title IIT, information derived from 
an intercept may only be used “to the extent that such use is appropriate to the proper 
performance of [the] official duties” of the law enforcement officer who has obtained the 
information. (See 18 U.S.C. § 2517 (1) and (2)).) This language would not bar DoD from 
receiving Title III information if “the official duties" of law enforcement officers include 
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protecting national security and preventing additional crimes. At one time, the Justice 
Department's Office of Legal Counsel (OLC) took a similarly broad view of the "official duties" 
language, concluding for example that the Justice Department could provide Title III information 
to congressional committees on the theory that responding to congressional inquiries is part of a 
government employee's "official duties." No longer -- after considerable delays, the OLC has 
recently issued an opinion that overrules its earlier interpretation and concludes that Title III 
authorizes only sharing of intercept information for official law enforcement uses. 


The OLC opinion further concludes that this ambiguous intent is not overcome even by the 
National Security Act, which expressly grants the Director of Central Intelligence “access to all 
intelligence related to the national security which is collected by any department, agency, <or:--..- 
other entity of the United States." (See 50 U.S.C. 403-4(a)(1994)). Finally, it dismisses a 
Reagan-era executive order directing all agencies to give the director of Central Intelligence 
"access to all information relevant to the national intelligence needs of the United States.” (See- 
Executive Order 12333 (1981) 


In the view of the task force, the OLC opinion is questionable as a matter of statutory 
construction, and it almost willfully ignores the national security implications of its conclusions. 
A careful reading of the law, as well as strong public policy concerns, argue in favor of the 
disclosures at issue here. OLC's contrary decision casts real doubt on the willingness in the 

.Justice Department to give due weight to Defense Department interests when carrying out 
missions that mix national security and law enforcement." 


The OLC opinion suggests that it is appropriate to lean against sharing of Title III data 
because of privacy concerns. Privacy is indeed important, but as noted earlier one may wonder: 
will the targets of Title III wiretaps really be comforted by the knowledge that the contents will 
be provided to prosecutors' secretaries, perhaps even to IRS auditors — but not to defense and 
intelligence authorities? There is of course an extra bit of privacy in any restriction on 
distribution of private information, but it is difficult to agree with the Justice Department's 
decision to treat this relatively minor gain for privacy as more important than the significant loss 
in terms of national security. The additional privacy benefit is particularly attenuated in the 
context of hacker intercepts. What makes classic wiretaps so troublesome from a privacy 
perspective is that they capture often-intimate conversations between parties who trust each other 
and believe their conversations will remain private. But intercepts of hacker attacks are typically 
focused on signals sent by the hacker to a victim's computer. The tap simply provides a quick 


We should note that this opinion was resisted by NIPC on grounds that it is unnecessarily restrictive, while at the same time 
one of the principal OLC contributors to the opinion is now part of the office of the DoD General Counsel. 


Other aspects of the opinion do little to dispel this view. For example, OLC determines that intelligence agencies will be 
allowed access to intercepts in one circumstance — when they have been firmly subordinated to law enforcement and are 
simply putting their resources at the disposal of prosecutors and criminal investigators. Then, the opinion declares, there is 
no problem with sharing intercept information. In short, if the Justice Department’s interests are served by sharing, the 
Sharing is legal; if not, not. 

The opinion also contains a remarkable passage to the effect that if a law enforcement intercept produces urgent national 
security information, then the President can order that it be shared with intelligence agencies. Given the National Security 
Act and Executive Order 12333, one might think that Congress had already authorized such an order and that the President 
had already issued it, but having rejected that obvious conclusion, the opinion is forced to find that the President has retained 
some inherent authority to order such sharing anyway, but that the authority should only be exercised in desperate 
circumstances. The opinion takes a convoluted course to arrive at a position that could have been achieved by giving a 
straightforward reading of the National Security Act. 


18 


Page 157 of 3957 


Page 1158 of 3957 


way to capture keystrokes that are themselves part of the crime and that would not qualify under 
most people's definition of a communication, let alone a communication entitled to the highest 
possible privacy protection. These keystrokes may well be protected by Title HI, but it is 
difficult to justify expanding their protection in the face of a law and an executive order that 
clearly require the Justice Department to share any intelligence relating to national security. 


An OLC opinion is binding on the executive branch, but interpretations can be overturned, as 
this one overturned an earlier decision. The task force urges that the opinion be reconsidered in 
the context of a broader agreement on NIPC's information-sharing policies." 


RECOMMENDATION 1.4: 


Rule 6(e) on sharing grand jury information should be clarified to permit sharing for 
national security purposes; until this is accomplished, computer crime investigators should 
be prohibited from using grand jury subpoenas without the express approval of NIPC, 
acting with interagency agreement. 


Unfortunately, Title III is not the only criminal provision that prevents defense and 
intelligence agencies from gaining the full benefit of information obtained by criminal 
investigators about network attacks. Another provision with an impact on information sharing is 
Rule 6(e) of the Federal Rules of Criminal Procedure, which provides that attorneys for the 
government "shall not disclose matters occurring before the grand jury, except as provided for in 
these rules.". Specifically, information may only be disclosed when permitted by the court, or to 
an attorney for the government or to “such government personnel ... as are deemed necessary by 
an attorney for the government to assist an attorney for the government in the performance of 
such attorney's duty to enforce federal criminal law". (See Rule 6(e)(3) (A) and (C) ). 


Unfortunately, the Justice Department has taken a narrow view of its authority to share 
information under this rule. To make matters worse, NIPC has taken an expansive view of what 
materials are covered by the rule. And, finally, Justice Department prosecutors continue to use 
grand jury subpoenas where other processes could be equally effective, unnecessarily expanding 
even further the body of material to be withheld from DoD and other agencies. 


This report examines each of these three concerns separately. But first, it may be worthwhile | 
to note that grand jury secrecy, while often praised as a protection for criminal suspects' privacy, | 
actually serves the prosecutors’ interests at least as well as the defendants’. The privacy 
rationale is that grand jury secrecy protects those who are investigated and not indicted, or not 


8 If this cannot be done, we suggest that NIPC and the Justice Department maximize “parallel sourcing" of information that 
might otherwise only be obtained through the use of Title III. For example, some information produced from a wiretap 
targeting a hacker would also most likely be available directly from the computer of the victim, particularly once monitoring 
software was installed. We recognize that this is not a complete solution; if all the information produced by a wiretap could 
be harvested in another fashion, the wiretap would not be approved, since by law an intercept can only be used with 
necessity. Nonetheless, procedures to automate and make routine such parallel sources are worth considering. (Even this 
limited solution creates new difficulties, however. While systems administrators have nearly total discretion to install 
monitoring software to protect their systems, the Justice Department fears that the use of such software at the direction of 
criminal investigators will lead to legal problems later. The victim of the attack and its system administrator may find 
themselves deemed to be agents of law enforcement if they cooperate too enthusiastically with the FBI and Justice. This is 
yet another example of a problem we encountered over and over; while law enforcement authorities provide a quick basis 
for gathering information about network attacks, they often bring with them so much encrusted criminal law doctrine that in 
the end the use of law enforcement authorities may not be worthwhile. We discuss later in the report some methods of 
addressing this problem, including the use of a civil remedy that avoids the need to bring in criminal authorities.) 
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indicted for everything examined in the investigation. In this vein, keeping grand jury 
proceedings secret prevents the release of derogatory information that ultimately was insufficient 
to persuade the grand jury to charge a crime. In this context, of course, it is public release of the 
information that is most important to prevent — the information is not kept from investigators, 
prosecutors, or the grand jurors. Thus, as a matter of policy, this vital privacy interest would 
seem to be best protected by making sure that any officials who have access to the information 
are subject to a confidentiality requirement. 


It is not clear that barring dissemination of grand jury information to DoD personnel — who 
may already be subject to more stringent confidentiality disciplines than Rule 6(e) — adds much | 
in the way of privacy protection for those under investigation. This is particularly the case today, 
when practically any harm to U.S. vital national security interests can also be investigated as a 
crime. In such investigations, the national security and criminal processes are already intimately 
coordinated. As a result, the national security agencies know quite well who is being 
investigated for, say, a major terrorist incident, and they already know what information the 
criminal investigators hope to obtain from the criminal process. In those circumstances, the 
suspects' privacy interest in preventing DoD from knowing that they are suspects is already 
fatally compromised. The case for withholding grand jury information from DoD on privacy 
grounds in cases where national security is at stake thus seems questionable at best. 


Of course, prosecutors have their own reasons for defending the principle of grand jury 
secrecy, one that has nothing to do with the privacy of the suspect. Grand jury secrecy rules 
allow prosecutors to keep an investigation secret from the defendant, thus reducing risk of flight, 
intimidation of witnesses, and premature disclosure. While the commitment of prosecutors to 
keeping their plans secret is praiseworthy, in the task force's view this commitment must be 
balanced against the security needs of the nation. Prosecutorial secrecy cannot be absolute, and 
Rule 6(e) should not be read to protect it absolutely. Again, in almost every case of national 
security concern, such as terrorism investigations, criminal investigators are likely to reveal all 
facets of their investigations to the national security agencies and personnel involved in the 
investigations. Law enforcement already expects national security personnel to protect 
investigators’ secrets as intensely as they protect classified information, with generally good 
success. Given all that, there is no obvious policy reason why the fruits of one particular 
investigative technique — grand jury subpoenas — should be kept from DoD to protect the 
prosecutors’ interest in confidentiality. 


A. Dissemination of grand jury information to DoD should be permitted 


Given the weakness of the policy reasons for not sharing grand jury information, and the vital 
importance of allowing DoD access to information with a bearing on national security, the 
Justice Department should have taken a broad view of the dissemination authority already 
provided in Rule 6(e). As mentioned above, the rule allows dissemination to “such government 
personnel ... as are deemed necessary by an attorney for the government to assist an attorney for 
the government in the performance of such attorney’s duty to enforce federal criminal law”. (See 
Rule 6(e)(3)(A) and (C).) If the “duty to enforce federal criminal law” includes preventing or 
deterring assaults on networks of national security concern, sharing 6(e) information with DoD 
for that purpose is completely permissible. Since the rule also seems to leave the final decision 
to the attorney for the government and what he or she has “deemed necessary,” one would have 
thought that a broad interpretation was eminently sustainable. After all, courts have allowed 
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prosecutors to share 6(e) information with state bar grievance committees, judicial councils 
investigating a judge’s misconduct, and congressional committees considering impeachment. It 
is not unreasonable to conclude that protecting DoD networks from what may be state-sponsored 
attacks would be at least as important to the enforcement of federal law as disciplining private 
members of the bar. 


In 1997, however, the Office of Legal Counsel once again adopted a position that does little 
to accommodate the concerns of national security bodies. Despite the sweeping language of the | 
National Security Act, which commands all federal agencies to provide all intelligence-related 
information to the Director of Central Intelligence, OLC gives conclusive weight to one line 
from a 1983 Supreme Court decision, Illinois v. Abbot & Associates, Inc. In that case, the court 
refused to give state attorneys general access to federal grand jury testimony despite a federal 
law requiring the Attorney General to disclose information to state authorities in joint antitrust 
enforcement matters. In that context, the court declared that “we will not infer that Congress has 
exercised [its power to override grand jury secrecy] without affirmatively expressing its intent to 
do so." (See Illinois v. Abbot & Associates, Inc., 460 U.S. 557, 572-73 (1983)) 


In the light of the Supreme Court's language, OLC's reasoning here is more justifiable than 
its opinion on Title III, but it is still highly questionable. One may reasonably doubt that the 
Court would have applied the same reasoning in the context of legislation on national security — 
a field where Congress speaks only rarely and then in the most general terms. But OLC saw no 
reason to hesitate; it applied the Court's language without regard for context. This application 
would be moderately persuasive if OLC had been willing to accept the logical consequences of 
its position. But OLC faced the obvious risk that such a strict rule would lead to disaster in the 
real world — where criminal and national security concerns overlap ever more often. What would 
happen, OLC was asked, if grand jury testimony uncovered vital matters of national security that 
then could not be disclosed to intelligence authorities (e.g., a plot to bomb an allied government 
facility abroad)? In the face of this concern, OLC faltered. If such information was uncovered, 
OLC declared, the President would have "inherent" authority to receive and order the sharing of 
information covered by Rule 6(e). This of course is the only responsible answer. But if the . 
President has that authority, it is unconvincing to suggest that the President did not exercise it 
when he issued Executive Order 12333, which already requires all agencies to share intelligence 
information of any kind with the Director of Central Intelligence. 


In short, the 1997 opinion is internally inconsistent and deserves reconsideration in the 
context of a broader agreement on information sharing about network attacks. 


B. Materials obtained by grand jury subpoena should be shared with DoD. 


The restriction on sharing grand jury information raises a second question: what is the scope 
of this restriction? Clearly, testimony given before a grand jury is a “matter occurring before the 
grand jury.” If that were the full scope of the Rrule, it probably would not be worth discussion 
here; such testimony rarely figures in investigations of the sort that NIPC conducts. (Moreover, 
if the same statements are made in the grand jury and in interviews to agents prior to grand jury 
testimony, as is often the case, the interview notes can almost always be divulged without 
running afoul of Rule 6(e).) 


The problem is that Rule 6(e) can be read as extending not simply to testimony, but to 
documents and other information obtained by means of a grand jury subpoena. If Rule 6(e) is 
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read as barring DoD access to such information, it will impose significant barriers to prompt and 
easy sharing of information about network attacks with national security significance. 


This task force is not in a position to canvass all of the case law about how Rule 6(e) might 
apply to subpoenaed materials, except to note that there is some divergence in the courts on this 
point. Prosecutors have successfully argued in some cases that disclosure of subpoenaed 
materials might disclose the direction of the grand jury's inquiries? Given this tactical value to 
prosecutors of grand jury secrecy, it is understandable that the FBI and Justice Department have 
reason to give Rule 6(e) a broad scope. Even so, there is reason for concern that NIPC’s 
information-sharing protocol goes well beyond the requirement of Rule 6(e). For example, it i 
expressly states, “For purposes of this Protocol, Grand Jury information also includes any 
material obtained pursuant to a grand jury subpoena.” Itis not limited to testimony or even to 
materials that would disclose the grand jury's lines of inquiry. 


Whatever the reasons, it is difficult to see why the FBI or Justice should insist on this broad 
interpretation in the context of sharing information with DoD. Privacy concerns are particularly 
limited in this context. First, confidentiality agreements can be used to prevent DoD personnel 
from publicly releasing data in question. Second, whether subpoenaed information is protected 
by Rule 6(e) is often a matter of mere chance. Information identical to that obtained through a 
grand jury subpoena may usually be obtained by means of other criminal process that is not 
subject to Rule 6(e) — grand jury subpoenas are often used simply because they are faster or 
simpler to obtain than court-ordered discovery. Privacy is tenuous at best when it depends on the 
form that an investigator happens to fill out in the course of gathering evidence. And 
information should not be withheld from national security agencies simply because law 
enforcement used the path of least resistance to obtain it. 


C. Investigators’ use of grand jury subpoenas should be more effectively disciplined. 


If it proves impossible either to limit Rule 6(e) to grand jury testimony or to give full effect 
to the executive order already requiring intelligence sharing, the difficulties arising from Rule 
6(e) can still be minimized. Justice and the FBI could take internal action to greatly reduce the 
impact of Rule 6(e) on NIPC’s ability to share information. 


While it is legally necessary for the government to use some form of criminal process to 
obtain subscriber information from Internet Service Providers, investigators often have a choice 
of methods. They can obtain the information through grand jury subpoena or through an order 
under 18 U.S.C. $ 2703(d). Information gathered under section 2703(d) is not subject to Rule 
6(e) or its restrictions. The practical problem is that grand jury subpoenas are easier and faster to 
obtain — prosecutors need only show that the information sought is relevant to a criminal 
investigation. In contrast, obtaining a court order under section 2703(d), which would make a 
broader range of information available to investigators than that released pursuant to a subpoena, 
requires that the prosecutor state specific and articulable facts showing that evidence relating to a 
crime will be obtained, and present the proposed order to a judge. 


A prosecutor or investigator in a hurry is likely to use a grand jury subpoena without 
worrying much about the problems it will later cause to other agencies in need of the 


9 


Again, it is worth noting that this consideration is of doubtful weight in a context where investigators’ non-grand-jury 
inquiries are already thoroughly coordinated with national security agencies. 
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information. Current Justice Department policy encourages prosecutors to consider alternatives 
to grand jury subpoenas, but it is not clear that this suggestion is enforced by more than suasion. 
NIPC and Justice should establish rules prohibiting investigators and prosecutors from using 
grand jury subpoenas in investigating network attacks unless no other form of process will be as 
effective. Furthermore, investigators and prosecutors who persist in the use of grand jury 
subpoenas should be disciplined. The task force recognizes that sometimes speed is essential, 
and a grand jury subpoena is the fastest option. In that event, a second form of process should 
also be used to obtain the information in shareable form. 


D. Legislative and executive solutions should be explored. 


In the absence of (or in addition to) any other action, the position taken by OLC on sharing of 
grand jury information with DoD could be corrected, either by Congress or by executive order. 
Congress could make it clear that the National Security Act does indeed allow sharing of grand 
jury information with national security authorities. And the President could make it clear that 
Executive Order 12333 is intended to have the same effect. (In the context of national security, 
where the executive's authority is great, an executive order expressly requiring the sharing of 
Rule 6(e) information would very likely meet the “express statement" requirement set by the 
Supreme Court in Illinois v. Abbot.) 


Before turning to the next recommendation, it should be noted that Justice and NIPC both 
take the view that Rule 6(e) has not often been a serious obstacle to information sharing in the 
context of network attacks. The task force agrees that a properly administered interpretation of 
Rule 6(e) should resolve most of the concerns. At the same time, no one asserts that Rule 6(e) 
never has or never will cause difficulties in the context of national security or network attacks. 
Moreover, Rule 6(e) is one of the obstacles to information sharing that is invariably raised by 
law enforcement as an essentially unsolvable legal problem. Coincidentally, this *unsolvable" 
problem also prevents complete openness with non-law-enforcement personnel, and ultimately 
forces a sharp distinction between the groups. In the task force's view, this insistence on separate 
regimes is itself likely to be a source of continued conflict and inefficiency. Every effort should 
be made to reduce or eliminate legal and cultural barriers to a seamless interaction of DoD and 
law enforcement personnel in the area of critical infrastructure protection. 


RECOMMENDATION 1.5: 
NIPC should report directly to the Director of the FBI and the Deputy Attorney General. 


NIPC is — or could be — a vitally important interagency office. Assuming it can overcome the 
information-restricting policies criticized above, it has a large role to play in identifying and 
helping to respond to critical infrastructure attacks. 


At present, however, NIPC is buried deep under a heavy FBI bureaucratic structure. It must 
pass through several levels of review before it can reach a Presidential appointee of any kind. 
This of course has unfortunate consequences for the office itself, but the concern is for the 
interagency process. It simply is not credible for the head of NIPC to perform an interagency 
coordinating function if his decisions must clear through three or four levels of FBI review 
before they reach the Director (let alone the Justice Department). Other agencies with flatter 
hierarchies will be discouraged from participating in NIPC's interagency coordination process if 
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the decisions reached in that process are subject to reconsideration at the insistence of mid-level 
FBI officials. 


Indeed, some of the information-sharing disputes described to us festered longer than 
necessary because there was no ready way to escalate and resolve the issue at a level where some 
perspective could be achieved. 


The task force recognizes that offices the size of NIPC rarely report directly to the Director 
of the FBI. For administrative and budgetary purposes, it may make sense for NIPC to be 
subsumed into a larger whole. But for policy and interagency matters, it should have a direct 
line, at least to the Director. Because resort to a political appointee may often be necessary to 
resolve interagency disputes, the task force also believes that NIPC should have direct access to 
the Deputy Attorney General. 


RECOMMENDATION 1.6: 


As part of a satisfactory framework agreement, DoD should upgrade its contribution to 
NIPC. . 


Although DoD's contribution to NIPC staffing is the largest outside the FBI itself, DoD has 
not sent as many detailees as it could, nor has it taken all possible steps to make a detail to NIPC 
as attractive as possible. In part, this may reflect doubts about whether detailees will be able to 
provide value to DoD while serving at NIPC. Assuming that problem is solved satisfactorily, 
DoD should take action to make sure that it sends a larger contingent of experts and properly 
supports them while on detail. 


In general, this means that tours at NIPC should be two years, something toward which DoD 
now strives with only partial success. In addition, DoD should strongly consider making service 
at NIPC a "joint" assignment of the sort necessary for promotion to the higher ranks of the armed 
services. This would increase its attractiveness as a posting for military officers, and would help 
to ensure that NIPC is staffed with the highest quality detailees possible. 


RECOMMENDATION 1.7: 


DoD should clarify the role of NIPC in deciding how to respond to intrusions into DoD 
networks. 


Any institution faced with a hacker, especially a persistent and successful hacker, has to 
make difficult judgments about whether to give top priority to blocking the attack or to observing 
the attacker's modus operandi in the hope of learning enough to identify or neutralize him. ; 
Locking the attacker out stops the immediate hemorrhage, but it may simply teach the hacker to 
switch to tactics that are less visible to the defenders, making the situation worse rather than 
better. Additionally, blocking out the hacker eliminates virtually any possibility of identifying 
the attacker and ascertaining his motives. But watching and waiting means that the hacker will 
continue to exploit the system. 


The question for the government is: who should make the decision as to whether an attack 
should be blocked or watched? Within DoD the “block v. watch" decision is supposed to be in 
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the hands of the commander whose system is attacked. If more than one commander has 
information on the systems being attacked, the decision is evidently made by the Joint Task 
Force — Computer Network Defense (JTF-CND). At least one DoD element has made the 
decision to deploy tools that could tip off attackers, despite concerns expressed by law 
enforcement and perhaps other DoD elements about the "noisiness" of such tools. In the course 
of the debate over how to respond in that case, at least some DoD officials felt that NIPC and 
Justice were asserting the authority to influence the final decision. NIPC and Justice both deny 
any intent to assert such authority. Whether or not they did, the fact that neither should make 
this decision should be clarified in any agreement over NIPC's role in critical infrastructure 
decision making. 


At the same time, assigning responsibility for the decision is not the same as concluding that 
other agencies have nothing to offer the decision maker. NIPC has established a process for 
addressing “block v. watch" decisions. NIPC's structure calls for a “senior group" review at 
which all interested agencies are represented. The senior group is a consensus body. Although 
NIPC may convene meetings, the head of NIPC is not supposed to have any more authority than 
any other participant. The senior group review process apparently has been useful in some 
circumstances, producing consensus decisions about how to handle sensitive investigations. 


There are nonetheless some difficulties with this structure. It is not part of any formal 
understanding with any of the agencies involved. Thus, in the absence of a clearly defined 
decision path, it would be easy for people to believe that NIPC had assumed unilateral authority 
over a particular decision. In addition, it is difficult for NIPC's interagency process to truly be a 
“senior” group when NIPC cannot speak for Justice or the FBI without clearing several internal 
levels of review. 


There needs to be more clarity about the role of NIPC and the senior group in providing 
advice and making decisions about network attacks, including the “block v. watch" decision.! 
Neither this task force nor NIPC finds fault with the current DoD rule that this decision lies with 
the commander whose system has been attacked. This allocation of responsibility should be 
recognized in the agreement between DoD and NIPC. It might also be dealt with by a broader 

. interagency agreement or Presidential directive. But it is crucial that the authority to make the 
decision be clearly assigned, and recognized by all concerned parties. 


NIPC should not make independent judgments about what information intelligence 
agencies may and may not receive; in particular, it should no longer rely on its erroneous 
view of NSA's authorities as a reason for restricting distributions to NSA's information 
security organization. Additionally, neither NIPC nor the Justice Department's Criminal 
Division should have any role in deciding how DoD entities should share information with 
NSA or other intelligence agencies. 


The final area that should be clarified relates to information sharing with the National 
Security Agency (NSA). NSA has great resources and experience in this field. In addition to its 


10 It is also important to note that, at least at the outset of an attack, it may be difficult to determine with any precision which 
systems are involved in the attack and whether the attack is state sponsored. 
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well-known intelligence-gathering mission, it has direct responsibility for the security of DoD 
information systems. Its experience and analytic capabilities on both the offensive and defensive 
sides make it a valuable participant in any effort to defend against network attacks. Depriving 
NSA of information about network attacks should therefore require substantial justification. 


In actual practice, NIPC and Justice officials have shown considerable reluctance to give 
NSA information about network attacks, a reluctance that has often been justified by reference to 
legal concerns. But the need for clarification goes well beyond NIPC. In fact, even DoD itself 
has shown confusion about what information may lawfully be shared with NSA. 


NIPC in particular frequently suggested that information sharing with NSA should be 
restricted to prevent an intelligence agency from gaining access to information about U.S. 
persons. There are two problems with this approach. 


First, NIPC, the FBI, and indeed most of the Justice Department simply lack the expertise 
necessary to determine what limits apply to intelligence agencies' use of information. In general, 
intelligence agencies are barred from targeting Americans for surveillance, but they are not 
barred from reviewing information gathered elsewhere about Americans. (Any other rule would 
call into question the distribution of U.S. newspaper clips at intelligence agencies.) As a general ahs 
rule, legal restrictions on intelligence agencies are grounded in the conviction that the fearsome 
capabilities of these agencies should not be aimed at U.S. citizens. But information in the hands 
of NIPC has not been gathered by intelligence agencies. Thus, allowing intelligence agencies to 
examine such information for analytic purposes does not point U.S. intelligence capabilities at 
American citizens. 


Second, there is no reason to think that the usual intelligence oversight mechanisms are not 
functioning, or that NIPC or the Justice Department's computer crime experts should act as an 
intelligence oversight body. NIPC in particular should not seek to act as NSA's watchdog in a 
context where its actions might be construed as simply defending turf. In general, if there are 
questions about the lawfulness of intelligence agency access to particular information, NIPC's 
job should be limited to raising the issue with the relevant agency's general counsel, the Justice 
Department's Office of Intelligence Policy and Review, or both. 


Along the same lines, the Justice Department's Criminal Division has encouraged a much- 
too-narrow view of when DoD may share with NSA information that it acquires in the course of 
administering security measures. The Department of Justice's Computer Crime and Intellectual 
Property Section (CCIPS) has argued that a DoD systems administrator should not share 
information about attacks on DoD systems with intelligence agencies. This is a harsh limit, since 
it prevents NSA from analyzing hacker tactics even when the hackers are attacking DoD's own 
computers. The origins of this notion lie deep in Justice Department lore. But in the task force's 
view, that lore has little relevance in other contexts. 


Broadly speaking, Title III and its progeny make all intercepts of electronic communications 
illegal in the absence of a statutory exemption. This creates a potential problem for network 
operators and systems administrators, who often are exposed to the contents of communications 
over their networks and who sometimes actively monitor those communications to protect 
against security breaches. To make sure that this activity was not outlawed, Congress provided 
that the agents of a service provider may monitor communications “while engaged in any activity 
which is a necessary incident to the ... protection of the rights and property of the provider." In 
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reliance on this provision, system administrators may record every keystroke a hacker makes 
while on their systems. 


Sooner or later, instead of just watching the attacker, systems administrators may decide to 
call in the police. But unlike the systems administrator, the police may not simply record all of 
the communications of a criminal suspect, unless they have a court order. Faced with such a 
burden, the police are naturally tempted to ask the system administrator to continue monitoring 
for purposes of gathering evidence. To avoid this result, courts and the Justice Department have 
sought to prevent investigators from “tasking” service providers or otherwise turning systems 
administrators into agents of law enforcement. 


At some point however, the Computer Crime and Intellectual Property Section came to 
believe that, if police and prosecutors could not work closely with systems administrators, then 
neither could intelligence agencies like NSA. The theory was that Title IIT only allowed 
monitoring of networks for security purposes, not for purposes of law enforcement or 
intelligence gathering. 


There are two problems with this conclusion. First, it mischaracterizes NSA as simply an 
intelligence agency. While NSA does indeed gather signals intelligence, it also has another and 
quite separate mission — information security. This is carried out by a large office devoted 
entirely to providing information security for DoD. This office is not part of the intelligence 
community, it has no intelligence role, and for that reason it is not subject to the intelligence- 
targeting restrictions that apply to the intelligence side of NSA. In short, there is no reason to 
deny NSA's information security office access to information on the basis of intelligence agency 
limitations.!! 


Second, there is reason to doubt the Justice Department's assumption that if the police and 
prosecutors may not work closely with systems administrators monitoring a hacker, then no one 
may. In fact, police and prosecutors are subject to strict, court-enforced rules about how they 
gather evidence against criminals, and any deviation from those rules is likely to draw careful 
scrutiny. Therefore, for reasons having to do with public policy and judicial oversight, 
prosecutors are not allowed to circumvent those restrictions by “laundering” their evidence- 
gathering through systems administrators. 


This is the most reasonable reading of the system administrator exception to Title III. For 
many reasons, systems administrators need broad authority to conduct monitoring, and as long as 
that monitoring has a plausible relation to a security concern, their actions must be lawful. Any 
other rule would require systems administrators to walk a knife edge each day, with the constant 
threat of felony prosecution if their subjective motives were deemed to fall over the fine line 
between proper monitoring (for a security purpose) and improper monitoring (for some other 
purpose). If the monitoring has been performed lawfully, Title III gives systems administrators | 
virtually unlimited authority (under Title IIT) to disclose the results of the monitoring. 


!! To be fair, DoD has not always been clear on this point either. For example, doubts have been expressed about whether 
DoD logs showing the tactics of intruders can be shared with NSA analysts, since the nationality of the intruders cannot be 
known, though in many cases they hack in from U.S. hosts. The answer appears clear enough. First, the information 
security side of NSA is part of the DoD computer security apparatus. Anything that a systems administrator can review for 
security purposes can be shared with NSA's information security office. Since it is clear that doubts on this point remain 
even within DoD, it should be made plain both inside the DoD and in any framework agreement with NIPC. 
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On that reading, there is little or no basis for the Justice Department to question the sharing 
of DoD system administrator logs with NSA — or other intelligence agencies for that matter. The 
ultimate goal of that sharing is better network security, and the role of the intelligence agencies 
in analyzing and circulating information about attacks is in many ways similar to that of the 
Computer Emergency Response Team (CERT), which also circulates intelligence gathered from 
systems administrators about attacks on their systems.'” 


RECOMMENDATION 2: | 


A Standardized and Simple Set of Procedures Should be Adopted to Allow Unannounced ` 
“Red Team” Attacks on All DoD Networks Without Excessive High-Level Intervention by 
DoD Lawyers. 


The task force does not mean to leave the impression that all of the legal difficulties that have 
hindered DoD’s preparations for information attacks can be traced to NIPC, the FBI, or the 
Justice Department. Some have been home-grown. ~ 


The effectiveness of “red team” operations in uncovering vulnerabilities in government 
computer networks is undisputed. Indeed, these simulation attacks have done much to show just 
how unprepared the United States is to defend itself against a significant information warfare 
offensive. In the past, however, conducting a red team attack on a DoD element has required 
extensive internal approvals, climbing up both the tested and testing agency command structure, 
and culminating in DoD General Counsel and Secretary of Defense approval on a case-by-case | 
basis. This was because DoD took a belt-and-suspenders approach to the legality of red team 
intrusions. To ensure that there were no legal questions about the red team's right to gain access | 
to DoD computer files, DoD sought assurances that all users had consented to red team access, 
which could only be determined after a review of each system. Since DoD users receive consent 
notices regularly both in hard copy and through system banners, this should not have been 
difficult to establish, but in the early days of the program, great care was taken to double- and 
triple-check the consents for each system and each exercise. 


The task force believes that this degree of care is no longer necessary. The task force noted 
that DoD has made real strides lately in reducing the complexity of the red team approval 
process without any adverse consequences — and with real advantages in terms of security. The 
approval process is more streamlined, and red-teaming is no longer seriously constrained by 
determinations of consent. Nonetheless, the Secretary of Defense is still being asked to review 
individual red team exercises and certify consent. This is an unnecessary burden on the secretary 
and on the red-team process. Now that red-teaming is becoming a standard part of DoD security 
measures, the task force recommends that instead of reviewing individual exercises the Secretary 
simply certify periodically that DoD systems and users have consented to network monitoring. 


The fact that some of the information is circulated in classified form makes no difference; systems administrators 
themselves could choose to centralize corporate security information and circulate it to a limited number of trusted 
employees, and they could do so without worrying that gathering information for such purposes is somehow outside the 
scope of their legal authority. 
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RECOMMENDATION 3: 


Specific Legislative Revisions Should Be Made to Facilitate Interagency Information 
Gathering and Sharing. 


The proposals listed above focus on matters of agency policy and procedure that should be 
revised in order to facilitate more effective defensive information operations. The task force 
concentrated its attention on reforms that lie, at least in part, within the power of DoD. Of 
course, nothing would prevent Congress from acting to require a charter for NIPC, or from 
incorporating any or all of these recommendations for such a charter. But the task force sought 
to avoid issuing a report that was dependent on legislative action for its implementation. 


Nonetheless, it became clear in the course of task force discussions that the current legal 
framework for defending against information warfare is flawed in several ways that only 
Congress can cure. The task force did not proceed from the assumption that this framework 
requires a complete overhaul. Quite the contrary, we resisted recommendations for legislative 
action whenever we thought the problem could be resolved by a more reasonable administrative 
interpretation. Despite this resistance, the task force became convinced that some changes in 
existing law are appropriate if a unified and effective response to information warfare is to be 
mounted. The task force's proposals for a legislative agenda in this field are contained below. 


RECOMMENDATION 3.1: 


DoD should have the authority to seek information about network attacks through a civil 
investigative order, specifically to combat attacks on systems of national concern. 


Time and again, efforts to streamline information sharing have struggled with the structure of 
rules that has grown up around the class of information that is gathered in a criminal 
investigation. So long as information about attacks is gathered primarily through criminal 
investigative methods, that information will carry with it a set of legal and cultural rules that are 
hostile to the sharing needed to respond effectively to network attacks. 


Perhaps the most egregious example of forcing all information gathering into a criminal law 
straitjacket is 18 U.S.C. 8 2703(c). This provision of law limits the circumstances in which a 
service provider may disclose information about customers or subscribers to a governmental 
entity. For basic subscriber information (name, address and the like), the government must 
produce an administrative, grand jury, or trial subpoena. For more detailed "transactional" data 
about customers, the government must: (1) present a search warrant under the Federal Rules of 
Criminal Procedure or equivalent state warrant, (2) obtain a criminal investigative order under § 
2703(d), (3) have the consent of the subscriber or customer, or (4) submit a formal written 
request for name, address, and place of business when relevant to a law enforcement 
investigation of a telemarketer. See 18 U.S.C. 2703(c)(1(C).? 


Even the most minimally competent cyber attacker uses multiple “hops” between computers 
to launch attacks. This permits the attacker to cover his or her tracks much more effectively. In 
consequence, tracking hackers requires a series of investigations, essentially tracking backward 
from one host computer to another. Typically, authorities will be able to use a victim’s own logs 


B — Subparagraph (D) of the same section allows the gathering of certain information about subscribers using administrative, 
grand jury, and trial subpoenas. None of these subpoenas is suitable for most DoD inquiries, since one is criminal, another 
requires that a trial be imminent, and the third requires some administrative authority that is not obviously granted to DoD. 
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to identify the initial source of an attack; they then contact the system administrator for the 
computer that is the source of the attack, ask for access to the logs of that host, and try to 
determine who was logged onto the computer at the time of the attack so as to determine the 
second “leg” of the hacker’s travels. Once the second leg has been identified, the process is 
repeated, often many times. At every stage in this process, section 2703(c) limits the information 
that can be provided to government agencies. 


It is worth noting that the restriction imposed by section 2703(c) applies only to requests for 
information made by government agencies. Internet service providers (ISPs) may hand out 
subscriber information on street corners to all comers without violating any provision of law; 
they may sell subscriber information to pornography spammers without violating any provision 
of law. (As a practical matter, of course, most ISPs have instituted privacy policies that 
voluntarily restrict distribution of customer data.) More realistically, they may share information 
about network attacks with other ISPs and hosts on a real-time basis without having to stop and 
invoke the judicial process at all. But they will violate the law if they provide information to a 
defense agency — even in the midst of a serious attack — without first seeing a criminal 
investigative order. , 


This is a remarkable state of affairs, and not one intended by the drafters of section 2703(c), 
or so one would hope. In general, if a government site is attacked and seeks information about 
the source of the attack from the first "hop" in the chain, the ISP with that information runs a 
slight risk that section 2703(c) will be violated if he simply tells the government what he knows 
about the intruder. That is because at this stage no one knows who the hacker is. He could be a 
subscriber or customer of the ISP. Chances are that he isn't, but why should the ISP risk civil 
liability? The prudent thing is to demand a criminal investigative order. Thus, in the name of 
protecting customers and subscribers, the current law actually puts a significant barrier in the 
way of protecting those who use government systems. 


What's more, the provision essentially forces the government to treat all intrusions that 
require investigation as criminal matters. This serves no one’s interests. If the culprit is a 
juvenile, prosecution is unsatisfying for the government and damaging for the defendant. Both 
might be better off if, instead of always relying on criminal investigations, the government could 
also gather necessary information while pursuing only civil remedies, such as fines, 
compensatory payments, or tailored injunctive relief. Indeed, some of the most important 
hacking investigations have not produced significant criminal penalties — at least not in the 
United States. (One investigation that consumed vast amounts of government resources finally 
tracked the exploits to two California teenagers and a young Israeli. No significant criminal 
penalties were imposed in the United States, and the Israeli proceedings have not yet produced a 
final result. Similarly, a 15-year old boy in Canada is the only person arrested thus far in the 
celebrated denial-of-service attacks in early 2000. The perpetrators of the “ILOVEYOU” virus 
will not be prosecuted in the United States.) 


Allowing civil discovery in these circumstances is an option that deserves consideration. It is 
not without risks: ISPs and portals will not welcome any expansion of electronic 
communications discovery. At the same time, for DoD, there are advantages to information 
gained in a civil action. First, of course, it can be shared much more readily among agencies and 
through NIPC. It is not subject to grand jury secrecy concerns, nor to the Justice Department's 
restrictions on sharing information with NSC, nor is it likely to be “law enforcement sensitive." 
Indeed, since it would be gathered by DoD, it could be shared freely without even the restraints 
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imposed by FBI culture on NIPC. This factor becomes extremely important when the target of 
an attack is a computer or network that is crucial to civil and national defense. 


Second, being able to move from a purely internal defensive response to a civil investigative 
response will resolve another problem that has dogged DoD system administrators from the 
beginning of their work with Justice. This is the “prosecutorial agent" problem discussed above. 
In general, systems administrators may monitor as closely as they like those who intrude into 
their networks, without any legal prerequisites. DoD security officials have taken advantage of 
this fact, but they have complained that bringing criminal investigators into the matter often 
complicates their efforts to monitor an attacker. This is for the reasons described above — 
criminal investigators are acutely aware that they must have independent legal authority for 
intercepts and cannot turn a systems administrator into an agent of law enforcement. This is less 
of a risk if systems administrators are gathering information for a civil action." Thus, network 
security officers could move from purely defensive monitoring to a civil investigation, including 
requests for information from third parties, without ever running the risk that a court would treat 
those actions as showing that the investigation is "really" a criminal investigation. 


There are some drawbacks to the use of civil investigative authority. First, gathering data for 
the purposes of a civil investigation is complicated if, as with network attacks, there is a 
possibility of criminal prosecution. Second, DoD would need an appropriate civil discovery 
authority. And without some incentive to the ISP in question (such as an offer by DoD to pay 
the cost of expedited processing), the civil process could be significantly slower than a criminal 
one. Finally, many ISPs have instituted policies to provide notice to customers when law 
enforcement officials request data pertaining to them, a practice that effectively eliminates the 
secrecy of an investigation. Still, these are all issues that could be ironed out legislatively for the 
sake of protecting a nationally sensitive computer system. 


A final issue that will undoubtedly be raised in this context concerns privacy. Should DoD 
be able to obtain subscriber information in network attack investigations without meeting the 
requirements for a criminal investigation? One may begin by asking whether investigating 
attacks on national security networks are as important as investigating telemarketers, since 
Congress has already exempted telemarketing investigations from the criminal subpoena 
requirements. What's more, a civil discovery authority limited to network attacks would not 
expose hackers to any greater risk of investigation than they now face; almost all network attacks 
can be investigated as crimes using criminal process. If necessary, Congress could require 
precisely the same standard for the civil discovery order as for a criminal order. If so, only two 
things would be different. First, the government would not be required to begin every 
investigation as though it was destined to end in indictment, and the authorities would be able to 
shape their legal response more sensitively in the light of the intruder's age, motives, and status. 
Second, the information would be gathered directly by DoD rather than the FBI and Justice. 
Whether that raises privacy concerns depends on which agency is considered more of a privacy 
threat. Certainly, there is no reason to think that DoD should be barred as a matter of principle 
from discovery aimed at civilians; defense investigators already serve a variety of civil processes 
on DoD employees and contractors, as well as ordinary discovery orders in garden-variety civil 


^ No one thinks that private companies may not lawfully ask their system administrators to gather information about hacker 
intrusions that they intend to use to sue the hackers. If there are real fears that current law somehow prevents the 
government from following this example, the statute authorizing the civil suit could no doubt also authorize the use of such 
information in support of the suit and for other network defense purposes. 
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litigation. Properly structured, a civil discovery authority for network attacks would pose no 
greater threat to civilian privacy than the government's existing powers. 


Network security would be greatly advanced, and the privacy status quo would be preserved, 
by a legislative provision overriding section 2703(c) and permitting the collection of data under a 
civil investigative order when the target of attack is a system of national security importance. 


RECOMMENDATION 3.2: 


The gap between law enforcement and foreign intelligence authorities to intercept hacker 
attacks should be closed, by enacting a *network trespasser" exception to Title III or 
otherwise. 


Another somewhat surprising limitation on the ability of the FBI to gather information under . 
criminal authorities has emerged of late. Under the Foreign Intelligence Surveillance Act 
(FISA), once a factual predicate has been established — that the target of an investigation is an 
agent of a foreign power — intercepts may be maintained for relatively long periods of time. A 
Title III intercept, however, must be renewed every thirty days, with the Justice Department 
obligated to persuade the presiding judge that the tap is crucial to an ongoing criminal 
investigation. 


But hacking investigations may take years without bringing investigators significantly closer 
to actually indicting a particular human being. Continuing the intercepts may be crucial to 
gathering information about the techniques used by the hacker and gathering clues about the 
hacker's identity and motives, but the process can be a slow one. 


Sometimes a Title III intercept shows that the hacker is probably based abroad, and in such 
cases, over time, a criminal investigation will begin to appear futile. Hacking may not be a crime 
in the suspected country of origin, or the hacker may not be extraditable, or it may be impossible 
to get the cooperation of the local police. Gradually, the intercept begins to have less and less 
value as a criminal investigative tool, even though maintaining the tap may be highly important 
from an intelligence point of view. Sooner or later, then, prosecutors (at least the prosecutors in 
the Computer Crime and Intellectual Property Section (CCIPS) which is the source of this 
concern) are likely to reach the conclusion that the legal standard for continuing the wiretap is no 
longer satisfied. At that point, the prosecutors will refuse to seek additional wiretap authority — 
even though a criminal intrusion is still occurring, and even though the evidence may suggest 
that the intrusion is sophisticated enough to be state sponsored. The CCIPS view is that Title III 
is not an intelligence-gathering authority; unless a criminal case is in the offing, the tap must end, 
notwithstanding the value of the intelligence to national security. Of course, if it is clear that a 
foreign government is involved, a foreign counterintelligence tap can be initiated, but this is 
rarely clear. The result is that important intelligence about network attacks will be lost. In short, 
there is a very real possibility that foreign hackers will be able to attack DoD systems without 
any wiretap monitoring because both existing law enforcement and counterintelligence 
authorities are too narrow. 


B FISA permits the surveillance of the agent of a foreign power under a court order, which must be renewed every ninety 


days. The foreign power itself may be targeted for an entire year under a court order pertaining to FÍSA. 
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For this and other reasons (e.g., statutory information-sharing restrictions), Title III intercepts 
are an unappealing way to gather information about hacking efforts. That said, it is unclear what 
alternatives exist unless Congress addresses the problem. In that regard, two approaches should 
be considered. 


First, the Justice Department, or at least CCIPS, would welcome DoD support for a 
“trespasser” exception to the protections of Title IM. In essence, this would deny any statutory 
expectation of privacy to persons who are trespassing on another person’s computer network. 
This is indeed an appealing approach, as hackers should not have any expectation that the signals 
they send to the systems of victims will be free from monitoring. This proposal has circulated 
within the Justice Department but has not been advanced officially. DoD should support such a 
measure. 


A second possibility is to seek amendments to FISA that would allow the courts to presume 
that a foreign power is involved when attackers hop through hostile countries, attack critical 
systems, and/or use techniques that are thought to be particularly sophisticated or otherwise 
characteristic of foreign powers. There is some room for making this argument in the context of 
existing law, but it would obviously be easier if such considerations were part of FISA. 


In so saying, the task force does not underestimate the difficulties of such a modification. 
The nation will not — and should not — tolerate long-term intelligence surveillance of Americans; 
no one wants to authorize FISA intercepts that turn out to be aimed at the activities of California 
teenagers. While it is likely that that result can be avoided if sufficient care is exercised in 
defining the events that justify such surveillance, any such amendment to FISA would need to be 
carefully drafted, vetted, and debated. Before making a change, it would be appropriate to ask 
(as task force members could not, being limited to a secret clearance) whether it is possible to 
utilize overseas intelligence collection resources to gather information on the attack, thus 
avoiding the need to invoke FISA at all. Intelligence collection efforts outside of the United 
States face fewer restrictions on gathering information relating to attacks than do domestic law 
enforcement investigations. For a variety of reasons, the task force thinks it unlikely that this is a 
complete answer, but it should be examined with care by DoD before making a final decision on 
the kinds of legislative changes that are appropriate to address the pressing problems that have 
been identified above. 


RECOMMENDATION 3.3: 


Procedural improvements should be made to streamline the "trap-and-trace" process and 
to allow emergency data requests under Electronic Communications Privacy Act (ECPA). 


A. Trap-and-trace improvements. 


When a network attack is being investigated, it is normal to obtain, first, a $ 2703(d) order 
for information already in the hands of the first ISP in the chain of attacks, and, second, a trap- 
and-trace order authorizing future information collection for law enforcement purposes. 


The use of trap-and-trace orders, however, has not been free from difficulty. Trap-and-trace 
orders are ordinarily obtained in the jurisdiction where the trap-and-trace device is to be placed 
(Le, in the jurisdiction of the service provider). Since the Internet has little interest in 
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geography, it is typically the case that every leg of a hacker's journey terminates in a different 
city, and with a different service provider. Often these providers are located in different 
jurisdictions, and obtaining the requisite orders can cause delays. Delay is the enemy of any 
investigation, but particularly of hacking investigations, as hackers often change their patterns 
regularly, sometimes as frequently as every few hours or minutes. 


Delays in obtaining trap-and-trace orders for facilities in particular jurisdictions disrupt the 
ability of investigators to trace back along a hacker's attack chain. In particular, if there is a live 
connection, tracing back an attack quickly is difficult because each step in the chain may require 
à new order (because the carriers may be in different jurisdictions), each based upon the | 
information discovered in prior orders. Moreover, the review by multiple courts does not 
substantively protect any rights, since the court in the victim's jurisdiction has already 
determined the appropriateness of the trace, and other courts are merely effectuating the order of 
the first court. Timing is also critical where the investigation concerns an attack that has already 
taken place, as the investigating agency must obtain a court order to trace the attack through 
activity logs before the service providers whose networks are used in the attack overwrite their 
records. 


In response to this concern, investigators have expressed interest in obtaining a single 
national trap-and-trace order that could be served progressively on each service provider who has 
been the inadvertent host of a hacker on his journey. 


In general, such authority would reduce the time it takes to track hackers, though there are 
many reasons for delays in tracking hackers from one computer to the next. Obtaining trap-and- 
trace orders is a contributor to those delays, but it is not the only contributor. For example, even 
with a nationwide order, it will still be necessary for the authorities to go from provider to 
provider in an achingly sequential fashion. This "one step at a time" approach is an 
unquestionable source delay in some hacking investigations. 


Given these limitations, a nationwide trap-and-trace authority is not a panacea. But it would 
have some value to Justice and DoD in seeking to find network attackers as quickly as possible. 
For that reason, it deserves support — so long as that support does not detract from the other, 
higher priority, legislative reforms set forth earlier. 


B. Emergency authority under ECPA. 


A second revision also deserves consideration. Currently, there is no statutory provision for 
government to obtain information quickly under the ECPA in situations of extreme urgency. 
This is an oddity, since wiretaps, presumably much more intrusive, may be initiated without a 
judicial order in “emergency situations." In such cases, where a communication must be 
intercepted "before an order authorizing such interception can, with due diligence, be obtained" 
(and where there are sufficient grounds to assume that an order would ultimately be granted), an 
intercept may be conducted in absence of authorization, provided that approval of the intercept is 
requested within forty-eight hours after “the interception has occurred, or begins to occur.” (See 
18 U.S.C. § 2518 (7) ) 


" Emergencies are defined as involving: 


G) immediate danger of death or serious physical injury to any person; 
Gi) conspiratorial activities threatening the national security interest; or 
(iii) conspiratorial activities characteristic of organized crime 
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The information that can be obtained through a subpoena or section 2703(d) order is 
sometimes equally essential to the investigation of a hacker attack, and providing specifically for 
emergencies would be useful It would also protect the interests of ISPs and those under 
investigation. As things now stand, the lack of a statutory emergency provision means that in an 
emergency law enforcement agencies put heavy pressure on ISPs to release information even 
before the authorities can produce an order. The release of this information (which almost 
always happens) can expose the ISP to liability for violation of its privacy policy, and can cause 
law enforcement authorities to come to rely on the emergency justification (even in cases where 
the emergency isn't all that clear). In the long run, as customer privacy becomes the subject of 
greater scrutiny in state and federal legislatures, ISPs may discontinue their current practice and 
refuse to release any information in the absence of an order. The current provision in Title III 
allowing emergency wiretaps should be extended to court orders and subpoenas as well. 


RECOMMENDATION 3.4: 
Federal Rule of Criminal Procedure 6(e) should be modified to allow sharing of grand jury 
information relating to national security. 


The task force has already discussed (see Recommendations 1.3 and 1.4) information- 
sharing burdens that are created by the use of grand jury subpoenas or Title III intercepts to 
gather information about network attacks. The task force recommended several ways in which 
these problems could be solved through reasonable accommodations of the national security by 
Justice and NIPC. In the event that these agencies are not prepared to make those 
accommodations, it may be necessary to overcome these obstacles legislatively. No one believes 
that either Title III or Rule 6(e) was written deliberately to exclude sharing for national security 
purposes. Very likely, it simply did not occur to the drafters to include a national security 
provision. Curing this oversight legislatively, perhaps simply by clarifying the existing National 
Security Act, ought to be a live option. 


RECOMMENDATION 3.5: 


Legislation should be enacted to encourage voluntary private-sector cooperation in hacking 
investigations, specifically to quell concerns that sensitive or proprietary information might 
be disclosed publicly. 


Much has been made above of the legal barriers that prevent the government's access to or 
sharing of information when conducting hacking investigations. These are by far the most 
significant obstacles to efficient defensive information operations. They are not the only 
barriers, however, as even information that investigators could lawfully acquire is sometimes 
kept out of reach. 


The investigation of cyber attacks need not be a one-way event, with law enforcement 
issuing various orders for information and service providers consequently handing it over. An 
ISP that falls victim to a hacker attack may justifiably hand over information about the attack, at 
the very least to prove that a crime has taken place. All too often, however, the private sector 
resists such voluntary cooperation with law enforcement. There are a number of reasons for this 
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reluctance, most notably a fear that the information shared may be released under the Freedom of 
Information Act (FOIA). 


So much of the nation's critical infrastructure is based in private hands that the importance of 
that sectors voluntary cooperation in investigations on network attacks should not be 
underestimated. This being the case, the government should adopt reasonable measures to 
encourage this cooperation. Agencies should be encouraged to expand the use of nondisclosure 
agreements in gathering information on network attacks. In addition, it would be worthwhile to 
consider supporting legislation that would restrict from FOIA disclosure any information that a 
service provider shares in conjunction with a hacking investigation (legislation to this effect was d 
introduced in the last Congress and will likely be reintroduced). Such legislation should be 
narrowly tailored, so as to avoid creating an exemption behind which companies could conceal 
evidence of unlawful business practices from public discovery. Even with these limits, the 
provision could have significant benefits for investigators of network attacks. 
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ANNEX G 


Defense Science Board Task Force 
on 
Defensive Information Operations 


Thought Pieces 
TAB G-1 Oversight and Management of the 
GIG Executive Director 
TAB G-2 The Problem Continuum from Data to Understanding 
TAB G-3 The Insider Threat & The Low and Slow Attack 
TAB G-4 Red Teaming and the Cyber Operations Readiness 
Triad (CORT) 
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TAB G-1 


ISSUE PAPER 


OVERSIGHT AND MANAGEMENT OF THE GIG EXECUTIVE 
DIRECTOR 


Issue: Why the CIO Executive Board and the MCEB are not the right management vehicles 
to provide oversight and governance for the GIG Executive Director as recommended by the 
DIO DSB. 


Background: The DIO DSB has recommended that at DoD "Information Superiority" 
Board of Directors (BoD) be established to provide oversight and governance for the GIG 
Executive Director, an office which would provide systems engineering resources for the Global 
Information Grid. The membership of this BoD would consist of: Chair, DEPSECDEF, 
USD(AT&L), Vice Chairman of the Joint Chiefs of Staff, ASD(C31), and the DDCI. 


Discussion: 


e DoD CIO Executive Board: The current charter of the DoD CIO Executive Board is 
contained in the DEPSECDEF Memo Subj: DoD Chief Information Officer 
Executive Board, 31 March 2000. This charter states that the Council is the principal 
forum to advise the DoD CIO on the full range of matters pertaining to the Clinger- 
Cohen Act (CCA) of 1996 and the Global Information Grid. Additionally, the Board 
also coordinates implementation of activities under the CCA, and exchanges pertinent 
information and discusses issues regarding the GIG, including DoD information 
management (IM) and information technology (IT). The primary mission of the 
Board is to *advance the DoD's goals in the areas of IM, information interoperability 
and information security between and among Defense Components." The Board also 
coordinates with the IC CIO Executive Council on matters of mutual interest 
pertaining to the GIG. Its management oversight includes recommending, reviewing 
an advising the DoD CIO on overall DoD IM policy, processes, procedures and 
standards, as well as to oversee all aspects of the GIG to support the DoD's and IC's 
mission and business applications. This includes the collaborative development of IT 
architectures and related compliance reviews; management of the information 
infrastructure resources as a portfolio of investments; collaborative development of 
planning guidance for the operation and use of the GIG; and identification of 
opportunities for cross-functional and/or cross-Component cooperation in IM and in 
using IT. The Board's Architecture Management responsibilities include ensuring the 
collaborative development of architectures as specified in the CCA, and ensuring that 
processes are in place to enforce their standardized use, management and control, as 
well as aligning IT portfolios with the GIG. Although the Board has budgetary 
review authority for IT investments, and can make recommendations, it has no direct 
budgetary authority. It also has no authority, either review or management oversight 
into the warrior components of the GIG. The membership of the DoD CIO Executive 
Board includes: 
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- Chair: DoD CIO (ASD(C3D) 


- Members: CIOs of the Military Departments 


CIO, Joint Staff 

USD(AT&L) 

USD (P) (Policy) 

USD (C) (Comptroller) 

USD(P&R) (Personnel and Readiness) 

ASD (C3I) (usually the Deputy CIO) 

Director PA&E (Program Analysis and Evaluation) 
J6, Joint Staff 

OPNAV N6 

Director, Communications and Information, USAF, AF/SC 
IC CIO 

CIO, JFCOM (Joint Forces Command) 


- Security Advisor: DIRNSA 
- Technical Advisor: Director, DISA 
- Legal Advisor: DoD General Counsel 


e MCEB: The charter of the MCEB is contained within DODDIR 5100.35 dtd 10 Mar 
1998. The MCEB is supposed to consider those military communications-electronic 
matters, including those associated with National Security Systems(NSS) referred to 
it by the SECDEF, CJCS, the DoD CIO, Secretaries of the Military Departments, and 
Heads of DoD Components. The mission of the MCEB is to obtain coordination 
among the DoD components, between the Department of Defense and other 
Governmental Departments and Agencies and between the DoD and representatives 
of foreign nations on matters under the MCEB jurisdiction. The MCEB provides 
guidance and direction to the DoD components and advice and assistance as 
requested. The membership, as listed below, is primarily the communications 
activities in the listed components, who have little, if any, authority over IT issues in 
other portions of their component. The MCEB has no budgetary review or execution 
authority over any component, nor is there any mechanism within the MCEB 
structure for enforcement of non-compliance with decisions. The relationship 
between the MCEB and CIO Executive Board is still being discussed, but in effect, 
the MCEB is a subordinate activity under the direction of the CIO Executive Board 
and recommendations referred to that Board for final decision. Membership of the 
MCEB includes: 


- Chair: Joint Staff, J6 


- Members: Vice, J6 


DISC4, U.S. Army 

OPNAV, N6 

HQ USAF, SC 

HQMC, C4 

USCG, Assistant Commandant for Systems 
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Director, DISA 
Director, NSA 
Director, DIA 


e General: Neither the DOD CIO Executive Board nor the MCEB have the 
membership or authority over budgets and execution activities envisioned as 
necessary to ensure the GIG is built and managed as intended. Without that level of 
authority over all elements of the GIG, the architecture is subject to interpretation by 
each component based on their needs, rather than the needs of the entire organization. 
There is also little incentive to address cross-cutting issues in a coherent fashion when 
the funding for these programs is provided via Title 10 channels without some 
mechanism to force cooperation. Because of the Title 10 and DoD versus 
Intelligence Community issues, the only level of management senior enough to cross 
this bridge is at the DEPSECDEF level. Additionally, neither of these two boards has 
a direct oversight responsibility over any specific office or function which carries out 
its direction such as the relationship described between the GIG Executive Director's 
office (a function which does not currently exist) and the DoD "Information 
Superiority" Board of Directors. 


Recommendation: That a body as described for the DoD "Information Superiority" Board 

” of Directors be established to provide oversight for the implementation of the GIG. With the 

establishment of such a body, the relationship with existing organizations (i.e. CIO Executive 
Board and MCEB) must be defined and roles, missions and responsibilities clarified. 
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TAB G-2 


THE PROBLEM CONTINUUM - FROM DATA TO 
UNDERSTANDING 


One problem of great concern in today's information age, is the overwhelming volume of 
data and information readily available over the Internet and through the wide range of sensors 
that support DoD activities. The push to provide more information to the commander in the field 
has many commanders concerned that they will be so overwhelmed with data and information 
that it may actually impede the decision making process. 


The key to remedying this problem is recognizing and enabling the transition from data, to 
information, to knowledge, and ultimately to understanding. The concept of "Decision 
Superiority" put forth in Joint Vision 2020 requires a greater level of understanding in order to 
make timely and accurate decisions. DoD must identify those technologies and tools that will 
ensure the rapid transition from data to understanding, investing today, to build a capability that 
will enable Joint Vision 2020. Simply pumping more data to the front lines is not the answer. 
Joint Vision 2020 necessitates a more balanced approach including: 


e Decreased dependence on data. 
e Increased ability to identify key information. 
e Larger degree of knowledge based on key information. 


e Clear understanding of the information picture in order to gain and maintain Decision 
Superiority. 


The variety of available and soon-to-be available tools and technologies that support this 
effort is staggering. Visualization, analysis, and security tools are the centerpiece of the 
technologies that will enable this transition from data to understanding. Specific categories 
worthy of investigation include: 

e Visualization Tools: 

- Data mining 

- Data warehousing 

- Pattern recognition 
- Profile search agents 


e Analysis Tools: 
- Modeling & Simulation 
- Automated data analysis 
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e Security Tools: 
- Intrusion detection 
- Keycontrol 
- Data filtering 


The enclosed slides, developed in support of the 1999 Defense Science Board Summer 
Study, provide further clarification of these critical areas, and the critical transition from data to 
understanding. 


What We Have vs. What We Need 


* information Superiority, like information assurance, is dependent 
on taking a large volume of data, sifting through it to gain key 
information, leading to knowledge that can be applied as 
understanding. 


* What We Have: 


=. Data 1 E oladya : Muratin 


— Today, the US can gather a vast amount of data through a 
variety of sources and sensors. 

— Some of that data can be sifted to find the nuggets of key 
information. 

— Alesser amount is converted to knowledge, and even less is 
really understood. 
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What We Have vs. What We Need 


What We Need: A More Balanced Approach... 


Data Information | Knowledge | Understanding 


— Decreased dependence on data. 
— Increased ability to identify key information. 
— Larger degree of knowledge based on key information 


— Clear understanding of the information picture in order to 
gain and maintain Information Superiority. 
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TAB G-3 


THE INSIDER THREAT & THE LOW AND SLOW ATTACK 


The threat to U.S. information systems is becoming more and more prevalent as state 
sponsored terrorists, nation states, and organized crime groups enter the world of cyber warfare. 
Perhaps the most dangerous threat, however, is the insider and the low and slow attack. 


The GartnerGroup published a report in October, 1999, entitled "Information Security Hits 
the Front Page: How Safe is Safe Enough?" One of the central themes of that report was the 
danger and likelihood of the insider threat. The following graphic, extracted from the report, 
demonstrates their conclusions: 


Internal Process Knowledge 
High 


Greatest 
Threat 


High 


Technical 
Literacy 


Source: GartnerGroup 
Report 5605 


The key is as follows: 


1) A person with low technical literacy and low internal knowledge is an 
insignificant threat (bottom right box). 


2) A person with high technical literacy and low internal knowledge can be a bother 
(demonized) but is insignificant (top right box). 


3) However, a person with low technical literacy and high internal knowledge (the 
*dumb" insider) is a significant threat (bottom left box). 
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4) Finally, a person with high technical literacy and high internal knowledge (the 
"smart" insider) is the greatest threat (top left box). 


DoD released the "Insider Threat Mitigation Report" in April, 2000, citing this threat as "real, 
and very significant." The report cites four basic sources of insider security problems: 


e Maliciousness 

e Disdain of security practices 
e Carelessness 

e Ignorance 


The report further states that the majority of insiders "are hardworking and dedicated to their 
professions" and "understand the importance of their work to the nation." The greatest concem, 
however, is the significant damage a single "malicious" insider could cause. The report 
continues by stating, "The insider has the capability to disrupt interconnected DOD information. 
systems, to deny the use of information systems and data to other insiders, and to remove, alter 
or destroy information. Consequently, the insider who betrays the authorities, trust and 
privileges granted to them may be aided in their malicious activity by the very information 
systems upon which the department depends." 


The report also addresses the Defense Department's heavy reliance on commercial off-the- 
shelf information systems, adding to the complexities in detecting and dealing with insider 
threats. The report contends that DoD "has little or no knowledge of who developed the systems 
and, therefore, no measure of the trustworthiness, reliabilities or loyalties of those individuals". 
The report acknowledges that individual developers of COTS products "would have an 
extraordinarily difficult task to target a particular customer because COTS products tend to be 
produced in large quantities and shipped to customers as an activity that is independent of the 
individual developer. However, the potential for accepting an error-filled COTS system is real, 
and demonstrates that "cyber-outsiders can quickly attain many characteristics of an insider". 


When this type of infrastructure is attacked from the inside, the results can be catastrophic. 
The knowledgeable insider has the know-how and the access to delete, modify, or transfer 
critical data, and may be capable of affecting hardware capabilities through inside attack as well. 
Add the potential for the low and slow attack, and most network security systems are not capable 
of detecting unauthorized activity. The low and slow attack is an instance where the attacker 
uses low visibility access and may not expect or require results for an extended period of time. 
Data transfers or modifications may be time delayed until the time of the attacker's choosing, or 
trap doors and trojan horses may be installed for subsequent execution. 


The problem is further complicated by the frequent focus toward a perimeter defense 
mentality to keep out unwanted outsiders, based on the well-published concerns about outside 
hacker attacks and cyber-terrorism. The real issue is the fact that all of those technological 
safeguards designed to keep hostile computer attacks out won't help with the disgruntled insider. 


Government (GAO) statistics indicate that the average cost of an outside hacking incident 
was $57,000, while the average cost for a serious insider hacking incident was $2.7 million. This 
discrepancy merits serious attention if DoD is to have any hope of securing its networks. 
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TAB G-4 


*THE CYBER OPERATIONS READINESS TRIAD (CORT)" 
VULNERABILITY ASSESSMENTS (VA) 
VULNERABILITY EVALUATIONS (VE) 

RED TEAMING (RT) 


BACKGROUND: 


Recently, ASD(C31I) has asked where the Discover Vulnerabilities (DV) process and IO Red 
Teaming fits into the larger picture of DoD "force readiness protection" and Defensive 
Information Operations (DIO). ASD(C3D has also asked the question; “Does DoD actually have 
a standing DIO Red Team? The answer to that question is yes. NSA is DoD's Red Team, and is 
the team of choice to do adversarial Red Teaming within DoD. The larger issue of a total look at 
cyber force readiness as well as Red Teaming is a timely one as the DV process begins to take 
shape in DoD. Questions like, where does DV belongs in DoD; who is the lead organization; 
who leads overall technical training of the force; how do we measure readiness; what are the 
standards/metrics for Readiness; and the question of Defense contractors assisting in meeting the 
extensive tasking are of importance. 


PURPOSE: 


This white paper will describe: 


e The existing discover vulnerability (DV) process within NSA, recommendations for 
potential modification to the process, and a possible win-win solution to current | 
operations with regard to the use of the civilian contracting community. 


e The IO Red Team process, it's role in force readiness protection and Defensive 
Information Operations (DIO) and what Red Teaming could evolve to based on 
NSA’s experiences from Eligible Receiver (ER) and the 40+ exercises conducted 
since then. 


DISCUSSION: 
NSA and the Services. 


The NSA Red Team, as part of NSA's Information Systems Security Organization's (ISSO) 
mission, is to improve the Operational Readiness (OR) & Defensive Information Operations 
(DIO) posture of DoD and it's components. The NSA Red Team is an interdisciplinary and 
sophisticated “opposing force” (OPFOR) that utilizes active and passive, as well as technical and 
non-technical capabilities to expose and exploit customer IO vulnerabilities in order to improve 
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operational readiness. Based on Red Team findings, timely feedback is provided directly to the 
customer consisting of their vulnerabilities as well as specific recommendations and 
countermeasures to thwart potential real-world exploitation of their computer and network 
systems. 


Organizations "stressed" by NSA's Red Team operations gain a sense of their general cyber 
readiness by measuring effectiveness in protection, detection, response, and reconstitution during 
Red Team exercises. Upon customer request and negotiated between the customer and the NSA 
Red Team (also incorporated into the "Rules of Engagement" (ROE)), the NSA Red Team may 
use cooperative partners & alliances to work as a true OPFOR covering more than one pillar of 
IO. In the past, the NSA Red Team has partnered with other internal NSA organizations, as well 
as CIA, DIA, JTF/CND, NIPC, DHS, AFIWC, LIWA, FIWC, SOCOM, and the Military 
Services. 


It is an over statement to say that the readiness posture of individual DoD organizations . 
varies widely across the Department. Some of the component organizations within the CINCS, 
Services, or Agencies maintain highly effective DIO programs, while others place less emphasis’ 
on securing of their networks. Reasons vary for this dilemma, but are telling. For the Services, 
the total number of people who are highly skilled at discovering and exploiting vulnerabilities 
remains small, and their time and efforts must be managed wisely. Further, the quantities of such 
persons are uneven across the Services. For this reason, the Services play up to their strengths, 
offering a range of assessment services that maximizes their skill usage. The bottom line for the 
Services is that they cannot yet muster the critical mass of personnel skilled in the area of DV. 
The CINC's are not in much better shape, as they draw on the Military Services for their 
technical manpower. Currently, NSA is the only DoD entity that has the ability to focus full-time 
on computer and network vulnerability discovery at all levels of the process. It is NSA's view 
that it should be designated as DoD's EA for Discovering Vulnerabilities (DV). We have the 
talent and know-how to organize DoD in the DV process. However, it is also our view that the 
DV process requires refocus and a relook on where DoD needs to concentrate limited. 


THE PROCESS: 


We see the DV methodology as a cyclic process composed of 3-levels of service surrounded 
by OPSEC. The process is called “THE CYBER OPERATIONS READINESS TRIAD (CORT), 
and it’s main goal is to improve the cyber security of DoD. The initial level, called a | 
Vulnerability Assessment or Infosec Assessment, provides a high-level review of a customer's 
automated information system (AIS) security policies, plans, and procedures to determine if a 
minimal level of protection is in place. This is what is known as a Level 1 assessment. No legal 
authority is required to conduct this assessment. These people are responsible to support DoD 
and DoD/NllI-associated partners. Due to increased customer request for this service, and 
working with the National Institute of Standards (NIST) and the DIAP, we have initiated the 
Information Security System Capabilities Maturity Model (ISS-CMM) process. This process 
invites the Defense contracting community to become "authorized", via a validated training 
program, to conduct Level 1 assessments to the same level as NSA. The only difference in the 
end result is the customer and Contractor negotiate a price for the assessment conducted. For this 
level of assessment, the contracting community is technically suited to conduct level 1 
assessments and is a workable solution to PDD-63 customer concern over DoD evaluators in 
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their systems. The second level of assessment (Level I) is called a Security or Vulnerability 
Evaluation. This process looks past the basics and provides an in-depth technical analysis of a 
customer's information system(s). The objective is to identify any and all vulnerabilities (not 
just those associated with a specific threat agent) and assist the customer organization in 
addressing them. This type of DV evaluation requires NSA general counsel (AGC(D) and DDI 
approval to touch a DoD customers networks or computer systems. In order for final approval, 
the customer must meet certain criteria and standards when requesting NSA to actually “touch” 
the network. This is an extremely technical operation and requires a certain skill-set to complete 
the task. Heretofore, NSA has been the only DoD element to conduct this in depth testing on a 
system or network. It is our experience that the Military Service elements conduct varying 
degrees of Level 1 and Vulnerability Evaluations and each conducts these services to a 
component with their own set of standards. JO Red Teaming is the third (Level IIT) and final 
level of service. It is normally reserved for larger DoD elements and other customers who are 
looking to test their networks and cyber security in an exercise environment, either as a no-notice 
Red Team-only evolution or as part of a larger exercise; e.g., the Marine exercise URBAN 
WARRIOR. SECDEF approval is required to conduct these operations and due to the 
complexity and technical nature of Red Teaming operations, NSA remain the only operative 
element to conduct this type of Red Teaming. Further dialogue is required to come to closure on 
where the Military Services and the Defense Contracting community play in the Vulnerability 
Evaluation (Level II) process and Red Teaming and what standards/metrics are required. 


Once Red Teaming is performed on a system and/or network(s) the customer would 
optimally reevaluate where they are in their respective security environment and then via the 
Vulnerability Assessment Vulnerability Evaluation, or Red Teaming process, relook at what is 
required to secure their networks. This continuous process is a strong and proven force in 
“raising the bar for readiness" on computer and network security. It is this paradigm under which 
the NSA DV process operates, and that we believe should be required within all DoD 
Components. 


DEFINITION: 


A Red Team, as defined in the draft of DoD Directive 3600.3 “DoD Information Operations 
Red Teaming” is: 
"An independent, threat-based, and simulated opposition force that uses passive, 
active, technical, and non-technical capabilities on a formal, time-bounded basis 
to expose and exploit information system vulnerabilities of friendly forces." 


The directive further states that: 
"The goal of Red Teaming is to improve the readiness and defensive IO posture of 
DoD Components. " 


In general, a large portion of the Defense community concurs with the DV process, however, 
there remains many entities throughout the Department, other government agencies, and the 
private sector who do not subscribe to, define as, or conform to conducting vulnerability 
discovery in this manner. It is our sense that the DV process be standardized across the board. 
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Should NSA be given the EA responsibility for DV in general, it is our view that we would 
further refine and adjust the process for use in DoD. 


THE PRIVATE SECTOR: 


The DV process covers three levels of service. We believe the private sector can play a 
pivotal role in filling the Departments needs in the DV process where we (NSA, DoD Services, 
Agencies, etc) are over tasked and lacking, in some areas, skilled personnel. It is our sense that 
the VA and VE process, where appropriate, can be assisted by the Defense contracting 
community if trained and certified appropriately. Although a relatively new endeavor, the ISS- 
CMM for the VA process is proving a workable alternative. Equally, we believe if structured 
properly, and a system set up to assure the results are equal to the existing VE process, that 
private sector could assist in that part of the DV process, as well. However, NSA has not yet 
initiated an effort to begin the training and certification process for vulnerability evaluation (level 
ID work. If tasked, the strategy is to slowly build-up competencies for Level I assessments 
within Industry, and then grow additional expertise from there. Our vision is to ultimately share 
with the private sector requirements for Level IL evaluations. (I deleted the last sentence) 


With regard to Red Teaming, we believe there should be measured involvement by the 
Defense Contracting community. Contractors are involved in Red Teaming now, however, only 
as working under NSA authorities. There may come a time, because of the growing concern over 
cyberattack that we reevaluate contractor play across the board as it applies to Red Teaming. The 
Red Team is an opposing force. We "attack" U.S. systems. We succeed at breaking into U.S. 
systems. We have a very elaborate structure in place to handle our mission and/or if our mission 
goes awry. "We have a trusted agent network, deconfliction process, classified tools and 
techniques, access to real world threat and resource information, sophisticated laboratory testing 
procedures, cover program, legal authorities and most importantly, a dedicated cadre and critical 
mass of career personnel with TS/SCI clearances. It also should be stated that we are creating 
lasting relationships & liaisons with other military departments, Agencies, and others that would 
simply be extremely difficult for private industry to emulate. Lastly, the “trust and ethical" 
issues would be most acute. We do not believe that system owners of the most sensitive DoD 
networks (SIPRNET, JWICS, etc) would feel comfortable with private industry performing the 
DoD's most sensitive vulnerability evaluations without a DoD cover or operational authority. 
Since this service is performed at the local as well as the “remoted” level, we envision huge 
conflicts with private industry performing such services, since they do not have the legal 
authority to use “jump-points” throughout DoD networks and Agencies. 


Exercise planning for Red teaming in the outyears: 
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Major 
Exercises(CINC- 
level) 


CONCLUSION: 


IO capabilities of DoD’s adversaries are growing and becoming more sophisticated. These 
adversaries include hackers and other unstructured groups intent on supporting political 
objectives, and structured groups such as terrorists, rogue nations, or nation states. In addition, 
the strategies of our adversaries are becoming increasingly clever, drawing from across the 
spectrum of IO techniques. With the growing number of hacking groups and the ease with which 
a terrorist group or nation state can obtain the tools necessary to conduct an IO campaign, the 
threat is harder to identify and stop without proper training and readiness. It is essential that the 
United States have the capability and experience necessary to counter such threats. Issues such 

_ as Solar Sunrise, which almost stopped a US troop deployment, the I Love You Virus, as well as 
the well publicized intrusion called Moonlight Maze, highlight just some of the growing threats. 
Red Teams and the DV process can “hone” the DoD’s DIO capability and provide the experience 
required to enhance the security awareness and readiness posture; necessary elements to 
dominate in conflicts where IO represents a strategic advantage. 
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ANNEX H 


Defense Science Board Task Force 
on 
Defensive Information Operations 


Reference Data 


TAB H-1 CERT and IO POC Listings 


TAB H-2 Terms of Reference 
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THE UNDER SECRETARY OF DEFENSE 


3010 DEFENSE PENTAGON 
WASHINGTON, DC 20301-3010 


= F En 2 paler 

"ew Leu 
ACQUISITION AND «B 29 E 
TECHNOLOGY 


MEMORANDUM FOR CHAIRMAN, DEFENSE SCIENCE BOARD 


SUBJECT: Terms of Reference -- Defense Science Board Task Force on Defensive 
information Operations 


You are requested to form a Defense Science Board (DSB) Task Force to review and 
evaluate DoD's ability to provide information assurance to carry out Joint Vision 2010 in the 
face of information warfare attack. 


Tasks to be accomplished: 


Using the “1996 DSB report on Information Warfare — Defense" as the departure point, 
address the following: 


e Whatis the status of action on the recommendations? 
e Where there are shortfalls, what are the barriers to action and what should be done? 


e What important aspects did the 1996 Task Force miss that should have been 
addressed? 


e Assess the recommendations of other important reports that have addressed 
information assurance issues. 


The Defensive Information Operations Task Force will determine: 


e Adequacy of the process toward the information assurance goals needed to carry 
out Joint Vision 2010. 


e Adequacy of the Department's readiness to project and sustain power in the face of 
information warfare attacks. 


e The appropriate role(s) and capability of DoD to provide information assurance in 
support of Homeland Defense and in support of Critical Infrastructure Protection. 


ə Recommendations for research and eda ard which are uniquely in DoD's 
interest, and thus not likely to be accomplished by the private sector in the time 
required to meet DoD's Defensive Information Operations objectives. 


e Areas in which DoD should seek strong partnering relationships outside DoD, such 
as with the Critical Infrastructure Assurance Office (CIAO). 


e The Task Force should provide an interim report by June 30, 2000 and the final 
report around October 2000. 
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The study will be co-sponsored by the Under Secretary of Defense (Acquisition, 
Technology and Logistics) and Assistant Secretary of Defense for C31. Mr. Larry Wright will 
serve as the Task Force Chairman; Col Gregory Frick will serve as the Executive Secretary; 
and Maj Tony Yang, USAF, will serve as the Defense Science Board Secretariat 
Representative. 


The Task Force will be operated in accordance with the provisions of P.L. 92-463, the 
"Federal Advisory Committee Act," and DoD Directive 5104.5, "DoD Federal Advisory 
Committee Management Program." It is not anticipated that this Task Force will need to go into 
any "particular matters" within the meaning of Section 208 of Title 18, United States Code, nor 
will it cause any member to be placed in the position of acting as a procurement official. 


J. S. Ganeler 
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OFFICE of INTELLIGENCE and ANALYSIS 
INTELLIGENCE IN FOCUS 


27 APRIL 2023 DHS-IA-IF-2023-07757 


FOREIGN INFLUENCE 


(U/FOUO) China: Municipal Government Publishing Anti-US, Pro-China 
Social Media Content With Limited Reach 


(U/FOUO) Scope Note: DHS hus attributed a cluster of inauthentic Twitter accounts to a 
municipal government entity in the People's Republic of China. At least some of the accounts are 
part of a larger unattributed network of social media accounts that promotes Beijing's interests, 
called DRAGONBRIDGE. Our attribution of these accounts to the municipal government could 
yield continuing insight into People's Republic of China social media messaging operations; this 
analysis provides a framework for identifying and attributing other PRC clusters, which may 
grant greater insight into the command and control structures of PRC social media messaging 
operations. 


(U/FOUO) A People's Republic of China (PRC) municipal government-controlled 
media outlet is very likely directing a cluster of English-language, coordinated 
inauthentic Twitter accounts that posted content denigrating the United States (see 
graphics). The cluster of accounts, which we have dubbed SPICYPANDA, has been 
active from at least January 2021 and has published sophisticated content, but it failed 
to grow a follower base thus far. DHS attributed SPICYPANDA to the municipal media 
entity Chongging International Communications Center (CICC) based on its 
leadership's creation of SPICYPANDA's anti-US messaging campaign, its overt ties to a 
website promoted by the accounts, and its Western social media messaging accolades 
and capabilities. 


e (U//'OUO) From August 2021 through February 2022, SPICYPANDA carried out a 
messaging campaign created by the CICC Editor-in-Chief of Overseas Social 
Media, judging from a professional biography and a review of the identified 
accounts. This messaging campaign offered pro-PRC and anti-US commentary on 
current events by portraying the United States as a global antagonist, especially 
relating to the US Intelligence Community's investigation of the origins of 
COVID-19, the US withdrawal from Afghanistan, the Summit for Democracy, and 
the 2022 Beijing Winter Olympics (see graphic 2). 


e (U/FOUO) SPICYPANDA also aggressively amplified a Twitter account overtly 
operated by CICC for the Chongqing municipal government, judging from a DHS 


(u) For questions, contact DHS-SPS-RFI()hq.dhs.gov 
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review of the accounts. This account, and an associated website called 
iChongging, presents news about Chongging and resources for individuals 
looking to visit, study, or invest in the city. The website is overseen by the 
Chongging Municipal Party Committee's Propaganda Department, according to a 
Chinese-language newspaper article about the website's launch. 


e (U//FOUO) In addition to its relationship with the Chongqing local government, 
CICC was tasked in 2018 by the Chinese Communist Party (CCP) with 
influencing overseas audiences on behalf of the city, and it received an award in 
2020 for the quality of its overseas communications, judging from Chinese state 
media reporting and numerous Chinese language job postings. In February 2021, 
CICC further committed to using Western social media accounts by seeking to 
hire staff to operate them, according to a Chinese language news article and job 
postings. 


(U/FOUO) Overview of DRAGONBRIDGE and its Narratives 


(U/FOUO) Some of the identified inauthentic Twitter accounts are part of both the 
SPICYPANDA cluster and a larger network known as DRAGONBRIDGE. 
DRAGONBRIDGE has been tracked for the past three years by private sector 
researchers, but it has not been previously attributed — in whole or in part — to a 
specific person or group. 


(u/FOUO) DRAGONBRIDGE (also known as SPAMOUFLAGE DRAGON) is a 
large network of social media accounts first observed on Facebook, Twitter, and 
YouTube in 2019 criticizing pro-democracy protests in Hong Kong. Since then, 
accounts in the network have been observed posting in seven languages on 20 
social media platforms and on over 40 other websites. The network is comprised of 
many clusters of co-managed accounts that seemingly operate independently of 
each other, judging from two private sector analytic reports on the network and a 
DHS review of identified and suspected accounts. DRAGONBRIDGE has 
employed at least 100,000 accounts in its history on a single social media platform, 
according to the identified platform, and we assume it has employed similar 
numbers of accounts on other major platforms. Despite the size of the network, it 
rarely engages with authentic social media users; however, it has had some limited 
success in reaching individuals recently. 


(U) Since 2019, DRAGONBRIDGE has posted content regarding Hong Kong, 
COVID-19, the US withdrawal from Afghanistan, Taiwan, the 2022 Beijing 


Olympics, rare earth mineral mining companies, the 2022 US midterm election, and 
many other topics. Content promoted by the network is consistently aligned with 
Beijing's interests. 
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(U/FOUO) The reach of SPICYPANDA's content likely was limited by its narrow 
focus on PRC-related issues, obvious indications of inauthenticity, and ongoing 
enforcement mechanisms. However, DHS's attribution of the accounts could yield 
greater insight into PRC adjustments and improvements in future social media 
campaigns. SPICYPANDA illustrates the PRC’s ability to publish commentary on 
current events through sophisticated content, including videos, memes, and topical 
political cartoons, which may reach more Americans if the PRC overcomes the obstacles 
that constrained SPICYPANDA’s reach. 


e (U/FOUO) Content proliferated by SPICYPANDA primarily focused on themes of 
political importance to the PRC, which may interest few US social media users. 
Individual accounts lacked convincing personas, and content intended to attract 
views was infrequent and insufficient to entice people to actively follow the 
accounts, judging from a review of identified accounts. 


e (U//F'OUO) Clear indications of the accounts’ inauthenticity may have also reduced 
the reach of SPICYPANDA, as we assume authentic users generally seek to avoid 
inauthentic accounts and indications of inauthenticity enabled the removal of the 
accounts. TwitterUSPER sporadically removed accounts in the network and 
removed over 800 accounts for rules violations in February 2022 following two 
Western newspapers' identification of the accounts as inauthentic; at least three 
dozen remain. While the DRAGONBRIDGE network has rebounded from 
numerous takedowns in the past, removals prevent accounts from building large 
follower bases. 


e (U/FOUO) Despite using relatively unsophisticated accounts, SPICYPANDA 
published timely and highly sophisticated content, including dozens of original 
political cartoons, graphics, memes, and videos, judging from a review of 
identified accounts. These posts often responded to trending news topics within 
days and leveraged popular, and sometimes divisive, figures to press their 
narratives. SPICYPANDA responded more dynamically to emerging events than 
other pro-PRC inauthentic networks, judging from open-source reporting and a 
DHS review of the accounts. 
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(U//FOUO) Known and Assessed Relationships Between Chongqing Municipal Government 
and SPICYPANDA Social Media Account Cluster 


OVERALL GRAPHIC 1 CLASSIFICATION: UNCLASSIFIED//FOR OFFICIAL USE ONLY 


Chongqing Municipal Government/Local Communist Party 


Controls 


Chongging Daily Newspaper Group 
(Local CCP Media Entity) 


fficial Websi 
Official Website Controls 


i 


Chongqing International Communication Center 


Operates 


Y 


Very Likely Covertly Operates 


iChongqing Website 


This website largely publishes apolitical content 
promoting a positive image of Chongging, especially as 
a tourist destination. 


@SpicyPandaAcc 
(Twitter Account) 


This account published political cartoons, graphics, and 
videos supporting the interests of the PRC, including 
content denigrating the United States. @SpicyPandaAcc 
was suspended by Twitter"5**? in early March 2022 
after numerous news articles identified the coordinated 
inauthentic behavior amplifying the account. 


Amplifies 


iChonggqing Official Twitter Account 


t t 


Amplifies Very Likely Covertly Operates Amplifies 


SPICYPANDA 
Network of Over 800 Coordinated Inauthentic Twitter Accounts 
These accounts amplified “@SpicyPandaAcc” and iChongging's official account through quote tweets, comments, likes, and 
retweets. The accounts also produced some original content in line with the major messaging efforts of the two accounts 
that they amplified. These accounts showed clear signs of inauthenticity and coordinated behavior, such as tweeting identical 


content. The accounts did not attempt to hide their location in China, posting during the day there. Some even cite China or 
Chongqing as their geolocation in their profile. All identified accounts posted primarily in English, though some also posted in 
Chinese. Over 800 accounts were removed in February 2022 after a news media investigation into the accounts identified 
coordinated activity supporting the 2022 Beijing Olympics. Some accounts in the network remained active, but they stopped 
amplifying anti-US content following the suspension of GSpicyPandaAcc. 
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INTELLIGENCE IN Focus 


27 APRIL 2023 


(U//FOUO) Timeline of Select SPICYPANDA Narratives From August 2021 Through February 2022 


(U//FOUO) SPICYPANDA engaged in three distinct messaging campaigns on Twitter between January 2021 and the present, judging from a review of the identified accounts. From July 2021 through a partial takedown at the end of February 2022, the 
accounts published commentary on current events that aligned with Beijing's interests, with a particular focus on denigrating the United States (depicted below). From August 2021 through a partial takedown in February 2022, the accounts 
promoted content extolling the PRC's achievements in technology, infrastructure, and environmentalism. Finally, from at least January 2021 through the present, including after the takedown of most accounts, SPICYPANDA published content 


praising the city of Chongqing. 


OVERALL GRAPHIC 2 CLASSIFICATION: UNCLASSIFIED//FOR OFFICIAL USE ONLY 


S mom" eim mu 


The #US arms dealer reaps fortune out of innocent 
people's lives. #SpicyPandaSays #SpicyPandaCartoon 


This kind of garbage government of the United States 


Biden just like we did to Hitler. 


ivl 


we are Southeast Asian 
swamped! Countries 


6:24 AM - Aug 10, 2021 


EXAMPLE TWEETS 


27 Aug: US Government 
COVID Origin Investigation 
Concludes 


PRECIPITATING 
EVENTS 


SPICYPANDA suggested 
COVID-19 originated in a 
biolab in the United States 
and that the US Intelligence 
Community's investigation 
into its origin was a ploy to 
denigrate China. 


NARRATIVES 
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should apologize to the whole world, and we should kill 


6:02 AM - Sep 26, 2021 


30 Aug: US Withdrawal 
From Afghanistan 


SPICYPANDA portrayed the 
United States as a global 
antagonist that profited from 


the conflict at the expense of 
the Afghan people. Criticism 
of the US military continued 
through November. 


p= | le 


The US wants to consolidate its hegemony over the 
world by scapegoating China. 


Spicy Panda @SpicyPandaAcc - Nov 9, 2021 
The #US old trick of “thief crying stop thief". 
It can't cover the fact that the US is the world's largest nuclear arsenal posing 
the greatest threat to humanity. #nuclearweapon 
SE [SIENTE RAD SITE TARRA SSM RAMEN C. 


barbarian world. 


2 


5:54 AM - Jan 10, 2022 


9-10 Dec: US-Hosted 
Summit For Democracy 


SPICYPANDA argued that 
the US system of democracy 
is unjust and inferior to 


China's system of government. 
The accounts also extolled 
the Hong Kong elections. 
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China's Democracy VS Western Style Democracy is 
like a contrast between a civilized world and a 


Western Style 
Democracy 


Thumbs up to the Chinese government for creating 
such an effective system to safeguard every athlete's 
health in the loop! 4Beijing2022c* 


chinadailyhk.com 

Athletes heap praise on 'safe haven' closed loop 

Athletes said the closed-loop management system made them feel safe, 
allowing them to focus on their competitions in the Olympic Games 


2:57 AM - Feb 6, 2022 - Twitter Web App 


4-20 Feb: Beijing Olympics 


AUGUST 2021 SEPTEMBER 2021 OCTOBER 2021 NOVEMBER 2021 DECEMBER 2021 JANUARY 2022 FEBRUARY 2022 


SPICYPANDA almost 
exclusively promoted the 
2022 Beijing Olympics 


PARTIAL TAKEDOWN 
Over 800 accounts 

removed for violating 
Twitter's rules. 


during the event. The 
accounts also criticized the 
US diplomatic boycott. 
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(U//FOUO) US persons linking, citing, quoting, or voicing the same arguments raised by 
these foreign influence activities likely are engaging in First Amendment-protected 
activity, unless they are acting at the direction or control of a foreign threat actor. 
Furthermore, variants of the topics covered in this product, even those that include 
divisive terms, should not be assumed to reflect foreign influence or malign activity 
absent information specifically attributing the content to malign foreign actors. This 
information should be considered in the context of all applicable legal and policy 
authorities to use open-source information while protecting privacy, civil rights, and 
civil liberties. 


(u//FOUO) Co-Managed Accounts: Accounts that are operated by the same person or 
entity. 


(U/FOUO) Coordinated Inauthentic Behavior: An evolving and varied term used by 
social media platforms to describe a form of online manipulation that relies on multiple 
fake accounts — either assumed or fabricated — acting together to achieve a strategic 
goal. This activity can include creating false or divisive narratives, building false 
audiences, and amplifying existing narratives or conspiracy theories. It can also include 
the use of artificial intelligence tools, including bots, to create authentic-looking fake 
users and increase content dissemination and interaction. These methods vary by 
platform. 


(U//FOUO) Coordinated Inauthentic Account: An account that is co-managed with 
others and engaged in coordinated inauthentic behavior (see above). 


(U//FOUO) Foreign Influence: Any covert, fraudulent, deceptive, or unlawful activity of 
foreign governments — or persons acting on their behalf — undertaken with the purpose 
or effect of influencing, undermining confidence in, or adversely affecting US 
democratic processes or institutions or otherwise affecting sociopolitical sentiment or 
public discourse to achieve malign objectives. 


e (U//FOUO) Covert Influence: Activities in which a foreign government hides its 
involvement, including the use of agents of influence, covert media 
relationships, cyber influence activities, front organizations, organized crime 
groups, or clandestine funds for political action. 


e (U//FOUO) Overt Influence: Activities that a foreign government conducts 
openly or has clear ties to, including the use of strategic communications, 
public diplomacy, financial support, and some forms of propaganda. 


(U//FOUO) Network: In this product, “network” always refers to the DRAGONBRIDGE 
network of accounts. See text box, "Overview of DRAGONBRIDGE and its Narratives" 
for more details on DRAGONBRIDGE/SPAMOUFLAGE DRAGON. 


(U//FOUO) Cluster: In this product, "cluster" always refers collectively to the 
co-managed accounts operated by CICC. These accounts make up a subset of the 
accounts that make up the DRAGONBRIDGE network. 


u) To report suspicious activity, law enforcement, Fire-EMS, private security 
personnel, and emergency managers should follow established protocols; all other 
personnel should call 911 or contact local law enforcement. Suspicious activity reports 
(SARs) will be forwarded to the appropriate fusion center and FBI Joint Terrorism Task 
Force for further action. For more information on the Nationwide SAR Initiative, visit 
www.dhs.gov/nsi. 


(U) To report a computer security incident, either contact US-CERT at 888-282-0870, or 
go to https;//forms.us-cert.gov/report/ and complete the US-CERT Incident Reporting 
System form. The US-CERT Incident Reporting System provides a secure, web-enabled 
6 
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means of reporting computer security incidents to US-CERT. An incident is defined as 
a violation or imminent threat of violation of computer security policies, acceptable use 
policies, or standard computer security practices. In general, types of activity 
commonly recognized as violating typical security policies include attempts (either 
failed or successful) to gain unauthorized access to a system or its data, including 
personally identifiable information; unwanted disruption or denial of service; the 
unauthorized use of a system for processing or storing data; and changes to system 
hardware, firmware, or software without the owner's knowledge, instruction, or 
consent. 


(u) To report a similar incident to the Intelligence Community, please contact your DHS 
I&A Regional Intelligence officer at your state or major urban area fusion center, or 
e-mail DHS.INTEL.ORI.HOQGhq.dhs.gov. DHS I&A Regional Intelligence officers are 
forward deployed to every US state and territory and support state, local, tribal, 
territorial, and private sector partners in their intelligence needs; they ensure any 
threats, incidents, or suspicious activity is reported to the Intelligence Community for 
operational awareness and analytic consumption. 


Dissemination (u) Authorized audiences, such as private sector partners, federal officials, governors, 
lieutenant governors, secretaries of state, homeland security advisors, and fusion center 
directors and their staff. 


Warning Notices & u) Warning: This document is UNCLASSIFIED/ /FOR OFFICIAL USE ONLY 

Handling Caveats (U/ / FOUO). It contains information that may be exempt from public release under the 
Freedom of Information Act (5U.S.C. 552). It is to be controlled, stored, handled, 
transmitted, distributed, and disposed of in accordance with DHS policy relating to 
FOUO information and is not to be released to the public, the media, or other personnel 
who do not have a valid need to know without prior approval of an authorized DHS 
official. State and local homeland security officials may share this document with 
authorized critical infrastructure and key resource personnel and private sector 
security officials without further approval from DHS. 
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EXECUTIVE SUMMARY 


In today's information environment, the way consumers view facts, define truth, and categorize various 
types of information does not adhere to traditional rules. The shift from print sources of information to 
online sources and the rise of social media have had a profound impact on how consumers access, process, 
and share information. These changes have made it easier for threat actors to spread disinformation and 
exploit the modern information environment, posing a significant threat to democratic societies. 
Accordingly, disinformation campaigns should be viewed as a whole-of-society problem requiring action 
by government stakeholders, commercial entities, media organizations, and other segments of civil society. 
à Before the 2016 U.S. presidential election, disinformation was not at 
TET the forefront of American discourse. U.S. government efforts in the 


i disinformation arena had focused primarily on combatting 
Executive Summary 


Disinformation Overview 
Information Environment 


transnational terrorist organizations. Social media companies were 
just becoming aware how their platforms empowered threat actors 
on a large scale. Mainstream media organizations were not yet 


The Motives of Threat Actors 
Disinformation Kill Chain 


Combatting the Issue : f . 
Response Framework seeped into the consciousness of the general public. 


plagued by accusations of spreading “fake news” and fears of 
concerted foreign efforts to undermine American society had not 


Conclusion Since the presidential election, disinformation campaigns have been 


the subject of numerous investigations, research projects, policy 
forums, congressional hearings and news reports. The end result has been a better understanding of the 
methods and motives of threat actors engaging in disinformation campaigns and the impact of these 
campaigns, which in turn has led to improved efforts to combat these campaigns and minimize the harm 
they cause. 


Until the end of 2018, much of the work on disinformation campaigns was post-mortem—after the 
campaign had nearly run its course. At that point, the desired effect of the threat actor had been achieved 
and the damage done. Since late 2018, civil society groups, scholars, and investigative journalists have 
made great strides in identifying ongoing disinformation campaigns and sharing findings with social 
media platforms, who then remove inauthentic accounts. However, these campaigns are often identified 
after the disinformation has already entered and been amplified inside the information environment, too 
late to fully negate the harm. 


The extent of private and public sector cooperation over the next five years to address targeted 
disinformation campaigns will determine the direction of the issue. We view this issue as a whole-of- 
society problem requiring a whole-of-society response. The purpose of this paper is to provide a framework 
for stakeholders to understand the lifecycle of disinformation campaigns, then to recommend a preliminary 
set of actions that may assist with the identification and neutralization of a disinformation campaign before 
disinformation is amplified within the information environment, thus mitigating its impact. 


The framework recommends actions for a variety of stakeholders to combat targeted disinformation 
campaigns by neutralizing threat actors, bolstering social media technology to make it less susceptible to 
exploitation, and building public resilience in the face of disinformation. 
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We recommend: 


e Support for government legislation promoting transparency and authenticity of online political 
content. We support passage of the Honest Ads Act, which would hold digital political advertising 
to the same disclosure requirements as those required for political advertisements on television, 
radio and print media. 


e Funding and support of research efforts that bridge the commercial and academic sectors. Academic 
research efforts, armed with the appropriate real-world data from commercial platforms, could more 
effectively explore the trends and methodologies of targeted disinformation campaigns. This research 
could also help to better identify segments of the population most susceptible to disinformation 
campaigns and guide resources for media literacy efforts. This research should also include the 
development of technical tools to analyze disinformation across platforms and identify inauthentic 
content such as deep fakes. 


e Establishment of an information sharing and analysis organization to bring together government 
entities, research institutions and private-sector platforms. The organization could facilitate 
information exchange through a trusted third-party. The organization could serve as an information 
center that would pool expertise and track disinformation trends and methods. 


e Encouragement of media organizations to promote the need for healthy skepticism by their users 
when consuming online content. This includes providing media literacy resources to users and 
enhancing the transparency of content distributors. 


e Expansion of media literacy programs to build societal resilience in the face of disinformation 
campaigns. Media literacy could be framed as a patriotic choice in defense of democracy. Public 
education through advocacy groups like AARP, which can tailor the message of media literacy for 
their members, could be an effective means of encouraging the adoption of healthy skepticism 
towards online information. 


Scope 


This paper was produced by the Combatting Targeted Disinformation Campaigns team, operating under 
the auspices of the Department of Homeland Security's Analyst Exchange Program. The paper was 
developed based on open source research and interviews with identified subject matter experts. All 
judgments and assessments are based soley on unclassified sources and are the product of joint public and 
U.S. government efforts and do not necessarily represent the judgments and assessments of the team 
members' employers. 
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DISINFORMATION OVERVIEW 


Disinformation is not synonymous with false 
information or “fake news." False information that is 
shared with others without the intent to mislead can be 
defined as misinformation. People share misinformation 
because they believe the information is true when, in 
fact, it is not. 


On the other hand, the purpose of disinformation is to 
mislead. Disinformation is information created and 
distributed with the express purpose of causing harm.! 
Disinformation is not necessarily false information. 
Even true information can be presented in misleading 
ways and thus form the grist of a targeted disinformation 
campaign. 


A targeted disinformation campaign, in the context of 
this paper, is more insidious than simply telling lies on 
the internet. One untrue meme or contrived story may 
be a single thread in a broader operation seeking to 
influence a target population through methods that 
violate democratic values, societal norms and, in some 
jurisdictions, the law. 


A disinformation campaign occurs when a person, group 
of people, or entity (a “threat actor”) coordinate to 
distribute false or misleading information while 
concealing the true objectives of the campaign. The 
objectives of disinformation campaigns can be broad 
(e.g., sowing discord in a population) or targeted (e.g., 
propagating a counternarrative to domestic protests) and 
may employ all information types (disinformation, 
misinformation, malinformation, propaganda, and true 
information). The target of a disinformation campaign is 
the person or group the threat actor aims to influence in 
order to achieve the campaign’s objective. 
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Information Types 


Propaganda has a political connotation and is 
often connected to information produced by 
governments (the lines between advertising, 
publicity, and propaganda are often unclear). 


Disinformation is manufactured information 
that is deliberately created or disseminated with 
the intent to cause harm. 


Misinformation is false information shared 
without the intent to mislead. 


Malinformation is genuine information, 
typically private or revealing, that may be 
distributed in a campaign to cause harm to a 
person s reputation in furtherance of the 
campaign s objective. 


Inauthentic Information is not transparent in 
its origins and affiliation. The source of the 
information tries to mask its origin and identity. 


Authentic Information is transparent in its 
origins and affiliation. The source of the 
information is unhidden. 


Sources: 


Claire Wardle, Information Disorder: The Essential 
Glossary, First Draft, Shorenstein Center on Media, 
Politics, and Public Policy, Harvard Kennedy School, 
July 2018, https://firstdraftnews.org/wp 
content/uploads/2018/07/infoDisorder_glossary.pdf?x 
19860 


Suspected Iranian Influence Operation Leverages 
Network of Inauthentic News Sites & Social Media 
Targeting Audiences in U.S., UK, Latin America, 
Middle East.” FireEye Intelligence, August 21, 2018, 
https://www.fireeye.com/blog/threat 
research/2018/08/suspected iranian influence 
operation.html 


Targeted disinformation campaigns are not a new phenomenon and sophisticated ones follow a predictable 
progression. After establishing the objective, a threat actor follows distinct steps, discussed later in more 
detail: recon, build, seed, copy, amplify, and control to bring about an outcome. But first we will explore 
the history and impacts of these campaigns, the information environment that facilitates modern campaigns, 
and the motives of disinformation threat actors. 


' Claire Wardle, “Information Disorder: The Essential Glossary,” First Draft. Shorenstein Center on Media, Politics, and Public Policy, Harvard 
Kennedy School, July 2018, https://firstdraftnews.org/wp-content/uploads/2018/07/infoDisorder_glossary.pdf?x19860. 
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A Brief History of Influence Operations 


To understand the role of disinformation in contemporary society, it is helpful to look at examples of how 
national governments, non-governmental organizations, and informal groups of individuals in modern 
history have used influence operations to sway public opinion both domestically and internationally. In 
international relations, the very essence of “soft power" is the ability to influence other nations through 
persuasion and other non-coercive means. 


Within democratic societies, public support for policy and legislative initiatives is often critical for the 
success of these initiatives.? Eroding public support for U.S. involvement in the Vietnam War, not 
battlefield defeats, led to the eventual U.S. withdrawal from that conflict.? For decades, the U.S. Department 
of Agriculture promoted healthy eating habits through publication and distribution of nutrition guidelines.* 
In similar fashion, U.S. Surgeon General reports linking smoking and other tobacco use with cancer and 
other diseases, along with mandatory warning labels and limitations on advertisements for tobacco 
products, has helped lead to a precipitous decline in the U.S. smoking rate since the 1940s. 


Nongovernmental organizations attempt to steer public opinion on a host of issues. Methods these 
organizations might use include editorials in newspapers, celebrity endorsements, chain e-mails, hosting 
public forums, publishing reports, organizing conferences, recording podcasts, and direct mail campaigns. 


On the international front, within the U.S. Department of State, a core mission of the Bureau of Global 
Public Affairs is promotion of international support for the “values and policies of the United States.” 
Likewise, a core mission of the Peace Corps is “to help promote a better understanding of Americans on 
the part of the peoples served." 


Other countries, whether democratic or autocratic, also attempt to influence domestic and international 
audiences. Israeli Prime Minister Benjamin Netanyahu endeavored to undermine international support for 
the Iran nuclear deal.’ China has attempted to polish its international reputation by spending vast sums of 
money worldwide to promote Chinese culture and allay the concerns of other countries uneasy about 
Chinese economic and military ambitions.’ France has cultural centers in 137 countries to raise awareness 
of French culture.? And Russia has attempted to portray itself as a viable alternative to the West.!? 


Shaping public opinion through licit means is a legitimate function of government. However, there are 
many instances when governments have used illicit means to accomplish their objectives. During the First 
World War, false news stories about atrocities committed by the German Army served to demonize the 


? Cheryl Boudreau and Scott A. Mackenzie, “Wanting What Is Fair: How Party Cues and Information about Income Inequality Affect Public 
Support for Taxes," The Journal of Politics 80, no. 2 (2018): 367-81, https://doi.org/10.1086/694784. 

? W.L. Lunch and P. W. Sperlich, *American Public Opinion and the War in Vietnam," Political Research Quarterly 32, no. 1 (January 1979): 
21-44, https://doi.org/10.1177/106591297903200104; William M. Darley, “War Policy, Public Support, and the Media,” The US Army War 
College Quarterly: Parameters, 2005, 121—34, https://ssi.armywarcollege.edu/pubs/parameters/articles/05summer/darley.pdf. 

* U.S. Department of Agriculture. “A Brief History of USDA Food Guides." Choose MyPlate, updated November 30, 2018, 
https://www.choosemyplate.gov/brief-history-usda-food-guides. 

5 U.S. Department of State, “Our Mission," Bureau of Global Public Affairs, accessed September 17, 2019, https://www.state.gov/bureaus- 
offices/under-secretary-for-public-diplomacy-and-public-affairs/bureau-of-global-public-affairs/. 

* Peace Corps, “About Our Mission," accessed September 17, 2019, https://www.peacecorps.gov/about/. 

7 Katie Zezima. “Netanyahu Warns That Nuclear Deal ‘Paves lran's Path’ to a Bomb.” Washington Post, March 3, 2015, 
https://www.washingtonpost.com/news/post-politics/wp/20 15/03/03/in-much-anticipated-speech-netanyahu-to-address-congress-tuesday/. 

8 “China Is Spending Billions to Make the World Love It,” The Economist, March 23, 2017, https://www.economist.com/china/2017/03/23/china- 
is-spending-billions-to-make-the-world-love-it. 

? Ministére de l'Europe et des Affaires étrangéres, “France's Overseas Cultural Network," accessed September 17, 2019, 

https://www.diplomatie. gouv. fr/en/french-foreign-policy/cultural-diplomacy/france-s-overseas-cultural-network/. 

10 Andrew Radin and Clint Reach, “Russian Views of the International Order," RAND Corporation, May 18, 2017, 
https://www.rand.org/pubs/research_reports/RR1826.html. 
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enemy in the eyes of the British public.!! In the years leading up to the Second World War, a key objective 
of the Nazi propaganda machine was “to absorb the individual into a mass of like-minded people, and the 
purpose of the ‘suggestion’ was not to deceive but to articulate that which the crowd already believed." !? 
Soviet disinformation campaigns, so-called “active measures," were central to the Soviet Union’s efforts to 
increase its influence throughout the world and undermine the influence of its rivals.? Soviet efforts to 
control the press of foreign countries, forge documents, and manipulate other countries’ societal 
infrastructure, including the academic, economic, and political spheres, were hallmarks of its organized 
disinformation efforts.'^ During the Cold War, the Soviet KGB and East German Stasi peddled the notion 
that the U.S. Department of Defense genetically engineered the human immunodeficiency virus (HIV).!° 


Impact of Disinformation Campaigns 


The mere fact that domestic and foreign actors are engaging in disinformation campaigns against domestic 
audiences, especially during election cycles, is cause for concern irrespective of the success of these 
campaigns. Though it is often challenging to determine the full impact of disinformation campaigns, it is 
possible to identify, in some cases, short-term and long-term impacts. In the short term, targeted 
disinformation campaigns may: 


e cause and exploit emotional reactions to sensational topics, causing disinformation to spread more 
rapidly than legitimate news. '® 


e aggravate existing societal fissures, inflaming ideological, political, gender-based, ethnic, and 
religious differences." This heightened state of agitation may fuel acts of harassment and 
violence. !* 


e increase health risks. Disinformation campaigns aimed at health issues and the provision of health 


care may lead to sudden changes in dietary habits, the adoption of treatments which have not been 


scientifically verified, and engender distrust in the advice given by medical professionals.'?° 


! Roy Greenslade, “First World War: How State and Press Kept Truth Off the Front Page,” The Guardian, July 27, 2014, 
https://www.theguardian.com/media/2014/jul/27/first-world-war-state-press-reporting. 

? Nicholas O'Shaughnessy, “The Nazis' Propaganda Trick: Invite the Public to Help Create an Alternate Reality,” Slate, March 14, 2017, 
https://slate.com/news-and-politics/2017/03/how-nazi-propaganda-encouraged-the-masses-to-co-produce-a-false-reality.html. 

P Fletcher Schoen and Christopher J. Lamb, “Deception, Disinformation, and Strategic Communications: How One Interagency Group Made a 
Major Difference (Strategic Perspectives, No. 11)," Strategic Perspectives, June 2012, https://doi.org/10.21236/ada577586. 

14 U.S. Department of State, “Soviet ‘Active Measures’ Forgery, Disinformation, Political Operations (Special Reports No. 88)", October 1981, 
accessed September 17, 2019, https://www.cia.gov/library/readingroom/docs/CIA-RDP84B00049R001303 15003 1-0.pdf. 

'S Douglas Selvage and Christopher Nehring, “Operation ‘Denver’: KGB and Stasi Disinformation Regarding AIDS,” Wilson Center, July 22, 
2019, https://www.wilsoncenter.org/blog-post/operation-denver-kgb-and-stasi-disinformation-regarding-aids. 

16 Katie Langin, “Fake News Spreads Faster than True News on Twitter—Thanks to People, Not Bots,” Science, March 8, 2018, 
https://doi.org/10.1126/science.aat5350. 

Lisa Reppell and Erica Shein, *Disinformation Campaigns and Hate Speech: Exploring the Relationship and Programming Interventions," 
International Foundation for Electoral Systems, April 2019, 

https://www.ifes.org/sites/default/files/2019 ifes disinformation campaigns and hate speech briefing paper.pdf. 

'8 Paul Mozur, “A Genocide Incited on Facebook, With Posts From Myanmar's Military," New York Times, October 15, 2018, 
https://www.nytimes.com/2018/10/15/technology/myanmar-facebook-genocide.html. 

19 Marc Trotochaud and Matthew Watson, “Misinformation and Disinformation: An Increasingly Apparent Threat to Global Health Security,” 
The Bifurcated Needle, Center for Health Security, John Hopkins University, November 29, 2018, http://www.bifurcatedneedle.com/new- 
blog/2018/11/29/misinformation-and-disinformation-an-increasingly-apparent-threat-to-global-health-security. 

? Emma Woollacott, “The Viral Spread Of Ebola Rumors,” Forbes, October 9, 2014, 
https://www.forbes.com/sites/emmawoollacott/2014/10/09/the-viral-spread-of-ebola-rumors/71191c27f219d8. 
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e harm the reputations of individuals, governments, companies, and other organizations, even if the 
disinformation is later proven false. ?! 


e cause panic that reverberates through financial markets and leads individuals to make unsound 
financial decisions. ? 


The long-term effects of disinformation campaigns are potentially serious to democratic societies. While 
there is no sure-fire method to predict the outcomes of disinformation campaigns, based on the analysis of 
available literature and discussions with experts in the public and private sectors, there are a number of 
possible outcomes. In the long term, disinformation campaigns may: 


e manipulate and further radicalize domestic audiences through impersonating and amplifying their 
existing messaging.” 


e blur the lines between authentic and inauthentic content.” By mimicking legitimate sources of 
information, actors engaging in disinformation campaigns make it more difficult for individuals to 
distinguish truth from fiction. 


e increase distrust of all online information sources.? Disinformation campaigns make individuals 
less apt to view online news sources as credible and fact-based, potentially harming democratic 
outcomes since exposure to a variety of reliable information sources helps to fuel rational, informed 
decision-making. Absent reliable sources of information, individuals are more likely to succumb 
to decision-making based on emotional appeal and personal whim.”° 


e undermine trust in democracy and confidence in the ability of government institutions to solve 
societal problems.” 


INFORMATION ENVIRONMENT 
The Social Media Revolution 


As the invention of the movable type machine in the 15" century revolutionized the way the public received 
and shared information, so did the invention and widespread use of social media platforms in the 21* 
century. Social media platforms have granted individuals the ability to create communities with other 
individuals who have shared views and ideologies far more easily than was possible before the emergence 
of these platforms. 


?! Amanda Seitz, *NOT REAL NEWS: Anderson Cooper Didn't Fake Flood Broadcast," AP NEWS, September 18, 2018, 
https://www.apnews.com/f1b624dc8154458d8c193d3d6be341de; “2019 Brand Disinformation Impact Study," New Knowledge, January 2019, 
https://www.newknowledge.com/articles/2019-brand-disinformation-impact-study/. 

? Max Fisher, "Syrian Hackers Claim AP Hack That Tipped Stock Market by $136 Billion. Is It Terrorism?," Washington Post, April 23, 2013, 
https://www.washingtonpost.com/news/worldviews/wp/2013/04/23/syrian-hàckers-claim-ap-hack-that-tipped-stock-market-by- 1 36-billion-is-it- 
terrorism/. 

2 Alina Polyakova and Daniel Fried, “Democratic Defense Against Disinformation 2.0," Atlantic Council, June 13, 2019, 
https://www.brookings.edu/research/democratic-defense-against-disinformation-2-0, 

24 Alina Polyakova and Daniel Fried, “Democratic Defense Against Disinformation 2.0," Atlantic Council, June 13, 2019, 
https://www.brookings.edu/research/democratic-defense-against-disinformation-2-0, 

25 Katherine Costello, “Russia’s Use of Media and Information Operations in Turkey: Implications for the United States,” RAND Corporation, 
August 28, 2018, https://www.rand.org/pubs/perspectives/PE278.html; Paul Butcher, “Disinformation and Democracy: The Home Front in the 
Information War,” European Policy Centre, January 30, 2019, 

https://www.epc.eu/documents/uploads/pub 8984 disinformation.pdf?doc_id=2102. 

? Paul Butcher, “Disinformation and Democracy: The Home Front in the Information War," European Policy Centre, January 30, 2019, 
https://www.epc.eu/documents/uploads/pub 8984 disinformation.pdf?doc 1d—2102. 


7 W.L. Bennett and S. Livingston, “The disinformation order: Disruptive communication and the decline of democratic institutions,” European 
Journal of Communication, 2018: 33(2), pp. 122-139. 
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This development has had far-reaching implications. For example, in the Arab world, online social networks 
fostered communities of individuals who shared grievances against their governments. This virtual 
collaboration led to plans to rise up against these governments. The ensuing uprisings resulted in a change 
of government in Tunisia, Libya, Egypt, Yemen, Sudan, Iraq, and political and economic concessions from 
the governments in Algeria, Oman, Bahrain, Morocco, and Saudi Arabia.” In a very real sense, without 
online social networks, the Arab Spring would not have occurred. 


The development of mobile technologies with messaging platforms that are wifi-enabled and cellular- 
enabled has led to an explosion of interconnectivity. More than five billion people are estimated to own 
mobile devices and more than 50% of these devices are smartphones. With these new technologies, 
individuals and groups can rapidly share content, including disinformation. This content includes messages 
from individuals or groups, hyperlinks to media articles, and other web content such as images and video. 
However, these messaging platforms may mask the identity of the sender and thus facilitate the spread of 
disinformation. Information shared via these messaging platforms is generally not vetted for accuracy, 
which makes these platforms prime candidates for exploitation by threat actors. Furthermore, end-to-end 
encryption on these messaging platforms can prevent the platform host from being able to moderate the 
content that flows through the platform. 


For example, in 2017, the spread of false information led to acts of violence in India when false information 
about a purported gang of child kidnappers was disseminated on WhatsApp, a mobile messaging service 
used by over 200 million people in India.?? Misinformation-fueled mobs killed seven people in the Indian 
state of Jharkhand.?! 


How Social Media Platforms Enable Disinformation Campaigns 


Since the rise of social media, threat actors, whether individuals, nation-states, or other organized groups, 
have exploited the information environment on an unprecedented scale. Unlike the publication and 
distribution of print sources, which require publishing houses, editors, proofreaders, promotional 
advertisements, and bookstores, online information does not require an intermediary between content 
creator and consumer. As public confidence in mainstream media outlets has waned, interest in social media 
platforms and other online forums that offer uncensored communication channels to share ideas and 
commentary has increased. ? 


Though these platforms typically do not require payment from users in order to establish an account or 
access content on the platform, they are not cost-free. In exchange for granting users free access to these 
platforms, platform owners gather user data that enable advertisers to tailor online advertisements to known 
user preferences. In this arrangement, users are spared from content they have little interest in, platform 
owners can study user behavior to determine how to maximize the time users spend on the platform, and 
advertisers can serve up content more likely to engage users. 


?* Jean-Pierre Filiu. The Arab Revolution: Ten Lessons from the Democratic Uprising, (New York: Oxford University Press, 2011). 
2 «The Mobile Economy 2018,” GSM Association, 2018, https://www.gsma.com/mobileeconomy/wp-content/uploads/2018/02/The-Mobile- 
Economy-Global-2018.pdf. 


? Kurt Wagner, or Is at Risk in India. So Are Free Speech and PRGDHO Vox, February 19, 2019, 
http://www.vox.com/2019/2/19/18224084/india-intermediary-guidelines-laws-free-speech-encryption-whatsapp. 


3! Anant R. Zanane, “WhatsApp Rumours Led To Mob Killing Of 7 In Jharkhand, Say Police,” NDTV.com, May 22, 2017, 
https://www.ndtv.com/india-news/whatsapp-rumours-led-to-mob-killing-of-7-in-jharkhands-singhbhum-district-say-police-1696551. 


32 “Indicators of News Media,” Gallup, Inc., 2018, https://kf-site- — . . ; i i 
production.s3.amazonaws.com/media elements/files/000/000/216/original/KnightFoundation Panel4 Trust Indicators FINAL.pdf. 
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The key to this system is the attention of users. The more alluring the content, the greater the time on the 
platform, and thus the greater the potential profit.? Therefore, social media platforms have an incentive to 
provide their users with an array of clickbait because doing so increases the revenue generated by selling 
online advertisements.** 


By customizing user content, a platform effectively connects users with others who share similar views and 
interests. These platforms stoke the curiosity of users who want to discover what other users like them are 
wearing, watching, reading, and thinking.?? The algorithms that determine what content will be displayed 
to individual users are designed to feed users more of what they want to know, not necessarily what they 
should know. The end result of this process is the creation of “echo chambers" where content inconsistent 
with a user's preferences fails to appear in his or her newsfeeds and other content-distribution channels. 


For many people in the United States, social 
The Pervasiveness of Russian Disinformation media platforms have become an important 


CA s: ec =} source of news. According to the Pew 
This is why when we focus on social media effects of . 

Russian disinfo, we completely miss the point. This is a multi Research Center, in 2018, less than 38% of 
RITTER ESCAS RIEVUEE any segment of the U.S. population relied 
invo) Su SETS E ETANO often on print newspapers. Only 16% of 
US. political discourse...disinformation is often seeded at the Americans between the ages of 18 and 29 
bottom of the environment and trickles into more mainstream 
sites, but eventually it hits media and political influences. We 
cant measure the effects of disinfo through votes, but we can 
note where it becomes part of mainstream discourse. 


relied often on television news broadcasts; 
whereas 36% of this demographic group 
relied often on social media for news." 
Overall, 68% of Americans get news on 


Source: Kate Starbird (University of Washington), Twitter Post, 
July 9, 2019, 11:10 AM, : 
https://twitter.com/katestarbird/status/1148610356895289346 three percent (4396) of Americans get news 


on Facebook.?? 


social media from time to time.*® Forty- 


The customization of content on social media platforms makes these platforms especially susceptible to 
disinformation campaigns.*° Users can share information online easily and quickly, often doing so without 
verifying the accuracy of the shared information.*! Although 79% of U.S. adults believe that steps should 
be taken to rein in fake news stories,“ 23% have shared fake news, knowingly or unknowingly, with friends 
and other people online.? Because search algorithms provide results tied to prior online behavior, search 


33 Tim Hwang. ‘Digital Disinformation: A Primer,” Atlantic Council, September 2017, https://www.atlanticcouncil.org/wp- 
content/uploads/2017/09/Digital Disinformation Primer web 0925.pdf. 


?! Allcott Hunt and Matthew Gentzkow, “Social media and fake news in the 2016 election,” Journal of Economic Perspectives, vol. 31, no. 2. 
2017, pp. 1—28, https://web.stanford.edu/~gentzkow/research/fakenews.pdf. 


5 Lee Ross (professor of psychology, Stanford University), in discussion with the authors, June 27, 2019. 


36 Elisa Shearer, “Social Media Outpaces Print Newspapers in the U.S. as a News Source,” Pew Research Center, December 10, 2018, 
https://www.pewresearch.org/fact-tank/2018/12/10/social-media-outpaces-print-newspapers-in-the-u-s-as-a-news-source/. 


37 Elisa Shearer, “Social Media Outpaces Print Newspapers in the U.S. as a News Source," Pew Research Center, December 10, 2018, 
https://www.pewresearch.org/fact-tank/2018/12/10/social-media-outpaces-print-newspapers-in-the-u-s-as-a-news-source/. 


38 “News Use Across Social Media Platforms 2018,” Pew Research Center, September 12, 2018, https://www.journalism.org/2018/09/10/news- 
use-across-social-media-platforms-2018/. 


?? A.W. Geiger, “Key Findings about the Online News Landscape in America,” Pew Research Center, September 11, 2019, 
https://www.pewresearch.org/fact-tank/2019/09/1 1/key-findings-about-the-online-news-landscape-in-america/. 


% Paul Oliver, “The State of Disinformation on Social Media," NYU Center for Data Science, April 23, 2018, https://medium.com/center-for- 
data-science/the-state-of-disinformation-on-social-media-397d3c30f56a. 


4! Mike Wood, “How Does Misinformation Spread Online?,” Psychology Today, December 6, 2018, _. 
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55 Denise-Marie Ordway, “Fake News and the Spread of Misinformation," Journalist's Resource, September 1, 2017, 
https://journalistsresource.org/studies/society/internet/fake-news-conspiracy-theories-journalism-research/. 
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returns will likely conform to users’ preexisting biases. This content will seem more credible, at least 
initially, than content that flies in the face of these biases.“ The desire of users to distinguish fake news 
from real news is often minimal when the news is emotionally compelling.? In the eyes of the user, the 
emotional appeal of the information may outweigh an interest in its trustworthiness. 


As information is shared from user to user, the cumulative impact of this sharing may seem to render this 
information more legitimate due to the fact that so many users have shared it.*° In other words, “if you 
make it trend, you make it true.”*’ Popularity trumps accuracy. 


Threat actors take advantage of the design of social media platforms and how users share information to 
target specific users and groups with disinformation in the hope that these users will spread this 
disinformation throughout the information environment. The easy transference of online information 
between users and platforms increases the effectiveness of modern disinformation campaigns. 


During the 2016 U.S. presidential election campaign, the Internet Research Agency (IRA), based in Russia, 
created fake social media accounts by pretending to be U.S. citizens, operated fraudulent social media 
pages, and formed phony online groups all designed to attract U.S. audiences. On Twitter alone, the IRA 
created approximately 3,000 fake accounts that posted over 10 million tweets.** These accounts had over 
6.4 million followers and followed 3.4 million other Twitter accounts.” 


By capitalizing on divisive U.S. political and social issues and identifying U.S. audiences vulnerable to 
manipulation on social media, the IRA drew the attention of users with tantalizing content and was able to 
insert disinformation into the information environment where it spread rapidly and eventually metastasized 
to other social media platforms.*° Mainstream news outlets, which monitored social media platforms for 
trending topics and reported on those topics, expanded the reach of this disinformation, highlighting how 
the ease of information transfer facilitates the effectiveness of modern disinformation campaigns.?! 


THE MOTIVES OF THREAT ACTORS 


The sheer volume of information on the internet makes any attempt to rid the internet of inaccurate 
information, fake news, doctored audiovisual media, disinformation, or any other undesirable content a 
herculean, if not impossible, task. Therefore, government and industry leaders must focus their resources 
on identifying and neutralizing the greatest threats. One way to assess and prioritize threats is to identify 
suspected disinformation threat actors through understanding the motives for their campaigns.” 
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Twitter," The Verge, August 13, 2019, https://www.theverge.com/interface/20 1 9/8/13/20802974/twitter-trending-epstein-conspiracy-theories. 


x Kaley Leetaru „Stopping Disinformation Requires Measuring And Understanding It Not Just Monitoring And Debunking It," Forbes, April 
27, 2019, https://www.forbes.com/sites/kalevleetaru/2019/04/27/stopping-disinformation-requires-measuring-and-understanding-it-not-just- 


monitoring-and-debunking-it/257d3f1df5fd3. 
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Understanding why a piece of disinformation is directed at a specific audience will provide purchase on 
how to direct resources to negate the actor and mitigate the campaign. 


Once one understands the motives of a threat actor, one may gain clarity on the objectives of specific 
disinformation campaigns, thus providing insight into how to neutralize the campaign and better predict the 
events and audiences who could be targeted in the future. The motives for disinformation campaigns are 
diverse and often mixed. Motivations can be financial (e.g., Macedonian threat actors’ scheme to create ad 
revenue through incendiary content about a U.S. election®), political (e.g., push polling to plant false 
information in the minds of potential voters™ or interest groups creating false social media content about 
an opponent to divide a voting bloc”), ideological (e.g., disagreement over a corporation's use of a social 
Issue in its advertising, see Nike example below), legal/reputational (e.g., defense lawyers preventing 
reputational harm for a high-profile client and/or perpetrating harm against a defendant”), or a combination 
thereof. 


The following two pages offer case studies of disinformation threat actors motivated by different factors — 
the first, a nation-state motivated to slow the economic and technological progress of its adversaries 
(Russian Promotion of 5G Dangers); the second, ideologically-motivated actors conducting a low-budget 
campaign to tarnish a major corporation (Campaign to Damage Nike Brand). 


9 Samanth Subramanian, “Inside the Macedonian Fake-News Complex," Wired, February 15, 2017, https://www.wired.com/2017/02/veles- 
macedonia-fake-news/. 

4 Richard Gooding, “The Trashing of John McCain," Vanity Fair, September 24, 2008, 

https://www. vanityfair.com/news/2004/1 1/mccain20041 1; Jennifer Steinhauer, “Confronting Ghosts of 2000 in South Carolina," New York 
Times, October 19, 2007, https://www.nytimes.com/2007/10/19/us/politics/19mccain.html. 

55 Scott Shane and Alan Binder, *Democrats Faked Online Push to Outlaw Alcohol in Alabama Race," New York Times, January 7, 2019, 
https://www.nytimes.com/2019/01/07/us/politics/alabama-senate-facebook-roy-moore.html; Scott Shane and Alan Binder, “Secret Experiment in 
Alabama Senate Race Imitated Russian Tactics," New York Times, December 19, 2018, https://www.nytimes.com/2018/12/19/us/alabama-senate- 
roy-jones-russia.html?module-inline. 

56 Michael Barbaro, “Keeping Harvey Weinstein’s Secrets, Part 1: Lisa Bloom,” New York Times, podcast audio, September 18, 
2019, https://www.nytimes.com/2019/09/18/podcasts/the-daily/harvey-weinstein-lisa-bloom.html. 
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Attribution 


Ascertaining the intent of a threat actor can be difficult if the identity of the threat actor is not known.?' 
Attributing a targeted disinformation campaign to a specific threat actor is often a painstaking process.?? 
Developments in technology and tactics that help mask the identity of threat actors outpace developments 
in technology and tactics that unmask these threat actors, especially as threat actors become more adept at 
exploiting authentic users.? The process of assessing the threat actor can be facilitated by making three 
preliminary determinations: (1) Is the threat actor based inside or outside the United States?; (2) Is the threat 
actor a nation-state, backed by a nation-state, or independent of a nation-state?; and (3) Is the purveyor of 
disinformation a witting or unwitting agent? 


Domestic or Foreign-Based: The physical location where the disinformation originated may offer some 


clues as to the motives ofthe threat actor. A targeted disinformation campaign that originates in Mississippi 
whose purpose is to enflame racial tensions in the United States will have different implications than an 
identical campaign that originates in Tehran. Fixing the location where the disinformation originated will 
also help to determine which responses to the disinformation are available and which entities are best suited 
to respond. 


State or Non-State Affiliation: State-sponsored threat actors generally have more resources available to 
conduct disinformation campaigns than threat actors not backed by nation-states and therefore the resources 


to sustain and protect these campaigns over an extended period of time. Different tools are available to 
respond to the actions of nation-states, as opposed to the actions of non-state actors. The former is a matter 
of international relations and national security; the latter may be best addressed through the criminal justice 
system. 


Witting or Unwitting Agents: Threat actors are witting purveyors of disinformation—people or entities 
directly supporting a disinformation campaign and aware of the campaign's malign motives. Threat actors 
should be distinguished from unwitting agents, people or entities supporting a disinformation campaign 
while unaware of the malign motives underlying the campaign. A “useful idiot" is a type of unwitting agent 
who is perceived to be sympathetic to the actor's cause, but does not comprehend the objectives of the 
campaign. Unwitting agents often spread disinformation not knowing that he or she is participating in a 
disinformation campaign. Responses to the different threat actors will vary depending on their level of 
intentional involvement in the targeted disinformation campaign. 


The Role of Bots in Disinformation Campaigns 


Threat actors can amplify disinformation through the use of bot networks, social media followers, or pre- 
established accounts. Bots are computer algorithms designed to execute specific online tasks autonomously 
and repetitively.9? They simulate the behavior of human beings in social networks, interacting with other 


57 Alice Marwick and Rebecca Lewis, “Media Manipulation and Disinformation Online,” Data & Society, May 15, 2017, 
https://datasociety.net/pubs/oh/DataAndSociety MediaManipulationAndDisinformationOnline.pdf. 

58 David E. Sanger, Jim Rutenberg, and Eric Lipton. *Tracing Guccifer 2.0's Many Tentacles in the 2016 Election." New York 
Times, July 15, 2018, https://www.nytimes.com/2018/07/15/us/politics/guccifer-russia-mueller.html. 

*? Elizabeth Bodine-Baron, Todd C Helmus, Todd C., Andrew Radin, and Elina Treyger, “Countering Russian Social Media 
Influence,” RAND Corporation, 2018, 
https://www.rand.org/content/dam/rand/pubs/research_reports/RR2700/RR2740/RAND_RR2740.pdf. 

6 “How Is Fake News Spread? Bots, People like You, Trolls, and Microtargeting,” Center for Information Technology and Society, U.C. Santa 
Barbara, accessed September 17, 2019, https://www.cits.ucsb.edu/fake-news/spread. 
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users and sharing information and messages.°! Millions of bots spread information on social media 
platforms such as Facebook, Twitter, and Instagram. According to a 2017 estimate, there were 23 million 
bots on Twitter (around 8.596 of all Twitter accounts), 140 million bots on Facebook (up to 5.596 of all 
Facebook accounts) and approximately 27 million bots on Instagram (8.2% of all Instagram accounts).?? 
These three platforms alone contained 190 million bots—more than half the number of people who live in 
the entire United States. These zombie-like accounts often sit dormant, waiting for external activation to 
begin their preassigned tasks on the platform. Bot accounts are advertised and sold legally on a number of 
websites. See the table below for an example of publicly available plans to purchase bots. 


2000 Followers 


1000 Followers 5000 Followers 10000 Followers 


$122 $25.24 $58.26 $110.05 


3 World-wide followers - 
World-wide followers World-wide followers World-wide followers 


Less than 24 hours delivery 
Less than 24 hours delivery Y Less than 24 hours delivery Less than 24 hours delivery 


Bot Followers 
Bot Followers Bot Followers Bot Followers 


Secure Paypal payments 
Secure Paypal payments i Secure Paypal payments Secure Paypal payments 


10096 Money back guarantee 
10096 Money back guarantee pde 9 10096 Money back guarantee 10096 Money back guarantee 


BUY NOW BUY NOW | BUYNOW | BUY NOW 


Source: “Fake Twitter Followers (Bots)," CompraSocialMedia.com, accessed September 19, 2019, https://www.compra- 
seguidores.com/en/buy-fake-followers/. 


DISINFORMATION KILL CHAIN 


The “connectedness” of modern society and the free availability of content distribution platforms has 
greatly increased the scope, scale, and speed of disinformation campaigns. Disinformation campaigns are 
not a new phenomenon. While the scale of attack, scope of impact, and speed of execution of modern 
disinformation campaigns have brought new attention to the issue, the fundamental elements of such 
campaigns pre-date the internet. The cyber kill chain model™ serves as an inspiration for the following 
framework, which outlines the basic structure of these campaigns. 


9! “How Is Fake News Spread? Bots, People like You, Trolls, and Microtargeting,” Center for Information Technology and Society, U.C. Santa 
Barbara, accessed September 17, 2019, https://www.cits.ucsb.edu/fake-news/spread. 

8 “How Is Fake News Spread? Bots, People like You, Trolls, and Microtargeting,” Center for Information Technology and Society, U.C. Santa 
Barbara, accessed September 17, 2019. https://www.cits.ucsb.edu/fake-news/spread. 

& “How Is Fake News Spread? Bots, People like You, Trolls, and Microtargeting," Center for Information Technology and Society, U.C. Santa 
Barbara, accessed September 17, 2019. https://www.cits.ucsb.edu/fake-news/spread. 

The Cyber Kill Chain®, Lockheed Martin, https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html. 
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DISINFORMATION KILL CHAIN 


I» —XPIDIDIOÓD 


"Find the cracks" "Weaponize" “Launch Campaign" "Fertilize" "Watch it grow" “Manipulate” “Harvest” 


ANALYZE TARGET COMPUTING ARTICLE ABOUT INAUTHENTIC ACTIONS ON 
AUDIENCE INFRASTRUCTURE ORIGINAL POST ACCOUNTS OBJECTIVE 
ANALYZE INFO PREPARE SELECT INITIAL SHARE OR MANUFACTURE DESIRED TARGET 
ENVIRONMENT ENVIRONMENT DROP POINTS RETWEET CONSENSUS BEHAVIOR 
DESIGN ACTIVATE DUPLICATE VIA AUTHENTIC DENY THERE IS NO 
EXECUTION PLAN PERSONAS OTHER ACCOUNT VOICES INVOLVEMENT “TRUTH” 


Note: A disinformation threat actor may skip steps in the kill chain process. However, doing so can reduce the effectiveness of the campaign and erode protections 
aimed at obfuscating the identity and objectives of the actor. Source: The MITRE Corporation 


Campaign objective: A threat actor starts with an objective, such as changing a population’s opinion on a 
topic (Brexit, war in Syria, Hong Kong protesters), steering voters toward a preferred candidate, or offering 


a counternarrative to the status quo. 


]. Reconnaissance: Analyze target audience and how information flows through the target's 
environment, identify societal fissures to exploit, and design campaign execution plan. 


2. Build: Build campaign infrastructure (computing resources, operational staff, initial accounts, 
personas, bots, and websites). Sophisticated threat actors may prepare the environment through 
tailored diplomatic, propaganda, and/or official messaging. 


3. Seed: Create fake and/or misleading content, then launch campaign by delivering content to initial 
seeding locations such as online forums or social media platforms. Delivering content to multiple 
locations using different accounts can create the illusion that there are multiple sources for a story. 


4. Copy: Write articles, blogs, and/or new social media posts referencing the original story. Witting 
agents can assist by using their media platforms for seemingly authentic distribution. The copy 
phase is a form of “information laundering,” laying the groundwork for amplification by adding 
legitimacy to poorly sourced stories. 


5. Amplify: Amplify content by pushing the story into the communication channels of the target 
audience. The use of bots and inauthentic accounts help provide momentum, then the content may 
be distributed by other witting agents (quasi-legitimate Journalists) and unwitting agents (useful 
idiots). Successful amplification will result in the content being distributed by authentic voices, 
such as the mainstream media, which provides a trending effect and subsequent amplification by 
other unwitting agents and the target audience (1.e., now the unwitting audience is spreading 
misinformation because they do not know it is false and want to be helpful by informing their 
peers). 


6. Control: Control the effect and manipulate the target's reaction by infiltrating conversations about 
the content. Incite conflict and/or strengthen the illusion of consensus by trolling comment sections 
of online posts. If a threat actor is accused of propagating disinformation, he or she may deny it 
vehemently, offer a counternarrative, and/or accuse an opposing party of planting the story. 


7. Effect Target actualizes the desired effect, such as voting for a preferred candidate, expressing 
behavior against a preferred group, or losing faith in the very 1dea of truth. 
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A threat actor may skip steps in this process, but doing so can reduce the effectiveness of the campaign and 
make it more difficult to mask the identity and objectives of the threat actor. Well-resourced threat actors 
may support and enable their campaigns through use of the entire influence toolkit, including economic and 
diplomatic activities, public relations, and espionage. 


Case Studies 


Below are two examples of disinformation campaigns executed by state-sponsored threat actors, which 
illustrate the phases of the disinformation kill chain. 


In the first example, a fake story about the purported political assassination of Seth Rich, an employee of 
the Democratic National Committee (DNC), made its way from a Russian propaganda and conspiracy 
website, through Fox News, and into mainstream American discourse. It is important to note that Seth 
Rich's murder has remained unsolved, but no evidence has emerged which suggests that his death was a 
political assassination. The Rich family sued Fox News for “intentional infliction of emotional distress.” 
Fox News later retracted the article, saying “the article was not initially subjected to the high degree of 
editorial scrutiny we require for all our reporting."6 Despite the retraction, high-profile Fox News 
personalities continued to discuss the conspiracy. After it trended, it was “true.” Examples of content from 


the Seth Rich conspiracy are followed by an outline of the campaign (note the involvement of Russia’s UK 


Embassy): 
bu Roger Stone tx 22> Follow 


Four more dead bodies in the Clinton's wake. 
Coincidence? | think not.@ClintonsWar 


4h MYSTERIOUS DEATH CONNECTED 


TO THE DNC IN LESS THAN A MONTH! 
m 


Ne 
LE 


Democratic staffer Seth UN official John Ashe, Victor Thorn, author Shawn Lucas, Lead 
Conrad Rich, only 27, died suspiciously the of books exposing Attorney in the Anti- 
was shot in his back day before he was set the Clintons, found Clinton DNC Fraud 
multiple times on his to testify as a top dead of a gunshot case and a Bernie 
way to meet with the official against the wound ona Sanders supporter 

FBI to discuss election DNC and Hillary mountain top near found dead at home 

fraud on 7/10/16 Clinton on 6/22/16. his home on 8/1/16. on 8/4/16. 


65 Avie Schneider, “Appeals Court Reinstates Lawsuit Against Fox News Over Seth Rich Story," NPR, September 13, 2019, 
https://www.npr.org/2019/09/13/76068 1773/appeals-court-reinstates-lawsuit-against-fox-news-over-seth-rich-story. 


$6 “Statement on coverage of Seth Rich murder investigation,” Fox News, May 23, 2017, https://www.foxnews.com/politics/statement-on- 
coverage-of-seth-rich-murder-investigation. 
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Russian Embassy, UK 9 ( "--M 

@RussianEmbassy M. Lh 
#WikiLeaks informer Seth Rich murdered in 
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Russian hackers to take notice. 


^ 


g 5 
WHO KILLED fha 


SETH RICH? 


4:13 AM - 19 May 2017 


6819 Retweets 7703.65 — ASOITA 


Sean Hannity 9 
Gseanhannity 


Congress, investigate Seth Rich Murder! 
@JulianAssange made comments u need to 
listen to! If Seth was wiki source, no 
Trump/Russia collusion 


Kim Dotcom 9 GKimDotcom 
Excellent and comprehensive reporting of FACTS. #SethRich 
twitter.com/cassandrarules 


2:42 PM - 21 May 2017 


13,317 Retweets 21,045 Likes ee e 2 we 2 "^o 


PL 


ANNOUNCE: WikiLeaks has decided to issue 
a US$20k reward for information leading to 
conviction for the murder of DNC staffer Seth 
Rich. 


5:58 AM - 9 Aug 2016 


11,170 Retweets 1127200 qf eg OMS 
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CASE STUDY THREAT ACTOR 
Seth Rich Murder (2016) Russian Foreign Intelligence Service (SVR) 
AFFILIATION TARGET AUDIENCE OBJECTIVE MOTIVE 
Counternarrative: Deflect special counsel 
State-sponsored US population investigation; if Seth Rich leaked the emails, then Political 
Russia wasn't involved with the DNC hack 


Seth Rich was a staffer for the Democratic National Committee; he leaked DNC emails to Wikileaks and planned to 


NARRA report wrongdoing by the Hillary Clinton campaign to the FBI; Clinton-affiliated assassins murdered him. 


PHASE PRIMARY PLATFORM PHASE DESCRIPTION AGENTS 


SVR circulates ficticious intel report about the 
. murder; citing "Russian intelligence," an article is 
SVR bulletin; : : : : 
Seed . published to an obscure website suggesting Rich threat actor 
whatdoesitmean.com : : C 
was murdered by Clinton assassins; website is 


known source for Russian propaganda 


Reddit; alt-right sites; Twitter; RT; |... : . : threat actor; witting agents; 
gh Rich conspiracy story posted on Reddit and Twitter gag 


C . ui: 
aw Sputnik unwitting agents 


IRA bots repost story en masse; witting and 


Twitter; Facebook; YouTube; n à : E 
unwitting agents retweet; alt-right websites threat actor (bots); witting 


Ampli Infi ; America First Media; : vet ds NE 
fy oiii ee aggressively push the story; Fox News picks itup — |agents; unwitting agents 


BOX INPS and amplifies to mainstream US audiences 

Bots & trolls infiltrate organic online conversations 

discussing the story to sow divisions; Julian Assange 
Twitter comments; Fox News; suggests Seth Rich was source for Wikileaks; Fox — |threat actor (bots & trolls); 

Control YouTube; alt-right sites; RT; News continues to push the story; after Yahoo witting agents; unwitting 

Sputnik News report about SVR as source of conspiracy, a agents 

new disinformation effort begins to counter that 

narrative 


Sources: 


Michael Isikoff, “Exclusive: The true origins of the Seth Rich conspiracy theory. A Yahoo News Investigation,” Yahoo News, 
July 9, 2019, https://news.yahoo.com/exclusive-the-true-origins-of-the-seth-rich-conspiracy-a-yahoo-news-investigation- 
10000083 1.html. 


Charlie Mole, “Seth Rich: How a young man's murder attracted conspiracy theories,” BBC News, April 21, 2018, 
https://www.bbc.com/news/blogs-trending-43727858. 


The second example is the disinformation campaign launched against protestors in Hong Kong in 2019. 
Facebook and Twitter revealed that they had removed or suspended over 200,000 fraudulent accounts that 
were circulating information to discredit individuals and groups that had been protesting against the 
extradition bill pending in the Legislative Council of Hong Kong." This campaign, sponsored by the 
Chinese government, sought to discredit the protestors and the larger pro-democracy movement in Hong 
Kong. The fraudulent accounts, some of which claimed to be users with American identities, pushed 
narratives praising the police and depicting the protestors in Hong Kong as cockroaches and terrorists. 
The following are two disinformation items used in the campaign against the Hong Kong protests. 


57 Kari Paul, “Twitter and Facebook Crack down on Accounts Linked to Chinese Campaign against Hong Kong,” The Guardian, August 19, 
2019, https://www.theguardian.com/technology/2019/aug/19/twitter-china-hong-kong-accounts. 
$5 Marie C. Baca and Tony Romm, “Twitter and Facebook Take First Actions against China for Using Fake Accounts to Sow Discord in Hong 
Kong,” Washington Post, August 19, 2019, https://www.washingtonpost.com/technology/2019/08/19/twitter-suspends-accounts-it-accuses-china- 
coordinating-against-hong-kong-protesters/. 
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Source: Kate Conger, “Facebook and Twitter Say China Is Spreading Disinformation in Hong Kong," New York Times, August 
19, 2019, https://www.nytimes.com/2019/08/19/technology/hong-kong-protests-china-disinformation-facebook-twitter.html. 
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CASE STUDY THREAT ACTOR 
Hong Kong 2019 Protests Chinese Government 
AFFILIATION TARGET AUDIENCE OBJECTIVE MOTIVE 
State-sponsored Worldwide Audience Discredit the Pro- Democracy Movement Political 
NARRATIVE Individuals protesting the previously proposed extradition bill in Hong Kong bill are not credible and destructive to 
China. 
PHASE PRIMARY PLATFORM PHASE DESCRIPTION AGENTS 
Seed Facebook, Twiter Set up fake profiles as Americans from N evada, Chinese government; witting 
Ohio, and Texas with mainstream conservative views. |agents 
Copy Facebook, Twitter Create approximately 20,000 additional accounts to | witting agents; unwitting 
propogate similar information across platforms agents 
Twitter, Facebook, including paid 
Amplif advertisements from Chinese state. Bots and other user accounts repost story en masse; |witting agents; unwitting 
py run media (China Daily, Xinhua — [witting and unwitting agents retweet agents 
News, and CGTN) 
In response to the campaign, Twitter and Facebook 
shut down thousands ofaccounts. Twitter closed 
nearly 1,000 active accounts that were part ofthe 
E 5 m d 
bie pi roughly e it sanie and Classen (bots 
Control Facebook, Twitter lic: un ae er Gro M AC "a & trolls); witting agents; 
accounts, seven pages and three groups on its Vna asd 
platform. Facebook said that the pages it removed BUS 
had about 15,500 accounts following one or more 
pages, while 2,200 accounts joined at least one ofthe 
groups. 


Sources: Marie C. Baca and Tony Romm, "Twitter and Facebook Take First Actions against China for Using Fake Accounts to 
Sow Discord in Hong Kong," Washington Post, August 19, 2019, 
https://www.washingtonpost.com/technology/2019/08/19/twitter-suspends-accounts-it-accuses-china-coordinating-against-hong- 
kong-protesters/. 


Craig Timberg, Drew Harwell and Tony Romm, "In accusing China of disinformation, Twitter and Facebook take on a role 
they've long rejected," Washington Post, August 20, 201,. https://www.washingtonpost.com/technology/2019/08/20/after-twitter- 
facebook-blame-china-hong-kong-disinformation-government-defends-its-right-online-speech/?noredirect-o. 


Louise Matsakis, “China Attacks Hong Kong Protesters with Fake Social Posts," Wired, August 19 2019, 
https://www.wired.com/story/china-twitter-facebook-hong-kong-protests-disinformation/. 


COMBATTING THE ISSUE 


The rapid pace of innovations on social media platforms, the shifting tastes of users who skip from one 
platform to another, and the immense array of content on social media, and comparable forums make it 
extremely challenging for government entities and platform owners to monitor and regulate inauthentic 
behavior. Since no government or platform owner has unlimited resources to devote to combatting 
disinformation campaigns, the amount of effort and resources required to keep pace with ongoing 
campaigns detracts from the capacity to develop strategies and technology that might prevent future 
disinformation campaigns or mitigate the damage these campaigns might cause. Before turning to a 
response framework to combat disinformation campaigns, we will review current efforts by some of the 
major stakeholders. 
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Social Media Platforms 


While some major social media platforms have taken steps to limit disinformation on their platforms, these 
steps, in general, have been reactive in nature. The use of third-party fact checkers and the development of 
techniques to detect inauthentic accounts are examples of such steps.” During elections, Facebook has 
established “war rooms” to identify and respond to disinformation found on the platform.” Google has 
committed to sharing information concerning disinformation campaigns with law enforcement and other 
platforms when encountered."' However, these platforms are currently fighting a losing battle. As soon as 
one disinformation campaign is dismantled or inauthentic account deleted, another rears its ugly head, 
forcing the platforms to engage in a perpetual game of *whack-a-mole". 


Social media platforms are also implementing more proactive measures to combat disinformation 
campaigns. Facebook and Instagram now permit organizations, which buy political ads or issue-oriented 
ads on these platforms, to run these ads only under the identities that the platform has first verified. 


Following the takedown of the Hong Kong protest disinformation campaign described above, Twitter 
updated its advertising policies whereby it “will not accept advertising from state-controlled news media 
entities. Any affected accounts will be free to continue to use Twitter to engage in public conversation, just 
not our advertising products." Since social media platforms have a financial incentive to permit content 
that attracts user attention, whether factual or false, they are unlikely without external pressure to 
fundamentally adjust their business models." 


Government 


In many respects, government entities have a far more powerful and extensive arsenal with which to combat 
targeted disinformation campaigns than social media companies. Governments can impose economic 
sanctions and civil fines, arrest and prosecute, limit international travel, seize websites, and withdraw tax- 
exempt status. Governments can also attempt to pressure social media companies to modify their practices 
by exposing these practices to public scrutiny.” However, constitutional and other legal guarantees of free 
speech constrain government efforts to regulate the content of online information. 


The U.S. government's approach to combatting disinformation campaigns includes the establishment 
of special units whose focus is to counter foreign influence and share threat information with the private 
sector. Additionally, there is growing support for amending Section 230 of the Communications 
Decency Act, which could potentially make social media platforms civilly liable for content that 
users post on these platforms. 


® “Working to Stop Misinformation and False News," Facebook, April 7, 2017, http://www.facebook.com/facebookmedia/blog/working-to-stop- 
misinformation-and-false-news. 

? Davey Alba, “Facebook Tightens Rules on Verifying Political Advertisers," New York Times, August 28, 2019, 
https://www.nytimes.com/2019/08/28/technology/facebook-election-advertising-disinformation.html. 

7! Salvador Rodriguez, “The FBI Visits Facebook to Talk about 2020 Election Security, with Google, Microsoft and Twitter Joining," CNBC, 
September 3, 201, https://www.cnbc.com/2019/09/04/facebook-twitter-google-are-meeting-with-us-officials-to-discuss-2020-election- 
security.html. 

72 Nancy Scola, “Facebook Revamps Election Ad Rules amid Disinformation Fears," POLITICO, August 28, 2019, 
https://www.politico.com/story/2019/08/28/facebook-election-ad-rules-disinformation-1476638. 

® “Information Operations Directed at Hong Kong," Twitter, August 19, 2019, 

https://blog.twitter.com/en us/topics/company/2019/information operations directed at Hong Kong.html; “Updating Our Advertising Policies 
on State Media," Twitter, August 19, 2019, https://blog.twitter.com/en us/topics/company/2019/advertising policies on state media.html. 

^ Michael Posner, “How Social Media Companies Need To Address Disinformation Globally,” Forbes, June 16, 2019, 
https://www.forbes.com/sites/michaelposner/20 1 9/06/16/how-social-media-companies-need-to-address-disinformation-globally/#2d2e178e3f9f. 

7 Douglas Soule, “US Falls Behind EU in Responding to Disinformation Campaign,” The Globe Post, August 3, 2019, 
https://theglobepost.com/2019/08/03/us-eu-disinformation-response/. 
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Citizenry 


The brunt of the effort to combat disinformation campaigns ultimately falls on the users of social media 
platforms and other online forums. Without users willing to endorse and share disinformation, 
disinformation campaigns would be deprived of the fuel that powers them — “We have met the enemy and 
he is us.”’° Some researchers have likened the problem of making users less vulnerable to disinformation 
to inoculating a population against disease, suggesting that disinformation can infect a population similar 
to a virus." Media literacy campaigns can be an effective means of inoculating users against the disease of 
disinformation. The U.S.-based National Association for Media Literacy Education defines media literacy 
as "the ability to access, analyze, evaluate, create, and act using all forms of communication... Media 


literacy empowers people to be critical thinkers, effective communicators, and active citizens." 


There are indications that the American public sense the need to become more media literate. Studies 
indicate that news consumers had difficulty distinguishing between real news and disinformation during 
the 2016 U.S. presidential election.” These consumers thought accuracy, impartiality, and transparency 
were the most important factors in trusting news sources, and they want news organizations to do a more 
thorough job of vetting information on their websites and to provide more ready access to fact-checking 
resources.*” 


RESPONSE FRAMEWORK 


Mitigating the threat posed by sophisticated disinformation threat actors requires a whole-of-society 
response. Our recommendations revolve around three themes: hit the actor, hit the technology, and build 
public resilience. Fundamental to these themes is a culture of shared responsibility and a framework to 
share threat information across stakeholders in a way that protects the privacy of social media users. 


Hit the Actor 


Government Stakeholders: 


e Move aggressively to collect information regarding the order of battle, objectives, tactics, 
techniques, and procedures of disinformation threat actors; 


e Hold those actors accountable through a comprehensive approach involving diplomatic pressure, 
adversary engagement, criminal indictments, and daylighting their malign activities; 


e Develop a prioritized list of events disinformation threat actors are likely to target (elections, 
political events, military exercises, census, etc.) and convene “war rooms" to bring together 
appropriate public and private sector stakeholders to combat disinformation in real time. 


76 Thomas Fingar (Shorenstein APARC Fellow in the Freeman Spogli Institute for International Studies, Stanford University), quoting the Pogo 
comic strip from 1971 in discussion with the authors, June 28, 2019. 

7 Jon Roozenbeek and Sander van der Linden, “The Fake News Game: Actively Inoculating Against the Risk of Misinformation,” accessed 
September 17, 2019, https://www.cam.ac.uk/sites/www.cam.ac.uk/files/fakenews latest jrr aaas.pdf. 

7$ “Media Literacy Defined,” National Association for Media Literacy Education, accessed September 17, 2019, 
https://namle.net/publications/media-literacy-definitions/. 

” Darrell M. West, “How to Combat Fake News and Disinformation,” Brookings, December 18, 2017, https://www.brookings.edu/research/how- 
to-combat-fake-news-and-disinformation/. 

80 “Indicators of News Media Trust,” Knight Foundation, September 11, 2018, https://www.knightfoundation.org/reports/indicators-of-news- 
media-trust. 
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Social Media Platforms: 


e Improve disinformation discovery tools and promptly take down the threat actor's infrastructure 
upon discovery; 


e Share relevant signatures of disinformation campaigns with other platforms; 


e  De-emphasize content promulgated by overt authoritarian state-sponsored organizations. Further 
prohibit political advertisement by such organizations. 


Academia and Civil Society Researchers: Continue investigating active disinformation campaigns across 
the information environment and analyze past campaigns to better understand the threat actors, their 


motives, and their techniques. 


Hit the Technology 


Government Stakeholders: Continue funding research for the development of technical tools to identify 
disinformation campaign signatures across platforms, including coordinated inauthentic behavior (e.g., 
creation of false personas, creation of fraudulent groups and websites, deployment of bots and trolls, and 
other suspicious account activity) and associated inauthentic content (e.g., fake or manipulated video, audio, 
images, text, and documents). 


Industry and Academia: Design, build, and sell technical tools to identify and analyze disinformation 


campaigns across platforms. 


Social Media Platforms: Employ technical tools to rapidly identify and analyze disinformation campaigns. 


Build Resilience 


Educational Institutions: Educational programs, from primary through graduate level, should integrate 
media literacy into their curricula. Increased media literacy across society would build resilience in the 
face of disinformation attacks, hardening the nation's defenses against both foreign and domestic 
disinformation actors. Media literacy and mature information consumption could be framed as a patriotic 
choice in defense of democracy. 


Advocacy Groups: Advocacy and special interest groups (AARP, NAACP, Veterans of Foreign Wars, etc.) 
should promulgate media literacy information through their information distribution channels in a format 


tailored to their membership (e.g., The War on Pineapple).*! 


Government Stakeholders: 


e Transparency — Legislation should emphasize the importance of content transparency and 
authenticity. Follow through on Honest Ads Act proposed in the U.S. Senate, which currently has 
bipartisan support. The act would amend the 1971 definition of “electioneering communication" to 
include internet-based political advertising, making internet-based ads subject to the same 
disclosure requirements as television, radio, and print media. 


e Literacy — Fund research investigating the impact of disinformation campaigns across 
demographics and effective methods for providing media literacy education to those demographics. 


8! Department of Homeland Security, “The War on Pineapple: Understanding Foreign Interference in 5 Step," Cybersecurity and Infrastructure 
Security Agency, June 2019, https://www.dhs.gov/sites/default/files/publications/19 0717 cisa the-war-on-pineapple-understanding-foreign- 
interference-in-5-steps.pdf. 
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Academia and Civil Society Researchers: 


e Transparency — Continue investigating the methods and technical means to provide transparency 
to the source of online content, such as a "nutrition label" for content providers (i.e. the Trust 
Project).? 


e Literacy — Conduct media literacy research to identify trends in susceptibility to disinformation 
across demographics, the negative impact of disinformation campaigns, and approaches to 
providing media literacy education to susceptible populations. 


Social Media Platforms: 


e Transparency — Provide transparency regarding the geographic location of organizational page 
owners, history of name changes for the page, and apply "nutrition label" type information for 
organizational content providers. 


e Literacy — Make readily available for users information about the platform’s policies on 
disinformation and provide educational material about the judicious consumption of information 
online. 


News Media Organizations: 


e Transparency — Provide transparency regarding the source, author, and/or producer of news 
content, including their expertise, funding, conflicts of interest, and agenda. This information 
should be embedded with content and easily discoverable by consumers. News media organizations 
should strive to meet journalism standards of trustworthiness, such as citing sources, correcting 
mistakes, and avoiding conflicts of interest and political bias. Apply a news content "nutrition 
label” or Trust Mark® so consumers are aware of any explicit bias. 


Information Sharing 


An information sharing and analysis organization should be established with members from social media 
companies, research institutions, and news media organizations with the following objectives: 


1. Establish a repository of social media data accessible to vetted researchers. Data stored and shared 
in a way that ensures user privacy (a trusted third party may act as gatekeeper); 


2. Provide a framework for cross-platform analysis of disinformation campaigns to better understand 
threat actors, their tactics, and the impact of their activities; 


3. Promote the advancement of methodologies, technical tools, and strategies for detecting 
disinformation, neutralizing threat actors, and reducing the negative impact of disinformation; 


4. Facilitate information exchange between the federal government (appoint government lead 
responsible for disinformation issues) and social media companies; 


5. Provide a process for sharing real-time threat information in a way that ensures user privacy. 


82 «What Is the Trust Project and What Does It Do?,” The Trust Project, accessed September 17, 2019, 
https://thetrustproject.org/faq/#what_does_it_do. 


83 “What Is the ‘Trust Mark’?,” The Trust Project, accessed September 17, 2019, https://thetrustproject.org/faq/#trust_mark. 
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Test Aur DISINFORMATION KILL CHAIN 


I» . I)IDIDIO 


"Find the cracks" "Weaponize" “Launch Campaign" “Fertilize” “Watch it grow” “Manipulate” “Harvest” 


ANALYZE TARGET COMPUTING ARTICLE ABOUT INAUTHENTIC ACTIONS ON 
AUDIENCE INFRASTRUCTURE ORIGINAL POST ACCOUNTS OBJECTIVE 
ANALYZE INFO PREPARE SELECT INITIAL SHARE OR MANUFACTURE DESIRED TARGET 
ENVIRONMENT ENVIRONMENT DROP POINTS RETWEET CONSENSUS BEHAVIOR 
DESIGN ACTIVATE DELIVER DUPLICATE VIA AUTHENTIC THERE IS NO 
EXECUTION PLAN PERSONAS CONTENT OTHER ACCOUNT VOICES “TRUTH” 


RESPONSE FRAMEWORK Response Drivers 


— Government collection, analysis, diplomacy, regulation, and legal action 


f Technical tools for discovery and remediation ————— 
—  — Media literacy and content source transparency 4j 
f Public-Private Information Sharing 


Response Themes 


Hit the tech (Industry) Build resiliency (Society) 
Infrastructure / Seed Sites / Bots / Trolls Media Transparency / Media Literacy 


Note: A disinformation threat actor may skip steps in the kill chain process. However, doing so can reduce the effectiveness of the campaign and erode protections 
aimed at obfuscating the identity and objectives of the actor. Source: The MITRE Corporation 


CONCLUSION 


Since the events of the 2016 U.S. presidential election, the phenomenon of disinformation campaigns has 
received a great deal of attention, not just in the news media, but from government, academic, 
and commercial platforms determined to identify and understand it. While research efforts are plentiful, 
there is still much to learn about these campaigns and how best to defend against them. While it is not 
appropriate to dictate what media content Americans consume, we can, as researchers, suggest that 
opportunities for collaboration across interested sectors should continue to expand and to encourage 
public education to build resilience. 


In a media environment where mere popularity, attention, and trending imbue truth and legitimacy, 
the internet can become a turbo-charged rumor mill with no editorial board. Disinformation can generate 
a lot of activity in a very short period of time, but whether this disinformation amounts to little more than 
noise in the system or represents a genuine threat is often not readily apparent. This paper 
emphasizes the importance of understanding targeted disinformation campaigns in the interest of 
hardening public defense against them. This includes understanding the threat actors who propagate these 
campaigns, how users are prone to them in a complex information environment and gaining the ability to 
identify these campaigns through their tell-tale signs. 


Combatting disinformation campaigns by curtailing the free exchange of ideas could lead to a pyrrhic 
victory. Limits on free speech would further the objectives of threat actors seeking to weaken our 
democratic values. We must instead focus on building resilience, hitting the actor, and undermining their 
technical advantage. As these efforts mature, stakeholders can identify and counter campaigns “left of 
amplify,” thus neutralizing the threat to democratic society and maintaining the integrity of our information 
environment. 


Appendix: Disinformation Kill Chain 
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Threat Actor DISINFORMATION KILL CHAIN Caingsiii Objective 


J 


"Find the cracks" "Weaponize" "Launch Campaign" “Fertilize” “Watch it grow” “Manipulate” “Harvest” 


RESPONSE FRAMEWORK Response Drivers 


Government collection, analysis, diplomacy, regulation, and legal action 
Technical tools for discovery and remediation 


Media literacy and content source transparency 
Public-Private Information Sharing 


Response Themes 
Build resiliency (Society) 


Media Transparency / Media Literacy 


Note: A disinformation threat actor may skip steps in the kill chain process. However, doing so can reduce the effectiveness of the campaign and erode protections 


aimed at obfuscating the identity and objectives of the actor. Source! The MITRE Gorporation 
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INTELLIGENCE IN VIEW 


(U//FOUO) Online Foreign Influence Snapshot: August 2022 


(U//FOUO) We judge that narratives driven by Chinese, Iranian, and Russian state media, and proxy websites linked to these governments, often involve fact-based articles as well as editorials; these publications may include misinformation, 
disinformation, or factual but misrepresented information. This monthly "Snapshot" compiles English-language narratives, which we assess are intended for US and Western audiences, and highlights both consistent trends and emergent messaging, 
which we assess to reveal foreign actors' changing influence priorities. We judge that, typically, China uses state and proxy media—including US-based outlets—to try to shape diaspora conduct and US public and leadership views; Iran state media 
manipulates emerging stories and emphasizes Tehran's strength while denigrating US society and policy; and Russia uses both state and proxy media to amplify narratives seeking to weaken Washington's global position relative to Moscow's. This 
snapshot identifies the most persistent or emergent narratives being spread by these actors for English-speaking—probably US—audiences, as well as narratives of interest to Homeland Security stakeholders. 


OVERALL GRAPHIC CLASSIFICATION: UNCLASSIFIED//FOR OFFICIAL USE ONLY 


CHINA 


IRAN 


RUSSIA 
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KEY TAKEAWAYS 


(U//FOUO) Chinese state media continued July's 
heavy shift to Taiwan issues—away from significant 
focus on Ukraine or COVID-19—while also claiming 
that several US domestic controversies show a 
failing democracy. Outlets denounced visits to 
Taiwan by US politicians as political grandstanding, 
and as attempts to undermine the One-China policy. 


(U// FOUO) Iranian state media focused on 
long-standing narratives. Outlets praised 
Tehran's purported efforts to revitalize the Joint 
Comprehensive Plan of Action (JCPOA), while 
criticizing Washington's negotiating stance, 
and pushed stories of US social discord, 
including inflation and the search of the former 
president's property. 


(U// FOUO) Russian state media and proxy websites 
continued their heavy focus on Ukraine by blaming 
global economic, energy, and food insecurity on the 
Western response. They also alleged that Ukrainian 
military actions endangered the Zaporozhye 
nuclear power plant. Moscow further highlighted 

its support for Beijing after the Taiwan visits of 

US Congressional delegations. 


OFFICE  INTEELICENCE nO ANALYSIS 


23 SEPTEMBER 2022 


AUGUST CONSISTENT AND EMERGENT NARRATIVES 


(U) US CONGRESSIONAL VISITS TO TAIWAN 


the 2-3 August visit to Taiwan by 

the US Speaker of the House as a 
desperate act to boost Democrats’ popularity 
and interfere with China’s sovereignty; 
they also decried two later Congressional 
delegations as political showboating ahead of 
US midterm elections.* © 


Ü (U) Chinese state media denounced 


(U) JCPOA 


(U) Iranian state media criticized the 
c3 US position in JCPOA negotiations, 

asserting that Tehran has made 
reasonable demands and offered constructive 


solutions, while Washington was less 
committed to negotiating.*®*97° 


(U) WAR IN UKRAINE 


(U) Russian state media and 
g” proxies alleged Ukrainian 

military atrocities, and blamed 
Western support to Ukraine for price and 
energy inflation, and food insecurity. ?425:26.27 


(U) ONE-CHINA POLICY 


(U) Chinese state media 
amplified narratives alleging 
US provocations in the 


Taiwan Strait, claiming that Washington is 
undermining the One-China principle, and 
denouncing US actions as hegemonic and 
designed to destabilize Indo-Pacific stability.”®9 


(U) INFLATION 


(U) Iranian state media 
amplified stories on contentious 
US domestic issues, particularly 


the US inflation rate, resulting sacrifices by 
US citizens, increasing political turmoil due to 
the economy, and growing disapproval ratings 
for the current US president.?1:2223 


(U) ZAPROZHYE NUCLEAR POWER PLANT 


"PS. (U) Russian state media and 

BB proxies amplified allegations that 
the Ukrainian military shelled 

the Russia-held nuclear plant in Zaporozhye, 

Ukraine, blaming Kyiv for any potential 

nuclear disaster.?529.30 
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(U) US DOMESTIC ISSUES 


(U) Chinese state media amplified 
J=- news stories involving contentious 

US domestic issues such as alleged 
abuses of immigrants, neglect of veterans, gun 
control, and crime rates. They characterized these 
issues as showing that US democracy and leaders 
are ineffective and that Washington is hypocritical 
in critiquing human rights abuses abroad.*01412:13 


(U) MAR-A-LAGO SEARCH 


(U) Iranian state media amplified 
reporting about the search of the 

EA former president's Mar-a-Lago Club"5*^, 
criticisms of the DOJ and FBI, and discord 
between Republicans and Democrats. Outlets also 
pushed stories about supporters of the former 
president who allegedly sent death threats to the 
US Attorney General and held armed protests by 
FBI buildings.1^191627 


(U) US CONGRESSIONAL VISITS TO TAIWAN 


(U) Russian state media and proxies focused 
( on the visits to Taiwan by the US Speaker 

of the House and later congressional 
delegations, while promoting Russia's alliance with 
China as a sign of falling US global influence.?!?? 


22-389-IA 


Page 1259 of 3957 


UNCLASSIFIED//FOR OFFICIAL USE ONLY 


Source, Reference, and Dissemination Information 


Prepared By 
For Questions, Contact 


Privacy, Civil Rights, 
Civil Liberties, 
Intelligence Oversight 
Notice 


Definitions 


Malign Foreign 
Influence Collection 
and Analysis 
Methodology 


Page 1259 of 3957 


(u) Cyber Mission Center 
(u) DHS-SPS-RFI@hq.dhs.gov 


(U//FOUO) US persons linking, citing, quoting, or voicing the same arguments raised by 
these foreign influence activities likely are engaging in First Amendment-protected 
activity, unless they are acting at the direction or control of a foreign threat actor. 
Furthermore, variants of the topics covered in this product, even those that include 
divisive terms, should not be assumed to reflect foreign influence or malign activity 
absent information specifically attributing the content to malign foreign actors. This 
information should be considered in the context of all applicable legal and policy 
authorities to use open source information while protecting privacy, civil rights, and 
civil liberties. 


(U/FOUO) Foreign Influence: Any covert, fraudulent, deceptive, or unlawful activity of 
foreign governments — or persons acting on their behalf — undertaken with the purpose 
or effect of influencing, undermining confidence in, or adversely affecting 

US democratic processes or institutions or otherwise affecting socio-political sentiment 
or public discourse to achieve malign objectives. 


e  (U//FOUO) Covert Influence: Activities in which a foreign government hides its 
involvement, including the use of agents of influence, covert media 
relationships, cyber influence activities, front organizations, organized crime 
groups, or clandestine funds for political action. 


e (U//FOUO) Overt Influence: Activities that a foreign government conducts 
openly or has clear ties to, including the use of strategic communications, 
public diplomacy, financial support, and some forms of propaganda. 


(u/FOUO) Disinformation: A foreign government's deliberate use of false or misleading 
information intentionally directed at another government's decisionmakers and 
decision-making processes to mislead the target, force it to waste resources, or 
influence a decision in favor of a foreign government's interests. 


(u/FOUO) Malinformation: An adversary's deliberate use of otherwise verifiable 
information with malicious intent, such as by amplifying the information selectively or 
out of context, or to the detriment of specific persons. 


(U/FOUO) Misinformation: An adversary's use of false or misleading information. An 
adversary's intent can change misinformation to disinformation. 


(U//FOUO) The Office of Intelligence and Analysis (I&A) collects and receives reporting 
on messaging from foreign governments or any entity assessed to be operating on 
behalf of a foreign power, including reporting on covert, fraudulent, deceptive, and 
unlawful activities undertaken with the purpose or effect of influencing, undermining 
confidence in, or adversely affecting our democratic processes or institutions or 
otherwise affecting socio-political sentiment or public discourse to achieve malign 
objectives. 


(U/FOUO) This reporting includes state-controlled media outlets — some that are 
officially registered under the Foreign Agents Registration Act —as well as covert proxy 
websites and social media accounts we assess are operated by foreign governments or 
entities operating on behalf of a foreign power. 


(U//FOUO) I&A routinely reviews the totality of this malign foreign influence content 
and, in the case of this report, identified a number of prominent COVID-19, domestic, 
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and socio-political themes regularly presented by these actors since the beginning of 
2020. 


(U/FOUO) Federal, state, local, and private sector stakeholders. 


u) Warning: This document is UNCLASSIFIED/ /FOR OFFICIAL USE ONLY 

(U/ / FOUO). It contains information that may be exempt from public release under the 
Freedom of Information Act (5U.S.C. 552). It is to be controlled, stored, handled, 
transmitted, distributed, and disposed of in accordance with DHS policy relating to 
FOUO information and is not to be released to the public, the media, or other personnel 
who do not have a valid need to know without prior approval of an authorized DHS 
official. State and local homeland security officials may share this document with 
authorized critical infrastructure and key resource personnel and private sector 
security officials without further approval from DHS. 


(u) Warning: This product contains US person information that has been deemed 
necessary for the intended recipient to understand, assess, or act on the information 
provided. It has been highlighted in this document with the label USPER and should 
be handled in accordance with the recipient's intelligence oversight and/or information 
handling procedures. Other US person information has been minimized. Should you 
require the minimized US person information on weekends or after normal weekday 
hours during exigent and time sensitive circumstances, contact the Current and 
Emerging Threat Watch Office at 202-447-3688, CETC.OSCO@hq.dhs.gov. For all other 
inquiries, please contact the Homeland Security Single Point of Service, Request for 
Information Office at DHS-SPS-RFI@hq.dhs.gov, DHS-SPS-RFIGdhs.sgov.gov, DHS- 
SPS-RFIGdhs.ic.gov. 
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Who We Are 
Carnegie Carnegie Mellon University 
del n = . . . . . . 
COH * Pioneering discoveries that enrich the lives of people 
JOMWaAre 
Engineering on a global scale 


Institute 


* Turning disruptive ideas into success through 
leading-edge research 


Software Engineering Institute 
* Bringing innovation to the U.S. government 


* Researching software engineering, cybersecurity, 
and artificial intelligence 


CERT Division 
* Giving birth to modern cybersecurity 
e Strengthening the resilience of systems and networks 
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Why is disinformation an insider risk problem? 


* BLUF — adversaries can exploit and recruit insiders by way of mis-, dis-, and malinformation 


One possible example: 


* Theory of psychological reactance - "an unpleasant motivational arousal that emerges when people 
experience a threat to or loss of their free behaviors. It serves as a motivator to restore one's freedom." 
(Steindl et al. 2015) 


Individuals experiencing reactance as a result of actions or perceived actions of an organization may 
engage in organizational deviance. 


* Such individuals may now be susceptible to influence from adversarial entities seeking to harm the 
organizations that the individual is a member of. 


Possible triggers 
* Office requirement 
* Vaccination reqs. 
* Extremists ideologies 
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From Insider Threat to Insider Risk 
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What is an "Insider Threat"? 


* Malicious Insider 


* acurrent or former employee, contractor, or business partner who meets the following 
criteria: 


* hasor had authorized access to an organization's network, system, or data 


e has intentionally exceeded or intentionally used that access in a manner that negatively 
affected the confidentiality, integrity, or availability of the organization's information or 
information systems 


* Can also be inadvertent (non-malicious) 
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From Insider Threat to Insider Risk 


* Insider Threat: Insider threat for an organization is the potential for an insider to use their access, 
either maliciously or unintentionally, to act in a way that could negatively affect the organization. 


* [nsider Risk: Insider risk is the potential for loss associated with the realization of an insider 
threat. 


As a discipline, we are moving away from a purely threat hunting mindset to one of risk 
management. 
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Insider Risk and External Threat 


* Insider risk is unique in organizational security in that the potential threat agents play 
fundamental roles in accomplishing the organization's mission. 


* Insider goodwill is essential to both keeping intentional insider risk to a minimum and ensuring 
organizational success generally. 


* External adversaries can potentially use mis- dis- and malinformation with coordinated 
information maneuver campaigns to target trusted insider. 
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Mis- Dis- and Malinformation 
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What does "disinformation" mean? 
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Untangling the Terms 


DISINFORMATION 

Information that is false and spread specifically by those who DO know it's not true. 
MISINFORMATION 

Information that is false but spread by those who DON'T know it's not true. 
MALINFORMATION 


Information that is based on fact but is spread — out of context — by people intending to mislead or 
cause harm. 


Source: H - | n 
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Why are disinformation, misinformation, and malinformation 
spread? 
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* Building community 
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How does disinformation, misinformation, and malinformation spread? 


* Bots 

* Trolls ° 

e Bogus news outlets O ° | 
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Cybersecurity and Social Cybersecurity 


* Ascientific disciplineto help us recognize and understand what's happeningto us online and be able to see it 
coming 


* Figuring out how to build policy and tech that protects society from social cyber threats 


* CYBERSECURITY * SOCIAL CYBERSECURITY 
* Hacking machines * Hacking people 
e Harming confidentiality — * Capturing hearts and minds 


* Compromising data 
integrity and availability 


Source: 
IDeaS Center, CMU H = | n 
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Conversations around Insider Threat in Public Forums 
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Conversations around Insider Threat 


* Why look at public conversation? Unlikely to find any insider threats... 
e ...but, there may be actors trying to shape the conversation to their own ends — corporations, 
nation-states, etc. 


* Understanding the conversation will lead to informed research 
* Wisdom of the crowd 
* Data for computational modeling 


* Research question: Can network analytical techniques be used to discover the nature of public 
conversations around insider threat and related organizational threats? 
* Gain situational awareness around public discourse 


Source H - | 
IDeaS Center, CMU n 
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Collection Methods 
* Use Python package twarc to retrieve tweets from Twitter Search API V1 based on hashtag query 


e Tweets collected between March 27th and April 15t 2020 (there are gaps) 


* Import Twitter JSON data into ORA-PRO 
* ORA-PRO handles creating derived networks and basic stats. 


* Reporting and network visualizations 


Source: C-| IE 
l nter, CM n 
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Hashtag Collection 


Category Hashtags 


Hinsiderthreat Hinsiderattack #cyberes pionage Hdataloss 
Corporate Hindustrialespionage Htradesecrets Hembezzlement Hembezzling 


Nation-state #militarysecrets #s py #spying #s pies 
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Data Description 


Network Twitter JSON All Hashtags 
First tweet date | 2013-01-15 07:06:07-05 
Last tweet date | 2020-04-15 08:45:03-04 
Number of tweets | 13640 


Number of tweets with geotag 9 
Number of tweets with URL 4939 


Number of retweets 5826 


Number of tweeters 6260 


Number of verified tweeters 145 
Number of news agency tweeters 

Number of mentions 

Number of distinct hashtags 

Number of distinct hashtags used more than once 

Number of distinct words 

Number of distinct words used more than once 


Number of distinct locations 
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Understanding Networks 


* Node- red circles 
* Links (Edges) - lines between nodes 
* Unidirectional or bidirectional (asymmetric) 


* Can be multi-modal (different types of 
nodes) 


* Or multi-plex (different types of links) 
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Key Network Terms — Finding Actors of Interest 


* Super-spreader 
e A communicator who has exceptional ability to spread 


Sample Network for Talk Leisal 


information mi 
Moire ag ; Sbe Hester 
e Super-friends Detia g cy i kyani 
e A communicator who is exceptionally involved in | +  » Xavier 


. i E . . Gabe,’ ; ion f Victor 
dialogue with others (reciprocal communication) UM Cindyg. C SEDan © 77 Mabel 


Kai 
Benny ,* d 
* Echo Chamber jupes ? e Mattie 
. * Kin 
* A group of users and topics that are strongly Philippe," Je~ PT -e Zane 
interconnected at both the social and the knowledge Kasimir , . Fringes 5e Ditha 
level Abee“ 7 
ml ‘yMiriam 
Drake ^ Evart,^ 1 
Reginald g i » Claire 
Shawn 4 1 3 Damian 
Shamos} ne? 
¿Sidhartha 
Skylar g 
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Top Hashtag Visualization 


Twitter ZEON AR Fassa Argi- icid 


Y 
"4 ! 
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Hashtag Co-occurrence Network (General grouping) 


Twitter JSON Insider Risk General January 2021 «modified 


threats 
© treat. E17 „data o Equality Act2010 
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Twitter ISON General August De-ID 
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Conversations with Bots 


Source: C-Inl = 
ID nter, CM awe A 
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Bogus Security Accounts — Legitimate followers 
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Follow 
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Presence on Other Platforms 


Linguasphere 59-AAF -d 


— 

c 

E weeny 
2 World map with significant Nepali language 
speakers 

Dark Blue Main official language 

Light blue One of the official languages 
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Findings and Takeaways 


* Autonomous agents (bots) or semi autonomous agents (cyborgs) are present in public forum 
discussion 


* Studying the public conversation around a topic enables us to gain cyber situational awareness — 
Studying Insider Risk on Twitter is just one example 


Characterizing Public Conversations -» Social Cybersecurity 


* Understanding the public conversation can help us understand how to maintain and bolster 
organizational resilience 


Source: C-| 
ID nter, CM n 
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What can we do? 


Inoculation against MDM -> Increase Organizational resilience 


* The importance of positive deterrence 
* From Big Brother to Good Employer 


* Analogous to "hardening the workforce" 


* MDM Awareness 
* Think before you share 
* Fact checking 
* Media Literacy 
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Future work 


* Can we identify when insiders become susceptible? 
* Draw on social sciences: 
* Reactance 
* Normative conflict 
* Social identity theory 
* Social influence theory 


e Can we identify ways to recruit insider via information campaigns? 


* Computational Modeling 
* Inform models with network data 
* Can we simulate base rates of insider influence 
e ... and then, simulate policy interventions? 
* Inside - outside 
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Mr. Luke Osterritter 

Cybersecurity Researcher 

CERT Division, Software Engineering Institute, Carnegie Mellon 
CASOS/IDeaS, Institute for Software Research, Carnegie Mellon 


™ losterritter@sei.cmu.edu 


® https://www.sei.cmu.edu/our-work/insider-threat/ 
® https://www.cmu.edu/ideas-social-cybersecurity/ 
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Department of Defense 


INSTRUCTION 


NUMBER O-5240.21 
May 14, 2009 
Incorporating Change 1, November 19, 2010 


USD() 
SUBJECT: Counterintelligence (CT) Inquiries 


References: See Enclosure 1 


1. PURPOSE. This Instruction implements the policy in DoD Directive (DoDD) O-5240.02 
(Reference (a)) to assign responsibilities and establish procedures for conducting CI inquiries 
within the Department of Defense pursuant to the authority in DoDD 5143.01 (Reference (b)). 


2. APPLICABILITY. This Instruction: 


a. Applies to OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs 
of Staff and the Joint Staff, the Combatant Commands (CCMDs), the Office of the Inspector 
General of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all 
other organizational entities within the Department of Defense (hereafter referred to collectively 
as the “DoD Components”). 


b. Does not apply to general security functions such as inquiries, procedures, or personnel 
security investigations as defined in DoD Instruction (DoDI) 5200.01 (Reference (c)), DoD 


5200.1-R (Reference (d)), and DoD 5200.2-R (Reference (e)) or to information assurance (IA) 
monitoring as defined in DoDD 8500.01E (Reference (f)) and DoDI 8500.2 (Reference (g)). 


3. DEFINITIONS. Unless otherwise noted, the CI terms used in this Instruction are defined in 
Reference (a). 


a. Cl inquiry. For the purposes of this Instruction, “CI inquiry” has the same meaning as “CI 
preliminary inquiry,” defined in Reference (a). 


b. reasonable belief. Defined in DoD 5240.1-R (Reference (h)). 


This document contains information 
exempt from mandatory disclosure under 
the FOIA. Exemption 2 applies. 


FOR OFFICIAL USE ONLY 
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4. POLICY. It is DoD policy (Reference (a)) that the CCMDs and the Defense Agencies with 
organic CI capabilities may conduct CI inquiries. 


5. RESPONSIBILITIES. See Enclosure 2. 


6. PROCEDURES. See Enclosure 3. 


7. INFORMATION REQUIREMENTS. The information requirement contained in this 
Instruction is exempt from licensing in accordance with paragraphs C4.4.1., C4.4.7., and C4.4.8. 
of DoD 8910.1-M (Reference (i)). 


8. RELEASABILITY. RESTRICTED. This Instruction is approved for restricted release. 
demie tcov hc alc SECRET Internet Protoco-Network from the DeD 

It is available to users with 
Common Access Card authorization on the Internet from the DoD Issuances Website at 
http://www.dtic.mil/whs/directives. 


9. EFFECTIVE DATE. This Instruction is effective immediately. 


Wess DRS 


ames R. Clapper, Jr. 
Under Secretary of Defense for Intelligence 


Enclosures 
1. References 


2. Responsibilities 
3. Procedures 
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ENCLOSURE 1 


REFERENCES 


(a) DoD Directive O-5240.02, “Counterintelligence,” December 20, 2007 

(b) DoD Directive 5143.01, “Under Secretary of Defense for Intelligence (USD(I))," 
November 23, 2005 

(c) DoD Instruction 5200.01, *DoD Information Security Program and Protection of Sensitive 
Compartmented Information," October 9, 2008 

(d) DoD 5200.1-R, "Information Security Program," January 14, 1997 

(e DoD 5200.2-R, “Personnel Security Program," January 16, 1987 

(f) DoD Directive 8500.01E, “Information Assurance," October 24, 2002 

(g) DoD Instruction 8500.2, *Information Assurance Implementation," February 6, 2003 

(h) DoD 5240.1-R, “Procedures Governing the Activities of DoD Intelligence Components that 
Affect United States Persons," December 1, 1982 

(i) DoD 8910.1-M, “Department of Defense Procedures for Management of Information 
Requirements," June 30, 1998 

(j) Deputy Secretary of Defense Directive-Type Memorandum 08-032, “Establishment of the 
Defense Counterintelligence and Human Intelligence Center (DCHC)," July 22, 2008 

(k) DoD Instruction 3305.11, “DoD Counterintelligence (CI) Training," March 19, 2007 

(1) DoD Instruction 5240.04, *Counterintelligence (CT) Investigations," February 02, 2009 

(m) DoD Instruction 5240.6, *Counterintelligence (CI) Awareness, Briefing, and Reporting 
Programs," August 7, 2004 

(n) Fifth Amendment to the Constitution of the United States, December 15, 1791 

(0) Chapter 47 of title 10, United States Code 

(p DoD Instruction S-5240.17, *Counterintelligence Collection (U)," January 12, 2009 

(q) DoD Directive 2000.12, “DoD Antiterrorism (AT) Program," August 18, 2003 
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ENCLOSURE 2 


RESPONSIBILITIES 


1. UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE (USD(I)). The USD(I), in 


accordance with References (a) and (b), shall develop, coordinate, and oversee the 
implementation of DoD CI inquiry policy. 


2. DEPUTY UNDER SECRETARY OF DEFENSE FOR HUMAN INTELLIGENCE, 


COUNTERINTELLIGENCE, AND SECURITY (DUSD(HCI&S)). The DUSD(HCI&S), under 
the authority, direction, and control of the USD(D, shall: 


a. Develop and recommend CI inquiry policy. 


b. Serve as the OSD staff point of contact for CI inquiry-related issues. 


3. DIRECTOR, DEFENSE COUNTERINTELLIGENCE AND HUMAN INTELLIGENCE 
CENTER (DCHC). The Director, DCHC, under the authority, direction, and control of the 
Director, Defense Intelligence Agency, and in accordance with Deputy Secretary of Defense 
Directive-Type Memorandum 08-032 (Reference (j)) shall: 


a. Oversee the conduct of CI inquiries. 


b. Serve as the focal point to analyze information gleaned from CI inquiries to identify and 
report trends, anomalies, and other matters of CI interest. 


c. Provide the CCMDs and Defense Agencies with the guidelines and reporting process for 
CI inquiries. 


d. Facilitate CCMD and Defense Agency requests for review of CI inquiries referred for 
investigation when Military Department CI organizations or the Federal Bureau of Investigation 
(FBI) decline to investigate. 


e. Develop, conduct, and validate training for personnel conducting CI inquiries in 
accordance with DoDI 3305.11 (Reference (k)). 


4. CCMD COMMANDERS (CCDRs) AND HEADS OF THE DEFENSE AGENCIES WITH 
ORGANIC CI ASSETS. The CCDRs and the Heads of the Defense Agencies with organic CI 


assets shall: 


a. Conduct CI inquiries in accordance with Enclosure 3. 
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b. Notify the Director, DCHC, of CI inquiries in accordance with DCHC guidelines and 
reporting processes. 


c. Submit to DCHC requests for review of CI inquiries referred for investigation when 
Military Department CI organizations or the FBI decline to investigate. 


d. Require that all personnel assigned to conduct CI inquiries are appropriately trained to the 


standards established by the Director, DCHC, prior to participation in any CI inquiry. 


5. SECRETARIES OF THE MILITARY DEPARTMENTS. The Secretaries of the Military 
Departments shall: 


a. Evaluate CI inquiry referrals and initiate CI investigations in accordance with DoDI 
5240.04 (Reference (1)) when warranted. 


b. Consider using, as appropriate, the organic CI capabilities of the CCMDs and Defense 
Agencies to assist with the investigation of referred CI inquiries. 
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ENCLOSURE 3 


PROCEDURES 


1. INITIATING CI INQUIRIES 


a. The CCMDs and Defense Agencies with organic CI assets shall initiate a CI inquiry upon 
receipt of information that cannot be resolved through security procedures, such as: 


(1) The existence of a clandestine relationship between DoD personnel and agents of a 
foreign power, or of relationships between DoD personnel and individuals associated with 
international terrorist organizations. 


(2) Failure to report contact with a foreign intelligence service. 


(3) Other intelligence and/or international terrorist threats directed against U.S. 
Government or military facilities, property, information, operations, or personnel that appear to 
be at the behest of a foreign power or international terrorist organization. 


(4) Failure to comply with the reporting requirements of DoDI 5240.6 (Reference (m)). 


b. The goal of the CT inquiry is to establish or refute a reasonable belief that a particular 
person is acting for or on behalf of, or an event is related to, a foreign power engaged in spying 
or committing espionage, sabotage, treason, sedition, subversion, assassinations, or international 
terrorist activities. 


c. The CCMDs and Defense Agencies shall use DCHC guidelines and reporting processes to 
document CI inquiries. 


d. The CCMDs and Defense Agencies shall not delay the initiation of a CI inquiry for any 


improper purpose, to include attempts to delay the initiation of a CI inquiry to permit the use of 
otherwise prohibited techniques through security or other inquiry methods. 


2. CONDUCTING CI INQUIRIES 


a. CI inquiries shall be conducted in accordance with Reference (h). 


b. (FOUO) Within the Department of Defense, only Military Department CI organizations 
have CI investigative authority and are authorized to use the intrusive techniques identified in 
Reference (h). The CCMDs and Defense Agencies are not authorized to use procedures 5 
through 11 and procedure 13 of Reference (h). Additional prohibited techniques after the 
initiation of a CI inquiry are: 
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(1) (FOUO) Examining any information technology system or information within, 
except information that was gathered during the course of IA monitoring conducted before the CI 
inquiry began. 

(2) (FOUO) Conducting consensual physical searches. 

(3) (FOUO) Questioning the subject of a CI inquiry. 

(4) (FOUO) Administering oaths, advising of rights pursuant to the Fifth Amendment to 
the Constitution of the United States (Reference (n)), and taking sworn statements, excluding 
unsworn official statements, except when an inquiry officer who is subject to chapter 47 of title 
10, United States Code, (Reference (0)) is questioning another person who is also subject to 
Reference (0). In this case the inquiry officer must be familiar with the requirements of Article 


31(b) of Reference (o) and, if necessary, consult with the local servicing judge advocate. 


(5) (FOUO) Conducting liaison with Federal or military prosecutors unless 
accompanied by a representative of a CI investigative agency. 


(6) (FOUO) Conducting polygraph examinations of subjects of CI inquiries. 
(7) (FOUO) Requesting financial information from non-governmental institutions. 
(8) (FOUO) Formally recruiting and tasking human sources. 
c. CI inquiries need not be opened to: 
(1) Review agency files at the request of an intelligence community (IC) member. 
(2) Check agency and DoD databases to determine if an individual holds or held a DoD 
security clearance and has or had access to classified information or material, and provide the 


results to an IC member. 


(3) Report, through an Intelligence Information Report (IIR), information that does not 
meet the threshold for initiating a CI inquiry but is of intelligence value. 


(4) Report information that indicates a violation of Federal, State, or local laws. This 
information shall be disseminated to Federal, State, or local law enforcement agencies as 


appropriate and in accordance with Reference (h). 


(5) Resolve internal security matters. 


3. FOLLOW-UP ACTIVITIES 


a. During a CI inquiry, if information establishes a reasonable belief that a clandestine 
relationship exists between DoD personnel and agents of a foreign power; that DoD personnel 
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have unreported or unauthorized contact with a foreign intelligence service; or that DoD 
personnel have relationships with individuals associated with international terrorist 
organizations, this information shall be reported immediately to DCHC and to the appropriate 
Military Department CI organization or the FBI. 


b. If a CCMD or Defense Agency CI inquiry develops foreign intelligence information or 
indications of international terrorist threats, this information shall be reported through IIR or 
directly to the affected organization in accordance with DoDI S-5240.17 (Reference (p)) or 
DoDD 2000.12 (Reference (q)). 


c. Once a matter has been accepted for investigation by the investigative organization, the 
CCMD or Defense Agency shall terminate its CI inquiry activities, but may continue to 
document, through the CI inquiry, any assistance provided to the CI investigative organization. 

d. CCMD and Defense Agency CI personnel may participate in a CI investigation involving 


their organization, with the permission and under the direction of the lead investigating Service 
CI organization or the FBI. 
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EXC U.S. Department of Justice 
5 | Federal Bureau of Investigation 


FOREIGN GOVERNMENT Efforts 


i i Prose tee) ina 
to Influence Policy & the Public ) ne) dn 


gl iU niis! Sienoss iren 


Foreign governments routinely engage in efforts 
to influence our domestic and foreign policies, 
legislation, democratic processes, and public 
opinion. These governments sometimes exert this 
influence by employing lobbyists, public relations 
professionals, prominent businesspeople, or 
former U.S. government officials on their behalf. 
Such efforts are legal—if they are transparent. 


Originally enacted in 1938, the Foreign Agents 
Registration Act—known as FARA—helps the 


How FARA Works 


The Foreign Agents Registration Act (FARA) 
Unit, which is part of the U.S. Department of 
Justice's National Security Division, administers 
and enforces FARA. Agents who register must 
disclose their agreements with foreign principals, 
report the amounts and sources of funding they 
have received, and provide a log of all activities 
they have performed on behalf of foreign 
principals. Agents must also label informational 
materials they disseminate to disclose their 
agency relationship, and file copies of those 
materials with the Unit. 


FARA's definition of foreign principals includes 
foreign governments, political parties, corporations, 
individuals, and nongovernmental organizations. 
It defines agents as those who act at the request 
of or under the direction, control, or order of a 
foreign principal. 

FARA requires an agent of a foreign principal to 
register when engaging in political activities or 
those designed to influence the U.S. government or 


mm m "E + 


American people and their elected officials 
understand who is really behind such influence 
activity. The statute requires persons working on 
behalf of foreign governments or other foreign 
principals (including Americans) to disclose their 
relationships to foreign principals and information 
about their activities. 


Agents who fail to register are violating federal 
law, and they can be prosecuted if their failure 
is deliberate. 


public regarding domestic or foreign policy; taking 
part in perception management efforts or acting 
as a public relations counsel, publicity agent, 
or information service employee; performing 
fundraising or disbursement of funds; or lobbying 
Congress or the Executive Branch. 


FARA includes exemptions for certain agents 
who register with the Secretary of the Senate 
and the Clerk of the House of Representatives 
under the Lobbying Disclosure Act and are 
therefore permitted to lobby the Legislative or 
Executive Branches. However, this exemption is 
not available to agents of foreign governments 
or foreign political parties—or when a foreign 
government or foreign political party is the 
principal beneficiary of the lobbying activities. 
Covert foreign influence campaigns often run 
afoul of this provision. 


Read FARA at 22 U.S.C. 8 611 et seq., and learn 
more at www.fara.gov. 


FARA helps protect the 
integrity of American 
democracy by combating 
covert foreign government 
influence in our 

political process. 


—Assistant Attorney General 
John C. Demers 


Contact us: 
www.fbi.gov/contact-us 
fara.public(g)usdoj.gov 


FARA 


Foreign Agents Registration Act 


IDENTIFYING UNREGISTERED FOREIGN AGENTS 


How can you fell if someone might be acting as an agent of a foreign principal and might be required by FARA to register with the Department of Justice? 


A PROMINENT BUSINESSMAN schedules an 
appointment to discuss energy policy. While 
you expect the meeting to focus on how 
U.S. policy affects his company or industry, 
instead he discusses an unrelated topic: a 
foreign country's image in the United States. 
During the discussion, the businessman seems 
to repeat statements previously made by the 
foreign country's leaders or spokespeople. 


You could encounter a scenario like one of these: 


A FORMER CONGRESSMAN arranges a 
meeting to discuss tariffs on agricultural 
products, but the topic seems outside his 
scope or areas of interest, as he previously 
represented an urban district and was 
uninvolved in agricultural or trade policy. 
When you meet, the former Congressman 
does not discuss tariffs but instead focuses 
on a foreign country’s high-profile and 
longstanding request to release a prominent 
dissident, mirroring talking points used by the 
foreign country’s leaders or sookespeople. 


A LOBBYIST requests a meeting to discuss 
telecommunications infrastructure, but when 
she arrives, she is accompanied by members 
of a foreign government or political party. 
They do most of the talking, discussing only 
the significance of telecommunications 
infrastructure to the foreign country—not 
to any U.S. businesses or companies—and 
highlighting issues significant to their country's 
relationship with the United States. 


A LOBBYIST arranges a meeting with you, 
and you confirm he has registered under the 
Lobbying Disclosure Act. However, when you 
meet, the lobbyist discusses topics of interest 
to foreign entities that are not mentioned 
in his filings. 


Any of these scenarios could indicate you have come in contact with an unregistered agent of a foreign principal. 


If you suspect you've encountered an unregistered agent of a foreign government, contact your local FBI field office or the Department of Justice's FARA Unit. 
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(U) Chinese Talent Programs 


(U) INTRODUCTION 


(U) Chinese Talent Programs are a vital part of Chinese industry. Talent programs recruit 
experts to fill technical jobs that drive innovation and growth in China’s economy. Na- 
tional, provincial, and municipal talent recruitment programs provide opportunities for 
experts to work in industry and academic organizations supporting key areas deemed criti- 
cal to China’s development. The talent programs recruit experts globally from businesses, 
industry, and universities with multiple incentives to work in China. Associating with these 
talent programs is legal and breaks no laws; however, individuals who agree to the Chi- 
nese terms must understand what is and is not legal under US law when sharing informa- 
tion. A simple download of intellectual property (IP) or proprietary information has the po- 
tential to become criminal activity. 


(U//FOUO) The large number of foreign students, researchers, scientists, and professionals in the United States, combined 
with current technological capabilities, allows foreign governments to contact and recruit individuals with the hopes to acquire 
advanced technology without research costs. While the majority of the population are law abiding individuals, anyone has the 
capability to acquire information. The theft of information can come from current or former employees, business partners, 
consultants, contractors, temporary hires, foreign agents, suppliers, or even vendors who have access to proprietary informa- 
tion. 


(U) Recruiting these individuals allows China to: 


° (U//FOUO) Gain access to research and expertise for cutting edge technology 

e. (U//FOUO) Benefit from years of scientific research conducted in the United States supported by US Govern- 
ment grants and private funding 

° (U//FOUO) Severely impact the US economy. 


(U) The goal of this SPIN is to provide an overview of the potential threats posed by the Chinese Talent Programs. 


(U) CHINA'S TWELFTH FIVE-YEAR PLAN 


(U//FOUO) China’s National People’s Congress approved a new national development program that will last for the next five 
years. These Five-Year Plans emphasize higher quality growth by determining themes and targets to ensure long-term pros- 
perity. China is currently on its Twelfth “Five-Year Plan” covering 2011 to 2015, which focuses on the following: 


New Energy: Nuclear, wind, and solar power 

Energy Conservation and environmental protection: Energy reduction targets 

Biotechnology: Drugs and medical devices 

New Materials: Rare earths and high-end semiconductors 

New Information Technology: Broadband networks, Internet security infrastructure, and network convergence 
High-end equipment manufacturing: Aerospace and telecom equipment 

Clean energy vehicles 


(U) Among the plan’s goals is the transformation of China from a manufacturing hub to a world leader in innovation, which will 
be partly met by an increase in highly skilled workers from 114 million to 180 million by 2020. Additionally, the Chinese Gov- 

ernment spending on talent development is expected to increase from 10.75 percent of the country’s gross domestic product 
(GDP) to 15 percent by 2020, which is approximately $1.3 trillion based on the 2014 China GDP. China’s talent development 
program acts as a vehicle to achieve the Five Year Plan’s goals. 
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(U) THOUSAND TALENTS PROGRAM 


(U//FOUO) China's most prominent national talent recruitment program is the 
"Recruitment Program of Global Experts," which is commonly known as the Thousand 
Talents Program. It focuses on identifying key national-level organizations and associ- 
ated personnel involved in implementation and management. 


(U) Its goal is to recruit ethnic Chinese experts from Western universities, research cen- | 
ters, and private companies to boost China’s national capabilities in the science and | 
technology (S&T) fields and to move China forward as an innovative nation. The pro- 
gram also implemented sub-programs for both young and foreign (non-ethnic Chinese) 
experts. 


(U//FOUO) Originally, this program had a five-to-ten year goal of recruiting 2,000 profes- | 
sionals worldwide who could lead innovation and pioneering work in key technologies, | 
and promote the development of emerging industries. However, this program expanded | 
its scope - recruiting far more than the initial goal of 2,000 individuals -- and extended | 
its life through at least 2020. 


(U) In order to be eligible as a candidate for the Thousand Talents Program, an individual must be in a field of study the Chi- 
nese Academy of Science (CAS) deems critical or meet the following criteria: 


-(U) Expert or scholar with full professorship in a prestigious foreign university or research and development (R&D) insti- 
tute 


-(U) Technical managerial professional in a senior position at an internationally known company or financial institution 


-(U) Entrepreneur holding IP rights or key technologies and possesses overseas experience 


(U) HUNDRED TALENTS PROGRAM 


(U//FOUO) The Hundred Talents Program was launched in 1994 and was China's first overseas- 
oriented program to recruit high-level talent. The program is exclusively designed for cultivating scien- 
tific research personnel at CAS and focuses on attracting a younger talent pool. 


(U//FOUO) The primary goal of the program is to cultivate a group of leaders in their areas of spe- 

cialty to work at various CAS organizations. Although focused on recruiting overseas Chinese, the 

Hundred Talents Program will accept applicants who are currently in China. These domestic-based 

applicants must demonstrate internationally-recognized expertise. Most of the Hundred Talents se- 

lectees have become "chief scientists" of various 973 Program (National Basic Research Program) 

projects; "responsible persons" on 863 Program (National High Technology R&D Program) projects; associated with Project 
111, which recruits the world's top researchers and scholars regardless of nationality or ethnic origin to work with Chinese 
universities; directors of state key laboratories or CAS key laboratories; or have taken high-level leadership positions within 
CAS institutes or offices. Selectees of this program are given 600,000 RMB (about $99,000) for resettlement costs and two 
million RMB (about $330,000) in startup funding for research. 


(U) OTHER TALENTS PROGRAMS 


(U//FOUO) The Innovative Talent Promotion Program is another Chinese Government-sponsored program. This program's 
ultimate goal is to create a cadre of world-class scientists and entrepreneurs who will lead technological innovation and allow 
China to compete internationally in S&T and strategic emerging industries. 


(U//FOUO) The Thousand Youth Talents Program for Distinguished Young Scholars is a development program for young tal- 
ent. Top candidates are sent to first-class universities overseas to study. These individuals are groomed into business profes- 
sionals needed for the future development of China. 


(U//FOUO) Lastly, there are programs that seek to develop entrepreneurial talent by focusing on building an internationally 
competitive corporate management cadre. The program plans to cultivate entrepreneurs with "world foresight, strategic think- 
ing, pioneering spirit, and operating capability," and it sets a goal of having 10,000 talented personnel in management who 
have expertise in strategic planning, capital management, human resources management, finance and accounting, law, etc. 
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(U) THREAT TO US BUSINESS AND UNIVERSITIES 


(U//FOUO) Chinese Talent Programs pose a serious threat to US businesses and universities 
through economic espionage and theft of IP. The different programs focus on specific fields 
deemed critical to China, to boost China's national capability in S&T fields. These subject mat- 
ter experts often are not required to sign non-disclosure agreements with US entities, which 
could result in lost of unprotected information that jeopardizes contracts or research funding. 
One of the greatest threats toward these experts is transferring or transporting proprietary, 
classified, or export-controlled information, or IP, which can lead to criminal charges. 


(U//FOUO) The threat not only targets businesses or universities but potentially targets the 

researchers or scientists themselves. The technology researched or developed not only costs 

millions of dollars but costs years, if not decades to develop. Additionally, the theft of informa- 

tion or IP creates a risk that someone else could take credit for the researcher's efforts. The 

information stolen can be recreated, resold or claimed by others, which in turn will cost the (gy & Environment 


originator creditability and potential funding for future endeavors. c Sciences 


(U) Theft of intellectual property is an increasing threat to organizations and can go unnoticed 
for months or even years. In today's society, technology affords easier access to every aspect 
of academia and business. Some of these tools have become effective for recruiting, such as 
social media. Social media websites often display large amounts of personal data, such as 
who an individual works for, phone numbers, known associates, previous jobs, and locations. 
Additionally, websites like LinkedIn have full resumes, detailing the history of an individual's 
achievements and accomplishments. 

(U) The FBI assesses each year the United States loses billions of dollars due to technology 
transfer. While it is important to conduct collaborative research, it is vital for the survival of US 
businesses and universities that they protect their information and mitigate lost or stolen in- 
formation. 


(U) MEDICAL CENTER OF WISCONSIN 
ES Fie (U) Zhao, J. Hua — (DPOB: 1971, China) In February 2013, Zhao, a research assistant at Medical 
College of Wisconsin (MCOW) under Professor Marshall Anderson, stole three vials of C-25, a com- 
pound patented by Anderson and used in his cancer research. Security footage examined during an 
internal investigation revealed Zhao entering Anderson’s office and leaving shortly after. 


(U) Zhao was reprimanded previously for placing laboratory data on his personal computer. The in- 
ternal investigation found research data on C-25. Zhao claimed the data would be used to conduct 


| further studies at Zhejiang University. 


He was ordered to remove the data from his computer and place it on an MCOW computer. Addi- 
tionally, MCOW discovered a posting by Zhao on an Internet site called Researchgate indicating he 
discovered a cancer fighting compound he wanted to bring back to China. 


(U) In March 2013, Zhao was arrested. In addition to the 384 files found on Zhao's personal com- 
puter relating to Anderson's research was an application to the National Natural Science Foundation of China that provides 
funding for many talent programs and to a Chinese foundation claiming he invented C-25 and requesting funding for addi- 
tional research. This application was an exact translation of the grant application written by Professor Anderson several years 
earlier. It was also determined that Zhao accessed his MCOW computer remotely on the day he was suspended and at- 
tempted to delete the files he stole relating to C-25. Zhao was convicted to time served in August 2013. 


(U//FOUO) Zhao had a previous history of disregarding the appropriate handling of university property and had full access to 
Professor Anderson's lab. His access allowed him the ability to walk in and out of the lab at his own discretion to steal the 
vials of C-25 and laboratory data. Had C-25 not been patented by Anderson, Zhao could have claimed and patented the can- 
cer-fighting compound for himself. Additionally, Zhao's Linkedln profile indicated he held a position at Zhejiang University, 
which has ties to the Thousand Talent Program. 
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(U) DUKE UNIVERSITY 


(U) Liu, Ruopeng - (DPOB: 1983, China) In 2006, Liu, a graduate student at Duke University, worked 
in the laboratory a US researcher studying metamaterials. Liu had full access to the researcher's lab, 
which conducted basic and fundamental research. While working for this researcher, Liu arranged 
meetings between the researcher's lab and Cui Tie Jun, a Chinese program manager associated with 
Project 111 (focused on basic science and advanced technology by recruiting the best international 
experts to China to study from). The idea behind this connection was to share ideas, however, the US 
researcher eventually realized most of the ideas were coming from his lab. 


(U) Over the next few years, he discovered pictures and information related to his research used to 

market a business started by the Liu. The business originally seemed plausible to him, because he 

knew Liu was applying for positions with Massachusetts Institute of Technology, which tends to favor 
faculty members who also have an entrepreneurial bent. The information marketed by Liu attracted a Chinese technology 
company. Additionally, Liu invited two Chinese visitors associated with CUI's lab from Southeast University to visit the lab. The 
visitors took photographs of all the equipment in the lab, including the make and model, which in turn were used to reproduce 
the lab in China. 


(U) In 2008, the US researcher received a book entitled Metamaterials: Theory, Design, and Applications by Cui, Liu, and the 
researcher that was published in the United States. Unknowingly, the researcher had in fact signed off on some forms and 
received multiple e-mails regarding the book by relying on Liu's interpretation. At the same time, Liu, Cui, and another Chi- 
nese individual collaborated on a research idea based on a paper regarding carpet-cloak theory later published in 2009 in an 
issue of Science. Located in the article is a footnote acknowledging the support from Innovation Technology, National Science 
Foundation, National Basic Research Program (973) of China, Natural Science Foundation of Jiangsu Province, and Project 
111. 


(U) While the researcher's lab does not conduct restricted research, it receives funding from the US Department of Defense 
and US Intelligence Community. Since the research was not restricted, there were no rules against or restrictions on the lab's 
collaborative research efforts. Liu did not have to sign a non-disclosure agreement. Liu moved back to China after the re- 
searcher retracted his recommendation for Liu's employment at Princeton with Dr. Stephen Chou, the head of the nanotech- 
nology laboratory. Liu has reportedly established a research institution in Shenzhen. 


(U//FOUO) By convincing the US researcher to collaborate with Cui, Liu was able to freely share information and invite visitors 
to the lab. Although this was not restricted research, the metamaterials research could have both military and civilian applica- 
tions. The US researcher risked his research by allowing visitors to come into his lab without personally looking at their back- 
ground and being too trusting of his scientific relationship with Liu. 


(U) HOW TO PROTECT YOUR ORGANIZATION 
(U) The first step to protecting your business or university is to identify the threat. Patent 


Who would benefit from your information, processes, or strategies? Trademark 


itors? 
Who are your competitors? m— 


Have individuals been unusually interested in what you do? ecret 
(U) The next step is to identify proprietary or trade secrets or IP. This includes, but is not lim- 
ited to the manufacturing process, financial information, list of suppliers and customers, chemi- 


cal formulas, marketing strategies, and R&D data. By understanding the threat and your busi- 
: NN: DP : : : f Intellectual 
ness or university’s critical technologies, it can help you identify methods in which they can be roperty 


easily stolen. Theft, bribery, espionage, blackmail, hacking, and electronic intercepts are just 
some of the different methods individuals may use to steal trade secrets. 


) Have professors, students, and employees sign non-disclosure agreements. 

) Identify foreign personnel who are sponsored by professors/employees. 

) Understand agreements between international organizations and US businesses and universities. 
) 

) 


( 
( 
( 
( 


Identify and label or mark IP or sensitive data that is most important to US businesses and universities. 

(U) Identify methods in which professors and employees are contacted (for example, e-mail, social media, conferences) 
and educate them on what solicitation looks like. 

(U) Report any incidents or concerns to your security office and local FBI field office. 
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(U) If you wonder about the safety of your research or intellectual property, or the legality of your interactions with China, ask 
yourself the following questions. If any of the answers concern you, or you would like additional information, please contact 
your local FBI Strategic Partnership Coordinator or FBI field office. 


(U) Do you collaborate with anyone who is currently in China? 

(U) Do you have any publications? If so, in which journals and with whom? Which institutions are they associated with? 
(U) What type of funding do you have to conduct your research? Where do you obtain your funding? 

(U) Do you belong to any professional societies? If so, which ones and where are the based? 


(U) Do you travel regularly to China? Is it for business or pleasure or both? How long do you stay in China during these 
trips? Are you working with anyone in China on your research during this time ? 


(U) How do you maintain contact with your laboratory in the United States while in China? Do you contact it via computer 
(login to laboratory site)? 


(U) Do you plan to return to China permanently? What will you do for employment? 
(U) Where did you attend school? What type of degrees did you earn? How did you apply for a fellowship, post-doctoral 
position, guest researcher or other employment with your current employer? Did someone you know refer you to this lab, 


university, or principal investigator? 


(U) What type of research do you conduct? What are the applications of this research? Do you expect to get a patent 
from this research? 


(U) With whom are you working at your laboratory? Do you collaborate with individuals from other research institutions in 
the United States or abroad? 


Sources 


(U) KPMG; China's 12th Five-Year Plan: Overview; 2011; http://www.kpmg.com/CN/en/IssuesAndInsights/ 
ArticlesPublications/Documents/China-12th-Five-Year-Plan-Overview-201 104.pdf; accessed 04 March 2015. 


(U) Online Article; Chinese Academy of Science: Thousand Talents Program; 2012; http://english.ucas.ac.cn/JoinUs/Pages/ 
default.aspx; accessed 04 September 2014. 


(U) OSC Analysis 14-024; accessed 06 March 2015. 


(U) Wang, Huiyao; China's National Talent Plan: Key Measures and Objectives; 2010; http://www. brookings.edu/research/ 
papers/2010/11/23-china-talent-wang; accessed 06 March 2015. 


(U) Robertson, John; Investigating Intellectual Property Crime; 2010; https://intranet.fbinet.fbi/ccrsb/CyD-old/CCS/CCU-3/ 
CCTF Document Library/2010%20CCTF%20Conference%20Presentation%20Materials/IPR%20Presentation.ppt; accessed 
09 March 2015. 
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FEDERAL BUREAU OF INVESTIGATION, CYBER DIVISION 


13 June 2018 The following information is being provided by the FBI, with no 
guarantees or warranties, for potential use at the sole discretion 
PIN Number of recipients to protect against cyber threats. This data is 
20180613-001 provided to help cyber security professionals and system 


administrators guard against the persistent malicious actions of 


, cyber criminals. 
Please contact the FBI with 


any questions related to this 


Private Industry Notification This PIN has been released TLP: GREENE The information in this 
at either your local Cyber product is useful for the awareness of all participating 

Task Force or FBI CyWatch. organizations within their sector or community, but should not 
Local Field Offices: be shared via publicly accessible channels. 


www.fbi.gov/contact-us/field 


APT Actors Likely to Target US Cleared 


E-mail: 


cywatch@fbi.gov Defense Contractors 
Phone: Summary 


1853-292-3997 APT actors in the near future likely intend to target US Cleared Defense 


Contractors (CDC) via spear phishing campaigns or network infrastructure 
compromises, according to recent intelligence. Common spear phish targets 
may include individuals featured on internet-facing CDC Web sites and high- 
ranking CDC executives. 


FBI has observed APT actors over the past two years precede spear phishing 
campaigns with open source research of targeted US company websites, 
particularly sections containing contact information for company officials 
which include names, titles, telephone numbers, and email addresses. In one 
case, an APT actor sent spear phishing emails within one-to-two weeks after 
researching the targeted US company. 


Historically, APT actors have a strong desire to collect US defense and 
scientific intelligence to further their interests and advance strategic goals. 
As a result, US CDCs and research facilities may likely be targets for cyber 
adversaries due to their involvement in national security and their close 
relationship with the US Government. 
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Most companies publicly share their contact information and high-level 
management names on their corporate Web pages. Some corporate 
employees share other forms of personally identifiable information on 
various social media platforms. Adversaries may use this publicly-posted 
information to target individuals with the end goal of infecting a corporate 
network for intelligence collection. 


Common techniques used by APT actors include sending well-crafted spear 
phishing messages tailored to the professional interests of the target, the 
use of watering holes to redirect visitors to malicious Web sites, and the use 
of stolen or weak user credentials to exploit a network vulnerability. After a 
successful compromise, APT actors attempt to expand their access in the 
network to multiple systems to facilitate information theft. 


APT actors have increased their activity over the last several years. Cyber 
attacks such as WannaCry and NotPetya in the spring and summer of 2017 
are examples of increasing APT activity. While WannaCry and NotPetya were 
not directed at the United States, both had inadvertent negative effects on 
US systems. The FBI advises companies to be mindful that similar attacks 
may likely occur in the near future. Previous attacks have coincided with 
national holidays of cyber targets, such as Constitution Day in Ukraine on 28 
June. 


For recent guidance on mitigation strategies against spear phishing and 
network infrastructure targeting, please refer to the following joint technical 
alerts: 


https://www.us-cert.gov/ncas/alerts/TA18-074A 
https://www.us-cert.gov/ncas/alerts/TA18-106A 
Recommendations: 


The FBI recommends providers implement the preventative measures listed 
below to help secure their systems from attacks: 


e )Ensure anti-virus software and firmware is up-to-date 
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e Monitor employee logins outside normal business hours and 
other anomalous activity 

e Close unused ports 

e Monitor employee logins outside normal business hours and other 
anomalous activity 

e Provide regular training to employees regarding current social 
engineering threats, scrutinizing e-mail links and attachments, and 
pop-ups from attachments requesting enabling certain functions 
(i.e., macros) 

e Brief executives at your company to be extra vigilant and report any 
suspicious email messages 

e Apply extra scrutiny to e-mail messages with links or attachments 
directed toward executives 


This product is marked TLP:GREENÍ Recipients may share 
US information with peers and partner organizations 
within their sector or community, but not via publicly accessible 
channels. Information in this category can be circulated widely 
within a particular community. UEM formation may not 
be released outside of the community. 


For comments or questions related to the content or 
dissemination of this product, contact CyWatch. 
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Your Feedback Regarding this Product is Critical 


Please take a few minutes to send us your feedback. Your feedback 
submission may be anonymous. We read each submission carefully, and your 
feedback will be extremely valuable to the FBI. Feedback should be specific to 

your experience with our written products to enable the FBI to make quick 
and continuous improvements to these products. Feedback may be 


submitted online here: https://www.ic3.gov/PlFSurvey 
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ABSTRACT 


This thesis seeks to evaluate the effectiveness of the Russian disinformation 
campaigns targeting the 2020 U.S. elections and the efforts taken by the U.S. government 
and social media companies to thwart them. To develop countermeasures for Russian 
interference activities targeting future American elections, this thesis asks the question: 
What impact did the countermeasures taken by the American social media companies and 
the U.S. government have on Russian social media influence campaigns targeting the 


2020 U.S. elections? 


This thesis uses a framework developed by Thomas Wilhelm, a U.S. Army 
researcher, to evaluate Russian hybrid warfare, based on the principles of Andrei 
Kartapolov, a prominent Russian general. Accordingly, it is used to measure the 
qualitative impact of the Russian measures and American countermeasures during the 


2020 U.S. elections. 


This thesis finds that the Russians shifted their tactics from 2016 to 2020. Still, 
the U.S. government and social media companies effectively impeded their influence 
campaigns primarily through information sharing and account takedowns, respectively. 
Because the Russians will continue their influence campaigns to undermine the United 
States, this thesis provides recommendations to include standardized information sharing 


and the establishment of a national coordination center. 


Page BI of 3957 


Page 1320 of 3957 


THIS PAGE INTENTIONALLY LEFT BLANK 


vi 


Page 1320 of 3957 


Page B21of 3957 


TABLE OF CONTENTS 
I. RUSSIA RISES FROM THE ASHES OF THE COLD WAR ..................e eee 1 
A. PROBLEM STATEMENT G5 osuiodesda ii fidicd nad MO p RI RR 2 
B. RESEARCH QUESTIGQN... iiie cetecsskict essc ient ts co or eor reor Ee baie eee Re pn isa xs 3 
C. LITERATURE REVIEW c 4 
1. Russian Online Influence Activities from 2014 to 2020.............. 5 
2. Countermeasures by the Private Sector and the U.S. 
Government T ———————— MÀS 10 
3. Framework for Understanding Russian Hybrid Warfare....... 12 
4. Recommendations for Countering Russian Influence 
CaM Pals M ————— —À 15 
S. Conclusions from Literature Review ....................... eere 18 
D. RESEARCH DESI. iiti prota Ernesto idee ru Deer phun FE InS Ce Eona eu Fast eroe eu 19 
II. OPENING MOVES — SCOPE AND BACKGROUND .................. erret 23 
A. SCOPE OF THESIS e cenectedicased 24 
1. Relevant Time Periods.........seeseessescossoesoesooesoesoesooesoesoeseossosssessossoe 24 
2. Types Of Russian Influence Operations ............................... 25 
3. Targeted Social Media Platforms ............................ eee 26 
B. RECENT HISTORY - THE CAMPAIGNS FROM 2016 TO 
DUB ——————————————————————Í 27 
1. What Happened During the 2016 U.S. Elections? .................... 29 
2. What Happened During the 2018 U.S. Midterm 
[ruso pc —Á————————" 43 
C. CONCLUSIONS FROM THE 2016 AND 2018 ELECTIONS ........... 55 


HI. THE 2020 ELECTIONS — RUSSIAN GAMBIT AND AMERICAN 


COUNTERPLAY c ——————— ——À 57 
A. THE IRA AND OTHER PROXIES’ SOCIAL MEDIA 
ACTIVITIES a — —————— 59 
B. PRIVATE SECTOR COUNTERMEASURES,.................. eere 68 
C. U.S. GOVERNMENT COUNTERMEASURES.................... eren 75 
D. USING THE KARTAPOLOV FRAMEWORK TO EVALUATE 
RUSSIAN AND AMERICAN MEASURES IN 2020 ........................... 80 
1. The IRA and Other Proxies — Impact and Evolution ............... 80 
2. The Private Sector Companies’ Impact and Adaptations........ 83 
3. The U.S. Government's Impact — Transparency and 
Private Sector Partnerships sscssscssccsesssscnesscsendscccassceoncacenensceencaces 85 
vii 


Page 1321of 3957 


Page 1322 of 3957 


E. VOTER TURNOUT IN THE 2020 ELECTIONS ....................... e 88 
F. CONCLUSIONS FROM THE 2020 U.S. ELECTIONS ...................... 89 


IV. CONCLUSIONS AND RECOMMENDATIONS TO COUNTER 


RUSSIA IN THE BUTURE.5 iiber irr pH EE EXE RE EYE LS PUTA RUE PFER EXHI pPEYEIS 91 
A. CONCLUSIONS - THERE IS NO END GAME ................. eere enne 91 
B. RECOMMENDATIONS FOR PROTECTING FUTURE 
ELECTIONS FROM RUSSIAN INTERFERENCE.................... e 94 
1. Security Measures R— —— 95 
2. Transparency Measures e 99 
3: Resiliency Measures c — 103 
LIST OF REFERENCES .......essesesssssssssssesossessesssosssssssssesessosossosossososossssessssossesssessessssesse 107 
INITIAL DISTRIBUTION LIST ....eseesoesesesssesoseossesossossesossossesceosoesossossesossossesossossossossse 125 
viii 


Page 1322 of 3957 


Page 1323 of 3957 


LIST OF FIGURES 
Figure 1. Kartapolov's Components for Conducting Hybrid Warfare. ..................... 15 
Figure 2. Facebook Political Advertisement Targeting Hillary Clinton. .................. 29 
Figure 3. Facebook Political Ads Targeting Black voters...........................essssss 32 
Figure 4. Facebook Political Ads Targeting Right-Wing Voters. ............................ 32 
Figure 5. Highlights of Russian and American Actions from 2018 to 2020............. 58 
Figure 6. An Image from a Facebook Account Controlled by EBLA. ..................... 60 
Figure 7. Postings from the Peace Data Site. asap catetenco Prid eni EORUM AA I RUHK 62 
Figure 8. Photos of PeaceData Staff Created by Artificial Intelligence.................... 62 
Figure 9. Posting from the NAEBC Site. usa cicisxiittenspuudic i rrer re recto etate prex nd tatesentines 64 
Figure 10. NAEBC Cross-platform Posting on Parler. ..................... eee 64 
Figure 11. GANS-generated Profile Photos for NAEBC Staff... 65 
Figure 12. Breakdown of Secondary Infektion Articles by Topic. ............................. 66 
Figure 13. Secondary Infektion-made Forged Posting from Marco Rubio................. 67 
Figure 14. Secondary Infektion-made Forged Letter to John Kerry. .......................... 67 
Figure 15. Breakdown of Twitter Tweets by Topic for 2019. ...............ssssssssss 71 
ix 


Page 1323 of 3957 


Page 1324 of 3957 


THIS PAGE INTENTIONALLY LEFT BLANK 


Page 1324 of 3957 


Page 1325 of 3957 


LIST OF TABLES 
Table 1. Reach of IRA-controlled Social Media Accounts ..................... sess 35 
Table 2. Comparison of Black Voter Turnout for Presidential Elections. ............... 40 
Table 3. IRA Spending Plan for 2017 and 2018. .......................... sese 44 
Table 4. Voter Turnout by Demographic in Midterm Elections.............................. 53 
Table 5. Summary of Facebook Takedowns for 2020. ..................ssssssssssss 70 
Table 6. Summary of Twitter Takedowns for 2020. ................. sse 73 
Table 7. Summary of Google Takedowns for 2020. ................... sss 74 
Table 8. Social Media Account Takedowns between 2016 and 2020. .................... 83 
Table 9. Comparison of Overall Voter Turnout for Presidential Elections. ............ 89 
Table 10. Security Measures for Countering Russian Information Operations. ........ 96 
Table 11. Transparency Measures for Countering Malign Russian Influence. ....... 100 
xi 


Page 1325 of 3957 


Page 1326 of 3957 


THIS PAGE INTENTIONALLY LEFT BLANK 


Page 1326 of 3957 


Page 1327 of 3957 


LIST OF ACRONYMS AND ABBREVIATIONS 


CISA Cybersecurity and Infrastructure Security Agency 
DHS Department of Homeland Security 

DNC Democratic National Committee 

EBLA Eliminating Barriers for the Liberation of Africa 


FARA Foreign Agent Registration Act 
FSB Federal Security Service 


FS-ISAC Financial Sector ISAC 


GANS generative adversarial networks 

GEC Global Engagement Center 

GRU Main Directorate of the General Staff of the Russian Armed Forces 
HPSCI U.S. House Permanent Select Committee on Intelligence 

ICA Intelligence Community Assessment 

IRA Internet Research Agency 

ISAC Information Sharing and Analysis 

JAR joint analysis report 


NAEBC Newsroom for American and European Based Citizens 
NCSC National Counterintelligence and Security Center 
NDAA National Defense Authorization Act 

ODNI Office of the Director of National Intelligence 


SSCI U.S. Senate Select Committee on Intelligence 


xiii 


Page 1327 of 3957 


Page 1328 of 3957 


THIS PAGE INTENTIONALLY LEFT BLANK 


Page 1328 of 3957 


Page 1329 of 3957 


EXECUTIVE SUMMARY 


This thesis uses a systematic framework to evaluate the qualitative effectiveness of 
the Russian disinformation campaigns and the countermeasures taken by the U.S. 
government and social media companies to combat the aforementioned campaigns 
targeting the 2020 U.S. elections. To develop effective countermeasures for Russian 
interference activities targeting future American elections, this thesis seeks to answer the 
following question: What impact did the measures taken by the American social media 
companies and the U.S. government have on Russian social media influence campaigns 


targeting the 2020 U.S. elections? 


Russian operatives working under the auspices of a St. Petersburg-based 
organization, known as the Internet Research Agency (IRA), created a significant degree 
of the toxicity on social media during the 2016 U.S. elections.! The online social media 
influence campaign perpetrated by the Internet Research Agency aimed to fan the flames 
of existing divisive rhetoric, drive a wedge between the many demographic groups in 
America, and erode confidence in democracy. Russia remains a committed adversary 
with influence operations continuing to this very day, posing an active threat to American 


democracy.? 


Since the end of 2016, federal agencies and private sector organizations, 
specifically the major American social media companies, have been actively helping to 
safeguard political campaigns and election infrastructure from computer intrusions through 
increased cybersecurity and other security measures. To date, most research has focused 
on quantitative and qualitative analyses of the IRA's influence campaigns. However, this 


research has not analyzed how the Russian government perceived the effectiveness of its 


1 Robert Mueller, Report on the Investigation into Russian Interference in the 2016 Presidential 
Election (Washington, DC: Department of Justice, 2019), 4, https://www.hsdl.org/?view&did=824221. 


2 Renee DiResta et al., The Tactics & T) ropes of the Internet Research Agency (New York: New 
Knowledge, 2018), 4. 


? Miles Parks and Philip Ewing, “Foreign Interference Persists And Techniques Are Evolving, Big 
Tech Tells Hill,” National Public Radio, June 18, 2020, https://www.npr.org/2020/06/18/880349422/ 
foreign-interference-persists-and-techniques-are-evolving-big-tech-tells-hill. 
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campaigns. Furthermore, the efficacy of the U.S governmental and private sector actions 


to defend against the IRA’s influence campaigns has not been systematically analyzed. 


The objectives of this thesis are three-fold: (1) examining the Internet Research 
Agency and other Russian social media campaigns ahead of the 2020 U.S. elections to 
determine whether its tactics have shifted since 2016; (2) critically analyzing the private 
sector and U.S. government's actions to counter the Russian influence activities; and (3) 
proposing recommendations to safeguard future U.S. elections. The first two objectives are 
assessed using an analytical framework proposed by Thomas Wilhelm, Director of the U.S. 
Army's Foreign Military Studies Office. The results of the first two objectives, inform the 
last objective as well as a review of current literature by scholars and subject matter experts 


in different fields. 


To design a helpful framework for analyzing Russian influence operations, Thomas 
Wilhelm surveyed the published works and speeches of General Lieutenant Andrei V. 
Kartapolov. Wilhelm surmised Kartapolov was one of the key architects of current Russian 
military science and doctrine.^ Wilhelm believed the framework provided a well-rounded 
understanding of Russian martial intent and objectives about hybrid warfare from a Russian 
perspective. Specifically, Kartapolov advocates using asymmetric, non-violent methods 


to undermine the strengths of Russia's opponents to achieve their strategic goals.Ó 


The relevant components of the Kartapolov Framework for analyzing Russian 
social media-based influence operations against the United States are: (1) spreading 
discontent in the population; (2) exerting political pressure; and (3) confusing the political 
leadership.’ This thesis uses the Kartapolov framework to conduct a qualitative evaluation 
of the Internet Research Agency's impact and the effectiveness of social media companies 


and the U.S. government's countermeasures. Specifically, it analyzes American actions to 


4 Tom Wilhelm, “A Russian Military Framework for Understanding Influence in the Competition 
Period,” Military Review (2020): 35. 


5 Wilhelm, 38. 


6 Rod Thornton, “The Russian Military’s New ‘Main Emphasis,’” RUSI Journal 162, no. 4 (2017): 
18—28, https://doi.org/10.1080/03071847.2017.1381401. 


7 A, V. Kartapolov, “Lessons of Military Conflict, Perspectives on the Development of the Related 
Forms and Methods," Journal of the Academy of Military Science 51, no. 2 (2015): 36. 
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determine their effectiveness for countering the three influence-related components of the 


Kartapolov Framework. 


Three main themes emerged from the 2020 U.S elections. First, the Russians 
continued their efforts to target the U.S. elections but shifted tactics to avoid detection. 
Second, the social media companies, along with news media and research organizations, 
successfully identified and disrupted the evolving Russian disinformation campaigns. 
Third, the U.S. government acted more forcefully in securing the elections, primarily 
through its information sharing with the social media companies, political organizations, 


and the American public. 


Despite the best efforts of the Russians, social media companies, news media, and 
research organizations detected, exposed, and disrupted the activities of the Internet 
Research Agency and other Russian-affiliated online groups. Although America's private 
sector may have been caught unaware during the 2016 elections, it was on heightened alert 
ahead of 2020, with the noteworthy efforts of American news outlets and non- 
governmental organizations exposing Russian disinformation activities and paving the way 


for the social media companies to shut down their social media accounts. 


The U.S. government's response to the Russian influence campaign appeared more 
robust before the 2020 elections than in the 2016 or 2018 elections. The most important 
actions taken by the U.S. government may have been the information sharing with the 
social media companies to expose Russia's different operations and shut down its accounts. 
In addition, the U.S. government's information-sharing may have helped the social media 
companies secure their platforms by identifying malign Russian influence activities. The 
U.S. government's other responses, such as economic sanctions and indictments, provided 
the American public with factual narratives of the crimes perpetrated by the Russian 


Federation. 


It took the collaborative efforts of the private sector, in the form of social media 
companies, researcher organizations, and news media, and the public sector, in the form of 


the executive and legislative branches of the U.S. government, to turn back the Putin- 
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sanctioned disinformation operations which were targeting the 2020 U.S. elections.? 
Ultimately, the American actions appeared effective in mitigating the Russian online 


tactics because voters were undeterred and turned out in record numbers for the election. 


The 2021 Intelligence Community's annual threat assessment named Russia as one 
of “the most serious intelligence threats to the United States" and warned that the Russian 
government would continue its efforts to propagate dissension in the American populace.? 
Based on the evaluation of the Russian actions and the effectiveness of the American 
responses in the 2020 U.S. elections, this thesis makes recommendations for protecting 
future elections that have been drawn from experts in the U.S. government, non- 
governmental organizations, and academic institutions. The three types of possible actions 
are broadly categorized as security, transparency, and resiliency measures. 10 The proposed 
security measures include enhanced cybersecurity, enhanced disinformation detection, 
economic sanctions, information sharing, and the establishment of a fusion center. The 
transparency measures proposed include a public communications strategy, content 
labeling standards, updated political advertising and campaign finance laws, and 


transparent reporting. The resiliency measures suggested include improved media literacy 


8 Office of the Director of National Intelligence, Assessing Russian Activities and Intentions in Recent 
U.S. Elections: The Analytic Process and Cyber Incident Attribution (Washington, DC: Office of the 
Director of National Intelligence, 2017), 7, https://www.dni.gov/files/documents/ICA 2017 01.pdf. 


? Office of the Director of National Intelligence, 2021 Annual Threat Assessment of the U.S. 
Intelligence Community (Washington, DC: Office of the Director of National Intelligence, 2021), 11, 
https://www.dni.gov/index.php/newsroom/reports-publications/reports-publications-202 1/1tem/2204-2021 - 
annual-threat-assessment-of-the-u-s-intelligence-community. 


10 Gabriel Cederberg et al., National Counter-Information Operations Strategy (Cambridge, MA: 
Belfer Center for Science and International Affairs, Harvard Kennedy School, 2019), 
https://www.belfercenter.org/publication/national-counter-information-operations-strategy; Renée DiResta 
and Shelby Grossman, Potemkin Pages & Personas: Assessing GRU Online Operations, 2014—2019 (Palo 
Alto, CA: Stanford University, 2019), https://cyber.fsi.stanford.edu/io/publication/potemkin-think-tanks; 
Angus King and Mike Gallagher, Cybersecurity Lessons from the Pandemic, CSC White Paper #1 
(Washington, DC: U.S. Cyberspace Solarium Commission, 2020), https://www.solarium.gov/public- 
communications/pandemic-white-paper; Report on Russian Active Measures (Washington, DC: U.S. 
Congress. House, 2018), https://republicans-intelligence.house.gov/uploadedfiles/ 
final russia investigation report.pdf; Report of the Select Committee on Intelligence, United States Senate 
on Russian Active Measures Campaigns and Interference in the 2016 U.S. Election. Volume 1: Russian 
Efforts against Election Infrastructure with Additional Views, Senate, 116th Cong., 1st Sess. (Washington, 
DC: U.S. Congress. Senate, 2017), https://www.intelligence.senate.gov/sites/default/files/documents/ 
Report Volumel.pdf. 
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and critical thinking for the American public.!! Hopefully, incorporating the proposed 
measures with existing ones will help repair and strengthen the framework of American 


democracy for the 21* century. 


1! Michael McFaul, ed., Securing American Elections (Palo Alto, CA: Stanford University, Cyber 
Policy Center, 2019), 8, https://www.hsdl.org/?view&did-827251. 
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I. RUSSIA RISES FROM THE ASHES OF THE COLD WAR 


Over the course of my career, I’ve seen a number of challenges to our 
democracy. The Russian government's effort to interfere in our election is 
among the most serious. 


—Robert S. Mueller III, July 24, 2019 


This statement from the well-respected former FBI Director underscored the 
severity of the Russian actions to interfere with the 2016 U.S. elections. After the end of 
the Cold War and the fall of the Soviet Union in 1991, Russia appeared to have faded from 
America's collective memory as an adversary.! This attitude abruptly changed on June 
14, 2016, when a U.S.-based cybersecurity firm named Crowdstrike announced it had 
investigated intrusions into the computer networks of the Democratic National Committee 
(DNC) by two Russian hacking groups, code-named “Fancy Bear" and “Cozy Bear.”2 
Away from the news media scrutiny, Russian operatives working under the auspices of a 
St. Petersburg-based organization, known as the Internet Research Agency (IRA), created 
a significant portion of the toxicity on social media during the presidential campaign 
season. The “sweeping and sustained” online social media influence campaign 
perpetrated by the Internet Research Agency aimed to fan the flames of existing divisive 


rhetoric, drive a wedge between the many demographic groups in America, and erode 


! Jon Wiener, How We Forgot the Cold War: A Historical Journey Across America (Berkeley: 
University of California Press, 2012), 1, https://books.google.com/books?hl-en&lr-&id-w Sa- 
F8DXhgC&oi=fnd&pg=PA | &dq=americantmemory+of+the+cold+war&ots=kvRphYulTG&sig=sVpOO 
ZBAdI10fqcHCskioSuy7tiE#v=onepage&q=american%20memory%200f%20the%20cold%20war&f=false. 


2 Dmitri Alperovitch, “Our Work with the DNC: Setting the Record Straight,” Crowdstrike Blog 
(blog), June 5, 2020, https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national- 
committee/. 


3 Mueller, Report on the Investigation into Russian Interference in the 2016 Presidential Election, 
2019, 4. 
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confidence in democracy. Russia remains a committed adversary as its influence 


operations continue to this very day, posing an active threat to American democracy.? 


A. PROBLEM STATEMENT 


While *hack and dump" campaigns, such as the 2016 DNC attack and cyberattacks 
against election infrastructure, are broadly considered Russia influence operations, the 
Internet Research Agency's social media influence campaign directly targeted voter 
confidence in election integrity aimed to harm democracy.Ó As Philip Howard, an Oxford 
researcher, contends, a healthy democracy relies on trustworthy news media and a climate 
that allows for civil discourse and consensus-building./ The IRA’s continued onslaught of 
fake news and amplification of inflammatory content sowed discord and confusion in the 
United States. For example, Hillary Clinton received damaging publicity during the 
campaign season in 2016 when the Main Directorate of the General Staff of the Russian 
Armed Forces (GRU) and Wikileaks continually leaked stolen content from the 
Democratic National Committee; the IRA magnified the negative image of her through its 
dissemination of memes and other negative content on social media platforms, which in 
turn politically damaged her heading into Election Day, and may have delegitimized her 


presidency had she been elected.8 Russia understood that attacks against the elections 


4 DiResta et al., The Tactics & T. ropes of the Internet Research Agency, 4. 


5 Parks and Ewing, “Foreign Interference Persists And Techniques Are Evolving, Big Tech Tells 
Hill.” 


6 Sarah Birch, “Perceptions of Electoral Fairness and Voter Turnout,” Comparative Political Studies 
43, no. 12 (December 1, 2010): 1601—22, https://doi.org/10.1177/0010414010374021; Kellie J. Weir, 
"Safeguarding Democracy: Increasing Election Integrity through Enhanced Voter Verification" (master's 
thesis, Naval Postgraduate School, 2018), https://www.hsdl.org/?view&did=8 11383. 


7 Philip N. Howard et al., The IRA, Social Media, and Political Polarization in the United States, 
2012-2018 (Oxford, UK: University of Oxford, Computational Propaganda Research Project, 2019), 39, 
https://digitalcommons.unl.edu/cgi/viewcontent.cgi?article=1004&context=senatedocs. 


8 Allon J. Uhlmann and Stephen McCombie, “The Russian Gambit and the U.S. Intelligence 
Community: Russia’s Use of Kompromat and Implausible Deniability to Optimize Its 2016 Information 
Campaign against the U.S. Presidential Election,” Library Trends 68, no. 4 (2020): 684, https://doi.org/ 
10.1353/lib.2020.0017. 
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struck at the heart of American democracy because this process expresses the people's will 


and gives the U.S. government legitimacy.? 


Since the end of 2016, federal agencies and private sector organizations, 
specifically the major American social media companies, have been actively helping to 
safeguard political campaigns and election infrastructure from computer intrusions through 
increased cybersecurity and other security measures.!0 To date, most research has focused 
on quantitative and qualitative analyses of the IRA's influence campaigns. However, this 
research has not analyzed how the Russian government itself perceived the effectiveness 
of the campaigns in achieving their goals. Furthermore, the efficacy of the aforementioned 
governmental and private sector actions to defend against the IRA's influence campaigns 
has not been studied much in a methodical fashion. This thesis seeks to use a systematic 
framework to evaluate the qualitative effectiveness of the Russian disinformation 
campaigns and the countermeasures taken by the U.S. government and social media 
companies to combat the aforementioned campaigns targeting the 2020 U.S. elections. In 
summation, Russian influence operations’ continual assault will weaken American 


democracy over the long term if not effectively countered. 


B. RESEARCH QUESTION 


To develop effective countermeasures for Russian interference activities targeting 
future American elections, this thesis seeks to answer the following question: What impact 
did the countermeasures taken by the American social media companies and the U.S. 
government have on Russian social media influence campaigns targeting the 2020 U.S. 


elections? 


9 Gregory A. Miller et al., Critical Democracy Infrastructure: Protecting American Elections in the 
Digital Age Threats, Vulnerabilities, and Countermeasures as a National Security Agenda, 2nd ed. (Palo 
Alto, CA: OSET Institute, 2020), 9, https://trustthevote.org/wp-content/uploads/2020/05/01May20 CDI- 
2nd.pdf. 


10 Federal Bureau of Investigation, “Protected Voices," Federal Bureau of Investigation, accessed 
August 5, 2020, https://www.fbi.gov/investigate/counterintelligence/foreign-influence/protected-voices; 
Facebook, “Facebook - Preventing Election Interference," About Facebook, 2020, https://about.fb.com/ 
actions/preventing-election-interference/; Google Threat Analysis Group, *Google Safety & Security," 
Google (blog), accessed May 27, 2020, https://blog.google/technology/safety-security/; Twitter, “Elections 
Integrity: We're Focused on Serving the Public Conversation," About Twitter, 2020, 
https://about.twitter.com/en us/advocacy/elections-integrity.html. 
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C. LITERATURE REVIEW 


This literature review analyzes the leading scholarly and expert debates on the 
Internet Research Agency and other Russia-backed social media activities targeting the 
U.S. elections from 2014 to 2020, the countermeasures taken by American social media 
companies and the U.S. government, a framework for understanding the objectives of 
Russian hybrid warfare, and the recommendations to counter Russian influence activities 
provided by subject matter experts in a variety of fields. Russian influence campaigns, 
known as “active measures," have been in existence since the inception of the Soviet Union 
over 100 years ago.!! Prior research in this topic drew primarily from the ranks of history, 
political science, public policy, and international studies. An extensive survey of the 
current academic literature indicates that the types of researchers drawn to the field of 
foreign influence campaigns have recently broadened due to the Internet Research 
Agency's success in employing social media platforms to conduct influence campaigns 
targeting the 2016 U.S. elections. Presently, scholarly analyses also come from researchers 
in the fields of computer science, data analytics, and communications. This thesis attempts 
to evaluate the efficacy of the aforementioned actions to determine if finetuning or a 


wholesale change in tactics is required to counteract future Russian influence campaigns. 


The literature review will be comprised of four parts. The first part examines the 
studies of Russian online influence campaigns from 2014 to 2020. The sources for this 
topic include reports and papers by the U.S. government, think tanks, private research 
firms, academic researchers, and news media. The second part examines the documents 
which analyze or disclose countermeasures taken by the American social media companies, 
specifically Facebook, Google, and Twitter, and the U.S. government. The sources include 
government reports and statements, academic research papers, private research firm 
reports, think tanks papers, the social media companies' transparency reports, and news 
media reporting. The third part examines a framework for understanding the objectives of 
Russian hybrid warfare. The sources primarily include articles and research papers from 


academic and military institutions. The fourth part examines recommendations for 


11 Disinformation: A Primer in Russian Active Measures and Influence Campaigns, Panel I: Hearing 
before the Select Committee on Intelligence, Senate, 115th Cong., 1st sess., March 20, 2017, 10. 
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countering future Russian online influence campaigns. The sources for this topic include 
Congressional reports, think tank papers, academic research papers, and private research 
companies' reports. The literature review has revealed an abundance of source materials 
covering the activities surrounding the 2016 and 2018 U.S. elections. At the time of this 
thesis, there have not been many scholarly works published examining Russia's 


interference against the 2020 U.S. elections. 


1. Russian Online Influence Activities from 2014 to 2020 


Groups of investigators and scholars provide a critical review and analysis of 
Russian online influence activities and tactics vis-à-vis the 2016 U.S. election. The U.S. 
Intelligence Community Assessment (ICA) issued in January 2017 encapsulated the 
Executive Branch of the U.S. government's consensus judgment that the Russian 
Federation endeavored to erode public confidence in the U.S. elections and favor one 
presidential candidate over another.!2 Since that ICA was published, an abundance of 
literature into the IRA's 2016 to 2020 activities has been written by governmental entities, 


non-governmental organizations, and academic researchers. 


Both the U.S. government's executive and legislative branches conducted 
investigations into the Russian interference in the 2016 U.S. elections, which included the 
IRA’s social media campaigns. The foundational work detailing the IRA’s actions during 
this timeframe may be the 2019 report from Robert Mueller III, the former FBI Director 
appointed by the Department of Justice as the Special Counsel to investigate Russian 
interference in the 2016 U.S. elections.!? This report resulted from approximately two 
years of work by the Special Counsel's Office and the analysis of a multitude of evidence 
collected through legal processes and interviews.!^ Mueller and his team had two main 


findings regarding the Russian influence campaign. First, the report found that the IRA's 


12 Office of the Director of National Intelligence, Assessing Russian Activities and Intentions in 
Recent U.S. Elections: The Analytic Process and Cyber Incident Attribution (Washington, DC: Office of 
the Director of National Intelligence, 2017), 7, https://www.dni.gov/files/documents/ICA 2017 01.pdf. 


15 Robert Mueller, Report on the Investigation into Russian Interference in the 2016 Presidential 
Election (Washington, DC: Department of Justice, 2019). 


14 Department of Justice, “Special Counsel’s Office,” Department of Justice Special Counsel’s Office, 
October 16, 2017, https://www.justice.gov/sco. 
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social media campaign aimed to sow discord in the U.S. elections but pivoted to favoring 
Donald Trump when it became apparent he would be the Republican presidential 
nominee.1? Second, Mueller’s team concluded that the hack and dump attack against the 


DNC was intended to harm Hillary Clinton's presidential campaign. 16 


The intelligence committees for both houses of Congress also issued reports 
regarding Russian interference in the 2016 U.S. elections. Of the two, the U.S. Senate 
Select Committee on Intelligence (SSCI) report had bipartisan approval from the 
committee members when it was published. Its findings coincided with the Special 
Counsel’s report.!7 The U.S. House Permanent Select Committee on Intelligence (HPSCI) 
report was issued by the Republican majority over the Democratic committee members' 
dissent. The HPSCI majority and minority reports concluded that the Russians had 
interfered with the elections through the cyberattack against the DNC and the IRA’s social 
media campaigns.!8 The majority report neglected to mention that these two operations 
were intended to damage the Clinton campaign and favor the Trump campaign, whereas 
the minority report highlighted the majority's omission and suggested partisan politics 


explained the omission. 1? 


In August 2020, the State Department's Global Engagement Center published a 
report, which exposed Russia's current disinformation strategy and tactics.20 Though the 


report did not address the Russian activities targeting the 2016 U.S. elections, it described 


15 Mueller, Report on the Investigation into Russian Interference in the 2016 Presidential Election, 
2019, 4. 


16 Mueller, 4. 


17 Report of the Select Committee on Intelligence, United States Senate on Russian Active Measures, 
Campaigns, and Interference In the 2016 U.S. Election, Volume 2: Russia's Use Of Social Media With 
Additional Views, Senate, 116th Cong., 1st Sess. (Washington, DC: U.S. Congress. Senate, 2019), 4, 
https://www.intelligence.senate. gov/sites/default/files/documents/Report_ Volume2.pdf. 


18 Report on Russian Active Measures, 98. 


19 Report of the House Permanent Select Committee on Intelligence on Russian Active Measures 
Together with Minority Views, H.Rept 115-1110 (Washington, DC: Government Publishing Office, 2019), 
257, https://www.congress.gov/115/crpt/hrpt1110/CRPT-115hrpt1110.pdf. 


20 Global Engagement Center, Pillars of Russia’s Disinformation and Propaganda Ecosystem 
(Washington, DC: Department of State, 2020), https://www.state.gov/wp-content/uploads/2020/08/Pillars- 
of-Russia%E2%80%99s-Disinformation-and-Propaganda-Ecosystem_08-04-20.pdf. 


6 


Page 1342 of 3957 


Page 1343 of 3957 


Russian online influence operations, the online ecosystem that Russia was aiming to 
cultivate, and framed the IRA's current activities as a continuation of the Russian active 
measures strategy.2! The State Department and Special Counsel's Office reports, coupled 
with the Congressional intelligence committee reports, represented the U.S. government's 
understanding of Russian disinformation strategy in general and the IRA's role within the 


broader Russian influence enterprise. 


In March 2021, the Office of the Director of National Intelligence (ODNI) issued 
an unclassified version of the intelligence community assessment summarizing foreign 
state-sponsored threats to the 2020 U.S. elections.22 In particular, the ODNF's report 
provided a succinct but comprehensive overview ofthe Russian influence campaign, which 
focused on damaging the Biden presidential campaign and favoring the Trump 
campaign.2? In April 2021, the ODNI issued an unclassified version of the Intelligence 
Community's annual worldwide threat assessment, highlighting Russian influence 
operations as a persistent threat to the United States.24 Reporting from the ODNI 
represents the collective efforts of all 18 organizations which comprise the U.S. 


Intelligence Community.25 


Another corpus of literature written by non-governmental and academic researchers 
tended to be more quantitively detailed in its findings of the IRA than governmental 
counterparts as they delved into statistical analyses of social media activities. Researchers 
from the New Knowledge private research firm, now known as Yonder, conducted a 


comprehensive analysis of the IRA's activities in 2016 and authored a report at the request 


21 Global Engagement Center. 


22 Office of the Director of National Intelligence, "Intelligence Community Assessment on Foreign 
Threats to the 2020 U.S. Federal Elections," Intelligence Community Assessment (Washington, DC, March 
16, 2021), https://www.odni.gov/index.php/newsroom/reports-publications/reports-publications-202 1 /item/ 
2192-intelligence-community-assessment-on-foreign-threats-to-the-2020-u-s-federal-elections. 


23 Office of the Director of National Intelligence, 2-5. 


24 Office of the Director of National Intelligence, 2021 Annual Threat Assessment of the U.S. 
Intelligence Community, 11. 


25 Office of the Director of National Intelligence, “Members of the IC," Office of the Director of 
National Intelligence, accessed April 27, 2021, https://www.dni.gov/index.php/what-we-do/members-of- 
the-ic. 
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of the Senate Select Committee on Intelligence.26 Renee DiResta and her colleagues 
conducted a highly detailed qualitative and quantitative analysis of all the social media data 
submitted to SSCI by Facebook, Google, and Twitter. The data encompassed the IRA's 
activities from about 2015 to 2018. Their findings regarding the intent of the IRA’s social 
media campaign and the cyberattack against the DNC aligned with the Special Counsel's 
and SSCI’s reports.27 DiResta et al. go beyond the government reports’ findings and 
conclude that the Russians actively attempted to suppress voter turnout, especially among 
black voters, and foment insurrectionist sentiment against different levels of American 


government. 28 


Philip Howard, a University of Oxford researcher, also had the opportunity to 
analyze the aforementioned social media data provided to SSCI. Howard and his colleagues 
conducted a statistical analysis of the social media data, to include an in-depth examination 
of the IRA's strategy and tactics.2? Howard, who along with Samuel Woolley, had 
previously coined the phrase computational propaganda" to describe the IRA's cyber 
covert operation activities, also found that the IRA's social media campaign was designed 
to interfere in the 2016 U.S. elections, specifically favoring Trump over Clinton.?0 Their 
report went further than prior research by describing the specific targeting of different 
demographic groups to elicit particular responses; i.e., promoting right-wing turnout for 
Trump, discouraging black voters from voting or civic engagement, and amplifying the 


differences between the ideologically progressive and conservative.?! 


26 DiResta et al., The Tactics & T) ropes of the Internet Research Agency. 

27 DiResta et al., 4. 

28 DiResta et al., 8. 

29 Howard et al., The IRA, Social Media, and Political Polarization in the United States, 2012—2018. 


30 Samuel C. Woolley and Philip N. Howard, “Political Communication, Computational Propaganda, 
and Autonomous Agents,” National Science Foundation Public Access Repository, September 3, 2016, 6; 
Howard et al., The IRA, Social Media, and Political Polarization in the United States, 2012—2018, 3; 
Woolley and Howard, “Political Communication, Computational Propaganda, and Autonomous Agents,” 3. 


31 Howard et al., The IRA, Social Media, and Political Polarization in the United States, 2012-2018, 
18. 
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More recently, Robert Walker examined the IRA's online activities in his 2019 
master's thesis at the Naval Postgraduate School.32 His work's primary focus was to 
evaluate the purpose and impact of the IRA's social media content, coming to the same 
conclusions as his predecessors.?? Unlike the previously mentioned researchers, Walker 
also examined the countermeasures taken by private sector companies and the U.S. 
government from 2016 to 2018 to assess their impact and found them to be partially 
effective.34 These researchers did not have the same political considerations or constraints 
as governmental investigators to examine and make qualitative judgments about the intent 


of the IRA’s activities and motivations. 


Despite a broad agreement within the United States that the Russians attempted to 
interfere in the 2016 U.S. elections, some conservative American media have disputed the 
impact these efforts had on the election outcome. In a New York Magazine article, Margaret 
Hartmann, senior editor, stated, “the general consensus is that liberals are overstating the 
significance of Russia’s alleged meddling in an effort to shift the blame for their loss from 
Hillary Clinton, and undermine Trump’s presidency.”35 A 2018 poll taken by British 
marketing research firm YouGov found that only 37% of Republicans believed Russia 
interfered with the 2016 U.S. elections.36 This researcher’s extensive literature search 
could not find any scholars, private research organizations, or prominent conservative think 
tanks who had authored papers discussing the Russian interference in the 2016 U.S. 
elections, the Internet Research Agency’s social media activities, or policy 
recommendations for countermeasures. The negative results of this query suggest that this 


topic did not rate as relevant to these organizations. 


32 Robert E. Walker, “Combating Strategic Weapons of Influence on Social Media” (master’s thesis, 
Naval Postgraduate School, 2019), http://hdl.handle.net/10945/62826. 


33 Walker, 69—79. 
34 Walker, 89-100. 


35 Margaret Hartmann, “How Conservatives View Russia’s Alleged Meddling in the U.S. Election,” 
New York Magazine, December 16, 2016, https://nymag.com/intelligencer/2016/12/how-the-right-is- 
talking-about-russias-election-meddling.html. 


36 Kathy Frankovic, “Republicans Still Not Convinced of Russian Election Meddling,” YouGov, 
August 10, 2018, https://today.yougov.com/topics/politics/articles-reports/2018/08/10/republicans-still-not- 
convinced-russian-election-m. 
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2. Countermeasures by the Private Sector and the U.S. Government 


The Internet Research Agency appeared to conduct their influence activities 
undetected on the major social media platforms, specifically those belonging to Facebook, 
Google, and Twitter, before and during the 2016 U.S. elections.?7 Thus, the social media 
companies did not pursue any policy changes or take any actions to thwart the influence 
campaign. In October 2016, the Department of Homeland Security (DHS) and Office of 
the Director of National Intelligence publicly blamed the Russian Federation for hacking 
the Democratic National Committee.38 Subsequently, the FBI and ODNI issued a joint 
analysis report (JAR), providing more details to the previously published joint statement.?? 
The JAR attributed the 2016 DNC hack to two Russian hacking groups, known as APT28 
and APT29, and provided technical details to allow organizations to safeguard themselves 
from these types of computer intrusions.49 Typically, the U.S. government does not 
publicly disclose foreign actors' tradecraft because it can reveal sensitive sources and 
methods used to acquire this information. Likely, the significance of the DNC hack and 
public pressure prompted the U.S. government to supplement its initial October 2016 


statement.4! 


During the time frame after the 2018 U.S. elections and before the 2020 U.S. 
elections, private research firms and academic research centers played a more prominent 


role as the social media companies decided to partner with them. These research 


37 Cecilia Kang, Nicholas Fandos, and Mike Isaac, “Tech Executives Are Contrite About Election 
Meddling, but Make Few Promises on Capitol Hill,” New York Times, October 31, 2017, 
https://www.nytimes.com/2017/10/3 1 /us/politics/facebook-twitter-google-hearings-congress.html. 


38 Department of Homeland Security and Office of the Director of National Intelligence, Joint 
Statement from the Department of Homeland Security and Office of the Director of National Intelligence on 
Election Security (Washington, DC: Department of Homeland Security and Office of the Director of 
National Intelligence, 2016), https://www.dhs.gov/news/2016/10/07/joint-statement-department-homeland- 
security-and-office-director-national. 


39 Department of Homeland Security and Federal Bureau of Investigation, GRIZZLY STEPPE — 
Russian Malicious Cyber Activity (Washington, DC: Department of Homeland Security and Federal Bureau 
of Investigation, 2016), https://www.us-cert.gov/sites/default/files/publications/JAR_16- 
20296A_GRIZZLY%20STEPPE-2016-1229.pdf. 


40 Department of Homeland Security and Federal Bureau of Investigation, 5—10. 


999 


41 Chris Strohm, “Russian Hacking Began as ‘Grizzly Steppe,” Chicago Tribune, December 30, 
2016, sec. Nation & World, https://www.chicagotribune.com/nation-world/ct-russian-hack-grizzly-steppe- 
20161230-story.html. 
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organizations were pivotal in identifying the Internet Research Agency's activities and its 
various influence campaigns. The two noteworthy organizations were Graphika and the 
Stanford Internet Observatory. In 2020, Graphika issued a series of reports that exposed 
Russian influence operations' activities across different platforms. The organization 
coordinated with the social media companies that shut down IRA-controlled accounts. It 
discovered that the IRA had made fake left-wing and right-wing news sites to amplify the 
existing discourse on hot-button topics, such as governmental corruption, gun control, and 
racial discrimination.42 The Graphika researchers concluded that the IRA made these sites 
to help them target people through their ideologies, similar to their tactics in 2016.43 The 
Stanford Internet Observatory was led by Alex Stamos, formerly Facebook's Chief 
Security Officer, and Renee DiResta, one ofthe researchers retained by SSCI to investigate 
Russian interference in 2016. The Stanford Observatory collaborated with the social media 
companies to identify Russian influence campaigns, which the companies would 
subsequently disrupt through account takedowns and content removal.44 The Stanford 
researchers identified influence operations conducted by the GRU and IRA in Africa, 
which mostly followed prior Russian influence campaign tactics.^? These two instances 
showed the social media companies partnering with different research organizations to 
identify and disrupt various foreign influence campaigns, likely to avoid duplicating efforts 


and spread the workload. 


42 Ben Nimmo et al., "IRA Again: Unlucky Thirteen" (New York, NY: Graphika, September 2020), 
https://public-assets.graphika.com/reports/graphika report ira again unlucky_thirteen.pdf; Jack Stubbs, 
“Exclusive: Russian Operation Masqueraded as Right-Wing News Site to Target U.S. Voters - Sources,” 
Reuters, October 1, 2020, https://www.reuters.com/article/usa-election-russia-disinformation- 
idUSKBN26MSOP. 


43 Nimmo et al., “IRA Again: Unlucky Thirteen,” 24; Stubbs, “Exclusive.” 


44 DiResta and Grossman, Potemkin Pages & Personas: Assessing GRU Online Operations, 2014— 
2019; Stanford Internet Observatory, “Analysis of June 2020 Twitter Takedowns Linked to China, Russia, 
and Turkey,” Stanford Internet Observatory (blog), June 11, 2020, https://cyber.fsi.stanford.edu/io/news/ 
june-2020-twitter-takedown. 


45 DiResta and Grossman, Potemkin Pages & Personas: Assessing GRU Online Operations, 2014— 
2019; Shelby Grossman, Daniel Bush, and Renée DiResta, “Evidence of Russia-Linked Influence 
Operations in Africa,” Stanford Internet Observatory (blog), October 30, 2019, https://fsi-live.s3.us-west- 
1.amazonaws.com/s3fs-public/290ct2019 sio - russia linked influence operations in africa.final .pdf. 
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3. Framework for Understanding Russian Hybrid Warfare 


The concept of Russian hybrid warfare was devised by Western experts around 
2014 to describe Russia's use of conventional military force and unconventional means, 
specifically cyberattacks and information operations, in its incursions into Crimea, Eastern 
Ukraine, and Syria.46 A review of current literature determined that the Russian military 
officers who are believed to have contributed the most to the Russian hybrid warfare 
concept were General Valery Gerasimov, Chief of the Russian Federation's General Staff, 
Lieutenant General S. A. Bogdanov, a retired General Staff officer, and Lieutenant General 
Andrei V. Kartapolov, currently Russia's Deputy Minister of Defense and the former head 
of the Russian General Staff's Main Operational Directorate.47 Of these individuals, 
Gerasimov was most widely attributed to have created modern Russian hybrid warfare 
because of a heavily cited article he wrote in February 2013 to describe his thoughts on 


2]*-century wars.48 In 2014, a British researcher, Mark Galeotti, coined the term “The 


46 Ofer Fridman, “On the ‘Gerasimov Doctrine’: Why the West Fails to Beat Russia to the Punch,” 
PRISM 8, no. 2 (2019): 101. 


47 Viorel Barbu, “The Hybrid War in the East-West Paradigm,” in Strategic Changes in Security and 
International Relations, ed. Dorin Corneliu Plescan et al., vol. XVI, Part 2 (16th International Scientific 
Conference, Bucharest, Romania: “Carol I" National Defence University, 2020), 101-12, 
https://www.strategii2 | .ro/A/2020- 
04.%20STRATEGIC%20CHANGES%20IN%20SECURIT Y%20AND%20INTERNATIONAL%20RELA 
TIONS/FSA 2020 VOLUMUL%202.pdf#page=102; Elizabeth Bodine-Baron et al., Countering Russian 
Social Media Influence (Santa Monica, CA: RAND Corporation, 2018), https://doi.org/10.7249/RR2740; 
Sandor Fabian, “The Russian Hybrid Warfare Strategy — Neither Russian nor Strategy,” Defense & 
Security Analysis 35, no. 3 (2019): 308-25, https://doi.org/10.1080/14751798.2019.1640424; Fridman, “On 
the ‘Gerasimov Doctrine’”; Mark Galeotti, “The Mythical ‘Gerasimov Doctrine’ and the Language of 
Threat,” Critical Studies on Security 7, no. 2 (2019): 157-61, https://doi.org/10.1080/ 
21624887.2018.1441623; Krisztian Jojart, “Russia Military Thinking and the Hybrid War,” Scientific 
Periodical of the Hungarian Military National Security Service, no. 1 (2019): 82; Nina A. Kollars and 
Michael B. Petersen, “Feed the Bears, Starve the Trolls: Demystifying Russia's Cybered Information 
Confrontation Strategy," The Cyber Defense Review Special edition (2019): 145-60; Sarah O'Connor et al., 
Cyber-Enabled Foreign Interference in Elections and Referendums, Policy Brief Report No. 41 (Canberra, 
Australia: Australian Strategic Policy Institute, 2020), https://www.aspi.org.au/report/cyber-enabled- 
foreign-interference-elections-and-referendums; Timothy Thomas, “The Evolution of Russian Military 
Thought: Integrating Hybrid, New-Generation, and New-Type Thinking," Journal of Slavic Military 
Studies 29, no. 4 (2016): 554—75, https://doi.org/10.1080/13518046.2016.1232541; Timothy Thomas, “The 
Evolving Nature of Russia's Way of War," Military Review 97, no. 4 (August 2017): 34—42; Thornton, 
“The Russian Military's New ‘Main Emphasis’”; Wilhelm, “A Russian Military Framework.” 


48 Valery Gerasimov, “The Value of Science in Prediction,” Military-Industrial Kurier, February 27, 
2013, https://www.ies.be/files/Gerasimov%20HW%20ENG. pdf. 
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Gerasimov Doctrine" to encapsulate this evolution in Russian military thinking.49 Over 
the next five years, the Gerasimov Doctrine was referenced or cited in hundreds of 
scholarly works.>9 In 2019, Galeotti gave a mea culpa when he clarified that the term was 
meant to be a placeholder for the changing thoughts about Russian military strategy.>! 
Galeotti pointed out that Gerasimov was a career armored division officer and not 
considered a military science theoretician.52 Other Russian experts also dismissed the 
Gerasimov Doctrine as a model for understanding how Russia incorporated information 


operations into its conventional warfare strategy.?? 


Like Gerasimov, Lieutenant General Bogdanov and a colleague wrote an article 
about hybrid warfare called the “New Generation War.”>4 In this article published in 
February 2013, Bogdanov discussed the need for information technology and information 
operations superiority, as it perceived the United States and other Western countries were 
already using technology-enabled psychological warfare to target Russia.?? Bogdanov 
believed these information operations could internally undermine a country's ability to 
govern and leave it vulnerable to conventional military force.96 ^ However, since the 
publication of that article, Bogdanov has not mentioned the term *New Generation War" 
in his subsequent articles.5’ Later on, Bogdanov would use a different term for hybrid 


warfare, popularized by Lieutenant General Kartapolov.58 


49 Galeotti, “The Mythical ‘Gerasimov Doctrine’ and the Language of Threat.” 
50 Galeotti. 
51 Galeotti. 
52 Galeotti. 


53 Fridman, “On the ‘Gerasimov Doctrine,” 101; Fabian, “The Russian Hybrid Warfare Strategy,” 
311; Kollars and Petersen, “Feed the Bears, Starve the Trolls”; Thomas, “The Evolving Nature of Russia’s 
Way of War.” 


54 S.G. Chekinov and S.A. Bogdanov, “The Nature and Content of New Generation War," Military 
Thought, no. 4 (February 2013): 12-23. 


55 Chekinov and Bogdanov; Thomas, “The Evolving Nature of Russia's Way of War,” 39. 
56 Kollars and Petersen, “Feed the Bears, Starve the Trolls,” 147. 

57 Thomas, “The Evolving Nature of Russia’s Way of War,” 41. 

58 Thomas, 41. 
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In 2015, Lieutenant General Kartapolov published an article and gave a speech at 
the Russian Academy of Military Science about hybrid warfare, which he described as 
“New-Type Warfare.”>9 Specifically, Kartapolov discussed using asymmetric means, 
such as cyber operations and other forms of political pressure, to weaken an adversarial 
state's military strength.90 What differentiates Kartapolov from Gerasimov and Bogdanov 
was the specific manner in which he laid out the elements for successfully waging New- 
Type Warfare.6! Multiple Western scholars consider Kartapolov's article and speech to 
be a roadmap for the current Russian military thought and practice of hybrid warfare.62 
Figure 1 shows a graphic from the Kartapolov article, which describes the tactics for 
conducting a New-Type War. In particular, Thomas Wilhelm, an American military 
scholar, has devised a framework for understanding Russian influence operations based on 
his analyses of multiple works by General Kartapolov, which will be discussed in further 


detail in the Research Design section of this thesis. 6? 


59 Kartapolov, “Lessons of Military Conflict, Perspectives on the Development of the Related Forms 
and Methods"; Thomas, “The Evolving Nature of Russia's Way of War,” 38. 


60 Kartapolov, “Lessons of Military Conflict, Perspectives on the Development of the Related Forms 
and Methods"; Kollars and Petersen, *Feed the Bears, Starve the Trolls," 147. 


61 Kartapolov, “Lessons of Military Conflict, Perspectives on the Development of the Related Forms 
and Methods," 35. 


62 Barbu, “The Hybrid War in the East-West Paradigm," 109; Jojart, “Russia Military Thinking and 
the Hybrid War,” 19; Kollars and Petersen, “Feed the Bears, Starve the Trolls," 147; Thomas, “The 
Evolution of Russian Military Thought"; Thomas, “The Evolving Nature of Russia's Way of War," 41; 
Thornton, “The Russian Military's New ‘Main Emphasis," 23; Wilhelm, “A Russian Military 
Framework," 33. 


63 Wilhelm, *A Russian Military Framework," 33. 
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Figure 1. Kartapolov's Components for Conducting Hybrid Warfare. 64 


Pressuring the enemy politically, Disorienting the political and Preparing armed opposition 
economically, informationally, and military leadership of the state-victim. detachments and sending them 
psychologically Spreading dissatisfaction among to the conflict region 
the population 


Covertly deploying and employing special operations forces, cyber attacks and software effects, 
conducting reconnaissance and subversive acts on a large scale, supporting the internal opposition, 
and employing new weapons systems 


Seizing enemy territory with the simultaneous action Employing precision weapons on a large scale, extensively 
against (destruction of) forces and targets to the entire using special operations forces, robotic complexes, and 
depth of his territory weapons based on new physical principles (NPP) 


4. Recommendations for Countering Russian Influence Campaigns 


Recommendations for countering Russian malign influence operations primarily 
come from three sectors: (1) the U.S. government, (2) non-governmental organizations 
such as think tanks, and (3) researchers affiliated with academic institutions. The 
intelligence committees for both houses of Congress provided recommendations in the 
reports, which summarized their investigations of Russian interference in the 2016 U.S. 
elections. The House Permanent Select Committee on Intelligence  report's 
recommendations focused on information sharing between election-related stakeholders, 
improved cybersecurity for election information infrastructure, and potential legislative 
actions to enhance cybersecurity.6^ The Senate Permanent Select Committee on 
Intelligence report’s recommendations discussed the Executive Branch using a suite of 
deterrents to dissuade foreign influence in U.S. elections, such as sanctions, diplomatic 


pressure, and cyber operations, enhanced cybersecurity measures for election 


64 Source: Kartapolov, “Lessons of Military Conflict, Perspectives on the Development of the Related 
Forms and Methods,” 35; Thomas, “The Evolution of Russian Military Thought,” Appendix 1. 


65 H.R., Report on Active Measures, 120-22. 
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infrastructure, and replacing outdated election equipment.66 All of these recommendations 


may broadly be characterized as security measures. 


Like the Congressional reports, various policy think tanks have proposed a series 
of recommendations to counter Russian influence campaigns. The RAND Corporation 
suggested a three-pronged set of activities: (1) targeting the Russian government through 
sanctions, diplomacy, and pro-democracy programs; (2) identifying and disrupting the 
activities of the Internet Research Agency and other proxies through information sharing 
and improved detection technologies; and (3) disrupting the effectiveness of social media 
amplification channels through technology enhancements and policy changes.97 Similar 
to the third prong of RAND's recommendations, the German Marshall Fund was highly 
focused on improved transparency through better information-sharing between companies 
and better labeling state-sponsored content.68 Looking at the environment from a more 
holistic perspective than RAND or the German Marshall Fund, the Belfer Center advocated 
for a national strategy for countering information operations, to include increased 
transparency to attribute and reveal Russian influence operations, leveraging all facets of 
the U.S. government to disrupt these operations, increased engagement with allies to 
counter influence operations, and better cooperation between the U.S. government and 
social media companies. In contrast to the other organizations, the Belfer Center also 
advocated for improved media literacy in the nation’s education system.70 In summary, 
the writers" consensus viewpoint from the literature review is that enhanced security, 


transparency, and resiliency are crucial to combating malign Russian influence in elections. 


As another group of outside observers of social media influence campaigns, 


academic researchers provided practical proposals based on their analysis of the IRA's 


66 Russian Active Measures Campaigns: Volume 1, 55—60. 
67 Bodine-Baron et al., Countering Russian Social Media Influence, 12. 


68 Bradley Hanlon, A Long Way to Go - Analyzing Facebook, Twitter, and Google’s Efforts to Combat 
Foreign Interference, Policy Brief No. 41 (Washington, DC: German Marshall Fund of the United States, 
2018), 1, https://securingdemocracy.gmfus.org/wp-content/uploads/2018/12/A-Long-Way-to-Go- 
Analyzing-Facebook-Twitter-and-Googles-Efforts-to-Combat-Foreign-Interference.pdf. 


69 Cederberg et al., National Counter-Information Operations Strategy, 11-12. 
70 Cederberg et al., 12. 
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tactics and activities. These proposals may have added weight because they are in peer- 
reviewed publications. Both DiResta and Howard's academic research teams, from 
Stanford University and Oxford University respectively, provided wide-ranging proposals 
involving collaboration between relevant stakeholders to counter current and future 
Russian influence campaigns.7! These recommendations included information sharing 
between private sector companies and the government, better policing and content 
moderation by the social media companies, and critically thinking about how future 


technologies can influence campaigns. 72 


In contrast to DiResta and Howard's teams, researchers from the Harvard Kennedy 
School concentrated their recommendations on social media companies.7? Specifically, 
the Harvard researchers focused on policy improvements for the social media companies 
concerning increased transparency for taking down content, better content moderation, 
labeling state-sponsored content, providing links to reliable sources of information, and 
focusing on their users’ rights and privacy.’4 Kate Starbird, a University of Washington 
researcher, agreed on the critical nature of better content moderation by the social media 
companies but expressed concern about the potential curtailment of free speech.7> In a 


completely different vein, Canadian researchers Barry Cartwright et al. believe advanced 


7l DiResta et al., The Tactics & Tropes of the Internet Research Agency, 101; Howard et al., The IRA, 
Social Media, and Political Polarization in the United States, 2012—2018, 40. 


72 DiResta and Grossman, Potemkin Pages & Personas: Assessing GRU Online Operations, 2014— 
2019, 1-2. 


73 Deen Freelon and Tetyana Lokot, “Russian Disinformation Campaigns on Twitter Target Political 
Communities across the Spectrum. Collaboration between Opposed Political Groups Might Be the Most 
Effective Way to Counter It.," Harvard Kennedy School Misinformation Review 1, no. 1 (2020): 2, 
https://doi.org/10.37016/mr-2020-003. 


74 Freelon and Lokot, 2. 


75 Kate Starbird, Ahmer Arif, and Tom Wilson, “Disinformation as Collaborative Work: Surfacing the 
Participatory Nature of Strategic Information Operations,” Proceedings of the ACM on Human-Computer 
Interaction 3, no. CSCW (November 2019): 19, https://doi.org/10.1145/3359229. 
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technology, specifically artificial intelligence, will be vital for detecting and combating 


foreign influence campaigns. 76 


A review of the literature revealed some trends among the different sectors, which 
provided recommendations. The Congressional recommendations focused on security 
measures such as enhanced cybersecurity, economic sanctions, and cyber operations. 77 
The think tank recommendations ran the gamut from security measures similar to 
Congressional recommendations to transparency measures, such as promoting public 
communications about disinformation campaigns by the U.S. government, to resilience 
measures, such as improved media literacy.78 Academic literature generally supported the 
same security, transparency, and resiliency measures favored by think tanks and public 


policy organizations. 7? 


5. Conclusions from Literature Review 


A review of all the relevant literature makes clear that Russia has and will continue 
to persist as an adversarial nation-state seeking to destabilize American democracy. The 
current online influence campaigns being conducted by Russian actors are an extension of 
Soviet-era psychological warfare operations, amplified by 21‘-century social media 
platforms. The sources providing recommendations to counter these malign influence 


operations include academia, private sector, government, think tanks, and other non- 


76 Barry Cartwright, George Weir, and Richard Frank, "Fighting Disinformation Warfare with 
Artificial Intelligence: Identifying and Combatting Disinformation Attacks in Cloud-Based Social Media 
Platforms," in CLOUD COMPUTING 2019 Proceedings of the Tenth International Conference on Cloud 
Computing, GRIDs, and Virtualization, ed. Bob Duncan et al. (Cloud Computing 2019, Venice, Italy: 
IARIA, 2019), 73—77, https://www.researchgate.net/publication/ 

333024381 CLOUD COMPUTING 2019 Proceedings of the Tenth International Conference on Clo 
ud Computing GRIDs and Virtualization. 


17 Report on Russian Active Measures, 121—27; Russian Active Measures Campaigns: Volume 1, 54— 
57. 


78 Cederberg et al., National Counter-Information Operations Strategy, 11-12; William Marcellino et 
al., Foreign Interference in the 2020 Election: Tools for Detecting Online Election Interference (Santa 
Monica, CA: RAND Corporation, 2020), https://www.rand.org/pubs/research reports/RRA704-2.html. 


79 DiResta and Grossman, Potemkin Pages & Personas: Assessing GRU Online Operations, 2014— 
2019, 1—2; Darren L. Linvill and Patrick L. Warren, “Engaging with Others: How the IRA Coordinated 
Information Operation Made Friends," Harvard Kennedy School Misinformation Review 1, no. 2 (April 
2020): 2, https://doi.org/10.37016/mr-2020-011. 
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governmental organizations. The variety of sources and input indicates that a whole-of- 
society approach utilizing a range of security, transparency, and resiliency measures will 


be necessary to combat Russian influence operations. 


D. RESEARCH DESIGN 


The objectives of this thesis are three-fold: (1) examining the Internet Research 
Agency and other Russian social media campaigns ahead of the 2020 U.S. elections to 
determine whether its tactics have shifted since 2016; (2) critically analyzing the private 
sector and U.S. government's actions to counter the Russian influence activities; and (3) 
proposing recommendations to safeguard future U.S. elections. The first two objectives 
will be assessed using an analytical framework proposed by Thomas Wilhelm, Director of 
the U.S. Army's Foreign Military Studies Office. The last objective will be informed by 
the results of the first two objectives, as well as a review of current literature by scholars 
and subject matter experts in different fields. 

To design a useful framework for analyzing Russian influence operations, Thomas 
Wilhelm surveyed the published works and speeches of General Lieutenant Andrei V. 
Kartapolov. Wilhelm surmised Kartapolov was one of the key architects of current Russian 
military science and doctrine, specifically the aforementioned *New-Type War."80 
Wilhelm believed the framework provided a well-rounded understanding of Russian 
martial intent and objectives about hybrid warfare through a Russian perspective.?! 
Specifically, Kartapolov advocates utilizing asymmetric, non-violent methods to 
undermine the strengths of Russia's opponents to achieve their strategic goals.8? 
Kartapolov highlighted ten components for conducting hybrid warfare, herein referred to 
as the Kartapolov Framework: (1) spreading discontent in the population; (2) exerting 
political pressure; (3) confusing the political leadership; (4) use of new and advanced 


weaponry; (5) train and arm opposition forces; (6) utilization of special military forces 


80 Tom Wilhelm, *A Russian Military Framework for Understanding Influence in the Competition 
Period," Military Review (2020): 35. 


81 Wilhelm, 38. 
82 Thornton, “The Russian Military's New ‘Main Emphasis." 
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behind enemy lines; (7) commit large scale subversive acts to destabilize to the enemy; (8) 
shift to conventional warfare after softening the enemy; (9) destroy the enemy and seize 
territory concurrently; and (10) use airstrikes and artillery to destroy any focal points of 
resistance to establish complete control of the territory.9? 

The relevant components of the Kartapolov Framework for analyzing Russian 
social media-based influence operations against the United States are: (1) spreading 
discontent in the population; (2) exerting political pressure; and (3) confusing the political 
leadership.84 This thesis will use the Kartapolov framework to conduct a qualitative 
evaluation of the Internet Research Agency's impact and the effectiveness of social media 
companies and the U.S. government's countermeasures. To assess the social media 
companies and the U.S. government's actions to counter Russian influence activities, this 
thesis will also employ the Kartapolov framework. Specifically, the American actions will 
be analyzed to determine their effectiveness for countering the three influence-related 
components of the Kartapolov Framework. In particular, a qualitative analysis will evaluate 
American efforts to counter the spread of discontent in the American populace, defuse 
political pressure, and stop confusion in political leadership. The analysis will be dependent 


on publicly available information. 


The review of the private sector countermeasures to the IRA's influence campaign 
will be based on examining three sources of information. Private sector actions, specifically 
those of the “Big Three" social media companies of Facebook, Google, and Twitter, are 
tracked and reviewed by academic researchers and non-governmental organizations.®5 
These two groups write reports or papers based on their findings. An example of this type 
of information is a recently published paper examining Twitter's account suspensions 


related to the 2020 U.S. elections by researchers from the University of New Mexico and 


83 Kartapolov, “Lessons of Military Conflict, Perspectives on the Development of the Related Forms 
and Methods," 35. 


84 Kartapolov, 36. 


85 Ryan Robinson, “7 Top Social Media Sites in 2020,” Adobe Spark, accessed July 21, 2021, 
https://www.adobe.com/express/learn/blog/top-social-media-sites. 
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the Georgia Institute of Technology.396 The social media companies have also regularly 
made public announcements of their actions to combat foreign influence activities. These 
types of information will be used to assess the impact of the private sector's 


countermeasures. 


The review of U.S. government countermeasures will rely only on publicly 
available, unclassified information. Although classified reporting on U.S. government 
actions likely exists, these sources will fall outside this thesis's scope. In certain instances, 
different facets of the U.S. Government generates unclassified reports, such as those 
produced by the different committees in Congress or various executive branch agencies. 
In other circumstances, the U.S. government will make public statements or unseal legal 
documents such as indictments or arrest affidavits. On occasion, the news media will also 
leverage their sources to reveal U.S. government actions. These types of information will 


be used to assess the impact of the U.S. government's countermeasures. 


Recommendations for safeguarding future U.S. elections will be informed by the 
aforementioned analyses of actions taken by the private sector and the U.S. government 
and a review of advice provided by subject matter experts in various fields. These experts 
comprise academic scholars, researchers from non-governmental organizations, and U.S. 
government officials from both the legislative and executive branches. The diverse 
experiences and perspectives should provide a robust set of recommendations for a whole- 


of-society approach to secure elections. 


In summation, the examination of the Internet Research Agency's social media 
campaigns ahead of the 2020 U.S. elections will rely primarily on exploring literature 
produced by four groups: academic researchers, non-governmental research organizations, 
reports from the social media companies, and U.S. government investigatory reports. 
Although offering different perspectives, these subject matter experts provide the most 


reliable analysis and assessment of the Russian influence activities. 


86 Farhan Asif Chowdhury et al., *Examining Factors Associated with Twitter Account Suspension 
Following the 2020 U.S. Presidential Election," ArXiv 2101, no. 09575 (January 23, 2021), 
https://arxiv.org/pdf/2101.09575.pdf. 
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Il. OPENING MOVES - SCOPE AND BACKGROUND 


We're all targets of a sophisticated and capable adversary and we must 
engage in a whole-of-government approach to combat Russian active 
measures. 


— Richard Burr, March 30, 2017 


In the Russian Federation, President Vladimir Putin, who has been in power since 
2000, makes every major decision.87 As a former senior-level KGB officer, Putin holds 
antagonistic views of liberal democracies in general and the United States in particular.88 
Michael McFaul, former U.S. Ambassador to Russia, assessed that Putin sees the United 
States as “a hostile power and a serious threat to Russian national interests.”89 As such, 
Putin perceives himself to be in an ideological struggle “between conservative, Christian, 
sovereign values—which he embraces—and decadent, liberal, multilateral ideas 
championed by many Western governments, including first and foremost the United 
States."?0 Harkening back to Soviet-era information operations, Putin recognized the 
advent of online social media platforms as an avenue to target U.S. elections.?! The 


Russian influence operations started before the 2016 U.S. elections and continued through 


the 2020 U.S. elections. 


Before delving into the nuances of the Russian online social influence campaigns 
targeting the 2020 U.S. elections, this chapter outlines the scope of the issue to be studied 
in this thesis, the recent history motivating these influence campaigns, a review of Russian 
and American measures during the 2016 and 2018 U.S. elections, and an analysis of the 


effectiveness of these measures using the Kartapolov Framework. 


87 Timothy J. Colton and Michael McFaul, “Russian Democracy under Putin,” Problems of Post- 
Communism 50, no. 4 (July 2003): 13, https://doi.org/10.1080/10758216.2003.1 1656043. 


88 S., Russian Active Measures, 14. 

89 McF aul, Securing American Elections, 11. 

90 McFaul, 11. 

91 Starbird, Arif, and Wilson, “Disinformation as Collaborative Work,” 4. 
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A. SCOPE OF THESIS 


The current Russian information operations targeting U.S. elections can trace their 
roots to Soviet-era propaganda and disinformation campaigns.?? Because of the immense 
longevity and scale of these Russian information operations, it is essential to frame what 
will be discussed within the confines of this thesis. The critical components to be bounded 
are time periods covered, types of influence operations, and the social media platforms to 


be examined. 


1. Relevant Time Periods 


On March 30, 2017, Eugene Rumer, Senior Fellow at the Carnegie Endowment for 
International Peace, testified before the Senate Select Committee on Intelligence and 
described active measures as a century-old suite of information warfare tools continuously 
being used by Russia to advance its ideological objectives and erode the stability of its 
liberal democratic rivals.93 The use of disinformation campaigns, i.e., intentionally 
propagating false or misleading information, is one of the primary tools in their portfolio. 94 
Soviet-era active measures evolved and are now “enabled by technology and adapted for a 
globalized world, their modern incarnations are much more sinister, with far greater range 
and speed — and, through the Internet, able to influence popular opinion on a scale never 
before possible.”95 However, it was only around the 2016 U.S. elections when the 
Russians deployed these large-scale online disinformation campaigns against the American 
democratic system.9?6 Therefore, this thesis will focus on Russian activities from three 
distinct periods: (1) preceding and during the 2016 U.S. elections, (2) after the 2016 U.S. 
elections to preceding the 2018 U.S. midterm elections, and (3) after the 2018 U.S. midterm 
elections to the 2020 U.S. elections. 


92 Steve Abrams, “Beyond Propaganda: Soviet Active Measures in Putin’s Russia,” Connections: The 
Quarterly Journal 15, no. 1 (2016): 8, https://doi.org/10.11610/Connections.15.1.01. 


93 S., Russian Active Measures, 10. 
94 S., Russian Active Measures, 10. 
95 Abrams, “Beyond Propaganda,” 8. 


96 Mueller, Report on the Investigation into Russian Interference in the 2016 Presidential Election, 
2019, 22. 
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2. Types Of Russian Influence Operations 


The Russian influence operations directed at the 2016 U.S. Presidential elections 
are broadly divided into three categories, the last of which will be within the scope of this 
thesis.” The first category is “hack and dump,” wherein Russian hackers breached the 
DNC computer networks, stole data, and then disseminated it via different online platforms 
such as WordPress, Twitter, and Wikileaks.?8 The second category is attempted hacks on 
the actual voting systems in each state. The systems include voter registration databases 
and online polling equipment. The last category, as described by researchers from New 
Knowledge, is the "sweeping and sustained" online social media influence campaign 
perpetrated by the Internet Research Agency "consisting of various coordinated 
disinformation tactics aimed directly at U.S. citizens, designed to exert political influence 


and exacerbate social divisions in U.S. culture.”99 


Online social media influence campaigns conducted by the Internet Research 
Agency and other Russian-backed organizations will be the focus of this thesis because 
they have a significant and continuing impact on Americans and democracy. In contrast, 
the other two types of Russian influence operations, focused on political campaigns and 
election infrastructure, are only germane to Americans every two years during election 
seasons. Since the 2016 election, federal agencies and private sector organizations have 
been actively helping to safeguard political campaigns and election infrastructure from 
computer intrusions through increased cybersecurity and other security measures. 
Arguably, campaigns and election systems are better protected now than they were in 2016. 
Though regularly occurring on a biennial basis, American engagement with the electoral 


process is little compared to their daily, and sometimes hourly, social media engagement. 


In 2019, about 70 percent of all Americans had at least one social media account 


and used the Internet between 30 minutes to two hours per day.100 This statistic means the 


97 DiResta et al., The Tactics & T. ropes of the Internet Research Agency, 4. 
98 DiResta et al., 4. 
99 DiResta et al., 4. 


100 y, Clement, “Social Media Usage in the United States,” Statista, May 19, 2020, 
https://www.statista.com/topics/3 196/social-media-usage-in-the-united-states/. 
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IRA has daily opportunities to reach out to Americans via social media newsfeeds or posts. 
Due to First Amendment constraints, federal agencies have little involvement in 
Americans’ usage of social media. Couple this with the fact that social media companies 
have a vested interest in keeping American users on their platforms. For the most part, 


Americans are left to fend for themselves on social media platforms. 


Research has shown mixed results regarding people's usage of social media. On the 
one hand, social media usage positively correlates with increased political engagement. !0! 
On the other hand, users tend to stay on social media platforms longer when engaged with 
content that conforms to their own opinions, whether factual or not.!02 The social media 
companies understand this phenomenon and finetune their algorithms to keep feeding 
content they think users want.103 The IRA could take advantage of this behavior by 
inserting itself into the social media ecosystem and working to sow discord and erode the 


American public's trust in democratic institutions. 


3. Targeted Social Media Platforms 


Despite a vast array of social media platforms, Russians primarily targeted these 
three of the four most visited ones: #1 — YouTube, a Google subsidiary, #3 — Twitter, and 
#4 - Facebook. 104 Wikipedia is the #2 most visited website, but not a social media platform 
and heavily moderated, unlike the other sites.!95 Whereas previous studies focused on 
discrete periods around a single election (2016, 2018, or 2020), this thesis will review and 
analyze Russian activities across the entire time when the IRA and other Russian-backed 


groups have targeted the United States with its social media influence campaigns. The term, 


101 Sebastián Valenzuela, “Unpacking the Use of Social Media for Protest Behavior: The Roles of 
Information, Opinion Expression, and Activism," American Behavioral Scientist 57, no. 7 (July 2013): 923, 
https://do1.0rg/10.1177/0002764213479375. 


102 Armin A. Rad, Mohammad S. Jalali, and Hazhir Rahmandad, *How Exposure to Different 
Opinions Impacts the Life Cycle of Social Media," Annals of Operations Research 268, no. 1 (2018): 88, 
https://doi.org/10.1007/s10479-017-2554-8. 


103 Rad, Jalali, and Rahmandad, 89. 


104 DiResta and Grossman, Potemkin Pages & Personas: Assessing GRU Online Operations, 2014— 
2019, 6. 


105 Joshua Hardwick, “Top 100 Most Visited websites by Search Traffic (as of 2020),” Ahrefs (blog), 
May 12, 2020, https://ahrefs.com/blog/most-visited-websites/. 
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private sector companies, will refer to the three companies whose social media platforms 
were the most heavily used by the Russians for their influence operations. Understanding 
the IRA's activities across this period may reveal the efficacy of actions taken by the 


private sector companies and the U.S. government in response to the IRA’s efforts. 


B. RECENT HISTORY - THE CAMPAIGNS FROM 2016 TO 2018 


Around 2014, Putin tapped his close ally Yevgeniy Prigozhin to conduct influence 
operations against the American public.!06 Prigozhin, recognized as “Putin’s Chef,” is a 
Russian oligarch who owns a conglomerate known as Concord Management, with 
subsidiaries in various businesses, including catering.!07 Project Lakhta is the umbrella 
term for Prigozhin-owned firms focused on domestic and overseas influence operations. 
By September 2016, the monthly operating budget of Project Lakhta was the equivalent of 
$1.25 million.!08 One of the businesses under Project Lakhta is the Internet Research 
Agency, founded around 2013 in St. Petersburg, Russia, to be a sophisticated marketing 
and influence firm. Organized like a legitimate business, its management group oversees 
various departments, including finance, information technology, search engine 
optimization, data analysis, and graphics.!0? Before targeting Americans, IRA employees 
engaged in around-the-clock influence operations directed at Russian and Ukrainian 
citizens.!10 In April 2014, a new department called the “Translator Project” was formed 
to conduct online activities against Americans on the American social media platforms of 
Twitter, Facebook, Instagram, and YouTube.!!! By July 2016, IRA assigned more than 


80 employees to the Translator Project.!!2 These machinations showed the Russian 


106 Mueller, Report on the Investigation into Russian Interference in the 2016 Presidential Election, 
2019, 5. 


107 U.S. vs. Internet Research Agency LLC, No. 18-cr-00032-DLF (U.S. District Court for the District 
of Columbia February 16, 2018). 


108 U.S. vs. Internet Research Agency LLC at 7. 
109 US. vs. Internet Research Agency LLC at 5. 
110 DiResta et al., The Tactics & Tropes of the Internet Research Agency, 6. 
111 U.S. vs. Internet Research Agency LLC at 6. 
112 U.S. vs. Internet Research Agency LLC at 6. 
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Federation's commitment of personnel and resources to pursue this type of covert online 


campaigning. 


President Putin's initial strategy appeared to be inflaming the existing discord in 
the American populace and eroding public confidence in American institutions such as free 
speech and the electoral process. Still, that strategy evolved as it became clear who the 
nominees would be. By June 2016, Hillary Clinton was the presumptive Democratic 
nominee and frontrunner for president. Putin was known to despise Clinton during her 
tenure as Secretary of State during the Obama Administration.!!? She seemed to be the 
ideological opposite of Putin. Clinton believed in multilateral international cooperation, 
wanted to strengthen NATO, desired increased sanctions for Russia's occupation of 
Crimea, and advocated for fair elections and greater freedoms within Russia.!!4 Putin may 
have sensed that Donald Trump’s rise as a legitimate candidate offered an avenue to 
advance his anti-American agenda. Putin’s strategy evolved as the presidential campaign 
season continued through the summer, supporting Trump as its centerpiece.!!5 The 
Russian covert influence operation pivoted to helping the Trump campaign, in addition to 
its continued efforts to tear down the Clinton campaign.!!6 An IRA-purchased political 
advertisement on Facebook reflected its efforts to target Clinton in Figure 2. This behavior 
showed the adaptability of the Russians to make use of contemporaneous events for their 


advantage. 


113 McFaul, Securing American Elections, 14. 
114 McFaul, 14. 
115 Office of the Director of National Intelligence, Assessing Russian Activities and Intentions, 7. 


116 Mueller, *Report on The Investigation into Russian Interference in the 2016 Presidential 
Election," 5. 
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Figure 2. Facebook Political Advertisement Targeting Hillary Clinton. 117 
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1. What Happened During the 2016 U.S. Elections? 


The Russian influence campaigns utilizing American social media 
platforms started around 2013 and extended through the 2016 U.S. elections.!!8 
Reviewing the Russian measures and the countermeasures taken by the private sector 
companies and the U.S. government during this time sets up the baseline for comparison 


to the Russian and American activities during the 2020 U.S. elections. Moreover, 


117 Source: “HPSCI Minority Open Hearing Exhibits,” Permanent Select Committee on Intelligence, 
accessed March 20, 2021, https://intelligence.house.gov/hpsci-11-1/hpsci-minority-open-hearing- 
exhibits.htm. 


118 piResta et al., The Tactics & Tropes of the Internet Research Agency, 6. 
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examining these actions across three separate elections may reveal trends and evolutions 


in tactics by the Russians and Americans. 


a. The IRA's Social Media Activities 


Before the 2016 U.S. Elections, the Internet Research Agency's influence 
operations against the American public encompassed three lines of effort. First, IRA 
employees made and maintained fake user accounts and pages on social media platforms 
that covered a range of political issues.!!? For these accounts and pages, the IRA 
employees generated organic content to ingratiate themselves with online communities and 
amplify or steer the themes discussed in these communities. Second, IRA employees used 
social media bots, i.e., computer programs which control social media accounts, to amplify 
existing content.120 Third, IRA employees covertly purchased online advertisements from 
social media companies to enhance their organic content and drive online traffic to sites 
controlled by them.!2! In the marketing world, advertisements are known as “paid 
content." In contrast, organic content refers to unpaid messaging generated by people that 
helped foster support for a product or brand through voluntary and spontaneous 
recommendations by users.!22 Although the IRA employees were being paid, they 
impersonated regular users on the social media platforms so their messaging could look 
authentic. Ironically, Russians masqueraded as Americans and weaponized free speech to 


foment division and corrode Americans’ faith in such speech. 


For the first line of effort, the IRA managed its influence operations like a digital 
marketing campaign.!23 It created false personas and imitated activist groups on the left 


and right sides of the political spectrum. These personas and groups extended across 


119 US. vs. Internet Research Agency LLC at 14. 


120 Dhiraj Murthy et al., *Bots and Political Influence: A Sociotechnical Investigation of Social 
Network Capital," International Journal of Communication 10 (2016): 4. 


121 Howard et al., The IRA, Social Media, and Political Polarization in the United States, 2012-2018, 
17. 


122 Nicole A. Buzzetto-More, “Social Media and Prosumerism," Issues in Informing Science and 
Information Technology 10 (July 2013): 75. 


123 piResta et al., The Tactics & Tropes of the Internet Research Agency, 6. 
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multiple social media platforms.!24 Philip Howard, University of Oxford researcher, 
opined that “users were more likely to assume the credibility of the false organizations set 
up by the IRA with a presence across multiple platforms, operating websites, YouTube 
channels, Facebook pages, Twitter accounts, and even PayPal accounts set up to receive 
donations."!25 Viewers believed these were legitimate because of the extraordinary efforts 
the personas and groups had taken. To finetune its messaging, IRA employees visited the 
United States in 2014 to learn about American culture, gather intelligence, and take 
photographs later used to enhance the authenticity of their false online personas.!26 The 
care the IRA took showed its deep commitment and calculation in its endeavors to harness 


American-style free speech to undermine trust in democracy. 


When reviewing the IRA-generated Facebook content, some themes emerge. First, 
on the left end of the political spectrum, the IRA's efforts targeted minority groups to 
suppress voter turnout.!27 Topics of messaging included anti-government rhetoric, 
boycotting the election, following the wrong voting procedures, and scaring voters from 
showing up at polling locations.!28 Figure 3 illustrates an example of IRA-purchased 
political advertisements on Facebook with anti-government messaging targeting black 
voters. Second, on the right end of the political spectrum, the IRA promoted conspiracy 
theories, stopping legal and illegal immigration, protecting gun rights and religious 
freedom, and other relevant issues for conservatives (see Figure 4).12? Again, the efforts 


were presumably targeting conservatives to drive up voter turnout. 


124 F, Sattelberger, “Optimising Media Marketing Strategies in a Multi-Platform World: An Inter- 
Relational Approach to Pre-Release Social Media Communication and Online Searching.,” Journal of 
Media Business Studies 12, no. 1 (2015): 66, https://doi.org/10.1080/16522354.2015.1027117. 


125 Howard et al., The IRA, Social Media, and Political Polarization in the United States, 2012—2018, 


126 Mueller, Report on the Investigation into Russian Interference in the 2016 Presidential Election, 
2019, 14. 


127 Linvill and Warren, “Engaging with Others," 2. 
128 Howard et al., The IRA, Social Media, and Political Polarization in the United States, 2012—2018, 


129 Howard et al., 3. 
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Figure 3. Facebook Political Ads Targeting Black voters. 130 
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Figure 4. Facebook Political Ads Targeting Right-Wing Voters. 15! 
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The ratios of IRA-generated content on Facebook changed through the course of 
2016. In the first half of 2016, over half of all the most active IRA-made Facebook accounts 
targeted right-wing audiences with posts discussing the topics referenced above.!32 This 
phenomenon happened before Trump had won the Republican presidential nomination. 


Explicit mentions of Trump increased by mid-2016 after he secured the nomination and 


130 Source: *HPSCI Minority Open Hearing Exhibits." 
131 Source: *HPSCI Minority Open Hearing Exhibits." 
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focused on amplifying the anti-immigrant rhetoric, which was a hallmark of the Trump 
campaign. !33 Howard summed up his analysis by stating it was “clear that the IRA sought 
to energize conservatives around Trump's campaign and encourage the cynicism of other 
voters in an attempt to neutralize their vote.” 134 Howard's examination concluded that the 
Russians sought to elicit specific behavior, namely encouraging right-wing voters to turn 


out for Trump and discouraging left-wing and minority voters from going to the polls. 155 


A review of Twitter activities in 2016 showed similar behavior to the IRA's 
activities on Facebook.136 In further support of the idea that the IRA treated its influence 
operations as a marketing campaign, Josephine Lukito, a University of Wisconsin 
researcher, observed the IRA posting messages on Reddit before similar messages 
appeared on Twitter.!37 Lukito assessed that the IRA could have been using Reddit to test 
message resonance before deployment to Twitter.!38 From July 2, 2015 to May 31, 2017, 
there were about 1.9 million tweets but only 12,603 Reddit posts.!39 Lukita noted that 
"Twitter's centrality to the IRA's campaign may also explain why more content was 
produced on Twitter relative to Reddit.^140 Lukita suggested that Reddit's usage may have 
been a “trial balloon” and opined it could be evidence of the IRA treating their social 
media influence operation like a marketing campaign.!4! One of the campaign's central 
goals appeared to be influencing voter turnout during the elections, which was similar to 


what Philip Howard had concluded. 142 


133 Howard et al., 33. 
134 Howard et al., 32. 
135 Howard et al., 3. 

136 Howard et al., 27. 


137 Josephine Lukito, “Coordinating a Multi-Platform Disinformation Campaign: Internet Research 
Agency Activity on Three U.S. Social Media Platforms, 2015 to 2017,” Political Communication 37, no. 2 
(2020): 249, https://doi.org/10.1080/10584609.2019.1661889. 
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In contrast to the IRA activities on Facebook and Twitter, the YouTube videos 
provided by Google to the Senate Select Committee on Intelligence revealed that most of 
them were used to target African Americans.!43 It is unclear why the IRA chose this 
platform to target African Americans specifically. However, because Google provided only 
a limited amount of data for public research, making any general conclusions regarding 
IRA activities on Google's platforms is difficult.!4^ YouTube is the most visited site in 
the United States, mainly used for broadcasting videos.!45 It does not facilitate two-way 
communications as quickly as the other two platforms. 146 As on the other two platforms, 
the Senate Intelligence Committee assessed the intent of the YouTube videos might have 
been to suppress black voter turnout since the YouTube videos were primarily targeted at 


African Americans. 147 


The sheer magnitude of the IRA's social media campaign targeting the United 
States was unparalleled in the digital age. Researchers retained by the SSCI estimated the 
IRA had uploaded over 1,000 videos on YouTube and reached a significant number of 
American users: 59 percent on Facebook, 19 percent on Instagram, and two percent on 
Twitter.!48 In table 1, the Special Counsel’s Office estimated the number of people 
reached by a Facebook posting or a Twitter tweet. Although the ultimate number of 
individual American voters influenced by the IRA remains unclear, table 1 reveals the scale 


of the reach by the social media platforms. 


143 Howard et al., 18. 

144 Howard et al., 9. 

145 Hardwick, “Top 100 Most Visited websites by Search Traffic (as of 2020).” 
146 Hardwick. 

147 Russian Active Measures Campaigns: Volume 2, 6. 
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Table 1. Reach of IRA-controlled Social Media Accounts 149 


Social Media Platform Number of Accounts Number of Users Reached 
Facebook | 470 | 126,000,000 
Twitter 3,814 1,400,000 


For the second line of effort, the IRA amplified real user accounts whose identities, 
behavior, and content aligned with the IRA’s strategic goals.!50 Clemson University 
researchers discovered over 100,000 real user accounts amplified by IRA-controlled social 
media bots.!5! They noted the IRA-targeted accounts with fewer followers for 
amplification and speculated these types of accounts would generate less scrutiny from the 
social media companies or perhaps wanted to increase these accounts’ prominence to serve 
their ends. Immediately before and after the 2016 U.S. elections, the IRA changed from 
generating its own original content to amplifying real users’ messages. The IRA may have 
presumed that real users’ posts would be more impactful and resonant with American 
viewers.!52. This shift showed the IRA’s continued evolution to maximize its 


effectiveness. 


For the third line of effort, the IRA purchased online advertisements from the social 
media companies to complement its other activities.!?? In 2016, the IRA spent about 
$100,000 on Facebook and $5,000 on Google.!54 Twitter noted that the Kremlin- 


controlled media site, Russia Today, spent about $274,000 in online advertisements to 


149 Adapted from Mueller, Report on the Investigation into Russian Interference in the 2016 
Presidential Election, 2019, 15. 


150 Mueller, Report on the Investigation into Russian Interference in the 2016 Presidential Election, 
2019, 26. 


151 Linvill and Warren, “Engaging with Others,” 3. 
152 Linvill and Warren, 3. 
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Volume 2,7. 
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Media to Influence U.S. Politics (Washington, DC: American Security Project, 2017), 1, 
https://www.hsdl.org/?view&did=808713. 
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promote over 1,800 tweets on its platform. !55 The IRA was very tactical in its advertising 
campaign. Using "race, ethnicity, and self-identity" as categories allowed it to use 
Facebook and Instagram to target specific demographic groups.!?6 Then, it would run 
advertising targeting each of these demographic groups to drive users to IRA-created social 
media content.!57 The IRA employed different tactics for the purchase of Google online 
advertisements. In this case, Google ads guided users to various IRA-controlled websites 
and domains.!58 Marketing research indicates organic content has more resonance than 
paid content (ie., advertisements).!59 Since the IRA's online advertising campaign 
primarily drove users to the organic content, evaluating its success is difficult. The Senate 
Select Committee on Intelligence concluded that the advertisements were not a vital 
component of the IRA's campaign.!60 However, the IRA used different techniques to 


further its social media influence operation, showing flexibility and adaptability. 


b. Private Sector Countermeasures 


In broad terms, organizations may take three categories of actions to counter 
influence operations: security, transparency, and resiliency. Security measures involve the 
monitoring, detection, and neutralization of threats. Transparency measures comprise 
information sharing to relevant stakeholders, whether between organizations, organizations 
and individuals, or the general public. Transparency measures also promote trust by 
allowing people to see what is going on. Finally, resiliency measures involve taking steps 


to be able to recover quickly from adverse situations. 


During and immediately after the 2016 U.S. elections, the Big Three social media 


companies of Facebook, Google, and Twitter were utterly unaware of the IRA's massive 
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influence campaign across all of their platforms.16! The social media companies had no 
countermeasures in place to mitigate or disrupt the IRA’s activities. Even if they had been 
aware, whether the social media companies would have taken any serious actions cannot 
be known for sure. Comments from Mark Zuckerberg, Founder and Chief Executive 
Officer of Facebook, on November 11, 2016, exemplified the companies’ mindset when 
he famously said the notion that fake news would have any impact on the presidential 
elections was “a pretty crazy idea.”!62 The social media companies took no security, 
transparency, or resilience measures. Ultimately, they offered no resistance to the IRA’s 


malign activities during the 2016 U.S. elections. 


C. U.S. Government Countermeasures 


The private sector and U.S. government's efforts were disconnected ahead of the 
2106 elections. Although U.S. government agencies, such as the FBI, monitored Russian 
influence operations, none of their acquired intelligence was relayed to the social media 
companies to protect their platforms.!€ Ambassador McFaul noted that cooperation 
between the technology companies and the U.S. government was “almost non-existent” 
before the 2016 U.S. Elections in the post-Snowden leak era.164 This condition showed 


an almost complete lack of transparency between the two entities. 


The U.S. government’s attempts at security or transparency measures did not come 
until late into the presidential campaign season. The first official statement regarding the 
2016 elections from the U.S. government came on October 7, 2016, when the Department 
of Homeland Security and Office of the Director of National Intelligence issued a one-page 
joint statement attributing the hack of the DNC and multiple hacking attempts against state 
election infrastructure to the Russian Federation. !©5 However, the statement provided no 


technical details and only general cybersecurity guidance. The joint statement’s intended 


161 McFaul, Securing American Elections, 43. 
162 Shahani, “Zuckerberg Denies Fake News on Facebook Had Impact on The Election.” 
163 McFaul, Securing American Elections, 43. 
164 McFaul, Securing American Elections, 43. 


165 «Joint Statement from the Department of Homeland Security and Office of the Director of 
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effect may have been to inform the American electorate of malign actions being taken by 
Russia. Though such an effect was probably diminished because on the same day, the 
media was focused on the breaking news that Donald Trump had made lewd comments 
about women to Entertainment Tonight reporter Billy Bush in 2005 when the Washington 


Post released a video of their conversation. 166 


The second set of transparency and security-related actions from the U.S. 
government came on December 29, 2016, which was well after the elections. As an act of 
transparency, the FBI and DHS issued a joint action report titled “GRIZZLY STEPPE— 


> 


Russian Malicious Cyber Activity.” The report provided an overview of the Russian 
hacking activities ahead of the election and shared technical details.!167 If the U.S. 
government had provided this information ahead of the elections, especially the technical 
details, it could have helped political organizations and campaigns safeguard their 
computer networks and electronic devices. As another security and transparency action by 
the U.S. government, the Department of the Treasury publicly sanctioned nine Russians 
and two Russian intelligence agencies, the Federal Security Service (FSB) and the General 
Military Intelligence Directorate, for election-related cybercrimes.!68 It also sanctioned 
two Russian hackers for financial cybercrimes under the same executive order (E.O. 
13694).169 The purpose of these sanctions was to expose the American public to all of the 
Russian activities directed against the U.S. elections. Other sanctions such as those 
imposed by the Magnitsky Act have illuminated Russian oligarchs’ and bureaucrats’ 
corrupt financial dealings while relinquishing their ill-gotten funds.!7° Although these 


actions showed a proportional response from the U.S. government, the effect of such 


166 THR Staff, *Donald Trump Caught on Hot Mic in 2005 Talking About Women: ‘When You're a 
Star, They Let You Do It,’” News, Hollywood Reporter, October 7, 2016, 
https://www.hollywoodreporter.com/news/donald-trump-caught-hot-mic-936343. 


167 Department of Homeland Security and Federal Bureau of Investigation, GRIZZLY STEPPE — 
Russian Malicious Cyber Activity. 
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actions as a deterrent for future Russian meddling in U.S. elections remains indeterminate. 
U.S. economic sanctions imposed after the annexation of Crimea did not deter Russia from 
its occupation of certain parts of Eastern Ukraine but may have curtailed further 


encroachment into Ukraine. 171 


During this period, the last transparency action from the U.S. government came on 
January 6, 2017, when the ODNI issued a supplemental report to the previously published 
GRIZZLY STEPPE report. This report aimed to lay out the U.S. government's analytical 
process and provide additional details justifying the attribution of election interference to 
the Russian Federation.!7? Unfortunately, whether this belated disclosure meaningfully 
affected public discourse or Americans’ understanding of the activities surrounding the 


2016 U.S. Elections is nebulous at best. 


d. Using the Kartapolov Framework to Evaluate Russian & American 
Measures in 2016 


As mentioned in the Research Design section, Thomas Wilhelm, Director of the 
U.S. Army’s Foreign Military Studies Office, developed a framework to understand how 
asymmetric techniques fit within the Russian philosophy of warfare to achieve its goals. 
This framework was inspired by Wilhem’s analysis of the writings and speeches of Russian 
Deputy Minister of Defense, Andrei V. Kartapolov.!73 Using the Kartapolov Framework 
offers an organized structure to evaluate the effectiveness of the Russian measures and 
American countermeasures. As a reminder, the relevant elements of the Kartapolov 
Framework for analyzing Russian social media-based influence operations against the 
United States are: (1) spreading discontent in the population; (2) exerting political pressure; 
and (3) confusing the political leadership.!7^ These elements will be used to gauge the 


effectiveness of the Russian measures targeting the 2016 elections. In addition, the 


171 Nigel Gould-Davies, “Russia, the West and Sanctions,” Survival 62, no. 1 (January 2, 2020): 19, 
https://doi.org/10.1080/00396338.2020.1715060. 
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American countermeasures will be assessed in terms of their effectiveness in mitigating 


the aforementioned elements. 


The critical elements of the Kartapolov Framework can easily be superimposed on 
the 2016 activities of the IRA's campaign in a step-by-step fashion.!75 The first element, 
spreading discontent in the population, described the IRA's precise method of targeting 
different demographic groups with fake content, amplifying actual user content, and 
purchasing advertising. Researchers concluded that IRA's tailored messaging aimed to 
motivate conservatives to vote while suppressing liberals, specifically black voters.!76 A 
record number of Americans voted in 2016, but Black voter turnout dropped from its 2012 
levels.!77 Table 2 below illustrates the decreased Black voter turnout levels. The Pew 
Research Center said voter turnout percentages among the other racial demographics 


stayed about the same. 178 


Table 2. | Comparison of Black Voter Turnout for Presidential Elections. 179 


2012 66.696 
2016 59.696 
Change -7.096 


A direct correlation between the IRA’s activities and lower Black voter turnout 


cannot be determined within the scope of this thesis. American voters' motivations to vote 
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or not vote are myriad and not always easy to discern. Chryl Laird, Bowdoin College 
professor, suggested that Black voter turnout fell in 2016 because the Black community 
did not have the same incentives to vote as they did in 2008 and 2012 when there was a 
Black candidate for president. !30 It is still unclear whether the IRA's operation contributed 
to the record number of Americans voting or suppressing turnout among Black voters in 
2016. What is clear is that the IRA deliberately intended to influence American voters’ 


behavior regarding the elections and possibly eroded their faith in the electoral process. 


For the second element of the framework, exerting political pressure, the IRA’s 
efforts seemed to impact the U.S. government as its responses appeared delayed and muted. 
After the Senate Intelligence Committee issued its report reviewing the response of the 
Obama Administration to the Russian interference, Senator Richard Burr commented that 
they were “frozen by ‘paralysis of analysis,’ hamstrung by constraints both real and 
perceived; Obama officials debated courses of action without truly taking one.” !8! In this 
report, the Senate Intelligence Committee noted that the FBI and DHS did not provide the 
general public or state and county election officials with notifications about the malicious 
cyber activities until the late summer of 2016. 182 Because the activities were not attributed 
to Russia, these notifications would not have drawn much scrutiny.!83 The third element 
of the framework, confusing political leadership, appeared in one of the SSCI report 
findings, which noted that government officials were conflicted about making public 
announcements for fear of feeding the political narratives about insecure or fraudulent 


elections. 184 


The social media companies were utterly caught by surprise and had no awareness 


of the malign Russian influence activities on their platforms. As such, they did not take any 


180 Chryl Laird, “Why Black Voter Turnout Fell in 2016," Vox, January 15, 2020, 
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action against the Internet Research Agency's influence campaign in 2016. Instead, these 
companies allowed the IRA free rein to achieve the relevant elements of the Kartapolov 
Framework. However, later on, intense pressure from U.S. lawmakers and the media would 
eventually force the social media companies to examine what had taken place on their 


platforms and strive to ensure it did not happen in the future. 185 


Reviewing the U.S. government's countermeasures through the Kartapolov 
Framework revealed its ineffectiveness to counter the Internet Research Agency's efforts. 
For the first element of the framework, the IRA had an unfettered ability to conduct 
information operations on social media and spread discontent throughout the American 
population. Not until October 2016 did the U.S. government take any action. However, the 
one-page statement from DHS and the ODNI attributing election interference to Russia did 
not make an impression with Americans as news media reporting on the tawdry revelations 
of the Trump discussion on the Entertainment Tonight video and the hacked emails from 


John Podesta likely overwhelmed all other news coverage. 56 


For the second element, the Russian activities appeared to exert tremendous 
political pressure on the Obama White House. Multiple news media outlets reported that 
in the summer of 2016, President Obama was reluctant to take explicit actions because he 
did not want to appear to be influencing the election in favor of Clinton.!37 By the same 
token, the third element involved confusing the political leadership. Whether the IRA's 


tactics perplexed the Obama administration is moot because the delayed governmental 


185 Report on Russian Active Measures; Report of the House Permanent Select Committee; March 20, 
2017; Russian Active Measures Campaigns: Volume 1; Putin's Asymmetric Assault on Democracy in 
Russia and Europe: Implications for U.S. National Security, S.Rpt. 115—21 (Washington, DC: Government 
Publishing Office, 2018), https://www.hsdl.org/?view&did=806949; Mass Violence, Extremism, and 
Digital Responsibility: Hearing before the Committee on Commerce, Science, and Transportation, Senate, 
116th Cong., 1st sess., September 18, 2019, https://www.commerce.senate.gov/2019/9/mass-violence- 
extremism-and-digital-responsibility. 
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response represented the result that the Russians would have desired. The U.S. 
government's actions in the form of the FBI/DHS joint report detailing Russian activities 
and the Treasury Department's economic sanctions did not come until well after the 
elections had already been decided. The U.S. Intelligence Community assessed that Putin 
and Russia perceived their ability to shape the American discourse and influence the 
outcome of the 2016 U.S. Elections to be at least a “qualified success" and that there would 


be little negative impact to continuing their online operations. !88 


Evaluating the Russian and American efforts using the Kartapolov Framework for 
this period revealed that Russia was the ultimate winner of the 2016 U.S. elections. The 
IRA's social media campaign had fulfilled the Kartapolov Framework's core tenets of 
spreading discontent in the population, exerting political pressure, and confusing political 
leadership.!3? The American efforts ranged from non-existent, in the case of the social 


media companies, to ineffective, in the case of the U.S. government. 


2. What Happened During the 2018 U.S. Midterm Elections? 


After the 2016 U.S. Elections, the Internet Research Agency’s online operations 
continued unabated through the 2018 U.S. Elections.!?0 Analyzing the IRA’s activities 
and the countermeasures taken by the private sector companies and the U.S. government 
revealed how their tactics have evolved. The effectiveness of the Russian and American 


measures was evaluated using the Kartapolov Framework. 


a. The IRA’s Social Media Activities 


Despite being outed by the media and the U.S. government in late 2016, the IRA 
appeared to operate without interruption at almost the same levels in 2017 and 2018. This 


success indicated that the IRA continued to be a well-financed organization and a 
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seemingly worthwhile investment for Yevgeniy Prigozhin, Putin's close ally.!9! The 
IRA’s financial strength is shown in Table 3. Given the power structure in Russia, Putin 
likely knew of and approved of these activities.!92 From his perspective, Putin had won 
the battle of 2016 and wanted to continue the social media campaign as part of the 


ideological struggle between Russia and the United States. 193 


Table3. IRA Spending Plan for 2017 and 2018.194 


2017 $12,000,000 


| 2018 $10,000,000 (January through June) 


Oxford researcher Philip Howard observed the IRA taking advantage of prominent 
events by timing its online advertising purchases to coincide with events such as the 
announcement of the Trump tax plan and U.S. military strikes in Afghanistan and Syria. !95 
This development may suggest the IRA had honed its skills to cater to the users it engaged. 
A second reason could be that the IRA shifted much of its social media activities from 
Facebook to Instagram. Because Instagram is more image-focused, it could be more 
conducive to the meme operations which the IRA appeared to favor. In addition, Instagram 


recognized the importance of meme campaigns and hired a manager focused solely on the 
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meme community.!96 Lastly, DiResta stated that groups of low-paid workers, known as 
click farms, could have been used by the IRA to fraudulently make their Instagram 
accounts more prominent than they otherwise would have been through organic user 


engagement. 197 


An analysis of the IRA's Twitter activities from 2014 to 2018 uncovered the 
sophistication used to target distinct online communities. Specifically, the IRA targeted 
people from different demographic groups based on their political issues of interest 198 
Approximately half of all the tweets from the IRA-controlled accounts happened in 
2017.19? This targeted approach indicated a certain mastery of the platform and seemed to 


be focused on fomenting dissension among the different groups identified by the IRA. 


The IRA continued using online advertising through 2017 before social media 
companies adjusted their ad purchasing policies, effectively shutting them out.200 Thus, 
at least through 2017, the IRA’s tactics appeared to be relatively unchanged. Ostensibly, 
the IRA's continued social media activities on these platforms were meant to set the stage 
for influencing voter opinions and turnout ahead of the 2018 U.S. Midterm Elections and 


beyond. 


b. Private Sector Countermeasures 
Before the 2018 U.S. Midterm Elections, Facebook, Google, and Twitter 
announced they had taken substantive actions and policy changes to address malign foreign 


influence and election integrity issues on their platforms.20! These actions seemed to be 
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focused on security and transparency measures. Facebook and Twitter appeared to be the 
most detailed in sharing their changes and the most public about account takedowns. A 
possible reason could be that Facebook and Twitter faced more Congressional scrutiny 
than Google as their senior executives testified before Congress on three separate occasions 
before the midterm elections.202 In one of the hearings, Google was also in attendance but 
appeared more circumspect about account takedown notifications because it did not 
observe as many IRA-controlled accounts on YouTube.205 In fact, Google only announced 
the takedown of one IRA-controlled YouTube account ahead of the 2018 midterm 


elections.204 


Facebook stated it took a series of measures to protect its platform: (1) “better 
collaboration with governmental, non-governmental, and technology companies to identify 
and disrupt new threats; (2) hiring fact-checking organizations to review content and; (3) 
improved technological methods for detecting fake accounts."205 Facebook also changed 
its advertising purchasing policies to make the buyers transparent and maintains a library 
of purchased political advertisements. Most notably, Facebook began to publicize its 
detection and takedowns of fake accounts and pages. In 2018, Facebook announced three 
takedowns totaling 597 Facebook pages, 287 Facebook accounts, and 99 Instagram 
accounts.206 Thus, whether bowing to political pressure or genuinely wanting to reform, 


Facebook appeared to take tangible actions to combat foreign influence campaigns. 


Google and Twitter also took countermeasures ahead of the 2018 U.S. midterm 


elections. For example, Google announced improved cybersecurity measures to protect 


202 Kang, Fandos, and Isaac, “Tech Executives Are Contrite About Election Meddling, but Make Few 
Promises on Capitol Hill”; Tony Romm, “5 Things We Learned When Facebook, Google, and Twitter 
Testified to Congress About Russia's Election Meddling," Recode Daily, October 31, 2017, 
https://www.vox.com/2017/10/31/16588032/facebook-google-twitter-congress-russia-election-201 6-tech- 
hearings-franken-cruz-graham; Katy Steinmetz, *Lawmakers Hint at Regulating Social Media During 
Hearing with Facebook and Twitter Execs," Time, September 5, 2018, https://time.com/5387560/senate- 
intelligence-hearing-facebook-twitter/. 


203 Kang, Fandos, and Isaac, “Tech Executives Are Contrite About Election Meddling, but Make Few 
Promises on Capitol Hill." 


204 Google Threat Analysis Group, “Google Safety & Security.” 
205 Facebook, “Facebook - Preventing Election Interference.” 
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political campaigns and their platforms.207 During the same year, Twitter indicated its 
efforts included improving its algorithms to detect and takedown social media bots, 
establishing an internal cross-functional team to handle foreign influence threats, 
modifying its advertising policies to promote buyer transparency, updating its terms of 
service to ban all inauthentic behavior, and enhancing the security configuration settings 
for the application programming interface.208 In addition, Twitter highlighted its 
intelligence sharing with Jigsaw, Google, other social media companies, and law 
enforcement agencies.209 In October 2018, Twitter released an archive of foreign- 
influence-related account information so "members of the public, governments, and 
researchers can investigate, learn, and build media literacy capacities for the future."210 In 


2018, Twitter announced the takedown of 3,613 IRA-associated accounts. 


On the one hand, Google's response to the Russian influence campaigns appeared 
to be subdued, likely because YouTube had not played a significant role in the IRA's 
playbook for 2016. For example, Howard noted that Google only provided 228 YouTube 
2016 election-related videos to the Senate Intelligence Committee, and each video was 
viewed about 1,500 times or less.2!! On the other hand, Twitter's response was similar to 
Facebook's and made substantive efforts to combat malign foreign influence on its 
platform. As a result, the number of accounts taken down by Facebook and Twitter in 2018 
was roughly commensurate with the number of accounts discovered after the 2016 U.S. 
elections. The reason for this disparity in the number of IRA accounts on each platform is 


indeterminate. 


207 Google Threat Analysis Group, “Google Safety & Security.” 


208 Carlos Monje Jr., “2018 U.S. Midterm Elections Review," Twitter Company (blog), January 31, 
2019, https://blog.twitter.com/en us/topics/company/2019/18 midterm review.html. 


209 Twitter, *Elections Integrity." 


210 Twitter, *Retrospective Review Twitter, Inc. and the 2018 Midterm Elections in the United 
States,” Twitter, February 4, 2019, https://blog.twitter.com/content/dam/blog-twitter/official/en_us/ 
company/2019/2018-retrospective-review.pdf. 


211 Howard et al., The IRA, Social Media, and Political Polarization in the United States, 2012—2018, 
7, 11. 
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C. U.S. Government Countermeasures 


Before the 2018 U.S. midterm elections, the U.S. government took a series of public 
actions to address Russia's interference in the 2016 U.S. elections and put countermeasures 
in place to ensure better protection in subsequent elections. These actions comprised both 
transparency and security measures. Transparency-focused efforts aimed to inform the 
American electorate about what happened in 2016 and was still occurring. Jennifer 
Hochschild, a Harvard College professor, believed “democracies thrive best...if citizens 
have a broad education and some level of political knowledge.”2!2 Americans should have 
access to information that is free of corrupt foreign influence to inform their voting. The 
security-focused actions were intended to deter and punish Russian interference in the U.S. 
electoral process or safeguard their intended targets. These actions took the form of 
Congressional hearings, an FBI initiative, multiple indictments, economic sanctions, and 
other operations. Unlike in the lead-up to the 2016 U.S. elections, the U.S. government was 
very active and public in enacting countermeasures before the 2018 U.S. midterm elections. 


These actions are described below in chronological order. 


On August 31, 2017, the State Department announced the closures of the Russian 
Consulate in San Francisco and annexes in New York City and Washington, D.C.213 These 
closures were taken in response to Russia reducing the size of the American workforce at 
the U.S. Embassy in Moscow, which was perceived as a retaliatory measure for the United 
States sanctioning multiple Russians in December 2016 for their interference in U.S. 


Elections.214 


On October 31, 2017, the Senate Judiciary Committee held a hearing with senior 
executives from Facebook, Google, and Twitter to discuss the extent of the Russian 


disinformation campaigns on their respective platforms.2!> This public hearing was one 


212 Jennifer Hochschild, “If Democracies Need Informed Voters, How Can They Thrive While 
Expanding Enfranchisement?,” Election Law Journal: Rules, Politics, and Policy 9, no. 2 (2010): 111-23. 


213 Department of State, “Senior Administration Official on Russia,” U.S. Department of State, 
August 31, 2017, https://2017-2021.state.gov/senior-administration-official-on-russia/. 


214 Rennack, U.S. Sanctions on Russia. 


215 Romm, “5 Things We Learned When Facebook, Google, and Twitter Testified to Congress About 
Russia’s Election Meddling.” 
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of America's first opportunities to hear about what happened from the U.S. social media 
companies. It also provided politicians with the occasion to exert pressure on the 


companies to make constructive changes to their platforms. 


In December 2017, Congress reestablished the Global Engagement Center (GEC) 
as an agency within the State Department responsible for countering foreign state and non- 
state propaganda and disinformation operations.2!6 Previously, the GEC was established 
under Executive Order 13721 in the Obama administration to counter foreign terrorist 
propaganda and online recruitment efforts.2!7 It would later pivot to focusing on exposing 


foreign state disinformation campaigns. 


On January 29, 2018, the FBI announced its Protected Voices Initiative. FBI 
Director Christopher Wray said it "provides tools and resources to political campaigns, 
companies, and individuals to protect against online foreign influence operations and 
cybersecurity threats.”2!8 Under the auspices of the initiative, the FBI provided 
cybersecurity briefings to, and stayed engaged with, the national-level political 
organizations. This security-based countermeasure was focused on protecting one of the 


primary targets for Russian information operations. 


On February 16, 2018, the Special Counsel’s Office indicted Yevgeniy Prigozhin 
and 12 employees of the IRA with eight criminal counts for their efforts to interfere in the 
2016 U.S. Elections.2!? The unsealed indictment affidavit offered the first opportunity for 
the American public to learn about the extent of the scope and scale of the Russian 
influence operation. The unsealed indictment affidavit described in evidence-based detail 
what the IRA had propagated on social media against the American public. The 
accompanying arrest warrants showed the U.S. government's intention to bring these 


Russians to face justice at some point. 


216 Matthew Weed, Global Engagement Center: Background and Issues, CRS Report No. IN10744 
(Washington, DC: Congressional Research Service, 2017), 2, https://fas.org/sgp/crs/row/IN 10744. pdf. 


217 Weed, 2. 
218 Federal Bureau of Investigation, “Protected Voices.” 
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On March 28, 2018, the Department of Treasury levied sanctions against 16 
Russian nationals for election interference-related activities. These included some of the 
individuals mentioned above whom the Special Counsel's Office previously indicted. In 
addition, on June 11, 2018, another eight Russian nationals were sanctioned for associated 
activities.220 These were another set of measures likely designed to inflict punishment on 


the Russian actors and act as a deterrent for future activities targeting U.S. elections. 


On April 10-11, 2018, the Senate Commerce Committee and Senate Judiciary 
Committee held hearings on consecutive days with Mark Zuckerberg to discuss Russia's 
influence campaigns on Facebook and its countermeasures to combat them.22! This 
hearing provided the American public with the opportunity to listen to one of the primary 
architects of the current social media landscape in the United States. The Senate 
committees also used this as an opportunity to hold Facebook accountable for its actions 


and exert pressure for positive change. 


On July 17, 2018, the House Judiciary Committee held a hearing with senior 
executives from Facebook, Google, and Twitter so they could provide updates on their 
companies' efforts for content filtering to stop foreign influence campaigns on their 
platforms.222. On September 5, 2018, the Senate Intelligence Committee held a hearing 
with senior executives from Facebook and Twitter to discuss their companies' efforts to 
stop foreign influence campaigns and illegal transactions on their platforms.223 Both of 
these hearings were additional occasions for Americans to learn about social media 


companies' progress in safeguarding the upcoming election. 


220 Rennack, U.S. Sanctions on Russia. 


221 Mike Snider, “What’s at Stake for Facebook’s Mark Zuckerberg as He Testifies for Day 2," USA 
Today, April 10, 2018, https://www.usatoday.com/story/tech/news/2018/04/10/whats-stake-facebooks- 
mark-zuckerberg-he-testifies-before-congress/503017002/. 


222 Facebook, Google, and Twitter: Examining the Content Filtering Practices of Social Media 
Giants, House of Representatives, House of Representatives, 115th Cong., 1st sess., July 17, 2018, 2, 
https://www.hsdl.org/?viewé&did-821944. 


223 Steinmetz, “Lawmakers Hint at Regulating Social Media During Hearing with Facebook and 
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On October 19, 2018, the IRA's chief accountant, Elena Alekseevna Khusyaynova, 
was indicted by the U.S. Attorney's Office for the Eastern District of Virginia because of 
her role in the conspiracy to interfere with the U.S. political system, to include the 2016 
and 2018 U.S. elections.224 Khusyaynova's unsealed indictment affidavit revealed the 
extent of the IRA's financial transactions as the group waged its influence campaign 
against the United States.225 Moreover, as she is a regular Russian citizen without the 
privileges typical to Russian oligarchs or diplomats, her indictment may deter other 


Russians from working for the IRA or similar types of companies. 


The Washington Post reported that U.S. Cyber Command conducted an offensive 
cyber operation on November 2, 2018, against the St. Petersburg-based IRA office, a day 
before the U.S. Midterm Elections.226 This operation was believed to have knocked out 
the IRA's computer networks for days. If true, this operation showed that the U.S. 
government was willing to reveal and deploy its technical capabilities to safeguard the 


integrity of the electoral process. 


On November 16, 2018, Congress enacted the Cybersecurity and Infrastructure 
Security Agency Act of 2018. This legislation created the Cybersecurity and Infrastructure 
Security Agency (CISA) under the Department of Homeland Security.227 In January 2017, 
DHS designated the election system infrastructure as the 17" critical infrastructure sector. 
CISA is the U.S. government agency charged with helping state and local governments 


secure America’s election systems.228 Both security-focused actions showed that the U.S. 


224 Department of Justice, “Russian National Charged with Interfering in U.S. Political System.” 
225 Department of Justice. 


226 Ellen Nakashima, “U.S. Cyber Command Operation Disrupted Internet Access of Russian Troll 
Factory on Day of 2018 Midterms," Washington Post, February 27, 2019, 
https://www.washingtonpost.com/world/national-security/us-cyber-command-operation-disrupted-internet- 
access-of-russian-troll-factory-on-day-of-20 1 8-midterms/2019/02/26/1827fc9e-36d6-1 1e9-af5b- 
b51b7ff322e9 story.html. 


227 “Cybersecurity and Infrastructure Security Agency Act of 2018,” Pub. L. No. 115—278, Public 
Law 20 (2018), https://www.hsdl.org/?view&did=829787. 


228 Cybersecurity and Infrastructure Security Agency, “Election Infrastructure Security,” 
Cybersecurity and Infrastructure Security Agency, accessed June 3, 2020, https://www.cisa.gov/election- 
security. 
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government perceives elections are vital to national security and requires consolidating a 


host of protective cyber functions into one federal agency. 


In contrast to the 2016 U.S. elections, the executive and legislative branches of the 
U.S. government were active ahead of the 2018 elections as it took a series of security 
measures to shore up vulnerabilities in the different facets of the democratic process, such 
as providing cybersecurity briefings for political organizations, and enhance transparency 
about governmental actions to inform the American public, through the many 


Congressional hearings, law enforcement actions, and economic sanctions. 


d. Using the Kartapolov Framework to Evaluate Russian and American 
Measures in 2018 


For the 2018 U.S. elections, the Kartapolov Framework was used to evaluate the 
effectiveness of the Russian actions, primarily through the efforts of the Internet Research 
Agency. It was also used to determine the efficacy of the American efforts, both private 
sector and governmental, to counter each element of the framework. As a reminder, the 
relevant elements of the framework for this evaluation are: (1) spreading discontent in the 


population; (2) exerting political pressure; and (3) confusing the political leadership.229 


After the 2016 U.S. elections, multiple researchers determined that the Internet 
Research Agency continued at the same cadence and volume of activity as before, 
seemingly undeterred by being outed in the news media and through government 
communications.230 The New Knowledge and Oxford University researchers noted that 
the Internet Research Agency used meticulous precision to identify different demographic 
groups by race and political affinities to amplify dissension with its online messaging.2?! 


Another purpose of the IRA's messaging was to promote right-wing voter turnout and 


229 Kartapolov, “Lessons of Military Conflict, Perspectives on the Development of the Related Forms 
and Methods,” 36. 


230 DiResta et al., The Tactics & Tropes of the Internet Research Agency; Freelon and Lokot, 
“Russian Disinformation Campaigns on Twitter Target Political Communities across the Spectrum. 
Collaboration between Opposed Political Groups Might Be the Most Effective Way to Counter It.”; 
Howard et al., The IRA, Social Media, and Political Polarization in the United States, 2012—2018. 


231 DiResta et al., The Tactics & Tropes of the Internet Research Agency, 8—9; Howard et al., The 
IRA, Social Media, and Political Polarization in the United States, 2012—2018, 18. 
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suppress left-wing and Black voters.2?2 The IRA’s actions were trying to fulfill the first 
element of the Kartapolov Framework by trying to spread discontent in the American 
population. A review of the U.S. Census Bureau’s analysis of the 2018 elections voter 
turnout revealed a mixed outcome to what the IRA would have desired. The overall voter 
turnout was the highest in 40 years, with 53.4 percent of eligible voters going to the polls 
in 2018. This turnout contrasts to the 41.9 percent who came out to the polls in 2014, which 
was the lowest midterm election turnout in 40 years.233 Table 4 summarizes the increase 
in both Black and White voter turnout for the midterm elections. While the IRA promoted 
right-wing voter turnout, which are typically White voters, its efforts to suppress Black 


voter turnout failed. 


Table 4. Voter Turnout by Demographic in Midterm Elections.234 


Election Year Black Voter Turnout White Voter Turnout 
2014 40.696 45.896 
2018 51.496 57.596 
Change +10.8% +11.7% 


The Internet Research Agency’s ongoing activities must have exerted some 
political pressure on the private sector and the U.S. government because of the assortment 
and frequency of public actions taken by both entities in the run-up 2018 U.S. elections. 
Thus, the IRA fulfilled the second element of the framework by applying political pressure 
to the American social media companies and government, but the actions taken by both 


entities may have blunted the effectiveness of its influence campaigns. However, it does 


232 Howard et al., The IRA, Social Media, and Political Polarization in the United States, 2012-2018, 
19. 


233 Jordan Misra, “Voter Turnout Rates among All Voting Age and Major Racial and Ethnic Groups 
Were Higher Than in 2014,” Behind the 2018 U.S. Midterm Election Turnout, April 23, 2019, 
https://www.census.gov/library/stories/2019/04/behind-2018-united-states-midterm-election-turnout.html. 
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not appear that the IRA's campaigns confused the political leadership in the United States 
because the different governmental countermeasures listed in the previous section seemed 


frequent, deliberate, and proportional. 


Application of the Kartapolov Framework appeared to be more favorable to the 
social media companies' countermeasures during the 2018 election cycle. The framework's 
first element, spreading discontent in the population, was countered by the social media 
companies’ account takedown operations. As mentioned before, Facebook and Twitter 
identified and shut down accounts in 2018 at about the same levels as were identified in 
2016. The difference from 2016 was that the social media companies were able to disrupt 
the IRA's activities before the 2018 elections. The framework's second element, exerting 
political pressure, seemed to make the social media companies act more vigorously in 
policing their platforms and forthcoming in announcing any actions they took. The third 
element, confusing the political leadership, will be discussed in the next section when 
reviewing the efficacy of U.S. government countermeasures. Broadly speaking, the social 
media companies appeared to be better equipped and decisive in thwarting the IRA's 


information operations during this election cycle. 


Overlaying the Kartapolov Framework's elements on the U.S. government's 
actions revealed a different outcome than in 2016. For the first element, spreading 
discontent in the population, the U.S. government showed very public attempts to educate 
the American public and hold Russian wrongdoing accountable. Through the Justice 
Department and the Treasury Department, the executive branch made public 
announcements of indictments and economic sanctions against Russians for their roles in 
election interference, respectively. In addition, the legislative branch held a series of public 
hearings to learn about the progress the social media companies were making to counter 


malign foreign influence and inform the American public. 


For the second element, exerting political pressure, the U.S. government was 
obliged to prevent a repeat of the 2016 interference by Russia. Although difficult to 
determine whether the U.S. government felt political pressure from the IRA's influence 
campaign, it displayed a broad spectrum of countermeasures, which were listed in the prior 


section. Finally, for the third element, confusing the political leadership, both the executive 
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and legislative branches of the U.S. government appeared to be informed about the threat 
from Russian influence operations and took appropriate countermeasures to neutralize 


them. 


C. CONCLUSIONS FROM THE 2016 AND 2018 ELECTIONS 


In summary, a review of the recent history of Russia's actions to interfere in the 
U.S. election and America's actions to counter these actions revealed three conclusions. 
First, the Internet Research Agency was virtually unfettered in its social media campaign 
to sow division and confusion in the 2016 U.S. elections. Second, the U.S. government and 
social media companies' countermeasures against the IRA ahead ofthe 2018 U.S. midterm 
elections appeared to be generally effective. Third, the Internet Research Agency appeared 
to be undeterred by the American efforts and made only slight modifications in its tactics 


from 2016 to 2018. 


Researchers have determined that Russian influence campaigns, especially those 
conducted ahead of the 2016 U.S. elections, can be effective for eliciting partisan 
responses.235 Governmental reports, research papers, and the social media companies 
themselves have acknowledged that the social media companies were unaware of the 
Russian disinformation campaigns taking place on their platforms and therefore took no 
active role in countering them. Congressional report findings criticized the executive 
branch of the government for a tepid and ineffective response to the Russian interference 
activities. Analysis of voter turnout revealed a relatively high overall high voter turnout 
but low Black voter turnout in the 2016 elections. This combination of factors may have 
led to Vladimir Putin achieving his desired goals of eroding American faith in its 
democratic process and the election of Donald Trump.2?6 Ambassador Michael McFaul 


noted that even if the impact of the Russian influence campaign was minimal, the margin 


235 Todd C. Helmus et al., Russian Propaganda Hits Its Mark: Experimentally Testing the Impact of 
Russian Propaganda and Counter-Interventions (Santa Monica, CA: RAND Corporation, 2020), 51, 
https://www.rand.org/pubs/research reports/RRA704-3.html. 


236 Office of the Director of National Intelligence, Assessing Russian Activities and Intentions, 7. 
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of victory for Trump was about 78,000 votes across three states that tipped the electoral 


college.237 


For the 2018 U.S. midterm elections, the combined countermeasures of the private 
sector and the U.S. government appeared to mitigate the effectiveness of the IRA's 
influence operations. On December 18, 2018, Dan Coates, Director of National 
Intelligence, released a press statement in which he said the "Intelligence Community does 
not have intelligence reporting that indicates any compromise of our nation's election 
infrastructure that would have prevented voting, changed vote counts or disrupted the 
ability to tally votes.”238 The ultimate proof was the record turnout of voters across all 


demographic groups, including Black voters.239 


Director Coates stated that Russia continued to conduct influence operations after 
the 2016 elections ahead of the 2018 elections.249 During this period, the IRA’s only shift 
in tactics appeared to be jettisoning its use of online political advertisements, which was 
probably the result of the social media companies changing their advertising policies to 
make it more difficult for foreign entities to purchase advertisements.24! However, the 
regular cadence of account shutdown announcements from the social media companies, 
reports by research firms, and U.S. government reports and statements indicated the 
Russians would continue to be active ahead of the 2020 U.S. elections. The uncertainty 
was whether the social media companies and the U.S. government would be up to the task 


of countering the Russian information operations. 


237 McFaul, Securing American Elections, 14. 


238 Office of the Director of National Intelligence, *DNI Coats Statement on the IC's Response to EO 
13848 on Imposing Certain Sanctions in the Event of Foreign Interference in a U.S. Election,” Office of the 
Director of National Intelligence, December 21, 2018, https://www.dni.gov/index.php/newsroom/press- 
releases/press-releases-2018/item/1933-dni-coats-statement-on-the-intelligence-community-s-response-to- 
executive-order- 13848-on-imposing-certain-sanctions-in-the-event-of-foreign-interference-in-a-united- 
states-election. 
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III. THE 2020 ELECTIONS — RUSSIAN GAMBIT AND 
AMERICAN COUNTERPLAY 


Foreign nations continue to use influence measures in social and traditional 
media to sway U.S. voters' preferences and perspectives, shift U.S. policies, 
increase discord, and undermine confidence in our democratic process. 


— William Evanina, July 24, 2020 


The elections of 2016 and 2018 put the major social media companies and the U.S. 
government on high alert about Russian interference. As a result, both entities were more 
aggressive in their efforts to thwart the Russians ahead of the 2020 elections. The social 
media companies partnered with the news media and research organizations to detect and 
disrupt these Russian disinformation operations. The U.S. government's endeavors 
included law enforcement actions, threat briefings, and information sharing to the private 
sector. The cumulative effect of American countermeasures compelled the Russians to 
evolve their tactics and methods to evade detection continually. Ultimately, the American 
actions appeared effective in mitigating the Russian online tactics because voters were 


undeterred and turned out in record numbers for the election. 


This chapter reviews the Russian disinformation campaign targeting the 2020 U.S. 
elections, the countermeasures taken by the social media companies and the U.S. 
government. It then uses the Kartapolov Framework to evaluate the efficacy of those 
countermeasures, informing recommendations for counteracting future Russian 
disinformation campaigns in the next chapter. Finally, figure 5 provides some key 
highlights of the Russian and American actions after the 2018 midterms to the 2020 


elections. 
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Figure 5. Highlights of Russian and American Actions from 2018 to 
2020.242 


January - The FBI creates the Protected Voices Initiative to 


provide cybersecurity training to national political organizations 


February - The Special Counsel's Office indicts 13 Russians 
associated with the IRA for election interference. 


— 


July - Facebook changes political advertising policy. 


July to November - Facebook, Google, and Twitter take 
down multiple IRA accounts. 


le che 3S 
August - Google changes LEGEND 
political advertising policy. 


mi RED = 2016 RUSSIAN TACTICS 
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Ei BLUE = U.S. COUNTERMEASURES 


Em ORANGE = NEW RUSSIAN TACTICS 


June - IRA creates the Eliminating Barriers for the Liberation 
of Africa organization (EBLA) 


October - FBI begins providing cybersecurity briefings 
presidential candidates and national political parties 


October to November - Facebook, Google, and Twitter take 
down multiple IRA accounts. 


November - Twitter bans political advertisments 


January - Twitter revises policy to take down election disinformation 


0 


February - Facebook takes down GRU controlled accounts. 


March - EBLA outed by CNN. Facebook and Twitter take 


T down its social media accounts. 


April - Facebook, Google, and Twitter take down multiple IRA 
accounts. 


September - PeaceData site outed by CNN. Facebook and 
Twitter take down its social media accounts. 


October - Newsroom for American and European Based Citizens 
site outed by Reuters. Facebook and Twitter take down its 
social media accounts. 


242 Adapted from Federal Bureau of Investigation, “Protected Voices"; @TwitterSafety, “October 2020: 
Disclosing Networks to Our State-Linked Information Operations Archive,” Twitter Information 
Operations (blog), October 8, 2020, https://blog.twitter.com/en us/topics/company/2020/disclosing- 
removed-networks-to-our-archive-of-state-linked-information.html; Facebook, “Facebook - Preventing 
Election Interference"; Facebook, “October 2020 Coordinated Inauthentic Behavior Report," Facebook 
News (blog), October 27, 2020, https://about.fb.com/news/2020/10/removing-coordinated-inauthentic- 
behavior-mexico-iran-myanmar/; Federal Bureau of Investigation, “Combating Foreign Influence," What 
We Investigate, accessed October 18, 2020, https://www.fbi.gov/investigate/counterintelligence/foreign- 
influence; Lauren Feiner and Megan Graham, “Twitter Unveils Final Details for Political Ad Ban, but It’s 
Still Looking Murky,” CNBC, November 15, 2019, https://www.cnbc.com/2019/1 1/15/twitter-unveils- 
new-political-ad-policy.html; Google Threat Analysis Group, “TAG Bulletin: Q4 2020,” Google: Updates 
from Threat Analysis Group, November 17, 2020, https://blog.google/threat-analysis-group/tag-bulletin-q4- 
2020/; Google Threat Analysis Group, “Google Safety & Security”; @TwitterSafety, “October 2020: 
Disclosing Networks to Our State-Linked Information Operations Archive.” 
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A. THE IRA AND OTHER PROXIES’ SOCIAL MEDIA ACTIVITIES 


From 2019 through 2020, the major social media companies reported most of the 
IRA’s activities with a couple of exceptions. On at least a quarterly basis, Facebook, 
Google, and Twitter made announcements regarding the detection and takedown of fake 
Russian accounts on their platforms via blogposts. In addition, many of the IRA-related 
activities involved account takedowns in various geographical locations, not just Russia- 
based accounts. The exceptions to the major social media companies reporting Russian 
account takedowns came when other organizations were able to identify and expose the 
activities of the Internet Research Agency. In one instance, CNN broke a story about the 
IRA's activities in March 2020.243 In a second instance, Graphika, a New York-based 
social media analysis company, issued reports on IRA activities and identified another 
cluster of Russia-controlled campaigns it dubbed “Secondary Infektion.”244 These 
account takedowns appeared to be coordinated across different organizations as Facebook 


and Twitter made their own announcements after the reporting by CNN and Graphika. 


Different Russian proxy organizations focused on specific voting groups to affect 
their attitudes. For example, the Internet Research Agency established a front organization 
called Eliminating Barriers for the Liberation of Africa (EBLA) with offices in Western 
Africa.245 On March 12, 2020, CNN exposed EBLA when it televised a news story with 
an associated news article about EBLA being a Russian troll farm.246 Through its 
investigation, CNN determined the head of EBLA was a Russian-speaking Ghanaian 
named Seth Wiredu, who called himself *Mr. Amara" and registered the organization in 
June 2019.247 CNN assessed he was being funded through Yevgeniy Prigozhin’s Project 
Lakhta. Wiredu managed offices outside Accra, Ghana, and Lagos, Nigeria, with 


243 Clarissa Ward et al., “Russian Election Meddling Is Back — Via Ghana and Nigeria — and in 
Your Feeds," CNN, April 11, 2020, https://www.cnn.com/2020/03/12/world/russia-ghana-troll-farms- 
2020-ward/index.html. 


244 Ben Nimmo et al., Secondary Infektion (New York: Graphika, 2020), 
https://secondaryinfektion.org/report/secondary-infektion-at-a-glance/. 


245 Ward et al., “Russian Election Meddling Is Back.” 
246 Ward et al. 
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employees who portrayed themselves as African Americans and engaged in social media 
activities.248 The EBLA employees focused primarily on racial issues such as police 
brutality, displays of anger towards white people, and black empowerment.249 Figure 6 
provides an example of the types of postings put out by EBLA. In a similar fashion to the 
IRA’s operations in St. Petersburg, the EBLA employees received assignments on different 
themes, coordinated their postings, and worked on cross-platform campaigns.250 Before 
it was outed, the EBLA organization appeared to be laying the groundwork for influencing 


the behavior of Black voters ahead of the 2020 U.S. elections. 


Figure 6. An Image from a Facebook Account Controlled by EBLA.251 
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Although the Russians tried to evolve their tactics to evade detection by the social 


media companies, the effort failed because the social media companies partnered with other 


248 Ward et al. 
249 Ward et al. 
250 Ward et al. 
251 Source: Ward et al. 
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organizations to detect and expose the Russians. One example highlighted this 
collaboration. On September 1, 2020, Facebook and Twitter announced that they had 
identified and taken down social media accounts associated with an English and Arabic 
language website called *PeaceData," which portrayed itself as a progressive-leaning 


independent news site.252 Figure 7 shows two postings from the PeaceData site. 


In coordination with Facebook, Graphika issued a report on PeaceData, which 
provided detailed information about the site itself, an analysis of images on the site, and 
the site's writers.25? This development was notable for four reasons. First, the site was an 
example of the IRA shifting content off the social media platforms to a website which it 
controlled. Second, Graphika analyzed the profile photos of several PeaceData staff 
members and determined they were created through generative adversarial networks 
(GANS), which is a type of artificial intelligence.254 These photos were the first known 
instance of the IRA using artificial intelligence to generate phony images of people. 
Examples ofthese GANS-generated profile photos appear in Figure 8. Third, Reuters broke 
a story about the IRA posing as PeaceData staff to hire unwitting freelance journalists, 
including Americans, to write articles for the site.25^ The Carnegie Endowment for 
International Peace determined that at least 20 freelance journalists had been duped into 
writing articles for the PeaceData outlet.256 This instance is the first identified example of 
the IRA hiring unwitting individuals to generate content on its behalf. Fourth, Facebook 


shared information about the PeaceData site and associated social media networks with 


252 @TwitterSafety, “September 2020: Disclosing Networks to Our State-Linked Information 
Operations Archive," Social Media, Twitter Information Operations (blog), September 1, 2020, 
https://twitter.com/T witterSafety/status/1300848632120242181; Facebook, “September 2020 Coordinated 
Inauthentic Behavior Report," Facebook News (blog), September 2020, https://about.fb.com/wp-content/ 
uploads/2020/10/September-2020-CIB-Report.pdf. 


253 Nimmo et al., "IRA Again: Unlucky Thirteen." 
254 Nimmo et al., 6. 


255 Jack Stubbs, “Duped by Russia, Freelancers Ensnared in Disinformation Campaign by Promise of 
Easy Money,” Reuters, September 3, 2020, https://www.reuters.com/article/us-usa-election-facebook- 
russia-idUSKBN25T35E. 


256 Alicia Wanless and Laura Walters, *How Journalists Become an Unwitting Cog in the Influence 
Machine," Carnegie Endowment for International Peace, October 13, 2020, https://carnegieendowment.org/ 
2020/10/13/how-journalists-become-unwitting-cog-in-influence-machine-pub-82923. 
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Graphika.257 This collaboration revealed Facebook joining forces with a non-social media 


company third party to analyze its findings. 


Figure 7. 
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The Russians continued to demonstrate different tactics such as using alternative 
communication platforms, artificial intelligence to generate false personas, and unwitting 
co-optees to avoid detection by the social media companies and the U.S. government. Not 
only did the Russians use the PeaceData site to appeal to progressives, but they also created 
another site called the Newsroom for American and European Based Citizens (NAEBC) to 
appeal to conservatives.260 On October 1, 2020, Reuters published an article that exposed 
NAEBC as another news outlet run by the IRA, which appeared to be the ideological 
counterpart of the PeaceData outlet.2! Figure 9 shows an example of a posting on 


NAEBC. Figure 10 shows an example of cross-posting of NAEBC content on Gab. 


The NAEBC site was noteworthy for three reasons. First, in addition to the 
mainstream social media platforms of Facebook, Twitter, and LinkedIn, the IRA used two 
right-wing social media platforms, Gab and Parler, to disseminate content from 
NAEBC.2€? Second, Figure 11 shows that the IRA continued using GANS-generated staff 
profile photos on NAEBC to convey a sense of authenticity.26? Lastly, Graphika 
determined that the IRA used various social media accounts to engage with real users and 
convince them to post on the NAEBC site, which met with some success.204 However, 
Graphika assessed that both the PeaceData and NAEBC outlets had limited influence 
because they were created around June 2020 and taken down by September 2020 before 
either could generate much viewership.265 Furthermore, Graphika opined that the purpose 
for both the websites was two-fold. First, the sites wanted to influence voter turnout 
through the type of content on each site. For example, on the PeaceData site, Graphika 


believed articles denigrating Joe Biden compared to other Democratic candidates would 


260 Stubbs, “Exclusive.” 


261 Graphika Team, Step Into My Parler; Suspected Russian Operation Targeted Far-Right American 
Users on Platforms Including Gab and Parler, Resembled Recent IRA-Linked Operation That Targeted 
Progressives (New York: Graphika, 2020), 1, https://graphika.com/reports/step-into-my-parler/. 


262 Graphika Team, 16. 
263 Graphika Team, 20. 
264 Graphika Team, 23-26. 
265 Graphika Team, 26. 


63 


Page 1399 of 3957 


Page 1400 of 3957 


suppress Democratic voter turnout.266 Second, the content on both PeaceData and 


NAEBC was meant to inflame existing discord within their viewership.267 


Figure 9. Posting from the NAEBC Site.268 


BLM: Justice Organization or Weapon of 
Destruction? 

As we have seen in recent months, there are radical 
groups who have become more prevalent in our 
society. Today we will delve a little deeper into BLM 
and their. 


? NAEBC 


3likes 1repost 


Ó Like Q comment CŒ Repost 99 Quote 


Figure 10. NAEBC Cross-platform Posting on Parler.269 
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266 Graphika Team, 34. 

267 Graphika Team, 34. 


268 Source: Graphika Team, 8. 
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Figure 11. GANS-generated Profile Photos for NAEBC Staff.270 


The Russians targeted the far-right channels as well as the mainstream ones to reach 
different target audiences. In addition to its work analyzing the aforementioned IRA 
activities, Graphika conducted an independent investigation into another Russian 
information operation dubbed “Secondary Infektion."27! Graphika determined this group 
has been active from 2014 to at least the beginning of 2020 and characterized the online 
campaigns as focusing on misinformation about foreign policy and diplomacy-related 
matters.272 Although the content appeared in multiple languages, Graphika deduced the 
campaigns focused on targeting viewers in Europe and North America.27? Its analysis of 
the top themes in the content revealed that the articles primarily concentrated on 
denigrating Ukraine, the United States, NATO, and sowing discord in the rest of 
Europe.274 Figure 12 shows the breakdown of articles by quantity and topic. Thus, the 
Russians had expanded far beyond using the Internet Research Agency as a proxy for its 


disinformation campaigns. 


270 Source: Graphika Team, 20. 

271 Nimmo et al., Secondary Infektion. 
272 Nimmo et al., 4. 

273 Nimmo et al., 11. 

274 Nimmo et al., 14. 
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Figure 12. Breakdown of Secondary Infektion Articles by Topic.275 
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Secondary Infektion had two features that distinguished it from the other IRA- 
controlled campaigns. First, the actors behind Secondary Infektion made extensive use of 
forged postings and documents in an attempt to proliferate disinformation and propagate 
conflict.276 Second, Graphika observed that Secondary Infektion used a wide-ranging set 
of online platforms, especially micro-blogging sites, to disseminate content, not only the 


mainstream social media platforms.277 Examples of a forged post and forged document 


275 Source: Nimmo et al., 14. 
276 Nimmo et al., 4. 
277 Nimmo et al., 8. 
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are shown in Figures 13 and 14, respectively. The Russians extended their reach across 


multiple channels and platforms by agilely adapting their tactics. 


Figure 13. 
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Figure 14. Secondary Infektion-made Forged Letter to John Kerry.27? 
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By being everywhere simultaneously, the Russians effectively reduced the 
likelihood of being shut down, given the reach of their operations. In discussion with some 
social media companies, Graphika believed the extensive variety of sites used by 
Secondary Infektion could be related to operational security.280 Specifically, this type of 
behavior would reduce the impact of takedowns by any one company and make 
coordinated takedowns more difficult across multiple companies.28! The social media 
companies told Graphika that the actors behind the Secondary Infektion activities used 
good security practices because they were consistent and disciplined about using “burner” 
accounts, which were registered, used to create a series of posts, and then abandoned within 
the day.282 Graphika and the social media companies determined that Russian operators 
conducted Secondary Infektion. Still, they could not determine whether the campaign was 
associated with the IRA, GRU, or other Russia-based groups.283 The Secondary Infektion 
campaigns were another example of the Russians trying to adjust their tactics to avoid 


detection by the social media companies. 


B. PRIVATE SECTOR COUNTERMEASURES 


Ahead of the 2020 U.S. elections, the major social media companies, consisting of 
Facebook, Google, and Twitter, continued their transparency efforts by regularly providing 
public notifications of foreign influence-related account takedowns. These notifications 
typically provided summaries of the activities the companies identified, the number of 
accounts taken down, and how these accounts violated their terms of service. In addition, 
all three companies published security measures regarding technology improvements and 


policy changes on their platforms ahead of the elections.284 


280 Nimmo et al., 8. 
281 Nimmo et al., 8. 
282 Nimmo et al., 8. 
283 Nimmo et al., 11. 


284 Facebook, “Facebook - Preventing Election Interference"; Google Threat Analysis Group, 
* Google Safety & Security"; Twitter, *Elections Integrity." 
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In 2019, Facebook announced two sets of takedowns. First, on October 21, 2019, it 
removed 50 Instagram and one Facebook account, which originated from Russia and 
focused on American users. Then, on October 30, 2019, Facebook removed five Instagram 
accounts, 35 Facebook accounts, 53 Pages, and seven Groups, which originated from 
Russia and focused on users in African countries (Cameroon, Cóte d'Ivoire, the 
Democratic Republic of the Congo, Mozambique, Central African Republic, and 
Madagascar).285 These actions showed that the IRA's activities persisted and expanded 
into targeting different countries and that Facebook was actively monitoring its platform 


and taking efforts to disrupt the IRA. 


Social media companies uncovered even deeper links to Russia. In 2020, Facebook 
announced six sets of takedowns. All of them are summarized in Table 5. In contrast to 
2016, when 470 IRA accounts were identified, Facebook identified and shut down 825 
accounts in 2020. In one noteworthy takedown, Facebook discovered Facebook accounts, 
pages, and groups controlled by the GRU, targeting Ukraine and other Eastern European 
countries, and announced their removal on February 12, 2020.286 The use of the GRU for 
disinformation campaigns appeared to be a new tactic by the Russians. As mentioned 
before, the GRU was responsible for the hack and dump attack of the Democratic National 
Committee in 2016 but had not previously engaged in social media influence campaigns. 
After the Internet Research Agency and Secondary Infektion, the GRU would be the third 
different Russian-controlled entity discovered to be conducting influence campaigns ahead 
of the 2020 elections. These takedowns confirmed the ongoing social media-focused 


portion of the Russian influence strategy. 


285 Facebook, “Facebook - Preventing Election Interference.” 
286 Facebook. 
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Table 5. | Summary of Facebook Takedowns for 2020.287 


February September | October 
Facebook Account 78 49 91 13 229 0 
Facebook Page 11 69 46 2 36 2 
Facebook Group 29 0 2 0 19 0 
Instagram Account 4 85 1 0 37 22 
Total 122 203 140 15 321 24 
Grand Total 825 


On March 12, 2020, Facebook announced another noteworthy takedown, in which 
it shut down 85 Instagram accounts, 69 Pages, and 49 Facebook accounts.288 Its takedown 
coincided with the CNN story regarding the Eliminating Barriers for the Liberation of 
Africa organization discussed above. Facebook assessed that individuals from Russia had 
recruited locals in Ghana and Nigeria to build an online social network and develop an 
audience; EBLA controlled at least one Instagram account with over 260,000 followers 
and one Facebook account with over 13,000 followers.289 The IRA’s expansion into West 
Africa mirrored Yevgeniy Prigozhin's business interests on the continent and suggested 
the IRA thought its troll-farm model could be successfully exported into other countries.290 
These takedowns demonstrated that Facebook successfully identified Russian 


disinformation operations despite a shift in their tactics. 


287 Adapted from Facebook, “February 2020 Coordinated Inauthentic Behavior Report,” Facebook 
News (blog), March 2020, https://about.fb.com/wp-content/uploads/2020/03/February-2020-CIB- 
Report.pdf; Facebook, “March 2020 Coordinated Inauthentic Behavior Report,” Facebook News (blog), 
April 2, 2020, https://about.fb.com/news/2020/04/march-cib-report/; Facebook, “April 2020 Coordinated 
Inauthentic Behavior Report," Facebook News (blog), May 5, 2020, https://about.fb.com/news/2020/05/ 
april-cib-report/; Facebook, “September 2020 Coordinated Inauthentic Behavior Report"; Facebook, 
“August 2020 Coordinated Inauthentic Behavior Report,” Facebook News (blog), September 1, 2020, 
https://about.fb.com/wp-content/uploads/2020/09/August-2020-CIB-Report.pdf; Facebook, “October 2020 
Coordinated Inauthentic Behavior Report." 


288 Facebook, “Facebook - Preventing Election Interference." 
289 Facebook. 
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In 2019, Twitter announced two takedowns totaling 422 IRA-controlled accounts, 
which made about 929,000 tweets.29! Figure 15 demonstrates a categorization of tweets 
by topic. A review of these tweets revealed a continued focus on the 2018 midterm U.S. 
elections, with seven percent of all tweets, where Democrats had taken over control of the 
House of Representatives. The other prominent topics focused on promoting Trump, a 
right-wing meme that accused the FBI of misusing the Steele dossier to obtain a 
surveillance order on Trump associate, Carter Page, and Islamophobic rhetoric. The themes 
promoted by the IRA on Twitter showed its continued acuity in determining the hot-button 


issues that would agitate right-wing voters. 


Figure 15. Breakdown of Twitter Tweets by Topic for 2019.292 
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On November 11, 2019, Twitter announced a ban on virtually all political 


advertisements.293 It made a few minor exceptions for issue-based ads and news 


291 Twitter, “Elections Integrity.” 
292 Adapted from Twitter. 


293 Feiner and Graham, “Twitter Unveils Final Details for Political Ad Ban, but It’s Still Looking 
Murky.” 
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organizations already exempted from its policy. Twitter “defines political advertising as 
referencing a candidate, political party, elected or appointed government official, election, 
referendum, ballot measure, legislation, regulation, directive or judicial outcome."294 
Although Twitter was the first of the major social media companies to ban political 
advertisements, critics in news media perceived it as an expedient move meant to earn 
goodwill with the public while only costing less than one percent of its quarterly 


revenue. 295 


Expanding beyond earlier takedowns, the major social media companies 
coordinated their publicity for more significant impact and established more direct links to 
Russia. In 2020, Twitter announced four sets of takedowns, as summarized in Table 6. For 
2020, a total of 1,233 accounts were taken down, versus the 3,814 accounts identified as 
being controlled by the IRA in 2016. One noteworthy takedown occurred on March 12, 
2020, when Twitter announced the shutdown of 71 accounts operated by the Eliminating 
Barriers for the Liberation of Africa organization in Ghana and Nigeria.29© Twitter 
attributed them to Russian-sponsored activities, which CNN characterized as an attempt 
"to sow discord by engaging in conversations about social issues, like race and civil 
rights.”297 The synchronization of announcements by Facebook and Twitter with the CNN 


breaking story suggests some level of coordination between the three companies. 


Another significant Twitter takedown occurred in June 2020, with the shutdown of 
1152 accounts, which Twitter and the Stanford Internet Observatory attributed a campaign 
dubbed the "Current Policy" to the IRA because of the anti- Western and pro-Putin content 
it disseminated.298 Stanford's analysis determined the Current Policy accounts posted 


more than 3.4 million tweets since 2013, with some focused on portraying actual Russian 


294 Feiner and Graham. 


295 Michael Nufiez, “The Surprising Truth about Twitter’s Political Ad Ban,” Forbes, November 1, 
2019, https://www.forbes.com/sites/mnunez/2019/1 1/01/the-surprising-truth-about-twitters-political-ad- 
ban/. 


296 Ward et al., “Russian Election Meddling Is Back.” 
297 Ward et al. 


298 Stanford Internet Observatory, “Analysis of June 2020 Twitter Takedowns Linked to China, 
Russia, and Turkey.” 
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government agencies and others working to boost specific Russian politicians or federal 
initiatives.299 These actions revealed coordination among the social media companies, 


news media, and a research organization to thwart Russian disinformation operations. 


Table 6. | Summary of Twitter Takedowns for 2020.300 


September October 


Account | 71 1152 5 5 


Grand Total | 1,233 


At the beginning of 2020, Twitter announced an enhancement of its safety policies, 
developing better tools for detecting abusive behavior, and aggressively taking actions 
against violations of the terms of service.39! Twitter also highlighted its collaboration with 
political parties, researchers, and election officials. In addition, a Twitter spokesperson 
stressed the importance of staying in contact with state election officials and law 


enforcement.302 


On November 26, 2019, Google announced it had shut down 15 YouTube channels 
and associated Google accounts. These IRA-controlled accounts used English, French, and 
Arabic language content to target users in South Africa, Madagascar, Sudan, and the 


Central African Republic. Google said these accounts were associated with the account 


299 Stanford Internet Observatory. 


300 Adapted from Ward et al., “Russian Election Meddling Is Back”; @TwitterSafety, “June 2020: 
Disclosing Networks of State-Linked Information Operations We've Removed," Twitter Information 
Operations (blog), June 12, 2020, https://blog.twitter.com/en us/topics/company/2020/information- 
operations-june-2020.html; @TwitterSafety, “September 2020: Disclosing Networks to Our State-Linked 
Information Operations Archive"; @TwitterSafety, “October 2020: Disclosing Networks to Our State- 
Linked Information Operations Archive." 


301 Twitter, *Elections Integrity." 
302 Twitter, 
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takedowns Facebook had announced on October 30, 2019.303 "This statement confirmed 


joint action facilitated by information sharing between the two companies. 


On March 3, 2020, Google announced it had developed policies prohibiting 
deceptive practices such as voter suppression and misrepresentation in all its products, 
including Google Ads, YouTube, and the Google Play Store.304 The company also 
mentioned working closely with other technology companies and the FBI regarding 
referrals and leads.305 This announcement by Google showed an effort to be more 
transparent, coordinate with other social media companies, and acknowledge some 


engagement with the FBI. 


In April 2020, Google's Threat Analyst Group began to blog about account 
takedowns every quarter. Table 7 provides a summary of the number and types of accounts 
taken down by Google. For 2020, Google took down a total of 129 accounts, which is lower 
in number than in 2016, when it identified and submitted 228 YouTube videos and 655 


AdWord advertisements to the Senate Intelligence Committee for review.306 


Table 7. Summary of Google Takedowns for 2020.307 


October November 
YouTube Channel 22 47 17 28 10 
Blog 3 0 0 1 0 
AdSense Account 0 1 0 0 0 
Total 25 48 17 29 10 
Grand Total 129 


303 Google Threat Analysis Group, “Google Safety & Security.” 

304 Google Threat Analysis Group. 

305 Google Threat Analysis Group. 

306 Howard et al., The IRA, Social Media, and Political Polarization in the United States, 2012—2018, 


307 Adapted from Google Threat Analysis Group, “TAG Bulletin: Q2 2020,” Google: Updates from 
Threat Analysis Group (blog), August 5, 2020, https://blog.google/threat-analysis-group/tag-bulletin-q2- 
2020/; Google Threat Analysis Group, “TAG Bulletin," November 17, 2020. 
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C. U.S. GOVERNMENT COUNTERMEASURES 


Ahead of the 2020 U.S. elections, the U.S. government appeared publicly focused 
on transparency efforts, such as public statements and a hearing, and modifying the policies 
regarding interactions with political campaigns. The U.S. government also took security 
steps, such as information sharing with relevant stakeholders, including social media 
companies and political campaigns. The major social media companies mentioned working 
with the U.S. government to some extent. Some news reporting corroborated this 


engagement between the private sector companies and the U.S. government. 


Only one public Congressional hearing took place before the U.S. elections on 
November 3, 2020. On September 18, 2019, the Senate Commerce Committee held a 
hearing with senior executives from Facebook, Google, and Twitter to discuss their 
companies’ efforts to remove extremist content and disinformation from their 
platforms.308 This hearing was the only opportunity in 2019 for the American public 
through Congressional testimony and for Congress to publicly hold the companies 


accountable for the actions they previously pledged to protect the elections. 


On May 15, 2020, to address foreign interference threats more directly, William 
Evanina, Director of the National Counterintelligence and Security Center (NCSC), was 
tasked with leading all the U.S. government threat intelligence briefings to the relevant 
national political committees and presidential campaign committees.909? The ODNI likely 
changed the briefers from a rotating cadre of analysts from the FBI and DHS to streamline 
the process for the recipients and let the political campaigns and all Americans know the 


entire U.S. Intelligence Community backs these threat briefings.310 


Before the 2020 U.S. elections, the FBI took some public actions related to election 
security. On October 23, 2019, FBI Director Wray announced an expansion of the 


308 U.S. Congress. Senate, September 18, 2019. 


309 Office of the Director of National Intelligence, “Director of National Intelligence Announces 
Changes to Election Security Briefings," Office of the Director of National Intelligence, May 15, 2020, 
https://www.dni.gov/index.php/newsroom/press-releases/item/2 | 1 8-director-of-national-intelligence- 
announces-changes-to-election-security-briefings. 


310 Office of the Director of National Intelligence. 
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Protected Voices Initiative.3!! New cybersecurity training videos and reference materials 
were added to the website. Furthermore, the FBI indicated it would provide cybersecurity 
training to all of the presidential campaigns ahead of the primary election season.3!2 This 
training supplemented the FBI's ongoing engagement with the national-level political 
committees. This security-related action continued the FBI's efforts to help the various 


political campaigns safeguard their computer networks and electronic devices. 


On January 16, 2020, the FBI stated it was modifying its notification policy 
regarding computer intrusions to election infrastructure. Previously, the FBI would notify 
local election officials whose organizations typically owned and maintained the election 
systems and equipment. The local officials would be responsible for informing the state- 
level officials. With this policy change, the FBI would simultaneously notify the designated 
chief state-level election official as well as the local officials impacted by a cyber-attack. 
According to the FBI press release, “this new policy will result in increased collaboration 
between all levels of government for the integrity and security of U.S. elections."313 Thus, 
the FBI appeared to publicly state affirmative actions it was taking to safeguard the 
elections. Previously, the FBI had been typically reluctant to disclose election-related 


actions to the public. 


Despite not making public announcements about its involvement with the private 
sector, the U.S. government appeared to be more engaged with social media companies 


ahead of the 2020 U.S. elections than in 2016. On September 4, 2019, Facebook hosted an 


election security meeting with the FBI, DHS, and ODNI.3!4 The other companies 


311 “Protecting Every Voice: FBI Expands Suite of Resources on Election Security,” Homeland 
Security Today (blog), October 23, 2019, https://www.hstoday.us/subject-matter-areas/infrastructure- 
security/protecting-every-voice-fbi-expands-suite-of-resources-on-election-security/. 


312 "Protecting Every Voice." 


313 Federal Bureau of Investigation, “FBI Announces New Policy for Notifying State and Local 
Election Officials of Cyber Intrusions Affecting Election Infrastructure,” FBI Press Releases, January 16, 
2020, https://www. fbi.gov/news/pressrel/press-releases/fbi-announces-new-policy-for-notifying-state-and- 
local-election-officials-of-cyber-intrusions-affecting-election-infrastructure. 


314 Kurt Wagner, “Facebook Meets With FBI to Discuss 2020 Election Security,” Bloomberg, 
September 4, 2019, https://www.bloomberg.com/news/articles/2019-09-04/facebook-meets-with-fbi-to- 
discuss-2020-election-security. 
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attending the meeting included Google, Microsoft, and Twitter.3!5 The group discussed 
plans for better coordination and information sharing.3!6 This meeting was the first 
indication of private sector companies meeting with the U.S. government to safeguard the 
2020 U.S. elections. In August 2020, the New York Times broke a story revealing that the 
private sector companies working with the U.S. government had expanded to include the 
Wikimedia Foundation, Verizon Media, Reddit, Pinterest, and LinkedIn!" A 
spokesperson for the private sector companies stated that they regularly met with the U.S. 
government agencies responsible for election security to discuss threat trends and worked 


closely with each represented company to protect their platforms.3!8 


Public statements from some social media companies revealed that the U.S. 
government, particularly the FBI, had provided them with tipper information to detect 
Russian influence operations on their platforms. In August 2020, Facebook announced that 
it had taken down two pages and 13 Facebook accounts, which the IRA was controlling, 
and mentioned finding the cluster due to off-platform activities identified by the FBI.319 
In September 2020, Facebook and Twitter announced the takedown of PeaceData- 
associated accounts being controlled by the IRA.329 Facebook stated that it had been able 
to identify the accounts based on off-platform information provided by the FBI.32! Twitter 
went further in its statement when it expressly thanked the FBI's Foreign Influence Task 
Force for its “close collaboration and continued support of our work to protect the public 


conversation at this critical time."322 In October 2020, Facebook identified and shut down 


315 Wagner. 
316 Wagner. 


317 Mike Isaac and Kate Conger, “Google, Facebook and Others Broaden Group to Secure U.S. 
Election,” New York Times, August 12, 2020, https://www.nytimes.com/2020/08/12/technology/google- 
facebook-coalition-us-election.html. 


318 Isaac and Conger. 
319 Facebook, “August 2020 Coordinated Inauthentic Behavior Report.” 


320 @TwitterSafety, “September 2020: Disclosing Networks to Our State-Linked Information 
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a network of IRA-controlled Facebook and Instagram operated out of Mexico and 
Venezuela.?25 Once again, Facebook mentioned its ability to identify these accounts based 
on information provided by the FBI.324 Also, in October 2020, Google noted it had shut 
down one blog and 26 YouTube channels being operated by the IRA.325 In addition, 
Google's Threat Analysis Group mentioned it had received leads provided by the FBI to 
support its internal investigation.?26 In total, the FBI appears to have shared information 
with Facebook, Google, and Twitter on at least four occasions, which led to the detection 
and takedown of multiple IRA-controlled accounts on their respective platforms. This 
sharing contrasted with 2016 when it seemed that the U.S. government had not shared any 


threat information with the social media companies ahead of the 2016 U.S. elections. 


Besides the FBI and DHS, other U.S. government agencies were also publicly 
involved in election security. For example, in August 2020, the NSA, jointly with the FBI, 
issued a cybersecurity advisory exposing complex malware dubbed “Drovorub,” created 
by Russian Military Intelligence.327 This advisory was the first of its kind and would allow 
private and public sector organizations to safeguard themselves ahead of the election. Also, 
in August 2020, the State Department's Global Engagement Center issued an extensive 
report revealing the disinformation tactics employed by the Russian government and 
associated organizations, such as the IRA.328 The State Department believed this report 
would help news media, private and public sector organizations, and other governments 


detect and analyze Russian influence operations to build up a collective resilience.329 


323 Facebook, “October 2020 Coordinated Inauthentic Behavior Report.” 
324 Facebook. 

325 Google Threat Analysis Group, “TAG Bulletin,” November 17, 2020. 
326 Google Threat Analysis Group. 


327 National Security Agency and Federal Bureau of Investigation, Russian GRU 85th GTsSS Deploys 
Previously Undisclosed Drovorub Malware, Rev 1.0 (Washington, DC: National Security Agency & 
Federal Bureau of Investigation, 2020), https://media.defense. gov/2020/Aug/13/2002476465/-1/-1/ 
0/CSA DROVORUB RUSSIAN GRU MALWARE AUG 2020.PDF. 
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During the elections, the U.S. government had little to do with the actual 
administration of political campaigns or elections. Instead, the U.S. government was 
responsible for providing funding to states for equipment upgrades, conducting 
enforcement actions to ensure fair elections, and keeping the American public apprised of 
any significant developments.530 On November 4, 2020, after the election polls had closed 
across the United States, Christopher Krebs, Director of the Cybersecurity and 
Infrastructure Security Agency, issued a statement that the U.S. government had seen no 
evidence of Russian or other foreign adversaries changing ballots or preventing Americans 
from voting. In December 2020, Krebs reaffirmed his belief about the integrity of the 2020 
U.S. Elections during a hearing before the Senate Committee on Homeland Security and 
Governmental Affairs in December 2020.33! Senior election executives representing 
America's election infrastructure sector made a statement that echoed Krebs' claim of a 


safe and fair election.332 


In March 2021, the Office of the Director of National Intelligence issued the 
Intelligence Community's report assessing foreign threats to the 2020 U.S. elections.333 
Similar to what NCSC Director Evanina said in his August 2020 statement, the ODNI 
assessment emphasized the ongoing and concerted Russian disinformation campaign, 
which was designed to promote the reelection of President Trump, denigrate Joe Biden and 
the Democratic Party, erode trust in the election process, and inflame political and social 


tensions within the United States.334 The ODNI discussed the efforts of the Internet 


330 R, Sam Garrett, Federal Role in U.S. Campaigns and Elections: An Overview, CRS Report No. 
R45302 (Washington, DC: Congressional Research Service, 2018), 27, https://fas.org/sgp/crs/misc/ 
R45302.pdf. 


331 Examining Irregularities in the 2020 Election: Hearing before the Committee on Homeland 
Security and Governmental Affairs, Senate, 116th Cong., 2nd Session, December 16, 2020, 2, 
https://www.hsgac.senate.gov/imo/media/doc/Testimony-Krebs-2020-12-16.pdf. 


332 Elections Infrastructure Government Coordinating Council and Election Infrastructure Sector 
Coordinating Executive Committee, “Joint Statement from Elections Infrastructure Government 
Coordinating Council & the Election Infrastructure Sector Coordinating Executive Committees,” 
November 12, 2020, https://www.cisa.gov/news/2020/1 1/12/joint-statement-elections-infrastructure- 
government-coordinating-council-election. 
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Research Agency and highlighted the “short-lived troll farms" based in Mexico and 
Western Africa, which were initiated to avoid the ongoing account takedown efforts by the 
social media companies with help from the U.S. government.?3? The ODNI concluded 
that greater awareness by the news media and the American public, coupled with the 
actions taken by the social media companies and the U.S. government, likely countered the 


Russian efforts to some degree. 336 


D. USING THE KARTAPOLOV FRAMEWORK TO EVALUATE RUSSIAN 
AND AMERICAN MEASURES IN 2020 


As previously used for appraising IRA information operations during the elections 
in 2016 and 2018, the relevant components of the Kartapolov Framework were used to 
evaluate the Russian and American efforts to determine their effectiveness for the 2020 
U.S. Elections. To reiterate, these components are: (1) spreading discontent in the 
population, (2) exerting political pressure, and (3) confusing the political leadership.337 
The impact of the Russian campaigns on American political leadership will be gauged in 


the section evaluating the countermeasures taken by the U.S. government. 


1. The IRA and Other Proxies — Impact and Evolution 


The Internet Research Agency evolved its tactics ahead of the 2020 U.S. elections 
but was unsuccessful in achieving its ultimate desired outcome of a Trump reelection. The 
IRA’s tactical developments were two-fold: (1) moving troll farm operations to locations 
outside of Russia, namely West Africa and Mexico, and (2) moving content from the social 
media platforms to websites the IRA controlled. For the first component of the Kartapolov 
Framework, a review of all four of the IRA’s campaigns for 2020 showed they were 
focused on inflaming dissension in the populace. CNN evaluated the social media content 
disseminated by Eliminating Barriers for the Liberation of Africa and noted it was 


primarily focused on racial issues such as Black empowerment and used language meant 


335 Office of the Director of National Intelligence, 3. 
336 Office of the Director of National Intelligence, 6. 
337 Wilhelm, “A Russian Military Framework,” 35. 
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to inflame divisions between American racial groups.??8 For the PeaceData outlet, 
Graphika's analysis determined the actors behind it were targeting progressive groups in 
the United States, especially those who identified with democratic socialism.339 The 
Newsroom for American and European Based Citizens site appeared to be the 
counterweight to PeaceData. It targeted viewers with a far-right ideology because it 
covered topics such as racist tropes about black people and criticism of the Black Lives 
Matter movement.340 Lastly, the Secondary Infektion campaign's focus on diplomacy and 
foreign policy appeared to be tailored to denigrate the United States and its European allies 
while also trying to foment conflict between the allied countries.34! Although the Russian 
actions likely inflamed already existing dissension in the United States, it did not appear to 
deter voter turnout at all. The effectiveness of the Russian messaging was probably blunted 
by the account takedowns by the major social media companies and being outed by the 


news media before it could develop traction with the targeted audiences. 


For the second component of the Kartapolov Framework, exerting political 
pressure, the Russian campaigns appeared to have mixed results. On the one hand, from 
interviews conducted with the social media companies, CNN determined that the IRA- 
controlled organization, Eliminating Barriers for the Liberation of Africa, had successfully 
gathered many followers for its social media accounts since its inception in June 2019.342 
Facebook reported to CNN that the EBLA-controlled accounts had about 267,000 users 
following EBLA-controlled Facebook or Instagram accounts.343 Twitter reported that 
EBLA-controlled accounts had about 68,000 followers before being shut down.344 


Although the number of followers does not directly correlate to the amount of political 


338 Ward et al., *Russian Election Meddling Is Back." 
339 Nimmo et al., “IRA Again: Unlucky Thirteen,” 24—25. 
340 Graphika Team, Step Into My Parler, 8. 

341 Nimmo et al., Secondary Infektion, 13. 

342 Ward et al., “Russian Election Meddling Is Back.” 
343 Ward et al. 

344 Ward et al. 
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pressure, it indicates that EBLA's content resonated enough with social media users to 


convince them to follow the EBLA-controlled accounts. 


On the other hand, the other Russian campaigns appeared to be less effective in 
creating political pressure. Since its inception in February 2020, the PeaceData site 
averaged about ten posts per day on the English-language page and 20 posts per day on the 
Arabic-language page.?45 Twitter noted that the PeaceData-associated Twitter accounts 
were “low quality and spammy,” and assessed they did not garner much attention from 
other Twitter users.?46 Facebook also took down a few PeaceData-associated Facebook 
and Instagram accounts but did not characterize how other users engaged with these 
accounts.247 The Newsroom for American and European Based Citizens outlet started in 
June 2020 but did not appear to attract much of a social media following. Graphika 
discovered that only about 14,000 users on Parler and 3,000 users on Gab followed the 
NAEBC site.348 The Secondary Infektion campaign appeared to be prolific during its 
existence. Still, Graphika noted that the vast majority of the content produced did not 
garner much, if any, engagement with other users.349 Graphika opined that the operators 
behind Secondary Infektion were motivated more by hitting production metrics than 
content engagement or virality.359 The ability of the Russian influence campaigns to 
generate political pressure may have been dampened by the social media company account 
takedowns and exposure by media outlets and Graphika, which will be discussed in more 


detail in the next section. 


For the third component of the Kartapolov Framework, namely confusing the 


political leadership, the impact of the Internet Research Agency and other Russian proxies’ 


345 Nimmo et al., “IRA Again: Unlucky Thirteen,” 5. 


346 @TwitterSafety, “September 2020: Disclosing Networks to Our State-Linked Information 
Operations Archive.” 
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actions will be discussed in the section evaluating the impact of the U.S. government's 


actions. 


2. The Private Sector Companies’ Impact and Adaptations 


The effectiveness of the private sector countermeasures used against the Russian 
influence operations targeting the 2020 U.S. election was evaluated using the Kartapolov 
Framework. To combat the first component, spreading discontent in the American public, 
the private sector responded to take security-focused actions. Specifically, the companies 
enhanced their detection systems to identify and disrupt Russian influence activities before 
gaining much traction with their users. As a result, each of the prominent social media 


companies had somewhat different results from 2016 to 2020, shown in table 8. 


Table 8. | Social Media Account Takedowns between 2016 and 2020.35! 


Der ot ACCO aken Do 


2016 2020 Difference 
Facebook 470 825 *355 
Google 883 129 -754 
Twitter 1,233 3,814 12,581 


While Facebook and Twitter saw an increase in IRA-controlled accounts on their 
platforms, Google saw a decrease in accounts taken down. A partial explanation for this 


phenomenon could be that Instagram, a wholly-owned Facebook subsidiary, was the most 


351 Adapted from @TwitterSafety, “June 2020: Disclosing Networks of State-Linked Information 
Operations We’ve Removed”; @TwitterSafety, “September 2020: Disclosing Networks to Our State- 
Linked Information Operations Archive”; @TwitterSafety, “October 2020: Disclosing Networks to Our 
State-Linked Information Operations Archive”; Facebook, “February 2020 Coordinated Inauthentic 
Behavior Report”; Facebook, “March 2020 Coordinated Inauthentic Behavior Report”; Facebook, “April 
2020 Coordinated Inauthentic Behavior Report”; Facebook, “September 2020 Coordinated Inauthentic 
Behavior Report”; Facebook, “August 2020 Coordinated Inauthentic Behavior Report”; Facebook, 
“October 2020 Coordinated Inauthentic Behavior Report”; Google Threat Analysis Group, “TAG 
Bulletin,’ August 5, 2020; Google Threat Analysis Group, “TAG Bulletin,” November 17, 2020; Ward et 
al., “Russian Election Meddling Is Back.” 
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conducive social media platform for propagating memes, which has become prevalent in 
popular culture and was also favored by the IRA.352 Another explanation was that the IRA 
might have needed to shift resources away from YouTube activities to develop the 


PeaceData and Newsroom for American and European Based Citizens outlets. 


Another method for stopping the spread of discontent in the population was for the 
private sector companies to share data from foreign influence-related account takedowns 
with third-party organizations, such as researchers and research institutions. After the 2016 
U.S. Elections, each of the companies shared data with the Senate Committee on 
Intelligence, who in turn shared it with researchers to analyze it.?5? Since that time, each 
company has shared data to varying degrees with researchers and other organizations. For 
example, in June 2020, Twitter shared information with Stanford University regarding the 
detection and takedown of Chinese, Russian, and Turkish influence campaigns on their 
platform.354 Twitter shared the data with Stanford as an objective third party to analyze 
and publish the results in service of increased transparency.??? In September 2020, 
Graphika revealed Facebook had given it data regarding the PeaceData outlet.35° In 
October 2020, Graphika received information from Facebook and Twitter regarding the 
Newsroom for American and European Based Citizens outlet.257 ^ These examples 
illustrated the social media sharing information with third parties to presumably publicize 


objective analysis regarding IRA disinformation and tactics to the public. 


All of the major social media companies took visible measures to counter political 
pressure, the second component of the Kartapolov Framework, which the IRA exerted 
through its online influence activities on the different social media platforms. These 


transparency-focused actions included the increased cadence of each company's public 


352 Leighton, “For Instagram's 10th Birthday, Experts Predict The Future Of Meme Culture”; Alina 
Polyakova, “The Kremlin’s Plot against Democracy,” Foreign Affairs, October 2020. 


353 Russian Active Measures Campaigns: Volume 1. 


354 Stanford Internet Observatory, “Analysis of June 2020 Twitter Takedowns Linked to China, 
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notifications to the general public regarding account takedowns. A secondary 
transparency-focused action was each company’s effort to enact and improve its 
advertising purchasing policies. For Facebook and Google, these improvements appeared 
to make it more difficult for foreign actors to purchase political advertisements.75° Twitter 
went the furthest of the three social media companies by banning political ads entirely in 
its November 2019 announcement.359 The third type of transparency-focused action was 
the attempt by companies to improve the labeling of content. Again, Twitter appeared to 
be the most aggressive of the three social media companies. In May 2020, Twitter 
announced that labeling would be applied to all content disputed, misleading, or 
synthetically generated.369 In June 2020, Facebook made a similar announcement and 
modified its policies to improve transparency for political content and advertisements.36! 
Thus, the private sector companies’ collective security and transparency-related actions 
seemed to diminish the impact of the Russian influence operations by preventing them 


from gaining much traction on the social media platforms. 


3. The U.S. Government’s Impact — Transparency and Private Sector 
Partnerships 


Examining the U.S. government’s actions to protect the 2020 U.S. Elections 
through the Kartapolov Framework revealed a more robust response than in 2016. For the 
first element of the framework, spreading discontent across the populace, the U.S. 
government took a range of security and transparency-related actions to impede Russian 
influence operations. Likely the most significant action was the FBI’s reported information 


sharing with the social media companies on at least four occasions, which led to the 


358 Facebook, “Facebook - Preventing Election Interference”; Google Threat Analysis Group, 
“Google Safety & Security.” 
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companies identifying and taking down multiple clusters of IRA-controlled accounts.362 
In addition, the U.S. government meeting with the private sector companies on at least two 
separate occasions to share information on threat trends may have added context and 
atmospherics to enhance the companies’ detection methods.363 Finally, the report issued 
by the State Department's Global Engagement Center in August 2020 may be regarded as 
a U.S. government transparency effort to expose Russian disinformation tactics to the 
American public and blunt the impact of these tactics.364 In general, the U.S. government 
appeared more actively engaged with the social media companies ahead of the 2020 


elections. 


For the second element of the Kartapolov Framework, exerting political pressure, 
the U.S. government took a series of measures, which may have diffused the pressure that 
Russia was trying to apply through its information operations. The FBI's Protected Voice 
Initiative, which provided cybersecurity training to the national level political parties and 
presidential campaigns, was coupled with the classified threat briefings to the same 
organizations provided by National Counterintelligence and Security Center's Director 
William Evanina.265 Furthermore, the FBI modified its victim notification process by 
including designated state-level election officials when notifying local or county-level 
election officials of cybersecurity issues.?66 Finally, the highly detailed joint NSA/FBI 


cybersecurity advisory regarding the Drovorub malware exposed one of the Russian 


362 @TwitterSafety, “September 2020: Disclosing Networks to Our State-Linked Information 
Operations Archive"; @TwitterSafety, “October 2020: Disclosing Networks to Our State-Linked 
Information Operations Archive"; Facebook, “September 2020 Coordinated Inauthentic Behavior Report"; 
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Wagner, “Facebook Meets With FBI to Discuss 2020 Election Security.” 
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365 Federal Bureau of Investigation, “Combating Foreign Influence”; Office of the Director of 
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366 Federal Bureau of Investigation, “FBI Announces New Policy for Notifying State and Local 
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military's most potent cyber weapons, providing organizations with time to protect 
themselves ahead of the elections.367 This combination of actions by the U.S. government 
probably ensured no significant data breaches at any national-level political parties or 


campaigns during the 2020 U.S Elections. 


For the third element of the Kartapolov Framework, confusing the political 
leadership, the U.S. government, both the executive and legislative branches, appeared to 
be focused and decisive in its endeavors to safeguard the 2020 U.S. Elections. In September 
2019, the Republican-chaired Senate Commerce Committee called a hearing with senior 
executives from Facebook, Google, and Twitter to learn about their progress in removing 
disinformation and violent content from their platforms.368 The following year, public 
statements made by NCSC Director William Evanina in July 2020 and August 2020 gave 
a clear indication that the U.S. Intelligence Community was aware of Russian activities 
targeting the elections and decided to inform the American public.369 In a similar vein, on 
the day after the elections closed, Christopher Krebs, Director of the Cybersecurity and 
Infrastructure Security Agency, stated that the U.S. government had “no evidence any 
foreign adversary was capable of preventing Americans from voting or changing vote 
tallies."370 In October 2020, the Department of Justice indicted six officers in the Russian 


Military Intelligence Unit 74455, responsible for hacking attacks in Georgia and Ukraine, 


367 Dan Goodin, *NSA and FBI Warn That New Linux Malware Threatens National Security," Ars 
Technica, August 13, 2020, https://arstechnica.com/information-technology/2020/08/nsa-and-fbi-warn- 
that-new-linux-malware-threatens-national-security/. 


368 September 18, 2019. 


369 William Evanina, "Statement by NCSC Director William Evanina: 100 Days Until Election 
2020,” Office of the Director of National Intelligence, July 24, 2020, https://www.dni.gov/index.php/ 
newsroom/press-releases/item/2135-statement-by-ncsc-director-william-evanina-100-days-until-election- 
2020; William Evanina, “Statement by NCSC Director William Evanina: Election Threat Update for the 
American Public," Office of the Director of National Intelligence, August 7, 2020, https://www.dni.gov/ 
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and the Winter Olympics in South Korea.?7! Some of these GRU officers had been 
previously indicted for hacking the Democratic National Committee in 2016.372 
Interestingly, the Department of Justice highlighted the assistance ofthe threat intelligence 
teams from Google and Cisco for this indictment.373 Additionally, the report on Russian 
disinformation tactics issued by the State Department and the joint cybersecurity advisory 
issued by the NSA and FBI rounded out the U.S. government's multi-agency approach to 


exposing malign Russian activities through different avenues. 


E. VOTER TURNOUT IN THE 2020 ELECTIONS 


The two most important indicators of a secure and successful election were high 
voter turnout and no evidence of systemic voter fraud. The Pew Research Center 
determined that 2020 had the highest voter turnout since 1960, with approximately 158 
million Americans casting ballots.374 Table 9 shows a comparison in voter turnout 
between 2016 and 2020, both of which were presidential election years. In addition, 
multiple news organizations and think tanks on both sides of the aisle reported that the 


2020 U.S. elections were free of any systemic voter fraud, impacting the results.37> 


371 Department of Justice, “Six Russian GRU Officers Charged in Connection with Worldwide 
Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace," Department of Justice, 
October 19, 2020, https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide- 
deployment-destructive-malware-and. 


372 Department of Justice. 
373 Department of Justice. 
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Table 9. | Comparison of Overall Voter Turnout for Presidential 
Elections.376 


Election Year Number of Voters Turning Out Percentage of Voter Turnout 
2016 137,500,000 61.496 
| 2020 | 158,000,000 | 66.2% | 
Change | *20,500,000 | 4.896 | 


It is still unclear whether the IRA's operations contributed to the record number of 
Americans to vote or suppress turnout among Black voters in 2016. The U.S. Census 
Bureau will not have an analysis of voter demographics for the 2020 elections until late in 
2021. Despite the lack of demographic data for 2020, the Russian attempts to depress voter 


turnout were unsuccessful as Americans turned out in record numbers. 


F. CONCLUSIONS FROM THE 2020 U.S. ELECTIONS 


Reflecting on the 2020 elections, three main themes emerged. First, the Russians 
continued their efforts to target the U.S. elections while shifting tactics to avoid detection. 
Second, the social media companies, along with news media and research organizations, 
were able to identify and disrupt the evolving Russian disinformation campaigns. Third, 
the U.S. government was a more active player in securing the elections, primarily through 
its information sharing with the social media companies, political organizations, and the 


American public. 


Despite the best efforts of the Russians, social media companies, news media, and 
research organizations were able to detect, expose, and disrupt the activities of the Internet 
Research Agency and their other online groups, namely Secondary Infektion and the GRU. 
Although America's private sector may have been caught unaware during the 2016 


elections, it was on heightened alert ahead of 2020, with the noteworthy efforts of CNN, 


376 Adapted from DeSilver, “Turnout Soared in 2020 as Nearly Two-Thirds of Eligible U.S. Voters 
Cast Ballots for President"; Krogstad and Lopez, “Black Voter Turnout Fell in 2016.” 
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Reuters, and Graphika exposing Russian disinformation activities and paving the way for 


the social media companies to shut down their social media accounts. 


The U.S. government's response to the Russian influence campaign appeared more 
robust before the 2020 elections than in the 2016 or 2018 elections. These efforts comprised 
a series of transparency and security-related measures. The most important actions taken 
by the U.S. government may have been the information sharing with the social media 
companies to expose Russia's different operations and shut down its accounts. In addition, 
the U.S. government's information-sharing may have helped the social media companies 
secure their platforms by identifying malign Russian influence activities. At first glance, 
the U.S. government's other responses, such as economic sanctions and indictments, may 
not seem impactful because the United States does not have an extradition treaty with 
Russia. As a result, the sanctioned or indicted individuals may never be brought to justice 
in the U.S. court system. However, a critical role of sanctions and indictments is to provide 
transparency, i.e., factual narratives of the crimes perpetrated by Russia that informs the 


American public. 


It took the collaborative efforts of the private sector, in the form of social media 
companies, researcher organizations, and news media, and the public sector, in the form of 
the executive and legislative branches of the U.S. government, to turn back the Putin- 
sanctioned disinformation operations which were targeting the 2020 U.S. elections. These 
collective actions were viewed through the lens of the Kartapolov Framework to determine 
their effectiveness in countering Russian influence operations. The next chapter will 
identify and examine the most effective countermeasures and provide recommendations 


for safeguarding future elections. 
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IV. CONCLUSIONS AND RECOMMENDATIONS TO COUNTER 
RUSSIA IN THE FUTURE 


The problem of foreign actors trying to influence the American electorate 
is not going away and, given the current partisan divides in this country, 
may find fertile ground in which to grow in the future. 


— Mark Warner, March 16, 2021 


Senator Warner, Chair of the Senate Intelligence Committee, made the above 
statement after the Office of the Director of National Intelligence released its report 
appraising foreign threats to the 2020 U.S. elections. This report, backed by the entire U.S. 
Intelligence Community, assessed that Russia was actively trying to influence the elections 
through information operations.?77 Furthermore, the report forecasts Russia will continue 
to interfere in future U.S. elections to degrade the United States’ global credibility and 
weaken its influence overseas.?78 In anticipation of the continued Russian influence threat, 
this chapter provides a final summation of the American efforts to protect the 2020 
elections and concludes which efforts were the most effective. Based on these conclusions, 
recommendations have been proposed to protect future U.S. elections. These 
recommendations are derived, in part, from proposals by subject matter experts in a variety 


of fields. 


A. CONCLUSIONS - THERE IS NO END GAME 


The major social media companies and the U.S. government's efforts to protect the 
2020 U.S. elections against Russian malign influence campaigns appeared to be generally 
successful. Using the Kartapolov Framework in this thesis provided a systematic method 
to analyze the effectiveness ofthe American countermeasures qualitatively. As a reminder, 
the framework is a mental model devised by Thomas Wilhelm, a U.S. Army researcher, to 


understand better the Russian military's perspective in conducting information operations 


377 Office of the Director of National Intelligence, "Intelligence Community Assessment on Foreign 
Threats to the 2020 U.S. Federal Elections," 2. 


378 Office of the Director of National Intelligence, 5. 
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to further its objectives.379 The most effective measure taken by the major social media 
companies was the rapid detection and takedown of fake accounts and content generated 
by the Internet Research Agency and other Russian proxies. The social media companies’ 
other efficacious efforts included publicizing these account takedowns, which promoted 
transparency to the American public, and partnering with other organizations, such as news 
media and researchers, to expose Russian influence activities which were not on the social 
media platforms. The most effective measure taken by the U.S. government was likely its 
information-sharing efforts with the social media companies to help them identify 
previously unknown Russian influence activities on their platforms. The U.S. 
government's other effective efforts included its initiative to inculcate good cybersecurity 
practices among the national-level political parties and campaigns and regular public 


messaging about malign influence activities to the American populace. 


The Internet Research Agency resembled a professional marketing firm that 
employed both technology and psychology to maximum effect.389 It took advantage of 
easy-to-use social media platforms to reach millions of U.S. citizens.8! The IRA 
recognized the existing dissension among different sectors of the American population and 
exploited it to drive people further into tribalism.382 Over the past several years, the IRA 
honed its skills and precisely identified specific in-groups it wanted to influence. On the 
right side of the political spectrum, the IRA focused on issues such as illegal immigration, 
gun rights, religious freedom, anti-abortion, and the general fear of change.783 Although 
challenging, if not impossible to quantify, the IRA's influence activities may have 
reinforced these people's in-group beliefs, which could have potentially activated them to 
vote for Trump. On the left side of the political spectrum, the IRA appeared to play on the 


fears and frustrations of the more racially and ideologically diverse group to suppress voter 


379 Wilhelm, *A Russian Military Framework," 33. 
380 DiResta et al., The Tactics & Tropes of the Internet Research Agency, 6. 


381 Howard et al., The IRA, Social Media, and Political Polarization in the United States, 2012—2018, 
39. 


382 Report on Russian Active Measures, 4. 


383 DiResta et al., The Tactics & Tropes of the Internet Research Agency, 99. 
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turnout.284 The IRA's main shift in tactics from 2016 to 2020 was its creation of fake 
news outlets appealing to far-right conservatives, in the form of the Newsroom for 
American and European Based Citizens, and ultraliberals, in the form of the PeaceData 
site.385 Ostensibly, the IRA’s rationale for this shift was to control its own content and 
avoid the aggressive disruption tactics of the major social media companies. The IRA's 
other significant shift was to use indigenous workers in other countries to mask its true 
identity, explicitly creating the front organization known as Eliminating Barriers for the 


Liberation of A frica.386 


The Internet Research Agency's role in influencing the 2016 and 2020 U.S. 
Presidential Elections may have been marginal but still impactful. That being said, the 
IRA’s influence in 2020 was significantly diminished compared to its efforts in 2016. The 
primary reason was that the IRA’s activities were unnoticed and unconstrained in 2016 but 
were quickly detected and disrupted in 2020 by the major social media companies and the 
U.S. government. One of the IRA's primary goals was to suppress Black voter turnout.387 
An illustrative statistic was the decline of Black voter turnout in 2016 by seven percent 
compared to the 2012 elections.388 In 2020, Black voter turnout rebounded by four percent 
over the 2016 levels.389 In addition, other minority groups had significant increases in 
voter turnout for 2020. Hispanic voter turnout increased by six percent, and Asian voter 


turnout increased by ten percent.399 These 2020 turnout results showed the ineffectiveness 


of the IRA’s efforts. 


384 Howard et al., The IRA, Social Media, and Political Polarization in the United States, 2012-2018, 


3. 

385 Graphika Team, Step Into My Parler, 2; Nimmo et al., “IRA Again: Unlucky Thirteen,” 1. 

386 Ward et al., “Russian Election Meddling Is Back.” 

387 Howard et al., The IRA, Social Media, and Political Polarization in the United States, 2012-2018, 
18. 


388 Krogstad and Lopez, “Black Voter Turnout Fell in 2016.” 


389 William H. Frey, Turnout in 2020 Election Spiked among Both Democratic and Republican Voting 
Groups, New Census Data Shows (Washington, DC: Brookings, 2021), https://www.brookings.edu/ 
research/turnout-in-2020-spiked-among-both-democratic-and-republican-voting-groups-new-census-data- 
shows/. 


390 Frey. 
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Many factors are at play when trying to measure the effects of Russia's influence 
operations. First-order effects include real users interacting with inauthentic content, 
Russian-bot amplification of divisive organic content, and IRA-controlled accounts 
communicating directly with real users. Second-order effects include changes to the social 
network itself by the actions mentioned above and contemporaneous sociopolitical events 
influencing discussions. Due to how the U.S. Electoral College process awards presidential 
electoral votes, the U.S. Presidency was decided by about 78,000 votes combined across 
Michigan, Pennsylvania, and Wisconsin for 2016.39! In 2020, Biden won the presidency 
by about 45,000 votes combined across Arizona, Georgia, and Wisconsin.??2 In both 
presidential elections, voter turnout was near historical highs.393 In order to protect future 
elections in the United States, a whole-of-society approach will be needed to counter 


malign influence from Russia and other adversarial nation-states. 


B. RECOMMENDATIONS FOR PROTECTING FUTURE ELECTIONS 
FROM RUSSIAN INTERFERENCE 


Like the Cold War’s nuclear arms race, the United States may be in a new 
information operations race with Russia. Based on the evaluation of the Russian actions 
and the effectiveness of the American responses, this section makes recommendations for 
protecting future elections that have been drawn from experts in the U.S. government, non- 
governmental organizations, and academic institutions. The three types of possible actions 
are broadly categorized as security, transparency, and resiliency measures.??^ Social 
media companies and the U.S. government have mainly focused on the first two types of 
measures: security and transparency. Although these measures proved to be successful for 


the 2020 elections and are essential to safeguarding our democracy and the public 


391 Dante Chinni, “Did Biden Win by a Little or a Lot? The Answer Is ... Yes.," NBC News, 
December 20, 2020, https://www.nbcnews.com/politics/meet-the-press/did-biden-win-little-or-lot-answer- 
yes-n1251845. 


392 Chinni. 
393 Frey, Turnout in 2020 Election Spiked; Krogstad and Lopez, “Black Voter Turnout Fell in 2016.” 


394 Cederberg et al., National Counter-Information Operations Strategy; DiResta and Grossman, 
Potemkin Pages & Personas: Assessing GRU Online Operations, 2014—2019; King and Gallagher, 
Cybersecurity Lessons from the Pandemic; Report on Russian Active Measures; Russian Active Measures 
Campaigns: Volume 1. 


94 


Page 1430 of 3957 


Page 1431of 3957 


perception of fair elections, they may not be sufficient for future elections because of the 
current political rancor in the United States. To that end, resiliency measures will be the 


third critical component to promote a flourishing American democracy. 


1. Security Measures 


Security measures serve three purposes: (1) prevention of disinformation or data 
breaches, (2) deterrence of damaging actions or operations, and (3) punishment of criminal 
or other harmful actions.395 These recommendations came from an evaluation of U.S. 
government and private sector actions taken to counter the efforts of the Internet Research 
Agency and other Russian actors. The most impactful measures against the evolving threat 
from Russian information operations were distilled from various U.S. government, non- 
governmental organizations, and academic literature. The proposed security measures, 
summarized in Table 10, include enhanced cybersecurity, enhanced disinformation 
detection, economic sanctions, information sharing, and the establishment of a fusion 
center. Items highlighted in yellow are existing measures. Items highlighted in green are 


new proposed measures. 


395 Bodine-Baron et al., Countering Russian Social Media Influence, 12; U.S. Congress. Senate Select 
Committee on Intelligence, Russian Active Measures Campaigns: Volume 1, 54. 
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Table 10. Security Measures for Countering Russian Information Operations. 


Measure Description Responsibility 
Enhanced Cybersecurity Build up cyber expertise and defenses to e Government 
prevent breaches of election infrastructure e Private Sector 


and other government infrastructure. 296 


Economic Sanctions Deter malicious activities and impose costs for | èe Government 
actors who seek to interfere in U.S. elections 


and the democratic process.398 


The first recommendation is for the U.S. government to continue providing 
cybersecurity training and briefings to relevant stakeholders. The Russians did not cause 


any significant data breaches of any national-level political organizations or campaigns for 


396 Adapted from O'Connor et al., Cyber-Enabled Foreign Interference, 6; Russian Active Measures 
Campaigns: Volume 1, 55; Report on Russian Active Measures, 121—22. 


397 Adapted from Bodine-Baron et al., Countering Russian Social Media Influence, 12; Cartwright, 
Weir, and Frank, “Fighting Disinformation Warfare with Artificial Intelligence," 73. 


398 Adapted from Cederberg et al., National Counter-Information Operations Strategy, 11; 
Polyakova, “The Kremlin's Plot against Democracy.” 


399 Adapted from Cederberg et al., Vational Counter-Information Operations Strategy, 12; Hanlon, A 
Long Way to Go, 10; O'Connor et al., Cyber-Enabled Foreign Interference, 6. 


400 Adapted from Cederberg et al., National Counter-Information Operations Strategy, 12; Terry L. 
Thompson, *No Silver Bullet: Fighting Russian Disinformation Requires Multiple Actions," Georgetown 
Journal of International Affairs 21 (2020): 182—94, https://doi.org/10.1353/gia.2020.0033. 


96 


Page 1432 of 3957 


Page 1433 of 3957 


the 2020 U.S. Elections. Some of this success can be attributed to the cybersecurity training 
and briefings provided to the political organizations and campaigns by the FBI and 
DHS.40! The prevention of data breaches in the future will mean less fodder for the 
Russians or other adversarial governments to incorporate into disinformation campaigns. 
These cybersecurity enhancement actions should continue to be used moving forward as 


technological changes happen rapidly.49 


The second recommendation calls for advanced technologies, including artificial 
intelligence, to be developed and deployed on social media and news platforms to enhance 
the detection, monitoring, and neutralization of covert malign foreign influence 
activities.493 These malign activities may take the form of disinformation content, botnet 
amplifications, or incitement of divisive issues. The neutralization can take the form of 
traditional account takedowns or marking the accounts and content with labels identifying 
their origins and providing access to sources of factual information. Advanced technology 
tools should be developed so platform companies or users may detect disinformation or 
influence activities and crowdsource the appropriate neutralization methods.4°4 The 
removal of foreign disinformation content can help promote the integrity of American free 
speech and halt the erosion of trust in the electoral process.49> Due to the First Amendment 
(free speech) and Fourth Amendment (privacy) constraints on the U.S. government, 
advanced detection and removal technologies are best employed by private sector 


companies. 406 


401 Federal Bureau of Investigation, “Combating Foreign Influence”; Federal Bureau of Investigation, 
“Protected Voices”; Office of the Director of National Intelligence, “Director of National Intelligence 
Announces Changes to Election Security Briefings.” 


402 U.S. Congress. Senate Select Committee on Intelligence, Russian Active Measures Campaigns: 
Volume 1, 55-56. 


403 Bodine-Baron et al., Countering Russian Social Media Influence, 12; Hanlon, A Long Way to Go, 
2; Marcellino et al., Foreign Interference in the 2020 Election. 


404 Cartwright, Weir, and Frank, “Fighting Disinformation Warfare with Artificial Intelligence,” 73. 


405 Suzanne E. Spaulding and Eric Goldstein, Countering Adversary Threats to Democratic 
Institutions: An Expert Report (Washington, DC: Center for Strategic and International Studies, 2018), 4, 
https://www.csis.org/analysis/countering-adversary-threats-democratic-institutions. 


406 Facebook, “The State of Influence Operations 2017-2020," About Facebook (blog), May 26, 
2021, 5, https://about.fb.com/news/202 1/05/influence-operations-threat-report/. 
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The third recommendation is the continued use of economic sanctions by the U.S. 
government. Continued sanctions by the Department of Treasury against Russian 
individuals and entities appeared to have had a significant impact on Russia as a security 
measure. As anecdotal evidence, one of the primary discussion topics at the infamous 
Trump Tower meeting was supposed to be the previously mentioned Magnitsky Act.407 
This act imposed severe financial sanctions on the close allies of Putin and continues to be 
a thorn in his side.498 The sanctions imposed in 2018 may have an add-on effect to the 
Magnitsky Act.^0? Economic sanctions should continue to be part of a broad range of tools 


utilized concurrently by the U.S. government for deterrent and punitive effects. 410 


The fourth recommendation is the establishment of formal information-sharing 
mechanisms. Information sharing among different organizations is occurring, but on an ad 
hoc basis, as was seen ahead of the 2020 elections when the FBI shared information with 
the social media companies to help them detect the disinformation campaigns on their 
platforms.4!! Information sharing among relevant stakeholders in the malign foreign 
influence space should be formalized and standardized. Appropriate sharing should occur 
between social media companies, those companies and the U.S. government, and 
researchers with the U.S. government and social media companies. The Information 
Sharing and Analysis Center (ISAC) model has proven successful in different sectors for 
information sharing. One example of this is the Financial Sector ISAC (FS-ISAC).4!2 
Currently, no Social Media Sector ISAC exists. This gap is likely because of the 


competitive nature of social media companies. Still, the FS-ISAC has shown that financial 


407 Mueller, Report on the Investigation into Russian Interference in the 2016 Presidential Election, 
2019, 185. 


408 Ioffe, *Why Does the Kremlin Care So Much about the Magnitsky Act?" 
409 Rennack, U.S. Sanctions on Russia. 


410 Bodine-Baron et al., Countering Russian Social Media Influence, 12; Cederberg et al., National 
Counter-Information Operations Strategy, 12. 


411 Facebook, “September 2020 Coordinated Inauthentic Behavior Report”; Facebook, “October 2020 
Coordinated Inauthentic Behavior Report”; Google Threat Analysis Group, “TAG Bulletin,” November 17, 
2020; @TwitterSafety, “September 2020: Disclosing Networks to Our State-Linked Information 
Operations Archive.” 


412 ISAO Standards Organization, “Financial Services ISAC,” ISAO Standards Organization, 
accessed April 21, 2021, https://www.isao.org/information-sharing-group/sector/financial-services-isac/. 
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institutions can set aside rivalries for the common good. The benefit of having an 
information-sharing organization would be to establish norms and best practices for the 


private sector, in addition to sharing threat indicators for mutual benefit. 


The last recommendation is for the U.S. government to establish a National Counter 
Information Operations Center as an interagency fusion center and focal point for 
countering disinformation campaigns.4!3 The bipartisan U.S. Cyberspace Solarium 
Commission pointed out that the 2020 National Defense Authorization Act (NDAA) 
provided a provision wherein the Office of the Director of National Intelligence could form 
a “Social Media Data and Threat Analysis Center."414 This center could be modeled after 
the National Counterterrorism Center, which also operates under the Office of the Director 
of National Intelligence. The commission envisioned a center that would allow the relevant 
U.S. government elements to work alongside social media companies to combat 
disinformation.*!5 In April 2021, the Office of the Director of National Intelligence 
responded to the new legislation by announcing it was establishing “the Foreign Malign 
Influence Center “in light of evolving threats and in support of growing policy and 
congressional requirements."416 As of the writing of this thesis, no further details have 
been provided by ODNI, but the announcement appears to be in line with the functionality 


of the center proposed in the 2020 NDAA. 


2. Transparency Measures 


Transparency measures are designed to build trust and confidence in organizations 
by sharing relevant information with the general public.4!7 The transparency measures 


proposed include a public communications strategy, content labeling standards, updated 


413 Cederberg et al., National Counter-Information Operations Strategy, 12; Thompson, “No Silver 
Bullet." 


414 King and Gallagher, Cybersecurity Lessons from the Pandemic, 12. 
415 King and Gallagher, 12. 


416 Martin Matishak, "Intelligence Community Creating Hub to Gird against Foreign Influence," 
Politico, April 26, 2021, https://www.politico.com/news/2021/04/26/intelligence-community-hub-foreign- 
influence-484604. 


417 Cederberg et al., National Counter-Information Operations Strategy, 12. 
99 


Page 1435 of 3957 


Page 1436 of 3957 


political advertising and campaign finance laws, and transparency reporting. Table 11 
summarizes the proposed transparency measures to combat Russian disinformation 
campaigns. As with the last table, yellow highlighted items are existing measures, and 


green highlighted items are new proposed measures. 


Table 11. Transparency Measures for Countering Malign Russian Influence. 


Measure Description Responsibility 


Update Political Advertising Strengthen current statutes to improve e Government 
and Campaign Finance Laws transparency and prevent foreign entities 
from purchasing advertisements or donating 


to political campaigns. 421 


418 Adapted from Cederberg et al., 11—12; Marcellino et al., Foreign Interference in the 2020 
Election; Polyakova, *The Kremlin's Plot against Democracy." 


419 Adapted from Bodine-Baron et al., Countering Russian Social Media Influence, 12; DiResta and 
Grossman, Potemkin Pages & Personas: Assessing GRU Online Operations, 2014—2019, 2; Hanlon, A 
Long Way to Go, 6; Thompson, *No Silver Bullet." 


420 Adapted from DiResta and Grossman, Potemkin Pages & Personas: Assessing GRU Online 
Operations, 2014—2019, 1; Hanlon, A Long Way to Go, 1; Thompson, “No Silver Bullet.” 


421 Adapted from Cederberg et al., National Counter-Information Operations Strategy, 12; Report on 
Russian Active Measures, 127. 
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First, a public communications strategy would be a whole-of-government plan to 
effectively counter disinformation and propaganda campaigns being waged against the 
American populace.422 An effective strategy would involve providing counter-narratives 
using factual information across various mediums to ensure the public received it, such as 
through news media and social media outlets.423 It would also involve exposing false or 
misleading content and the origins of this information so Americans could understand how 


they were being targeted.424 


Second, the private sector companies should also standardize and expand their use 
of labeling for disinformation, misleading content, and the origins of content.4225 This 
change would allow users to decide for themselves how to think about and handle the 
content. As an example, Twitter and Facebook have started labeling misleading tweets and 
posts by government officials.^26 The Foreign Agent Registration Act (FARA) is the U.S. 
government's version of what Twitter is doing regarding labeling.42”7 FARA mandates 
that all agents of foreign governments register with the Department of Justice and ensure 
all of their content in advertising or other messaging is prominently labeled.428 However, 
this statute was enacted in 1938 and could use an update to consider current malign 
influence efforts by Russia and other countries.429 Congress should provide legislative 


fixes to enhance the transparency of foreign involvement with U.S. officials or political 


422 Cederberg et al., National Counter-Information Operations Strategy, 11. 
423 Cederberg et al., 11. 


424 Marcellino et al., Foreign Interference in the 2020 Election; Polyakova, *The Kremlin's Plot 
against Democracy." 


425 Hanlon, A Long Way to Go, 6. 
426 Facebook, “Facebook - Preventing Election Interference”; Twitter, “Elections Integrity.” 


427 Jessica Brandt and Josh Rudolph, Spies and Money: Legal Defenses Against Foreign Interference 
in Political Campaigns (Washington, DC: Alliance for Security Democracy, German Marshall Fund, 
2021), https://securingdemocracy.gmfus.org/spies-and-money-legal-defenses-against-foreign-interference- 
in-political-campaigns/. 


428 Brandt and Rudolph. 


429 Carolyn Kenney, Max Bergmann, and James Lamond, Understanding and Combating Russian 
and Chinese Influence Operations (Washington, DC: Center for American Progress, 2019), 8, 
https://www.hsdl.org/?view&did=822729. 
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candidates.439 This addendum includes foreign businesses and consultants who support 
political campaigns, as well as the disclosure of any financial interests a political candidate 


may have overseas. 


Third, transparency reports are the key mechanism for private sector organizations 
to share information with the American public.43! These reports should be expanded to 
include more nuanced details about foreign influence activities detected and thwarted on 
social media platforms. All social media companies should also make public their entire 
archives of malign covert influence content that was taken down.432 These archives will 
enable general users, as well as researchers and non-governmental organizations, to 
analyze the data and provide reports to the American populace. The relationship between 
the companies and the researchers can help the companies build capacity to analyze malign 


foreign influence efforts and earn public trust from engaging with independent researchers. 


Last, both political advertising and campaign finance laws should be strengthened 
by closing loopholes to identify the buyers and donors more quickly while also considering 
the exponential growth of online platforms for advertising and fundraising.433 Current 
technology advancements have allowed foreign entities to anonymize or obscure their 
identities and origins. The House Intelligence Committee noted loopholes in current 
campaign finance laws that allow foreign entities to provide services to political 
campaigns.434 Improved political advertising and campaign finance laws will allow the 


American public to make informed decisions during the elections. 


430 McFaul, Securing American Elections, 55. 


431 DiResta and Grossman, Potemkin Pages & Personas: Assessing GRU Online Operations, 2014— 
2019, 1; Facebook, “Threat Report,” 5; Hanlon, A Long Way to Go, 1. 


432 DiResta and Grossman, Potemkin Pages & Personas: Assessing GRU Online Operations, 2014— 
2019, 1; Hanlon, A Long Way to Go, 10; Howard et al., The IRA, Social Media, and Political Polarization 
in the United States, 2012—2018, 40. 


^ 


433 Cederberg et al., National Counter-Information Operations Strategy, 12; "Page 1 - Introduction," 
n.d., 127. 


434 Us. Congress. House Permanent Select Committee on Intelligence, Report on Russian Active 
Measures, 127. 
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3. Resiliency Measures 


The last but perhaps most crucial measure for consideration is resiliency. The 2021 
Intelligence Community's annual threat assessment named Russia as one of “the most 
serious intelligence threats to the United States" and warned that the Russian government 
would continue its efforts to propagate dissension in the American populace.435 In 
combating future Russian influence campaigns, the two relevant facets of resiliency are 


improved media literacy and critical thinking for the American public.436 


Improved media literacy requires both educational and technological components. 
One study showed that media literacy education for adolescents had “more to do with 
promoting an understanding of media content and production, rather than simply forming 
habits of consumption."4?7 The government, news media, and social media companies all 
need to play a role in helping both children and adults understand media content origination 
and generation.*38 The solutions include public service announcements that are informed 
by media literacy experts, education programs for school-aged children, and career 


development or continuing education programs for adults.439 


Technological enhancements are also needed to improve media literacy. In our 
current digital age, Americans are awash with overwhelming amounts of information, 
much of which is false or misleading. A recent study showed that exposure to inaccurate 


or misleading information on Facebook might slow down or stop users' knowledge 


435 Office of the Director of National Intelligence, 2021 Annual Threat Assessment of the U.S. 
Intelligence Community, 11. 


436 McFaul, Securing American Elections, 8. 


437 Sebastián Valenzuela, Ingrid Bachmann, and Marcela Aguilar, “Socialized for News Media Use: 
How Family Communication, Information-Processing Needs, and Gratifications Determine Adolescents? 
Exposure to News," Communication Research 46, no. 8 (2016): 1111, https://doi.org/10.1177/ 
0093650215623833. 


438 Spaulding and Goldstein, Countering Adversary Threats to Democratic Institutions, 11. 


439 Cederberg et al., National Counter-Information Operations Strategy, 11; Jon Roozenbeek and 
Sander van der Linden, “Breaking Harmony Square: A Game That *Inoculates' against Political 
Misinformation,” Harvard Kennedy School Misinformation Review 1, no. 8 (2020): 1—26, https://doi.org/ 
10.37016/mr-2020-47; Spaulding and Goldstein, Countering Adversary Threats to Democratic Institutions, 
4. 
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acquisition.449 All of this content, if made by Americans, is considered free speech. A 
thornier issue is the artificial amplification of American free speech by Russia or other 
foreign actors through social media botnets.44! Artificial intelligence and other advanced 
technologies will be needed to detect and take down the Russian-controlled bots generating 
or amplifying malicious content while distinguishing it from First Amendment protected 


American speech.442 


One of the essential skills needed for each American is critical thinking, i.e., the 
ability to discern fact from fiction to make informed conclusions and decisions.44? 
Although the focus of this thesis was Russian disinformation campaigns, domestic 
disinformation operations also featured prominently ahead of the 2020 elections.444 
Critical thinking is an important measure that can be used to examine information despite 
its origin and is already being taught to some degree as a part of different school subjects 
such as language arts, mathematics, and social studies. A vital part of a good school 
curriculum should teach students how to be critical and discerning in their digital media 


consumption as references and sources for their other coursework.445 


Furthermore, Americans can learn from other democracies targeted by Russian 
propaganda. Even with the unrelenting assault of Russian information operations, the 
democracies in former Soviet Bloc countries appear to have relatively informed and 


resilient electorates because media literacy and critical thinking are indoctrinated into their 


440 Sangwon Lee and Michael Xenos, “Social Distraction? Social Media Use and Political Knowledge 
in Two U.S. Presidential Elections," Computers in Human Behavior 90 (January 2019): 22, https://doi.org/ 
10.1016/j.chb.2018.08.006. 


441 | invill and Warren, “Engaging with Others,” 3. 


442 Bodine-Baron et al., Countering Russian Social Media Influence, 12; Cartwright, Weir, and Frank, 
“Fighting Disinformation Warfare with Artificial Intelligence," 1. 


443 Spaulding and Goldstein, Countering Adversary Threats to Democratic Institutions, 11. 


444 Scott Jaspar, “Why Foreign Election Interference Fizzled in 2020,” Atlantic Council (blog), 
November 23, 2020, https://www.atlanticcouncil.org/blogs/new-atlanticist/why-foreign-election- 
interference-fizzled-in-2020/. 


445 Belinha S. de Abreu, Teaching Media Literacy, 2nd ed. (Chicago: American Library Association, 
2019), 10. 
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entire education and news media ecosystem.^4^6 European media platforms do not feature 
standardized labeling of disinformation or state-sponsored content. Though these Eastern 
European countries do not have the economic or technological advantages of the United 
States, they seem to be inoculated from the effects of Russian disinformation operations.447 
Improved media literacy and critical thinking will help Americans discern what they are 


reading to make better-informed decisions regarding elections and other vital issues.448 


During his farewell speech after serving a second term in office, George 
Washington stated, “Against the insidious wiles of foreign influence...the jealousy of a free 
people ought to be constantly awake, since history and experience prove that foreign 
influence is one of the most baneful foes of republic government.”449 Those words seem 
prescient today, well over two hundred years later. Except for an interlude from the end of 
the Cold War in 1991 to 2014, Russia has waged a campaign of information warfare to tear 
the fabric of Western democracy through wide-ranging operations on social media 
platforms targeting Americans.459 Both the U.S. government and major social media 
companies were caught flatfooted in 2016 but took a series of security and transparency 
actions since then to counter the ongoing Russian efforts targeting U.S. elections 
specifically and American democracy more broadly. Hopefully, incorporating the existing 
and proposed measures will help repair and strengthen the framework of American 


democracy for the 21* century. 


446 John R. Raines, Countering Russian Disinformation: Europe Dusts Off the Mighty Wurlitzer, E- 
Notes (Philadelphia, PA: Foreign Policy Research Institute, 2015), 6, http://www.fpri.org/docs/haines - 
_wurlitzer.pdf. 


447 Raines, 6. 
448 Spaulding and Goldstein, Countering Adversary Threats to Democratic Institutions, 12. 


449 George Washington, “Washington’s Farewell Address,” Digital History, 1796, 
http://www.digitalhistory.uh.edu/disp_textbook.cfm?smtID=3 &psid-160. 


450 Mueller, Report on the Investigation into Russian Interference in the 2016 Presidential Election, 
2019, 4; National Museum of American History, “The End of the Cold War,” Cold War Timeline, 2000, 
https://americanhistory.si.edu/subs/history/timeline/end/. 
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INFORMATION OPERATIONS AND COUNTER PROPAGANDA: MAKING A 
WEAPON OF PUBLIC AFFAIRS 


We are now at a crossroads of military public 


information. We must choose wisely which direction to 
go ... we must grow beyond conventional public 
information tactics.. develop new roles ... and more 


importantly, we must explore strategic information 
concepts that are better suited to dealing with the 
challenges of reduced military budgets and manpower, 
widespread instability around the globe, new military 
missions and revolutionary advances in communication 
technology. ' 
—Captain Mark Van Dyke 
New advances in technology have revolutionized information 
access and the way wars are fought. Broadcast media, television 
in particular, brings real-time images of war and suffering into 
American living rooms and even those in the jungle.? Like the 
Vietnam war, DESERT STORM had its daily news reports from the 
battlefield. Currently, images from Bosnia and Kosovo remind us 
of the power of broadcast media. However, unlike journalistic 
accounts of previous American war, reports from Southwest Asia 
were not limited to broadcasts from friendly territory. 

The 1991 Gulf War to eject Iragi forces from Kuwait ushered 
in a new era: real-time reporting from the battlefield. New 
technology, satellite relays in particular, allowed U.S. 
citizens to see Apache helicopter engagements in friendly zones 
as well as SCUD missile firings from the enemy's heartland. The 


battlefield of 2010 will feature imaging from space, and a 


ubiquitous media will monitor soldiers' activities throughout 
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the depth of the combat zone. In fact, current conflict in the 
Balkans portends that this new era is here to stay. 

The ongoing information revolution calls for changes not 
only in warfighting but also in policy. Information 
technologies expand conflict beyond the traditional battlefield 


and enhance opportunities to conduct asymmetric war.? 


The enemy 
can now transmit propaganda via television screens. 

We must assume that future adversaries will take full 
advantage of media broadcasts as propaganda tools. Propaganda 
in modern media will undoubtedly create greater challenges for 
military public affairs officers. As opportunities for 
manipulation of telecasts to sway public perceptions increase, 
military public affairs officers will have to struggle to carry 
out their support of the mission. In order to thwart hostile 
attempts to prejudice our broadcast media, Public Affairs must 
change its way of doing business. Indeed Public Affairs 
officers may now have to openly challenge broadcast news 
containing propaganda. To effectively neutralize broadcast news 
propaganda, Public Affairs must change its policy and the way it 
thinks about itself. 

The coming years will not bring an uncomplicated, stable 
security environment such as that of the Cold War. The future 
security environment promises challenges from weapons of mass 


destruction to Hobbesian societies featuring resource depletion, 
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rapid population growth, environmental damage, new infectious 
diseases, and uncontrolled refugee migration.* 

We can expect countries that have ripened for conflict to 
have little print media circulation beyond the city limits. A 
war-torn country's citizens who become refugees can hardly 
afford the expense of or have access to newspapers. Although an 
evicted population can not be expected to escape with radios and 
televisions, electronic broadcasts are free. The proliferation 
of inexpensive pocket radios and televisions make it plausible 
that a few refugees will have the means to pull transmissions 
from the airways. Moreover, among the instruments of power— 
diplomatic, information, economic, military-information can best 
leverage television and radio for immediate affect on the views 
of citizens and leaders on both sides of a conflict. 

This paper limits the term "media" to broadcast media, radio 
and television. The restricted definition is appropriate, 
since radio and television have the greatest potential to shape 
the future security environment. 

Public Affairs involves three activities: Command 
Information, Community Relations, and Public Information (PI). 
Command Information is the commander's responsibility to 
disseminate accurate and timely information to soldiers, their 
families, and civilian employees and other internal audiences. 


Community Relations is the Public Affairs activity that helps 


age 1471lof 3957 


Page 1472 of 3957 


civic leaders and local communities understand the military. 
Public information aims to tell the military story to a wide 
external audience. Public Information officers work with and 
support the media.’ 

This study focuses on the Public Information aspect of 
Public Affairs. It specifically recognizes the Public 
Information activity as the Public Affairs linkage to the other 
elements of information operations-civil affairs, psychological 
operations (PSYOP), command and control warfare, and electronic 
warfare. 

In information operations, Public Affairs conducts 
information campaigns designed to establish credibility with the 
media to gain support for the military mission. But Public 
Affairs proclaim that its public information campaigns are 


devoid of a most effective tool: counter-propaganda activity.’ 


KNOW PROPAGANDA 


Propaganda, in the minds of many, aims to appeal to 
prejudices by distorting facts with lies. Joint Pub 1-02 
defines propaganda as “any form of communication in support of 
national objectives designed to influence the opinions, emotions 
attitudes, or behavior of any group in order to benefit the 


8 


sponsor, either directly or indirectly. As defined, propaganda 
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is dissemination of ideas and information for the purpose of 
inducing or intensifying specific attitudes and actions. 
Although some propagandists may intentionally distort fact, 
others may objectively present information. No matter what its 
objective, propaganda attempts to persuade through rational or 
emotional appeal or through the organization of personal 
opinion.? 

Propaganda can be blatantly obvious, such as that used in 
Nazi Germany. The Germans had a complex and well-organized 
System for the spread of propaganda and the control of their 
culture. During World War II (WWII), the Germans raised their 
propaganda system to a never obtained level of sophistication. 
Headed by Joseph Goebbels, the propaganda department influenced 
most all aspects of the German culture-literature, the press, 
films, theater, music, broadcasting, tourism, advertising, and 
the arts. No where could Germany's people or soldiers escape 
the ever-present themes: Pure-blooded Aryans are the superior 
race and could not be defeated by the mixed-blooded Allies and 
their Jewish masters." 

On the other hand, it may employ subtle persuasive 
communication techniques. Propagandistic (i.e., persuasive) 
communications are not "good" or "evil" in and of themselves. 


They can be used for good, to reduce drunk driving and lung 
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cancer, while they may also seek to win elections and sell malt 
liquor.” 

This study defines counter-propaganda activity as actions to 
discredit an adversary’s use of broadcast media to support their 
national objectives by influencing the opinions, emotions, 
attitudes, or behavior of U.S. and friendly audiences. As 
defined, counter-propaganda allows for truthful, honest 
opposition to the enemy’s media borne propaganda. 

Public affairs practitioners attempt to influence target 
audiences through many propaganda techniques, including “spin.” 
Scott Rodgers cites euphemisms as a propaganda technique in 
military discourse. As examples, the MX-Missile was renamed the 
“Peacekeeper,” and “collateral damage” often means civilian 
casualties.” Reacting viscerally, public information 
practitioners blindly avoid association with the term 
“propaganda.” They fear that indulgence in any activity labeled 
propaganda will create perceptions that public information 
practitioners lie or deliberately deceive the public. This 
attempt to maintain their image has made Public Affairs officers 
overlook their own reliance on spin. 

“Disinformation” is the spin euphemism of choice for 
propaganda. The public affairs community says disinformation is 


any government-sponsored communication in which deliberately 


misleading information is passed to targeted individuals, 
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groups, or governments with the purpose of influencing foreign 
elite or public opinion. This also defines propaganda. Thus, a 
case can be made that the acknowledged public affairs mission to 
counter disinformation applies to propaganda.” 

Alvin and Heidi Toffler categorize six military propaganda 
techniques: atrocity stories, i.e. emphasis on the brutal 
torture and killing of innocent men, women and children; 
hyperbolic inflation of the stakes involved in a war, i.e. left 
unchecked, the conflict will lead to Armageddon; dehumanization 
of the opponent, i.e. the enemy leader is a heartless demon; 
polarization, i.e. those who refuse to join us are not on the 
side of right; divine sanctions, i.e. God is with us; and, 
propaganda that discredits the adversary's propaganda.» The 
latter category should be openly recognized and clearly 
designated as a vital aim of the Public Information function of 
Public Affairs. 

The shift to third-wave information warfare is underway, 
and the battle for control of information by perception 
management will intensify. The Gulf War offers classic examples 
of the use of propaganda and perception management. A young 
woman appears before television cameras and talks about babies 
being ripped out of incubators in Kuwait. Later reports linked 
the young woman to the Kuwaiti embassy, and she was apparently 


following a script. In the era of real-time broadcast, such 
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televised propaganda is going to become far more important, and 
it will be managed with far more sophistication.!é 

Public Affairs' potential role, identifying and attacking 
enemy propaganda broadcast, can be a powerful tool to shape the 
course of events in time of conflict. A counter-propaganda 
effort can get needed information to displaced populations and 
combatants. Victims in a dysfunctional society can use reliable 
counter-propaganda information to locate relief sites. On the 
other hand, counter-propaganda may restrain belligerents with 


warnings that they will be subject to punishment for war crimes. 


STRATEGIC VIEW 


Maintaining a strong military and the willingness to 
use it in defense of national and common interests 
remain essential to a strategy of engagement as we 
approach the 21st century. 
The advent of satellite-based global television broadcasting 
has created yet another arena for unconventional warfare. Live 


television coverage provides participants in armed conflicts 


with unprecedented opportunities to conduct military deception 


and shape the way distant audiences perceive events on the 
battlefield. Such "CNN Wars" are likely to become more common— 
and with disproportionately large political repercussions, 


especially in societies like the United Slates where policy- 
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making is sometimes driven by transitory public reactions to 
media images. 

Clausewitz asserted that the center of gravity is the hub of 
all power and movement: "What the theorist has to say is this: 
one must keep the dominant characteristics of both belligerents 


in mind. Out of these characteristics a certain center of 


gravity develops, the hub of all power and movement, on which 
everything depends. That is the point against which all our 
energies should be directed."!* 

National will exemplifies Clausewitz's definition of center 
of gravity. And, a nation's will, as stated by Clausewitz, is 
derived from the trinity formed by the government, the army and 
the people.” Thus modern adversaries will seek to exploit 
broadcast media to target the most susceptible element of 
national will, the people. 

Despite media influence on the people, there is little 
evidence of U.S. efforts to counter propaganda-laced news 
broadcasts. The fact is the U.S. military operates in a global 
information environment, and Americans are subject to propaganda 
influences through domestic and foreign broadcast. Nearly 
unlimited access to information threatens to prejudice opinions 
on the battlefield and at home. 

Given the wide array of possible opponents, weapons, and 


strategies, it becomes increasingly difficult to distinguish 
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between foreign and domestic propaganda in the news. Sometimes 
it is difficult to determine who is propagandizing whom. This 
new uncertainty greatly complicates the traditional public 
information role of telling the military story. 

Furthermore, the possibility arises that the very "facts" 
Of an event can be-maninniatd via multimedia techniques and 
widely disseminated by television and radio. Countering such 
manipulation will increase our ability to build and maintain 
support for military actions. In short, our Public Affairs 
practitioners should actively prepare to counter enemy 


propaganda. 


A CLEARLY DEFINED FUZZINESS 


Attacking the unabated flow of propaganda across the globe 


can further blur the functional lines between Public Affairs 
(PA) and Psychological Operations (PYSOPS). Both PA and PYSOPS 
are key elements of Information Operations. FM 100-6 defines 
Information Operations as continuous military operations within 
the Military Information Environment that enable, enhance, and 
protect the friendly force's ability to collect, process, and 
act on information to achieve an advantage across the full range 
of military operations.” 

While acknowledging that the media can dramatically affect 


strategic direction and the range of military operations, 
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military doctrine does not sanction actions intended to mislead 
or manipulate media coverage.?! However, it is widely recognized 
that visual information displayed by domestic and international 
news organizations directly and rapidly influenced the nature of 
US policy objectives and the use of military force in Rwanda, 
Somalia, and in the former Yugoslavian republics. Images from 
future conflicts will convey undeniable propaganda designed to 
disrupt or defeat friendly military operations. Without change 
in Public Affairs concepts, biased broadcast will fall in the 
gap between psychological operations and public information 
activities. 

The public affairs mission is to strengthen deterrence and 
war-fighting powers by timely, accurate and truthful 
communication to U.S. military, the American public and friendly 
foreign audiences.” Public Affairs is charged with 
communicating the military perspective to the American public, 
government, and internal military audiences.  Implied in the 
public affairs charter is the requirement to support legitimate 
efforts that gain or maintain public support for military 
operations. Also implied is the responsibility to degrade the 
impact of negative stories, false reports, and inaccuracies. 

As the primary agent for telling the military story, Public 
Affairs should be most concerned when news broadcasts distort 


military operations. Yet, military doctrine specifically denies 
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Public Affairs a counter-propaganda role. The services do 
acknowledge concern about propaganda. Joint Pub 3-53 recognizes 
the requirement to counter propaganda and makes this a 
Psychological Operations responsibility. The Joint Pub also 
makes it policy for PSYOP to use PA channels to provide facts 
that will counter foreign propaganda, including misinformation 
directed at the United States.? Juxtaposing psychological 
operations policy with Public Affairs could lead to unintended 
consequences: one military community, PSYOPS, could dupe 
another, PA. 

Psychological Operations should continue as directed in 
Joint Pub 3-53: "Operations to convey selected information and 
indicators to foreign audiences to influence their emotions, 
motives, objectives and reasoning, and, ultimately, the behavior 
of foreign governments, organizations, groups, and individuals. 
The purpose of PYSOPS is to induce or reinforce foreign 
attitudes and behavior favorable to the originator's 
objectives.”™ 

Public Information and Psychological Operations communicate 
information to civilian and military audiences to influence 
their perception of military operations. While PA communicates 
to U.S. and friendly audiences, PSYOPS targets enemy audiences. 
Both PA and PSYOPS contribute to achieving information 


dominance—the aim of Information Operations. Moreover, PA and 
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PSYOPS often communicate their messages through the same 
mediums. But, in the global information environment, neither PA 
nor PYSOPS can isolate their target audiences. Friend and foe 
will hear and view the same information. As important, news 
anchors willingly or unwittingly serve as agents for enemy 
propaganda. 

Unlike Psychological Operations, Public Affairs policy not 
only ignores a counter-propaganda requirement but also asserts 
that it has no association with propaganda. This assertion aims 
to sustain Public Affairs' cloak of credibility. This 
protective public affairs garment, however, is woven with false 
threads. An honest look at military media operations reveals 
that Public Affairs is already engaged in counter-propaganda 


activities—censorship, message shaping, and spin. 


A CASE FOR COUNTER-PROPAGANDA 


Misinformation concerning Bosnia appeared in the media 
before the ethic cleansing started. Croatian propaganda 
described Serbian nationalists as Cetniks and presented the 
World War II (WWII) Cetnik leader as a genocidal monster. Serb 
propaganda described Croatian nationalists as Ustasa, and 
suggested that the Bosnian Muslims were either Nazis or 


fundamentalists, or both.? 
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Some analysts are convinced that it was propaganda-laced 
media that ignited the ethic flames that swept across 
Yugoslavia.” Media-espoused hate themes in the former Republic 
of Yugoslavia caused citizens to demonize neighbors, friends, 
and even family. Without benefit of truth-based counter- 
propaganda, the people of Yugoslavia have continued to 
villianize each other despite their recent history of peaceful 
coexistence. 

Television has played a major role in the events leading to 
the war and disintegration of Yugoslavia. The political leaders 
in the republics blatantly used the media for their propagandist 
purposes and shaped public opinion in the direction that best 
suited their interests. During the Yugoslav era, media were 
used to support the existing political system and were 
controlled by the League of Communists in each republic.” 

The new power holders, particularly in Serbia and in 
Croatia, simply stepped in for the old regime and increased 
their influence over the media. The few independent media 
organizations were sidelined and were not able to reach such 
massive audiences as the state-controlled television and radio 
did. The media was the tool that generated nationalist 
euphoria, ethnic hatred, and war psychosis. Media organizations 
included journalists who were devoted to the most extreme 


propagandist presentations. Such was the power of the media 
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that many experts of the Yugoslav crisis are convinced that the 
war could not have erupted without media influence.?*. 

In Bosnia-Herzegovina, the media were widely controlled by 
the ruling parties. The political elite used the media to 
govern the population and support nationalistic propaganda. 
However, few alternative media emerged in the Republika Srpska 
at the end of 1995. In the government-controlled territories, 
and particularly in Sarajevo, the media had more space to 
maneuver-but often only with the help of international 
donations, which in turn created an artificial media market.? 

Broadcast news played a crucial role in events within the 
former Yugoslavia, but it helped to shape the policies of the 
international community. The war—first in Slovenia, then in 
Croatia, and finally in Bosnia-was played out in real time on 
television screens throughout the world. The images of tanks, 
refugees, concentration camps, and crimes against humanity shook 
the world and challenged the international community to do 
something.” 

In 1997, the nationalist, state-run broadcast media in 
Bosnia painted NATO peacekeepers as an “occupying force.” NATO 
commanders responded with threats to jam transmitters and then 
closed four transmission stations of Bosnian Serb radio and 
television because of what a United Nations spokesman called 


ongoing “distortion of the truth.” 
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After the takeover of the towers, rival Bosnian Serb 
fractions in Pale and Banja Luka agreed to alternate daily 
broadcasts until parliamentary elections. The television 
network served as an effective counterweight to Serbian 
propaganda broadcasts. Studio interviews with opposing 
candidates and various international election observers 
presented listeners in and outside of the cities with a clear 
picture of the campaign. Although this balanced coverage helped 
bring some moderates to power, the counter-propaganda effort was 
too little too late. 

With few independent electronic news sources and a public 
conditioned to obey authority, people readily accept what they 
are told. Obviously, leaders like Slobadam Milosevic know very 
well how to leverage broadcast media for propaganda purposes. 

He used Serb-controlled radio and television stations during his 
drive for a "Greater Serbia" to re-ignite Serb nationalism 
throughout the former Yugoslavia. Moreover, his unchecked 
messages of hate fed an international media that was hungry for 
news. 

Some say it was "words, not bullets" that sparked the 
bloodshed in Bosnia-Herzegovina. According to Michael 
Ignatieff, "long before a shot was fired in Yugoslavia, the 
media of both Croatia and Serbia were readying their populations 


to think of the other side as vermin, insects, dogs, and other 
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noisome creatures."?! 


Several analysts have gone so far as to 
suggest some government journalists ought to be tried as war 
criminals.” Through uncontested broadcast propaganda, Milosevic 
successfully isolated the public. His news railed against the 
West and Serbia's neighbors, blaming them for the country's 
woes. Serbians became more xenophobic and convinced that former 
friends where their enemies.  Counter-propaganda through 
independent media could have brought another perspective and 


offered hope by informing and educating the warring factions 


about how a democratic society works. 


NOW KOSOVO 


As of this writing, conflict rages in Kosovo. With over a 
million refugees fleeing their homes for sanctuary in nearby 
Albania and Macedonia, the U.S. military and North Atlantic 
Treaty Organization (NATO) forces are supporting a massive 
humanitarian relief effort. Yet little is being done in the way 
of counter propaganda to dispel lies and keep Kosovo's displaced 
citizens informed. 

Some refugees have transistor radios and are able to tune in 
to the British Broadcasting Corporation (BBC) World Service, 
Radio Tirana, and other stations to find out what is happening. 
But even then, the information they receive is not specifically 


geared to their needs. Reliable information is clearly not 
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coming from the government-controlled media of President 
Slobodam Milosovic. 

As NATO bombs rain on Belgrade, Serb state-run radio and 
television broadcasts call President Clinton "Adolf Clinton." 
NATO soldiers are referred to as "assassins." U.S. Secretary of 


"^? The Serb leader's 


State Madeleine Albright is "bloodthirsty. 
use of propaganda parallels that of Germay's WWII leader. 
Milosevic apparently desires to strengthen resolve of both his 
people and his military. Christopher Bennet says that “the key 
to Milosevic’s rule and an understanding of modern Serb 
nationalism is the Serbian media and their sustained campaign to 
generate national hysteria. Indeed, the Serbian media have 
played a very similar role in Milosevic’s Serbia to that played 
by the Nazi media in Hitler’s Germany, though on account of 
technological advances in the intervening half century, their 
influence has been more pervasive and more insidious.”* 

As the Serbian propaganda machine has greater access to its 
population than NATO, we can expect it to also have a greater 
influence. The Serbian people have grown up with a strong bias 
in their media, and propaganda messages have had a lifetime to 
take hold. By implanting his views without challenge, Milosevic 


easily influences the Serbian people to do what he wants or lay 


blame on others. In the case of the Serbian military, it 
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appears soldiers are willing to fight and die based on 
Milosevic's propaganda. 

Radio-Television Serbia voices its propaganda over images of 
bombed out buildings and anti-NATO rallies. This propaganda, 
which is closely controlled by Milosevic's regime, has already 
played a major role in the survival of the Yugoslav President. 
It will likely become even more crucial as the war drags on and 
life becomes more difficult. We can not afford to ignore 
Milosevic's rhetoric as it fuels nationalist frenzy.  Serbs are 
now burning U.S. flags, destroying anything that is a symbol of 
a NATO country, and claiming they are already to fight to the 
death. 

Some Serbian people may question the state radio and 
television broadcasts. But, they have few alternative messages 
that can cause serious doubt. Serbian media present a picture 
that Yugoslavia is winning the war and America and its NATO 
allies have gone mad. In the face of this distortion of the 
truth, President Clinton made an attempt at counter-propaganda. 
He sent a message to the Serbian people via satellite 
transmission. Clinton said the bombing was directed not at the 
Serbian people but at their leader. The US President's message 
contended with propaganda filters in Serbia. Most likely, few 


Serbians head the message, and even fewer believed the message. 
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The fact is that there is almost no credible information 
countering Belgrade's view of its security operations. The only 
direct Western effort to respond to this monopoly is NATO’s 
demand that Serb-controlled radio and television broadcast six 
hours of uncensored Western broadcasts a day. The majority of 
the Serbs and Kosovars rely on government station as their main 
news source, and, Milosevic can be counted on to deliver a daily 
dose of propaganda. 

After Afghanistan, Somalia, and Rwanda, we should have 
learned to make propaganda one of the first casualties in a 
conflict. Balanced reporting is effective counter-propaganda 
ammunition. News broadcasts by the BBC, Voice of America, or 
Radio Free Europe could easily carry counter-propaganda messages 
aimed at shaping attitudes about the conflict in Kosovo. 
Counter-propaganda programming tailored to the local theater 
could help dispel rumors by challenging Serbian broadcasts. It 
could also help the Serbian military and people better 
understand NATO's intervention. Despite past experiences, 
however, we have not only been slow to demonize Milosevic but 
also slow to recognize the need for a PA counter-propaganda 
program as part of our overall military strategy. 

Public affairs practitioners should give credence to how 
useful counter propaganda can be for shaping the security 


environment and alleviating crises. Better information access 
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can help reduce conflict, particularly if aimed at the 
belligerents themselves. Some human rights sources believe Serb 
security forces might be less enthusiastic in their repression 
if warned by counter-propaganda broadcasts that they may be held 


accountable for their actions. 


RECOMMENDATIONS 


In a society under assault across its entire 
infosphere, it will become increasingly difficult for 
members of that society to verify internally the truth 
or accuracy of anything.... The End State may not be 
bloodless surrender but total disruption of the 
targeted society.” 

-George Stein 

We should openly acknowledgment that Public Affairs is 
already engaged in the fight against propaganda. This can spur 
debate on a Public Affairs strategy with ends, ways and means 
that are aligned for information operations in 2010. 

The Public Information function of Public Affairs should 
include counter-propaganda operations as an objective. The aim 
should be to degrade the enemy's propaganda impact on the 
conflict and to maintain domestic and international support for 
U.S. military operations. Public Affairs must further 
legitimize its Public Information link to PYSOPS to facilitate a 


unified counter-propaganda effort. Public Information 


activities must use truth-based, counter-propaganda messages. 
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PSYOP should conduct only offensive propaganda operations-at the 
theater and below in wartime.  PSYOPS should assist Public 
Affairs with counter-propaganda activities at the strategic 
level. 

Our military has the means to support this new Public 
Affairs role. So the Public Affairs infrastructure need not 
change. Additional instructors specializing in counter- 
propaganda at the Defense Information School (DINFOS) may be 
necessary. 

Public Affairs organizations need not set up radio stations 
to conduct counter-propaganda. A number of independent media 
channels can be used for disseminating counter-propaganda 
messages. In the case of Kosovo, the BBC and Radio Tirana, 
independent media, are already transmitting Albanian-language 


broadcasts which reach much of the Balkans. 


CONCLUSION 


The howitzers of the mass media ... will not long 
remain the property of the West: The world's Skies 
will fill with private satellites, and channels of 
communications will continue to multiply....?é 

Whatever the means employed, it is questionable whether 


American public opinion can be induced to support military 


operations that do not support U.S. interests, especially when 
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adversaries use unchecked propaganda in the media to weaken 
American will. 

The anticipated wars of the future will require Public 
Affairs to actively launch counter-propaganda operations. Such 
initiative will be critical to gaining and maintaining public 
support in the global information environment of the future. The 
Information Age is merging both internal and external audiences. 
Therefore, we should accept that counter-propaganda messages 
borne in the modern media atmosphere would impact both the enemy 
and friendly public. More important, lessons form Vietnam, 
DESERT STORM, and Bosnia teach future adversaries a common 
strategy: use propaganda in the media to attack the American 
will. This strategy of demoralization will remain viable for 
the foreseeable future. 

The further the world advances toward embracing information 
technology, the less likely military Public Affairs can rely on 
traditional management of the media through censorship. A 
change in policy can bring the needed focus to public 
information objectives and support a specific counter-propaganda 
role. This does not mean that Public Affairs should mortgage 
its credibility that has been built on honesty for action 
supported by lies. To be effective tellers and protectors of 
the military story, Public Affairs must hammer out doctrinal 


change on an anvil of truth. By so doing, public information 
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operations can effectively counter propaganda in broadcast media 
and contribute to maintaining the national will for victory 


today and tomorrow. 


WORD COUNT: 4530 
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ZF011946W. 


We have completed a mandatory declassification review in accordance with Executive Order (EO) 
12958, as amended. As a result of our review, information has been sanitized and nine pages of records 
are denied in their entirety as the information is currently and properly classified SECRET and 
CONFIDENTIAL according to Sections 1.2(a)(2), 1.2(a)(3) and 1.4(c) of EO 12958, as amended. This 
information is exempt from the public disclosure provisions of the FOIA pursuant to Title 5 U.S. Code 
552(b)(1). On March 9, 1999, the President exempted the file series in which these records are 
maintained from the automatic declassification provisions of EO 12958, Section 3.4, as amended, 
pertaining to classified records more than 25 years old. It is not possible to reasonably segregate 
meaningful portions of the withheld pages for release. The records are enclosed for your use. A brief 
explanation of the applicable sections follows: 


Section 1.2(a)(2) of EO 12958, as amended, provides that information shall be classified 


SECRET if its unauthorized disclosure reasonably could be expected to cause serious damage 
to the national security. 
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2. 


Section 1.2(a)(3) of EO 12958, as amended, provides that information shall be classified 
CONFIDENTIAL if its unauthorized disclosure reasonably could be expected to cause 
damage to the national security. 


Section 1.4(c) of EO 12958, as amended, provides that information pertaining to intelligence 
activities, intelligence sources or methods, and cryptologic information shall be considered for 
classification protection. 


Since the release of the information would result in an unwarranted invasion of the privacy rights of the 
individuals concerned, this information is exempt from the public disclosure provisions of the FOIA per 
Title 5 U.S. Code 552 (b)(6). 


In addition, we have sanitized information that would reveal the identity of confidential sources. This 
information is exempt from public disclosure pursuant to Title 5 U.S. Code 552 (b)(7)(D) of the FOIA. 
The significant and legitimate governmental purpose to be served by withholding is that a viable and 
effective intelligence investigative capability is dependent upon protection of confidential sources. 


The withholding of the information described above is a partial denial of your request. This denial 1s 
made on behalf of Major General John Defreitas, III, the Commanding General, U.S. Army Intelligence 
and Security Command, who is the Initial Denial Authority for Army intelligence investigative and 
security records under the FOIA. You have the right to appeal this decision to the Secretary of the Army. 
If you wish to file an appeal, you should forward it to this office. Your appeal must be postmarked no 
later than 60 calendar days from the date of this letter. After the 60-day period, the case may be 
considered closed; however, such closure does not preclude you from filing litigation in the courts. 


We have been informed by the FBI that their information is exempt from public disclosure pursuant to 
Title 5 U.S. Code 552 (b)(1) of the FOIA. 


The withholding of the information by the FBI constitutes a partial denial of your request and you have 
the right to appeal this decision. If you decide to file an appeal, it should be sent to the Co-Director, 
Office of Information and Privacy, U.S. Department of Justice, 1425 New York Avenue, Northwest, Suite 
11050, Washington, DC 20530-0001 within 60 days from the receipt of this letter. The envelope and the 
letter should be clearly marked "Freedom of Information Appeal" or Information Appeal." Please cite 
FBI FOI/PA #429014 assigned to your request so that it may be easily identified. 


We are forwarding a copy of this letter to the FBI (FOI/PA #429014). 

During the processing of your request, information was disclosed which is under the purview of 
another government agency. This office has no authority to release this record and it is being referred, 
along with your request, for appropriate action under the FOIA, and direct reply to you. 

Additionally, we are coordinating with other government agencies concerning the releasability of their 


information contained in the records. We will inform you as to the releasability of the information upon 
completion of our coordination. 
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ET 


If you have any questions concerning this action, please feel free to contact this office at 
(301) 677-6410. Please refer to case #123F-06. 


Sincerely, 


Susan J. Butterfidld b 

Director 

Freedom of Information/Privacy Office 
Investigative Records Repository 


Enclosure 
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o DOSSIER NO. zro119.. W 


Vol 1 of 7 Vols 


As of 18 Sep 85 all material included 
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IA (HQ) Form 2214 Replaces MIIA Fm 315, 1 Jun 75, which may be 
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TRANSMITTAL OF MATFRIAL TO IRR* - 
*NOTE: This form is not mired when material is forwarde. to IRR with DA Form 2784-R, 
rp may be used as a supplement to DA Form 2784-R to provide additional 


2. FROM: 


) Records Processing Division Director x 
Special Records Díviston oa ey 
AIAO05 


PERSONAL/IMPERSONAL SUBJECT (Establish dossier or add material to existing dossier) 


&. SUBJECT: Internal Counterintelligence Program (ICIP) 


d. SSN: 
e. Altas/Nee 


Name/Impersonal Title Alias/Nee 
USASA FIELD STATION, BERLIN 
DLI, PRESIDIO OF MONTERREY, CA 
DET N, USASA FIELD STATION AUGSBURG, GE 
USA MISSILE COMMAND, REDSTONE ARSENAL, AL 
ABERDEEN PROVING GROUND, ABERDEEN, MD. 
WHITE SANDS MISSILE RANGE, NM 
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(X) Files (3 Attached material meets retention 
criteria of AR 381-10 

( ) Account Number: ( ) Material contains financial data under 
criteria of AR 190-6 
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CASE CLOSED 


dossier materíal only; enter data 

required by para 3-4, AR 381-45) ( ) AR 190-6 
Category I 
Paragraph 3-2b(3), AR 381-45 ( ) AR 381-10 
Cannot be pre-determined 


See Block 4 : ( ) AR 381-45 


Dossier No: 


Aging Criteria: 


IA(HQ) Form 2201-R, 1 Now 84 (Replaces IA(HQ) Form 2201, 1 May 78, which is obsolete 
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‘TROL NUMBER 


, l l ACTlUw SHEET 


SE 
SUBJECT OFFICE SYMBOL SUSPEN 
DAMI-DOI-S 


Quarterly ACIP Report DATE 
18 October 1972 


ACTION REQUIREO 


To provide USofA with the third quarte 


MEMORANDUM FOR RECORD.  ( Describe briefly the requirement, background and action taken or recommended. Must be sufficiently detailed to identify 


tke action without recourse to other sources. ) 


l. BACKGROUND: 


a. By Memorandum dated 8 February 72, the Under Secretary of the Army requested the 
Vice Chief of Staff, US Army to provide quarterly reports on all ACIP's (BLUE TAB B). 


b. The second quarterly report, which contained a specially requested additional 
analysis, was submitted to the Under Secretary of the Army on 1 August 72 (BLUE TAB c).* 


c. Written input from USAINTC for the current quarterly report is attached at 
BLUE TAB D. 


2. DISCUSSION: Memorandum at BLUE TAB A to Under Secretary of the Army through the 
Vice Chief of Staff, US Army, provides required third quarterly report as desired by 
USofA memorandum of 8 February 1972. 


3. RECOMMENDATION: That Memorandum (BLUE TAB A) be approved and signed. 


# Second Quaergez 
ACIPS pms FOURTH 
REPORT: 


Y REPORT PROMISED A tom PLETE ANALYSIS BF 
PUARTERLY REPORT. THIS 73 THIRD QERRTER'S 


(Continue on plain bond) 


IMPLICATIONS CINFO ves [] No[)] PRIM PROGS ves [7] no [ ] BUDGET ves [ ] uo [ ] 


COORDINATIONS APPROVALS 


OFFICE NAME PHONE INITIALS DATE 
8R ES [$S x772 
DIY — 


INA A- F4 
EX A 


DISPATCHED (DTG) 


ACTION OFFICER (Name, grade, phone and signature) 


W. WEBB, MAJ/57471 NA Oe 


(EE elim recraceo UNCLASSIFIED 


WHEN SEPARATED FROM CLASSIFIED 


ACS! FORM 28, 13 Sep 71 
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DOCUMENT 


Off-post Information 


: .CURRENT ACIP OPERATIONS | 
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ACIP NUMBER OF 
LOCATION NICKNAME DATE APPROVED. SOURCES 
 Edgewood Arsenal, CANAL LOOP 16 February 72. 5 
Maryland 
Fort Ritchie, CANARY EFFORT 16 February 72 3 
Maryland 
Fort Bliss, Texas CANCER PORCH 28 December 71 1 
(Language School) 
Fort Ord, California CANDID FROLIC 21 December 71 2 
Fort Monmouth, New CENTRAL TAXI 16 February 72 3 
Jersey = 
Aberdeen Proving GONDOLA STAR 16 February 72 2 
Grounds, Maryland 
Picatinny Arsenal, GONG SILK 16 February 72 3 
New Jersey 
Philadelphia, Penn- LANDLESS TIME 19 January 72 4 
sylvania (Electronics 
Command) 
Washington, D.C. LANYARD MOOD 22 December 71 0 
(Language School) 
Carlisle Barracks, LENIENT CLOUD 16 February 72- 4 
Pennsylvania (Army War 
College) 
Presidio of Monterey, LENTIL MONKEY 26 October 71 3 
California 
TOTALS 11 11 30 


There were no instances in which information on non-affiliated civilians was collected 
-off-post. ` Classified by__PAMI-DO 
SCHEDULE OF EXECUTIVE ORDER 11652 
AUTOMATICALLY DOWNGRADED AT TWO YEAR 
h INTERVALS 
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DEPARTMENT OF THE ARMY 
HEADQUARTERS 

U. S. ARMY INTELLIGENCE COMMAND 

FORT HOLABIRD. MARYLAND 21219 


act 1972 
ICDISO-OC 16 


SUBJECT: Quarterly Reporting of Aggressive Counterintelligence Program 
(ACIP) Operations (U) 


HQDA (DAMI-DOI-S) 
WASH DC 20310 


1. (U) References: 
a. Ltr, DAMI-DOI-S, 8 Mar 72, subject as above. 
b. Ltr, ICDISO-OC, 18 Apr 72, subject as above. 


2. (U) In compliance with reference a, above, the ACIP quarterly report 
for the period 1 July - 30 September 1972 is forwarded herewith. 


3 ALICE) The following operational and administrative control measures 
remain in effect concerning all reported ACIP to assure compliance with 
DOD and DA policies relative to the acquisition of information on non- 
DOD affiliated personnel: 


a. Each ACIP is restricted to on-post target coverage of DOD 
affiliated personnel and utilizes employees or military personnel of 
the serviced command as sources. These constraints generally preclude 
the possibility of violations of current collection restrictions regard- 
ing non-DOD affiliated personnel. 


b. Sources are selected from a civilian/military work force only 
after detailed assessment. Generally, only long term employees or 
personnel of known reliability and proven loyalty are selected for re- 
cruitment. 


lassified by ....... DISO.. ULL 
SUBJECT TO GENERAL DECLASSIFICATION 
GLE OF EXECUTIVE CEDER 11:52 
ALICELLY DOWIGRALED AT TWO YEAI 
DECLASSIFIED CN 51 DEC 7/277... 
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ICDISO-OC 
SUBJECT: Quarterly Reporting of Aggressive Counterintelligence Program 
(ACIP) Operations (U) 


c. Each individual and/or source involved in the conduct or control 
of each ACIP is briefed on current policies and restrictions pertaining 
to the program and program associated activities as concerns persons and 
organizations not affiliated with DOD. 


d. ACIP reporting is scrutinized at each level of command to insure 
the acceptability of information provided or collected. Information of 
& questionable nature is not disseminated at the local level until a 
determination is made by this headquarters concerning the propriety of 
collection reporting and the information developed. 


y (ue). Commanders of the facilities supported by the ACIP were queried 
in May 1971 concerning their recommendations relative to continuation of 
the program.  Expressed desire for continuation was unanimous. To date, 
supported commanders' views remain unchanged and in view of this it is 

recommended that these programs be continued. 


FOR THE COMMANDER: 


11 Incl 
Op Anal 


W. CHAMBER 
TC, MI 
Acting Assistant Adjutant General 


Auth Pua 4-162 DOD 5962 2% 
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1. CANAL LOOP (OACSI approval - 16 Feb 72) 
a. Location: Edgewood Arsenal, MD 


b. Confidential Source Utilization: Five sources were used during 
this reporting period. 


c. Information Obtained Off-post and Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: Personnel transfers have created a turbu- 
lence in both the project control officer and project liaison officer 
functions. It is anticipated that the operation will become more 


effective after permanent personnel assignments are made in the near 
future. 


SUBJECT 73 € 
DOT se se 5 
AUTO? le I. 
INTERVALS. 
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2. CANARY EFFORT (OACSI approval - 16 Feb 72) 
a. Location: Fort Ritchie, MD 


b. Confidential Source Utilization: Three sources were used 
during the reporting period. 


c. Information Obtained Off-post and Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: Continuation is recommended because of 
the installation's sensitive mission with DOD as the Alternate 
National Command Post and the role assigned to USAINTC of executing 
the Alternate Joint Communications Center Counterintelligence Program. 
The commander of Fort Ritchie and the US Army element located within 
Site "R" desires the continuation of the ACIP. 


REGRADED "P "0 T 
BY On Bin 
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3. CANCER PORCH (OACSI approval - 28 Dec 71) 


a. Location: Defense Language Institute, Southwest Branch, 
Fort Bliss, TX 


b. Confidential Source Utilization: One confidential source was 
&pproved during this reporting period for recruitment. 


c. Information Obtained Off-post and Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: The Defense Language Institute has 
recommended that the operation continue despite the reduction in the 
number of Vietnamese language students trained at the Institute. 


BY Cr POUPA 
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h. CANDID FROLIC (OACSI approval - 21 Dec 71) 
a. Location: Fort Ord, CA 


b. Confidential Source Utilization: Two confidential sources were 
used during the reporting period. 


c. Information Obtained Off-post and Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: One of the sources identified two 
military personnel assigned to Fort Ord and a USMA cadet who were 
allegedly members of the Vietnam Veterans Against the War (VVAW) who 
distributed VVAW literature on a military post and who encouraged mili- 
tary personnel to attend VVAW meetings. 


e. Operational Status: Fort Ord is the only major US Army training 
center on the West Coast and is a major test site for Modern Volunteer 
Army concepts. Additionally, the US Army Combat Developments Experimen- 
tation Command is located on the post with field testing conducted at 
Hunter-Liggett Military Reservation. Disruption of these elements could 
have a serious adverse impact upon the mission of the Army in that area. 
As the site of the Pvt Billy Smith "fragging" court-martial, Fort Ord has 
become a focal point for dissident/subversive activity for both local 
groups as well as supporters of Angela Davis from the San Francisco area. 
Because of the foregoing factors, recommend that CANDID FROLIC be 
continued. 


D 
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5. CENTRAL TAXI (OACSI approval - 16 Feb 72) 
a. Location: HQ, US Army Electronics Command, Fort Monmouth, Nd 


b. Confidential Source Utilization: Three confidential sources were 
used during the reporting period. 


c. Information Obtained Off-post and Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: Information which identified 
four potential security problem areas was obtained and passed to the 
serviced command for appropriate action. 


e. Operational Status: The full potential for this operation 
has not been achieved due to the frequent change of control personnel. 
This situation is expected to stabilize in the near future, resulting 
in subsequent improvement of the operation. 


AUTH Para 1-80 
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6. GONDOLA STAR (OACSI approval - 17 Feb 72) 
a. Location: Aberdeen Proving Ground, Aberdeen, MD 


b. Confidential Source Utilization: Two confidential sources 
were used during this reporting period. 


c. Information Obtained Off-post and Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: A turbulent project control officer and 
project liaison officer situation which exists as a result of USAINTC 
reorganization and ensuing personnel transfers has prevented the pro- 
gram from attaining maximum effectiveness. This particular situation 
is expected to be resolved during the next quarter and increased 
coverage of the installation will be accomplished. High priority 
tenant activities covered by the ACIP include the US Army Test and 
Evaluation Command, Land Warfare Laboratory, Human Engineering 
Laboratory and the Ballistic Research Laboratory. 


REGRADED UNCLASSIFIED 
ON SEP -8 ijj 

BY CDR USAINSCOM FD 1/PO 
AUTH Para 1-603 DOD $200.1R 


Classified by ...... QU SO. AM ae 
SUBJECT TO GENERA DECLASSIFICATION 
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7. GONG SILK (OACSI approval - 16 Feb 72) 
a. Location: Picatinny Arsenal, Dover, New Jersey 


b. Confidential Source Utilization: Three confidential sources 
were used during the reporting period. 


c. Information Obtained Off-post and Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: Information which identified three 
potential security problem areas was obtained through the sources and 
passed to the serviced command for action. 


e. Operational Status: Because of the sensitivity of the mission 
performed by Picatinny Arsenal and the US Army Munitions Command, it is 
recommended that the operation be continued. Due to the relatively new 
status of the personnel involved in the ACIP, its full potential has not 
been reached. Improvement in effectiveness is anticipated. 


Mee TIPE 
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8. LANDLESS TIME (OACSI approval - 19 Jan 72) 
a. Location: Philadelphia Facility, US Army Electronics Command 


b. Confidential Source Utilization: Four confidential sources 
were utilized during the reporting period. 


c. Information Obtained Off-post and Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: The relatively recent reactivation of 
sources and newly assigned personnel have prevented this operation from 
reaching its full potential. Improvement in effectiveness is anticipated. 


Classified by INI 3341 TC 
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9. LANYARD MOOD (OACSI approval - 22 Dec 71) 


a. Location: Defense Language Institute East Coast Branch, 
Anacostia Naval Annex, Washington, DC 


b. Confidential Source Utilization: No confidential sources were 
used during this reporting period. 


c. Information Obtained Off-post and Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: Pending development of a more permanent 
source at this installation, conventional sources of information will 
continue activity to cover sensitive targets designated by the supported 
commander. 
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10. LENIENT CLOUD (OACSI approval - 16 Feb 72) 
&. Location: US Army War College, Carlisle Barracks, PA 


b. Confidential Source Utilization: Four confidential sources 
were utilized during the reporting period. 


c. Information Obtained Off-post and Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: Due to the sensitivity of the installation 
itself and the large volume of classified material handled at the 
facility, recommend continuation of the operation. 


REGRADED UNCLASSIFIED 


SEP. -5 1997 mE 


SCHEDCLE C? ERECUPI & i et 
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11. LENTIL MONKEY (OACSI approval - 26 Oct 71) 


a. Location: Defense Language Institute West Coast Branch, 
Presidio of Monterey, CA 


b. Confidential Source Utilization: Three confidential sources 
were used during the reporting period. 


c. Information Obtained Off-post and Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: Two individuals assigned as 
instructors at the DLIWC have been shown to possess weaknesses which 
could be exploited by hostile intelligence services. 


e. Operational Status: Faculty members of the DLIW must be 
considered potential targets of hostile intelligence agencies which may 
be operating in the area of the DLIWC; especially with the establishment 
of a Soviet consulate in San Francisco and the loosening of restrictions 
on communications with the People's Republic of China. Three foreign 
language departments are now covered by confidential sources and two 
additional departments will be covered upon recruitment of two more 
sources. 


a E Asa. Uu... bas 
UBRO: 2 CEVER ^I DEC! ESSTFICATION ` 


RA Ta Tipe ue 

CHED LE er bel GINI CISA IK 
AUICLDAQLLH on pes TW 
INTERVALS. 5 Pon p 


DECLASE FIED ON 31 DEC AB. (7 
y 


Page 1519 of 3957 


Page 1520 of 3957 


t 
NTROL NUMBER 


ACTÍON SHEET 


OFFICE SYMBOL SUSPENSE 
DAMI -DOI-S 


DATE 


31 July 1972 


SUBJECT 


Quarterly Report to USofA re: Aggressive Counterintelli- 
gence Program (ACIP) Operations (U) 


ACTION REQUIRED 


MEMORANDUM FOR RECORD. (Describe briefly the requirement, background and action taken or recommended. Must be sufficiently detailed to identify 


the action without recourse to other sources. ) 


1. BACKGROUND: 


a. By memorandum dated 8 February 1972, the Under Secretary of the Army requested 
that the Vice Chief of Staff, US Army provide quarterly reports on ACIPs (BLUE TAB D). 
He further requested that the report for the period ending 30 June 1972 provide a full 
analysis of the program. 


b. The first quarterly report was submitted to the Under Secretary of the Army on 


21 April 1972 (BLUE TAB C). 


c. Written input from USAINTC for the current quarterly report is attached at 
TAB B. Subsequent coordination between USAINTC and OACSI representatives amplified 
their input which resulted in the information outlined in the memorandum to the Under 
Secretary of the Army (BLUE TAB A). To date, ICF in the total of $140.73 have been 
expended on these 11 ACIPs. 


2. DISCUSSION: Memorandum to Under Secretary of the Army through Vice Chief of Staff, 
US Army, at BLUE TAB A provides required second quarterly report as desired by the 
USofA memorandum of 8 February 1972. 


3. RECOMMENDATION: That Memorandum at BLUE TAB A be approved and signed. 


(Continue on plain bond) 
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$ AUG 1972 


DAMI-DOI-S 


MEMORANDUM THRU: VICE CHIEF OF STAFF, UNITED STATES ARMY 
FOR: UNDER SECRETARY OF THE ARMY 


SUBJECT: Aggressive Counterintellicence Program (ACIP) Operations (U) 


1. Reference your memorandum of 8 February 1972, subject as cited. 


2. The 11 ACIP operations reported to you ín my 21 April 1972 memoran- 
dum, subject as above, remain in effect. No additional ACIF operations 
have been approved. A quarterly report of current operations is at- 
tached (TAB A). At TAB B is the evaluation you requested. 


3. 1 do not believe we have yet had sufficient experience with thís 
program under the new control limitations for a solid evaluation of its 
long-term merit. I will continue to submit quarterly reports to you on 
it, and will furnish you another evaluation at the end of the fourth 
quarter of operations under the nev controls. 


A 


(sga) Phillip B. Davidson, Jr. 


2 Incl PHILLIP B. DAVIDSON, JR. 
as (CONFID ) Major General, GS 
ACofS for Intelligence 


Regraded UNCLASSIFIED when 
cs from classified SPECIAL ACTIONS B 
RECORDS COPY 
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.CURRENT ACIP OPERATIONS 


ACIP — "NUMBER OF 
i LOCATION NICKNAME DATE APPROVED . SOURCES 
Edgewood Arsenal, CANAL LOOP 16 February 72 5 
Maryland 
Fort Ritchie, CANARY EFFORT: 16 February 72 4 
Maryland 
Fort Bliss, Texas CANCER PORCH 28 December 71 0 
(Language School) 
Fort Ord, California CANDID FROLIC 21 December 71 1 
Fort Monmouth, New CENTRAL TAXI 16 February 72 3 
Jersey 
Aberdeen Proving GONDOLA STAR 16 February 72 3 
Grounds, Maryland . 
Picatinny Arsenal, GONG SILK 16 February 72 3 
New Jersey 
Philadelphia, Penn- “LANDLESS TIME 19 January 72 7 
sylvania (Electronics 
Command) 
Washington, D.C. LANYARD MOOD 22 December 71 e 
(Language School) l . 
: Carlisle Barracks, LENIENT CLOUD 16 February 72 4 
Pennsylvania (Army War 
College) 
Presidio of Monterey, LENTIL MONKEY 26 October 71 1 
California 
TOTALS 11 11 31 


Off-post Information 
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There were no instances in which information on non-affiliated civilians was collected 
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TIAL 


Information obtained: 


Useful information was obtained, but except for prior warning of demonstrations at 
Fort Ord, California, no positive statements on specific security weaknesses or 
immediate threats to the Army were developed in this quarter. Inasmuch as these 
operations are a form of intensified security watchfulness, negative reports in 
themselves are frequently of value to a commander in planning for the security re- 
quirements of a given installation or activity. The placement and access of current 
sources, and those under consideration, are such that the chances of detecting a 
developing security threat situation in a sensitive installation or unit are greater 
with these sources operating. : 


Continuance of operations: 


The eleven ACIP operations are being continued for the original stated purposes. 


ENTIAL 
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OGRAM EVALUATION 


Scope and Value: ACIP operations are defensive, on-post, security services, 

i initiated at the request of a local commander. These operations are to provide 
commanders an intensified method of detecting internal security weaknesses and 
security threats to the supported command. Information is obtained from care- 
fully selected sources who have on-post access to sensitive or critical de- 
fensive target areas. Activities to be covered are selected after joint 
discussions and agreements between the requesting commander and the supporting 
USAINTC element. Information is gathered through the use of both overt and 
covert sources who are selected from the DoD military or civilian workforce 
at the serviced installation. The primary values of ACIP operations are in 
the early warning and problem detection areas. The ultimate merit of the pro- 
gram cannot be assessed on a short term basis. Supported commands currently 
evaluate reported ACIPs as worthwhile security activities. 


Number and placement of sources: To date, 31 sources have been recruited. 


(All sources were reactivated from operations which were in effect prior to 
curtailment of all ACIP operations in February 1971.) Continued recruitment 

and training of sources should produce, at a minimum, information for the sup- 
ported command on personnel attitudes, possible disaffection, dissident 
activities and character weakness information of the type normally sought by 
foreign intelligence spotter personnel. During contacts, sources are debriefed, 
trained as necessary, and given specific guidance on future reporting objectives. 
In all cases, emergency contact procedures exist to insure rapid notification of 
significant information. 


Adequacy of controls: DIRC inspections of Army intelligence field elements, 
plus inspections by OACSI and of DA field commands, show strict operational 
compliance with pertinent directives, keen awareness of DIRC investigative 
‘policies, and extreme caution about any acts which might cause criticism to 
the Army. In addition, the following control measures have been imposed upon 
USAINTC and subordinate field elements: 


a. The ACIP is restricted to on-post target coverage of DoD affiliated 
personnel utilizing employees of the serviced command as sources. These 
restraints reduce to a minimum the possibility of violations of current 
collection restrictions regarding non-DoD affiliated personnel. 


b. Sources are selected from the military/civilian workforce only after 
a long and detailed assessment. Normally only long-term employees of known 
reliability and loyalty are selected for recruitment. 


Classified by | ACSI, DA |... 0 LL. 
SUBJECT TO GENERAL DECLASS!FICATION 
SCHEDULE OF EXECUTIVE ORDER 11552 
AUTOMATICALLY DOWNGRADED AT TWO YEAR 
INTERVALS 
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c. Each individual involved in the conduct or control of the ACIP is 
briefed on current policies and constraints pertaining to the program and 


activities as they concern persons and organizations not affiliated with 
the DoD. 


No additional controls are recommended. 


AUTR Para 1-580 buys 
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DEPARTMENT OF THE ARMY 
HEADQUARTERS 
U. S. ARMY INTELLIGENCE COMMAND 
FORT HOLABIRD. MARYLAND 21219 


ICDISO-OC l 17 JUL 1872 


SUBJECT: Quarterly Reporting of Aggressive Counterintelligence Program 
(ACIP) Operations (U) 


HQDA (DAMI-DOI-S) 
WASH DC 20310 


1. (U) References: 
a. Letter DAMI-DOI-S, 8 March 1972, subject as above. 
b. Letter ICDISO-OC, 18 April 1972, subject as above. 


2. (U) Forwarded herewith in compliance with reference a, above, is 
the ACIP quarterly report for the period 1 April 1972 - 30 June 1972. 

ü 
3. (©) The following operational and administrative control measures 
remain in effect concerning all reported ACIPs to assure compliance with 
DoD and DA policies relative to the acquisition of information on non-DoD 
affiliated personnel: 


a. Each ACIP is restricted to on-post target coverage of DoD 
affiliated personnel and utilizes employees of the serviced command as 
sources. These constraints generally preclude the possibility of viola- 
tions of current collection restrictions regarding non-DoD affiliated 
personnel. 


b. Sources are selected from a civilian/military work force only 
after long and detailed assessment. Generally, only long term employees 
of known reliability and proven loyalty are selected for recruitment. ~ 


CLASSIFIED BY DISO, USAINTC 

SUBJECT TO GENERAL DECLASSIFICATION 
SCHEDULE OF EXECUTIVE ORDER 11652 
AUTOMATICALLY DOWNGRADED AT TWO YEAR 
INTERVALS, DECLASSIFIED ON 31 DEC 78. 
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1% JUL 1972 


ICDISO-OC 
‘SUBJECT: Quarterly Reporting of Aggressive Counterintelligence Program 
(ACIP) Operations (U) 


c. Each individual and/or source involved in the conduct or control 
of each ACIP is briefed on current policies and restrictions pertaining 
to the program and program associated activities as concerns persons 
and organizations not affiliated with DoD. 


d. ACIP reporting is scrutinized at each level of command to insure 
the acceptability of information provided or collected. Information of 
a questionable nature is not disseminated at the local level until a 
determination is made by this headquarters concerning the propriety of 
collection reporting and informational products. 


lí &X(Upemanáers of the facilities supported by the ACIP were queried 
in May 1971 concerning their recommendations relative to continuation of 
the program. Expressed desire for continuation was unanimous. To date, 
supported commanders' views remain unchanged and in view of this it is 
recommended that these programs be continued. 


FOR THE COMMANDER: 


11 Incl DAVID L. BRUENING 
Op Anal CPT, MI 
Acting Assistant Adjutant Gene 


Page 1527 of 3957 


Page 1528 of 3957 


1. CANAL LOOP (OACSI Approval - 16 Feb 72) 
a. Location: Edgewood Arsenal, Edgewood, MD 


b. Confidential Source Utilization: Contact with five confidential 
sources formerly used in the program has been made. Four have been 
reactivated and regularly scheduled contacts effected. One former scurce 
has been transferred to another DoD installation and has been terminated. 


c. Information Obtained Off-post and Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: While little information of sub- 
stantive value has been developed to date, confidential and overt sources 
of information will continue activity in support of coverage of sensitive 
targets designated by the supported commander. 


e. Operational Status: Although regular contact has been established 
with all former sources, full utilization has been impeded by Army Intelli- 
gence personnel transfers and the requirement to train newly assigned 
personnel involved in source contact. Continuation of the ACIP CANAL LOOP 
is recommended because of the extreme sensitivity of the target installation. 


CLASSIFIED BY DISO, USAINTC 

SUBJECT TO GENERAL DECLASSIFICATION 
SCHEDULE OF EXECUTIVE ORDER 11652 
AUTOMATICALLY DOWNGRADED AT TWO YEAR 
INTERVALS, DECLASSIFIED ON 31 DEC 78. 
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2. CANARY EFFORT: (OACSI Approval - 16 Feb 72) 
a. location: Fort Ritchie, MD 


b. Confidential Source Utilization: Contact with four confidential 
sources formerly used in the program has been made. All four sources 
have been reactivated and regularly scheduled contacts effected. 


Ce Information Obtained Off-post and Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: While little information of substan- 
tive value has been developed to date, confidential and overt sources of 
information will continue activity in support of coverage of sensitive 
targets designated by the supported commander. 


e. Operational Status: Although regular contact has been established 
with all former sources, full utilization has been impeded by Army Intelli- 
gence personnel transfers and the requirement to train newly assigned 
personnel involved in source contact. Continuation of ACIP CANARY EFFORT 
is recommended because of the installation's sensitive mission within DoD 
as the Alternate National Command Post; and the role of the ACIP in 
USAINTC' DA assigned mission of executing the Alternate Joint Communica- 
tions Center Counterintelligence Program. 


CLASSIFIED BY DISO, USAINTC 

SUBJECT TO GENERAL DECLASSIFICATION 
SCHEDULE OF EXECUTIVE ORDER 11652 
AUTOMATICALLY DOWNGRADED AT TWO YEAR 
INTERVALS, DECLASSIFIED ON 31 DEC 78. 


COE AME Dae * 
GEGRADED UNCLASSIFIED) 
H = i 


SEP - „1997 , \ 
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3, CANCER PORCH: (OACSI Approval - 28 Dec 71 ) 


a. Location: Defense Language Institute Southwest Branch, Fort 
Bliss, TX 


b. Confidential Source Utilization: None 


c. Information Obtained Off-post and Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: None 


e. Operational Status: The scaledown of US participation in the 
Vietnam War has effected a steady reduction in the mission of the DLISW 
Vietnamese Language School, and & resultant decrease in student input and 
instructor cadre. On 1 May 1972, this Command requested DLI Headquarters 
reassess their need for ACIP support at the Southwest Branch.  DLI re- 
quested that ACIP coverage continue until an exact projection of future 
Vietnamese Language requirements could be made. 


CLASSIFIED BY DISO, USAINTC 

SUBJECT TO GENERAL DECLASSIFICATION 
SCHEDULE OF EXECUTIVE ORDER 11652 
AUTOMATICALLY DOWNGRADED AT TWO YEAR 
INTERVALS, DECLASSIFIED ON 31 DEC 78. 
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hl. CANDID FROLIC: (OACSI Approval 21 Dec 71) 
a. Location: Fort Ord, CA 


b. Confidential Source Utilization: Regularly scheduled meetings 
were conducted with one confidential source during the reporting period. 
One other prospective source has been spotted and approved for recruit- 
ment. 


c. Information Obtained Off-post and Reported on Non-affiliated 
Civilians: None i 


d. Useful Information Obtained: Early warning was provided the 
Commanding General, Fort Ord, concerning the 29 April 1972 demonstration 
outside the main gate of Fort Ord, in support of Billy Dean Smith, and 
the 20 May 1972, Armed Forces Day March against the Presidio of Monterey. 


e. Operational Status: As the only major US Army training facility 
on the West Coast; & test post for the Modern Volunteer Army concept, and 
the site of the Billy Dean Smith "fragging" trial, Fort Ord remains the 
focal point for dissident and/or subversive activity from both local 
radicals and from revolutionary elements in the San Francisco area. 

CANDID FROLIC is providing the CG, Fort Ord, with early warning type 
information upon which he can plan preventive measures to preclude dis- 
ruption of post activities. Recommend continuation of ACIP CANDID FROLIC, 


CLASSIFIED BY DISO, USAINTC 

SUBJECT TO GENERAL DECLASSIFICATION 
SCHEDULE OF EXEUCTIVE ORDER 11652 
AUTOMATICALLY DOWNGRADED AT TWO YEAR 
INTERVALS,  DECLASSIFIED ON 31 DEC 78. 
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5. CENTRAL TAXI: (OACSI Approval 16 Feb 72) 
a. Location: HQS, US Army Electronics Command, Fort Monmouth, NJ 


b. Confidential Source Utilization: Contact with three confidential 
sources formerly used in the program has been effected. All three sources 
have been reactivated and regularly scheduled contacts effected. 


Ce Information Obtained Off-post and Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: While little information of substan- 
tive value has been developed to date, confidential and overt sources 
of information will continue activity in support of coverage of sensitive 
targets designated by the supported commander. 


e. Operational Status: Although regular contact has been established 
with all former sources, full utilization has been impeded by Army Intelli- 
gence personnel transfers and the requirement to train newly assigned 
personnel involved in source contact. Continuation of ACIP CENTRAL TAXI is 
recommended because of the extreme sensitivity of HQS, US Army Electronics 
Command and its supporting laboratories and the command's mission in the 
development and procurement of electronic warfare equipment and systems. 


CLASSIFIED BY DISO, USAINTC 

SUBJECT TO GENERAL DECLASSIFICATION 
SCHEDULE OF EXECUTIVE ORDER 11652, 
AUTOMATICALLY DOWNGRADED AT TWO YEAR 
INTERVALS, DECLASSIFIED ON 31 DEC 78. 
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6. GONDOLA STAR: (OACSI Approval - 17 Feb 72) 
a. Location: Aberdeen Proving Ground, Aberdeen, MD 


b. Confidential Source Utilization: Contact with four confidential 
sources formerly used in the operation has been effected. Three sources 
have been reactivated and regularly scheduled contacts effected, One 
former source has been terminated since a realignment of functions at the 
installation prevents his participation in the program. 


c. Information Obtained Off-post and Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: While little information of substan- 
tive value has been developed to date, confidential and overt sources of 
information will continue activity in support of coverage of sensitive 
targets designated by the supported commander, 


e. Operational Status: Although regular contact has been established 
with all former sources, full utilization has been impeded by Army Intelli- 
gence personnel transfers and the requirement to orient and familiarize 
newly assigned personnel with the operation. Continuation of ACIP GONDOLA 
STAR is recommended because of the sensitivity of the installation and the 
mission of tenant units, which include US Army Test and Evaluation Command, 
Land Warfare Laboratory, Human Engineering Laboratory and the Ballistic 
Research Laboratory, 


CLASSIFIED BY DISO, USAINTC 

SUBJECT TO GENERAL DECLASSIFICATION 
SCHEDULE OF EXECUTIVE ORDER 11652 
AUTOMATICALLY DOWNGRADED AT TWO YEAR 
INTERVALS, DECLASSIFIED ON 31 DEC 78, 
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7. GONG SILK: (OACSI Approval - 16 Feb 72) 


a. Location: Picatinny Arsenal, Dover, NJ 


b. Confidential Source Utilization: Contact with three confidential 
sources formerly used in the operation has been effected. All three 
sources have been reactivated and regularly scheduled contacts re- 
established. 


c. Information Obtained Off-post and Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: While little information of substan- 
tive value has been developed to date, confidential and overt sources of 
information will continue activity in support of coverage of sensitive 
targets designated by the supported commander. 


e. Operational Status: Although regular contact has been established 
with all former sources, full utilization has been impeded by Army Inteili- 
gence personnel transfers and the requirement to train newly assigned 
personnel involved in source contact. Continuation of ACIP GONG SILK 
is recommended because of the sensitivity and criticality of the mission 
performed by Picatinny Arsenal and the US Army Munitions Command. 


CLASSIFIED BY DISO, USAINTC 

SUBJECT TO GENERAL DECLASSIFICATION 
SCHEDULE OF EXECUTIVE ORDER 11652 
AUTOMATICALLY DOWNGRADED AT TWO YEAR 
INTERVALS, DECLASSIFIED ON 31 DEC 78. 
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8. LANDLESS TIME: (OACSI Approval - 19 Jan 72` 
a. Location: Philadelphia Facility, US Army Electronics Command 


b. Confidential Source Utilization: Contact with seven confidential 
sources formerly used in the operation has been established. All sources 
have been reactivated and regularly scheduled contacts effected. 


c. Information Obtained Off-post and Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: While little information of sub- 
stantive value has been developed to date, confidential and overt sources 
of information will continue activity in support of coverage of sensitive 
targets designated by the supported commander. 


e. Operational Status: Although regular contact has been established 
with all former sources, full utilization has been impeded by Army Intelli- 
gence personnel transfers and the requirement to train newly assigned 
personnel involved in source contact. Continuation of the ACIP LANDLESS 
TIME is recommended because of the sensitive mission performed by the 
facility and by the National Inventory Control Point, which provides 
worldwide materiel inventory management of the Army's communications- 
electronies systems. 


CLASSIFIED BY DISO, USAINTC 

SUBJECT TO GENERAL DECLASSIFICATION 
SCHEDULE OF EXECUTIVE ORDER 11652 
AUTOMATICALLY DOWNGRADED AT TWO YEAR 
INTERVALS, DECLASSIFIED on 31 DEC 78. 
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9. LANYARD MOOD: (OACSI Approval - 22 Dec 71) 


&. Location: Defense Language Institute East Coast Branch, 
Anacostia Naval Annex, Washington, DC 


b. Confidential Source Utilization: None 


c. Information Obtained Off-post and Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: While little information of sub- 
stantive value has been developed to date, conventional and overt sources 
of information will continue activity in support of coverage of sensitive 
targets designated by the supported commander. 


e. Operational Status: Reporting under LANYARD MOOD is concentrated 
principally on classroom monitoring by language students, the majority 
of whom are servicemen assigned Army Intelligence. The school is currently 
between classes and new student rosters are being screened for potential 
student sources, Although the DLI branch schools are relatively non- 
sensitive installations, the target represented by the language students 
requires some form of coverage or monitoring as many of the servicemen 
are destined for sensitive assignments in Communist Bloc countries. 
Recommend continuation of ACIP LANYARD MOOD, 


CLASSIFIED BY DISO, USAINTC 

SUBJECT TO GENERAL DECLASSIFICATION 
SCHEDULE OF EXECUTIVE ORDER 11652 
AUTOMATICALLY DOWNGRADED AT TWO YEAR 
INTERVALS. DECLASSIFIED ON 31 DEC 78. 
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10. LENIENT CLOUD: (OACSI Approval - 16 Feb 72) 
&. Location: US Army War College, Carlisle Barracks, PA 


b. Confidential Source Utilization: Contact with four confidential 
sources formerly used in the operation has been established. All four 
Sources have been reactivated and regularly scheduled contacts effected. 


c. Information Obtained Off-post and Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: While little information of substan- 
tive value has been developed to date, confidential and overt sources of 
information will continue activity in support of coverage of sensitive 
targets designazed by the supported commander. 


e. Operational Status: Although regular contact has been established 
with all former sources, full utilization has been impeded by Army Intelli- 
gence personnel transfers and the requirement to orient and familiarize 
newly assigned personnel with the operation. Recommend continuation of 
ACIP LENIENT CLOUD because of the sensitive training mission of the War 
College and classified mission of the Army Alternate Command Element, 

a tenant activity of Carlisle Barracks. 


CLASSIFIED BY DISO, USAINTC 

SUBJECT TO GENERAL DECLASSIFICATION 
SCHEDULE OF EXECUTIVE ORDER 11652 
AUTOMATICALLY DOWNGRADED AT TWO YEAR 
INTERVALS, DECLASSIFIED ON 31 DEC 78. 
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11. LENTIL MONKEY: (OACSI Approval - 26 Oct 71 ) 


&. Location: Defense Language Institute West Coast Branch, Presidio 
of Monterey, CA 


b. Confidential Source Utilization: One confidential source was 
recruited during the reporting period. No confidential sources were 
utilized in the program prior to the 17 Feb 71 suspension. 


c. Information Obtained Off-post and Reported on Non-affiliated 
Civilians: None 


d. Useful information Obtained: While little information of sub- 
stantive value has been developed to date, confidential and overt sources 
of information will continue activity in support of coverage of sensitive 
targets designated by the supported commander. Suitability type informa- 
tion has been developed concerning an instructor who has made five trips 
to CSR since entering the United States in 1959. 


e. Operational Status: Reporting under LENTIL MONKEY is concentrated 
principally on classroom monitoring by language students, the majority of 
whom are servicemen assigned to Army Intelligence. Although the DLI branch 
schools are relatively non-sensitive installations, the target represented 
by the language students requires coverage as many of the servicemen are 
destined for sensitive assignments in Communist Bloc countries. Recommend 
continuation of ACIP LENTIL MONKEY. 


CLASSIFIED BY DISO, USAINTC 

SUBJECT TO GENERAL DECLASSIFICATION 
SCHEDULE OF EXECUTIVE ORDER 11652 
AUTOMATICALLY DOWNGRADED AT TWO YEAR 
INTERVALS, DECLASSIFIED ON 31 DEC 78. 
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e * [eos 5 we ux "T i _ATROL NUMBER 
ACliun SHEET 4$] "E 


SUBJECT OFFICE SYMBOL SUSPENSE 


Quarterly Report to US of A Re: Aggressive Counter- DAMI-DOI-S 


intelligence Program (ACIP) Operations DATE 
17 April 1972 


ACT provide USofA with the initial Quarterly Report on ACIP's 


MEMORANDUM FOR RECORD. (Describe briefly the requirement, background and action taken or recommended. Must be sufficiently detailed to identify 


the action without recourse to other sources. ) 


1. BACKGROUND: 


a. By Memorandum dated 8 Feb 72, the US of A requested that the Vice Chief of 
Staff, Army provide a Quarterly Report on Aggressive Counterintelligence Programs 
TAB B). 

ELLE Al 

b. By note and referal slip dated 10 Feb 72 the VCofS, Army forwarded the action 

to the ACSI and directed that required reports and recommendations be submitted 


through his office (TAB C). 
$ yeH u/ 
c. By letter dated 8 Mar 72, CG USAINTC was formally tasked to provide required 


information to this office (TAB D) in accordance with provisions of the US of A 
Memorandum. y£ccew 


d. By letter dated 14 Apr 72, CG USAINTC transmitted the required data to OACSI, 


: DA (TAB E). 
ye Lto 
2. DISCUSSION: Memorandum to USofA through VCofS, Army at TAB A provides required 


report. Y€cccu 


3. RECOMMENDATION: That memorandum at TA ce approved and signed. 


(Continue on plain bond) 


IMPLICATIONS PRIM PROGS ves [|] BUOGET ves [ ] 


COORDINATIONS APPROVALS 


OFFICE NAME ITIALS 


DIR tw 


i EX 
| ACSI m 


DISPATCHED (DTG) 


SHOW ADDITIONAL COORDINATION ON REVERSE SADE OR CONTINUATION SHEET 


ACTION OFFICER (Name, grade, phone and signature) 


ut 


MAJOR W. WEBB/78874 "AC TW pu: 
Wel PG ae SPECIAL ACTIONS BR 
ACSI FORM 28, 13 Sep 71 | eco AGAR) *&0py^ 


i 
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DEPARTMENT OF THE ARMY 
OFFICE OF THE ASSISTANT CHIEF OF STAFF FOR INTELLIGENCE 
WASHINGTON, D.C. 20310 


8 MAR 1372 


DAMI-DOI-S 


SUBJECT: Quarterly Reporting of Aggressive Counterintelligence 
Program (ACIP) Operations 


Commanding General 

United States Army Intelligence Command 
ATTN:  ICDSO-O-S 

Fort Holabird, Maryland 21219 


1. References: 


a. Paragraph 4, DAMI-DOI-S Letter, dated 16 February 1972, 
Subject: Aggressive Counterintelligence Program (ACIP) Operations. 


b. Attached Memorandum from the Under Secretary of the Army, to 
the Vice Chief of Staff, United States Army, dated 8 February 1972, 
Subject: Aggressive Counterintelligence Program (ACIP) Operations. 


2. The Under Secretary of the Army Memorandum directs that quarterly 
reports be provided his office, commencing with the quarter ending 
March 31, 1972. USAINTC input for these reports should be forwarded 
so as to arrive at DAMI-DOI-S no later than the 10th working dey of 
the month following the close of the calendar quarter which they cover. 


FOR THE ASSISTANT CHIEF OF STAFF FOR INTELLIGENCE 


1 Incl Ch ven 


as (SECKET) Colonel, n 
Director of Operations 


Regraded UNCLASSIFIED when 
Separated from classified 
inclosures 
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jez(onn INTEREST 
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Q FILE NUMBER DATE CASE NUMBER 
Tierra 92 [NS andar 
SUMMARY (Sources, date, and subject or short title) OC of SA 
Quarterly Report to USofA re ACIP Operations A 
ooo d 


OUS ofA 


Eo 


20 April 1972* 


OCSOPS 


DCSPER 


OCSLOG 


E APPROPRIATE ACTION E 
X t 


AOVANCE COPY provided 


ACTION ASSIGNED TO 


DIRECT REPLY, COPY OF REPLY TO 


g PREPARE (Draft yFinal, REPLY FOR SIGNATURE OF | 


- INFORMATION 


REMARKS 


REPORT ESTIMATED COMPLETION DATE BY 
PROVIDE ASSISTANCE AS REQUIRED 


^"zo-an» 


COPY FURNISHED TO 


X|DOMS, DSGS (CAR) 


COORDINATE WITH 


*This RS vill remain in effect indefinitely;new suspense will be announced each 
quarter. 


BY DIRECTION OF THE CHIEF OF STAFF: 


au SA ae 


HARRY E. B. SULLIVAN 
LTC, CS 

Assistant Secretary of 
the General Staff 


CATE AGENCY ACTION TAKEN SIGNATURE 

- 
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P 


eget 19 APRIL 1972 


MFR 
DAMI-DOI=S 
SUBJECT: Quaterly ACIP Report 


1. USAINTC submitted their input for the quarterly 
ACIP report on 1h Apr 72. As result DAMI-DOI-S 
prepared the required package to forward their 
report to CSA, 


2. On 17 Apr 72 Col IADOROSA, USAINTC called with 
request that USAINTC be swallowed to expand their 
initial report. He explained thea’ BG Epp did 

not get to see original reports prior to dispatch 

and was not happy with them when he finally did 

get to see them, 


3. By letter „undated, USAINTC provided DAMI-DOI-S 
with revised reports for each ACIP. Reports were 
received from USAINTC LN on 19 Apr 72. Per phoncon 
with Mr Arnold, USAINTC, I established the date of 
18 Apr 72 as that which should be placed on the 
undated letter transmitting the reports received 
om 19 APR. 


WAIDO R WEBB 
MAJ GS 
Ao 


12 
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| DAMI -DOI-S gi EPR B72 


MEMORANDUM THRU: VICE CHIEF OF STAFF, UNITED STATES ARMY 
FOR: UNDER SECRETARY OF THE ARMY 


SUBJECT: - Aggressive Counterintelligence Program (ACIP) Operations 


1. Im your 8 February 1972 Memorandum, subject as cited, you requested 
quarterly reports on status of ACIP operations. Attached are reports 
om those operations in progress for the quarter endine 31 March 1972. 


2. Your Memorandum accepted the fact that the clesine date of the first 
quarter report would be too soon for any sound evaluation c: these 
projects. This is berne out by attached reports. They indicate a 
cautious selection of potential confidential sources. Such a process 
is necessary for ACIF operations te provide the Arey security threat 
information not obtainable through routine cocnterintelliscence investi 
gative and liaison work. 


(586) PhillipB. Davidson, Jr. 
PHILLIP B. DAVIDSON, Ju. 


Major General, CS 
ACofS5 for Intellirencc 
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RTMENT OF THE ARMY 


HEADQUARTERS 
U. S. ARMY INTELLIGENCE COMMAND 
FORT HOLABIRD. MARYLAND 21219 18 APE (672 
Rom 


ICDISO-OC 


SUBJECT: Quarterly Reporting of Aggressive Counterintelligence 
Program (ACIP) Operations (U) 


HQDA (DAMI-DOI-S) 
WASH DC 20310 


WARNING NOTICE: Sensitive Sources and Koctheds Involved 


1. (U) Reference letter DAMI-DOI-S, 8 Mar 72, subject as above. 


2. (U) Forwarded herewith in compliance with referenced letter is 
the quarterly report covering the period 1 Jan 72 - 31 Mar 72. 


3 (u)ee3 The following comments are submitted in order to better portray 
the role of the ACIP in enhaneement of the security of the supported 
commands : 


a. The Aggressive Counterintelligence Program is a defensive, 
on-post security service initiated at the request of the local commander, 
It provides a monitoring or surveillance of sensitive or critical areas 
of a command which are selected or recommended for ACIP coverage by the 
serviced commander. This is accomplished through the use of both overt 
and covert sources of information, selected exclusively from the DoD 
civilian and military workforce at the serviced installation, 


b. The ACIP must be considered a long-range operation if it is to 
provide reliable, accurate and continuing access to information not 
obtainable through routine collection efforts. 


i (Xe) Due to the lapse of time since the ACIPs were suspended, consid- 
erable effort and time is involved in the reactivation of approved ACIPs. 
ACIPs in the process of reactivation by this Command are subjected to 
continuous scrutiny to insure that they fall within the parameters of 
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ICDiSO-OC 
SUBJECT: Quarterly Reporting of Aggressive Counterintelligence 
Program (ACIP) Operations (U) 


current National level guidance and policy. All ACIPs are subject 
to continuing evaluation to determine their viability in support of 
accepted counterintelligence objectives. 


mn i 

Bie ee, pn Qu Ad 
"JAMES R. WALDIE 

Colonel, Infantry 

Deputy Commander 
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CON CIRENTIAL - 


[u - A 


= tute, West Coast, Monterey, CA 


BACEDROUND : 


ACIP coverage of the Defense Language Institute, West Coast 
(DLIWC) was initiated by letter DILIT, dated 11 September 1967, 
subject: Request for Aggressive Counterintelligence Support. 
Operetion was suspende) on 17 February 1971 in compliance to 
ACBI Memorandum, dated 16 February 1971, subject: Suspension 
of Certain Arey Comunterintelligence Programs. Information 
developed by the ACIP is provided the serviced command on a 
regalar basis by the Projeet Liaison Officer in his regalar 
eentaet with the installation security office. Formal quarterly 
briefings sre given the Commander of the serviced installation 
or his designated ACIP Coordinator during which the progress 
ef the program is discussed and recommendations made for future 
coverage. 


EAT ANALYSIS: 


a. General: The Defense Langunge Institute, West Coast, 
conducts training in a variety of foreign languages for students 


d 


will be civilian cr military 
pummel isle dirti tt gu 


T3 (u) INFORMATION OBTAINED OFF-POST AND REPORTED ON NON-AFFILIATED 
CIVILIANS: Hone 


ye e 


8{U)(€} USEFUL INFORMATION OBTAINED: Review of personal records 
identify three individuals, all members of the faculty of the 
Crechoslovakian Language Department, Defense Language Institute, 
West Coast (DLIWC), Presidio of Monterey, Calfornia, as possible 
targets of hostile intelligence. 


gue) OPERATIONAL STATUS: Operation should be continued. Faculty 


establishment of a USSR Consulate in San Francisco, California. 


pum 
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ACIP QUARTERLY REPORT 


| Period Ending: 31 March 1972 
WARNING NOTICE: Sensitive Sources and Methods Involved 


1. (U) NICKNAME: CANDID FROLIC (U) 
bue o2. (U) LOCATION: Fort Ord, CA 


3. (U) DATE APPROVED: 21 December 1971 per ACSI letter DAMI-DOI-8, 
subject: Aggressive Counterintelligence Program (ACIP) Operations (U). 


4 {uke COORDINATION: ACIP coverage of Fort Ord, CA was requested by 

the Commanding General, 26 November 1971 per letter AMNOR-B, HQS, Fort Ord, 
subject: Request for Aggressive Counterintelligence Support (U). Approval 
to initiate the program was contained in ACSI letter cited in paragraph 
three above. Information developed by the ACIP is provided the serviced 
command on a regular basis by the Project Liaison Officer in his normal 
contact with the installation security/intelligence office. Formal 
quarterly briefings are given the Commander of the serviced installation 
or his designated ACIP Coordinator, during which the progress of the 
program is discussed and recommendations made for future coverage. 


5(U. ye THREAT ANALYSIS: ACIP CANDID FROLIC was initiated to provide 
the sin General, Fort Ord with a substítute Special Counter- 
intelligence Coverage to replace that formerly provided by GRADE PROGRESS, 
an Offensive Counterintelligence Operation currently under suspension. 
Fort Ord as the only major US Army training facility on the West Coast 

| and as a test post for the Modern Volunteer Army is under constant, 

| concerted attack by local anti-war and anti-Army civilian organizations. 
| These organizations have extended their operations on-post under the 
legal guise of soldier counselling. An additional factor which contri- 
butes to the threat to the installation is the trial of PVT Billy Dean 
Smith, now in the Fort Ord Confinement Facility accused of the murder 
of two Army officere in Vietnam. Radicals and other groups have already 
given this impending event wide publicity and are attempting to charac- 
terize the trial as racial oppression. These efforts are expected to 
find adherents among the population of the Fort Ord complex who will 
undoubtedly attempt disruption either by outside direction or on their 
own initiative. Already, several off-post demonstrations, at the Fort 
Ord main gate, connected with this case have been conducted; a building 
which is being rehabilitated as a court room for the trial has been set 
afire and damaged by arsonist(s); and disruptive gerherings have been 
held on post to discuss and protest the trial. 


6{U¢) CONFIDENTIAL SOURCES UTILIZED: None. The program was in the 
initiation phase during this first quarter. However, the first Confidential 
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Source has been recruited and four others are under development. In 
addition, seven individuals are currently under assessment. Only DoD 
civilian and military personnel assigned the installation are recruited 
as confidential sources. 


7. (U) INFORMATION OBTAINED OFF-POST AND REPORTED ON NON-AFFILIATED 
| CIVILIANS: None. 


i su USEFUL INFORMATION OBTAINED: During the reporting period, the 
| following useful information was obtained through official liaison with 
| local ínvestigative agencíes &nd through overt contact sources on the 
military installation. An Army chaplain's assistant is alleged to be 
assisting the MLP on-post at Fort Ord. Im addition, a JAGC officer is 
alleged to have referred military personnel stationed at Fort Ord to 

| PCS/MLP for legal counsel ín obtaining discharges from the military 

| service. 


» (uxo OPERATIONAL STATUS: It is recommended that the operation be 
continued in order to provide the Commanding General, Fort Ord, with early 
warning information upon which to base counter-actíons against local 
dissident/subversive organizations who, through recruitment of servicemen, 
have extended their operations onto the government facility. 


Page 1550 of 3957 


exortu ae 


"m 
; riia 


Page 1551of 3957 


CONFI DENTIN, - 


ACIP QUARTERLY REPORT 


Period Ending: 32 Mayeh 1972 


i. qnem: LANYARD MOOD (U) ` 
2, ex 


€ 


SC ATION : Defense Language capita Fast Coast, Anacostia 
» US Naval Station, "eahingten, DC 


» 


3, (U) DATE APPROVED: 22 Decextber 1971, per ACBI letter, DAMI-DOI-8, 


V (ter 


subject: Aggressive Counterintelligense Program (ACIP) 
Operations. 


BACKGROUND: 


ACIP coverage of Defense Language Institute, East Coast 

(DLI, EC) was initiated by letter request DLIEC, dated 16 
November 1971, subject: Request for Aggressive Counterintelli- 
gence Support, It vas suspended on 17 February 1971 by ACSI 
Memorandum dated 16 February 1971, subject: Suspension of 
Certain Army Counterintelligence Programs, Information devel- 
oped by the ACIP is provided the serviced cammand on a regular 
basis by the Project Liaison Officer in his regular contact 
with the installation security office, Formal quarterly 
briefings are given the Cammander of the serviced installation 
or his designated ACIP Coordinator during hich the progress 

of the program is discussed and recommendations made for future 
coverage, 


. {CJ THREAT ANALYSIS: 


fhe Defense Language Institute East Coast Branch (DLIEC) con- 
ducts training in approximately 50 languages for an average 
student body of 1100, with responsibility for ciasesroom train- 
ing being placed upon civilian contract schools. No classified 


emmaterial is provided DLIEC instructors or students; therefore, 


u. 
* " 


. oe le no furcitiaetcon cur Ee pregan dxc lusira to protect 


The students reside at scattered locations throughout the 
Washington, DC area and the administrative control and super- 
vision over them is decentralized among several headquarters. 
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Most of the students are young, impressionable servicemen, 
subjected to minimm military control, who are encouraged to 
socialize with their instructora and to attend functions at the 
various embassics and lagations in the Washington area, The 
instructors are principally alien employees of a civilian eon- 
. $yact sebool over whom DLIEC exercises virtually no adminis- 
.. Aretive or supervisory control. 


gic I tuat 


H CONFIDENTIAL SOURCES UTILIZED: Spotting and assessing program 

| . for the recruitment of Confidential Sources has been instituted. 
| The recruitment of sources will be Limited to DoD civilians 

and military personnel assigned to the school. 

t 

| 

! 


7. (U) INFORMATION OBTAINED OFF-POST AND REPORTED ON NON-AFFILIATED 
CIVILIANS: None 


8.7 y USEFUL INFORMATION OBTAINED: None. Sources have not been 
reactivated, 


1 

i » i OPERATIONAL STATUS: Aggressive Counterintelligence Program 
LANYARD MOOD should be continued because of the extreme sensi- 
tivity of the personnel assigned the installation. Current 
activity centers sround the recruitment of sources to assure 

i coverage of sensitive areas designated by the responsible 

| comnanders. 
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ACIP QUARTERLY REPORT 


Period Ending: 31 Mareh 1972 
WARNING NOTICE: Sensitive Sources and Methods Involved 


i 1. (U) MICKRAME: CANCER PORCH (U) 
: 2, (v) bg - Defense Language Distitute Bouthvest, Biggs Field, 


3. (o) BATE APPROVED: 26 December 1971, per ACSI leather DAMI-DOI-5, 
subject: Aggressive Counterintelligence Program (ACIP) 
Operations. 


M. (uye3 BACKGROUND : 


ACIP coverage of the Defense Language Institute Southwest 

(DLI, SW) was requested by letter DLISC-S2/3, DLI, SW, dated 

23 October 1967, subject: Request for Aggressive Counterin- 
telligence Support and was instituted by this Command in 1968. 
Coverage was suspended on 17 February 1971 per ACSI Memorandum, 
dated 16 February 1971, subject: Suspension of Certain irmy 
Counterintelligence Programs. Information developed by the 

ACIP is provided the serviced command on a regular basis by the 
Project Liaison Officer in his regular contact with the installa- 
tion security intelligence office. Formal quarterly briefings 
are given the Commandant of the serviced installation or his 
designated ACIP Coordinator during which the progress of the 
progrem ig discussed and reccmmendations made for future coverage. 


5. (f) THREAT ANALYSIS: 


, General: The Defense Language Institute Southwest Branch 
(DLISW) is a subordinate facility of Headquarters, Defense 
Language Institute (DLI), and vas activated 1 August 1966, to 
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7T. (v) 


CIVILIANS: None 
8, {©} USEFUL INFORMATION OBTAINED: None. Sources have not been 
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,Oeived from the Vietnemese iwiienting that a group 
"left-wding" Vietnamese stwients vere planning to use 
T instruptors te enscwrage to the 
WS policy in Although the school has an 
/instzrattor non-freterni policy, the 
Close, long-term contact initiated during of 
on often resulta in the establisheet of close friend- 
ships. 


currently being assessed and developed, Sources utilized in the 
ACIP are DoD civilien and military employees of the serviced 
facility. 


INFORMATION OBTAINED OVF-POST AND REPORTED ON HON-^AFFILIATED 


reactivated, 


OPERATIONAL STATUS: Aggressive Counterintelligence Program 
CANCER PORCH sould be continued because of the extreme sensi- 
tivity of the personnel assigned to the installation. Current 
activity centers around the reactivation of former confidential 
scurces and the recruitment of ne. sources to assure coverage 
of sensitive areas designated by the responsible ecemmiers. 
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ACIP QUARTERLY REPORT 


Period Ending: 31 March 1972 


1. (U) NICKMAME: LAMDLESS TIME (U) 


2. (U) LOCATION: US Army Electronics Command, Philadelphia Facility, 
Philedelphia, PA. 


3. (U) DATE APPROVED: 19 January 1972 per ACSI letter DAMI-DOI-S, 
subject: Aggressive Counterintelligence Program (ACIP) Operations (U). 


«ue BACKGROUND: ACIP coverage of the Philadelphia Facility, US Army 
Electronics Cowwmnd, was initiated 8 October 1965 per letter AMSEL-SE-P, 
HQ6, US Aray Electronics Command, Fort Momnouth, NJ, subject: Request 
for Aggressive Counterintelligence Program (ACIP) Support (U). On 

17 February 1971, LANDLESS TIME was suspended per instructions contained 
in ACSI Memorandum dated 16 February 1971, subject: Suspension of Certain 
Army Counterintelligence Programs. This operation was reactivated per 
authority contained in ACSI letter cited in paragraph three sbove. Infor- 
mation developed by the ACIP is provided the serviced coamand on a regu- 
lar basis by the Project Liaison Officer ín his normal contact with the 
installation security/intelligence office. Forel quarterly briefings 
are given the Commander of the serviced installation or his designated 
ACIP Coordinator, during which the progress of the program is discussed 
end recommendations made for future coverage. 


5. (C) THREAT ANALYSIS: 


a. General: 


Downeredec at 12 year. 
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Lj 
s " During the existenoe of LANDLESS TIME, gne instance was reported 


iurolving an employee in which the employee had bee in close persenal 
contact with a foreign national. Investigation revealed the interest of 
hostile intelligence in this individual and subsequent contact by the 
foreign untional was indicative of a preliminary assesment. Information 
of a suitability nature vas also reported conoerninz several employees, 


eA [^2 CONFIDENTIAL SOURCES UTILIZED: None. The Project liaison Officer 
is checking to detemine the location, status, ani continued suitability 
of previous Confidential Sources for reactivation by the Project Control 
Officer, Sources utilized in LANDLESS TIME -A11 be recruited only from 
DoD efvilian and military personnel assigned the serviced installation. 


7. (U) ‘INFORMATION OBTAINED OFF-POST AND REPORTED ON NON-APFILIATED 
CIVILIANS: Bone 


[14 46 USEFUL INFORMATION: Because the operation is in its initial 
phase of reactivation, no useful information of counterintelligence 
interest to MI and the serviced command, Philadelphia Fecility, US Army 
Ziect cB Capmand, »as developed. 


| $/A C) OPERATIONAL STATUS: The operation should be continued because 
of the current sensitivity of the installation. Current activity centers 
aramd the reactivation of former confidential sources and the recruitment 
P of new sourees to assure coverage of sensitive areas designated by the 
= Comander of the facility, 


i 

A 
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ACIP QUARTERLY REPORT 


Period Ending: 31 March 1972 


d x - —NABNIKG-NOTICE--Sensitiye-Socrees-and-Miethods Involved — 
1. (v) anromue: GONDOLA STAR (U) 


2. (V) ADCHETON: Aberdeen Proving Ground, MD 


3. (v) 


(ej 


pae APPROVED: 1% February 1972, per ACSI letter DANI-DOI-5, 
subject: Aggressive Counterintelligence Program (ACIP) 
Operations, 


BACKGROUND: 


ACIP eoverage of Aberdeen Proving Ground was initiated by 
letter AMCIS-SI, US Army Materiel Command, dated 29 November 
1965, subject: Request for Aggressive Counterintelligence 
Program (ACIP) (U). On 17 February 1971, GONDOLA STAR was 
suspended per instructions ACSI-STF Memorandum, dated 16 
February 1971, subject: Suspension of Certain Army Counter- 
intelligence Programs. Information developed by the ACIP is 
provided the serviced cammeand on a regular basis by the Project 
Liaison Officer in his regular contact with the installation 
security office. Formal quarterly briefings are given the 
Commander of the serviced installation or his designated ACIP 
Coordinstor during which the progress of the program is dis- 
cussed and recommendations made for future coverage. 


THREAT ANALYSIS: 
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6. e CONFIDENTIAL SOURCES UTILIZED: Initial contact has been made 
with two sources utilized prior to GONDOLA STAR's suspension, 
Also, action is being taken to reerwit additional sources, 
Aetivation of these sources mist await their complete assesament. 


7. (U) INFORMATION OBTAINED OFF-POST AND REPORTED ON NON-AFFILIATED 
CIVILIANS: None 


8, USEFUL INFORMATION OBTAINED: None. Sources have not been 
reactivated, 


9. ) OPERATIONAL STATUS: Aggressive Counterintelligence Program 
GONDOLA STAR should be eontinued because of the extreme sensi- 
tivity of the installation and because of the potential threat 

_ % the National security posed by the sensitive mission per- 

farmed by Aberdeen Proving Ground. Current aetivity centers 
Around the resctivation of former confidential sources and the 
wetruitment of new sources to sssure coverage of sensitive BPeAS 
designated by the responsible commanders. 
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ACIP QUARTERLY REPORT 


Period Ending: 31 March 1972 


_ WARMING RG TICE: bensiin oeerete ter S ott 
Tiene: GORG SILK (U) 


LOCATION: Pleatimy Arsel, B 


(U) -DATE APPROVED: 15 February 1972 per ACSI letter DAMI-DOI-6, 


a 


qe 


Aggressive Counterintelligence Progrem (ACIP) 


ACIP coverage of the Ub Army Munitions Command and Pica- 

tinny Arsenal, NJ, as initiated 15 May 1960 per letter 
AMEMU-S5-5, HOS US Army Munitions Command, subject: Request 
for iggressive Counterintelligence Program (ACIP) Support (U). 
On 17 February 1971, GONG SIIK -ns suspended per instructions 
contained in ACSI Memorandum dated 16 February 1971, subject 
Suspension of Certain Army Counterintelligence Programs. The 
operation was reactivated per authority contained in ‘CSI 
letter cited in paragreph three above. Information developed 
by the ACIP is provided the serviced command on a regular basis 
by the Projeet Liaison Officer in his normal contact with the 
installation security office. Formal quarterly briefings are 
given the Commander of the serviced installation or his desic- 
nated ACIP Coordinator during vhich the progress of the pro- 
gran is discussed and recommendations made for future coverage. 


THREAT ANALYSIS 
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b, Developed Information: Previously, GONG SIIK provided 
extensive information concerning contact, both personal and 


also reported foreign individuels seeking scientific 
papers published by ths employees. Many instances vere reported 
eharacter d and behavior problems of 


concerning weaknesses 
enplayees, six of which resulted in termination of employment. 


e. b CONFIDENTIAL SOURCES UTILIZED: None. The Project Liaison 
Officer ia comiucting discreot checks to determine the location, 
status and continued suitability of previous Confidential Sources 
for reactivation by the Project Control Officer. Sources util- 
ized in GONG BILK -i11 be recruited only from DoD civilian and 
military personnel assigned st the serviced tustallation. 


T. (U) INFOEMATION OBTAINED OFP-POGT AND REPORTED ON EON-^AFFILIATED 
CIVILIANS: Hone 


8. USEFUL INFORMATION OBTAINED: Because the operation is in ite 
dinitisl phase of weinstiUstion, no useful information of comter- 
. émtelligenoe interest was Gevreloped. 
9. Ve). OPERATIONAL STATUS: The operation chonld be continued becmuse 


> diy of the mission it performs for the Department of the Amy. 
Current activity centers around the reactivation of former 
confidential sources and the recruitment of new sources to 
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ACIP QUARTERLY REPORT 


Period Ending: 31 March 1972 


—— —— IM 


1. (U) NICKNAME: CENTRAL TAXI (U) 


2. (U) LOCATION: Fort Monmouth, KJ 


3. (U) DATE APPROVED: 16 February 1972, per ACSI letter DAMI-DOI-S, 
subject: Aggressive Counterintelligence Program (ACIP) Operations. 


4. (U) BACKGROUND: ACIP coverage of the US Army Electronics Comand, 
Fort Monmouth, NJ, was ínítísted 4 October 1967 per letter AMSEL-EI, EQS, 
US Army Electronics Command, subject: Request for Aggressive Counter- 
intelligence Support (U). On 17 February 1971, CENTRAL TAXI was sus pended 
per instructions contained ín ACSI Memorandum, dated 16 February 1971, 
subject: Suspension of Certain Army Counterintelligence Programs. The 
operation was reinítíated per authority contained ín letter cited in 
paragraph 3 above. Information developed by the ACIP is provided the 
serviced command on a regular basis by the Project Liaison Officer in 

his normal contact with the installation securíty office. Formal quarterly 
briefings are given the Commander of the serviced installation or hia 
designated ACIP Coordinator during which the progress of the program is 
discussed and recommendations made for future coverage. 


5. (C) THREAT ANALYSIS: 
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ere recruited only fras muing the DoD civilian and military personnel 
assigned the serviced facility. 


e M 


7. (U) INFORMATION OBTAINED OFF-POST AND REPORTED ON NON-AFFILIATED 
CIVILIANS: None 


8..\(c) USEFUL INFORMATION OBTAINED: Because the operation is in its 
initial phase of reinstitution, no useful information of coumterintelli- 
gence interest was developed 


9. V(&) OPERATIONAL STATUS: The operation should be continued because 

of the current sensitivity of the installation, and the criticality of 

the mission it performs for the Department of the Army. Current activity 
centers around the reactivation of former confidential sources and the 
recruitment of new sources to assure coverage of sensitive areas designated 
by the Commanding General, USAECOM, 
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ACIP QUARTERLY REPORT 
Period Ending: 32 Mareh 1972 
—WARNING-NOTIGE--Senzitiyc Sources erd Methsds-Inyolved — 
,VPICKMAME: CANARY EFFORT (u) 
,MCATION: Fart Hisense; MD 
NA APPROVED: 26 Pebvunsy 1972, per ACSI letter DAMI-DOI-5, 


Aggressive Counterintelligence Program coverage of Fort Ritchie, | 
MD, was initiated ll August 1965, per letter SCCJ-B, HQS, US Army | 
Joint Support Command, subject: Aggressive Counterintelligence i 
Program, On 17 February 1971, CANARY EFFORT sms suspended per 
instructions contained in ACSI Memorandum dated 16 February 1971, 
mibject: Suspension of Certain Army Counterintelligence Prograns. 
The operation was reinitieated per authority contained in letter 
cited in paragraph 3, above. Information developed by the ACIP 

is provided the serviced command on & regular basis by the Project 
Liaison Officer in his regular contact with the installation 
security office. Formal quarterly briefings are given the Commander 
of the serviced installation or his designated ACIP Coordinator 
during hich the progress of the program is dhscussed and recommen- 
dations made for future coverage. 


THREAT ANALYSIS: 
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6. 


CONFIDENTIAL SOURCES UTILIZED: Initial eontact made with 
three Confidential Sources previously utilized prior to suspen- 
sion of operatian. One of the three has been reassigned on 
base and reassessment will be made to determine whether he is 
now within a legitimate target. Reactivation of the other two 
sources ig taking pisce. Sources utilized in the ACIP are DoD 
civilian and military enployees of the serviced facility. 


‘et 


7. (U) INFORMATION OBTAINED OFF-POST AND REPORTED ON NON-AFFILIATED 
CIVILIANS: None 


ACA USEFUL INFORMATION: None. Sources have not been fully 
reactivated. 


9. V OPERATIONAL STATUS: Aggressive Counterintelligence Progran 
CANARY EFFORT ahould be continued because of the extreme sensi- 
tivity of the installation and its mission within DoD as an 
Alternate National Command Post in time of emergency. Current 
activity centers around the reactivation of former eonfidential 
sources and the recruitment of new sources to assure coverage of 
sensitive targets or areas designated by the commander. 
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ACIP QUARTERLY REPORT 


Period Ending: 31 March 1972 


NICKNAME: LENIENT CLOUD (U) 


2, (B) LOCATION: Carlisle Barracks, PA 


MEME 
|$ 


| "7 
| 5 


DATE APPROVED: 16 February 1972 per ACSI letter DAMI-DOI-5, 


Subject: Aggressive Counterintelligence Program (ACIP) 


Operations (U). 
BACKGROUND: 


ACIP coverage of Carlisle Barracks and the US Army War College 
was initiated 13 August 1965 per letter ^IBCB, HQS, Carlisle 
Barracks, subject: Counterintelligence Program, On 17 
February 1971, LENIENT CLOUD was suspended per instructions 
contained in ACSI Memorandum dated 16 February 1971, subject: 
Buspension of Certain Army Counterintelligence Programs. This 
operation was reactivated per authority contained in ACSI 
letter cited in paragraph three above. Information developed 
by the ACIP is provided the serviced command on a regular basis 
by the Project Liaison Officer in his normal contact with the 
installation security/intelligence office, Formal quarterly 
briefings are given the Commander of the serviced installation 
or his designated ACIP Coordinator, during which the progress 
of the program is discussed and recammendations made for future 
coverage. 
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7. (U) INFORMATION OBTAINED OFF-POST AND REPORTED ON NON-DoD 
AFFILIATED CIVILIANS: None 


8. (U) USEFUL INFORMATION GBTAINED: Because the operation is in its 
initial phase of reinitiation, no useful information of 
ecunterintelligaenoce significance was developed. 


Pet ys 
9. (9) OPERATIONAL STATUS: This operation should be continued 
beecsuse of the sensitivity ef the installation and the 
eritieality of the mission it performs for the Department of 
E the Any. Current activity includes the briefing of the 
a ee er ee eed 
E - the suspension of the operation. Following this briefing, 
4 recontact of former confidential sources will be attempted, 
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 CONFIBENTIRL. 


ACIP QUARTERLY REPORT 
Period Ending: 3l March 1972 


NICKNAME: CANAL LOOP (U) 


‘LOCATION ; Rdgewood Arsenal, WD 


DATE APPROVED: 16 February 1972, per ACSI letter DAMI-DOI-S, 
wubject: Aggressive Counterintelligence Progres (ACIP) 
Operations. 


BACKGROUND: 


ACIP coverage of Edgewood Arsenal was initiated 15 June 1965 

by letter of request of the Commanding Officer, Edgewood 

Arsenal, thru the Commanding Generals, US Army Munitions 

Command and US Army Materiel Command. On 17 February 1971, 

CANAL LOOP was suspended per instructions contained in ACST 
Memorandum dated 16 February 1971, subject: Suspension of 
Certain Army Counterinteiligence Programs. This operation was 
reinitiated per authority contained in letter cited in paragraph 
three above, Information developed by the ACIP is provided the 
serviced command on & regular basis by the Project Liaison Officer 
in his regular contact with the installation security office. 
Formal quarterly briefings are given the Commander of the ser- 
viced installation or his designated ACIP Coordinator during 
which the progress of the program is discussed and recommendations 
made for future coverage. 


5. (CJ HREAT ANALYSIS: 
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. 6. (Dj CONFIDENTIAL SOURCES UTILIZED: Duti Contact made with five 
Sources previously utilized prior to suspension of 
operstion, Agttvation of these sources will take place following 
further assesment. Soummes recruited for utilisation within the 
is AGIP exe United to DoD aiviliana «ni military personne] assigned 
ee i 


- i OFP-FOST. AAG, KEFORIED ON NON-AYFILJATED 
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m 
9. (C) OPERATIONAL STATUS: Aggressive Counterintelligence Program 
PA CANAL LOOP should be continued because of the extreme sensi- 
tivity of the installation and because of the potential threat 
to the National security posed by the sensitive mission per- 
formed by Edgewood Arsenal. Current aetivity centers around 
| = the reactivation of former sonfidenti&l sources and the recruit- 
p , ment of new Bources to assure coverage of sensitive areas desig- 
| pated by the responsible commanders. 


aNDED Bi 
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J | f rts TAL DURS t : on Ree onde ec E T N FF 

v. ACTION - 4 ! : 
REFERRAL SLiP | 

Q FILE NUMBER DATE CASE NUMBER 


SUMMARY (Sources, date, and subject or short title) OC of SA 


Quarterly Report to USofA re ACIP Operations 20 April 1972* 


OuUSof A 


ADVANCE COPY provided 


ACTION ASSIGNED TO 


B APPROPRIATE ACTION E NOTE AND (Forward) (Retum) E 
X e 
CIMECT REPLY, COPY OF REPLY TO 
INFORMATION ON WHICH TO BASE & REPLY 
pat "PARE/Dralt y FinaljREPLY FOR SIGNATURE OF REPORT ESTIMATED COMPLETION DATE BY 
PROVIDE ASSISTANCE AS REQUIRED 
COORDINATE WITH COPY FURNISHED TO 
INFORMATION ( ) 
X|DOMS, DSGS (CAR 


HEMADOKS 
O *This RS will remain in effect indefinitely; new suspense will be announced each 


BY DIRECTION OF THE CHIEF OF STAFF: 


Placu SA NEM 


HARRY E. B. SULLIVAN 

LTC, GS 

Assistant Secretary of 
the General Staff 


~ 
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DATE 
gi RECEIPT CF DOCUMENT IDENTIFIED ABOVE IS ACKNGWLEDGED: | 
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1€SMORARDUM FOR THR VICE COlZLrP OF STATE 
United States Aray 


SUBJECT: Asgressive Counterf{ntelligence Propran (ACIP) Operations 


On 4 December 1971 you forwarded to re a nenorendua fron the 
Assistant Chief of Staff for Intellizence, SUBJZCT:  Countertntel- 
ligence Policy Guidance, which informed me of the ACSI's decision 
te reactivate certain Aggressive Counterintelligence Proeram (ACIP) 
Operations. Attached to the wesorandun vss the operation plan far 
one guch operction. I have reviewed that zenorandus and the attached 
plan, and althoush I appreciate the consefentious steps which have 

' been taken to assure adherence to current policies in this area, I 
Yenain concerned that this progran may be placing us in a highly 
vulnerable position. 


DoD Directive 5200.27 and the inplesenting Amy policy letter 
dated 1 June 1971 impose two restrictions which are particularly 
relevant te ACIP operations. First, they require that there be 
“po covert or otherwise deceptive surveillance or penetretion of 
civilian orcavizations without the prior epproval of tha Chairman, 
DIRC (now the Assistant Secretary of Defenae (Comptroller)). Second, 
they prohibit casinning Dob personnel "to attend rublic or private `- 
meetings, dezonstrations, or other sioílar activities for the 
purpose of acquiring information the collection of which is 
authorized” without wy prior approval, except in emergency sitoa- 
‘tions. These prohibitions apply whether or not the formcl "target" 
of the cperation is affiliated with the Department of Defense. 
Although the ACSI letter enprovinz the first reactivate ACIP 
operation incorporates theae restrictions by reference (paragraph 
3a), the operation plan and relsted documents cbviously assume 
that confidectial sources workin? in the operation may obtain aad 
report informstion which they receive in the course of activities 
off military installations. ‘hile the plan prohibits extending 
the collection effort "éirectly to non-op personnel (pararravh 
éa(a)), and while the ACSI approval letter prohibits naking non- 

; DoD personnel targats of off-nost surveflinzce, I would assen 
that it is entirely possible that in the course of thetr off-nost 
activities confidential sources wight obtri and report information 
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on non-affiliated civilians. Althoush such activíty ptvht uot in 
all situations be forbidden by DoD Directive 5200.27, it is clearly | 
on the borderline, and I therefore feel it is very important that 
these operations be closely supervised and tightly controlled. 


In order to make an taferned decision about whether further 
controls are necessary (ineludine possible Under Secretsry or DIRC 
review of each operation), I would appreciste your taktoy the 
following steps. 


1. Eesinning March 31, 1972, I would like to 
receive a quarterly report containing the following 
information ou each ACIP operation in progress at 
any tine during the resorting peried. Date approved, 
eode-name, location, number of confidential sources 

_uged during reporting period, number of instences 
ín which inforaation ou non-affiliated civilians is 
obtained off -post and reported, sud a brief narrative 
gstatesent explaining whether useful information was 
Obtained during the reporting period, whether the 
operation ia to be continued, and £f ao, why. These _ 
reporta may be submitted 30 cays 2fter the close of 
the calendar quarter which they cover. 


2. With the second quarterly report, which will 
be due July 31, 1972, I would ltke to raceive a full 
analysis of this program, including its value In terra 
of producing ugeful information and the adequacy of the 
controls which have been icposed. Recommandations for 
aay farther necessary controls should be included, 


(sgd) Kenneth E. Belie" 


Kenneth E. Dekteu 
Vader Secretary of the Arsy 


" *CVUF 1YHÀ OL IHE VERA 


VELICE 


-EB g 19 OF YH AS 


Ci ttooi C3Q0llb 
VDhNIMICISVIIAE 
ClabYi2HcÜ 


Page 1574 of 3957 


Page 1575 of 3957 


Freedom of Information Act/Privacy Act 
Deleted Page(s) Information Sheet 


Indicated below are one or more statements which provide a brief 


rationale for the deletion of this page. 


Information has been withheld in its entirety in 
accordance with the following exemption(s): 


It is not reasonable to segregate meaningful portions of the 


record for release. 


Information pertains solely to another individual with no 
reference to you and/or the subject of yoür request. 


kage originated with another government agency. It has 
been referred to them for review and direct response to you.: 


Information originated with one or more government agencies. 
We are coordinating to determine the releasability of the 
. information under their purview. Upon completion of our 
coordination, we will advise you of their decision. 


DELETED PAGE(S) 
NO DUPLICATION FEE 


FOR THIS PAGE. 


| Page (s) 75-78 


IAGPA-CSF Form 6-R 
1 Sep 93 
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THIS MUST REMAIN TOP DOCUMENT 


DOSSIER NO. zron WA 


Vol 2 of 7 Vols 


As of 18 Sep 85 all material included 


(Date) 


in this file conforms with DA policies currently 


in effect. 


18 Sep 85 


Signature Date Signed 


i GS5 
(Printed Name) (Grade) 


Provtewed for Retention 
Criteria UP AR 381-10 
Reviewer f "Date 13 


THIS MUST REMAIN TOP DOCUMENT 


IA (HQ) Form 2214 Replaces MIIA Fm 315, 1 Jun 75, which may be 
(1 Sep 78) used until supplies are exhausted. 
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DEPARTMENT OF THE ARMY 
OFFICE OF THE CHIEF OF STAFF 
WASHINGTON, D.C. 20310 


2 November 1973 


MEMORANDUM FOR: UNDER SECRETARY OF THE ARMY 


SUBJECT: Aggressive Counterintelligence Program (ACIP) Operations (U) 


1. (U) Reference is made to memorandum, Under Secretary of the Army, 
dated 8 February 1972, subject as above. 


2 (uxo The nine Aggressive Counterintelligence Program (ACIP) Operations 
reported by memorandum to you last quarter, all remaín active. Two new 
operations CANARY STONE at Dugway Proving Ground, Utah and CENTAUR RACE 

at Fort Lewis, Washington were requested by the installation commanders, 
approved by ACSI, DA and implemented during the reporting period. These 
operations bring the total to 11 active ACIP's. At present, five ACIP 
proposals have been submitted by CONUS field commanders for considera- 
tion. The report of current operations for the quarter ending 30 September 
1973 is attached. 


3 (axe The primary values of ACIP operations are ín their potential for 
early warning and detecting internal security weakness and security 
threats to the supported command. Inasmuch as these operat-:ons are a 
form of intensified security watchfulness, negative reports in them- 
selves are frequently of value to a commander in planning for security 
requirements of a given installation or activity. 


M M 


Aum Puce opm. 
Classified by... DAMI-DO ^ — — diis eee 
EXEMPT FROM GENERAL DECLASSIFICATION p 
SCHEDULE OF EXECUTIVE ORDER 11652 a 
EXEMPTION CATECORY € 
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DEPARTM THE ARMY 
OFFICE OF THE ASSISTANT CHIEF OF STAFF FOR INTELLIGENCE 
WASHINGTON, D.C. 20310 


REPLY TO 


ATTENTION oF; DAMI-DOI-S : 29 OCT 1973 


MEMORANDUM FOR: VICE CHIEF OF STAFF, UNITED STATES ARMY 


SUBJECT: Aggressive Counterintelligence Program (ACIP) Operations 


l. Reference Under Secretary of the Army memorandum, dated 8 February 
1972, subject as above (Inclosure 2). 


2. Recommend your approval and signature of the memorandum at 
Inclosure 1 which transmits the report required by the cited reference. 


3. Coordination: None required. 


2 Incl OLIVER B. PATTON 
1. Memo for USofA Brigadier General, GS 
w/attachment (CONFIDENTIAL) Acting ACofS for Iatelligence 
2. Memo for VCSA, 8 Feb 72 
(SECRET) 

2 Nov 1973 


APPROVED - VCSA w/comment: "Why the title 'Aggressive CIP'? Drop the 
'aggressive' unless there's some rationale for it that escapes me." 


J; 
Assistant Secretary of 
the General Staff 


- Regraded UNCLASSIFIED wnen Ww 
separated from classified 


is 


inclosures. 
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" x À Í 
5 . ^ .. sATROL NUMBER 
ACTIV SHEET J P" alsa 
ea” <a -. 
OFFICE SYMBOL SUSPENSE 
Aggressive Counterintelligence Program ACIP) Operations DAMI-DOI-S 


DATE 


19 October 1973 


ACTION REQUIRED 


To obtain approval of the quarterly ACIP report. 


MEMORANDUM FOR RECORD.  ( Describe briefly the requirement, background and action taken or recommended. Must be sufficiently detailed to identily 


the action without recourse to other sources. ) 


1. BACKGROUND: 


a. By memorandum dated 8 February 1972 (GREEN TAB B) the Under Secretary of the 
Army requested the Vice Chief of Staff, US Army, provide quarterly reports on all ACIPs 


b. This is the sixth such quarterly report. 
c. USAINTC input is at GREEN TAB C. 


2. DISCUSSION: The memorandum at GREEN TAB A forwards a memorandum to the VCSA to 
forward the report for the quarter ending 30 September 1973. 


3. RECOMMENDATION: That the memorandum to the VCSA at GREEN TAB A be approved and 


signed. 
(Continue on plain bond) 
IMPLICATIONS CINFO yes [] no (J PRIM PROGS ves [ ] no [7 | BUDGET ves (] no [ 
COORDINATIONS E APPROVALS 
OFFICE NAME PHONE | INITIALS DATE 
BR 
DIV E Z4 0t 
— WES C4 Ole dD 
[DER nem jQ 2); 
EX 
T 
ACSI 
: B DISPATCHED (DTG) 
j BMQUCU Uu d t 
! 
: vpadi dicey z 
[Classified IncliosuregtO™ ADDITIONAL COORDINATION ON REVERSE SIDE OR CONTINUATION Sj g 
H () 


ACTION OFFICER (Name, grade, phone and signature) 


a< Damn C EL ACTIONS BR 


R.M. STROM, LTC/77017 eea : C S COPY 


ACSI FORM 28, 13 Sep 71 


( 


REGRADEO 


WHEN SEPARATED FROM CLASSIFIED 
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CURRENT ACIP OPERATIONS 


ACIP NUMBER CONFI- 

LOCATION NICKNAME DATE APPROVED DENTIAL SOURCES 

Edgewood Arsenal, CANAL LOOP | 16 Feb 72 5 
Maryland 

Fort Ritchie, CANARY EFFORT 16 Feb 72 3 
Maryland 

Dugway Proving Ground, CANARY STONE 18 Jul 73 0 
Utah 

Fort Lewis, CENTAUR RACE 30 Jul 73 0 
Washington 

Fort Monmouth, CENTRAL TAXI 16 Feb 72 3 
New Jersey 

Aberdeen Proving Grounds, GONDOLA STAR 16 Feb 72 2 
Maryland 

Picatinny Arsenal, GONG SILK 16 Feb 72 3. 
New Jersey ; 

Philadelphia, LANDLESS TIME 19 Feb 72 3 
Pennsylvania 
(Electronics Command) 

Washington, D.C. LANYARD MOOD 22 Dec 71 0 
(Language School) 

Carlisle Barracks, LENIENT CLOUD 16 Feb 72 4 
Pennsylvania (Army 
War College) 

Presidio of Monterey, LENTIL MONKEY 26 Oct 71 1 
California 


TOTALS 11 11 <24 


OD UN ‘OLA c 


E nei M ie M SEP -5 [a IFIED 


MUVUO4XÀT anataenn en ones 
what te x 2217 W t i orza 


Page 1582 of 3957 


Page 1583 of 3957 


ARTMENT OF THE ARMY 
HEADQUARTERS 
U S ARMY INTELLIGENCE COMMAND 
FORT MEADE. MARYLAND 20755 


ICDO-OP 


SUBJECT: Quarterly Reporting of Aggressive Counterintelligeace 
Program (ACIP) Operations (U) 


HQDA (DAMI-DOI-S) 
WASH DC 20310 


1. (U) References: 
a. Letter, DAMI-DOI-S, 8 March 1972, subject as above. 
b. Letter, ICDISO-OC, 11 October 1972, subject as above. 
c. Letter, ICDO-OP, 12 July 1973, subject as above. 


2. (U) In compliance with reference a, above, the ACIP quarterly re- 
port for the period 1 July - 30 September 1973 is forwarded herewith. 


3. (U) Operational and administrative control measures outlined in 
reference b, above, remained in effect during the reporting period. 
There were no reported instances of acquisition of information on 
non-DoD affiliated personnel. 


i Xe During the reporting period emphasis was placed upon improving 
the viability of the program and stressing its importance at all levels 
throughout the Command. The seope of existing operations is currently 
being broadened to provide source coverage in depth of the designated 
target areas. The result should be an increase in significant items 
reported to the supported commanders. 


se ACIP briefings were given to appropriate staff members of the 
newly formed major commands, TRADOC and FORSCOM. Procedures were imple- 
mented to have the same briefing presented to selected commanders at the 
local level. This effort is expected to result in additional ACIP re- 
quests. In conjunction with these actions, the ACIP implementation 
process is being examined with a view towards decreasing the length of 
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ICDO-OP 
SUBJECT: Quarterly Reporting of Aggressive Counterintelligence 
Program (ACIP) Operations (U) 


time between the receipt of & request for an operation and the date it 
beeomes productive. Two plans for new operations are being processed 

&nd will be forwarded for approval. These, plus the recently approved 
operations at Seneca Army Depot the Management Systems Support Agency, 
will add four ACIP gains during the next quarter. 


FOR THE COMMANDER: 


š EN ` > > NE 
VUL ee 
il Incl JESSE D. JOY, JR. 
as ;54, Colonel, GS 


“¿tt Deputy Chief of Staff, Operations 


FIED 


a 


REGRADED UNCLASS 

ON EP -5 1997. 
RY CDR USAIN OOM roe. : 
AUTH Para 1-603 HOD 5 520 i.i 
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1. CANAL LOOP: (OACSI Approval - 16 Feb 72) 
a. Location: Edgewood Arsenal, Edgewood, MD 


b. Confidential Source Utilization: Five sources were utilized 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible 
security hazard was developed during the reporting period. 


e. Operational Status: The sensitivity of the activities servived 
has not diminished and the supported command desires that the operation 
be continued. 


ie 
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2. CANARY EFFORT: (OACSI Approval - 16 Feb 72) 


a. Location: Fort Ritchie, MD 


b. Confidential Source Utilization: Three sources were utilized 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: A civilian staff member at the 
installation has projected a trip to the USSR. This matter will be 
monitored on a continuing basis to determine if attempts to exploit 
have been or will be made by hostile intelligence. 


e. Operational Status: Continuation of the operation is desired 
by the supported commander. A new Project Liaison Officer has just 
reported and assumed his duties. 


e Wit  DESQAS ANAL Is 
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3. CANARY STONE: (OACSI Approval - 18 Jul 73) 
a. Location: Dugway Proving Ground, Utah 


b. Confidential Source Utilization: No sources were recruited 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 
d. Useful Information Obtained: None 


e. Operational Status: This operation was implemented with tbe 
briefing of the commander on 21 August 1973, and has not yet become fully 
operational. 
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4, CENTAUR RACE: (OACSI Approval - 30 Jul 73) 
a. location: Fort Lewis, WA 


b. Confidential Source Utilization: No sources were recruited.. 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: None 


e. Operational Status: This operation was implemented with the 
briefing of the commander and staff on 23 August 1973, and has not yet 
become fully operational. 
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are cO 
sae anit 
e Le B Q. et gov 
OF Cod Ve AO 
ex ea 
V Classified by DCS SGA... Link SAL. TE.. 
Beau 2 QE UT un DtUON 


af 


Page 588 6f3957 


Page 1589 of 3957 


5. CENTRAL TAXI: (OACSI Approval - 16 Feb 72) 


a. Location: Headquarters, US Army Electronics Command, 
Fort Monmouth, NJ 


b. Confidential Source Utilization: Three sources were used during 
the reporting period. 


c, Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of & hostile threat to the installation or & possible security 
hazard was developed during the reporting period. 


e. Operational Status: The Director of Security believes that the 
mission and function of this command place it high on hostile intelligence 
target priorities. One additional source was approved for recruitment 
during the reporting period. 
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6. GONDOLA STAR: (OACSI Approval - 17 Feb 73) 
a. Location: Aberdeen Proving Ground, MD 


b. Confidential Source Utilization: Two sources were utilized during 
the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: Inasmuch as the sensitivity of the activities 
serviced remains the same, the commander desires that the operation con- 
tinue. The Project Liaison Officer retired on 31 July 1973, and his re- 
placement is not expected until 1 November 1973. ‘This will unfortunately 
delay the planned expansion in source coverage. 
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7. GONG SILK: (OACSI Approval - 16 Feb 72) 
a. Location: Picatinny Arsenal, Dover, NJ 


b. Confidential Source Utilization: Three sources were utilized 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: The sensitivity of the activities covered 
remains extreme, so that the operation should be continued. Same 
target areas were cancelled with the departure of the Munitions 
Command, so that coverage should be somewhat simplified. 
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8. LANDLESS TIME: (OACSI Approval - 19 Jan 72) 
a. Location: Philadelphia Facility, US Army Electronics Command 


b. Confidential Source Utilization: Three sources were contacted 
during the reporting period. 


e. Information Obtained: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: Of the three sources contacted, one re- 
tired and one transferred to another DoD facility, leaving the single 
source indicated in the previous report. The Project Liaison Officer 
will spot and assess prospective sources among the personnel moving to 
Fort Monmouth for utilization when this operation is incorporated into 
CENTRAL TAXI. At the request of the commander, coverage will continue 
until the facility is phased out. 


d 
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9. LANYARD MOOD: (OACSI Approval - 22 Dec 71) 


a. Location: Defense Language Institute East Coast Branch 
Anacostia Naval Annex, Washington, DC...... - 


b. Confidential Source Utilization: To date, this operation 
has been using conventional sources. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: Effective with the beginning of the new 
reporting period, the modus operandi is being changed to develop 
confidential sources in addition to the conventional sources used here- 
tofore. Targets will be reconfirmed and redefined as necessary. 
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10. LENIENT CLOUD: (OACSI Approval - 16 Feb 72) 
a. Location: US Army War College, Carlisle Barracks, PA 


b. Confidential Source Utilization: Four sources were utilized 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: Two security hazards and three 
instances of suitability information were reported. Foreign travel 
by one employee was not considered significant. 


e. Operational Status: An additional targetis being added. During 
the period, the newly assigned Project Liaison Officer developed & total 
of 25 conventional sources who are being contacted on & regular basis. 
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11. LENTIL MONKEY: (OACSI Approval - 26 Oct 71) 


a. Location: Defense Language Institute West Coast Branch 
Presidio of Monterey, CA 


b. Confidential Source Utilization: One source was recruited during 
the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicatethe 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period, 


e. Operational Status: Seven additional students are being 
processed for use as confidential sources, and 20 conventional sources 
were recruited for broad coverage of target language departments. In 
addition, all of the 132 class monitors have been given SAEDA briefings 
and directed to report any incidents occurring in the classes. 
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^NTROL NUMBER 


AC..oN SHEE 


OFFICE SYMBOL . SUSPENSE 


DAMI-DOI-S 


DATE 


19 July 1973 


ACTION REQUIRED. To obtain approval of a quarterly report. 


MEMORANDUM FoR RECORD. (Describe briefly the requirement, background and action taken or recommended. Must be sufficiently detailed to identify 


SUBJECT 


Aggressive Counterintelligence Program Operations 


the action without recourse to other sources. ) 
1. BACKGROUND: 


a. By memorandum dated 8 February 1972 (GREEN TAB B) the Under Secretary of the Army 
requested the Vice Chief of Staff, US Army, provide quarterly reports on all ACIPs. 


b. This is the fifth such quarterly report. 


c. USAINTC Input is at GREEN TAB C. 


2. DISCUSSION: The memorandum at GREEN TAB A forwards a memorandum to the VCSA to for- 
ward the report for the quarter ending 30 June 1973. 


eus 


3. RECOMMENDATION: That the memorandum to the VCSA at GREEN TAB A be approved and 
signed. 


(Continue on plain bond) 


IMPLICATIONS CINFO ves [] No[] PRIM PROGS ves [ ] no C] | BUDGET ves [ J no [] 
COORDINATIONS APPROVALS 
OFFICE NAME ITIALS DATE 
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SHOW ADDITIONAL COORDINATION ON REVERSE SEDE OR CONTINUATION SHEET 


ACTION OFFICER (Name, grade, phone and signatur 


R. MYERS, CPT/77017 


ACSI FORM 28, 13 Sep 71 
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OFFICE OF THE ASSISTANT CHIEF OF STAFF FOR INTELLIGENCE 
WASHINGTON, D.C. 20310 


REPLY TO 


ATTENTION oF: DAMI-DOI-S JUE 1973 


MEMORANDUM FOR: VICE CHIEF OF STAFF, UNITED STATES ARMY 


SUBJECT: Aggressive Counterintelligence Program (ACIP) Operations 


1. Reference Under Secretary of the Army memorandum, dated 8 February 
1972, subject as above (Inclosure 2). 


2. Recommend your approval and signature on the memorandum at Inclosure 1 
which transmits the report required by cited reference. 


3. Coordination: None required. 


2 Incl WILLIAM E. POTTS 
1. Memo for USofA Major General, GS 
w/attachment ( ) ACofS for Intelligence 
2. Memo fox VCSA, 8 Feb 72 
, OLIVER B. PATICN 
Prigadier General, GS 
Deputy ACofSfor Int elligence 
1 AUG 1973 


APPROVED - VCSA. 


AsSistant Secretary of 
the General Staff 


CPT Myers/bah/77017 
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OFFICE OF THE CHIEF OF STAFF 
WASHINGTON, D.C. 20310 


l August 1973 


MEMORANDUM FOR: UNDER SECRETARY OF THE ARMY 


SUBJECT: Aggressive Counterintelligence Program Operations 


l. Reference memorandum, Under Secretary of the Army, dated 8 February 
1972, subject as above. 


2. Of the 11 Aggressive Counterintelligence Program (ACIP) Operations 
reported to you by memorandum from this office, dated 4 May 1973, subject 
as above, nine remain in effect. Operation CANCER PORCH at the Defense 
Language Institute, Southeast Branch was terminated with the closing of 
the activity on 31 May 1973. Operation CANDID FROLIC at Fort Ord, Cali- 
fornia, was terminated on 12 June 1973 at the request of the installatiou 
commander. No new ACIP operations were initiated. The report oi current 
operations for the quarter ending 30 June 1973 is attached. 


3. The primary values of ACIP operations are in their potential for earlv 
warning and for detecting internal security weakness and security threo: 
to the supported command.  Inasmuch as these operations are a form of 
intensified security watchfulness, negative reports in themselves are 
frequently of value to a commander in planning for security requirements 
of a given installation or activity. 


g 
D 


l Incl FRED C, WEYAN 
as (CONFIDENTIAL) General, Unifed States Army 
Vice Chief"of Staff 


CPT Myers/bah/77017 
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BAMI-DOT-5 


_vi ide 


MEMORANDUM FOR: ACTING VICE CHIEF Gr STAFF, UNITED STATES ARY 


| SUBJECT: Aggressive Counterintelligence Program (ACIP) Operations 


| 1. Reference Under Secretary of the Army memorandum, dated 8 February 
1972, subject as above (Inclesure 2). 
| 
| 
| 


2. Recommend your approval and signature on the memorandun at Inclosure 1 
which transmits the report required by cited reference. 


3. Coordination: Hone required. 
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2 Incl WILLIAM E. POTTS 
l. Memo for USofs . , Major General, G3 


wfattachment > ACotf3 for Intellirence 
2. Heno for ¥CSA, E Feb 72 
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DEPARTMENT OF THE ARMY 


OFFICE OF THE CHIEF OF STAFF 


WASHINGTON, D.C. 202240 f] f 9 ~~ 


MEMORANDUM FOR: UNDER SECRETARY OF THE ARMY 


SUBJECT: Aggressive Counterintelligence Program Operations 


1. Reference memorandum, Under Secretary of the Army, dated 8 February 
1972, subject as above. 


2. Of the 11 Aggressive Counterintelligence Program (ACIP) Operations 
reported to you by memorandum from this office dated 4 May 1973, subject 
as above, nine remain in effect. Operation CANCER PORCH at the Defense 

. Language Institute, Southwest Branch was terminated with the closing of 
the activity on 31 May 1973. Operation CANDID FROLIC at Fort Ord, Cali- 
fornia, was terminated on 12 June 1973 at the request of the installation 
commander. No new ACIP operations were initiated. The report of current 
operations for the quarter ending 30 June 1973 is attached. 


3. The primary values of ACIP operations are in their potential for early 
warning and detecting internal security weakness and security threats to 
the supported command. Inasmuch as these operations are a form of it -ensti- 
fied security watchfulness, negative reports in themselves are freqi^cciy 
of value to a commander in planning for security requirements of a given 
installation or activity. 


l Incl FRED C. WEYAND 


as QT General, United States Army 


Acting Vice Chief of Staff 
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rom classified 
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CURRENT ACIP OPERATIONS 


ACIP NUMBER CONFI- 
LOCATION NICKNAME DATE APPROVED DENTIAL SOURCES 
Edgewood Arsenal, CANAL LOOP 16 February 72 5 
Maryland 
Fort Ritchie, CANARY EFFORT 16 February 72 3 
Mary land 
Fort Monmouth, New CENTRAL TAXI 16 February 72 3 
Jersey 
; Aberdeen Proving CONDCLA STAR 16 February 72 2 
| Grounds, Maryland 
| Picatinny Arsenal, GONC SILK 16 February 72 3 
New Jersey 
Philadelphia, Penn- LANDLESS TIME 19 January 72 4 
sylvania (Electronics 
Command ) 
washington, D.C. LANYARD MOOD 22 December 71 3 
(Language School) 
Carlisle Barracis, LENIENT CLOUD 16 February 72 La 
Pennsylvania (Army War 
College) 
Presidio of Monterey, LENTIL MONREY 26 Cctober 71 9 
California 
TOTALS 9 9 24 


Off-post Information 


Operational LENTIL MONKEY obtained information off-post by coincidence and not as part of 
the operation. A source who was accompanying his student group on a field trip was anong 
those of the group shown pictures of three Czech females who were looking for pen-pals. The 
source reported the incident. 
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In ormation Cbtained: 


Ne infcrmation to indicate the existence of a hostile threat te the installations or a 
possible security hazard was developed during this reporting period. 


Continuance of Operations: 


Nine ACIP operations are being continued for the originally stated purposes. 
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"ARTMENT OF THE ARMY 
HEADQUARTERS 

U. S. ARMY INTELLIGENCE COMMAND 

FORT HOLABIRD. MARYLAND 21219 


JUL 12 1973 
ICDO-OP 


SUBJECT: Quarterly Reporting of Aggressive Counterintelligence Program 
(ACIP) Operations (U) 


HQDA (DAMI-DOI-S) 
WASH DO 20310 


1. (U) References: 
a. Letter, DAMI-DOI-S, 8 March 1972, subject as above. 
b. Letter, ICDISO-OC, 11 October 1972, subject as above. 
c. Letter, ICDO-OP, 11 April 1973, subject as above. 


2. (U) In compliance with reference a, above, the ACIP quarterly report 
for the period 1 April - 30 June 1973 is forwarded herewith. 


3. (U) Operational and administrative control measures outlined in 
reference b, above, remained in effect during the reporting period. 
There was one instance of acquisition of information on non-DoD affili- 
ated personnel, described in the inclosure covering LENTIL MONKEY (U). 


h. (2) Supported commanders continue to indicate satisfaction with 

the program. They view the lack of contradictory information as 
reassurance that their employees are observing security regulations, and 
that no apparent hostile intelligence activities have been mounted 
against the installation. A certain amount of suitability information 
was developed during the reporting period at some of the installations, 
but was either minor or had not yet been confirmed. In such cases, the 
information is not passed to the supported commander. 
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ICDO-OP 
SUBJECT: Quarterly Reporting of Aggressive Counterintelligence Program 
(ACIP) Operations (U) 


5. (U) Operations CANCER PORCH (U) and CANDID FROLIC (U) were termi- 
nated during the period covered by this report. 


Ww 
6. Pa Processing of the requests for ACIP support set forth in 
reference c, above, except for the Deseret Test Center, have not yet 
been completed. Additionally, an Operation Plan regarding ACIP support 
at Fort Lewis was forwarded on 7 July 1973. It is anticipated that 
future ACIP operations will result primarily from the recently estab- 
lished Sensitive Activity Vulnerability Estimate (SAVE) program. 


an fA 


FOR THE COMMANDER: 


ll Incl EDWARD H. BORT 
as LTC, MI 
Acting Deputy Chief of Staff, 
Operations 
REGRADED UNCI A5: 


ON SEP -5 1997 


PY COR USAINS 
AUTH Para 1-603 D 
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1. CANAL LOOP: (OACSI Approval - 16 Feb 72) 
a. location: Edgewood Arsenal, Edgewood, MD 


b. Confidential Source Utilization: Five sources were utilized 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: The sensitivity and criticality of activities 
covered warrant the continuation of the support provided. 
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2. CANARY EF Qi OACSI Approval - 16 Feb 72) 


a. Location: Fort Ritchie, MD 


b. Confidential Source Utilization: Three sources were utilized 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None. 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: Continuation of the operation is desired 
by the supported commander. Inasmuch as a new Project Control Officer 
is being assigned during the next quarter, recruitment of additional 
sources is being delayed until he assumes his duties. 
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3. CANCER PORCH: (OACSI Approval - 28 Dec 71) 


a. Location: Defense Language Institute Southwest Branch 
Fort Bliss, TX 


b. Confidential Source Utilization: One source was contacted 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None. 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: The operation was terminated with the 
closing of the activity on 31 May 1973. The source has been transferred 
to the Defense Language Institute West Coast, where contact will be re- 
established with him. 
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l4. CANDID FROLIC: I Approval - 21 Dec 71) 
a. Location: Fort Ord, CA 


b. Confidential Source Utilization: Two sources were contacted 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None. 


d. Useful information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: As the result of discussion during a 
quarterly briefing on 16 May 73, on 18 May 73 the CG requested that 
the operation be terminated. No significant information had been pro- 
duced to justify the risk of possible compromise or the further expendi- 
ture of manhours. Operational activity ceased &t once, and the opera- 
tion was officially terminated on 12 Jun 73, on which date security de- 
briefings of the sources involved were concluded. 
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5. CENTRAL TAXI: (OACSI Approval - 16 Feb 72) 


a. Location: Headquarters, US Army Electronics Command, Fort 
Monmouth, NJ 


b. Confidential Source Utilization: Three sources were utilized 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None. 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: The Commander desires that the operation 
continue. The impending assignment of a new Project Control Officer 
will allow the expansion of the operation by recruitment of additional 
sources. 
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6. GONDOLA STAR: (OACSI Approval - 17 Feb T2) 
a. Location: Aberdeen Proving Ground, MD 


b. Confidential Source Utilization: Two sources were utilized 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None. 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: In view of the sensitivity/criticality 
of this installation, the supported commander desires that the operation 
continue. 
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7. GONG SILK: (OACSI Approval - 16 Feb 72) 
a. Location: Picatinny Arsenal, Dover, NJ 


b. Confidential Source Utilization: Three sources were utilized 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None. 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: Despite the fact that modifications of 
the operation may be necessitated by forthcoming organizational changes, 
the Commander desires that the operation be continued. 
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8. LANDLESS TIME: (OACSI Approval - 19 Jan 72) 
a. Location: Philadelphia Facility, US Army Electronics Command 


b. Confidential Source Utilization: Four sources were utilized 
during the reporting period. This includes one source who was reluctant 
to be reactivated when the operation was revalidated, but finally 
agreed. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None. 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: By 30 Jun 7h, this activity will be com- 
pletely relocated to Fort Monmouth, and the operation will be terminated. 
One source transferred during the period, rather than make the move. 
Another is scheduled to move in Nov 73, and plans to do so. He will be 
transferred to the Monmouth operation at that time. Coverage will be 
difficult during the phaseout, but the commander has requested that the 
operation continue as long as possible. 
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9. LANYARD MOOD: (OACSI Approval - 22 Dec 71) 


a. location: Defense Language Institute East Coast Branch 
Anacostia Naval Annex, Washington, DC 


b. Confidential Source Utilization: This operation uses 
conventional sources from the student body, primarily Army MI personnel. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None. 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: The combination of alien instructors and 
students who are generally scheduled for sensitive assignments overseas 
makes this operation a necessity. With classrooms teaching 50 languages 
at various locations in the IC area, coverage is dependent on the 
availability of sources. 
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10. LENIENT CLOUD: (OACSI Approval - 16 Feb 72) 
&. Location: US Army War College, Carlisle Barracks, PA 


b. Confidential Source Utilization: Four sources were utilized 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None. 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: The Commander continues to be appreciative 
of information provided and desires that the operation continue. 
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11. LENTIL MONKEY: (OACSI Approval - 26 Oct 71) 


&. Location: Defense Language Institute West Coast Branch 
Presidio of Monterey, CA 


b. Confidential Source Utilization: Three sources were utilized 
during the reporting period, but all were eventually terminated due to 
graduation. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: On 18 May 73, students of a Czech class visited a Czech 
restaurant in San Francisco on a field trip. While they were there, 
the owner showed the students pictures of three girls residing in 
Czechoslovakia who were looking for American pen-pals. Each of three 
students received the name and address of one of the girls. One of the 
students who received this data was & Confidential Source, and reported 
the incident. The other two students are now en route to Army Security 
Ageney.school at Fort Devens, MA, and will eventually be assigned in 
USAREUR. 


d. Useful Information Obtained: The above information assumes sig- 
nificance only if this proves to be an operational technique of Czech 
Intelligence. Consideration is being given to utilizing the source, now 
on TDY at Fort Huachuca, AZ, to probe this situation by establishing 
correspondence with the Czech girl. Under the circumstances, reporting 
this information is not considered a violation of the 1 June 71 letter. 


e. Operational Status: Just as in LANYARD MOOD, the combination 
of alien-born instructors and students destined for sensitive assignments 
overseas is considered to offer a challenge to hostile intelligence. 
Additional MI students have reported to the institute, and no problems 
are anticipated in recruiting new sources. 
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PE 


NTROL NUMBER 


OFFICE SYMBOL SUSPENSE 
DAMI-DOI-S 
DATE 


23 April 1973 


ACTION REQUIRED 
To forward memorandum requesting VCSA sign memorandum to USA. 


MEMORANDUM FOR RECORD. (Describe briefly the requirement, background and action taken or recommended. Must be sufficiently detailed to identify 


ACTION SHEET 


Quarterly ACIP Report 


the action without recourse to other sources. ) 


1. BACKGROUND: 


a. By Memorandum dated 8 February 1972, the Under Secretary of the Army requested 
the Vice Chief of Staff, US Army provide quarterly reports on all ACIP's (BLUE TAB B). 


b. The fourth quarterly report for 1972 was submitted to the Under Secretary of the 
Army on 12 February 1973 (BLUE TAB C). 


c. Written input from USAINTC for the current quarterly report is attached at BLUE 
TAB D. 


2. DISCUSSION: 


a. Word received from the SGS on 1 February 73 revealed the new VCSA desires to per- 
sonally sign all memoranda to the Under Secretary of the Army. How long this new policy 
is to be effective is currently unknown. Based on DA memoranda 340-15 and 340-17, the 
ACSI has signed previous memoranda concerning this subject for the VCSA. 


b. The memorandum at BLUE TAB A forwards a memorandum to the VCSA requesting he sign 
and forward to the Under Secretary of the Army, the first quarterly ACIP report for 1973 
Per agreement SGS and DAMI, this same procedure was used to forward the previous quarter 
ly report. 


3. RECOMMENDATION: That the Memorandum to the VCSA at BLUE TAB A be approved and signed 


(Continue on plain bond) 
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W. WEBB, MAJ/77017 
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OFFICE OF THE ASSISTANT CHIEF OF STAFF FOR INTELLIGENCE 
WASHINGTON, D.C. 20310 


REPLY TO or, DAMI-DOI-S & 6 APR 1973 


MEMORANDUM FOR: VICE CHIEF OF STAFF, UNITED STATES ARMY 


SUBJECT: Aggressive Counterintelligence Program (ACIP) Operations 


1. Reference Under Secretary of the Army memorandum, dated 8 February 
1972, subject as above (TAB B). 


2. Recommend your approval and signature on the memorandum at TAB A which 
transmits the report required by cited reference. 


Z 

2 Incl WILLIAM E. POTTS m a 
TAB A - Memo for USofA Major General, GS x 
ACofS for Intelligence O 

TAB B - USofA memo, ^ 
8 Feb 72 (Smgiipdnum THOMAS W., BOWEN $ 

Brigadier General, GS = 

Director of Intelligence 

Support — a 


4 MAY 9973 


APPROVES - OGSA 


gp ptl 


PETER B. PETERSEN 


Regraded UNCLASSIFIED when LTC, GS 
separated írom Classified Assistant Secretary of 
inclosures the General Staff 
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OFFICE OF THE CHIEF OF STAFF 
WASHINGTON, D.C. 20310 


MEMORANDUM FOR: UNDER SECRETARY OF THE ARMY 


SUBJECT: Aggressive Counterintelligence Program Operations 


l. Reference your memorandum of 8 February 1972, subject as above. 


2. The 11 Aggressive Counterintelligence Program (ACIP) operations 
reported to you by my memorandum, dated 12 February 1973, subject 

as above, remain in effect. No additional ACIP operations have been ap- 
proved. A quarterly report of current operations is attached. 


1 Incl ALEXANDER M. HAIG, JR. 


as CGONFEBENTTAT)-— General, United States Army 
Vice Chief of Staff 


Regraded UNCLASSIFIED when 
separated from classified 
inclosures 
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: CURRENT ACIP OPERATIONS 
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ACIP NUMBER OF 

LOCATION NICKNAME DATE APPROVED SOURCES 

Edgewood Arsenal, CANAL LOOP 16 February 72 5 
Maryland 

Fort Rítchie, CANARY EFFORT 16 February 72 3 
Maryland 

Fort Bliss, Texas CANCER PORCH 28 December 71 1 

(Language School) 

Fort Ord, California CANDID FROLIC 21 December 71 2 

Fort Monmouth, New CENTRAL TAXI 16 February 72 3 
Jersey 

Aberdeen Proving GONDOLA STAR 16 February 72 2 
Grounds, Maryland 

Picatinny Arsenal, GONG SILK 16 February 72 3 
New Jersey 

Philadelphia, Penn- LANDLESS TIME 19 January 72 4 
sylvania (Electronics 
Command) 

Washington, D.C. LANYARD MOOD 22 December 71 0 

(Language School) 

Carlisle Barracks, LENIENT CLOUD 16 February 72 4 

Pennsylvania (Army War 

College) 

Presidio of Monterey, LENTIL MONKEY 26 October 71 3 
California 

TOTALS 11 11 30 


Off-post Information 


There were no instances in which information on non-affiliated civilians was collected 
off-post. Classified by. DAMI-DO 


AUTOMATICALLY DOWNGRADED AT TWO YEAR 
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Information Obtained: 


a. During the first quarter of 1973, none of the ACIP operations produced in- 
formation which would indicate the existence of an active hostile threat to the 
supported installation nor were any reports received concerning potential security 
hazards to the supported installations. As emphasized in each quarterly report 
submitted to date, ACIP operations are a form of intensified security watchful- 
ness. As such, the lack of reportable information from these cperations s also 
of value to a commander in planning for his security requirements. The placement 
and access of current sources, and those under consideration, are such that the 
chances of detecting a developing security threat situation in a sensitive in- 
stallation or unit are greater with these sources already operating. 


b. Significantly, supported commanders have voiced satisfaction with ACIP 
operational results to date and have reiterated their desire that these opera- 
tions continue. 


Continuance of Operations: 


The eleven ACIP operations are being continued for the originally stated pur- 
poses. 
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HEADQUARTERS 
U. S. ARMY INTELLIGENCE COMMAND 
FORT HOLABIRD. MARYLAND 21219 


1 1 APR 1973 


SUBJECT: Quarterly Reporting of Aggressive Counterintelligence Program 
(ACIP) Operations (U) 


HQDA (DAMI-DOI-$) 
WASH DC 20310 


1. (U) References: 
a. Letter, DAMI-DOI-S, 8 Mar 72, subject as above. 
b. Letter, ICDISO-OC, 11 Oct 72, subject as above. 
c. Letter, ICDISO-OC, 15 Jan 73, subject as above. 


d. Letter, DAMI-DOI-P, 26 Feb 73, subject: Counterintelligence 
Support for Security of Nuclear Weapons, with lst indorsement, ICDO, 
12 Mar 73. 


2. (U) In compliance with reference a, above, the ACIP quarterly 
report for the period 1 January - 31 March 1973 is forwarded herewith. 


3. (U) Operational and administrative control measures outlined in 
reference b, above, remained in effect during the reporting period. 
There were no instances of acquisition of information on non-DoD 
affiliated personnel. 


y Juke- Utilization of the ACIP to enhance the security of chemical 
and nuclear weapons, &s set forth in reference c, above, has been inte- 
grated into the overall counterintelligence support to the US Army 
Materiel Command (AMC) and HQ, US Army Air Defense Command. Action 
taken on this program will be reported as outlined in reference d, 
above. in the future, this quarterly report will pertain only to 
operations in progress and those in the planning stage. 


Classified by ZISE NW CULTU uen 
SUBJECT TO GENERAL pz FCL XSEMICATION 
SCHEDULE OF EX. ECU: E 
AU a CARY Donci lu "E WO SOMES 
INTERVALS. DECLASSIFIED ON 41 DiC. . 
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ICDO-OP 11 APR 1973 
SUBJECT: Quarterly Reporting of Aggressive Counterintelligence 
Program (ACIP) Operations (U) 


5. (UX In the area of chemical and nuclear weapons, the Commander of 
Seneca Army Depot has formally requested an ACIP operation. The 
Commander, Savanna Army Depot, has requested an ACIP briefing. 
Additional assessment of the Sierra Army Depot will be necessary to 
determine the applicability of the ACIP. Requests for the program 
have been received from Harry Diamond Laboratories, US Army Mobility 
Equipment and Development Center, and Deseret Test Center, all subordi- 
nate to AMC. The Commander, US Army Management Systems Support Agency, 
an automatic data processing facility in the Pentagon supporsing the 
Office of the Vice Chief of Staff, has also submitted a formal request 
for the program. The assessments necessary to justify the program in 
each case have been accomplished or are underway, and individual 
Operations Plans are expected in the near future. 


6 Luke In an effort to replace the expertise and continuity which 
have been lost through the reduction of civilian Excepted Service 
Position spaces in the MI Groups, an effort is underway to obtain 
Great Skills personnel for inclusion in the program. 


FOR THE COMMANDER: 


ll Inci 
as Colonel, GS 
Deputy Chief of Staff, Operations 
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1. CANAL LOOP: (OACSI Approval - 16 Feb 72) 
a. Location: Edgewood Arsenal, Edgewood, MD 


b. Confidential Source Utilization: Five sources were utilized 
during the reporting period. l 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or & possible 
Security hazard was developed during the reporting period. 


e. Operational Status: The operation should be continued because 
of the criticality and sensitivity of the installation, as well as the 
reiterated desires of the Commander that this support be continued. 


Classified by ... LLC 30° 5. Waar (nin 
SUBJECT TO GENERAL DECLASSIFICATION 
SCHED.LE Cr EXECUTIVE ORDER 11222 
AUTORATICALLY DOWISEE 


INTERVALS. DECLASSIFIED CN $1 bac ALG. oy ie 
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2. CANARY EFFORT: (OACSI Approval - 16 Feb 72) 
a. Location: Fort Ritchie, MD 


b. Confidential Source Utilization: Three sources were utilized 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible 
security hazard was developed during the reporting period. 


e. Operational Status: The Commander desires continuation of the 
operation in view of the sensitivity/criticality of the facility and 
the extensive volume of classified material and equipment maintained. 
The Liaison Officer has identified and assessed two additional sourzes 
for recruitment during the next reporting period. 


ON 
BY COR US 


AUTH Para i 


Classified by ....... DCOSQOÉS UE AW C 


DOCCT. CCPPPPPPPPPOETY: 


SUBJECT TO GENERAL P"CLASSIFICATION 
SCHEDULE CF ELECU;: OREL.A 1122 


weak LIC 


AUTOMATICALLY D. . cy ND AT TWO 
INTERVALS. DECLAZZLui1LO CZ Cl DZ M bi 


Page 1624 of 3957 


Page 1625 of 3957 


3. CANCER PORCH: CSI Approval - 28 Dee 71) 
a. Location: Defense Language Institute Southwest Branch 
Fort Bliss, TX 


b. Confidential Source Utilization: One such source was utilized 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: Closing date of the facility remains 30 
June 1973, but operations will cease on 31 May 1973. 


SA RED 
* 7-695 M gy j| 
U3 DO 55 Bey! 

UE 


Classified by ...... DCSOPS UL C.so —— 
SUBIECT TO GZ' EREL D77 “SSIFICATION 
SCHEDULE " ; EEUU... oIan 101122 
AUTOMA... LY BOY. 7.5 2D AT TWO YEAR 


INTERVALS. DECLASSuizD ON 31 DEC Liun 
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h. CANDID FROLIC: (OACSI Approval - 21 Dec 71) 
a. Location: Fort Ord, CA 


b. Confidential Source Utilization: Two sources were contacted 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: The Cdr, Ft Ord, has voiced his satisfac- 
tion with the operation as part of the overall counterintelligence 
support rendered his Command. Four additional sources are currently 
under assessment for inclusion in the operation. 


Classified by DOES CHA IMTEL 
SUBIECT TO GENERAL DECLASTIE'C" "ON 
LHEDULE Of EXECUTIVE ORDER 1i 

AUTOs AVICALLY DOWIGRADED AT 11.5 YAp 
INTERVALS. DECLASSIFIED ON 31 DEC ../979 
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5. CENTRAL TAXI: (OACSI Approval - 16 Feb 72) 


a. Location: Headquarters, US Army Electronics Command, Fort 
Monmouth, NJ 


b. Confidential Source Utilization: Three sources were contacted 
on & regular basis during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicat the 
existence of a hostile threat to the installation. or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: Continuation of the operation is dictated 
by its sensitivity and criticality; the desire of the Commanding 
General for this support is unchanged. 


REn 
ON less 


Classified by DC SUAS... ALUL Ca 
SUBJECT TO GENERAL DECLASSIFICATION 
SCHEDULE p Vans 
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OACSI Approval - 17 Feb 72) 
a. Location: Aberdeen Proving Ground, MD 


b. Confidential Source Utilization: Two sources were contacted 
regularly during the period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: The Commander desires that the operation be 
continued. The sensitivity of facilities at the installation justify 
this desire. 


Classified by... LCSOLS.... USA INTL... 
SUBJECT TO GENERAL DECLASSIFICATION 
SCHEDULE OF EXECUIIVE C REL ine 


Ved 


AUTOMATICALLY DOW. SE i TWO g; 


INTERVALS. DECLASSINED t CN. d DEC. 4d: 
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7. GONG SILK: (OACSI Approval - 16 Feb 72) 
a. Location: Picatinny Arsenal, Dover, NJ 


b. Confidential Source Utilization: Regular contact was maintained 
with three sources during the period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e, Operational Status: This operation may be affected by forth- 
coming organizational changes, which will involve the move o? a portion 
of the major command to another installation. 


Classified by ... DEDE 

SUBJECT TO GENERAL DECI & [SSIFICATION 
CHEDULE OF Esecuiem CRDSR 121252 

AUTOMATICALLY DOWI GRALID A> ee 

INTERVALS. DECLASSIFIED GN 31 DEC oan 275 
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8. LANDLESS TIME: (OACSI Approval - 19 Jan 72) 
a. Location: Philadelphia Facility, US Army Electronics Command 


b. Confidential Source Utilization: Three sources were contacted 
regularly. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: The criticality of portions of this 
facility is considered to warrant continuation of the operation. 


REGRADES UNCI Agent 
ON SEP .5 5; 

BY CDR USAINSCE 

AUTH Para 1-503 E 


Classified by DES. VA T ATC. 
SUBJECT TO GENERAL DECLASSIFICATION 
SCHEDULE Or EXECUTIVE CARER 11852 
AUTOMALICALLY DOWLGARADZD AT TWO 
INTERVALS. DECLASSiFIED ON 31 DEC /à 
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9. LANYARD MOOD: (OACSI Approval - 22 Dec 71) 


a. Location: Defense Language Institute East Coast Brarch 
Anacostia Naval Annex, Washington, DC 


b. Confidential Source Utilization: This operation utilizes 
conventional sources drawn from the student population. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possitle security 
hazard was developed during the reporting period. 


e. Operational Status: With students who will be assigred to 
sensitive positions, this facility is an ideal location for spotting 
and assessing by hostile intelligence. 


EGRADED UNCL ASGTiEI 
ON SEP ne ee 
BY CDR Ty 5. 1392... 


AUTH Para 1-603 DOD 5200.18 


Classified by . CSDL... LS LAT C 


SUBJECT TO GENERAL DECLASSIFICATION 
SCHEDULE OF EXECUTIVE OnZzH 1122 
AUTOMALICALLY DOWLGRZLCD At TWO Y 
INTERVALS. DECLASSIFIED ON sl DEC ...J DLE 
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10. LENIENT CLOUD (OACSI Approval - 16 Feb 72) 
a. Location: US Army War College, Carlisle Barracks, PA 


b. Confidential Source Utilization: Four sources were contacted 
on a regular basis during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: The CG continues to reiterate his desire 
for support provided by the operation. 


oe by woe LoS OPS D SAIN TC 
JECT TO GENERAL DECLASSIFICATION — 
SCHEDULE OF EXECUTIVE ORDER 11£52 


AUTOMATICALLY Do ugicmare 
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11, LENTIL MONKEY: (OACSI Approval - 26 Oct 71) 


a. Location: Defense Language Institute West Coast Brarch 
Presidio of Monterey, CA 


b. Confidential Source Utilization: One source was lost through 
graduation, reducing the number to three prior to the end of the 
reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of & hostile threat to the installation or & possible security 
hazard was developed during the reporting period. 


e. Operational Status: As with other branches of the Defense 
Language Institute, this facility continues to offer & lucrative 
target to hostile intelligence. The manning of the Soviet Embassy in 
San Francisco presents an additional external security threat. 


i Pee an 


EET 


997 


E 


Classified by 
SUBJECT TO GENERAL DECLASSIFICATION 
SCHEDJLE CF EXECUTIVE ORDER 11022 
AUTOMATICALLY DOWNGRALED A; TwO Pi 
INTERVALS. DECLASSIFIED ON 31 DEC NEL 


Page 1633 Of 3957 


Page 1634 of 3957 


e 43 + 
“hao It 


Á= 
ÎNTROL NUMBER 


ACTiua SHEET 


OFFICE SYMBOL SUSPENSE 
DAMI -DOI-S 
DATE 


2 February 1973 


SUBJECT 


Quarterly ACIP Report 


ACTION REQUIRED 


To forward memorandum requesting VCSA sign memorandum to USA. 


MEMORANDUM FOR RECORD. (Describe briefly the requirement, background and action taken or recommended. Must be sufficiently detailed to identify 


the action without recourse to other sources. ) 


1. BACKGROUND: 


a. By Memorandum dated 8 February 1972, the Under Secretary of the Army requested 
the Vice Chief of Staff, US Army provide quarterly reports on all ACIP's (BLUE TAB B). 


b. The third quarterly report for 1972 was submitted to the Under Secretary of the 
Army on 20 October 1972 (BLUE TAB C). 


c. Written input from USAINTC for the current quarterly report is attached at BLUE 
TAB D.. ' 


2. DISCUSSION: 


a. Word received from the SGS on 1 February 73 revealed the new VCSA desires to 
personally sign all memoranda to the Under Secretary of the AES How long this new 
policy is to be effective is currently unknown. 


b. Based on DA memoranda 340-15 and 340-17, the ACSI had signed a previous memoran- 
dum on this action for the VCSA (BLUE TAB E). This action was returned by SGS on 1 Feb 
73 for compliance with new policy. 


c. The memorandum at BLUE TAB A forwards a memorandum to the VCSA requesting he sign 
and forward to the USA the fourth quarterly ACIP report for 1972. 
aster a els a: alike teh Dubia E: 


3. RECOMMENDATION: That the memorandum to the VCSA at BLUE TAB A be approved and signed 


(Continue on plain bond) 


IMPLICATIONS CINFO ves [J] No[] PRIM PROGS ves [ J NoÍ] BUDGET ves (] no [ 


COORDINATIONS APPROVALS 


OFFICE NAME PHONE INITIALS DATE 


nen 


1 8 FEB 1973 


AT ACTIONS B 


RECORDS COPY 


REGRAOED. UNCLASSIFIED 


WHEN SEPARATED FROM CLASSIFIED 


SHOW ADDITIONAL COORDINATION ON REVERSE SIDE OR CONTINUATION SHEET 


ACTION OFFICER  ( Name, grade, phone and signature) ] b 
> 


W. WEBB, MAJ/77017 Wai 
J 


p 
Tet E 


ACSI FORM 28, 13 Sep 71 
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OFFICE OF THE ASSISTANT CHIEF OF STAFF FOR INTELLIGENCE 
WASHINGTON, D.C. 20310 


DAMI-DOI-S 8 February 1973 


MEMORANDUM FOR: VICE CHIEF OF STAFF, UNITED STATES ARMY 


SUBJECT: Aggressive Counterintelligence Program (ACIP) Operations 


l. Reference Under Secretary of the Army memorandum, dated 8 February 
1972, subject as above (TAB B). 


n the memorandum at TAB A 
reference. 


2. Recommend your approval and signatur 
which transmits the report required by cit 


2 Incl OLIVER B, PATTON 
TAB A = Memo for USofA Brigadier General, GS 
SSARREDEPRETAT: ) Acting ACofS for Intelligence 


TAB B ~ USofA memo, 
8 Feb 72 éemenmPyr 


Panes ————ÓMMMÀ 
APPPAVED = VESA 


PETER B. PETERSEN 

LTC, GS 

Assistant Secretary of 
the General Staff 


eh te E Wien 
< Heal Cuosified 
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OFFICE OF THE CHIEF OF STAFF 
WASHINGTON, D.C. 20310 


12 February i973 


MEMORANDUM FOR: UNDER SECRETARY OF THE ARMY 


SUBJECT: Aggressive Counterintelligence Program Operations 


1. Reference your memorandum of 8 February 1972, subject as above. 


2. The 11 Aggressive Counterintelligeénce Program (ACIP) operations 
reported to you by OACSI memorandum, dated 20 October 1972, subject 
as above, remain in effect. No additional ACIP operations have been 
approved. A quarterly report of current operations is attached. 


EXANDER M. 


General, United 
Vice Chief of 


Regraded UNCLASSIFIED 
when Separated from 
classified inclosurs3 


LOCATION 


Edgewood Arsenal, 
Maryland 


Fort Ritchie, 
Maryland 


Fort Bliss, Texas 
(Language School) 


Fort Ord, California 


Fort Monmouth, New 
Jersey 


Aberdeen Proving 
Grounds, Maryland 


Picatinny Arsenal, 
New Jersey 


Philadelphia, Penn- 
sylvania (Electronics 


Command) 


Washington, D.C. 
(Language School) 


Carlisle Barracks, 
Pennsylvania (Army War 
College) 


Presidio of Monterey, 
California 


TOTALS 11 


Off-post Information 
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CURRENT ACIP CPERATIONS 


ACIP 
NICKNAME 
CANAL LOOP 
CANARY EFFORT 


CANCER PORCH 


CANDID FROLIC 


CENTRAL TAXI 
GONDOLA STAR 
GONG SILK 


LANDLESS TIME 


LANYARD MOOD 


LENIENT CLOUD 


LENTIL MONKEY 


11 


NUMBER CONȚI- 
DATE APPROVED  — 


16 February 72 5 
16 February 72 3 
28 December 71 i 
21 December 71 2 
16 Febrvary 72 3 


16 February 72 2 
16 February 72 3 
19 January 72 3 
22 December 71 0 
16 February 72 4 
26 October 71 4 

30 


There were no instances in whieh information on non-affiliated civilians was collected 


off-post. 
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Information Obtained: 


E 
ta 


a. During the fourth quarter 1972, useful information was obtained from seven 
of the eleven Aggressive Counterintelligence Programs. The operations at Ft. 
Ritchie, Maryland, the Electronics Command, the Army War College, Ft. Monmouth, 
New Jersey and Picatinny Arsenal, each identified one or more potential personnel 
or physical security problems which were reported to the respective serviced com- 
manders. The program at Ft. Ord, California, continued to identify military 
personne! affiliated with the Vietnam Veterans Against the War (VVAW) and also 
military personnel associated with the proposed making of an anti-war film on the 
Ft. Ord reservation. This information was passed to representatives of the sup- 
ported commander, A characterization of the VVAW is attached. The operation at 
the Presidio of CAlilornia developed information on what appears to be a program 

A 
of frddulent immigration from a Communist Country. Additionally, classroom state- 
ments by an Army student identified his father as a Soviet-born key employee oť 
another US intelligence agency. In each case, the supported commander was informed 
and a summary of information report was forwarded to the appropriate federal 
agency. 


b. The other four operations reported no information, during the fourth quar- 
ter, which would indicate the existence of a hostile intelligence threat or possi- 
ble security hazard.  Inasmuch as these operations are a form of intensified 
security watchfulness, negative reports in themselves are frequently of value to 
a commander in planning for the security requirements of a given installation or 
activity. The placement and access of current sources, and those under considera- 
tion, are such that the chances of detecting a developing security threat sítuaticn 
in a sensitive installation or unit are greater with these sources operating. 


Continuance of Operations: 


The eleven ACIP operations are being continued for the original stated purposes. 


Regraded UNCLASSIFIED when 
separated from classified 
inclosures 
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VIETNAM VETERANS AGAINST THE WAR 


FE D 

1. General: The Vietnam Veterans Against the War, Incorporated (VVAW) was 
foGnded in the spring of 1967 in New York City. The objectives of the VVAW 
include: the demand for an immediate cessation of fighting and withdrawal cf 
American troops from Vietnam; and to support all military personnel refusing 

to serve in wars of aggression at home or abroad. The VVAW reportedly has 
chapters in all 50 states and Vietnam. The national office is located at 25 
West 26 Street, New York, New York. VVAW policy is established by its National 
Steering Committee composed of 26 regional coordinators. The local chapters 
often act independently of the national office. (There have been indications 
that some local chapters of the VVAW have been taken over by youth groups of 
Marxist-Leninist organizations.) This is in keeping with the recent resignation 
of four of the five members of the Executive Committee of the National Steering 
Committee. During a November 1971 meeting of the Steering Committee, statements 
were made that conservative VVAW members would be replaced by more militant mem- 
bers who would take action rather than talk. Many of the VVAW officials and 
members are presently or have in the past been affiliated with organizations 
identified as being threats to Army morale and discipline, such as CPUSA, 
Socialist Workers Party, Progressive Labor Party, and People's Coalition for 
Peace and Justice. Total VVAW membership is reportedly approaching 10,000. 
C appears to come from private donations. 
s 

) Relationship to the Army: The VVAW, reportedly, has counseled US Army 

deserters to go to Sweden rather than return to the US from Canada; and has 
provided deserters with funds and false draft registration cards. The oro za- 
tion has attempted to recruit active duty soldiers to the ranks of the VVAW and 
has urged inductees to "resist the Army and join the VVAW." | VVAW local chapters 
have allied themselves with antimilitary dissident soldier organizations in an 
attempt to undermine morale and discipline of service personnel. 


3. (U) Foregoing information falls under provisions of para 4a(1) and 4a(2), 
DA letter, AGDA-A(M)(1 Jun 71) CS, subject: Acquisition of Information Con- 
cerning Persons and Organizations Not Affiliated with the Department of Defense, 


es 2 tii d ree wes . 
Classified hy.....DAMI-DOA (Continued) |, |. 


SUBJECT TO GENERAL DECLASSIFICATION 
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] pt ja um 
WROL NUMBER 
ACTIC.. SHEET 
OFFICE SYMBOL SUSPENSE 
DAMI-DOI-S 


DATE 


Quarterly ACIP Report 
18 January 1973 


ACTION REQUIRED 
To provide Under Secretary of the Army with the fourth quarterly report for 1972. 


MEMORANDUM FOR RECORD.  ( Describe briefly the requirement, background and action taken or recommended. Must be sufficiently detailed to identify 


the action without recourse to other sources. ) 


1. BACKGROUND: 


a. By memorandum dated 8 February 1972, the Under Secretary of the Army requested 
the Vice Chief of Staff, US Army, to provide quarterly reports on all ACIP's 


(BLUE TAB B). 


b. The third quarterly report was submitted to the Under Secretary of the Army on 


20 October 1972 (BLUE TAB C). 


c. Written input from USAINTC for the current quarterly report is attached at 
BLUE TAB D. 


2. DISCUSSION: Memorandum at BLUE TAB A to Under Secretary of the Army through the Vice 
Chief of Staff, US Army, provides required fourth quarterly report for 1972. 


- 


3. RECOMMENDATION: That the Memorandum at BLUE TAB A be approved and signed. 


(Continue on plain bond) 


IMPLICATIONS CINFO ves [ ] No[] PRIM PROGS ves [ ] no [7] | BuoGeT ves (] no [7 


COORDINATIONS APPROVALS 


LE TAx 22 
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SHOW ADDITIONAL COORDINATION ON REVERSE SIDE OR CONTINUATION SHEET 


ACTION OFFICER dida grade, phone and signature) ; 2 SPECI AL ACTIO Y 
W. WEBB, MAJ/77017 NONE —— REPORDS COPY 
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i DEPARTMENT OF THE ARMY 
OFFICE OF THE ASSISTANT CHIEF OF STAFF FOR INTELLIGENCE 
WASHINGTON, D.C. 20310 


REPLY TO 


ATTENTION OF: DAMÍ-DOI-S 26 3x TTC 


MEMORANDUM THRU: VICE CHIEF OF STAFF, UNITED STATES ARMY 
FOR: UNDER SECRETARY OF THE ARMY 


SUBJECT: Aggressive Counterintelligence Program (ACIP) Operations 


l. Reference your memorandum of 8 February 1972, subject as above. 


2. The 11 ACIP operations reported to you by OACSI memorandum, dated 
20 October 1972, subject as above, remain in effect. No additional 
ACIP operations have been approved. A quarterly report of current 
operations is attached (TAB A). 


€ LX 
CLL - ‘ © "P P dd 
qu É. POTTS 
Major General, GS 


ACofS for Intelligence 
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PARTMENT OF THE ARMY 
HEADQUARTERS 
U. S. ARMY INTELLIGENCE COMMAND 
FORT HOLABIRD, MARYLAND 21219 


15 JAN 1973 


ICDISO-OC 


SUBJECT: Quarterly Reporting of Aggressive Counterintelligerce Program (ACIP) 
Operations (U) 


HQDA (DAMI-DOI-S) 
WASH DC 20310 


1. (U) References: 
a. Letter, DAMI-DOI-S, 8 Mar 72, subject as above. 
b. Letter, ICDISO-OC, 18 Apr 72, subject as above. 
c. Letter, ICDISO-OC, 11 Oct 72, subject as above. 


2. (U) In compliance with reference a, above, the ACIP quarterly report 
for the period 1 October - 31 December 1972 is forwarded herewith. 


3. (U) Operational and administrative control measures outlined in refren e 
c, above, remained in effect during the reporting period. There were no 
instances cf acquisition of information on non-DoD affiliated personnel. 


L, KÍ Based on the immediate concern for the security of chemical and 
nuclear weapons, this Command is preparing plans in conjunction with US Army 
Materiel Command and HQ, US Army Air Defense Command to provide counter- 
intelligence support to these units and their sub-elements. In view of 
recent terrorist group actions, it is apparent that such groups will go to 
&ny extreme to &chieve their ends. As some terrorist representatives have 
pointed out, they feel that such actions must have increasing world shock 
value in order to further their cause. The capture or explosive destruction 
of a nuclear weapon either in storage or in transit would be just such an 
&ct. Indications of intention may be developed through the ACIP. Planning 
for this kind of support in conjunction with other means available to USAINTC 
is being effected. It is expected that by the end of the next reporting 
quarter, more definitive information concerning initiation of ACIP in support 
of these two Commands will be established. 
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ICDISO-OC 
SUBJECT: Quarterly Reporting of Aggressive Counterintelligence Program (ACIP) 


Operations (U) 


5. (C) With a view towards the probable requirement of expaading ACIP 
operational capability by USAINTC field elements, this Command has initiated 
a training program designed to improve the professionalism of personnel in 
the operational techniques &nd reporting in such operations. This training 
program should qualify additional personnel to participate in current and 


potential future operations. 
W. CHAMBERS d 


MI 
3 
Acting Assistant Adjutant General 


FOR THE COMMANDER: 


ll Incl 
as 


z 
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1. CANAL LOOP: (OACSI Approval - 16 Feb 72) 
a. Location: Edgewood Arsenal, Edgewood, MD 


b. Confidential Source Utilization: Five sources were utilized 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: During the reporting period, experienced 
personnel were assigned in both liaison and source handling capacity, 
and the operational capabilities can be expected to improve. The 
Commanding Officer of Edgewood Arsenal has again expressed his desire 
for continuation of ACIP operations within his installation. 
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2. CANARY EFFORT: (OACSI Approval - 16 Feb 72) 
a. Location: Fort Ritchie, MD 


b. Confidential Source Utilization: Three sources were utilized 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: Information reflecting on the 
character and suitability of certain employees in the target areas 
was obtained. 


e. Operational Status: During the period, both Case Officer and 
liaison Officer were assigned to DIS. The transfer of the former 
diminished source contact appreciably. With the assignment of a 
case officer, information obtained during the period will be developed 
to its fullest extent. An experienced liaison officer is being 
assigned to this ACIP and will begin spotting and assessing potential 
sources to meet the desire of the Commanding Officer to achieve the 
greatest operational potential. 
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3. CANCER PORCH: I Approval - 28 Dee 71) 


&. Location: Defense Language Institute Southwest Branch, 
Fort Bliss, TX 


b. Confidential Source Utilization: One such source was recruited 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or & possible security 
hazard was developed during the reporting period. 


e. Overational Status: As indicated in previous reports, this 
facility is expected to cease operations on 30 June 1973. The prime 
reason for developing this single confidential source is his expected 
transfer at that time to another branch of the Institute. 
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h. CANDID FROLIC: (OACSI Approval - 21 Dec 71) 
a. Location: Fort Ord, CA 


b. Confidential Source Utilization: Regularly scheduled contacts 
were conducted with two such sources during the period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: Identification of military 
personnel affiliated with the Vietnam Veterans Against the War; 
identification of military personnel associated with the proposed 
filming of an anti-war film on the Fort Ord reservation. 


e. Operational Status: As the major US Army training facility 
on the West Coast, the installation continues to be the target for 
dissident elements. 
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5. CENTRAL TAXI: (OACSI Approval - 16 Feb 72) 


a. Location: Headquarters, US Army Electronics Command, Fort 
Monmouth, NJ 


b. Confidential Source Utilization: Three sources were contacted 
on a regular basis during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affilated 
Civilians: None 


d. Useful Information Obtained Information indicating a potential 
security problem area was developed and passed to the serviced command, 


e. Operational Status: Personnel turbulence during the period 
caused by transfers of operational personnel to DIS prevented the 
proper development of this ACIP. An experienced liaison officer was 
assigned during the period. This should result in the recruitment of 
additional sources needed to cover this complex target. The Commanding 
General has reiterated his desire to continue the operation. 
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6. GONDOLA STAR: (OACSI Approval - 17 Feb 72) 
a. Location: Aberdeen Proving Ground, MD 


b. Confidential Source Utilization: Two sources were contacted 
regularly during the period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible security 
hazard was developed during the reporting period. 


e. Operational Status: The newly assigned liaison officer has 
begun the spotting and assessment process, which should result in 
expansion of coverage to the degree desired. 
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7. GONG SILK: (OACSI Approval - 16 Feb 72) 
a. Location: Picatinny Arsenal, Dover, Nd 


b. Confidential Source Utilization: Regular contact was maintained 
with three sources during the period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: Two potential problem areas in 
the field of security were identified and reported to the serviced 
commander. 


e. Operational Status: The commanders of the two serviced 
facilities have expressed their desires that the ACIP be continued 
and expanded. Efforts to establish sources in each target area have 
been hampered to date by the lack of experienced MI personnel. 
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8. LANDLESS TIME: (OACSI Approval - 19 Jan 72) 


I 


a. Location: Philadelphia Facility, US Army Electronics Command 


b. Confidential Source Utilization: One source was terminated 
due to lack of access; regular contact was maintained with the remain- 
ing three. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: Identification of personnel with 
access to classified information who have character weaknesses or 
habits reflecting on suitability. This information has been brought 
to the attention of the supported commander. 


e. Operational Status: Individual personnel activities are being 
closely monitored to determine any adverse effects on the morale and 
discipline of the work force. The supported commander desires that 
this ACIP be expanded to cover more areas in depth. 
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9. LANYARD MOOD: 


a. Location: 


Page 1652 of 3957 


(OACSI Approval - 22 Dec 71) 


Defense Language Institute East Coast Branch 
Anacostia Naval Annex, Washington, DC 


b. Confidential Source Utilization: Conventional, rather than 
confidential sources, have been utilized to date in this ACIP. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 


Civilians: None 


d. Useful Information Obtained: No information to indicate the 
existence of a hostile threat to the installation or a possible 
security hazard was developed during the reporting period. 


e. Operational Status: 


The installation continues to offer a 


lucrative target to hostile intelligence, with students, ranging in 
rank from private to general, who undergo instructions for periods 


up to & year. 


Page 1652 of 3957 


Classified by ..DISO Uca 2 INTE. 
SUL SI T Er CUNENHONT 


ae dene. zi 


EI 


trm htosh e dass. 


EA 


Page 1653 of 3957 


10. LENIENT CLOUD: (OACSI Approval - 16 Feb 72) 
a. Location: US Army War College, Carlisle Barracks, PA 


b. Confidential Source Utilization: Four sources were contacted 
on a regular basis during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 
d. Useful Information Obtained: Identification of four individuals 


possessing possible adverse suitability traits. 


e. Operational Status: Attempts to develop additional information 
on the four individuals mentioned above is continuing and upon comple- 
tion, this information will be furnished to the supported commander. 
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11. LENTIL MONKEY: (OACSI Approval - 26 Oct 71) 


a. Location: Defense Language Institute West Coast Branch, 
Presidio of Monterey, CA 


b. Confidential Source Utilization: Contact was maintained with 
four sources during the reporting period. This represents an increase 
of one source, 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: Information was developed on 
what allegedly is & program of fradulent immigration from & Communist 
country. Additionally, classroom statements by an Army student 
identified his father as a Soviet-born key employee of another intelli- 
gence agency. In each case, A Summary of Information was prepared 
for transmission to the appropriate agency. 


e. Operational Status: There is currently a source in each of 
four sensitive language departments. Sources have been alert for class- 
room discussion which would identify personnel who are in communication 
with relatives in countries considered hostile to the US. Additional 
Sources are to be developed in the larger departments, which will allow 
more adequate monitoring for possible indicators of hostile intelligence 
influence. 
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OFFICE OF THE ASSISTANT CHIEF OF STAFF FOR INTELLIGENCE 
WASHINGTON. D.C. 20310 
REGRADED UNCLE Sv Sy 
ON EF 
BY COR USANO rotpo 
AUTH Para 1-603 DOD 5200.18 


DAMI -ZA i : , 0 4 FEB 1975 


MEMORANDUM THRU: VICE CHIEF OF STAFF, UNITED STATES ARMY 
MEMORANDUM FOR: UNDER SECRETARY OF THE ARMY 
SUBJECT: Internal Counterintelligence Program (ICIP) (U) 


^ 


.(U) This is in response to your Memorandum on 17 January 1975 to 
the Vice Chief of Staff in regard to subject and serves as the Quarterly 
ICIP Report for the 2d Quarter, FY 2975. JEFE 

w . 

2. (2 On 2 October 1974, I directed a review of the entire ICIP pro- 

gram with a view towards the elimination of those no longer considered 

of. sufficient merit to warrant retention. The criteria used in evalu- 

ating each ICIP operation was: (a) The sensitivity of the installation/ 
activity is such that some type of special counterintelligence support 

is required or (b) There is a known threat of sufficient magnitude to 4 
the installation/activity to warrant a need for some type of special 
counterintelligence support and (c) The information desired cannot be 
obtained.except through the use of confidential sources. 


| 3. Based on this review and considering your 17 January guidance, 
; I directed the termination of 12 ICIP operations at the following head- 
| quarters: 


Hq, US Army Communications Command, Fort Huachuca, Arizona 
(CANAL ROPE). a“ 


b. Dugway Proving Ground, Utah (CANARY STONE), 


| Ce US Army Air Defense Center, Fort Bliss, Texas (CANTINA ARCH). 
d. Umatilla Army Depot Activity, Hermiston, Oregon (CANYON ROSTER). 


| e. US Army Mobility Equipment Research and Development Center, 
! f Fort Belvoir, Virginia (CENTAUR SALE), 
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— | 0 4 FEB 1975 
SUBJECT: Internal Counterintelligence Program (ICIP) (U) 


f, Hq, US Army Electronics Command, Fort Monmouth, New Jersey 
(CENTRAL TAXI). ` 


g. US Army Management Systems Support Agency, The Pentagon, 
Washington, DC (CENTURY SQUAD). 


h. US Army Electronics Proving Ground, Fort Huachuca, Arizona 
(GONDOLA FLAG). ` 


i. Aberdeen Proving Ground, Aberdeen, Maryland (GONDOLA STAR). 


j. Defense Language Institute East Coast, Washington Navy Yard, 
Washington, -DC (LANYARD MOOD), 


k. Picatinny Arsenal, Armament Command, Dover, New Jersey 
(LEND TONE). 


1. US Army War College, Carlisle Barracks, Pennsylvania (LENIENT 
CLOUD). 


4, (U) The remaining seven IGIPs are worthy of retention as they meet 


your criteria. Reviews of these seven operations are attached at Incl 1. 
Reviews of the 12 to be terminated are at Incl 2, P ae 


2 Incls HAROLD R. 


as Major Gene. / ; Hf ; 
, ACofS for I í 
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ICIP operations recommended for continuation (7) 
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CANVAS TAX 
CENSUS TIME 
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` LENTIL MONKEY 
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ACTION SH 


SS 
. CONTROL NUMBER 


OPPICE $TMDCL 


DAMI-DOT-C 


ASUSPENSE 
DATR 


Internal Counterintelligence Program (ICIP) (v) 
l 31 January 1975 


ACTION REQUIRED 
To respond to tasking from the USofA pertaining to ICIP. 


MEMORANDUM POR RECORD. — ( Describe briefly tha requirement, background and action taken or recommended. Musi be sufficiently detailed to identity 
the action without recoarsa io ether sources. ) 


1. BACKGROUND: 


a. At the direction of the USofA quarterly reporting of ICIP has been furnished 
to him through the VCSA since February 1972. In a memorandum to the VCSA (RED TAB B), 
the VSofA suggests that in more than half of the ongoing operatiqns, no useful infor- 
mation was developed. He directed a detailed review of the benefits derived through 
the program over the last two years. 


b. On 29 January 1975, the ACSI directed the termination of 12 of the 19 ongoing 
operations, They will be terminated on a time phase basis with all 12 being termi- 
nated by 31 March 1975. 


2. DISCUSSION: At RED TAB A is a memo through the VCSA to the USofA replying to 
the comments of USofA and providing the requested information pertaining to the 
program, : 


3. RECOMMENDATION: That the memo at RED TAB A be approved and signed. 


(Continue on plain bond) 
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DEPARTMENT OF THE ARMY 
HEADQUARTERS 
U. S. ARMY INTELLIGENCE AGENCY REGRADED UN. 
v 


FORT MEADE, MARYLAND 20755 P SEn p SSIFIED 
DR Us. 
AUT; | i Boy FO 7 
-1R 


MEMORANDUM FOR: MG AARON, ASSISTANT CHIEF OF STAFF FOR 
INTELLIGENCE, DA 


SUBJECT: Status of Internal Counterintelligence Program (ICIP) 
Operations 


1. (U) References: 
a. ACSI Memo, 7 Jan 75, subject: ICIP. 


b. Under Secretary of the Army Memorandum, 17 Jan 75, subject: 
ICIP. 


c. Letter, DAMI-DOI-S, 8 Mar 72, subject: Quarterly Reporting of 
ICIP Operations (U). 


2. (U) In compliance with your oral instructions of 2 October 1974; 
your Memorandum of 7 January 1975; and guidance contained in the Memo- 
randum of 17 January 1975 from the Under Secretary of the Army, we have 
complwted a comprehensive review of the current active 19 ICIP operations. 


3. Our review was basically governed by the following factors: 
(1) e sensitivity of the installation/activity is such that some type 
of special counterintelligence support is required or (2) there is a 
known threat of sufficient magnitude to the installation/activity to 
warrant some type of special counterintelligence support and (3) the 
information desired cannot be obtained except through the use of 


ConfI tial Sources. 
W 
4$ ) Using the above criteria and your decision of 29 January, 12 


of the 19 on-going operations are to be terminated. We believe that 
we can provide adequate support to the installations/activities con- 
cerned through a program of intensified liaison by the appropriate 
local USAINTA representative. The operations to be terminated are 
listed in an attached proposed Memorandum to the Under Secretary of 
the Army. These operations should be terminated on a time phased 
basis with all 12 to be terminated no later than 31 March 1975. 
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MIIA-ZA 
SUBJECT: Status of Internal Counterintelligence Program (ICIP) 


Operations 


Phasing will permit adequate liaison to be established by RO and FO in 
lieu of the operations and permit no degradation of necessary good ' 
will. 


5. (U) The remaining seven operations to be retained are reviewed 
individually in our draft reply for Mr. Staudt. 


hihih 


l Incl WILLIAM S. WOL 
Proposed draft Colonel, MI 
Memorandum Commanding 
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( CANARY EFFORT: ON og U8 si as 5 5200 
X ev 
a. Location: Fort Ritchie, MD yin ara 


b. Confidential Source Utilization: Three confidential sources 
are currently being utilized. UU 


a c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None, 


d, .Sensitive Character of the Mission that Necessitates an ICIP 
Gperation: The mission of the elements within Fort Ritchie, which in- 
clude the Telecommunications Directorate (TD), Alternate Joint Communi- 
cations Center (AJCC), Site R, and Divisions organic to TD is critical 
sensitive. The Telecommunications Directorate provides the cperation, 

“ maintenance, engineering, and installation of communication-electronic 
activities, facilities, systems, and networks comprising the AJCC serv- 
ing the Alternate National Military Command Center (ANMCC) and other 
agencies as directed. This activity also provides direction and super- 
"vision to the operations division, the maintenance division and the 

i communications services divisions which are included in the target list 

i for the project. Because of the nature of the tarsat areas and of the 
work force, a confidential source program is essential to previde adequate 
CI coverage to the project, 


— 1 


. e. Benefits end Informaticn Obcained Cver the Last Two Years; 
Although the operation was initiated in 1958, the program was terminated «*s 
in 1971 and was not revalidated until February 1972. Sources within the 
target area report information concerning both US Army personnel and 
Department of the Army cívilian personnel assigned to Fort Ritchie and 
AJCC. The following are examples of information obtained: 


(1) Suitability information concerning an Army NCO, specifically, 
indebtedness. The NCO was responsible for the issuance of passes, both z 
temporary and permanent, to the AJCC, The surfacing of the indebtedness 7 
resulted in the reassignment of the individual to a less sensitive billet 
and further investigation was requested. 


(2) A report personality change manifested by alcohol abuse con- 
_ cerning an Army NCO assigned to sensitive duties at the TD, AJCC, resulted 
in the monitoring of the NCO!s activities to determine if an investigation 
is warranted. | 


(3) Suitability information, specifically, alleged drug abuse and 
irrational behavior, was provided on a DAC employed within the Office of 
: the Comptroller. The report resulted in a request for a Suitability In- 
vestigation to be conducted by USAINTA. 


(4) Adverse suitablity information, specifically, financial problems 
and irrational behavior was developed pertaining to an Army NCO assigned 
sensitive duties within the Record Communication Branch, TD. This resulced 


in a request for a Suitablity xd rra from USAINTA. 
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CANARY EFFORT: 
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(5) Adverse suitability information, specifícally, promiscuity with 
officers and enlisted personnel at Fort Ritchie, pertaining to a female DAC 
employee of the ADP Service Division resulted in the monitoring of her 


activities by local authorities. 


(6) Adverse suitability information, specifically, an abnormal interest 
in firearms, explosives and.poisions, coupled with irrational behavior, was 
surfaced concerning an enlisted man assigned to the USACEEIA-CONUS, 
Automated Support Group. The result was the suspension of the individual's 


' access to classified defense information pending a psychiatric evaluation of 
the individual. 


(7) During the period 1 January 1974 through 31 December 1974 a 


. total of 94 Agent Reports were submitted concerning 44 individuals assigned 


to Fort Ritchie occupying either sensitive positions and/or having security 
clearances. The Agent Reports forwarded adverse suitability information. 


. It is estimated that approximately 50% of the useful information obtained 


through this operation would not have been available on a timely basis. 


without the use of confidential sources. 


—— oe 


f. Based on the above. and the fact that the trne of activities 
conducted at Fort Ritchie are known to be of interest to hostile intelli- 


time. 


_gence services, this operation has been selected for retention at this 
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ca Army Depot, Romulus, NY 
b. Confidential Source Utilization: None. 


: €. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


l d. -Sensitive Character of the Mission that Necessitates an ICIP 
Operation: The mission of the Seneca Army Depot (SAD) is the operation 
of a supply depot for the receipt, storage, issue, maintenance, and 
disposal of missile and artillery weapons systems with a nuclear capa- 
bility. Included in the items handled are ammunition, propellants, 

' explosive components of guided missiles, special weapons materials, 

supplies, industrial production equipment (to include special tools), 

petroleum and chemical supplies, fire control test and measuring equip- 
ment, and other special weapons with a nuclear capability. SAD is also 
responsible for systems modification for AEC/DOD test firings. The 

Directorate for Special Weapons, which ineludes the Production Planning 

and Control Division. Simoly Division. and Veinienence Mvisien Lncluies 

the most sensitive and critical areas of Seneca Army Depot, and is the 

Priority I target for the operation. Because of the sensitivity and 

` eriticality of the activities at this installation, a confidential source 
program is essential to provide adequate CI coverage to the cepot and its 
activities. oie 


e. Benefits and Information Obtained: This operation was adminis- 
tratively implemented in November 1973, but has not yet become opera- 
tionally effective. The successful development of a viable source 
program has been hampered by personnel turbulence within the Army's 
Intelligence Agency, the remoteness of the target area, and the compo- 

. Sition of the work force. The lack of significant information is . 
viewed as a direct result of the absence of a firmly established confi- 
dential source program and reinforces the need to employ ali possible 
means to deter and detect the efforts of hostile intelligence services 
to penetrate the activity or approach some of its key personnel, It is 
& known fact that hostile intelligence services have high priority 
collection objectives directed against activities such as those con- 
ducted at Seneca Army Depot. This is a matter of grave concern to the 
security of the Army, which is reinforced by the growing threat d 
nuclear theft and blackmail from terrorist groups. 


f. Based on the above, it is considered absolutely necessary to 
~ maintain a counterintelligence "early warning" device such as the ICIP 
as an adjunct to the normal internal security program; oer enn this 
operation has been selected for retention at this time. 
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(Qe CANVAS TAX: 


&. Location: Sierra Army Depot (SAD), Herlong, CA 


b. Confidential Source Utilization: None 


7 c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. E 


d. Sensitive Character of the Mission that Necessitates an ICIP 

Operation: The mission of the Sierra Army Depot (SAD) is the operation 
of a supply depot for the receipt, storage, issue, maintenance, and 
disposal of missile and artillery weapons with a nuclear capability. 

. Ineluded in the items handled are ammunition, propellants, explosive 

' components of guided missiles, special weapons materials, supplies, 
industrial production equipment, petroleum and chemical supplies, fire 
«control test and measuring equipment, and other special weapons with a 
nuclear capability. SAD is also responsible for maintaining a capability 
for systems modification in support of the joint AEC/DOD test: firing 
programs. Priority I targets are Exclusion Area One, Exclusion Area Two, 
and the Maintenances Arca Tor Cplciel Vespois. because of the nature Or 

" the activities, the isolated location of the target areas and the compo- 
sition of the work force, & confidential source program is essential to 
provide adequate CI coverage to the denot and its activities. 

4 

e, Benefits and Information Obtained: This operation was adminis- ii 

tratively implemented in April 1974, but has not yet become operationally 
effective. In the nine months of its existence, the successful develop- 
ment of a viable source program has been hampered by personnel turbulence 
within the Army's Intelligence Agency. Although the operation has sur- 
faced no significant information to date, this is considered directiy 
attributable to the lack of a firmly established confidential source pro- 
gram and does not rule out the need to employ all available means designed ^s 
to deter and detect the efforts of hostile intelligence services to pene- 
trate the activity or approach some of its key personnel. it is a known 

fact that hostile intelligence services have high priority collection 
Objectives pertaining to activities such as those conducted ai Sierra 

Army Depot. When this matter of grave concern to the security of the 

Army is coupled with the growing threat of nuclear theft and blackmail 

from terrorist groups, it is considered absolutely necessary to maintain 

a counterintelligence "early warning" device such as the ICIP as an ad- 

: Junct to the normal internal SOSUL program. 


. f. Based on the &bove, this operation has been selected for- retention 
&t this time. 
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&. Location: Pentagon well doommanientond t Center (PIC), US Army 
‘Commmnications Command (USACC), The Pentagon, Washington, DC 


b. Confidential Source Utilization: One source was used during 
the reporting period. 


e, Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d. Sensitive Character of the Mission that Necessitates an ICIP 
Operation: The mission of the elements of the Pentwson Telecommunice- 
tion Center, which include the Operations Division, the Army Operations 
Center Division, Facilities Division, Supply Division, and Administra- 
tive Division is critical sensitive. The Operations Division provides 
electrical record communications cryptographic services for Department 
of the Army and communications support to the Depariment of Defense, 

s Joint Chiefs of Staff, National Military Command Center, Department of 
State, White House, other government agencies in the Washington area, 
embassies of allied nations anc VAIO.  AüZivlonglly, wan Fentezon 
Telecommunications Center operates the Forrestal Bui iding Telecommuni- 
cations Center, the Hoffman Building Telecommunications Center, and 

"m ` telephone and teletype service. including secure pon in the Amy 
Operations Center. Becsuse oF Tae nature OF the terjes areas and tne 
work force, & confidential source program is essential to provide ade- . 
quate CI coverage to the project. . à 


é.. Benefits and Information Obtained: Although the operation was 
administratively activated in February 1974, it did not become opera- 
tional until Octcber 1974. The one source used in the operation is a 
recent recruitment and project control personnel have devozed their 
time to training and developing the source. This oporation has produced = 
no significant counterintelligence threat information to date because 
of the factors indicated. Based upon information availsble through 
other sources, it is known that the hostile intelli nco services are 
extremely interested in cczputerized coz-unicaiions sysó5oms and on the 
type of communications and activities conducted by PIC. The lack of 
‘positive information acquired to’ date does not rule out the threat of 
hostile intelligence service efforts to penetrate the activity, and is 
viewed as an indication that confidential source program is essential 

. to provide adequate CI coverage to the activity. 


f. Based on the above, this operation has been selected for re- 


tention at this time. | ia 
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E CENTAVO KID: 


a. Location: Harry Diamond Laboratories (HDL), Washington, DC, 


b. Confidential Source Utilization: Seven confidential sources are 
currently being utilized. 

c. Information Obtained Off- Post and/or Reported on Non-Affiliated 
Civilians: None, 


d. Sensitive Character of the Mission that Necessitates an ICIP 
“Operation: The missicn of the HDL includes critical sensitive research 
and development activities accomplished in support of the US Army. The 
most sensitive elements are the Branch Laboratory 240 which conducts 
research into the hardening of communications equipment against nuclear 
De : Weapons radiation; Branch Laboratory 290 which conducts tests of nuclear 
i ' warhead and missile systems to determine their ability to withstand 
` nuclear weapons radiation; Branch Laboratory 510 and 640 which conduct 
joint research to develop countermeasures against various foreign 
Weapons syStems; Branch Laboratory 750 which manages the development 
and production of all fuzes produced by HDL; Branch Laboratories 610 
and 620 which develop fuzes for use with nuclear warheads and Branch 
Laboratory 1222 vale. vc-.2ccC2 vucve.upuelüc anu Cescing or rágiation hara- 
ened systems for Minutemen and Poseidon Missiles. Because of the sensi- 
tive research and development mission of HDL, and the dispersed location i 
of the activities, a confidential source nroeram is essential to provide | 
adequate Ci coverage to the activity. 

e. Benefits and Information Obtained over the Last Two Years: 
Although the operation was administratively initiated in March 1973, it 
did not become operational until October 1974. The sources within the 
target area provide coverage on five of the above listed six target lj 
areas, The following examples illustrate the type of information obtained: 


(1) The identification of a "loosetalk' problem at HDL's Woodbridge ~ 
facility. 


'(2) Adverse suitability information, specifically, extra marital affairs 
and other related marital problems, coupled with an assault incident was 


surfaced which contributed to an on-going security investigation concerning 


(3) A security weakness was identified at the Woodbridge facility 
as various persons were entering the facility to hunt deer without any 
clearances or security checks of any kind. 


(4) It is estimated that approximately 60% of the useful informa- 
tion obtained through this operation during the past three months would 
not have been available on a Pinety basis without the use of confiden- 
tial sources. 


La 
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CENTAVO KID 


f. Based on the above and the fact that the hostile intelligence 
Services have a current high priority interest in the research and 


development activities of the type conducted at HDL, this operation has 
been selected for retention at this time, 
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E (c) LENS HOLDER: 


&. Location: White Sands Missile Range (WSMR), NM 
b. Confidential Source Utilization: None. 


- c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
|^. Civilians: None. 


' i d. Sensitive Character of the Mission that Necessitates an ICIP 

: ' Operation: The mission of the White Sands Missile Range (WSMR) is to 
evaluate the Safeguard Missile System, missile vulnerability studies, 
and missile control systems, and perform pre-production tests and 
analyses of missile systems. Priority I targets of elements located at 
WSMR are the Missile Electronic Warfare Technical Area, National Range 
Operations Directorate, US Army Missile Test and Evaluation Directorate, 

_ and the US Army Safeguard Systems Evaluation Agency. These elements 

develop electronic countermeasure techniques to nullify vulrerabilities 

i. .' discovered in missile systems, conduct pre-production tests of rocket 

and guided missile systems, operate a nuclear effects pmi and 
operate National Range facilities for tests conducted at WSR 


e, Benefits and Information Obtained: This operation was initiated 
‘administratively in August 197}. Not yet operational, this ICIP has no 


te á m : vum Am € maU n. 
source assets and has creíuosc T dels Dur cope cloLSYInlsliligenose inicr- 
= 


mation to date, However, the nature of the activities end the work force. #+ 
&t WSMR make it necessary that & confidentiel source program be developed 
to provide adequate Ci coverage. The remoteness of the installation and 
the knowledge that the type of activities conducted there are current 
‘targets of hostile intelligence services make it necessary to provide 

the type of "early warning" protection offered by the ICIP. 


$. Based on the above, this operation has been selected for retention 
&t this time. 
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8. (U) Location: Defense Language Institute (DLI), Presidio 
of Monterey, CA 


b. (C) Confidential Source Utilization: Four confidential 
sources were utilized during the period. 


. (U) Information Obtained Off-Post and/or Reported on Non- 


aftini ted Ĉivilians: None. 
PE , Va f 
. . aO» Sensitive Character of the Mission that Necessitates an 


ICIP Operation: The mission of DLI is to train DOD intelligence and 
communications security specialists in every major foreign languaze. 
Military attaches and employees of CIA, FBI, and other federal agen- 
' . cies are also trained at DLI, making it an extremely enticing target 
| ` -for hostile intelligence service operatives. The majority of the 
faculty of DLI have foreign backgrounds and many possibly have had 
contact with foreign intelligence agencies in their native countries. 
Many of the instructors who are subject to hostage factors, and may or 
may not have had previous contact with a hostile intelligence service, 
; frequently travel to their native countries in Eastern Eurore., Pe- 
cause cT the: unluüus nevuré Oi wiis activity ana the sensitivity of the 
intelligence personnel who are students there, à confidential source 
program is essential to provide adequate CI coverage to the project. 


e, Aet Benefits anc Information Obtained over the Last Two Years: .*. 
Although initiated in 1968, the operat ion was dormant for most of 1971. 
Revalidated in October 1971, this operation and the sources employed 

have produced voluminous information and leads indicative of hostile 
intelligence modus operandi aimed at. contact with students or faculty. 

The following are examples of information obtained: 


(2) 


b1 | ` 


(2) Another indicator is the frequent attempt made by foreign-born 
instructors to induce "pen-pal" contact between DLI students and persons 
"living in Sóviet-bloc countries. This is a known spotting technique of 
hostile intelligence services. . 


(3) Numerous reports have been surfaced of adverse suitability 
information involving drug abuse or immoral conduct on the part of 


. Btudents which have triggered investigations to determine their suit- 
ability for sensitive assignments. 
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(4) An incident in which two Soviet citizens visited DLI and 
moved about unescorted caused new visitor control regulations to be 
published and put into effect. 


(5) Students from DLI on field trips sponsored by the Arabic 
: Language Department were exposed to anti-US propaganda at the Arabic 
Trade Mission in San Francisco. 


(6) Sources reported several instances on questionable activities 
and curricula in the Arabic Language Department wiich involved the use 
of politically contentious materials in classroom drills. 


(7) An ICIP source reported information which alerted another 
agency to a possible breach in the security of its intelligence opera- 
tions and possibly helped avoid some embarrassment in relations with 
the Middle East. 


(8) It is estimated that approximately 70% of the useful informa- 
tion cbtained in this operation would not have been available on a 
timely basis without the use of ennfidential seurces. 


f. (U) Based on the above, and due to the unique mission of DLI, 
this operation has been selected for retention at this time. 


REGRADED UNCLASSIE 
ON -$ 19577 ^ ED 


BY CDR USAINSCOM FO1/PO 
AUTH Para 1-603 DOD 5200.1R 


age 1673 of 3957 


Page 1674 of 3957 


a m 


ICIP Operations Recommended for Termination (12) 


CANAL ROPE 
CANARY STONE 
CANTINA ARCH 
CANYON ROSTER 
CENTAUR SALE 
CENTRAL TAXI 
CENTURY SQUAD 
GONDOLA FLAG 
GONDOLA STAR 
LANYARD MOOD 
LEND TONE 
LENIENT CIOUD 


Regraded UNCLASSIFIED waen 
. Separated from classiñizd 
Inciosures. — 


176 


age 1674 of A hai LLL 


. Page 1675 of 3957 


CANAL ROPE: (OACSI Approval - 17 Dec 73) 


a, Location: Headquarters, US Army Communications Command (USACC), 
and llth Signal Group, Fort Huachuca, AZ. 


b. Confidential Source Utilization: None. 


c. Information Obtained Off-Post and/or Reported on Non-Affilisted 
Civilians: None. 


d, Useful Information Obtained: Initial assessment information on 
two prospective sources, : : ü 


' e. Operational Status: The two sources previously recruited in this 
operation were terminated during the last reporting period. Although two 
prospective sources have been spotted, they are still undergoing assessment 
and have not been recruited. One prospective source is in the llth Signal 
Group and the other is in the Headquarters, USACC. Information was reported 
on an NCO assigned to the Comunications Electronics Engineering Installa- 
tion Agency (CEEIA), USACC, alleging possible foreign business interests. 
USACC has initiated a limited investication on the NCO to clarify the 
allegation. On 17 Dec 74 the PLO presented the Quarterly Briefing to CPT 

, Richard Milligan, Assistant Director of Security, USACC, who indicated that 
the supported commands were satisfied with the progress of the ICIP. s 


f. Recommendation: The installation and activities are such in this -* 


case that we feel we can provide the support necessary without the use of | 
confidential sources. Based upon the above, recommend the ICIP be terminated, 
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W; CANARY STONE: (OACSI Approval - 18 Jul 73) 


a. Location: Dugway Proving Ground, (DPG), UT 


b. Confidential Source Utilization: Two confidential scurces were 
utilized during the period. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None, j 


d, Useful Information Obtained: Assessment information.obtained on 
two potential confidential sources. : 


e. Operational Status: On 21 November 1974, COL Adalbert E. Toepel 
Jr., Commander, DPG, was presented the Quarterly Briefing by the PLO. 
MAJ Trevor E. Bissey, Cammander, San Francisco Field Office, 525th MI 
Group, and Mr. Clinton E. Bair, Intelligence Officer, DPG, also attended 
the briefing. No immediate threat to DPG was surfaced during the reporting 
period. A possible item of long term interest was reported involving 
foreign correspondence and/or contacts by DFG scientific personnel. COL 
Toepel expressed satisfection at the progress of CANARY STONE and was 
appreciative of MI support rendered to DPG, particularly the conduct of 
security guard training preparatory to a AMC inspection in January 1975. 
Source spotting, recruitment, and assessment has been hampered by an 
impending reduction of civilien employees and a proposed reorganization 
of DPG directorates which will likely result in shifts of personnel, A (* 
reduction in force is scheduled for January 1975 and approximately 160 
civilian employees, primarily research end scientifie staff, will be 
discharged or reassigned to other duties, 


f. Recommendation: The installation and activities are such in this 
case that we feel we can provide the support necessary without the use of 
confidential sources. Based upon the above, recommend the ICIP be terminated. . 
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j| Ec CANTINA ARCH:  (OACSI — ae 12 Dec 7h) 


&. Location: US Army Air Defense Center, Fort Bliss (USAADCENFB), 
Ft Bliss, TX 


b. Confidential Source Utilization: Four confidential sources were 
utilized during the period. : 


Cc. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d. Useful Information Obtained: Suitability information was reported 
on one DAC employee of the Directorate of Combat Developments who reportedly 
has a drinking problem. The unidentified individual reported previously as 
. selling used clothing in Mexico and suspected of bribing Mexican border 
^ officials has been tentatively identified as an NCO assigned to the Air 
Defense School. A limited investigation is to be conducted on the NCO to 
determine the legality and extent of his activities. 


e. Operational Status: One of the four confidential sources used in 

the operation was terminated when he was reassigned from Fort Bliss. The 
FCO for the.operaticn retired at the end of liovember 1974. Recruitment or 
additional sources has been hampered somewhat by personnel turbulence at 
the installation, but this situation is expected to stabilize in early 1975. 

, On 16 December 1974, LIC Robert Davenport, Director of Security, USAADOENPT, 
Ft Bliss, was given ihe Quarteriy Briefing on CANTINA ARCH. ize Davenport 
stated that he was pleased with the progress of the ICIP and stated that he 
was requesting limited investigations on Ft Bliss personnel on whom informa-. 
tion had been recently surfaced. 


4 


f. Recommendation: The installation and activities are such in this 
case that we feel we can provide the support necessary without the use of 
confidential sources. Based upon the above, recommend the ICIP be terminated, 
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CANYON ROSTER: (OACSI Approval - 8 Mar 74) 
a. Location: Umatilla Army Depot Activity (UMDA), Hermiston, Oregon 


b. Confidential Source Utilization: Two confidential sources were 
utilized during this period. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None, : 


| d. Useful Information Obtained: Some investigative data was obtained 
on prospective sources. i ; 


e, Operational Status: One confidential source was terminated during 
the period ang two confidential sources were recruited during the period. 
Firm liaison and operational rapport has been established with federal and 
loc&l law enforcement agencies in the area. Five prospective sources are 
presently under initial assessment. Of the five, three are in the guard 
force of the Security Branch. On 23 December 1974, the PLO presented the 
Quarterly Progress Briefing to LIC Daniel W., Doty, Commander, Umatilla 
Depot Activity. Tne briefing consisted of a review of Mi activities, per- 
formed in support of the installation's security program and the status of 
the ICIP, LIC Doty indicated that he was generally well satisfied with the 
program and the support rendered, 


- 4 
f. Recommendation: The installation and activities are such in this ' 


case that we feel we can provide the support necessary without the use of 
confidential sources. Based upon the above, recommend the ICIP be terminated. 
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à (> CENTAUR SALE: (OACSI Approval - 1h Dec 73) 


a. Location: US Army Mobility Equipment Research and Development 
' Center (USAMERDC). Fort Belvoir, VA 


| b. Confidential Source Utilization: None, 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None, 


d, Useful Information Obtained: Travel plans were learned for one 
USAMERDC civilian employee who will travel to the USSR in the Spring of 
1975. A reported SAEDA attempt involving an officer of the Camouflage 
Division, USAMERDC in Oct 74 has led to an internal security measure in 
which the PLO will give informal SAEDA lectures to management personnel 
of USAMERDC in an effort to improve the security posture. The PLO will 
in the future accompany USAMERDC security inspection teams as they make 
weekly inspections of USAMERDC activities. This will not only increase 

| the visibility of the PLO at USAMERDC, but will alsc enable the PIO to 
spot and assess additional personnel in the more sensitive areas of 
USAMERDC for possible use in the ICIP. 


_@. Operational Status: The series of informal SAEDA lectures and 

the accompanyment of the security inspection teams described above have 

been coordinated with the supported command and the security officer to 

start in January 1975. On 10 December 1974, the PLO presented the j* 
; Quarterly Progress Briefing to Mr. Leslie L. Askew, USAMERDC Security 

Officer. From the period 5 September through 5 November 1974, the PLO 

was on special duty with the OACSI, DA, and was unable to participate 

actively in the ICIP. . 


f. Recommendation: Based upon results achieved to date we feel we 
can continue to provide the support necessary without the use of confi- 
dential sources. Based on the above, recommend the ICIP be terminated, 


. 
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(ye CENTRAL TAXI: (OACSI Approval - 16 Feb 72) 


, &. Location: Headquarters, US Army Electronics Command (ECOM), 
Fort Monmouth, New Jersey 


b. Confidential Source Utilization: Five confidential sources were 
utilized during the period. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d. Useful Information Obtained: On 23 October 1974, a bomb threat 
was received which caused evacuation of the new ECOM office building. 
During the evacuation some classified material was left unsecured and 
. unattended. The ECOM Security Office is insuring that classified material 
is secured during future evacuations and that fire marshals and bomb 
squads remain on all floors during an evacuation. A source also reported 
that an unsecured fire exit door in the east wing of the new ECOM office 
building allowed free access to a fire tower and all floors above. The 
Security Officer was notified who in turn notified the Provost Marshal's 
Office (PMO) who will insure that the door is secured in the future, A 
discharged enlisted man used his expired building pass to enter the Kexa- 
gon Building, Ft Monmouth, in early Dec 74. The information was passed 
i to the Security Office who coordinated with the PMO to correct such 
deficiencies during the out-processing of reassigned/separated personnel. 
A source reported an increase in use of narcotics among military personnel | 
employed.at ECOM. The information was provided to CID which assumed in- 
vestigative responsibility. An ECOM civilian employee received @ telephonic 
threat against his life during the week of 24 Oct 74. The PLO provided 
the information to the local CID which initiated an investigation. 


e. Operational Status: Thirteen conventional sources are used to 
provide coverage of the ECOM target areas in addition to the five confi- 
dential sources used, Efforts are being made to recruit two additional - 
sources in the Directorate of Management Information Systems (DMIS), ECOM. 
On 9 January 1975, the PLO presented the Quarterly Progress Briefing to 
COL John Sanderson, Security Officer, ECOM. MAJ Nicholas F. Quintarelli, 
Commander, Fort Monmouth Field Office, 902d MI Group, also attended the 
briefing. COL Sanderson indicated at the briefing that the command was 
extremely well pleased with the support being provided by this ICIP, 


f. Recommendation: The installation and activities are such in this 


case that we feel we can provide the support necessary without the use of 
confidential sources. Based upon the above, recommend the ICIP be terminated, 
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(ue CENTURY SQUAD: (OACSI Approval -.3 Oct 73) 


8. Location: US Army Management Systems Support Agency (USAMSSA), 
The Pentagon, Washington, DC 


t 


b. Confidential Source Utilization: One confidential source was 
used during the period. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d. Useful Information Obtained: None. t 


e. Operational Status: Only one confidential source has been recruited 
for this ICIP. The source has been assigned for much of the time to the 
2300-0700 hour shift when there has been only a small number of other 
persons present. Thus the situation has not been conducive to & volume of 

' reporting. The source will be terminated early in 1975 when he transfers 

| to a new assignment. The PLO and FCO presently are m&king.a& re-evaluation 
| of this ICIP which will lead to a recommendation for continuation or 

i termination. On 18 December 197h, the PLO presented a Quarterly Progress 

Briefing to Mr. John R. Bjork, Security Manager, USAMSSA, 


f. Recommendation: The installation and activities are such in this 
case that we feel we can provide the support necessary withcut the use of 


confidential sources. Based upon the above, recommend the ICIP be <“ 
terminated. 
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(we GONDOLA STAR: (OACSI Approval - 17 Feb 72) (Revalidated 30 Oct 74) 
a. Location: Aberdeen Proving Ground (APG), MD 


b. Confidential Source Utilization: Seven confidential sources were 
used during the reporting period. 


c. Information Obtained Off-Post and/or Reported on Non-Affilisted 
Civilians: None. 


. à, Useful Information Obtained: A source reported allegations that 
& civilian employee of Edgewood Arsenal was possibly engaged in an illicit 
affair with another Edgewood employee. ‘The Commander was briefed. 


e. Operational Status: One confidential source was terminated on 

9 Oct 74. During the reporting period, limited progress was made in in- 
creasing ICIP support to the serviced activities. The PLO's duties not 
directly related to the ICIP limited the acquisition of ICIP sources 
needed to increase the ICIP coverage to the desired level. However, two 
prospective sources are under assessment and their recruitment is planned 
for the next quarter. On 18 December 1074, the Quarterly Progress Pric?- 
ing was given to COL Alvin D. Ungerleider, Commander, APG, and Mr, Harry 
A. Mencke, Installation Intelligence Officer, APG. On 19 December 1974, 
the Quarterly Progress Briefing was presented by the PLO to COL Kenneth 
L. Stahl, Commander, zügewood Arsenal, APG, and MAJ Walter W. Stansberry, 
Chief of Security, Edgewood Arsenal. t 


f. Recommendation: The installation and activities are such in this 
ease that we feel we can provide the support necessary without the use of 


confidential sources. Based upon the above, recommend the ICIP be 
terminated, 


ewei 
pEGRADED UNC MIEHED 
| MA S — 
, 


| s op SE ds ippuPO 
v ona SA NSCOw FO: 
i Aen Para 1-603 DOD 5200.18 


Page 1683 of 3957 


CM FLAG: (0 Approval - 22 Apr 7h) 
| . 8&«. Location: US Army Electronic Proving Ground (USAPEG), Fort 
Huachuca, AZ ; 


b. Confidential Source Utilization: None. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. f i 


d, Useful Information Obtained: None. . 

e. Operational Status: At present, three prospective confidential 
sources are under initial assessment, Personnel turbulence has hampered 
Significant progress in this ICIP. The PIO was transferred during the 
last reporting period. The PIO will be transferred on a PCS overseas 
during the next reporting period. On 20 December 197h, the Quarterly 
Briefing was presented to Mr, Henry O. Dupes, Director cf Security, USAPEG, 
Ft Huachuca, AZ. The Director of Security expressed satisfaction with the 
progress of the ICIP. 


f. Recommendation: The installation and activities are such in this 
case that we feei we can provide the support necessary without the use of 
confidential sources. Based upon the above, recommend the ICIP be 
terminated. 
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(u LANYARD MOOD: (OACSI Approval - 22 Dec 71) 


a. Location: Defense Language Institute East Coast (DLEEC), 
Washington Navy Yard, Washington, DC 


b. Confidential Source Utilization: None. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None, 


d, Useful Information Obtained: Approximately half of the faculty 

i f of DLIEC which is being transferred to DLI West Coast have departed for 

i that installation. Classes and all attendant activities have been greatly 
_reduced in preparation of the phaseout of DLIEC in Jun 75. 


e. Operational Status: On 12 December 197h, the PLO presented the 
Quarterly Progress Briefing on the ICIP to CPI Richard W. Pederson, 
Security Officer, DLIEC. The Security Officer stated that the supported 
camand was pleased with the MI support provided by the ICIP and full cooperation 
would be provided for the PLO in the continued conduct of the ICIP. 


f. Recommendation: The Defense Language Institute, East Coast (DLIEC), 
i will cease operations when its present cycle of students graduate this summer. 
Based upon the above, recommend the ICIP be terminated, 
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Q LEND TONE: (OACSI Approval - 16 Feb 72) 


&. Location: Picatinny Arsenał} (PA), Armament Command, US Army 
Materiel Command, Dover, NJ 


b. Confidential Source Utilization: Three confidential sources 
were utilized during the period. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
_ Civilians: None. f 


d. Useful Information Obtained: A civilian employee, identified 
ear)ier &s being a possible security risk due to a reported episode of 
erratic and irrational behavior was removed from the employee rolis at 
Picatinny after an October 1974 report by a source that he behaved 
irrationally during a visit to the Installation's US Army Health Clinic. 


‘e. Operational Status: The FCO assigned to this ICIP is being re- 
leased from active duty in January 1975. An officer of the 902d MI Group 
Headquarters is assuming the PCO duties on an interim basis pending assign- 
ment of a PCO.. Source recruitment efforts in the future will be concen- 
trated on attempting to recruit sources wno are single and have more exten- 
sive social contact in the Picatinny Arsenal and thus are better attuned 
to the activities of the Arsenal personnel. On 30 December 1974, the 
Quarterly Progress Briefing was presented by the PLO to MAT George Carzenier, 
Chief, Security Office, PA. MAJ Carpenter at the briefing expressed the + 
desire of the command that the ICIP be continued at that location, 


ot he cee 


f. Recommendation: The installation and activities are such in this 
case that we feel we can provide the support necessary without the use of 
confidential sources. Based upon the above, recommend the ICIP be 
terminated. . 
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(ud LENIENT CLOUD: (OACSI Approval - 16 Feb 72) 
&.. Location: US Army War College (USAWC), Carlisle Barracks, PA 


b. Confidential Source Utilization: Three confidential sources 
were used during the period. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None, ; 


d, Useful Information Obtained: A suitability investigation which 
was started in the previous period is still in progress and a subject 
interview plus a polygraph examination has been conducted on the original 
.Bubject, an enlisted man assigned to the USAWC staff. The suitability 
investigation, which involved allegations of aberrant sexual activity, 
has expanded to include several leads implicating three officers assigned 
or recently assigned to USAWC, The Commandant, USAW, has requested 
suitability investigations on all personnel implicated in the allegations. 
A female civilian applicant applying to be rehired at USAWC has become the 
subject of a loyalty/suitability investigation triggered by information 
from sources. l 


m i adio ues 


s e, Operational Status: COL Albert N. Stubblebine III, Commander, 
902d MI Group, visited USAWC for en orientatior and courtesy call on the 
Commandant. An ICIP briefing was presented on 6 Jan 75 to LTC Richard Q3 
H. Gray, Deputy Secretary for Logistics, USAWC, upon his selection as 
ICIP Coordinator, succeeding COL David T. Teberg. No formal Quarterly 
Progress Briefing was given MG DeWitt C. Smith, Jr, Commandant, USAEC, 
at his specific request. The PLO briefed MG Smith six times during the 
quarter on specific progress made in the special suitability investiga- 
tions in progress as described in d, above. Because of the frequency of 
these briefings, MG Smith stated that a formal auarterly briefing was 
unnecessary. MG Smith indicated continued satisfaction with the ICIP 
and the support being provided by it. 


f. Recommendation: The installation and activities are such in this 
case that we feel we can provide the support necessary without the use of 
confidential sources. Based upon the above, recommend the ICIP be 
terminated, j 
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j | ! 
DEPARTMENT OF THE ARMY | 
OFFICE OF THE UNDER SECRETARY 
WASHINGTON, D.C. 20310 
17 January 1975 
MEMORANDUM FOR: VICE CHIEF OF STAFF, "Ui 2! ie à = 
SUBJECT: Internal Counterintelligence Program (ICIP) 
r 
I haye received and reviewed the latest quarterly report of ICIP 
operations during 1974 as requested, In 1972 the Under Secretary 
authorized a trial run of this subject program. Judging from this 
report, the program has grown considerably and includes installations 
that I did not appreciate were considered sensitive. A cursory review 
i .Of the data presented suggests that in more than half the cases, no 
i useful information was obtained. 


It would appear to me appropriate to review the results of this 
experiment to date in order to establish that the program is in fact 
of such a value that it should be continued in the future, 


I would therefore appreciate a detailed report documenting all of 4 
the benefits, information, etc., that have been obtained through this 
program over the last two years. It would aiso be helpful to have a 

Statement for each listed installation of the sensitive character of 
the mission that necessitates an ICIP operation. Finally, I would 
appreciate an indication of your subjective judgment as to how many 
of the issues that arose from these ICIP efforts would not have other- 


wise come to our attention, 


Inc losure Herman R. Staudt 
Memo, 29 Nov 74, Under Secretary of the Aruy 
Subj: ICIP Operations 
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a MENT OF THE ARMY 
sY , z Em OFFICE OF THE CHIEF OF STAFF 
U XN 
! V wA 29 November 1974 
| et 
' a 
i p Ti" 


| MEMORANDUM FOR: dez. OF THE ARMY 


SUBJECT: Internal Counterintelligence Program (ICIP) Operations (U) 


' i .1. (U) Reference is made to memorandum, Under Secretary of the Army, 
i dated B February 1972, subject as above. 


. -2 UXO During the third quarter of CY 1974, the ICIP at Edgewood 
1 Arsenal Maryland (CANAL LOOP) was combined with the Aberdeen Proving 
| Ground ICIP (GONDOLA STAR), The nickname GONDOLA STAR was retained. 


J 
] (e With the subsidence of anti-military activity at Fort Levis, 
: Washington and in the absence of a specific on-post threat, the Com- 
| manding General, 9th Infantry Division requested that the Fort Lewis 
ICIP (CENTAUR RACE) be terminated. This ICIP was inactivated on 22 Aug 
74, During the same time frame, LENS HOLDER, a new ICIP developed at 
White Sands Missile Range was approved on 7 Aug 76. With the implemen- yt 
tation of this ICIP, the total number of active ICIP operations at the 
close of the quarter was 19, Brief status reports are attached. 


4 ue After briefing you on 25 September 1974 on the status of this 
program, the Assistant Chief of Staff for Intelligence personally re- 
viewed and revalidated each on-going operation. Each operation will be 
revalidated on an annual basis hereafter. Additionally, MG Aaron has 
initiated a systematic review of all source dossiers to insure that atl 
sources possess sufficient maturity and stability to enable them to 
function efficiently and effectively in ICIP operations. 


was 


1 Incl D WALTER T. KERWIN, JR. 
as (C IAL) General, United States Army 
Vice Chief of Staff 
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WTROL NUMBER 


ACTIiod SHEET 


SUBJECT OFFICE SYMBOL SUSPENSE 
DAMI-DOI-C f 


Internal Counterintelligence Program (ICIP) DATE 
20 November 1974 


ACTION REQUIRED 


MEMORANDUM FOR RECORD.  ( Describe briefly the requirement, background and action taken er recommended. Must be sufficiently detailed to identify 
the action without recoarse to other sources, ) 


1. BACKGROUND: By memorandum, dated 8 February 1972 (GREEN TAB B), the Under Secretary 
of the Army requested the Vice Chief of Staff (VCSA), US Army, to provide quarterly 
reports on all ICIP operations. 


| 2. DISCUSSION: Inclosure 1 to GREEN TAB A is a memorandum for the VCSA's signature 
forwarding the quarterly report for the quarter ending 30 September 1974 to the Under 
Secretary of the Army. GREEN TAB. A forwards to the VCSA the memorandum for the Under 
| Secretary of the Army. 


3, RECOMMENDATION: That the memorandum to the VCSA at GREEN TAB_A be approved and 
signed by the ACSI. 


(Continue o5 plain bord) 
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OFFICE OF THE ASSI T CHIEF OF STAFF FOR Y NE 
WASHINGTON. D.C. 20310 


REPLY TO. DAMI-DOI-C 9 9 NOV 1974 


ATTENTION OF: 


MEMORANDUM FOR: VICE CHIEF OF STAFF, UNITED STATES ARMY 


SUBJECT: Internal Counterintelligence Program (ICIP) Operations 


l. Reference Under Secretary of the Army memorandum, dated 8 February 
1972, subject as above. 


2. At the request of the Under Secretary of the Army, on 25 September 
1974, 1 briefed him on status of this program. At that time, he ex- 
pressed reservations about operational control within the program and 
its recent rapid growth. He wanted assurance that the program was 


carefully monitored. 


3. On 4 October 1974, I personally reviewed and revalidated each 
operation and have arranged for a systematic review of all source 


dossiers. 


4, Recommend your approval and signature of the attached memorandum 
which transmits the report required by the cited reference. 


5. Coordination: None required. 


1 Incl HAROLD R. AARON 
Major General, GS 
ACofS for Intelligence 


as 


| ? 9 NOV 1974 
E 
A PREN » VCSA, 
— s af NS eee 
R oc frun s Caseig IETHESZ - m 
d Celene), GS 
id | Basisti ihe Director 
H of inc Army Stai 
y I I mas Ebersole/56074 
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ENT OF THE ARMY 
ICE OF THE CHIEF OF STAFF 
WASHINGTON, D.C. 20310 


29 November 1974 


mns 
MEMORANDUM FOR: UND CRETARY OF THE ARMY 


+ 


SUBJECT: Internal Counterintelligence Program (ICIP) Operations (U) 


1. (U) Reference is made to memorandum, Under Secretary of the Army, 
dated 8 February 1972, subject as above, 


. 2. During the third quarter of CY 1974, the ICIP at Edgewood 
Arserial Maryland (CANAL LOOP) was combined with the Aberdeen Proving 
Groünd ICIP (GONDOLA STAR). The nickname GONDOLA STAR was retained. 


With the subsidence of anti-military activity at Fort Lewis, 
Washifgton and in the absence of a specific on-post threat, the Com- 
manding General, 9th Infantry Division requested that the Fort Lewis 
ICIP (CENTAUR RACE) be terminated. This ICIP was inactivated on 22 Aug 
74, During the same time frame, LENS HOLDER, a new ICIP developed at 
White Sands Missile Range was approved on 7 Aug 74. With the implemen- 
tation of this ICIP, the total number of active ICIP operations at the 
close of the quarter was 10. Brief status reports are attached. 


4, After briefing you on 25 September 1974 on the status of this 
program, the Assistant Chief of Staff for Intelligence personally re- 
viewed and revalidated each on-going operation. Each operation will be 
revalidated on an annual basis hereafter. Additionally, MG Aaron has 
initiated a systematic review of all source dossiers to insure that all 
sources possess sufficient maturity and stability to enable them to 
function efficiently and effectively in ICIP operations. 
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l Ini ^ -7 WALTER T. KERWIN, JR. 
as (CONFIDENTIAL) General, United States Army 
Vice Chief of Staff 
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DEP MENT OF THE ARMY 
HEADQUARTERS 
U.S. ARMY INTELLIGENCE AGENCY 
FORT MEADE, MARYLAND 20755 


4 1 053 v -. 


Quarterly Reporting of Internal Counterintelligence Program 
(ICIP) Operations (U) 


HQDA (DAMI-DOI-C) 
WASH DC 20310 


Several significant changes occurred in individual Internal 

erintelligence Program (ICIP) operations during the third quarter 
of CY 1974. Among these was the combination of the ICIP at Edgewood 
Arsenal, Maryland (CANAL LOOP), with the Aberdeen Proving Ground ICIP 
(GONDOLA STAR) on 17 July 1974. The nickname GONDOLA STAR was retained 
for the resulting consolidated ICIP which will realize some savings in 
administrative requirements and permit a more effective utilization of 
manpower, 


The Commanding General, 9th Infantry Division, and Headquarters, 
wis, Washington, requested that the Fort Lewis ICIP be terminated 
due fo the subsiding of the level of anti-military activities at that 
post and the absence of a specific on-post threat. With the concurrence 
of the Commanding General, FORSCOM, the ICIP was inactivated on 22 August 
1974, . The White Sands Missile Range ICIP, which had been requested in 
the previous quarter, was approved on 7 August 1974. Spotting and assess- 
ment for potential sources continues, With the implementation of the 
White Sapds Missile Range ICIP, the total number of active ICIP opera- 

the close of the quarter is 19. 


Since the 1 July 1974 organization of the US Army Intelligence 
Agency, the 902d MI Group and the 525th MI Group have both experienced a 
reduction in personnel authorizations at all levels to include some 
Resident Offices which were initially established for the purpose of 
supporting an approved ICIP project. The reductions are impacting on 
some areas, especially isolated installations where servicing by both 
the Project Liaison Officer (PLO) and Project Case Officer (PCO) 
threatens to escalate TDY costs. In an effort to find a solution, the 
525th MI Group has consolidated the functions ef the PLO and the PCO by 
having the PLO perform duties for both. This measure has been put into 
F 
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MIIA-SO 
SUBJECT: Quarterly Reporting of internal Counterintelligence Program 
(ICIP) Operations (U) 


effect at Sierra Army Depot, Dugway Proving Ground, and Umatilla 

Army Depot. The 902d MI Group has experienced difficulty in maintain- 
ing PLOs full-time at Seneca Army Depot and Picatimy Arsenal, During 
the reporting period, PLOs at Carlisle Barracks, Fort Ritchie, and Fort 
Monmouth all spent a considerable amount of time on TDY and in support 
of other counterintelligence duties. Local Field Office Commanders 

are making efforts to assign their personnel to duties according to 
assigned priorities, but the current shortages are slowing somewhat 
on-going operations and hampering the development of the newly 
established ICIPs. 


A wW Currently an in-depth review of each ICIP is being made with 
an'óbjective of determining the effectiveness of each operation. The 
necessity of continuing or recommending termination of each ICIP and 
possible improvements which can be made are also goals of this revali- 
dation program. 


5, (U) Brief status reports for each of the active 19 ICIP operations 
are attached as inclosures. 


FOR THE.COMMANDER: 


19 Inel E. L. STEPHENS 
as Chief 


intelligence Division 
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DEPARTMENT OF THE ARMY 
HEADQUARTERS 

U.S. ARMY INTELLIGENCE AGENCY 

FORT MEADE, MARYLAND 20755 


11067 1974 i 


Quarterly Report of Internal Counterintelligence Program 
(ICIP) Operations (U) 


HQDA (DAMI-DOI-C) 
WASH DC 20310 


: Several significant changes occurred in individual Internal 
C rintelligence Program (ICIP) operations during the third quarter 
of CY 1074. Among these was the combination of the ICIP at Edgewood 
Arsenal, Maryland (C5N4L LOOP), with the Aberleen Proving Ground ICIP 
(GONDOLA. STAR) on 17 July 1274. ‘Che nickname GONDOLA STAR was retained 
for the resulting consolidated ICIP which will realize some savings in 
administrative requirezents and permit à more effective utilization of 
yai manpower. 


The Commanding General, 9th Infantry Division, and Headquarters, 
Fort Lewis, Washington, requested that the Fort Lewis ICIP be terminated 
due to the mubsiding of the level of enti-military activities at thet 
post and the absence of e specific on-post threat. With the concurrence 
of the Commanding General, FORSCOM, the ICIP was inactivated on 22 August 
1975. The White Sands Missile Range ICIP, whieh had been requested in 
the previous quarter, was approved on 7 August 1975. Spotting and assess- 
ment for potential sources continues. With the implementation of the 
White Bands Missile Range ICIP, the total number of active ICIP opera- 
tions at the close of the quarter is 19. 


ÁN Since the 1 July 1974 organization of the US Army Intelligence 
Agency, the 902d MI Group and the 525th MI Group have both experienced a 
reduction in personnel authorizations at all levels to include some 
Resident Offices which were initially established for the purpose of 
supporting an approved ICIP project. The reductions are impacting on 
some areas, especially isolated installations where sarvicing by both 
the Project Liaison Officer (FLO) and Project Case Officer (PCO) 
threatens to escalate TDY costs. In an effort to find a solution, the 
525th MI Group has consolidated the functions of the FLO and the PCO by 
having the PLO perform duties for both. This measure has been put into 
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MII:-50 
SUBJECT: Quarterly Reporting of Internal Counterintelligence Program 
(ICIP) Operations (U) 


effect at Sierra Amy Depot, Dugway Proving Ground, and Umatilla 

Army Depot. ‘The 902d MI Group has experienced difficulty $n maintain- 
ing Plos full-time at Seneca Army Depot and Píoatinmy Arsenal. During 
the reperting period, PLOs at Carlisle Barracks, Fort Ritohie, and Fort 
Monmouth all spent a eonsidersble amount of time on TOY and ín support 
of other counterintellikence duties. Local Field Office Commanders 
are making efforts to assign their personnel te duties according to 
assigned priorities, but the current shortages are slowing somewhat 
On-going operations and hampering the development of the newly 
established ICIPs. 


. Currently an in-depth review of esch ICIP is being made with 
Objéctive of determining the effectiveness of each operetion, ‘The 
necessity of continuing or recommending termination of each ICIP and 

possible improvements which ean be made are also goals of this revali- 


éation program. 


5. (U) Brief status reports for each of the active 19 ICIP operations 
are attached as inclosures. 


FOR THE CONMANDER: 


19 Incl E. L. STEPHENS 
as Chief 
Intelligence Division 
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RU) CANAL ROPE: (OACSI Approval - 17 Dec 73) 


a, Location: Headquarters, US Army Communications Command and 
lith Signal Group, Fort Huachuca, AZ. 


b. Confidential Source Utilization: Not applicable, 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: Not applicable. 


d. Useful Information Obtained: Investigative data and assessment 
information on newly recruited sources. 


e. Operational Status: One confidential source in the 11th 
Signal Group Crypto Facility who had been recruited in April 1974 was 
terminated when he lost his placement and access. He also is near the 
completion of his federal service. A second confidential source re- 
cruited in May 1974 in the Communications Electronics Engineering . 
Installation Agency (CEEIA), Ha, US Army Communications Command (USACC) 
was terminated when continued assessment and evaluation revealed pre- 
viously unknown personal and professional problems. Spotting and 
assessing actions are now under way to recruit new confidentiel sources 
for the operation. The CANAL ROPE PIO presented a Quarterly Progress 
Report on the ICIP to Mr John Maiorana, Chief, Physical Security, USACC, 
Ft Huachuca, on 27 September 1974. The security official indicated to 
the PLO that USACC was satisfied with the ICIP, 
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RN CANARY EFFORT: (OACSI Approval - 16 Feb 72) - 
a. Location: Fort Ritchie, MD 


b. Confidential Source Utilization: Three sources were used 
during the reporting period. 


c. Information Obtained Off-Post and/or Reported on Non-A?filisted 
Civilians: None. 


d. Useful Information Obtained: Three potential confidential 
sources are Currently under assessment. Adverse suitability informa- 
tion alleging moral misconduct on the part of a civilian employee with 
a SECRET clearance was reported. The Deputy Chief of Staff, Intelli- 
gence and Security, Fort Ritchie, and the Provost Marshal have been 
notified and are monitoring the employee's activities. An enlisted 
man with a TOP SECRET clearance and assigned to the Automatic Message 
Processing Systems (AMPS) Branch, Telecommunications Directorate, 
Site "R", for temporary duty, displayed an abnormal interest in fire- 
ams, explosives, and poisons. He also displayed somewhat abnormal 
behavior traits. The individual's access has been suspended temporarily 
pending a psychiatric evaluation, 


e. Operational Status: Twenty-two official sources and 14 liaison 
sources are contacted on a frequent basis in addition to the three 
confidential sources. The PIO presented the Quarterly Progress Report 
to the supported command on 12 September 1974. ‘The following were 
present at the briefing: COL Harold G. deMoya, Commander, Fort Ritchie; 
LTC Arlyn R. Madsen, Director, Telecommunications, Fort Ritchie; Mr. 
Joseph J. Carroll, Chief, Intelligence and Security, US Army Communica- 
tions Command-CONUS and HQ, Fort Ritchie; CPT Lawrence N, Brogan, 
Commander, Fort Ritchie Field Office, 902d MI Group; and CW2 Benjamin 
Struchen, HQ, 902d MI Group. 
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CANARY STONE: (OACSI Approval - 18 Jul 73) 
a. Location: Dugway Proving Ground, (DPG), UT 


b. Confidential Source Utilization: Two confidential sources were 
utilized during the period. 


c. Information Obtained Off-post and/or Reported on Non-A?^filiated 
Civilians: Not applicable. 


d. Useful Information Obtained: Assessment information and 
investigative data used for potential confidential sources. Minor 
suitability information on the drinking habits of three DPG employees 
was reported. The Installation Security Officer has been appraised of 
the information and will continue to monitor the behavior of the 
employees in coming weeks. 


e. Operational Status: Two confidential sources were recruited 
during the reporting period and are being provided training and 
orientation. On 9 September 1974, a new PLO/PCO was assigned to the 
ICIP and the Dugway Proving Ground Resident Office. The new PLO/PCO 
has assumed control of both the newly recruited confidential sources 
used in the operation and has been engaged in thorough orientation of 
his new duties. On 29 August 1974, LIC Andrew J. Armstrong, Acting 
Commander, DPG, was briefed by the former PLO in the presence of MAJ 
Trevor E. Bissey, Commander, San Francisco Field Office, 525th MI Group, 
and Mr. Clinton E. Bair, Intelligence Officer, Security Div, DPG. 

LTC Armstrong provided the initial ICIP briefing to the new DPG 
Commander, COL Adalbert F, Toepel, Jr., on 9 September 1974. The ICIP 
PLO and LTC Henry F. Kale, Director of Security, DPG, will provide a 
more detailed briefing to the new Commander at a later date. 
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he CANINE PLATE: (OACSI Approval - 18 Sep 72) 
a. location: Seneca Army Depot, Romulus, NY 
b. Confidential Source Utilization: Not applicable 


c. Information Obtained Off-Post and/or Reported on Hon-Affilisted 
Civilians: None 


d. Useful Information Obtained: Investigative date on prespective 
sources, 


e. Operational Status: Coverage of the Directorate for Special 
Weapons (DSW) presently is maintained by use of two conventional 
sources. Two additional prospective sources, both of whom are assigned 
to the military police guard force, are presently under assessment. 
Prolonged absence of the PLO during this period due to leave ard TEY 
travel to other locations hampered effective development and recruit- 
ment of new sources. The PLO has identified a total of four iràiciiugls 
for possible use as conventional sources in support of the operation. 
It is the goal of the Fort Monmouth Field Office Commander io reeruit 
an additional three or four sources by the end of the celerndar yeer. 
COL Light, Seneca Army Depot Commander, has instructed the PLO io use 
extreme care in the recruitment of sources and expressed his desire 
thet the ICIP be developed very slowly. No Quarterly Progress 
Briefing was given during the period since there were no significant 
items of information reported, The PLC was .on extended TDY for mosi 
of the month of September. 
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(i CANYON ROSTER: (OACST Approval - 8 Mer 74) 


a. Location: Umatilla Army Depot Activity (UMDA), Hermiston, 
Oregon l 


b. Confidential Source Utilization: One confidential source was 
utilized during this period. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d. Useful Information Obtained: Information received on the 
possible theft and a sale of weapons from UMDA has resulted in all 
weapons being placed in an area under twenty-four hour guard. £ 
construction project has been started to build a centralized weapons 
storage area. Ag a result of a request for aerial photographs of DA 
being received by the depot, procedures have been established whereby 
all questionable requests for information will be routed through the 
PLO of the ICIP, l 


e, Operational Status: One confidential source was recruits: 
during the reporting period. Seven other potential sources, four c? 
| whom are guards on various shifts at UMDA, are also under assessment 
: and preliminary investigation. On 17 September 1975, the PIO briefed 
i the Commander, UMD^, LIC Daniel U, Doty on the progress of the ICIP 
| during the quarter. The briefing consisted of a review of MI activities 
directed toward improving the security of UMDA, LTC Doty indicated he 
was generally well satisfied with the program and the support rendered, 
It became evident during tne guarter that UMDA's mission will be one of 
a long-term storage of conventional and toxic munitions, Although the 
work force is still unstable, target areas within the UMDA organizational 
| structure have been identified and potential sources within each area 
ere now under assessment. Liaison contacts with other Federal agencies 
anā civilian law enforcement agencies are being developed as pari o? an 
early warning net around UMD-, 
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| 6. » CANVAS TAX: (OACSI Approval - 8 Mar 7h) 
8. location: Sierra Army Depot (SIAD), Herlong, CA 
b. Confidential Source Utilization: Not applicable. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


d. Useful Information Obtained: investigative data on prospective 
confidential sources. 


e. Operational Status: Overall progress in this ICIP has been 
extremely slow due to the non-availability of a PLO. The PIO assigned 
in June 197: which was reported in the previous Quarterly Report was 
not continued on station. A decision was made to combine the PIO and 
Project Case Officer (PCO) functions in this ICIP. Continued develop- 
ment of the operation can be expected as soon as a PIO/PCO is on station. 
On 15 August 1974, the Quarterly Briefing was presented to the supported 
command. Those in attendance were: COL Robert Hawlk, CDR, SIAD; LIC 
Bernard Render, Dep CDR, SiAD; MAJ John Jolley, PM/Security Officer; 
SIAD; LLT Wayne Heringer, Intelligence Officer, SIAD; and Mr, Anthony 
Tornabene, Asst Intelligence Officer, SIAD. LTC Clifford Fry, USAINTA 
Liaison Officer to HQ, Army Materiel Command, also attended the briefing. 
COL Hawlk, SIAD Commander, expressed his support for the concept of the 
operation and added that support would be provided the SIAD Resident 
Office when it was established, 
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7. Uu CANTINA ARCH: (OACSI Approval - 12 Dec 73) | 


a. Location: US Army Air Defense Center and Fort Bliss 
(USAADCENFT), TX 


b. Confidential Source Utilization: Four confidential sources 
were utilized during the period. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: Not applicable. 


d. Useful Information Obtained: Information was reported on a 
person assigned to Fort Bliss with a security clearance who resides in 
Mexico and was allegedly dealing in gold and silver, The report was 
provided to the Directorate of Security (DSEC) and to the Criminal 
Investigation Division (CID) for further investigation. As a result 
of this report, the supported command now requires that all personnel 
holding a security clearance and residing in Mexico report this fact, 
along with their address. The DSEC now maintains a roster of all such 
personnel. 


e. Operational Status: The prospective confidential source in 
the Emergency Operations Center who was under assessment during the 
last reporting period was recruited on 4 September 1974. The US Army 
Communications Command Agency Fort Bliss Teleconmmunications Center 
presently is being covered through the liaison efforts of the Project 
Liaison Officer (PIO), but efforts &re being made to recruit a confi- 
dential source there in the future. On 20 September 1974, the ICIP PLO 
presented a Quarterly Status Report on CANTINA ARCH to CPT James E, 
Stevens, Acting DSEC, USAADCENFT, Ft Bliss, Speaking for the Commander, 
the Acting DSEC indicated that the operation seems to be progressing in 
a satisfactory manner. He had no other comments, recommendations or 
expressed problem areas, A new DSEC will be appointed in the near 
future and will be briefed on the operation after he assumes his duties. 
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8. Qs TIME: (OACSI Approval - 5 Feb 7h) 


a, Location: Pentagon Telecommunications Center (PIC), US Army 
Communications Command (USACC), The Pentagon, Washington, DC 


b. Confidential Source Utilization: One source was used during 
the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-Affiliated 
Civilians: None 


d. Useful Information Obtained: Investigative leads for rossible 
confidential sources. 


e. Operational Status: As part of his training, the one confiden- 
tial source used in this ICIP was given test EEI and tasked to provide 
names of other potential sources. Three other potential sources, all 
in the Operations Division, PIC, are currently under assessment. If 
these sources are successfully recruited, the depth of coverage of the 
target area will be improved considerably. The PLO provided the 
Quarterly Progress Briefing on 26 August 1974 to COL Joseph T. Adinaro, 
Commander, PIC, and Mr, D. E, Thompson, Deputy Commander, PIC. Both 
the Commander and the Deputy Commander, PTC, indicated satisfaction 
with the support rendered by the ICIP and the progress of its develop- 
ment to date. : 
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9. $e% CENTAUR SALE: —TOACSI Approval - 14 Dee 73) 


a. Location: US Army Mobility Equipment Research and Development 
Center (MERDC), Fort Belvoir, VA 


b. Confidential Source Utilization: Not applicable, 


c. Information Obtained Off-Post and/or Reported on Non-Arfiliated 
Civilians: Not applicable. 


d. Useful Information Obtained: Investigative data on prospective 
sources. 


e. Operational Status: This ICIP coverage to date has been made 
by conventional sources who have access to the target areas and liaison 
contacts. Efforts are being made by the Pentagon CI Force /National 
Capital Region Fieid Office to revitalize this ICIP. To provide a 
wider target coverage of MERDC, ‘three potential confidential sources 
are presently under assessment. The PLO presented the Quarterly Progress 
i Briefing to Mr. Leslie L. Askew, Security Manager, MERDC, on 28 August 
l 1974. The Commander and the MERDC staff continue to provide support for 
the ICIP and render all possibie assistance for its continued development. 
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„Q CENTAVO KID: (OACSI Approval - 18 Oct 73) 
a. Location: Harry Diamond Laboratories, Washington, DC 
b. Confidential Source Utilization: Not applicable. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: Not applicable. 


d. Useful Information Obtained: Investigative data on potential 
sources. 


e. Operational Status: The Pentagon Counterintelligence Force/ 
National Capital Region Field Office (PCF/NCR FO), 902d MI Group, which 
is charged with the conduct of this ICIP is engaged in an intensive 
review and revitalization program for the operation, At present, two 
individuals who are employed in the Harry Diamond Laboratories, one in 
the Engineering /Reserve Support Division, and one in the Relocation/ 
Planning Group are under assessment as potential confidential sources. 
The PLO presented the Quarterly Progress Briefing on 23 August 1974 to 
: COL D. W. Einsel, Jr., Commander, Harry Diamond Laboratories, and Mr. 
Joseph Sehnieder, Security Manager. Both the Commander and the 
security Manager continue to support the ICIP strongly and provide 
cooperation necessary for its development. 
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2x. sd CENTRAL TAXI: (OACSI Approval - 16 Feb 72) 


&. Location: Headquarters, US Army Electronics Command (ECOM), 
Fort Monmouth, New Jersey 


b. Confidential Source Utilization: Five confidential sources 
were utilized during the period, 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


d. Useful Information Obtained: A source reported that a civilian 
employee &t Fort Monmouth was stealing US Government property. The 
information was passed to the Fort Monmouth CID for further investiga- 
tion. Another source reported that an employee in the ECOM Directorate 
of Research, Development, and Engineering was planning non-official 
travel to Finiand and the Soviet Union. Further details are being 
sought on the lead. A civilian physicist in the Electronics Technology 
and Devices Laboratory at ECOM received unsolicited correspondence from 
an organization calling itself the Arab Projects and Developmert, 
Beirut, Lebanon. The employee promptly notified the proper security 
authorities and requested permission to respond to the letter, He was 
granted permission by the US Army Materiel Command, answered the initial 
letter and received a reply in September 1974. Investigation to date 
has revealed Little information concerning Arab Projects and Development 
but the assets in the ICIP will continue to monitor future activity. 


e. Operational Status: In addition to the five confidential sources 
being contacted regularly in this ICIP, thirteen conventional sources 
provide additional coverage of ECOM target areas. Among four employees 
presently being assessed as possible sources, one has been dropped from 
further consideration due to refusal to cooperate in the progrem, ‘There 
are three remaining under active consideration. The PIO preserted the 
Quarterly Progress Briefing on 30 September 1974 to COL John Sanderson, 
Security Officer, ECOM, and ICIP Project Coordinator for ECOM, COL 
Sanderson indicated command satisfaction with the type of information 
and support rendered by this ICIP. 
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12, Q CENTURY SQUAD: (OACSI Approval - 3 Oct 73) 


a. Location: US Army Management Systems Support Agency (USAMSSA), 
The Pentagon, Washington, IC 


b, Confidential Source Utilization: One confidential source was 
utilized during the period. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d, Useful Information Obtained: None. 


e. Operational Status: Only one confidential source has been 
recruited to date in this operation. The PCO has been devoting most of 
the meeting periods to further training and testing of this source, 

In addition to training, the source is being tasked to provide names 

and leads for additional possible sources. Two other employees of the 
Operations Division, USAMSSA, are being evaluated as potential sources. 
The Quarterly Briefing of the supported command was presented by the 

PLO on 18 September 1974 to Mr. John R. Bjork, Security Manager, USAMSSA, 
The Director and his security staff continue to support the operation 
fully and have offered every assistance to aid in its development. 


oc 
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Au GONDOLA FLAG: (OACST Approval - 22 Apr 74} 


a. Location: US Army Electronic Proving Ground (USAPEG), Fort 
Huachuca, AZ 


v. Confidential Source Utilization: Not applicable. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


d. Useful Information Obtained: Additional investigative data on 
a prospective confidential source. 


e. Operational Status: The prospective source, located in the 
Electromagnetic Branch, USAEPG, is in the final stages of assessment 
and recruitment is expected during the next reporting period. Efforts 
to spot and recruit sources in this comparatively new ICIP were some- 
what hampered by the transfer of the PLO during the period. On 27 
September 1974, the PLO gave the Quarterly Progress Report to Mr. 
Henry O. Dupes, Director of Security, USAEPG, Ft Huachuca, AZ, who 
stated that the Commander, USAEPG, was satisfied with the progress of 
the ICIP to date. 
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(Ada. GONDOLA STAR: (OACSI Approval - 17 Feb 72) 
a. Location: Aberdeen Proving Ground (APG), MD 


b. Confidential Source Utilization: Eight confidential sources 
were used during the reporting period, 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


d, Useful Information Obtained: A report of an employee who 
travelled to Poland with his two sons triggered a request for an investi- 
gation by the supported command of the employee's foreign travel and 
extent of his foreign connections when it was learned that he plans to 
send his eldest son to Poland on some type of foreign exchange program, 
Another employee plamned travel to Czechoslovakia in Aug 74, but post- 
poned his trip to 1975 when he was hospitalized. The supported command 
does not desire an investigation immediately, but has requested con- 
tinued monitoring by the ICIP. A man and wife physicist team have had 
their access to classified information suspended while an investigation 
is conducted concerning their alleged loose moral conduct andabuse of 
alcohol, A confidential source reported that a cipher lock installed on 
a door to a Data Processing Office of the US Army Test and Evaluation 
Commend (TECOM), APG, had been altered so the door could be opened 
without using the combination, Investigation revealed that the lock 
had been installed and made operational to check for possible defects 
and subsequently disconnected. The lock was disconnected pending in- 
stallation of a telephone at the door for use by persons not having the 
combination in order to call for escort. The telephone has now been 
installed and the cipher lock has been re-connected, 


e. Operational Status: During the reporting period, limited 
progress was made in increasing ICIP support to the serviced activities 
since duties not directly related to the ICIP required the greatest 
portion of the PLO's time. One confidential source was terminated due 
to loss of placement and access, One confidential source with placement 
in Edgewood Arsenal was recruited. Three other potential sources are 
still under assessment. On 25 September 1974, COL Alvin D. Ungerleider, 
newly assigned Commander, APG, was given both the initial ICIP Briefing 
and the Quarterly Progress Briefing. Mr. Harry A. Mencke, Installation 
Intelligence Officer (IIO), APG, was present for both briefings. The 
PLO gave a Quarterly Progress Briefin on 26 September 1974 to COL Kenneth 
L. Stahl, Commander, Edgewood Arsenal, APG, and MAJ Walter W. Stansberry, 
Chief of Security, Edgewood Arsenal. 
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GONG SILK: (OACSI Approval - 16 Feb 72) 


&.. Location: Picatinny Arsenal (PA), Armament Command, US Army 
Materiel Command, Dover, NJ 


b. Confidential Source Utilization: Three confidential sources 
were used during the period. 


e. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


d, Useful Information Obtained: A source reported that a PA 
employee frequently used a substance which appeared to be a narcotic 
during duty hours, then left his work area to sleep in parked cars. 

The information was passed to the PA security officials with a recommen- 
dation that a limited investigation be conducted. Another PA employee 
of the Ammmition Development and Engineering Directorate (ADED) was 
reported to be under the care of a psychiatrist. Investigation re- 
vealed that the PA Civilian Personnel Office and the employee’s super- 
visors were aware of the problem. though the employee continues to 
have access to classified defense information, his workload has been 
significantly reduced and all of his activities at ADED are closely 
supervised. A confidential source reported that combinations on adja- 
cent security containers in the Nuclear Development and Engineering 
Directorate were set in numerical sequence, a practice in contravention 
of security regulations, Security officials were briefed on the weak- 
ness and have taken corrective action. 


e. Operational Status: A new PIO has assumed duties who has devoted 
much of his efforts acquiring area knowledge, establishing source rapport 
and acquiring on-the-job experience, Due to a personnel shortage, the 
PLO no longer is able to spend his full time with the supported command, 
but the commander of the Fort Hamilton Resident Office performs the PLO 
duty on a TDY basis. This will serve to make spotting and assessing 
of future sources difficult. On 20 September 1974, the PLO presented 
the Quarterly Progress Briefing to MAJ George Carpenter, Chief, Security 
Office, PA. MAJ Carpenter indicated during the briefing that the 
command was satisfied with the service provided by the ICIP. 
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16 Mes LANYARD MOOD: (OACSI Approval - 22 Dec 72) 


a, location: Defense Language Institute, East Coast (DLIEC), 
Anacostia Naval Annex, Washington, DC 


b. Confidential Source Utilization: None 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


d. Useful Information Obtained: Investigative data on a potential 
confidential source. 


e. Operational Status: As reported previously, DLIEC is being 
phased out during Fiscal Year 1975 in preparation for its move to DLIW, 
Presidio of Monterey, CA. For that reason, 2 concerted effort is not 
being made to recruit large numbers of sources, although at present 
one potential source is being assessed. The move to the Presidio of 
Monterey will be completed by 1 Jul 75. DLIEC security records have 
been shipped to DLIWC. The PLO presented the Quarterly Progress 
Briefing in the ICIP to CPT Richard W. Pederson, Security Officer, 
DLIEC, on 16 September 1974, The Commandant and the Security Manager | 
continue to provide cooperation and no problems exist at this time. 
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de LENIENT CLOUD: (OACSI Approval - 16 Feb 72) 
a. Location: US Army War College (USAWC), Carlisle Barracks, PA 


b. Confidential Source Utilization: Three confidential sources 
were used during the reporting period. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


d. Useful Information Obtained: Numerous reports were made on 
USAWC personnel during the period, primarily on suitability, but 
ranging from drug abuse to aberrant sexual activity. Five military 
policemen were apprehended for narcotics abuse; their security 
clearances were suspended and they were removed from sensitive duties. 
Of the total of 13 suitability cases reported during the period, 
security clearances were suspended for 6; investigations have been 
requested for 4; 1 individual was dismissed from USAWC; 1 has been 
reassigned, and the activities of the one remaining are being monitored. 
With the addition of the US Army Military History Research Collection 
to USAWC, both tne ICIP PIO and the Ft Ritchie Field Office personnel 
have provided security support and assistance in the form of a Counter- 
intelligence Survey and identification of security weaknesses and 
deficiencies, 


e, Operational Status: The PLO served as Acting USAWC Security 
Manager during a three-week absence of the incumbent and has now 
established at least one after duty hours CI inspection per week with 
the approval of COL D. T. Teberg, ICIP Coordinator. On 5 August 1974, l 
MG DeWitt C. Smith, Jr., Comandant, USAWC, was provided his initial | 
ICIP briefing. Following that briefing, MG Smith requested that he be 
briefed on significant developments of the operation at least monthly 
rather than quarterly. MG Smith was given a second briefing on 30 
Aug 7h. The PLO presented an initial ICÍP briefing to COL William M. 
ore Deputy Commanding Officer, Carlisle Barracks, on 3 September 
1974 
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18. LENS HOLDER: (OACSI Approval - 7 Aug 74) 
a. Location: White Sands Missile Range (WSMR), NM 
b. Confidential Source Utilization: Not applicable 


c. Inform&tion Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: Not applicable 


à. Useful Information Obtained: Initial spotting and assessment 
actions are taking place. 


e. Operational Status: During the processing of applicants for 
MI, the PLO has identified two potentiel sources for this ICIP, which 
is the most recently implemented operation. The ICIP PIO briefed MG 
Robert J. Proudfoot, Commanding General, WSMR, on the implementation 
of the ICIP on 16 September 1974, MG Proudfoot verbally approved the 
operation which had been requested by his predecessor, MG Sweeney. 
MG Proudfoot stated that he desired a progress briefing on the ICIP 
in two or three months. LTC Carl I. Davis, Chief of Security, WSMR; 
and Mr. William F, Arket, Chief, Intelligence Div, WSMR, also attended 

_ the briefing. 
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19. Ps LENTIL MONKEY:  (OACSI Approval - 26 Oct 71) 


a8. location: Defense Language Institute West Coast (DLIWC), 
Presidio of Monterey, CA 


b. Confidential Source Utilization: Nine confidential sources 
were utilized during the period. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


d. Useful Information Obtained: The Czech "Pen-Pal" incident and 
the visit of a Polish national with his brother, a DLIW instructor, 
reported in the last period, are still under investigation.  informa- 
tion concerning a new "pen-pal" relationship was reported, this one 
involved a US Air Force student. The airman exchanged several letters 
with a Polish citizen and sent him money for the purchase of Polish 
magazines. The Polish citizen commented in his letters that he believes 
the letters are being checked by Polish officials, since one was 
received in an opened condition. Information on this incident has been 
passed to the Air Force, Information surfaced that an instructor of 
the Polish Language Department has a radio transmitter at his residence 
is presently being investigated, Another report that unauthorized 
radio transmissions were being heard in the Fort Ord area is being 
evaluated by the National Security Agency (NSA). Two Soviet citizens, 
allegedly language instructors for the Soviet Government, visited DLIWC 
on a State Department sponsored trip. The State Department did not 
provide an escort and the visitors were able to visit the Russian 
language Department unescorted,. The DLIWC Security Officer has taken 
Steps to prevent & recurrence of this type of incident and especially 
to insure that all visitors are properly escorted. Suitability informa- 
tion concerning student personnel continued to be reported and was 
passed to the appropriate authorities. Information received from 
another government investigative agency and amplified by the ICIP 
sources indicates that the Arabic Trade Mission located in San Francisco 
is gathering data on DLIW Arabic students. During a class visit to 
the Arabic Trade Mission, DLIWC Arabic students were required to sign 
a guest register, listing their names and addresses. The reason for 
the register was allegedly so that additional printed information could 
be sent to the students, The students were also given anti-Israel 
propaganda, 


e. Operational Status: Five confidential sources were terminated 
during the period due to graduation. Reduction of case officer personnel 
on the project to one full-time and one part-time case officer may make 
it necessary to limit the number of confidential sources handled to five. 
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t present, four confidential sources are active; two potential 
sources, including one instructor, are under assessment. In the 
future, confidential sources will be recruited on a staggered basis, 
with no more than two sources recruited in any one quarter. This 
will prevent the loss of several sources at one time due to gradua- 
tion. The PLO presented the Quarterly Progress Report on 19 Sep 74 
to LTC Max Newman, Secretary, DLIWC; MAJ Richard Erickson, Security 
Officer, DLIWC; and CPT Edward N. Janecki, Commander, Fort Ord Field 
Office, 525th MI Group. LIC Newman eXpressed appreciation for 
information furnished through the project and reguested that briefing 
be planned for mid-October 1974 for the new incoming Director, DLIWC, 
COL Koenig. 


p EN 
Wee ost aie 


age 1/15 -ef3957 


* 
| 
- | 
| 
| 


—X————— 


i 
} 
f 
| 
I 
l 
i 
i} 
I 


Page 1/16 of 3957 
| 


DAMI-DOI-C 27 September 1974 


MEMORANDUM FOR THE RECORD 
SUBJECT: ICIP Briefing for Under Secretary of the Army (U) 


1, On 25 September 1974 MG Aaron briefed Mr. Herman Staudt, on the 
ICIP, Mr. Staudt expressed reservetions about eperational control within 


` the program and concern about the sudden rapid growth. Ee wanted assur- 


ances that the program was carefully monitored precluding the possibility 
for embarrassment. 


2 [ue General Aaron assigned the following tasks to USAINTA through 
Leslie Hime, the USAINTA representative at the meeting. 


a. Prepare all the operations plans for reviews; General Aaron will 
personally re-valídate each plan. 


b. Prepare source dossiers for review. General Aaron wants to be able 
to personally be assured that all sources are of such maturity and stability 
that they would not cause any embarrassment to the Army. 


3. j^ General Aaron will personally validate and approve all future 
operations plans and will assume command and control of the program. Only 
essential plans will be approved and permitted to continue. General Aaron 
did not consider the operation at the War College to be essential. 


å. (U) Operations plans and dossiers will be reviewed on 4 October 1974. 
Å 
4 
Whe 
RI “EBERSOLE 
Major, CS 
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ONTROL NUMBER 


OFFICE SYMBOL SUSPENSE 

a GNE 

Internal Counterintelligence Program (ICIP) Operations 
6 August 1974 

ACTION REGUIRED 


MEMORANDUM POR RECORD. (Describe briafly the requiramant, background and action taken or recommended. Must be sufficiently detailed to identify 
the action withomt recourse fo other sources. ) 


1. BACKGROUND: 


a. By memorandum, dated 8 February 1972 {ORANGE TAB B), the Under Secretary of 
the Army requested the Vice Chief of Staff (VCSA), US Army, provide quarterly reports 
on ali (ICIP) operations. 


b. This is the ninfth such quarterly report. 
e 

c. The quarterly report of current operations for the quarter ending 31 Maxch 

1974 is at (ORANGE TAB C). 


2o a y 7 


2. DISCUSSION: 


a. Inclosure l to ORANGE TAR A is a memorandum for the VCSA's signature forwarding 


the quarterly report to the Under Secretary of the Army. 


b. QBANGE TAB A forwards to the VCSA the memorandum and ICIP Quarterly Report. 


3. RECOMMENDATION: That the memorandum to the VCSA at ORANGE TAR A be approved and 
signed by the ACSI. 


(Continue on plain bond) 
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ACTION OFFICER ( Name, grade, phone ap 


d aigng4ure ) 
MAJ PIGNATO/77017/th r A H 
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DEPARTMENT OF THE ARMY 
OFFICE OF THE ASSISTANT CHIEF OF STAFF FOR INTELLIGENCE 
WASHINGTON, D.C. 20310 


REPLY TO 


atrentionor: DAMI-DOI-C 


$1 AUG 


MEMORANDUM FOR: VICE CHIEF OF STAFF, UNITED STATES ARMY 


SUBJECT: Internal Counterintelligence Program (ICIP) Operations 


t. Reference Under Secretary of the Army memorandum, dated 8 February 
1972, subject as above. 


2.. Recommend your approval and signature of the attached memorandum 
which transmits the report required by the cited reference. 


3. Coordination: None required. 


"d SM E NNI 


l Incl HAROLD R. AARON 
as Major General, GS 
ACofS for Intelligence 


oy Aub 4 


APPROVED + VOSA 


JETHROY 
LTC, 
Assistant to ibo Divastor 
of the Army S.H 


GAVIS 


Pe 


Reereded Uf ‘CLASSIFIED wnen 
sepatitcu from classified 


MAJ Pignato/77017 
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DAMI-DOI-C 


MEMORANDUM FOR: VICE CHIEF OF STAFF, UNITED STATES ARMY 


SUBJECT: Internal Counterintelligence Program (ICIP) Operations 


1. Reference Under Secretary of the Army memorandum, dated 8 February 
1972, subject as above. 


2. Recommend your approval and signature of the attached memorandum 
which transmita the report required by the cited reference, 


3. Coordination: None required. 


1 Incl HARCLD R. AARON 
as ' Major General, GS 
ACoES for Intelligence 
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MEMORANDUM FOR: UNDER SECRETARY OF THE ARMY 


SUBJECT: Internal Counterintelligence Program (ICIP) Operatíons (U) 


l. (U) Reference is mede to memorandum, Under Secretary of the Army, 
dated 8 February 1972, subject as above, 


2 Progress in the second quarter of CY 1974 in the ICIP was 
chafacterized by a sizeable increase in the number of Confidential Sources 
utilized in the various ICIPs. Thirty-six Confidential Sources have been 

recruited, an increase from 27 in the preceding quarter. One request for 

an ICIP was received during the period which requested ICIP coverage at 
the White Sands Missile Range, White Sands, New Mexico. Brief status re- 
ports are attached. 


3 As Army reorganization results in some shifts of facilities tc 
other locations, the consolidation of ICIP operations continves in the 
interest of more efficient management and administration. The ICIP 
LANDLESS TIME (U), which formerly supported the Philadelphia Facility 

of the US Army Electronics Command, has been consolidated with the ICIP 
CENTRAL TAXI (U), which supports Electronics Command at Fort Monmcuth, 
New Jersey. A similer revised plan is being written in which the ICIP 
CANAL LOOP (U) at Edgewood Arsenal, Maryland, will be combined with the 
Aberdeen Proving Ground ICIP GONDOLA STAR (U). Including these consoli- 
dations, there were 19 ICIP operations active at the close of the period. 
The White Sands Missile Range ICIP, for which implementation is expected 
early in the next quarter, will bring this total to 20, 


4 s As I mentioned to you ín my memorandum of 30 April 74, the 
primary value of ICIP operations is in their potential for early warning 
and detecting internal security weakness and security threats to the 
supported command.  Inasmuch as these operations are a form of intensified 
security watchfulness, negative reports ín themselves are frequently of 
value to a commander in planning for security requirements of a given 
installation or activity. m" 
REGRADED UNCLASSIFIED 
ON SEP -5 1997 RED 
PY CDR USAINSCOM F01/PO 
AUTH Para 1-603 DOD 5200.1R 
1 Incl FRED C. WEYAND 
as General, United States Army 

: Vice Chief of Staff 


— t7 31 December. 2004 
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DEPARTMENT OF THE ARMY 
HEADQUARTERS 
U. S. ARMY INTELLIGENCE AGENCY 
FORT MEADE, MARYLAND 20755 


MIIA-0P-O 


SUBJECT: Quarterly Reporting of Internal Counterintelligence Program 
(ICIP) Operations (U) 


HQDA (DAMI-DOI-C) 
WASH DC 20310 


1 (e Progress in the second quarter of CY 1974 in the ICIP was 
characterized by a sizeable increase in the number of Confidential 
Sources utilized in the various ICIPs, Thirty-six Confidential 
Sources have been recruited, an increase from 27 in the preceding 
quarter. One request for an ICJP was received during the period which 
requested ICIP coverage at the White Sands Missile Range, White Sands, 
New Mexico. 


2 (Xe As Army reorganization results in some shifts of facilities to 
other locations, the consolidation of ICIP operations continues in the 
interest of more efficient management and administration. The ICIP 
LANDLESS TIME (U), which formerly supported the Philadelphia Facility 
of the US Army Electronics Command, has been consolidated with the ICIP 
CENTRAL TAXI (U), which supports Electronics Command at Fort Monmouth, 
New Jersey. A similar revised plan is being written in which the ICIP 
CANAL LOOP (U) at Edgewood Arsenal, Maryland, will be combined with the 
Aberdeen Proving Ground ICIP GONDOLA STAR (U). Including these con- 
solidations, there were 19 ICIP operations active at the close of the 
period. The White Sands Missile Range ICIP, for which implementation is 
expected early in the next quarter, will bring this total to 20. 


3 (ues Significant progress in the operations at Sierra and Umatilla 
Army Depots is expected during the coming quarter. The Project Liaison 
Officer arrived at Sierra Army Depot on 19 June 1974. Two prospective 
sources, spotted during TDY trips to the installation by personnel 

from the San Francisco Field Office, are presently under assessment. 

A similar situation exists at the Umatilla Army Depot at Hermiston, Oregon. 
The Project Liaison Officer became operational at that facility on 

30 June 1974, at the close of the quarter.  TDY trips pending the 
assignment and arrival of the PLO have resulted in having 19 civilian 
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MIIA-OP-O 
SUBJECT: Quarterly Reporting of Internal Counterintelligence Program 
GCIP) Operations (U) 


employees of the Umatilla Depot under assessment as potential sources by 
the close of the reporting period. 


4. (U) Brief status reports for each of the active 19 ICIP operations 
are attached as inclosures, 


FOR THE COMMANDER: 


>? # kay 7" ** ow 


2 4 KG qe o 
fet ptc 

19 Incl EDWARD H. BORT 

as Colonel, MI 


Chief, Operations Division 
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1 (Ukey CANAL ROPE:  (OACSI Approval - 17 Dec 73) 


a. Location: Headquarters, US Army Communications Command and llth 
Signal Group, Fort Huachuca, AZ. 


b. Confidential Source Utilization: Not applicable. 


c. Information Obtzined Off-Post and/or Reported on Non-Affiliated 
Civilians: Not applicable. 


d. Usefui Information Obtained: Investigative data on potential 
sources, 


e. Operational Status: One confidential source was recruited in the 

| llth Signal Group Crypto Facility on 17 April 1974, and a second confidential 
: source was recruited in tne Communications Electronics Engineering 
Installation Agency (CEEIA), Heacquarters, US Army Communications Command 
(USACC), on 20 May 1-74. Two additional sources in USACC are under 
assessment for possible recruitment in the next quarter. One CIRL surfaced 
by the ICIP is under assessment for possible exploitation as an OFCO, 

The CANAL ROPE PLO bricfed Mr. R. H. Milligan, Office of the Assistant Chief 
of Staff for Intelligence and Security, USACC, on 28 May 74, on the status 
of the ICIP. Mr. Milligan stated that USACC was pleased with the support 
being provided by this ICIP. 
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2 US CANARY EFFORT: (OACSI Approval - 16 Feb 72) 


a. Location: Fort Ritchie, MD. 


b. Confidential Source Utilization: Three sources were used during the 
reporting period. 


c. Information Obtained Ofí-Post and/or Reported on Non-Affiliated 
Civilians: None, 


d, Useful Information Obtained: Information developed on 15 US Army 
personnel involved in drug abuse-related incidents was passed to the ICIP 
Coordinator. Adverse suitability inforustion developed on a soldier assigned v7 
to the Operations Company, Fort Ritchie. The soldier, whose clearance was 
suspended, was transferred to Kimbrough Army Hospital, Fort Meade, for 
psychiatric evaluation on 28 May 1974. Alleged moral misconduct on the part 
of a WAC was reported to the ICIP Coordinator. The supported command is 
monitoring the activities of the WAC to determine if an investigation is 
warranted. Information obtained on alleged threats against the lives of 
three Military Police investigators was provided the Fort Ritchie Commander 
and the ICIP Coordinator. The US Army Criminal Investigation Department 
Command (USACIDC) is conducting an investigation, 


€, Operational Status: In addition to the confidential sources used, 
three potential new sources are under assessment. Twenty-one conventional 
sources and thirteen liaison sources are contacted on a regular basis. The 
Quarterly Progress Briefing, scheduled for 15 June 1974, was postponed 
until July 1974 because the Fort Ritchie Commander was not available. 
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5. d CANARY STONE: (OACSI Approval - 18 Jul 73) 


a. Location: Dugway Proving Ground, UT. 
b. Confidential Source Utilization: Not applicable. 


c. Information Obtained Off-Post and/or Reported on Non-Affilicted 
Civilians: Not applicable. 


d. Useful Information Obtained: Investigative data on potential sources. 


e. Operational Status: Efforts continue to recruit confidential scurces; 
at present eleven individuals are being assessed. An initial recruitient 
approach was made to one prospect during the period, but due to personal 
circumstances of the individual, recruitment could not be accomplished. Two 
of the CIRLs have been processed to the point where recruitment cen be 
attempted in the next quarter. On 3 Jun 74, the PLO briefci COL Robert A. 

i Shade, Commander, Dugway Proving Ground, on the status of the operation. 

The briefing was also attended by COL Eric H. Vicler, Comsznder, 115th MI 
Group, LTC Henry F. Kale, Security Officer, Dugway Proving Ground, anc the 
SAIC, Fort Douglas Resident Office, 115th MI Group. COL Shace expressed his 


satisfaction with the progress of the ICIP. COL Shade retires on l Jui 74. 
LIC Andrew J. Armonstrong, who will serve as Acting Commander pending 


assignment of a new commander, will be briefed by LTC Kale cng the CATA 
STONE PLO on the ICIP early in the next quarter. 
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4. O CANINE PLATE: (OACSI Approval - 18 Sep 73) 


a. Location: Seneca Army Depot, Romulus, NY. 
b. Confidential Source Utilization: Not appiicable. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d. Useful Information Obtained: Investigative data on prospective 
sources. 


e. Operational Status: Two conventional sources were recruited during 
the period and were given security training and general EEI. Two additional 
individuals are being assessed as potential sources; both have access to the 
Directorate for Special Weapons. The PLO presented the Quarterly Progress 
Briefing to COL Allen H. Light, Jr., Commander, Seneca Army Depot,.on 21 
Jun 74. The Commander expressed his satisfaction with the progress of the 
ICIP and reiterated his previous desires that the ICIP be concucted in such 
a way to not cause any embarrassment to the Army, specifically, he has 
cautioned the PLO to exercise care in the recruitment of any sources used 
in the operation, He expressed his confidence in the conduct of the ICIP 


thus far. 
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5. A ARCH: (OACSI Approval - 12 Dec 73) 


a. Location: US Army Air Befense Center and Fort Bliss (USAADCENFB), TX. 
b. Confidential Source Utilization: Not applicable, 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: Not applicable. 


d. Useful Information Cbtained: Investigative data on potential sources. 


e. Operational Status: Three confidential sources were successfully 
recruited during the period. Two of the sources are in the Office of the 
Deputy Commandant for Combat and Training Developments and the third is in the 
Ballistic Missile Defense Department, both of which are on the prime targets 
list of the ICIP. An approach plan is being devised for a prospective source 
in the Emergency Operations Center. Two other individuals currently under 
assessment work in the Ballistic Missile Defense Department end the Tele- 
communications Center. The ICIP PLO briefed COL George M. Hamscher, Director 
of Security, USAADCENFB, on the status of CANTINA ARCii on 14 Jun 74. 

COL Haascher has indicated a keen interest in the progress of the ICIP and 
is satisfied with the successful recruitment of sources during this period. 
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CANVAS TAX: (OACSI Approval - 8 Mar 74) 


a. Location: Sierra Army Depot (SIAD), Herlong, CA. 
b. Confidential Source Utilization: Not applicable. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d. Useful Information Cbtained: Investigative data on prospective 
confidential sources. 


e. Operational Status: The project has been delayed in its initial 
stages due to non-availability of a Project Liaison Officer. Pending arrival 
of the PLO, San Francisco Field Office personnel established liaison with the 
Commander of SIAD and his staff and also initiated spotting and assessment 
actions for potential confidential sources. At present, two individuals are 
under assessment and preliminary investigations are being conducted on them. 
The PLO arrived on station on 19 Jun 74 and considerable operational progress 
is expected during the next quarter. : 
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B ROSTER: (OACSI Approval - 8 Mar 74) 


a. Locaticn: Umatilla Army Depot Activity, Hermiston, Oregon. 
b. Confidential Source Utilization: Not applicable. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d. Useful Information Obtained: Investigative data on potential 
conventional and confidential sources. 


e. Operatioral Status: Despite the absence of an established Resident 
Office at Umatilla or a PLO at the supported activity for the reporting 
period, considerable progress was made in establishing liaison contacts and 
spotting and assessing potential confidential sources. This has been 
accomplished by personnel fron the Fort Lewis Field Office performing TDY 
trips to the Umatilla Army Depot. At present nineteen civilian employees 
of the Depot are under assessment. One CIRL has been approved for recruitment 
and a Lead Development Report has been submitted on a second one. The 
Commander, Fort Lewis Field Office, contacted LTC Harold Echols, Commander, 
Umatilla Army Depot, on 11 Jun 74, to arrange for the first Quarterly 
Progress Briefing. The Comsancer stated he desired a briefing later after 
the new PLO had sufficient time to become established. The PLO became 
operational on 50 Jun 74. 
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8. CENSUS TIME: (OACSI Approval - 5 Feb 74) 
a. Location: Pentagon Telecommunications Center. 
b. Confidential Source Utilization: Not applicable. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: Not applicable. i 


d. Useful Information Obtained: Investigative data on prospective 
sources. 


e. Operational Status: One confidential source, assigned to the 
Operations Division, Pentagon Telecommunications Center (PIC), vas recruited 
during the reporting period. This source is being trained by the PCO and 
appears to have excellent potential for covering the target. Two other 
individuals, assigned es Communications Relay Operators, are being assessed 
as potential confidential sources. Recruitment of either one or both of 
these sources will improve thc coverage of the target area. The PTC Director 
is appreciative of the progress being made in the ICIP and his staff of 
security officials are completely cooperative. 
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9, CENTAUR RACE: (OACSI Approval - 30 Jul 73) 
a. Location: Ninth Infantry Division and Fort Lewis, WA. 


b. Confidential Source Utilization: Three confidential sources were 
utilized during the period. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d. Useful Information Obtained: A confidential source reported that a 
soldier assigned to the 9th AG Company, Fort Lewis, Washington, exhibited signs 
of affluence beyond the normal financial capacity of a soldier in his 
grade. A limited investigation is being conducted. No significant counter- 
intelligence information was developed during the period, and all indications 
are that anti-military/dissident activity has subsided to a low level, 


e. Operational Status: Spotting and assessment of potential sources 
continues to be emphasized in an effort to improve the ICIP coverage. Three 
confidential sources were recruited during this period. In addition to these, 
twenty conventional sources are used, as well as six official liaison sources. 
Nine individuals currently are under assessment for use as conventional or 
confidential sources. The Fort Lewis Field Office Commander presented a 
quarterly progress briefing on 21 Jun 74 to BG McFadden, Asst Division 
Comncnder, 9th infantry Division, Fort Lewis. COL Kenneth Koch, Chief of 
Staff, and LTC Roy Davis, AC of S, C2, 8th Inf Div, were also in attendance. 
The 9th Infantry Division Asst Commander and the AC of S, G2, are preparing 
to recommend to the Division Commander that CENTAUR RACE be terminated 
because of a lack of specific, identifiable targets. 
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eur CENTAUR SALE:  (OACSI Approval - 14 Dec 73) 


a. Location: US Army Mobility Equipment Research and Development 
Center, Fort Belvoir, VA. 


b. Confidential Source Utilization: Not applicable. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: Not applicable. 


d. Useful Information Obtained: Investigative data on prospective 
sources. 


e. Operational Status: Two conventional sources presently are being 
used in CENTAUR SALE who have access to al] target areas. Three other 
individuals are in various stages of assessment as potential sources; two 
of the prospects are in the Countermine/Counterintrusion Department, the 
third is in the System Engineering & Computer Support Office, Computer 
Division. The PLO provided the Quarterly Progress Briefing on the ICIP 
to Mr. Leslie L. Askew, Security Officer, US Army Mobility Equipment 
Research and Development Center (MERDC), on 6 Jun 74, During the briefing, 
Special Agent Shawn M. Sandlin was introduced to Mr. Askew as the New PLO 
for the operation effective 1 Jul 74. 
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il. e CENTAVO KID: (OACSJ Approval - 18 Oct 73) 
a. Location: Harry Diamond Laboratorics, Washington, D.C. 
b. Confidential Source Utilization: Not applicable. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: Not applicable. 


d. Useful Information Obtained: Investigative data on potential 
sources. 


€, Operational Status: A new PLO wes appointed effective 14 Jun 74 
due to the PCS of the present PLO. A series of thefts have occurred at the 
Adelphi, Maryland, Harry Diamond Laboratorics (HDL) facility. The PLO 
provided some assistance to the Security Office and the Federal Bureau of 
Investigation (FBI) during its investigation. The results of the FBI 
investigation of the prime suspect were negative and no further action has 
been taken. Two individuals who are employed in the ficilities are under 
assessment as potential confidential sources. The quarterly ICIP 
Progress Briefing was presented on 7 Jun 74 to the ICIP Coordinator and 
Security Officer, Mr, Alfred F, Schneder, and Mr. James H, Yeick, Asst 
Security Officer, HDL. The briefing was presented by the former PLO 
who introduced the new PLO to the HDL security staff at the time. 
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12. CENTRAL TAXI:  (OACSI Approval - 16 Feb 72) 


a. Location: Headquarters, US Army Electronics Command (ECOM), Fort 
Monmouth, New Jersey. 


b. Confidential Source Utilization: One additional source was recruited, 
bringing the total utilized to five. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d. Useful Information Obtained: 


(1) An ECOM civilian employee regularly engages in foreign travel. This 
information was brought to the attention of the ICIP Coordinator purely as 
a matter of interest since the employee is not in violation of existing 
regulations and none of the travel has been made to a Soviet bloc country. 


(2) Another ECOM employee was arrested on 3 May 74 on a federal 
misdemeanor for her part in alleged forgery of US Government checks by the 
US Secret Servicc in Newark, New Jersey. The federal authorities released 
the employee because of her cooperation and set bail at $1,000. The 
information was passed to the ICIP Coordinator who informed the Provost 
Marshal's O-fice and the CID. Removal of the individual's security 
clearance is pending. 


€. Operational Status: A revised Operations Plan was submitted during 
the period which consolidated ICIP LANDLESS TIME with CENTRAL TAXI. The 
consolidation resulted from the closing of the ECOM Philadelphia Facility 
and its subsequent transfer to ECOM, Fort Monmouth, NJ. A new PLO assumed duties 
in May 74. In addition to the five confidential sources used in the ICIP, 
ten conventional sources are being used, and one prospective sources is under 
assessment. Target coverage by conventional sources has been expanded to 
cover the Avionics Laboratory, Comptroller Office, and the Directorate of 
Procurement and Production. The Fort Monmouth Field Office Commander 
presented the Quarterly Progress Report Briefing to LTC Richard O. Aanot, 
Chief, Security Officer, ECOM, on 4 June 1974. LTC Aamot stated that he 
is most pleased with the continuing progress and effectiveness of CENTRAL 
TAXI and the security support being provided to ECOM by the ICIP. All 
priority targets are covered by conventional sources or by confidential 
sources. 
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13, W CENTURY SQUAD;  (OACSI Approval - 3 Oct 73) 


a. Location: US Army Management Systems Support Agency (USAMSSA), 
the Pentagon, Washington, D.C. 


b. Confidential Source Utilization: One confidential source was 
utilized during the period. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d. Useful Information Obtained: None. 


e. Operational Status: The confidential source has been provided with 
training instruction during tnis period. Source works during non-duty hours 
and surfaced no information of a counterintelligence interest during thc 
reporting period. Two additional individuals currently under assessment as 
prospective sources, are expected to be recruited during the next period. 
Both are in the Operations Division, USAMSSA; one is a Computer Operator, 
the other is a Computer Technician. Recruitment of either of these prospects 
wili provide coverage of the primary target during regular duty hours, 
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14. e GONDOLA FLAG:  (OACSI Approval - 22 Apr 74) 


a. Location: US Army Electronic Proving Ground (USAEPG), Fort 
Huachuca, AZ. 


b. Confidential Source Utilization: Not applicable. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d. Useful Information Obtained: Limited investigative data on a 
potential source. 


e. Operational Status: Initial implementation efforts in this ICIP 
to date have been expended in establishing liaison contacts at USAEPG and 
conducting spotting and assessments of individuals who have placement and 
access in one of the prime target areas. One employce in the Electromagnetic 
Branch, USAEPG, is currently under assessment. Acquisition of several 
conventional sources is expected in the next quarter. The Commander, 
USAEPG, COL E. D. Downing, was provided the implementation briefing on 
GONDOLA FLAG on 7 May 74. 
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l GONDOLA STAR:  (OACSI Approval - 17 Feb 72) 


Location: Aberdeen Proving Ground (APG), MD 


Confidential Source Utilization: Two sources were used during the 


reporting period. 


c. 


Information Obtained Off-Post and/or Reported on Non-Affiliatec 


Civilians: None. 
d, Useful Information Obtained; 
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(1) A confidential source reported the possibility that classified 
information may have been compromised by having been published in an 
unclassified publication. A follow-up report established that the 
information was not classified. 


(2) A conventional source reported that a civilian employee of the 


Behavioral Research Directorate, Human Engineering Laboratory (HEL), Aberdeen 


Proving Ground, had some foreign professional contacts made in the line of 
duty. No unusual activity was reported; however, the situation is being 
monitored for unusual activity or interests. 


(3) A confidential source surfaced the possibility that APG con- 
tractors were receiving unauthorized information pertaining to contracts 


e. Operational Status: 
assessment as potential new sources 


being processed by the APG Procurement Directorate. 
APG authorities disclosed that the information being disclosed was not only 
authorized, but it was in fact required to be disseminated by regulation. 


Subsequent checks with 


Three conventional sources are presently under 


to expand and improve the target coverage 


in this ICIP. 


the PLO has established several worthwhile contacts in the 


Ballistics Research Laboratory (BRL) and make the presence of MI better 
known in this key target facility. No basic change in priority for ICIP 
coverage occurred in this current quarter, but coverage of the US Arny 


Materiel Systems Analysis Agency (AMSAA) will receive greater emphasis in the 


next quarter. 
.Harry A. Mencke, 
- Quarterly Progress Briefing on GONDOLA STAR. 


On 20 Jun 74, COL Walter R. Harris, Commander, APG, and Mr. 
Installation Intelligence Officer (IIO), APG, were given the 
Both the APG Commander and the 


APG IIO expressed strong and continuing interest in the ICIP and pledged their 
full support and cooperation. 
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GONG SILK: (OACSI Approval - 16 Feb 72)  . 


a. Location: Picatinny Arsenal (PA), Dover, NJ. 


b. Confidential Source Utilization: Three confidential sources were 
used during the reporting period. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d. Useful Information Obtained: A confidential source reported 
suitability information concerning two PA employees who were allegedly 
emotionally unstable and had bad tempers. Security officials at PA took 
appropriate action following the incidents. Another source reported that 
two employees at PA were engaged in selling stolen merchandise. Initial 
information, in the form of hearsay, was too fragmentary; attempts are 
being made to obtain further details. As part of the effort to respond to 
EEI on Extremist Threat Against the US Army, PA Security Office records 
were examined to identify PA employees born in Arabian countries. 
Biographical data on four such employees was submitted in Agent Reports 
which were placed in appropriate dossiers of the individuals. The files 
search revealed nothing indicating connections with any known extremist 
activity. 


e. Operational Status: In addition to the three confidential sources, 
11 conventional sources are being met on a regular basis. Spotting anc 
assessing activities, held in abeyance during April and May until PA 
employees had received Reduction in Force (RIF) notices, has now been 
resumed. In the course of the RIF 418 positions were deleted, and 
1,700 employees were affected. The PA Security Office has been changing 
its manual document security procedures to the Controlled Accountable 
Document Inventory System (CADIS), a computerized systea of accountobility. 
The 109th MI Group Security Assistance Program representative and tne PLO 
provided considerable assistance to PA in its preparation for CADIS. On 
3 Jun 74, the Quarterly Progress Briefing was presented by the PLO to 
MAJ George A. Carpenter, Chief, Security Office, PA, and Mr. John R. 
Greffe, Asst Chief of the PA Security Office. 
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17. LANYARD MOOD: (OACSI Approval - 22 Dec 71). 


a. Location: Defense Language Institute, East Coast Branch (DLIEC), 
Anacostia Naval Annex, Washington, D.C. | 


-b. Confidential Source Utilization: None. Coverage is provided by 
conventional sources. 


! c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d. Useful Information Obtained: Local Agency Checks and additional 
biographic information was submitted on eight instructors of Arabic origin. 
The information is submitted in response to requirements of a USAINTC program 
concerning extremist threats against the Army. 


e. Operational Status: DLIEC will begin movement to the Presidio or 
Monterey, CA, in July 1974, Permanent instructors are being offered an 
| opportunity to relocate if they so desire; however, there has been no 
movement schedule established. Classes in session will continue at DLIEC 
| until they graduate, attenuating the move over the next year. The move will 
be completed by 1 Jui 75. Information pertaining to instructors of DLIEC 
| will be transferred to the PLO of the ICIP at DLikC as the instructors 
| transfer to the new location. On 3 Jun 74, the PLO briefed LTC Matthew T. 
| Hendrickson, Commandant, DLIEC, providing the Quarterly Progress Briering. 


No problems exist at this time and the Commandant expressed his 
satisfaction witu the ICIP. 


AEC 2, ue! ' 
de aD UNCLASSIFIED 
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N LENIENT CLOUD:  (OACSI Approval - 16 Feb 72) 
a. Location: US Army War College (USAWC), Carlisle Barracks, PA. 


b. Confidential Source Utilization; Three sources used during the 
reporting period. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d. Useful Information Obtained: The investigation concerning the 
financial activities of the captain reported during the last quarter has 
been completed except for a subject interview. The officer was assigned 
to less sensitive duties on 6 May 74 and will be transferred to Indiantown 
Gap Military Reservation in Jul 74. A limited investigation was conducted 
on a soldier assigned to Carlisle Barracks for reported use of narcotics. 


e. Operational Status: In addition to the threo confidential sources 
used in the operation, 35 conventional sources are contacted on a recurring 
basis. Target research provided to the Security Manager, USAVC, was 
sufficient justification for assignment of two full-time Militery Police 
sentinels in Root Hall, an aid toward accomplishing a completely restricted 
access to the USAKC. Research is continuing on the best ways of restricting 
movement within Root Hall, to include surveys of cicctronic and 
mechanical equipment. Use of such equipment and reconfiguration of Root 
Hali is planned for Fiscal Year 1975. The PLO assisted in the preparation 
of security directives relative to the USAWC Military Research Program 
(MRP) in which student officers travel to foreign countries to obtain 
information for their thesis. The PLO also coordinated with elements of 
the 902d MI Group concerning MRP travellers in respect to Army 
Regulation 3581-15, The PLO gave a Quarterly Progress Briefing to MG 
Franklin M. Davis, Jr., Commandant, USAWC, on 7 Jun 74. MG Davis indicated 
that he was very enthusiastic with the support received from LENIENT CLOUD 
and also that he expected the in-coming USAWC Commandant, MG Devitt Clinton . 
Smith, would be as receptive toward continuation of the ICIP. 
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19. LENTIL MONKEY: (OACSI Approval 26 Oct 71) 


a. Location: Defense Language Institute West Coast (DLIUC), 
Presidio of Monterey, CA. 


_b. Confidential Source Utilization: Nine sources were utilized during 
the period. ; 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d. Useful Information Obtained: A confidential source reported a 
May 74 incident involving an approach made to Czech language students on a 
picnic to engage in a pen-pal relationship with residents of Czechoslovoxia. 
Details of this latest incident and previous incidents are bcing further 
investigated by the 902d MI Group and coordinated with the Feucral Bureau 
of Investigation. An instructor in the Polish Language Department was 
visited by his brother, a Polish national, who also attended a picnic 
with students and instructors of the Polish Language Department. Further 
inquiries are underway with other Federal Agencies concerning the visitor. 
Verbal information given to the DLIWC Security Office concerning the 
homosexual activities of a student was uscd as a partial basis for 
separation action. Sources provided valuzbie background and biographic 
data on DLIWC instructors born in foreign countries which now have 
Communist Governments. This information is used to update target data 
files on instructors who might be potential targets of hostile 
intelligence. 


e. Operational Status: Eleven conventional sources are currently 
used in the ICIP. During the quarter, five confidential sources were 
recruited while four were terminated because of their graduation. Source 
Lead and Development Reports nave been preparec on two prospective 
sources and an additional seven new leads are undergoing initial 
investigation. The new recruitment efforts are being directed at Priority 
II Language Departments since present sources are located in Priority I 
language areas. The ICIP PLO presented the Quarterly Progress Briefing 
on 14 Jun 74 to COL John F. Hook, Commandant, DLIWC, MAJ Richard Erickson, 
Security Officer, DLINC, and Mr. James R. Green, Asst Security Officer, 
DLIWC. COL Hook expressed his appreciation for the briefing and stated 
that he believed the Operation was achieving its objectives and had 
improved the security posture of DLINC. ^ 


E 


N PASSED 
REGRADER UNOS 597. 


ON JE 
ANSCO« FORO 
RY CDR US D | 


AUTH Para 1-609 DO 


USA Lae Os ce 


a 


age 1741of 3957 l 


Page 1/42 of 3957 


TROL NUMBER 


ACTIC 4 T 


SU&RJECT : OFFICE SYMBOL 
DAMJI -DOI-5 


Internal Counterintelligence Program (ICIP) Operations ATE 


19 April 1974 


ACTION REQUIRED 
To obtain approval of the quarterly ICIP report. . 


MEMORANDUM FOR RECORD. (Describe briefly the requirement, background ond action taken or recommended. Must be sufficiently detailed to identify 


the action without recourse to other sources.) 
1. BACKGROUND: 
a. By memorandum, dated 8 February 1972 (QRANGE TAB B), the Under Secretary of 
the Army requested the Vice Chief of Staff (VCSA), US Army, provide quarterly reports 
on all (ICIP) operations. i 


b. This is the eighth such quarterly report. 


\ 
c. The quarterly report of current operations for the quarter ending 31 March 


1974 is at (ORANGE TAB C). 
2. DISCUSSION: 


a. Inclosure 1 to ORANGE TAB A is a memorandum for the VCSA!s signature forward- 
ing the quarterly report to the Under Secretary of the Army. 


b. ORANGE TAB A forwards to the VCSA the memorandum and ICIP Quarterly Report. 


3, RECOMMENDATION: That the memorandum to the VCSA at ORANGE TAB A be approved and 
signed by the ACSI. 


(Continue on pf ain bond) 


mreana TOE wee we D] e 


REGRACED 
WHEN SEPARATED FROM CLASSIFIED 
OOCUMENT 
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DEPARTMENT OF THE ARMY 
OFFICE OF ASSISTANT CHIEF OF STAFF FOR INTELLIGENCE 
WASHINGTON, D.C. 20310 


REPLY TO DAMI-DOI-S “6 APR is/4 


ATTENTION OF: 


MEMORANDUM FOR; VICE CHIEF OF STAFF, UNITED STATES ARMY 


SUBJECT: Internal Counterintelligence Program (ICIP) Operations 


l. Reference Under Secretary of the Army memorandum, dated 8 February 
1972, subject as above (Inclosure 2). 


| 2. Recommend your approval and signature of the memorandum at Inclo- 
sure l which transmits the report required by the cited reference. 


Wi. une 


2 Incl HAROLD R. AARON | 
as Major General, GS i 
AGofS for Intelligence 


| 3. Coordination: None required. 


90 APR 1974 


APPROVED » VCSA 


. jot PL IT 

£s. MICHAEL F. SPAGELMIRE 

l Major, CS me 
Assistant Secretary : 


the General Star 


wea yt 1 a 
Regreded UNCLASSIFIED when 
separsted from classified ens 


óncdosues. - . 


vet 
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JEPARTMENT OF THE ARMY 
OFFICE OF THE CHIEF OF STAFF 
WASHINGTON, D.C. 20310 


30 April 1974 


MEMORANDUM FOR: UNDER SECRETARY OF THE ARMY 


SUBJECT: Internal Counterintelligence Program (ICIP) Operations (U) 


l. Beference is made to memorandum, Under Secretary of the Army, 
dated 8 February 1972, subject as above. 


AU The seventeen Internal Counterintelligence Program (ICIP) 
Operations reported by memorandum to you last quarter remain active. 
Three new operations submitted during the quarter covered by this 
report have been reviewed at DA and approved for implementation. The 
list of current operations and narrative summary for the quarter end- 
ing 31 March 1974 are attached. Adjustments to ICIP operations will 
be made in the next quarterly report to conform with Army reorganiza- 
tion. 


3. in The primary value of ICIP operations is in their potential 
for early warning and detecting internal security weakness and security 
threats to the supported command.  Inasmuch as these operations are 

a form of intensified security watchfulness, negative reports in them- 
selves ate frequently of value to a commander in planning for security 
requirements of a given installation or activity. 


2 Incl 
as ac j ed States Army 
epi V hi S 
roe SSL ice Chief of Staff 
b f Q^ 
OQ LI 
on -609 
gy G paa s 
Classified by______..DAMI-DO 
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CURRENT ICIP OPERATIONS 
ICIP CONVENTIONAL CONFIDENT Lal 
| LOCATION NICKNAME DATE APPROVED SOURCES SOURCES 
| 
| Edgewood Arsenal, CANAL LOOP 16 Feb 72 0. 5 
| Maryland 
{ 
! Fort Huachuca, CANAL ROPE 17 Dec 73 0 C 
Arizona ` 
| 
Fort Ritchie, CANARY EFFORT 16 Feb 72 18 3 
Maryland 
| Dugway Proving Ground, CaNaRY STONE 18 Jul 73 © 0 
i Utah 
Seneca Army Depot, CANINE PLATE 18 Sep 73 6] 0 
New York 
Fort Bliss, CANTINA ARCU 12 Dec 73 0 0 
Texas 
Sierre Army Depot, CaNVaS TAX 8 Mar 74 0 0 
Eerlong, CA 
Umatilla Army Depot, CANYON ROSTER B Mar 74 0 0 
Hermiston, OR 
Telecom Center, CENSUS TIME 5 Feb 74 Q o 
Pentagon 
Fort Lewis, CENTAUR RACE 356 Jui 73 26 0 


Washington 


Fort Belvoir, 
Virginia 


Harry Diamond Lab, 
Washington, DC 


Fort Monmouth, 
New Jersey 


CENTAUR SALE 


CENTAVO KID 


CENTRAL TAXI 


14 Dec 73 
18 Oct 73 


16 Feb 72 


vli 


EI 
EG. 


'REGRADED UNCLASSIFIED 
ON SEP.-5 1997, 
RY CDR USAINSCOM F01/PO 
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PAT sneer 
toss add 1 


M9 
--—— XL 


Page 1/46 of 3957 


CURRENT ICIP OPERATIONS (cont) 


ICIP CONVENTIONAL CONFIDENTIAI 

LOCATION NICKNAME DATE APPROVED SOURCES SOURCES 

Mgmt Sys Spt Agency, CENTURY SQUAD 3 Oct 73 G 1 
Pentagon 

Aberdeen Proving Grounds, GONDOLA STAR 16 Feb 72 0 2 
Maryland 

Picatinny Arsenal, GONG SILK 16 Feb 72 Ll 2 
New Jersey 

Electronics Command, LANDLESS TIME 19 Jan 72 HE 1 
Philadelphia, Pa 

Defense Language Institute LaNYsRD MOOD 22 Dec 71 1 0 
Washington, DC 

Army War College, LENIENT CLOUD 16 Feb 72 2 4 
Carlisle Barracks, P: 

Defense Language Institute “LENTIL MONKEY 26 Oct 71 il 4 
Presidio of Monterey, Ga 

TOTALS 20 20 78 26 


* Conventional sources are those on-post sources which are met overtly and from which 
information of a counterintelligence nature is elicited. 
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ICIP Narrative Summary 


There were no instances in which information on non-affiliated civilians 
was collected off post. 


Progress in the development of information of counterintelligence value 
is slow, All significant reporting during the quarter has come about 
through the use of confidential sources with critical placement and 
access; however, to date, only 10 of the 20 ICIPs have confidential 
sources of information. Guidance has been provided the Intelligence 
field units to upgrade their efforts in the recruitment of confidential 
sources. The USAINTC has placed increased efforts on the use of conven- 
tional source contact by the Army counterintelligence units servicing in- 
stallations not employing formal ICIPs, This effort may provide indica- 
tions that such ICIP operations are warranted on the posts or installations, 
Emphasis on acquiring such conventional installation sources has been 
placed at Forts Rucker, Sheridan, Sill, Polk, Sam Houston, and McClellan. 


Information of counterintelligence value developed during the lst quarter 
of CY 74 came from six of the 20 counterintelligence programs in operation. 
The significant information was concerned primarily with adverse suita- 
bility and weaknesses in security practices. Typical of the information 
developed is that uncovered in the following two operations. Operation 
CANARY EFFORT developed information of adverse suitability on an Army 
captain, who eventually offered to resign from the Army and similar in- 
formation on a Military Police investigator who subsequently was reassigned 
less sensitive duties. Adverse suitability information considered of lesser 
significance was reported on 17 other individuals assigned to the Communica- 
tions Command, Ft. Ritichie, Md. Thirteen of these US Army personnel were 
involved in drug related activity. Operation CENTRAL TAXI revealed infor- 
mation concerning a highly placed employee in contact with foreign export 
companies, some of which are located within the Soviet Bloc. Poor security 
practices in several other instances at the Electronics Command have been 
brought to the attention of the Chief of Security, Ft. Monmouth. 


Progress has been made in simplifying the procedural steps which must be 
followed to implement an ICIP operation. The establishment of an umbrella 
or basic OPLAN which precludes the preparation of lengthy separate plans 
at the unit level was approved by OACSI. This action was considered ap- 
propriate as all ICIP plans have sufficient common elements to permit 
utilization of a single basic plan. Operations plans will, in the future, 
be "fleshed out" by appropriate detailed annexes, This procedural change 
will significantly reduce the time from requestor to the time when the 
approved plan can be implemented. 


The Army reorganization has caused two ICIPs to be combined with existing 
ICIPs. At the end of the reporting period, there was a total of 20 opera- 


‘tions including one pending approval. it is planned that two additional 


241 
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ICIP plans will be submitted for approval during the second quarter 1974. 


Supported commanders continue to express their support for the program 
and their satisfaction with the results. The ICIP operations will be 
continued for their original stated purposes. 
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LOCATION 


Edgewood Arsenal, 
Maryland 


Fort Huachuca, 
Arizona 


Fort Ritchie, 
Maryland 


Dugway Proving Ground, 
Utah 


Seneca Army Depot, 
New York 


Fort Bliss, 
Texas 


Sierra Army Depot, 
Herlong, CA 


Umatilla Army Depot, 
Hermiston, OR 


Telecom Center, 
Pentagon 


Fort Lewis, 
Washington 


Fort Belvoir, 
Virginia 


Harry Diamond Lab, 
Washington, DC 


Fort Monmouth, 
New Jersey 


SCHEDULE 


CURRENT ICIP GPERATIONS 


ICIP 
NICKNAME 

CANAL LOOP 
CANAL ROPE 
CANARY EFFORT 
CANARY STONE 
CANINE PLATE 
CANTINA ARCH 
CANVAS TAX 
CANYON ROSTER 
CENSUS TIME 
CENTAUR RACE 
CENTAUR SALE 


CENTAVO KID 


CENTRAL TAXI 
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CONF IDENTI 


*CONVENTIONAL 
DATE APPROVED SOURCES SOURCES 
16 Feb 72 i6 5 
17 Dec 73 0 0 
16 Feb 72 18 3 
18 Jul 73 0 0 
18 Sep 73 0 0 
12 Dec 73 0 G 
8 Mar 74 0 0 
8 Mar 74 0 0 
5 Feb 74 0 0 
30 Jul 73 26 0 
14 Dec 73 0 0 
18 Oct 73 0 0 
l6 Feb 72 9 4 
REG 
Oy BADER trey a 

BY Co yee ge 

AUTH ps Alae 139) 
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CURRENT ICIP OPERATIONS (cont) 


ICIP CONVENTI ONAL CONFIDENTIZ 
LOCATION NICKNAME DATE APPROVED SOURCES SOURCES 
Mgmt Sys Spt Agency, CENTURY SQUAD 3 Oct 73 0 1 
Pentagon 
Aberdeen Proving Grounds, GONDOLA STAR 16 Feb 72 0 2 
Maryland 
Picatinny Arsenal, GONG SILK 16 Feb 72 1i 2 
New Jersey 
Electronics Command, LANDLESS TIME 19 Jan 72 0 ED! 
Philadelphia, PA 
Defense Language Institute  LANYARD MOOD 22 Dec 71 L l 0 
Washingtor, DC 
Army War College, LENIENT CLOUD 16 Feb 72 2 4 
Carlisle Barracks, PA 
Defense Language Institute LENTIL MONKEY 26 Oct 71 ll 4 
Presidio of Monterey, CA 


TOTALS 20 20 78 26 


* Conventional sources are those on-post sources which are met overtly and from which 
information of a counterintelligence nature is elicited. 
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ICIP Narrative Summary 


There were no instances in which information on non-affiliated civilians 
was collected off post. 


Progress ín the development of information of counterintelligence value 
is slow, Alli significant reporting during the quarter has come about 
through the use of confidential sources with critical placement and 
access; however, to date, only 10 of the 20 ICIPs have confidential 
Sources of information. Guidance has been provided the Intelligence 
field units to upgrade their efforts in the recruitment of confidential 
sources. The USAINTC has placed increased efforts on the use of conven- 
tional source contact by the Army counterintelligence units servicing in- 
stallations not employing formal ICIPs. This effort may provide indica- 
tions that such ICIP operations are warranted on the posts or installations. 
Emphasis on acquiring such conventional installation sources has been 
placed at Forts Rucker, Sheridan, Sill, Polk, Sam Houston, and McClellan. 


Information of counterintelligence value developed during the lst quarter 
of CY 74 came from six of the 20 counterintelligence programs in operation. 
The significant information was concerned primarily with adverse suita- 
bility and weaknesses in security practices. Typical of the information 
developed is that uncovered in the following two operations.- Operation 
CANARY EFFORT developed information of adverse suitability on an Army 
captain, who eventually offered to resign from the Army and similar in- 
formation on a Military Police investigator who subsequently was reassigned 
less sensitive duties. Adverse suitability information considered of lesser 
significance was reported on 17 other individuals assigned to the Communica- 
tions Command, Ft, Ritichie, Md. Thirteen of these US Army personnel were 
involved in drug related activity. Operation CENTRAL TAXI revealed infor- 
mation concerning a highly placed employee in contact with foreign export 
companies, some of which are located within the Soviet Bloc. Poor security 
practices in several other instances at the Electronics Command have been 
brought to the attention of the Chief of Security, Ft. Monmouth. 


Progress has been made in simplifying the procedural steps which must be 
followed to implement an ICIP operation, The establishment of an umbrella 
or basic OPLAN which precludes the preparation of lengthy separate plans 
at the unit level was approved by OACSI. This action was considered ap- 
propriate as all ICIP plans have sufficient common elements to permit 
utilization of a single basic plan, Operations plans will, in the future, 
be "fleshed out" by appropriate detailed annexes. This procedural change 
will significantly reduce the time from requestor to the time when the 
approved plan can be implemented. 


The Army reorganization has caused two ICIPs to be combined with existing 
WICIPs. At the end of the reporting period, there was a total of 20 opera- 
‘tions including one pending approval. It is planned that two additional 
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ICIP plans will be submitted for approval during the second quarter 1974, 


Supported commanders continue to express their support for the program 
and their satisfaction with the results. The ICIP operations will be 
continued for their original stated purposes. 
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PARTMENT OF THE ARMY 


HEADQUARTERS 
U S ARMY INTELLIGENCE COMMAND 
FORT MEADE MARYLAND 20785 jv Erb iss 


Quarterly Reporting of Internal Counterintelligence 
Program (ICIP) Operations (U) 


HQDA (DAMI-DOI-S) Oy Se, 
WASH DC 20310 Bye MEP. ip Lass. 
^1 d 2 199 Eg 
A-- ESAN D 
i$ 7-359 "Of p 
3 Do» D Un 
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(w 06. 
35 Soy” Progress in the ICIP continued during the first quarter of 
CY 1674. The accession rate dropped from six requests in the previous 
quarter to three for the reported quarter. However, additional requests 
are anticipated during the next reporting period. In addition, Installa- 
tion Source Programs are being established at appropriate locations and 
may result in changes to JCIP operations if significant information is 
developed, These operations have. been established at Forts Rucker, 
Sheridan, Polk, Sill, Sam Houston and McClellan, 


2. Much of the credit for the significant information developed 
can be attributed to the increased use of Conventional Sources to 
supplement the coverage provided by Confidential Sources. A large per- 
centage of the sources mentioned &s being under assessment in the inclo- 
Sures will be initially recruited as Conventional Sources controlled by 
the Project Liaison Officers. When their training has progressed to the 
point where their reliability is established and their production becomes 
substantial, they can be transferred to confidential status under the 
control of Project Case Officers. This approach is expected to increase | 
the quantity and quality of production in established operations, A 
monthly operational status report system was initiated during the quarter 
which will provide a continuing overview to insure that each operation 

is productive in relation to the manhours and funds expended and is not 
. 4 continued merely for the sake of having an operation on the books. 


36 Difficulties are being experienced in the implementation of the 
approved operations at Sierra and Umatilla Army Depots. Their isolated 
locations require that a Project Liaison Officer be stationed at each. 
Two volunteer CWOs were found among the assets of the 115th MI Group, but 
OPO disapproved their contemplated assignment because both were nearing 
20 years service and were not to be retained on duty. Emergency requi- 
sitions are at MI Branch, and a candidate for Sierra has been nominated 


Classified by ......... CT IU aS 
EXEMPT FROM GENERAL DEC! AFTIFICATION 
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ICDO-OP 
SUBJECT: Quartérly Reporting of Internal Counterintelligence 
Program (ICIP) Operations (U) 


to arrive o/a 15 June 1974. The status of the Umatilla fill is not 
known. In the meantime, the MI presence is manifested by regular TDY 
visits to each installation. Individual inclosures were therefore 
not prepared on these installations. 


m The inclosures on CANAL LOOP and LANDLESS TIME are submitted 
for'the last time. These operations are being absorbed into GONDOLA 

STAR and CENTRAL TAXI as a result tfo; Army reorganization. In the case 

of CANAL JOOP, administration and management will be simplified. At 

the end of the reporting period, there was a net gain of two for a 

total of 19 operations, inciuding the Electronic Proving Ground, Fort 
Huachuca, which is pending approval. There are two known gains during 

the second quarter of CY 74, not including any operations which will be 
generated as a result of the proposed letter by the CG, US Army Communi- 
cations Command - CONUS, which is addressed in the CANARY EFFORT inclosure. 


FOR THE COMMANDER: 


tS ue T n "es E H 
. i 74 ` - 
18 Incl JESSE D. JOY, JR. 
as 47^; Colonel, GS 


7° * Deputy Chief of Staff, Operations 


e ff 
4 A Fu Ses Chan 
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m CANAL BOOP: (OACSI Approval - 16 Feb 72) 
a. Location: Edgewood Arsenal, Edgewood, MD 


b. Confidential Source Utilization: Five sources were utilized 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-Affiliated 
Civilians: None 


d. Useful Information Obtained: Sources provided additional leads 


EE NN USAR officer, which will be utilized in the 
limited investigation now underway. 


e. Operational Status: Three additional sources are under assess- 
ment, and emphasis was placed on increasing contact with official sources 
during the reporting period. A study of targets covered under this opera- 
tion was made by the Installation Intelligence Officer, Aberdeen Proving 
Ground, the Chief of Security, Edgewood, and the Project Liaison Officer. 
It was agreed that all current targets have the highest priority under 
the ICIP, A reviewed OPLAN is being prepared to consolidate the opera- 
tions at Edgewood and Aberdeen. This will relieve the administrative 
burden of reporting on two separate operations, and is logical since 
the two posts are considered as a single entity. 
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2. CANAL ROPE: (OACSI Approval - 17 Dec 73) 


a. Location: Headquarters, US Army Communications Command and 
lith Signal Group, Ft Huachuca, AZ 


b. Confidential Source Utilization: Not applicable 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: Not applicable 


d. Useful Information Obtained: investigative data on potential 
sources. 


e. Operational Status: The recruitment of two sources in the llth 
Signal Gp Crypto Facility, the primary concern of the ACofS, Intelli- 
gence and Security, will be accomplished upon the receipt of NAC results. 
A source is under assessment in the Communications-zlectronies Engineers 
ing Installation Agency. COL Vega, the ACofS, IS, is pleased with the 
support rendered to date. 
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3. ` CANARY EFFORT: (OACSI Approval - 16 Feb 72) 
a, Location: Fort Ritchie, MD 


b. Confidential Source Utilization: Three sources were used 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d, Useful Information Obtained: Adverse suitability information 
was developed on a Military Police investigator and resulted in his 
relief from investigative duties and assignment to less sensitive duties. 
A request for an investigation was forwarded to JSAINTC, Similar infor- 
mation was developed on a US Army Captain being considered for sensitive 
duties in the Alternate Joint Communications Center (AJCC). Prior to 
the submission of a request for investigation to USAINTC, the officer 
became involved with law enforcement agencies and, after counseling, 
offered to resign from the Army. Information on drug abuse related 
incidents involving 13 US Army personnel was developed, and passed to the 
ICIP Coordinator. This is a decrease in the number of incidents from 
the previous quarter, and the Post Commander and ICIP Coordinator credit 
the ICIP operation and increased liaison between the Project Liaison 
Officer and the Provost Marshal with contributing to the decrease, 

The CG and C/S of US Army Communications Command-CONUS were also given 
an ICIP briefing during the period. BG Redman advised that he had been 
made aware of the achievements of the ICIP at Fort Ritchie and was 
planning to request coverage of sensitive installations within his 
command. Additional details are contained in the attached Quarterly 
Progress Report (ANNEX A). 


e. Operational Status: In addition to the Confidential Sources, 
contazt was maintained with 18 casual and nine liaison sources during 
the period. The favorable attitude of the Commander and the ICIP 
Coordinator are reflected in attachment. 
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CPARTHENT OF THE ARMY 
Fort Ritcnie Field Office 
109th Military Intelliaence Group 
Fort Ritchie, faryland 21719 


ICGP-B-FR | 29 ftlarch 1974 
QUARTERLY PROGRESS REPORT NUMBER 2_ 
Period January 1974 thru March 1974 
"WARNING NOTICE: SENSITIVE SOURCES AND METHODS INVOLVED" 
SUBJECT: Operation CANARY EFFORT {U) 
(i CIRCUMSTANCES : 


a. On 25 February 1974, the US Army Intelliaence Command (l'SAINTC) 
Internal Counterintelliaence Procram (ICIP) Briefina was presented to 
5G Albert Redman, Jr., Commander, US Army Communications Command - CONUS 
and Mr. Kenneth L. Alexander, DAC, GS-14, Chief of Staff, US Aray 
Communications Command - CONUS, Fort Pitchie. The aforementioned brief- 
ina, presented by the Project Liaison %fficer (PLO), Operation CANARY 
EFFORT, was enthusiastically received by BG Redman and Mr, Alexander. 
Both BG Redman and Mr. Alexander were knowledgeable that an ICIP was 
in effect at Fort Ritchie and indicated that the ICIP had received 
many laudable comments. BS Redman indicated a desire to have the 
ICIP program expanded to include sensitive installations within his 
command. The following personnel were in attendance at the aforementioned 
briefina: 


BG Albert Redman, Jr., Commander, US Army Communications 
Command - CONUS, Fort Ritchie. 


Mr. Kenneth L, Alexander, DAC, GS-14, Chief of Staff, US Army 
Communications Command - CONUS, Fort Ritchie. 


Mr. Joseph J. Carroll, DAC, GS-14, Assistant Chief of Staff, 
Intelliaence and Security, US Army Communications Command - CONUS and 
Headquarters, Fort Ritchie. 


MAJ Robert L. Brooks, MI, Commander, Fort Ritchie Field Office, 
109th Military Intelligence Group, Fort Pitchie, 


b. A formal briefing, per se, was not presented durina the 
reporting period of 15 October 1973 to 15 December 1973. The Quarterly 
Progress Briefing presented on 29 March 1974, included the aforementioned 
period as well as the period of January 1974 thru March 1974. The 
Quarterly Progress Briefing was presented on 29 "arch 1974 at the 
request of COL James A, Mannina, Commander, Fort Ritchie, as CAI Mannina 
felt the briefing should be presented at the end of the reporting period 
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ICGP-BR-FR 
SUBJECT: Nperation CANARY EFFORT (U) 29 March 1974 


as opposed to 35 March 1974, as stipulated by existing USAINTC 
reaulations. Althouch the formal briefina was presented on 29 March 
1974, continual/constant liaison was maintained with appropriate 
individuals briefed on the ICIP prior to the forma} briefing. The 
following briefed nersonnel were present on 29 March 1974, at which time 
the Quarterly Progress Briefina was presented; 


COL James A. Manning,[ be ] Armor, Commander, Fort 


. COL Harold G. de Moya,[ b6 ^ |] Infantry, Deputy Commander, 
Fort Ritchie. 


LTC Arlyn R, Madsen, b6 ^ ]Sianal Corps, Nirector, 


Telecommunications Directorate, Fort Ritchie. 


Pitchie. 


Mr. Joseph J. Carroll, DAC, GS-14, Assistant Chief of Staff, 
Intelligence and Security, US Army Communications Command - CONUS and 
Headquarters, Fort Ritchie. Mr. Carroll is the ICIP Coordinator, 
Operation CANARY EFFORT. 


Ae » ECAPITULATION OF OPERATIONAL PSOGPESS DURING THE PERIOD: 


a. Durina réporting period, Spottina and ^ssessment for 
Confidential Sources with placement and access continued. 


b. Daily liaison was maintained with the Assistant Chief of 
Staff, Intelligence and Security, US Army Communications Command - 
CONUS and Headquarters, Fort Ritchie and/or a briefed member of 
the aforementioned office. 


c. Periodic, if not daily, liaison vas maintained with 
16 individuals assigned key positions within the Fort Ritchie 
military community.  Aforementioned individuals, considered 
Casual/Official Sources,include the Director, Telecommunications 
Directorate, the Provost Marshal, Military Police Investigations, 
Company Conmanders, and other appropriate personnel. 


d. Periodic/continual liaison was maintained with appropriate 
federal, state and local agencies. 


e. During reporting period a total of 3] Agent Reports were 
submitted concernina 19 individuals assigned to Fort Ritchie occupying 
either sensitive positions and/or havina security clearances. The 
aforementioned Agent Reports forwarded adverse suitability 
information. 
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ICGP-B-FR 
SUSJECT: Operation CANARY EFFORT (U) 29 March 1974 


f. On 4 January 1974, a draft letter was prepared for the 
Assistant Chief of Staff, Intelliaence and Security, US Army 
Communications Command - CONUS and Headauarters, Fort Bitchie, to 
be used by the aforementioned individual/office in requesting 
expansion of the ICIP within the US Army Communications Cormand - 
CONUS. The aforementioned letter (draft) was well received and 
approoriate staffing was initiated. On 26 March 1974, COL Antonio 
Veaa, GS, Assistant Chief of Staff, Intelligence and Security, 

US Army Communications Command, Fort Huachuca, Arizona, discussed 
proposed ICIP expansion with Mr. Carroll and indicated strona 

interest in the proposal. COL Veca reportedly informed Mr. Carroll 
that the letter from Fort Pitchie would be enthusiasticelly 

received at Fort Huachuca and that COL Veaa would recommend that 

the request for ICIP expansion be approved and forwarded, in the 

form of a formal request, to the Office of the Assistant Chief of Staff 
for Intelligence, Department of the Army. “Mr. Carroll indicated to 
undersianed PL" that the aforementioned letter would leave Fort 

Ritchie by 8 April 1974. 


. Upon termination of the Quarterly Progress Briefing, 29 
March 1974, COL Manning and tir. Carrol] expressed their apnreciation 
and enthusiasm for the ICIP at Fort Ritchie. Comments for accomplishments 
rendered during the reporting period were laudatory, to say the least. 
COL Manning indicated his desire to continue the ICIP at Fort 
Ritchie as he believed it's contribution toward enhancing the 
security posture of Fort Ritchie and the Alternate Joint Communications 
Center (AJCC) was invaluable. Both COL Hlannina and Nr. Carroll desired 
that the existing ICIP at Fort Ritchie continue "uninterrupted" despite 
any reorganizational changes anticipated by USAINTC. | Mr. Carroll 
stated that he did not desire to see any personnel chanaes in as far as 
the PLO was concerned as he was "immensilv satisfied" with the 
present PLO both professionally and personally. Mr. Carroll added, 
that for the first time since his assiannent to Fort Ritchie in 
1971, he was totally satisfied with the ICIP in it's entirety. 


h. COL Manning and Mr. Carroll further expressed their appreciation 
of SAEDA briefinas presented to a total of 583 personnel, both military 
and civilian, on 28 March 1974, by the PLO. 


3. SIGNIFICANT COUNTERINTELLIGENCE IMFORMATION DEVELOPED: 


a. As previously stated, a total of 31 Agent Beports (DA Form 341) 
were submitted concerning 19 individuals, US Army personnel, assiqned to 
the US Army Communications Command - CONUS and Fort "itchie, Afore- 
mentioned Anent Reports, submitted by the PLO, forwarded adverse 
suitability information, Of the aforementioned 3] Agent Reports, a total 
of 15 Agent Reports were submitted concerning 13 US Army personnel 
involved in drug abuse related incidents. A total of 17 Agent ®eports 
concerning five US Army personnel were submitted in reuard to adverse 
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ICGP-B-FR 
SUBJECT: Gneration CANARY EFFORT (U) 29 March 1974 


b. On 4 February 1974, PLO was notified of an alleged threat 
on the life of tae Commander, 572d Military Police Company (Security), 
Fort Ritchie. The threat, in form of an elleaed $10,000 "contract", 
was alleaedlv sponsored by either De Mau Mau or the Black Liberation 
Army. Contact was effected with eppropriate military end civilian 
agencies and reported information was forwarded in form of a Spot 
Report as well as a follow-up Acent Report. Both COL Manning and 
Mr, Carroll expressed appreciation for the timely and effective manner 
in which the aforementioned incident was handled by the PLO. 


c. In yet another case, adverse suitability information was 
surfaced concerning a former Military Police Investiaator assiqned 
to Fort Pitchie. The aforementioned individual was relieved of MPI 
duties and assiqned less sensitive duties. Adverse suitability 
information was aleaned from official records and Official Sources 
and brouaht to the attention of Mr. Carroll. Wr. Carroll, in turn, 
requested an investigation of the individual from USAINTC. 


d. In still another instance, adverse suitability information 
was surfaced concerning a US Army Captain who was beina considered 
for a sensitive position both at Fort Ritchie and the AJCC. Adverse a 
Suitability information was qleaned from official records and 
Official Sources and brouaht to the attention of both COL Manning 
and Hr, Carroll. Prior to an investiaation being requested by 
Mr. Carroll, the individual concerned acain became involved with 
law enforcement agencies and, after counsellina by COL "annina, 
offered to resian from the US Army. The aforementioned incident 
was particularly delicate as the individual concerned was a araduate 
of the US Nilitary Academy and possessed a distinguished combat 
record in the Republic of Vietnam, COL "annina and Mr. Carroll both 
expressed complete satisfaction in the manner in which the PLO 
brouaht the acverse suitability information to their attention and 
concurred with PLO in recommendations offered, 


e. Mhile drua abuse, per se, is not within the investiaative 
purview of USAINTC, the issue does involve suitability of the 
individuals concerned to hold security clearances and occupy 
sensitive positions. llpon recient of adverse informetion, immediate 
action was taken to notify the ICIP Coordinator, Nneration CANARY 
EFFORT, Mr. Joseph J. Carroll; the Cormander, Fort Ritchie; and the 
Nirector, Telecormunications Directorate, if applicable, In addition 
| to the aforementioned, action was taken to disseminate information, 
| criminal in nature, to the appropriate military and civilian 
| authorities. COL Hanning and Mr. Carroll both expressed satisfaction 
in the decrease of drua abuse related incidents durina reporting period and 
voiced belief that the marked decrease was largely due to the enhanced 
liaison between the PLO and the Office of the Provost Marshal. 
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ICGP-8-FR i 
SURJECT: Operation CANARY EFFORT (U) 29 March 1974 


—— n 


f. Information concernind both military and civilian "— 
assianed to US Army Communications Command - CONUS and Fort Pitchie, 
and on whom Aaent Reports have been submitted, by both the PLO and 
Project Case Officer (PCO), are duly reflected in l'onthly Status | 
Reports (MSR) for the months of February and "arch 1974. Paragraphs 
2.e. and 3.a. of this report contain statistics concernina Aaents 
Reports submitted only by the PLO. 


g. Covert Sources within the CANARY EFFORT taraet area continue 
to report adverse suitability information concernina both US Army and 
Pepartment of the Army personnel assigned to Fort Pitchie and the 

~ AJCC; 


cy COMMENTS, REMARKS, AMD PECOMMENNATIONS: 


a. It is stronoly recormen?ed that, in the event personne] 
changes are anticipated in the forthcoming reorganization, appropriate 
and responsible USAINTC personnel effect contact with COL Manning and/or 
Mr. Carroll prior to initiatina such chances. If nochina else, the 
aforementioned recommended action should be accomplished as a "matter 
of courtesy", mM 


b. PLO and PCO continue to enjoy an excellent professional and 
personal workina réla tionship. PLO and FCO indeed work ana function as 
a team. PLO continues to enjoy an excellent professional and personal 
working relationship with his counterparts, liaison contacts, and Casual/ 
Official Sources. 


c. It is envisioned that,once the Fort Ritchie Field Office increases 
it's personnel strength, and once the administrative requirements levied on 
the PLO either diminish or stabilize, the PLO will become increasingly 
effective/productive and be permitted to support the supported commander 
in the manner intented by the ICIP, i. e. in the "true spirit" of the 
program, The ultimate goal of the ICIP and, hence, the PLO, is to afford 
the Commander, Fort Ritchie, with coverage desired, i. e., enhancement of 
the security posture of Fort Ritchie and the AJCC by means not locally 


| X. 


GARY L. PEISEN 
CW4, USA 
Project Liaison Officer 
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ls t CANARY STONE: (OACSI Approval - 18 Jul 73) 
a. Location: Dugway Proving Ground, UT 
b. Confidential Source Utilization: Not applicable 


c. Information Obtained Off-post and/or Reporved on Non-affiliated 
Civilians: Not applicable 


d, Useful Information Obtained: Investigative data on potential 
sources. 


e. Operational Status: Deseret Test Center, the original organi- 
zation, has been disestablished and the functions assumed by Dugway, 
necessitating a realignment of targets, The Project liaison Officer 
has established excellent liaison with the Commander and Security 
Officer, As of the end of the reporting period, 12 potential sources 
with proper plarement were under assessment. Production is expected 
during the next quarter, 
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{u CANINE PLATE: (OACSI Approval - 18 Sep 73) 
&. Location: Seneca Army Depot, Romulus, NY 


b. Confidential Source Utilization: Not applicable 


c, Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: Limited investigative data on 
prospective sources. 


e. Operational Status: This operation has been developing slowly 
at the specific desires of the commander. He has directed that no on- 
post record or file checks be conducted on potential sources for fear 
that they or the operation will be compromised, However, he has 
suggested that any prospective source approached who is in doubt of the 
Project Liaison Officer's bona fides be instructed to telephone hin 
privately. Four potential sources have been identified and subjected 
to police and FBI checks, and will be recruited when favorable assessment 
is coneluded. 
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6. U CANTINA ARCH: (OACST Approval ~ 12 Dee 73) 
a. Location: US Army Air Defense Center and Ft Bliss, TX 
b. Confidential Source Utilization: Not applicable 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: Not applicable 


d. Useful Information Obtained: Investigative data on potential 
sources. 


e, Operational Status: Complete cooperation is being received from 
the DSEC, who is the ICIP Coordinator. Two sources are ready for recruit- 
ment and five are under assessment, Two were assessed and rejected be- 
cause of suitability information developed. Production can be expected 
during the second quarter of CY 74. The DSEC is being kep' abreast of 
developments and is satisfied with the progress to date, 
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Be eos TIME: (OACSI Approval - 5 Feb 7h) 


a. Location: Pentagon Telecommunications Center 
b. Confidential Source Utilization: Not applicable 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: Not applicable 


d. Useful Information Obtained: Investigative data on prospective 
sources, 


e, Operational Status: This operation has not been completely 
implemented due to the lack of recruited sources. Two are currently 
under assessment and, if acceptable or amenable to recruitment, should 
begin to provide information during the coming quarter. The Director 
and his security officials continue to be completely cooperative and 
appreciative of the development of the operation, 


REGRADED UNCLASSIFIED 
ON SEP -5 1997. 
RY CDR USAINSCOM FO /PO 

AUTH Para 1-603 DOD 5200.18 


Page 1767 of 3957 


' CENTAUR RACE: (OACSI Approval - 30 Jul 73) 


Location: Ninth Infantry Division and Fort Lewis, WA 


b. Confidential Source Utilization: None 


c, information Obtained Off-post and/or Reported on Non-affiliated 

Civilians: None 
epit 

d, Useful Information Obtained: A conventional source reported 
activity by the wife of SPH ug MONEN Qe eee on 17 Jan 74 
for illegal distribution of erature on post. (Agent Report attached 
&t ANNEX A.) There were two instances of distribution of such litera- 
ture on the post during the period reported on, The FBI continues to 
provide information on military personnel who engage in anti-military 
activity off-post. 


e. Operational Status: [b6 transferred to Leavenworth and then 
released from confinement and the service during the period, is allegedly 
returning to or already in Tacoma, WA, He is expected to continue his 
anti-miiitary activities, but the FBI is in a position to provide continu- 
ing coverage. Both|b6 Jena [56  ]are expected to assist [b6 ]in his 
activities. Security officials at Fort Lewis indicate that tais minor 
activity has no apparent &ffect on troop morale or efficiency, This is 
confirmed by contacts with 26 conventional sources during the period, 
Eighteen additional individuals are under assessment for use as either 
eonfidential or conventional sources. The civilian deputy to the G2 
advised the CI Div, DCSI, FORSCOM, that he was pleased with what was being 
provided. 


1 Incl 
as 
REGRADED a e 
O EP 997 
RY CDR TAN F01/PO 
AUTH Para 1-603 DOD 5200.1R 
Classified by .. CA une... uS 
e rr TROM CENTS Pu Rl cd 0TVCRTDON 
OPE A iis 
Ex OR ee cs ee E 
DECLASSFY CN Xl n AN 
|g 


tte on Usb escam esc csmr os ecu ~~ Page 1768 of 3957 


AGENT REPORT 


For vse of this lom, see FM 30- 17(C); AP. 381-130; the proponent ogoncy Is the Office of the Asrictont Chiaf of Staff for intelligence. 
2. DATE SUBMITTED 
31 January 1957h 


3. CONTEO SYMBOL OW FILE NUAGEN 


$ 1. NAME OF SUBJECT Of TITLE OF INCIDENT 
ANTI-MILITARY/DISSIDENT ACTIVITIES 
Company A, 3/39th Inf, 9th Inf Div 
Fort Lewis, vashington 


4, REPORT OF FINDINGS 


(CASUAL SOURCE) On 3L January 197h, PFC b6 
Company A, 3/39th Infantry, 9th Infantry Division, Fort Lewis, Wachington, 
was interviewed by the undersigned, at the Fort Lewis Field Office, 115th 
Military Intelligence Group, Fort Lewis, regarding SUBJECT, and stated 
substantially as follows: 


o of[ b6 — s friends, PVT| b6  ]ara PrC[ b6 
|b6 | both members of the 3/39th Infantry, collected approximately $175.00 


from Source's platoon on Xi January 1$7. The money was collected for 

[bs Js wife. A substantial number of persons in Company A, 3/39th Infantry 
are highly disgruntled with the US Army for the stiff sentence [b6 ]received 
as a result of his recent court-martial at Fort Lewis, 


AGENT'S NOTES: a former member of Company A, 3/39th 
Infantry, Fort Lewis, was given a Special Court-Martial on 16 January 197h, ` 
for the unauthorized distribution of literature at Fort Lewis, Washington, 


"s \ 
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b. SIGNAIURE OF SPECIAL AGENT 


4 £u 
ioc ol e deca o m 


tox 


5$. TYPED NAME AND ORGANIZATION OF SPECIAL AGEKT 


ROBERT T. JENETNS, ll5th Mi Cp (LE) 
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TON CENTAUR SALE: (OACSI Approval - 14 Dec 73) 


a. Location: US Army Mobility Equipment Research and Development 
Center, Ft Belvoir, VA 


b. Confidential Source Utilization: Not applicable 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: Not applicable 


d. Useful Information Obtained: ssel b6 |] mentioned 
in the previous report, went AWOL and was dropped from the rolls as a 
deserter. He was not reported as a Knowledgeable AWOL. A contractor 
employee was caught taking unauthorized photographs on post, Examina- 
tion of the developed photos indicated nothing of security interest, 
and MERDC authorities plan no further action. 


e. Operational Status: The relationship with MERIC security 
officials continues to be excellent. The Project Liaison Officer (PLO) 
has been hampered by having to function in the same capacity at Harry 
Diamond Laboratories (HDL). However, he has identified 10 prospective 
sources and appropriate checks are being conducted. A separate PLO will 
be assigned to HDL and will allow the CENTAUR SALE PIO to function 
full-time . 
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10; CENTAVO KID: (OACSI Approval - 18 Oct 73) 


a. Location: Harry Diamond Laboratories, Washington, DC 


b. Confidential Source Utilization: Not applicable 


e. Information Obtained Off-post and/or Reported on Non-effiliated 
Civilians: Not applicable 


d, Useful Information Obtained: Agent Reports on an Isr&eli-born 
employee which satisfy requirements in a USAINTC program concerning 
extremist threats against the Army. 


e, Operational Status: This operation has been somewhat hampered 
by the reluctance of the Security Officer to cooperate with the Project 
Liaison Officer (PLO). The PLO has been also required to function in 
that capacity for CENTAUR SALE. A separate PLO for CENTAVO KID has been 
assigned and documented with a security badge. By working with the more 
receptive Assistant Security Officer, who is expected to take over from , 
his chief when the latter retires this year, it is hoped that progress 
will be made. The staff in the Personnel Office cooperate fully, so that 
identification and selection of potential sources should begin shortly. 
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11, CENTRAL TAXI:  (OACSI Approval - 16 Feb 72) 


a. Location: Headquarters, US Army Electronics Command, 
Ft Monmouth, Nd 
b. Confidential Source Utilization: One additional source was 
recruited, bringing the total utilized to four. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None, 


d. Useful Information Obtained: 


(1) A civilian employee continues to drink to excess; the matter 
will be discussed with his supervisor by the ICIP Coordinator. 


(2) Another employee is in contact with foreign export companies, 
but the fact that some are in the Soviet Bloc has heretofore been unknown 
to ECOM officials. The coordinator has asked that sources be tasked to 
provide additional details. 


(3) A civilian guard detailed to control access to a sensitive area 
has been absent from his post, allowing personnel to come and go with 
identification not checked. He has been transferred to other duties, 


(4) AGS 15 scientist discussed SECRET information in a GSA cafe- 
teria while on TDY, He will be counseled on proper security procedures, 
since he will soon host a visiting Japanese student and may inadvertently 
release unauthorized information. (See ANNEX A) 


e. Operational Status: In addition to the confidential sources 
listed above, nine conventional sources were used during the period, 
two of whom contributed information on the guard and the talkative scien- 
tist. ECOM staff members continue to express appreciation for the infor- 
mation surfaced by the operation. LIC Richard O. Aamot, Chief, Security 
Office, and ICIP Coordinator, has announced his intention of expressing 
in writing his appreeiation to personnel involved in the ICIP for their 
contributions to the security of ECOM, Additional details are contained 
in attached Quarterly Progress Report. 
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PARTMENT OF THE ARMS 
FORT MONMOUTH FIELD OFFICE 
1C9TH MILITARY INTELLIGENCE GROUP 
P. O. BOX 176, EATONTOWN, NEW JERSEY 07724 


QUARTERLY PROGRESS REPORT NUMBER 16 
Period: 10 December 1973 to 1 Maren 1978 
WARNING NOTICE: SENSITIVE SOURCES AND METHODS INVOLVED = V WAR 1974 
SUBJECT: CENTRAL TAXI (U) 
1. (U) CIRCUMSTANCES: 
Qn & March 1978, Quarterly Progress Report Number 16 was presented orally 
to LTC Richard O. Aamot, Cuief, Security Office, US Army Electronics Command 


(ECOM), Fort Monmouth, New Jersey, in LTC Aamot's office; no others were pre- 
sent. 


RECAPITULATION OF OPERATIONAL PROGRESS DURING THE PERIOD: 


a. The prospective confidential source mentioned in Quarterly Progress. Re- 
sort Number 15 (IC-B-075) was recruited by the PCO on 10 January 1974. (See 
CR-001-1098-40N, Subject: IC-B-075, dated 16 January 1974). 


b. The name of the program has been changed from the Counterintelligence 
_Sereening Program (CISP) to the Internal Counterintelligence Program (ICIP). 


c. Emphasis continues on spotting, assessing and recruiting conventional 
sources. During the reporting pericd, the PLO recruited six additional con- 
ventional sources. A total of nine conventional sources have been recruited 
since November 1973, when the new conventional source program was implemen- 
ted. The PIO is in the process of spotting and assessing four new conven- 
tional sources. 


d. The PLO has been alerted by DA that he will be transferred to USAREUR. 
Hopefully, a new PLO will be on station prior to the undersigned's departure. 


3. SIGNIFICANT COUNTERINTELLIGENCE INFORMATION DEVEIOPED: 


a. On 9 January 1974, it was reported that Sherman Ray SHIELDS (see Quar- 
terly Progress Report Number i5) continued to consume alcoholic beverages to 
excess. (CR-O1i-109-MON, Subject: IC-B-072, dated 15 January 1974). 


b. On 9 January 1974, it was reported that IN e a GS- 
12, Electronics Devices Branch, Components Section, Production 
Engineering Division, Directorate of Research, Development and Engineering, 
ECON, Fort Monmouth, New Jersey, was involved in foreign business transactions, 
to include transactions emanating from Soviet Bloc countries. (CR-011-109- 


---MON, Subject: IC-B-O72, dated 15 January 1974). Subsequent investigation re- 
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vealed tnat[b6  ]naà indicated on HIS latest Statement of Personul History 
that Hz was involved in foreign business transaetions, but failed to note 
HIS dealings with Soviet Bloc countries.  Noteworthy is the fact that HIS 
mother, father and spouse were all born in Poland. 


c. On 1 March 1974, information was received that John Randolph DICKER- 

i SON, Sr., DAC, GS-h,[ bó ja US Government Security Guard employed by 

| ECOM was not carrying out HIS duties in a proper manner. DICKERSON had been 

| observed for over a two-year period at HIS normal post at tne entrance/exits 
to tne Hexagon cafeteria. During this period, DICKERSON, who was supposed to 
be checking personnel for proper identification and clearance, was seen sleep- 
i ing, wiping tables, working in the kitchen and operating the cafeteria cash 
register. (Agent Reports prepared by Jerome A. Britton, l09th MI Group, re- 
garding DICKERSON, dated 1 March 1974.) 


dad. On 1 March 1974, information was received that b6 

DAC, GS-15,{ b6 |] CŒnief, Laser Technical Area, Combat Surveillance & - 
Target Acouisition Laboratery (CSTA), ECOM, Fort Monmouth, New Jersey, had 
taken a TDY trip to the Washington, D.C. area during the past 30 days. While 
in the Washington area,[ bs  ] accompanied by several others, went to an AMC 
cafeteria and began discussing sensitive SECRET information. It is unknown 
if uncleared personnel were able to listen tc[b6  ]s conversation. (Agent 
Reports prepared by Speciel Agent Jerome A. pd 10$th MI Group, regard- 
inel b6 | dated 1 March Aor 


e. Information M (cee Quarterly Progress Re- 
port Number 15) was passed to the Fort Monmouth Resident Agency, USACIDC, for 


possible exploitation. 


rd 


L. e COMMENTS, REMARKS AND RECOMMENDATIONS: 


a. Reference paragraphs 2a and ec above: ITC Aamot expressed deep satis- 
faction with CZNTRAL TAXI's progress, and urged that personnel involved in 
the program continue their aggressiveness. 


b. Reference paragraph 3a above: poe Aamot will talk to SHIELDS' super- 
visor. 


c. Reference paragraph 3b above: LTC Aamot requested additional informa- 

tion regerding[b6  ]as it is developed. Aawot already has briefed the ECOM 

Chief of Staff on [b6 jand would be most appreciative if we can surface add- 
itional details. 


d. Reference paragraph 3c above: LTC Aamot advised the PLO that DICKERSON 
will be relieved from HIS pest and transferred to another position with de- 
creased responsibilities. 
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e. Reference paragraph 3d above: ITC Aamot contacted the Director of the 
CSTA Laboratory and informed him tna( b6 nad been overheard discussing SE- 
CRET information in an unauthorized area. Aamot will confront[bé  ]wvith the 
same information, without being specific so as not to compromise our source. 
The agent Reporte eal be- Fouia be of more importance than superficially in- 
dicated because| bó [is sponsoring a Japanese exchange scientist who only is 
cleared for access to CONFIDENTIAL material, and[b6  ]is capable of inadver- 
tently passing SECRET data to the Japanese scientist. The verbal counseling 
by Aamot should negate such an eventuality and result in increased security 
awareness SABE js part. 


f. Reference paragraphs 2c and 3c and 3d above: The Agent Reports oa 
[b6 Jand DICKERSON were especially significant because they represent the 
first reporting by conventional sources since implementation of the conven- 
tional source program in November 1973. This data was obtained on just the 
second conta ct with the sources and indicates a very promising future for 
tne overall program. 


| E. CENTRAL TAXI target coverage is presently as follows: 


(1) Researeh, Developzent and Engineering Directorate: Confidential 
| Sources IC-B-OT2 and IC-B-073. i 


(2) Directorate i Product Assurance: Confidential Source IC-B-OTl. 


(3) Maintenance Directorate: Conventional Scurces|bz Jana | b7(d) | 


(4) Combat Surveillance and Target Acquisition Laboratory: Ccnfiden- 
tial Source IC-B-075 and Conventional Source b7(d 
(5) Electronics Technology and Devices Laboratory: Conventional Source 


6) Electronic Warfare Laboratory: Conventional Sources [b7(a) d 


and} b7(d) 


(7) Research and Development Technical Support Activity: Conventional 


Source [7e ] 


(8) Directorate of Management Information Systems: Confidential Source 
Ic-B-058, upon his transfer from ECOM/Philadelphia to Fort Monmouth. 


9) Commnications/Automatic Date Processing Laboratory: Conventional 
Source : 
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h. Future plans relative to new target areas are to recruit sources in 
the following ECOM activities which are presently void of source coverage: 
Avionics Laboratory; Directorate of Procurement and Production; Directorate 
of Materiel Management, upon its relocation from Philadelphia to Fort Mon- 
vouta; Comptroller; and Directorate of Plans, Training and Force Develop- 
nent. 


i. A total of 11 CENTRAL TAXI Agent Reports, consisting cf 19 leads were 
prepared by the PCO and PIO during the reporting period. 
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12. CENTURY SQUAD: (OACSI Approval - 3 Oct 73) 


a. Location: US Army Management Systems Support Agency, The 
Pentagon 


b. Confidential Source Utilization: One source was recruited 
during the period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


a. Useful Information Obtained: None 


e. Operational Status: The source is still in the training 
phase, but can be expected to begin satisfying EEI during the next 
reporting period. Twenty-one prospective sources have been subjected 
to file reviews, LACs, NACs and &ssessment, and can be activated as 
required. The Director and the Security Manager continue to provide 
the cooperation necessary in the development of this operation. During 
the quarterly briefing, the Director stated that sensitive information 
diseussed in his office was becoming common knowledge within the agency 
and felt that this information was either released by someone without 
authorization or that his office was technically monitored, He requested 
that a technical inspection of his office be provided, and was assured 
that an inspection would be conducted in the near future. A complete 
inspection was completed on 5 Apr 74 with negative results. 
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T GONDOLA STAR: (OACSI Approval - 17 Feb 72) 
&. Location: Aberdeen Proving Ground, MD 


b. Confidential Source Utilization: Two sources were used 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: Investigative data on potential 
Sources, 


e. Operational Status: A review of installation targets indicates 
that the highest priority should be given the Ballistics Research 
Laboratory (BRL). One of the above sources is assigned to BRL, and 
three conventional sources are now under assessment to expand the cover- 
age. Two additional conventional sources are under assessment in other 
target activities. The Project Iñaison Officer has been assisting in 
preparation of the Sensitive Activity Vulnerability Estimate (SAVE) at 
Aberdeen since February. This has given him an opportunity to make 
additional useful contacts and identify areas such as BRL which need 
additional source coverage. 
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1h. GONG SILK: (OACSI Approval - 16 Feb 72) 
&. Location: Picatinny Arsenal, Dover, NJ 


b. Confidential Source Utilization: One source was terminated 
during the period, leaving a total of two, 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: As a result of information provided 
by a source, the Commander and Security Officer were made aware of ex- 
cessive absenteeism by a GS 11 Engineer. The employee's abserce and 
irrational behavior were known to the Civilian Personnel Office but not 
staffed. As a result, procedures have been changed so that such inforna- 
tion will be reported to the Security Officer. Another engineer, a GS ; 
12, allegedly takes bets from fellow employees in excess of $100 and 
"lays them off" with unidentified individuals off-post, Another engineer, 
a GS il, is offering photographic equipment for sale to fellow employees 
at about 60% of cost, most of it admittedly "hot." This information, 
which could conceivably be exploited by HOIS came to the source as a 
target of opportunity. The ICIP Coordinator has requested further infor- 
mation be developed before requests for investigation are submitted to 
USATNTC., 


e. Operational Status: Eleven of the 12 potential convertional 

i sources mentioned in the previous quarterly report have been contacted, 
and 10 were amenable to recruitment, The llth was agreeable, but did 

not consider that he had the proper placement. He identified the build- 
ing in his directorate which was the location of the most sensitive 
activities, and recommended two individuals as possible sources. He 

has been briefed on the necessity of remaining silent about the operation. 
The Project Liaison Officer has been requested to assist in future SAEDA 
lectures, and expects to acquire additional potential sources from among 
the "walk-ins" who normally surface after such lectures. The Commander 
has taken an interest in the operation and requested the expanded coverage 
which will be provided by the use of conventional sources. Termination 
of the source was necessitated because of a RIF which reduced him from a 
GS 1l to a GS T, affecting his production as a source, He was also 
transferred to & less sensitive area, ending his placement. 
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15. LANDLESS TIME: (OACSI Approval - 19 Jan 72) 


a. Location: Philadelphia Facility, US Army Electronics Command 


b. Confidential Source Utilization: One source was contacted 
during the reporting period. 


c, Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None | 


d. Useful Information Obtained: None, 


e. Operational Status: The source was met in New Jersey and stated 
that he was: to be officially transferred to Ft Monmouth on 11 Mar, 
From a practical standpoint, this signifies the demise of LANDLESS THE, 
A revised CENTRAL TAXI OPLAN will include the functions transferred from 
Philadelphia to Ft Monmouth, and will identify the Management Informa- 
tion Services Branch, to which this source is assigned, as a target 
area. This source will be carried during the next reporting period 
under CENTRAL TAXI, 
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16. LANYARD MOOD: (OACSI Approval - 22 Dec 71) 


a. Location: Defense Language Institute, East Coast Branch 
Anacostia Naval Annex, Washington, DC 


b. Confidential Source Utilization: None; coverage is provided 
by conventional sources, 


Ce Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


| d. Useful Information Obtained: Agent Reports on eight Arabian 
, instructors which satisfies requirements of a USAINTC program concerning 
extremist threats against the Army. 


| e. Operational Status: During the reporting period, word was 
received that the headquarters and school would begin a move to the 
Presidio of Monterey, CA, after 1 July. However, all classes which are 
in session on that date will continue here until graduation. It will 
therefore be necessary to continue this operation until the move by 
attrition is completed, while LENTIL MONKzY will increase coverage 
&ccordingly. 
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U 
l7. p CLOUD: (OACSI Approval - 16 Feb 72) 


a. Location: US Army War College, Carlisle Barracks, PA i 


b. Confidential Source Utilization: Four sources used during 
the reporting period. 


e. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


i a. Useful Information Obtained: The limited investigation on the 
captain displaying unexplained affluence is not yet complete. A 
Hungarian-born NCO was identified as not having completely accounted 
for foreign visits and relatives. The requested investigation has been 
completed and is being returned to AWC. The questionable &reas appear 
to have been satisfactorily resolved. 


e. Operational Status: The CG, AWC continues to express his com- 
plete satisfaction with the operation. Conventional Sources continue 
to provide information to supplement that provided by the Confidential 
Sources, The new Deputy CG was briefed during the period and exprecsed 
reservations concerning the operation, It can only be hoped that the 
Commandant's enthusiasm for the operation will serve to overcome this 
attitude, 
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18. IENTIL MONKEY: (OACSI Approval - 26 Oct 71) 


a. Location: Defense Language Institute West Coast Branch 
. Presidio of Monterey, CA 


b. Confidential Source Utilization: Four sources were ütilized 
during the period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None 


d. Useful Information Obtained: Another incident involving pen- 
pals in Czechoslovakia was surf&ced, although it took piace during the 
summer of 1973. It involved unidentified ethnic Czechs at the SOKOL 
Hall in San Mateo, CA and two unidentified WAC members of the Army 
Security Agency who graduated in Sep 73. ODCSI, USAREUR has been re- 
quested to pass this information to ASA security authorities in USAREUR 
and provide the identity of the perpetrators and the names of the Czech 
pen-pals, Five individuals involved in the illegal use of drugs were 
identified and appropriate notifications made. One of these was alleged 
to have admitted using heroin. 


e, Operational Status: The Commandant, Defense Language Institute, 
was present for the quarterly briefing and was extremely receptive to 
the program. He expects to move his staff to the West Coast by Sep 7h. 
There are ll conventional sources employed, and eight additional students 
have been identified as probable confidential sources. Both the Comman- 
dant and Security Officer have expressed appreciation for the enhancement 
of the installation’s security posture as a result of the ICIP and 
attendant CI support. 
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Internal Counterintelligence Program (ICIP) Operations GATE 
28 January 1974 
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NTROL NUMBER 
2 


ACTION REQUIRED 
To obtain approval of the quarterly ICIP report. 
( Describe briefly the requirement, background and action taken or recommended. Muat be sufficiently detailed to identify 


MEMORANDUM FOR RECORD. 
the oction withowt recourse to other sources. } 


1. BACKGROUND: 


a. By memorandum dated 8 February 1972 (YELLOW TAB B) the Under Secretary of the 
Army requested the Vice Chief of Staff (VCSA), US Army, provide quarterly reports 


on all (ICIP) operations. 


b. This is the seventh such quarterly report. 
c. USAINTC input is at YELLOW TAB C. 


2. DISCUSSION: 


a. At the direction of the VCSA, 2 November 1973, the term Internal Counterin- 
telligence Program (ICIP) replaced the term Aggressive Counterintelligence Program, 


(ACIP). 


b. YELLOW TAB A forwards to the VCSA the ICIP Quarterly Report ending 31 December 
1973 for the Under Secretary of the Army. 


t 


3. RECOMMENDATION: That the memorandum to the VCSA at YELLOW TAB A be approved and 
signed. 
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DEPARTMENT OF THE ARMY 
OFFICE OF THE ASSISTANT CHIEF OF STAFF FOR INTELLIGENCE 
WASHINGTON, D.C. 20310 


0 1 FEB 174 


MEMORANDUM FOR: VICE CHIEF OF STAFF, UNITED STATES ARMY 


SUBJECT: Internal Counterintelligence Program (ICIP) Operations 


1. Reference Under Secretary of the Army memorandum, dated 8 February 
1972, subject as above (Inclosure 2). 


2. Recommend your approval and signature cf the memorandum at Inclo- 
sure l which transmits the report required by the cited reference. 


3. Coordination: None required. 


b Spd Gann 
W sa HAROLD R. AARON 

1. Memo for USofA Major General, GS 

w/attachment (CONEXBENTIAL) AGofS for Intelligence 


2. Memo for VOSA, 8 Feb 72 
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£UBbJeCT: Internal Counterintelligence Prograr (ICIF) Operations (U) 


! l. (U) Refcrenct ic mode to memoraenüur, Under Ceerctary of ths try, 
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: ICIP NUMBER CONFI- 

LOCATION NICKNAME DATE APPROVED DENTIAL SOURCES 
! Edgewood arsenal, CANAL LOOP 16 Feb 72 5 
i Mary Land 
| Fort Huachuca, ^ GARAL ROPE 17 Dec 73 0 
| Arizona 

Tort Ritchie, CANARY EFFORT 16 Feb 72 3 
| Maryland 
l Dugway, Proving Ground, CANARY STONE 18 Jui 73 i 
| Utah 
L 
| Seneca Army Depot, CANINE PLATE 18 Sep 73 C 
i Rew York 
| Fort Bites, CANTINA ARCH 12 Dec 73 0 
| Texas 
| Fort Lewis, CENTAUR RACE 30 Jul 73 0 
Washington 
Port Belvoir, CENTAUR SaLE l4 Dec 73 0 
i Virginia 
Harry Diamond Lab, CENTAVO KID 18 Oct 73 0 
: Washington, DC 

Fort Monmouth, CENTRAL TAXI 16 Feb 72 3 
New Jersey 
| USAMSSA, CENTURY SQUAD 3 Oct 73 0 
| Pentagon i 
| Aberdeen Proving Grounds, GONDOLA STAR 16 Feb 72 2 
Maryland 
| 
H Picatinny Arsenal, GONG SIK 16 Feb 72 3 
| New Jersey 
| i E 
| Electronics Command, LANDLESS TIME 19 Jan 72 1 
f Philadelphia, l ; m" AE: 
i Pennsylvania, E ru E 
! " gu 
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CURRENT ICIP OPERATIONS (cont) 


ICIP NUMBER CONFI- 
LOCATION NICKNAME DATE APPROVED DENTIAL SOURCES 
Defense Language Institute  LANYARD MOOD 22 Dec 71 0 
Washington, DC 
Army War College, LENIENT CLOUD 16 Feb 72 4 
Carlisle Barracks, 
Pennsylvania 
Defense Language Institute  LENTIL MONKEY 26 Oct 71 4 
Presidio of Monterey, 
California 


TOTALS 17 17 - 25 


Off-post Information: There were no instances in which insormscton on non- 
affiliated civilians was collected off post. 


Information Obtained: 


a. During the second quarter FY 74 the ICIP operations have received in- 
creased emphasis from the Intelligence Command and the supported commanders. ? 
The 17 operations, six of which are newly implemented, have been received with 
enthusiasm from the supported commands. None of the operations during this 
quarter indicated the existance of a hostile threat. 


b. Approximately 30 reports emanating from the ongoing operations and passed 
to the supported commanders concern personnel suitability and incidents. 


Continuance of Operations: The 17 ICIP operations are being continued for their 
original stated purpose. 
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DEPARTMENT OF THE ARMY 
_ HEADQUARTERS œ 
U S. ARMY INTELLIGENCE COMMAND 
FORT MEADE. MARYLAND 20755 


C 9 JAk 1974 


SUBJECT: Quarterly Reporting of Intern&l Counterintelligence 
Program (ICIP) Operations (U) 


HQDA (DAMI-DOI-S) 
WASH DC 20310 


Oo has been positive improvement in the Internal Counter- 


intelligence Program (ICIP) during the second quarter FY 1974. The 
positive improvement has resulted from Command emphasis placed on making 
the individual operations viable and productive. The briefings con- 
ducted by the Intelligence Command and the Group Commanders' visits 

have contributed immeasurably to understanding, acceptance and coopera- 
tion in the ICIP by the supported Commanders and their staffs. With 
this impetus and assignment of aggressive Project Liaison and Contact 
Officers, the operations are beginning to produce the counterintelligence 
information that meet and satisfy the objectives of this program. 
Criminal and security information gleaned as an adjunct of the program 
activity have been furnished the appropriate Army authorities for their 
action. ` 


2. During the reporting period, there have been six additional 

ICIP operations approved of which three were implemented and the other 
three are scheduled for implementation during January 1974. ‘This brings 
the (iva number of operations to 17 for the program, 


3. In addition to Quarterly Status report, Progress Reports are 
inclosed for in depth information concerning the individual operations, 
These reports not only reflect the progress accomplished during the report- 
ing period, but the positive attitude that now prevails at all levels. 


* 


Classifizd by ...... TDCS. ESAT... 


SUL: TO GUOTRRLEDODORZTICATON - 
l — o DRE c E D ` 
REGRADED UNCLASSIFIED I 4o z A CHEN PEE y m 
ON SEP -5 1997 ju ALS Eo eS 08 90 LAC. 42.7] 
BY CDR USAINSSOM PUTO 
AUTH Para 1-603 BOD 5200.1R 289 


€———Á———— m M A € mui ts a nn EE 4 


Page 1789 of 3957 


09 JAN 1974 


ICDO-OP ; 
SUBJECT: Quarterly Reporting of Internal Counterintelligence 


Program (ICIP) Operations (U) 


This aggressive attitude is expected to resit in increased productivity 
with each quarter. Equally important, the ICIP is expected to continue 
to project a f&voraoie image of counterintelligence through professional 
accomplishments and service to the supported commands. 


FOR THE COMMANDER: 


32 Inel 
1-17. Quarterly Status Rpts 
18-32. Quarterly Progress Rpts Deputy Chief of Staff, Operations 
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l. CANAL LOOP: (OACSI Approval - 16 Feb 72) 
a. Location: Edgewood Arsenal, Edgewood, MD 


b. Confidential Source Utilization: Five sources were utilized 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None. 


d. Useful Information Obtained: Two Agent Reports dated 13 Dec 73, 


subject: [ bE — — Jmibmiited. 


e. Operational Status: The assignment of a replacement Project 
Iàáaison Officer will enhance the planned recruitment of additional 
sources both here and at Aberdeen Proving Ground. 
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2. CANAL ROPE: (OACSI Approval - 17 Dec 73) 


a. Location: Headquarters, US Army Commumications Command and 
Lith Signal Group, Ft Huachuca, AZ 


b. Confidential Source Utilization: Not applicable. 


| 

| c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: Not applicable. . 

[ 

i 

! 

! 

| 


d. Useful Information Obtained: Not applicable. 
e. Operational Status: Implementation by the field element 
directed on 21 December 1973 is expected to be actioned in January 1974. 
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i 3. CANARY EFFORT:  (OACSI Approval - 16 Feb 72) 
a. Location: Fort Ritchie, MD 


b. Confidential Source Utilization: Three Confidential Sources 
were utilized during the reporting period. Additionally, one Conventional 
Source has been coded and was utilized during the reporting period. i l 


c, Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None. 


submitted pertaining to incidents and adverse suitability information 
regarding US Army personnel &ssigned to the US Army Communications 
Command - CONUS and Fort Ritchie. Several individuals were identified 
as being involved in drug abuse or drug abuse incidents, Aporopriate 
Fort Ritchie staff personnel and CID were notified. Activities of these 
individuels will be monitored for development of specific suitability 
information, since the majority have access to the Alternate Joint 
Communications Center. A senior NCO assigned to communications was 
identified as being in debt. 


e, Operational Status: An experienced Project Liaison Officer was 
assigned the operation on 15 October 1973 and is now well established, 
The Fort Ritchie commander expressed his gratitude at the accomplishments 
rendered during the reporting period. The Commanding Generai, US Army 
Communications Command - CONUS has expressed his desire that the 
operation continue in effect to enhance the security of his command. 
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Rs CANARY STONE: (OACSI Approval - 18 Jul 73) 
à. location: Deseret Test Center, Dugway Proving Ground, UT 
b. Confidential Source Utilization: Not applicable 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: Not applicable. 


d. Useful Information Obtained: Not applicable 


e. Operational Status: With the arrival of the Project Liaison 
officer on station on 1 December 1973, and the finalization of the 
Intraservice Support Agreement, this operation can be expected to be- 
come operational during the coming quarter, 
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De (s CANINE PLATE: (OACSI Approval - 18 Sep 73) 
a. location: Seneca Army Depot, Romulus, NY 


b. Confidential Source Utilization: Nose utilized during the 
reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civiiians: None, 


d. Useful Information Obtained: Not applicable. 
e, Operational Status: The Commander was briefed on the implemen- 


tation of the operation on 17 November 1973. Sources are expected to 
be recruited and reporting during the third quarter of FY 74. 
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6. [m ARCH: (QACSI Approval - 12 Dee 73) 


&. Location: US Army Air Defense Center and Fort Bliss, TX 
b. Confidential Source Utilization: Not applicable 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None, 


d. Useful Information Obtained: Not applicable. 


e. Operational Status: Implementation by the field element 
directed on 21 December is expected to be accomplished in January 1974. 
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T. s RACE: (OACSI Approval - 30 Jul 73) 


a. location: Ninth Infantry Division and Fort Lewis, WA 


b. Confidential Source "Hilization: This operation currently has 
no Confidential Sources. 


€. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: Neue. 


d. Useful Information Obtained: Conventional Sources have reported 
damage to signal equipment and to a helicopter, Both incidents are still 
under investigation to determine whether the damage was intentional or 
accidental. Information was also obtained on the distribution of anti- 
military/dissident literature at Fort Lewis. 


&. Operational Status: The impending courtmartial of SPH 
[b6 ffor illegal distribution of literature on-post has increased the 
tempo of anti-military activity at Fort Lewis. Lead Development data 
on prospective Confidential Sources is expected by mid-January 1974. 
In the meantime, coverage is provided by 11 Conventional Sources, with 
another 12 under assessment. 
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8. CENTAUR SALE:  (OACSI Approval - 14 Dec 73) 


&. Location: US Army Mobility Equipment Research and Development 
Center, Fort Belvoir, VA 


b. Confidential Source Utilization: Wot applicable. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: Not applicable, . i 


`d., Useful Information Obtained: During this period three Agent 

Reports were produced. These reports are as follows: b6 
Gi i — EE: NE: TUE 
submitted 26 October 1973, concerned suitability due to indebtedness; 
[ b6 — —  ] DPOB: b6 | om 
| bẹ 1| report submitted 5 November 1973, concerned suitability due 

o alcohol drinking probiems; b6 = |DPOB: b6 

SSAN| bẹ j, report submitted 21 November 1973, 

concerned a threatening telephone call. The information reported was 
developed by the Project Liaison Officer pending formal approval of the 
Operations Plan. 


e, Operational Status: Formal implementation by the field element 
directed on 21 December 1973 is expected to be accomplished in January 
1974, 
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9. CENTAVO KID: (OACSI Approval - 18 Oct 73) 
a. Location: Harry Diamond Lzooratories, Washington, DC 


b. Confidential Source Utilization: None utilized during the 
reporting period. 


Cc, Information Obtained er and/or Reported on Non-affiliated 
Civilians: None. 


d. Useful Information Obtained: Arent Report was produced on 
suitability information developed o 


€, Operational Status: The Commander was advised on 12 November 
1973 that the operation was being implemented. However, source recruit- 
ment is not expected until the next reporting period. 
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10. CENTRAL TAXI:  (OACSI Approval - 16 Feb 72) 


a. Location: Headquarters, US Army Electronics Command, 
Fort Monmouth, NJ 


b. Confidential Source Utilization: Three such sources were 
used during the reporting period. 


Ce Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None. 


d, Useful Information Obtained: A US Army truck has been observed 
delivering unidentified articles each week to a civilian residence in a 
hearby town; a civilian employee has a drinking problem tthe extent 
that he has come to work inebriated. A civilian employee is allegedly 
involved in narcotics traffic. 


e. Operational Status: Above items of information were passed to 
the appropriate officials at Fort Monmouth. The operation has been 
revitalized. The confidential sources have been reactivated by the 
newly assigned Project Control Officer, and the Project Liaison Officer 
has recruited three conventional sources; two in the Electrcnies Warfare 
Laboratory, ECOM's most sensitive activity and one in the Maintenance 
Directorate where the majority of the ECOM security violations originate, 
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Al, CENTURY SQUAD: (CACSI Approval - 3 Oct 73) 


&, Location: US Army Management Systems Support Agency, The 
Pentagon 


b. Confidential Source Utilization: Not applicable. 


c. Information Obtained Off-post and/or Reported on Ncn-affiliated 
Civilians: None. , 


. d. Useful Information Obtained: Not applicable, 


| 
| 
| 
| 
| 
| 
e, Operational Status: The Security Officer and his assistant were 


advised on 5 November 1973 that the operation had been approved for 
implementation, Ten individuals have been identified as potential 
Confidential Sources, and requests for Local and National Agency Checks 
have been initiated. Recruitment of these individuals will depend on 
the investigative results, The files of 17 civilian employees have also 
been reviewed and records checks have been requested. 
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12. an STAR: (OACSI Approval - 17 Feb 72) 


a. Iocation: Aberdeen Proving Ground, MD 


v. Confidential Source Utilization: Two sources were used during 
the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None. 


d. Useful Information Obtained: None. 


e, Operational Status: The recently assigned Project Liaison 
Officer, who also handles the operation at Edgewood Arsenal, has served 
two previous tours at Aberdeen, and his contacts needed to spot and 
assess the additional Confidential Sources required for this operation 
have been re-established... Edgewood is a sub-post of Aberdeen, and it 
appears advisable to revise the GONDOLA STAR OPLAN to include CANAL LOOP, 
A single Project Control Officer handles the sources at both posts, 
and the Aberdeen Installation Intelligence Officer, who is the ICIP 
Coordinator, functions also for Edgewood. 
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14. M nz quis dimus 
a, Location: Philadelphia Facility, US Army Electronics Command 


b. Confidential Source Utilization: ne source was contacted 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None. : 


d. Useful Information Obtained; None. 


e. Operational Status: The single source available in this 
operation moved to a newly-purchased house near Fort Monmouth shortly 
before Christmas and he is commuting to Philadelphia. At the present 
time, source is employed in the Management Information Services 
Directorate, which is not included in the designated target areas of 
the Fort Monmouth operation. Retention of source depends upon his 
projected transfer in March 1974 to duties at Fort Mormoulh. 
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Lf ) LANYARD MOOD: (OACSI Approval - 22 Dec 71) 
l a. Location: Defense Language Institute East Coast Branch 
Anacostia Naval Annex, Wasuington, DC 


b. Confidential Source Utilization: None; coverege is provided by 
conventional sources, 


' c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None. 


d. Useful Information Obtained: None, 


: e. Operational Status: This facility has changed from the previous 
utilization of contract schools scattered throughout the Washington area 
to a more traditional. self-contained facility with seven language depart- 
ments and its own instructors. A revised operation plan reflecting this 
structure and placing emphasis on the utilization of confidential as well 
&s conventional sources has been prepared and will be forwarded under 
separate cover. 
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16. nes CLOUD: (OACSI Approval - 16 Feb 72) 
| ` a, Location: US Army War College, Carlisle Barracks, PA 


b. Confidential Source Utilization: Four such sources were used 
during the reporting period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None. 


d. Useful Information Obtained: Information was developed indicating 
a captain has exhibited unexplained affluence, which served as basis for 
initiating an investigation. 


e. Operational Status: The Project Liaison Officer has developed 3L 
conventional sources, whose information has identified a nuber of 
security weaknesses. The Commandant has been made aware of this situa- 
tion and has established additional security safeguards. The Military 
History Research Collection, a tenant agency, has been added to the list 
of target activities. 
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| 17. LENTIL MONKEY: (OACST Approval - 26 Oct 71) 


. &, Location: Defense Language Institute West Coast Branch 
3 Presidio of Monterey, CA 


b. Confidential Source Utilization: One source was used as of 
the beginning of the reporting period. Three additional sources were 
added during the period. 


c. Information Obtained Off-post and/or Reported on Non-affiliated 
Civilians: None. 


to the same San Francisco restaurant mentioned in status report for the 
second quarter of CY 73. There was no repetition of the May 73 incident. 
Cammunist literature was found in the post gymnasium. Improper proce- 
dures were used in a briefing with a SECRET classification. This infor- 
mation was passed to appropriate staff personnel, 


i 
4 
1 
: d, Useful Information Obtained: A Czech class made a field trip 
l 


T 

e. Operational Status: The lead Bank of prospective sources stands 

at 68 MI students, Twelve have been selected as prospective conven- 
tional sources and eight for confidential sources. The continued SAEDA 
briefings of class monitors has increased the security awareness of the 

| students, and incidents which went unreported in the past are now being 

| brought to the attention of the proper authorities. 
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BE, -DEFARTMENT OF THD ARMY 
he. NES HEADQUARTZAS. 100TH MILITARY INTELLIGENCE GROUP 
ly oe FORT MEADE, MARYLAND 26755 


TCGP-B-SP 


SUBJECT: Quarterly Progress Reports (QPR) and Quarterly Status Reports 
(QSR) (U) 


Commander 

United States Army Intelligence Command 
ATTN:  ICDOC-OP 

Fort Meade, Maryland 20755 


l. (U) Forwarded herewith are ten Quarterly Progress Reports (OFR) 
and ten Quarterly Status Reports (OSR) for the period 15 September 1973 
to 15 Decender 1973 for the following Internal Counterintelligence 
Program (iCÍP) Projects: 

a. CANAL LOOP (U) 

b. GOCXDOLA STAR (U) 

c, CANINE PLATE (U) 

d. CENTAVO KID (U) 

e. CENTRAL TAXI (U) 

f. GONG SILK (U) 


Be LANYARD MOOD (U) 
REGRADED: : 


ji CDR Rhio FOLPO 
1. CANARY EFFORT (U) _ AUTH Para 1-603 DOD E200. Jp 


h. CENTAUR SALE (U) 


j- LENIENT CLOUD (U) 


(uko Project accomplishments are contained in individual QPRs; how- 
ever, specific attention is invited to the following projects: 


— a. CANAL LOOP (U) and GONDOLA STAR (U): The new Project Liaison 
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ICGP-B-SP 
SUBJECT: Quarterly Progress Reports (QPR) and Quarterly Status Reports 
(QSR) 


Officer (PLO) is on station and the new Projecr Control Officer (PCO) has 
reactivated seven dormant sources. This Group wili recommend combining 
these two operations in view of organizational changes in the mission and 
functions of Edgewood Arsen2l and Aberdeen Provino Cround. 


b. CANINE PLATE (U): During the reporting period, formal approval 
| of the Operation Pian (OPlan) was received from the Office of the Assist- 
! ant Chief of Staff, Intelligence (OACSI), Department of the Army, and the 
Commander, Seneca Army Depot was briefed. A PLO is assigned and the pro- 
| gram is being implemented based on ground work previously initiated. 


c. CENTAVO KID (U): During the reporting period OACSI approval of 
! the OPlan vas received and the Commander, Harry Diamond Laboratory was 
| briefed regarding the project. A PLO has been assigned and the program 
has been implemented. Sources are under consideration. 


d. CENTRAL TAXI (U) and LANDLESS TIME (U); The CENTRAL TAXI (U) 
OPlan is under revision and should be combined with LANDLESS TIME (U). 
This action is recommended in view of the deactivation next year of the 
l Electronics Command, Philadelphia (ECOM/P) and transfer of its functions 
to Fort Monmouth (ECOM/M). As a result of the on-going drawdown, trans- 
fer of functions and necessary termination of all but the one Confidential 
Source who is moving to Fort Monmouth, no OPR or QSR will be submitted 
for Operation LANDLESS TIME (U). 


e, CONG SILK (U): The newly assigned GREAT SKILL (U) PCO has re- 
activated tne three dormant Confidential Sources and broadened his base. 


f. LANYARD HOOD (U): ICIP Support to the Defense Language Institute, 
East Coast (DLIEC) has a new PLO designated, and the revised OPlan sub- 
mitted to your headquarters for approval. 


g. CENTAUR SALE (U): OACSI approval of the OPlan was received on 
14 December 1973. The Commander, Mobility Equipment Research and Develop- 
ment Center (MERDC) elected to be briefed in January 1974. A PLO has 
been designated and is presently active in the overt aspects of the pro- 
gram. 


h. CANARY EFFORT (U): The project in support of USACOM-CCNUS and 
Fort Ritchie is the best example of what the ICIP can accomplish when 
| aggressively pursued by all personnel involved. Specific attertion is 
| invited to the CANARY EFFORT (U) QPR and QSR. I have directed that 
CANARY EFFORT (U) serve as the pilot operation for all ICIP operations 
conducted by the 109th MI Group. A new PLO has been recently assigned. 
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ICGP-B-SP 
| SUBJECT: Quarterly Prosress Reports (OPR) and Duarterlv Status Reports 


(QSR) 


i, LENIENT CLOUD (U): The Military History Research Collection 
(MHKC), at tne request of the Commanéanc, US Army War Coliese (USAC) 
has been added to tie LEVLENT CLOUD (U) Tarset List. Information devel- 
oped by the PLO has led to tne initiation of background investigations 
concerning two individuals assigned to USAWC. Two Conventional Sources 
have been coded during the reporting period. 


3. The following items constitute group-wide accomplishments which 
havé significantly improved all aspects of the ICIP: 


a. Operational control of the ICIP has been returned to Field Office 
control and energized there. A Special Operations Letter of Instruction 
(LOI) has been published which will constitute 109th MI Group policy and 
procedures regarding the ICIP. I have placed great Command Interest 
throughout the quarter on the program and stressed the importance of the 
ICIP during the recent 109th MI Group Cozzanders' Conference. I vill 
continue to emphasize this program during my periodic visits to all sub- 
ordinate elements. Additionally, I have Personally briefed a nunber of 
commanders of supported activities and their security managers concerning 
ICIP. This quarter ve have placed first priority on the IC]? program and 
results have been satisfactory. More will be accomplished. 


b. Action has been taken to fully coordinate the provisions cf esist- 
ing ICIP OPlans with the provisions of USAINTC and 109th MI Group OPlans 
109-73, 110-73, and 111-73. Simultaneously, all ICIP OPlans vili be re- E 
vised and updated on a programmed basis. The object is to better our’ | 
product and expand our base. | 


ĉi My staff has worked closely with your Special Operations person- j 
nel in the formulation of an ICIP Monthly Operational Status Report which 
is designed to update and replace the QSR and QPR. 


d. GREAT SKILL (U) Personnel have been assigned and are operation- 
ally active as PCOs. All dormant Confidential Scurces have been reacti- 
vated and are being retrained and redirected in line with increased 
standards of professionalism. More sources are being considered. 


e. A Conventional Source Program is being developed to augment. and 
support existing Confidential Sources. 


f. Guidance has been formulated and disseminated directing subordin- 
ate commanders to evaluate supported installations and activities for 
potential ICIP inplementation. 
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ICGP-5-SP 
SUBJECT: Quarterly Progress Reports (OP) anc Quarterly Status Reports 
(QSR) 


4. [4 The preceding actions have resulted in the hichest level of 
productivity since the ICFP was reactivarea in lote 1571. i am 
confident that continued emphasis upon ICLP by ail personnel will 
result in significant, demonstrable enhancement of the security 
posture of supported activities and oS 
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20 Incls "^ CHARLES E. THOMANN 
as (1 cy ea) Colonel, MI 
Commanding 
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CARLISLE BARRACKS LIAISON OFFICE 
109th MILITARY INTELLIGENCE GROUP 
CARLISLE BARRACKS, PA 17013 


QUARTERLY PROGRESS REPORT NUMBER ; 


Period 12 October 1973 to 18 December 1973 5 


ARENON OR ER a a eT ATA A 
SUBJECT: OPERATION LENIENT CLOUD (U) 


1. (U) CIRCUMSTANCES: At 0900, 18 December 1973, Major Franklin M. Davis, Jr., 
Commandant, US Army War College, (USAWC), Carlisle Barracks, PA, 17013, 

received the quarterly briefing concerning significant items of interest 

within the target areas defined by Installation Counterintelligence Program 

' (ICIP), LENIENT CLOUD, from Special Agent John A, Nolan III, Project Liaison 
Officer, (PLO). No other persons were present during the briefing. 


2. RECAPITULATION OF OPERATIONAL.PROGRESS DURING THE PERIOD: 


a. Operational and administrative control of ICIP LENIENT CLOUD was 
placed in Field Office Commander, (FOC), Fort Ritchie Field Office (FRFO), 9... 
109th MI Group. 


(1) Such operational control caused PLO to be responsible for the conduct 
of SAEDA Briefings. Two SAEDA briefings were presented to a total of 560 
military and civilian personnel on the installation on 1 November 1973. 
Presentation of such briefings allowed greater exposure of PLO to military 
and civilian personnel as a representative of USAINTC; allowed PLO to *. 
include himself among those persons continuously present on the installation s 
capable of resolution of security related problems; and greatly enhanced 
PLO's accessibility to records and personnel on the installation and vise versa. 


= 


(2) On 24 October 1973, MAJ Robert L. Brooks, FOC, FRFO, visited Carlisle 
Barracks for an orientation, which included meetings with the Directors, and 
tours, of Strategic Studies Institute, Operations Group, Military History 
Research Collection (MHRC), USAWC Library, USAWC itself and USACC-C facility, 
Carlisle Barracks. 


(3) On 11 December 1973, COL Charles E. ‘Thomann, Commanding Officer, 
109th MI Group, accompanied by MAJ Brooks, visited Carlisle Barracks for an 
orientation and in addition to an office call on General Davis, received a 
tour through those facilities in paragraph 2a(2) above, with the exception 
of MHRC, 


(4) As a result of the visit by COL Thomann and MAJ Brooks, a comprehensive 
paper is presently being prepared with a view toward reducing the administrative 
CLASSIFIED BY "ROR, LOOT Mi Gout 
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time, especially in regard to security clearance procedures, involved in hiring 
of civilian professors and consultants at Strategic Studies Institute, possibly 
through USAINTC assets. 


(5) An additional resuit of the visits by COL Thomann and MAJ Brooks 
was an appreciation of the physical plant, the functions and the key personnel 
of target areas defined within ICIP LENIENT CLOUD. 


b. In response to General Davis’ request of 23 October 1973, approval 
was sought for the addition of MHRC to the target list of those organizations 
and facilities covered by Project LENIENT CLOUD, 
(1) On 14 November 1973, approval was granted by letter from Commanding 
Officer, USAINTC, to add MHRC to the target list. | 


(2) Since 1 April 1973, target operational research for operational data | 
relative to MHRC has been conducted and has thus far resulted in the submission i 
of two Agent Reports detailing security procedures in effect at MHRC and two 
Agent Reports concerning persons assigned to MHRC, | 


(3) Spotting and assessment of potential assets has not thus far resulted 
in the submission of any formal, comprehensive Lead and Development Reports; 
however, daily to weekly contact has been established with three individuals 
presently identified as casual sources, within MHRC. 


(4) As a result of contact with casual sources within MHRC, a formal 
written request for counterintelligence technical services was submitted to 
HQ, 902nd MI Group and subsequently completed by elements of’ the AJCC Field 
Office, 902nd MI Group, Fort Ritchie, MD. The services resulted in an appre- 
ciation on the part of MHRC administrative personnel of the benefits which 
accrue to the facility by such technical services. By virtue of the established 
reluctance on the part of COL George S. Pappas as regards the need for counter- 
intelligence services, the basis for request of the services primarily con- 
cerned the safeguarding of valuable manuscripts, weapons, uniforms and other 
exhibits maintained in MARC. At this point in time, such emphasis establishes, 
in the mind of the Director, a compatability between academic and historical 
prespectives and counterintelligence services. 


c. During the reporting period, in-depth spotting and assessment potential 
assets for utilization, has resulted in submission of seven Lead and Develop- 
ment Reports. 


d. To date, a total of twenty-nine casual sources, with whom daily to 
weekly contact had been maintained, have been utilized. As a result of 
utilization, two casual sources Rave oaea as Source 9002 and Source 9003, 

cca 


e. Establishment of the PLO as a quasi-officially assigned assistant to 
the USAWC Security Manager, and who has a capability of providing a liaison 
conduit to USAINTC as an adjunct to such duties, has resulted in: 
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(1) Casual and conventional sources providing information which they 
would normatly not have occasion to report officially due to periodically 
vagarious requirements of military administrative procedures. 


(2) Causing the PLO to be queried relative to organizations with which 
members of the USAWC Staff and Faculty deal. Such queries have resulted in 
very rapid resolution of requests for characterization, in two cases, through 
CPT B, A. Oullette, Special Investigations Branch, 109th MI Group, and 
establishment of the PLO, in the view of the Staff and Faculty members, as 
a viable contact for intelligence related matters, 


(3) Causing requests for all classified and unclassified military 
information to be routinely channelled through the USAWC Security Office, as 
opposed to the previous "hit or miss" manner in which each department of USAWC 
validated the requestor's authenticity. Further results include an established 
procedure whereby the List of Collectors of Unclassified Military Information 
(LHCUMI) is reviewed and has caused the submission of three letters to the 
appropriate agency at ACSI, when organizations/individuals have appeared in 
the, LHCUM] document. 


] 
Og SIGNIFICANT COUNTERINTELLIGENCE INFORMATION DEVELOPED: 
a. As a result of contact with a casual source in the administrative 

section of MHRC, a request for a background investigation of SGT| bô 

MHRC has been submitted, through USAINTC channels, and is being 
conducted by PLO, Estimated date of completion of the initial portion of 
the investigation is 5 January 1974, dependent upon availability of sources 
who may be able to resolve derogatory information which has arisen, 


b. As a result of inquiries by PLO, contact with conventional and casual 
sources on the installation, and in concert with information developed through 
confidential sources, a request for another investigation into the financial 
and moral background of CPT[ b6 ^ | assigned to Department of Command 
and Management, USAWC, has been initiated to be resolvcd by USAINTC elements, 
To date one Agent Report has been submitted to SIB, 109th MI Group, for 
forwarding to USAINTC, as background, prior to the submission of the request : 
for investigation through the Deputy for Plans, Training and Security, 
Carlisle Barracks. 


C. As a result of information supplied by casual sources, PIO is 
currently attempting to ascertain the true identity and purpose of a Mr. fnu 
who has been "gate-crashing" parties and other social affairs at 
Carlisle Barracks, at which times he wears either a social or military name- 
tag, Local agency checks on Carlisle Barracks reveal that no individual by 
the name of[be ] is assigned or employed at the installation. 


d. An individual, subsequently coded, volunteered information in 
interview and sworn statement, relative to narcotics availability and use on 
Carlisle Barracks, as background information relative to the operation of 


MS eee 


C —- 


Ns -5 99 
S oon ud fisco PATIO 
AUTH Para 1-603 DOD 5200.1R, 


" | 


mE Page 1813 of 3957 


the installation, and which contained allegations relative to an individual 
assigned to Carlisle Barracks in possession of a TOP SECRET security clearance, 
To date, nine Ágent Reports, Subject: Availability and use of Narcotics on 
Carlisle Barracks, PA 1973 and a Memorandum for the Record, Subject: Infor- 
mation and Circumstances Relative to Drugs on Carlisle Barracks, have been 
submitted. 


4, COMMENTS, REMARKS AND RECOMMENDATIONS: 


a. General Davis commented that he appreciated the presence of a full 
time PLO, whose integration into both the official and social functioning 
of the installation has been such as to provide much more effective coverage 
than had previously been experienced. General Davis queried PLO relative 
to the PLO serving as the Security Manager, USAWC during the impending leave 
of the Security Manager during the latter two weeks in January 1974, and was 
assured that the PLO would so serve, without any substantial reduction in 
coverage, Further, the assumption of the Security Manager's duties for two 
weeks could only serve to cement the acceptability of the PLO as the assistant 
to the Security Manager. : 


b. General Davis was receptive to the PLO's suggestion that a consider- 
ation be given for a formal request for a penetration test of the USAWC, 
subsequent to the full implementation of additional security safeguards 
presently being substituted for systems previously determined to be inadequate, 
Formal request will probably be forthcoming in late January, 1974, when 

construction is completed. i se 


c. General Dervis was also receptive to a recommendation that consider- 
ation be given for up-grading the security posture of Root Hall, which houses 
USAWC, in respect to limiting access to the building and effectively reducing 
the threat posed by a sta '-behind. i 


HN A. NOLAN III 
“$10, LENIENT CLOUD 
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i Ko a á 
ICGF-F-OR 11 December 1973 
QUARTERLY PROGRESS REPORT NUMBER 4 " 
: For the Period 1 October to 31 December 1973 


His WARNING HOTICL - STISITIVZ SOURCES AND ÉZTZODS IJVOLYED 
SUBJECT: Operation LENTIL MONKEY (U) 
1. (U) CIRCUMSTANCES: 


&. At 1030 hours on 4 December 1972, a briefing on the progress of 
LENTIL MONKEY was conducted at the Fort Ord Field Office, 115th Military 
Intelligence Group, Fort Ord, California, Attending were: 


Colonel Eric H. Vieler, Commander, 115th Military Intelligence Group 
Major James H, Donnelly, Commander, Fort Ord Field Office 
CW2 James E, McKinley, Project Liaison Officer, LENTIL MONKEY 


b. Between 1430 and 1500 hours, 4 December, a similar briefing was 
held in the office of the Commandant, Defense Language Institute, West 
Coast (DL1&C), Presidio of Monterey, California. Persons present were: 


Colonel John F. Hook, Commandant, DLIWC 
Colonel tric H. Vieler 

Major Richard Erickson, Security Officer, DLIWC 
Major James H. Donnelly 

CW2 James E. McKinley 


RECAPITULATION OF OPERATIONAL PROGRESS DURING THE PERIOD: r 


a. The On-Post Liaison Operatjon: A total of 80 students, who were 
Class and Section ionitors, received individual SAEDER briefings in tkis 
operation. Included in this total were four monitors who received second 
briefings, and five who received third briefings, Intelligence-trained 
students were also contacted and reminded of their professional resron- 
sibility to report anything of intelligence interest, 


b. The Conventional Source Operation: 


(1) At the start of the quarter this operation had 20 prospective 
sources. Eight more were selected during this period, giving the operation 
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ICGF-F-OR 41 December 1973 
SUBJECT: Operation LENTIL MONKEY (U) 


a total of 28 prospective sources. Information produced by this oper- 
ation exceeded that of any previous quarter since the project was 
reactivated in November 1971. 


"(23 Colonel Hook and Major Erickson were not briefed on the following: 

(a) During the reporting period the Lead Bank was expanded from 42 to 
68 MI students. Twelve new Leads were selected as prospective Conven- 
tional Sources; however, four were later dropped because of academic 
difficulties with the language being studied, 


(b) On 24 October 1973, this operation acquired a prospective source 
who is a DA civilian employee of the Systems Development Agency, Defense 
Language Institute, Presidio of Monterey. This individual was formerly 
Confidential Source IC-D-310 of the 112th Military Intelligence Group. 


c. The Confidential Source Operation: When the quarter began, this 
operation had eight prospective sources. One wes recruited on 11 October 


1973, four are still under assessment, and three have been dropped as 
unsuiteble, Seven additional leads are presently being screened for 
possible development as sources. Colonel Hook and Major Erickson were 
not briefed on the following: "m. « 


(1) Lead and Developnent Reports have been forvarded for four prospec- 
live sources, Recruitment of one of these sources is awaiting lieadquarters, 
USAIRTC approval of the approach pian. 


(2) The seven new Leads were selected to cover the Chinese (1), 
Czech (1), Hungarien (1), Polish (1), Russian (2), and Japanese (1). 
languages. L 


3. SIGHIFICANT CQUNTERINTELLIGENCE INFORMATION DEVELCPED: 


a. Information was developed concerning the visit of a DLIWC Czech 
class to the Europa Restaurant, 2769 Lombard Street, San Francisco, CA, 
on 2 and 9 November 1973, A Confidential Source reported in May 1973 
that the owner of this restaurant had encouraged Czech language students 
to establish "pen-pal" correspondence with three young females in Czecho- 
slovakia, The class visited the restaurant as scheduled, but no further 
attempts to recruit "pen-pals" were noted. 


b. A student reported that members of his Russian language class 
proposed a class visit of the Russian Consulate in San Francisco, Since 
the trip was not being planned for the immediate future, notbing further 
developed concerning this proposal. 
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SUBJECT: Operation LENTIL MONKEY (U) i 
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c. Confidential Source IC-F-081 reported on Czechoslovakian pu^li- 
cations available to his class wnich contained Communist propaganda. 


d. A student provided a copy of a bocklet published by the Central ! 
Committee for Conscientious Objectors, which he had received in the mail. 
Numerous copies of this same booklet have been received by military 
personnel at Fort Ord. 


4. (U) COMENTS, REMARKS, AND RECOMMENDATIONS: The briefing ended with 
no questions by the attending parties. Colonel Hook expressed his apprec- 
sation for the effort expended in the conduct of the Internal Counter- 
intelligence Program, and was very pleased with the progress that had 
been made. . 


JAMES H. DONNELLY p 
Major, MI 
Commanding 


P d 


Mure PO e nni n betur MS NU n eua y s a eo In emi tpe nami y et e mà Smp cama i do rema t men s nemen 
à 


f 
By ie. Ue ann 
COR BEP -8an D 
AUTH Par, SASi ; 


m 


8. OM F 
803 Dop 5206 R 


> 


Ap ow AL P matin 


| 


Page 181/ of 3957 


N : . y f 
REGRADED UNCLASSIFIED e JEPAMTHENT OF THE ARMY 
ON gp -5 ‘Fort Ritchie Field Office 


BY CDR USAIN (66M FA1/P0 109th Military Intelligence Group 
AUTH Para 1-803 DC 2 7 £0.57 R. Fort Ritchie, Maryland 21719 


ICGP-B-FR 15 December 1973 
QUARTERLY PROGRESS REPORT NUMBER —— — 


Period l5 October 1973 to 15 December 1973 


T d 


VARNE : 
SUBJECT: Operation CANARY EFFORT (U) 


1. CIRCUMSTANCES: - 
a. Although a formal briefing per se has not been presented during 

reporting period, continual liaison has been effected and maintained with 

individuals briefed on the Counterintelligence Screening Program (CISP), 

Operation CANARY EFFORT, at Fort Ritchie, Continual/constant liaison 

has been effected and maintained with the following briefed individuals: 


COL James A. Manning,[ b6 ^  ] Armor, Commander, Fort Ritchie, 


COL Daniel T. Larkin,| bó — | BPC, Deputy Commander, Fort 
Ritchie and Deputy Chief of Staff, Intelligence and Security, US Army 
Communications Command - CONUS and Fort Ritchie. 


LTC Arlyn R. Madsen, SC, Director, Tgleconunications, 


Fort Ritchie. 2 


CWl; Eari K. Osborne, USA, COMSEC Officer, US Army 
Communications Command « CONUS and Fort Ritchie. 


Mr, Joseph J. Carroll, DAC, GS-13, Deputy Assistant 
. Chief of Staff, Intelligence and Security, US Army Comunications 
Command - CONUS and Fort Ritchie, Carroll is presently the CANARY EFFORT 
CISP Coordinator, Fort Ritchie. 


Mr, Charles H. Koontz, DAC, GS-12, Chief, Security 
Division, Deputy Chief of Staff, IncslligeHpe and Security, US Army 
Communications Command - CONUS and Fort Ritchie, 


Mr. William A, Kent, DAC, GS-1i,[ bG ^] Chief, Intelligence 
Division, Deputy Chief of Staff, Intelligence and Security, US Army 
Communications Command - CONUS and Fort Ritchie. 


b. On 19 November 1973, COL Charles E. Thomann, Commander, 109t^ 
Military intelligence Group and LTC Leland J. Holland, Deputy Commander, 
109th Military Intelligence Group, visited Fort Ritchie and effected 
personal contact with BG Albert Redman, Jre, Commander, US i 
Army Communications Command - CONUS, Fort Ritchie. BG Hednan acknowledged | 
that he was aware of the existence of a CISP ai Fort Ritchie. BG Redran 
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^ further indicated a general knovledge of the aforementioned program 900.15 
as sponsored/directed by the US Army Intelligence Command (USAINTC). 
"Undersigned Project Liaison Officer (PLO) was tasked with presenting 
an approximate ten minute informal briefing of the CISP in general, 


2e RECAPITULATION OF OPERATIONAL PROGRESS DURING THE PERIOD: 


ae Wh Gary L. Peisen was assigned as the PLO for Fort Ritchie 
on 10 October 1973 and became operational on 15 October 1973, Introduct- 
t ion to essential personnel was effected without difficulty and no 
apparant operational difficulties are fcreseen, Four key personnel at 
Fort Ritchie were briefed on the CISP and executed reqvired Security 
Oaths. Formerly briefed individuals with no placement and access due to 
assignment changes were debriefed and executed required Debriefing 
Statements. Overt liaison contacts were initiated and maintained 
with both military and appropriate civilian agencies and individuals 
during the reporting period. COL Manning, Commander, Fort Ritchie, 
expressed a keen interest in the CISP at Fort Ritchie and projected 
a sense of gratitude for accomplishments rendered during the 
reporting period. COL Manning further stated that he had every intention 
of continuing the CISP at Fort Ritchie as he believed it's contribution 
to enhancing the security posture of Fort Ritchie and the Alternate 
Joint Communications Center (AJCC), Site "R", was invaluable. 


' b. During reporting period a total of 22 Agent Repofts (DA Form 
341) were submitted by PLO pertaining to incidents and adverse suitability 
information concerring US Army personnel assigned to the US Army 
Communications Command = CONUS and Fort Ritchie, The majority of the 
aforementioned Agent Heports cited US Army personnel having access to 
ihe AJCC, Site "R", Fort Ritchie. 


c, During reporting period Conventional Sources were vetted and 
provided reportable information concerning adverse suitability information 
regarding US Army personnel assigned to sensitive duties at Fort Ritchie. 
One Conventional Source was assigned a Key Sheet Identification Code 
and provided reportable information. 


a. Spotting and Assessment for Confidential Sources with placement and 
access continues. . 


3 SIGNIFICANT COUNTERINTELLIGENCE INFORMATION DEZVELOPZB: 


a. AS previously stated, a total of 22 Agent Reports (DA Form 
341) were submitted by PLO pertaining to incidents and adverse svitability 
information concerning US Army personnel assigned to the US Army Conmunications 
Command - CONUS and Fort Ritchie. The majority of the aforementioned 
reports concerned US Army personnel, assigned to sensitive positions at 
Fort Ritchie, allegedly involved in drug abuse or drug abuse incidents. 
While drug abuse per se is not within the investigative purview of USATE 
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the issue dces involve suitabliity of the individuals concerned to 

hold security clearances and occupy sensitive positions. Upon 

receipt of the aforementioned adverse information, immediate 

action was taken to notify the CANARY EFFORT CISP Coordinator, the 

Commander, Fort Ritchie, and the Director, Telecormunications, if 

. applicable. In addition to the aforementioned, action was initiated 

to disseminate information criminal in nature to the appropriate 

military and civilian authorities. In one case, liaison with 

a Conventional Source, disclosed that a member of the US Army assigned 
m to Fort Ritchie, was experiencing adverse financial difficulties. 

Aforementioned information was brought to the attention of the 

CANARY EFFORT CISP Coordinator and resulted in serviced commend 

having requested a Suitability Investigation from USAINTC concerning 

the individual involved, 


US Army Communications Command - CONUS and Fort Ritchie, with duty 


as a Teletype Repairman, Telecormunications Directorate, was reported 

as having questionable financial habits, i. e., indebtedness. Information 
contained in submitted Agent Report was reported to CANARY EFFORT CISP 
Coordinator, the Commander, Fort Ritchie, and the Director, Tele- 
communications. The Project Control Officer (PCO) and PLO will continue - 
to monitor the aforementioned situation closely end report significant 
findings via appropriate Agent Report and to CANARY EFFORT CIS? Coordinator. 


2 "4 
Ce Covert Sources within CANARY EFFORT target area continue to 
report information concerning drug and alcohol abuse by members of the 
US Army at Fort Ritchie and the AJCC. Covert Sources have also reported 
adverse suitability information, i, e., financial and moral indiscretior, 
involving both US Army .nd Department of the Army personnel at Fort 
, Ritchie and the AJCC, Monitoring will continue. 


he COMMENTS, REMARKS, AND RECOMMENDATIONS: 


ae It is énvisioned that a formal Quarterly Briefing will be presented - 
to BG Redman, COL Manning, LTC Madsen, Mr. Carroll, and Mr. Kent in early 
January 1974. The aforementioned is deemed appropriate as this PLO did 
not become operational until 15 October 1973 and there is no record of 
‘a formal Quarterly Briefing having been presented concerning Cperation 
CANARY EFFORT since 8 January 1973. The aforementioned proposed briefing 
will be held in abeyance until such time it is deemed appropriate, with 
USAINTC approval, to present BG Redman with the approved USAINTC CISP 
briefing, if applicable. The reader should also consider current 
instructions issued by Headquarters, 109th Military Intelligence Group, 
to the effect that ACIP coverage be expanded to include US Arm; 
Communications Command - CONUS elements not thus far included in the 
current operations plan coverning CANARY EFFORT, 
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ba PLO and PCO enjoy an excellent working relationship as does 
PLO with his counterparts, liaison contacts, and Conventional Sources, 
It is invisioned that the CISP, Operation CANARY EFFORT, at Fort 
Ritchie will become increasingly productive and will ultimately 
afford the Commander, Fort Bitchie, with coverage desired, i. ĉas 
enhancement of the security posture of Fort Ritchie and the AJCC by means 


not locally available the . 
= PD. 
GAR 


. PEISEN 
Cwh, USA 
Project Liaison officer 
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P, O. BOX 176. EATONTOWN, NEW JERSEY 07724 


` QUARTERLY PROGRESS REPORT NUMER 15 
Period: 1 September 1973 to 10 December 1973 


WARNING NOTICE: SENSITIVE SOURCES AND METHODS INVOLVED R 
F GRADED u 


NCLA 
SUBJECT: CENTRAL TAXI (U) a A SSIFIED 

AUR R ANSO Roo 
1.(U) CIRCUMSTANCES: Para 1-603 po 


D On 10 December 1973, Querterly Progress Report Nunber 15 was pa, or S200, 18 
to ITC Richard 0. Aamot, Chief, Security Office, US Army Electronics Command 
(ECOM), Fort Monmouth, New Jersey, in LTC Aamot's office; no others were present. 


2. RECAPITULATION OF OPERATIONAL PROGRESS DURING THE PERIOD: 


a The Lead and Development Report mentioned in Quarterly Progress Report Nun- 
bers 13 and 14 (IC-B-075 (T) ) was approved by the US Army Intelligence Command. 
Recruitment of this prospective confidential source has been delayed, however, 
due to his heavy travel schedule. The Project Liaison Officer recently arranged 
a meeting between the PLO, the Project Control Officer and this prospective 
source, which will take place on 12 December 1973. His recruitment will be effect- 
ed at this time. 


b. The new FCO is now on station and has re-contacted all CENTRAL TAXI confi- 
dential sources at least two times. The sources promised their continued coop- 
eration with the new PCO. i 


c. The name of the program has been changed from Aggressive Counterintelligence 
Program (ACIP) to Counterintelligence Screening Progran (CISP). 


_ d. Emphasis continues on spotting, assessing and recruiting conventional sources. 
A vigorous spotting and assessing effort was implemented by the PLO during the 
reporting period. The names of nine prospective conventional sources wen» fer- 
warded by the Fort Monmouth Field Office on 23 October 1973 to the 109th M1 Greup 
Heedquarters requesting contact approval. Approval was granted, and to date, the 
PLO has contacted and recruited three of these sources. 


e. Due to the move of ECOM/Philadelphia to Fort Mormouth, the mission of the 
ECOM/Philadelphia CISP will be incorporated into CENTRAL TAXI. 


fu). SIGNIFICANT SEs INFORMATION DEVELOPED: 
E ETLE CLOTH 
ae On 2 Noverber 1973, darain was received that| b6 see 
Quarterly Progress Report Numbers 11, 12 and 13) was separated from Government 
DEALS 09 GUNS -— 
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Service and is no longer an employee at ECOM, Fort Monmouth. (CR-09-109-MON, re ! 
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IC-B-072, dated 6 November 1973). 
Ela TEC es f, 

b. On 2 Novezber 1973, information was received that b6 (see 
Quarterly Progress Report Numbers 11 and 12) allegedly continues to be involved 
in narcotics traffic. (CR-C9-109-MON, re IOC-B-072, dated 6 Novesber 1973). 

SOPR E ES 

c. On 2 November 1973, infornation was received that a US Army truck had been 
seen delivering unidentified articles on a weekly basis to a residence on Vic- 
tor Avenue, West Long Branch, NJ, for approximately five months. This information 
was passed to CID, Fort Monmouth, for possible exploitation. (CR-09-1093-MOH, re 
IC-B-072, dated 6 November 1973). 


d. On 5 Decenber 1973, information was received that Ray Shields, later deter- 


mined to be Sherman Ray Shields, DAC, b6 ^  ]GS-11, Electronics Technician, 


Electronics Devices Branch, Froduction Engineering Division, Directorate of Re- 
search, Development and Engineering, BCO, Fort HKonmouth, was a heavy drinker of 
alcoholic beverages. An example of Shields! drinking problem was cited. On one 
occasion Shields came to work inebriated, and after being confronted by his 
supervisor, proceeded to urinate all over himself. (CR-10-109-i25, re IC-B-072, 
dated 7 December 1973; and Agent Reports by Special Agents Jerome A. Britton 
&nd Charles Grantham re Sherman Ray SHIELDS). 


he. COMMENTS, REMARKS AND RECOMMSNDATICNS: 


ae Reference paragraphs 2a, 2b and 2d above: LTC Aamot expressed deep satis- 


: faction with the progress of CENTRAL TAXI. He also stated that he intendcd on 
' officially commending everyone connected with ther CSNTRAL TAXI CISP prior to his 


retirement in mid-1974. 


b. Reference paragraph 2d above: Of the three conventional sources recruited, | 
two are employees of the Electronic Warfare Laboratory, ECOM's most sensitive 
activity and previously void of source coverage; the third conventional source 
is employed with the Maintenance Directorate, originator of the majority of SCOM's 
‘security violations, also previously without source coverage. 


c. Reference paragraph 3b above: LTC Aamot was advised that MAJ Quintarelli, 


_ Fort Monmouth Field Office Commander, and the PIO will pass the information 


concerning[ b6  Jalleged continued connection with narcotics to an appro- 
priate agency. : 


d. Reference paragraph 3d above: LTC Aamot ai that he would handle the 


matter with utmost discretion. 


2: 
a A E 
E Cf Eep 
JEROME A. BRITTON 
C43, USA 
322 PLO, CENTRAL TAJI 
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ICGP-B-FM 19 December 1973 


SUBJECT: Operation GONDOLA STAR (U) 


WARNING NOTICE: SENSITIVE SOURCE AND METHODS INVOLVED 


= QUARTERLY PROGRESS REPORT NUMBER 
Period 15 September 1973 to 15 December 1973 


1. (U) CIRCUMSTANCES: On 29 November 1973, LTC Leroy Walton, Chief of 
Security, Aberdeen Proving Ground, (APG), MD was given the initial ICIP 
briefing and a progress report by the undersigned, .Mr. Harry A. Mencke, 
Installation Intelligence Officer, APG and CPT Charles H, Lightner, Deputy 
Commander, Fort Meade Field Office, 109th MI Group, Fort Meade, MD were 
present. On 5 December 1973, COL Walter R. Harris, Commanding Officer, 
APG was given a progress report; Mr. Mencke was also present at this 


meeting. 


2. RECAPITULATION OF OPERATIONAL PROGRESS DURING THE PERIOD: 


a. This operation was inactive from the early spring of 1973 to 
October 1973, The Project Control Officer was reassigned during the 
spring of 1973 and the position was vacant until October 1973, The 
Project Liaison Officer retired in July 1973 and this position was 
vacant until November 1973. Both the new PCO and PLO are now in place 


and actively pursuing this operation. 


b. Operation GONDOLA STAR (U) has two active covert Sources. The 
PCO has recontacted each Source and started a period of building rapport 
between the Source, PCO and Military Intelligence. During this period, 
the PCO is also concentrating on verifying placement and access, operational 
training and assigning current EEI. Initially, both Sources appear to be 


responding well to the PCO, 


'3. (U) SIGNIFICANT COUNTERINTELLIGENCE INFORMATION DEVELOPED: No signifi- 
cant, cgunterintelligence information was developed during the reported period. 


4, COMMENTS, REMARKS, AND RECOMMENDATIONS: 


a. Subject OPLAN is currently under revision. Strong consideration 
is currently being given to the consolidation of operations GONDOLA STAR (U) 
and CANAL LOOP (U) since Aberdeen Proving Ground and Edgewood Arsenal con- 
m solidated into one installation on 1 July 1971. A status report vill be 
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submitted to Headquarters, LO9th MI Group by 6 January 1974. 


b. This PLO has initially placed emphasis on re-establishing liaison 
and acquiring updated information in support of this operation. Liaison 
has been established with both the headquarters and security offices of 
Aberdeen Proving Ground and Edgewood erea, Aberdeen Proving Ground. 
Liaison is also in effect with both Military Police offices, the local 
FBI office, state police and the Harford County Sheriff's Office. Effort 
will be given to the development of additional Confidential and Conventional 
Sources during the next quarters. This PLO has served two pervious tours 
of duty at Aberdeen Proving Ground and is a native of Harford County; 

ibas consequently, much personal liaison was already established when this PLO 
was assigned. 


c, COL Harris, LTC Walton and Mr. Mencke have expressed strong 
interest in the support available through ICIP and have offered their full 


cooperation. . 
Project P. Officer 
Briefer 
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2 1-89 For, 
Period: 1 September 1973 to 30 November 1973 7 DOD E2690 


SUBJECT: Operation CONG SILK (U) 


ITRCUSSTANCZS: 


n 6 December 1973, Quarterly Progress Report' hunter 14 was presented 

orally to COL Jusathan L, Holman, Commander, Picatinny Arsenal (PA), Dover, 

New Jersey, and to kr. John R, Greffe, DiC, Chief, Security Office, Ps. Greffe 

is the CISP Coordinator for PA, The briefing was included in a liaison visit 

made by COL Charles E. Thomann, Commander, 109th Military Intelligence Croup, 

Fort George C. Meade, Maryland, The primary purpose of this liaison visit was 

for COL Thonann to explain to COL Holman the methodology and purpose of the 

CISP, and to discuss conventional source limitations imvosed by COL tolman during 
Quarterly Progress Report Briefing #3 on 6 September 1973. Cther 109th HI Group 
representatives in attendance were LTC Glenn E. Yornsand, Commander, horthern Area 
Control Office; MAJ Nicholas F. Quintarelli, Commander, Fort Monmovih Field 
Office: MAJ Hugh FPitaratrick, Assistant Group Cperations Officer; and w01 Eugene 
H, McNally, Project Liaison Officer, PA, 

2; (D RECAPITULATICH OF OPZ2ATICHAL PROGRESS DURING THS PERIOD: 

a, When briefed on the CISP on 6 Septeubor 1973 {reference Guarierly Progress 
Report #13), COL Eolman expressed apprehension over the establishment of a 
conventional source program on his installation. As a result, he imposed the 
requirement that the nanes of all potential sources be coordinated in advance 

with his Security Officer, Nr. Greffe. Greffe had later stated that initdelly 

he would want to coordinate the selection of all conventional sources directly 
with COL Holman. Because there was a question as to the advisabiliiy of 

taking such action, PLO was instructed to begin spotting and assessing potential 
conventional Sources; to complete the necessary investigative checks on those 
individuals selected; but to hold contact in abeyance until the linitations impcsed 
by COL Holman could be resolved. During the reporting period, PLO selected and 
completed the investigative checks on 12 civilian employees within the target area 
at Pa, Since initiation of the checks, one of the individuals has retired fron 
government employment, and his file has been eliminated, PLO has formulated a 
conventional source contact &pproach plan, and has coordinated it with the 
Conumander, Fort Monmouth Field Office. 


b. The new Project Control Officer is now on station end has recontacted 
all GONG SILK confidential sources, The sources pledged their continued suppert 
tg the new PCO, 


3 SIGNIFICANT COUNTERINTELLIGENCE INFORMATION DZVELOPZD: 


Classifed by Sara T T eee 
EXENP? FRON GZNZZAL DETLASSISICAVION 


SCHEDULE OF EXECUTIVE ORDER 11682 
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i a. On & September 1973, an employee of the Aerobellistics Branch, 

Engineering Science Division, reltman Research Laboratory, PA, visited the 

Security Office and stated that he believed that another employee possibly was 

tampering with eguipzent in the wind tunnel. FLO interviewed this unsolicited 

Source on 5 Septezber 1973 and on 20 Septenber 1973 when he returned io relate 

further information, Additionally, a co-worker visited FLO on 21 Septemrer 1973, 

i at the apperant encouragement of the individual who made the initial visit, 

| These visits were recorded in 4gent Reports, Subject: Possible Tampering of 

Equipment in Wind Tunnel, Engineering Science Division, Aerob2llistics rranch, 

| Experiment Evaluation Section, Feltman Research Laboratory, Picatinny Arsenal, 

i Dovey, Hew Jersey 07801, signed by PLO and dated: 4 September 1973, phase 

| designaticn (OFFICIAL SOURCE); 6 Septeuber 1973, phase designation (KXISCELLANZCUS); 

| 20 September 1273, phase designation (MISCZLLANLOUS); and 24 September 1973, 

phase designation (MISCELLANECUS), Related reports were Agent Report, Subject: 
civ, bó | DFOR: b6 

dated 4 September 1973, phase designation (201 FILE C3ZCK), signed by Thonas P, 

Ciccarelli, 109th MI Group; and Agent Report, Subject: SWZTZ, Andrew J., CIV, 

DPOR: 2 July 1920, Franklin, New Jersey, dated 10 September 1973, 

phase designation (201 FILE CHECK), signed by PLO, Information contained in all 

reports was provided to the Security Office, PA. : 


b. On 5 November 1973, a telephone cell was received by the Office cf the 
Army Materiel Command, Project Manager for Selected Ammunition, FA, from an 
individual who desired information regarding names and addresses of US Ammunition 
| contractors. After telling the caller that he would check into the request and 
return the call, the employee receiving ihe cell obtained the name and address of 
the caller and reported the matter to the Security Office, PA, Initial inquiries 
were made by the PLO and the 109th MI Group SECAP representative and the retvlts 
of the inquiry were relayed to the Security Office, PA, The inquiry is reported 
in Agent Report, Suuject: Request for List of iunitions Contractors in the United 
States, dated 6 November 1973, phase designation (MISCELLANEOUS), signed by PLO. 


, A 


|a, COL Holman obviously recalled the details of the last briefing, and indicated 
that be had given thought to a conventional source program at PA, His attitude 
was that although he was unaware of any threat, and did not feel that there-was a 
threat, it would do no harm to have this preventive detection program inplenented; 
therefore, he readily recommended that the conventional source progran begin. 
COL Thomann gave an in-depth explanation of how the 109th kilitary intelligence 
Group could be of assistance in the CISP and other fields, and COL Holman was 
impressed with the discussion and felt certain that those in Military Intelligence 
were the experts in the field. COL Holman was assured that before an individual 
would be selected as a potential conventional source, an extensive backsround check 
would be completed and that rature judgment would be employed throughout the oper- 
ation, It was mutually agreed that the names of prospective conventional sources 
would be verbally cleared through Mr, Greffe, but that no list would be provided 
or maintained by the Security Office. COL Holman requested that if a "flap" appeared 
imminent during a contact, that he be immediately notified by FLO so that he could 
contact the individual and placate him. CCL 
be the procedure. : E 


COMMENTS, REMARKS, AND RECOMMENDATIONS: 
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b. Both COL Eolran and Kr. Greffe appeared highly, pleased with the 
command visit, end to have a proper awareness of ihe CISF, FLO has been 
given permission to initiate contact with the prospective conventional sources 
by HQ, 109th Ki Group, Contacts will be effected cn a celiberate “one-by-ore" 
basis commencing mid December 1973. Because of this command visit, PLO feels 
that the obstacles have been removed and the operation can progress smoothly, 


hbo my 


Cys Furn: > i EUGENE H. McHALLY ^ 
WACO WO, USA; 

A, PCO Project Liaison Officer 
PLO, PA 5 
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DE TMENT OF THE ARMY h 
FORT MEADE FIELD OFFICE. 1097H MILITARY INTELLIGENCE GROUP : 
FORT MEADE. MARYLAND 20755 


ICGP-B-FM REGRADED UNCLASSIFIED 19 December 1973 
ON. SEP -5 1990. 


i SUBJECT: 'O erario CANAL LOOP @¥ CDR USAINSCOM F01/PO 
| i ne Para 1-603 DOD 5200.1H 


we meee a 


a hth inh em ayn a ep SS a 


| - QUARTERLY PROGRESS REPORT NUMBER 
i Period 15 September 1973 to 15 December 1973 


1. (U) CIRCUMSTANCES: On 29 November 1973 LIC Leroy Walton, Chief of 
Security, Aberdeen Proving Ground, (APG), MD was given the initial ICIP 
briefing and a progress report by the undersigned. Mr. Harry A. Mencke, 
Installation Intelligence Officer, APG and CPT Charles Lightner, Deputy 
Commander, Fort Meade Field Office, 109th MI Group, Fort Meade, MD were 
present at the briefing. On 5 December 1973 COL Walter R. Harris, Com- 
manding Officer, APG was given a progress report; Mr. Mencke was also 
present at this meeting. 


"— — ME 


2. RECAPITULATION OF OPERATIONAL PROGRESS DURING THE PERIOD: 


a. This operation was inactive from the early sprifíg of 1973 to 
October 1973, The Project Control Officer was reassigned during the 
spring of 1973 ‘and the position was vacant until October 1973. The 
Project Liaison Officer retired in July 1973 and this position was 
vacant until November 1973. Both the new PCO and PLO are now in place 
and actively pursuing this operation, 


b. Operation CANAL LOOP (U) has five active covert Sources. The 
PCO has recontacted each source and started a period of building rapport 
between Source, PCO, and Military Intelligence. During this period, the 
PCO is concentrating on verifying placement and access, operational train- 
ing, and assigning current EEI. All Sources initially appear to be re- 
sponding well to the PCO. i 


3. (U) SIGNIFICANT COUNTERINTELLIGENCE INFORMATION DEVELOPED: No signifi- 
cant, counterintelligence information was developed during the reported period, 


4. CONMENTS, REMARKS, AND RECOMMENDATION: 


a. Subject OPLAN is currently under revision. Strong consideration 
is currently being given to the consolidation of Operations GONDOLA STAR(U) 
and CANAL LOOP (U) since Aberdeen Proving Ground and Edgewood Arsenal 

x consolidated into one installation on 1 July 1971. A status report will 
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be submitted to Headquarters, 109th MI Group by 6 January 1974. 


b. This PLO has initially placed emphasis on re-establishing liaison 
and acquiring updated information in support of this operation. Liaison 
has been established with both the headquarters and security offices of 
Aberdeen Proving Ground and Edgewood area, Aberdeen Proving Ground. 
Liaison is also in effect with both Military Police offices, local FBI 
office, state police anå the Harford County Sheriff's Office. Effort 

Ae will be given to the development of additional Confidential and Conven- 
tional Source during the next quarters. This PLO has served two previous 
tours of duty at Aberdeen Proving Ground and is a native of Harford County; 
consequently, much personal liasion was already established when this PLO 
was assigned. 


-c, COL Harris, LTC Walton and Mr, Mencke have expressed strong in- 
terest in the support available through ICIP and have offered their full 
cooperation. 


d. COL Kenneth L. Stahl was assigned as the Commanding Officer, 
Edgewood Area, APG in September 1973. Since he had not been given the 
initial ICIP briefing, he was not given a progress report on 21 December 


1973. 
BA AA 
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. DEPARTMENT OF THE ARMY 
9020 MILITARY INTELLIGENCE GROUP 
P. O. BOX 113 
FALLS CHURCH, YA. 22046 


ICGP-H/PCF-S08 l 13 December 1973 


SUBJECT: CENTURY SQUAD (U) 


Commander 
, United States Army Intelligence Command . 
XD ATTN: iICDO-OP " REGRADED EXCL COMES 
Fort Meade, Maryland 20755 ON SEP -5 1337 
BY CDR USAZ.S CON F01/PO 
AUTH Para 1-603 DOD 5200.1H 
l. Reference letter, USAINTC, ICDO-OP, 15 October t subject: 


Aggressive Counterintelligence Program (C). 
2. Recapitulation of Operational Progress: 


a. Official Military Personnel Files (OMPF) for ten (10) individuals 
appearing to meet the criteria for recruitment as a confidential source 
have been received from The Adjutant General's Office (TACO). Meticulous 
review of these files is currently in progress. 7 


b. Local and National Agency Checks concerning these individuals 
have been requested through channels established by the Liaison Branch, 
902d MI Group. It is anticipated that the results of these checks will 
be forthcoming during the next reporting period. 


c. Files maintained by the Civilian Personnel Office, The Pentagon, 
were examined concerning 17 individuals assigned to the target agency. 
Evaluation of the data contained in these files continues. Concurrently 
with this vetting process, Local and National Agency Checks were requested. 
It is anticipated that the results of the checks will be received during 
the next reporting period. 


d. Additional identifying data on selected individuals assigned to 
the target agency has been submitted to the Investigative Records 
Repository. This information should resolve the problems encountered 
in dossier retrieval. 


e. Attached as an inclosure is a report of counterintelligence 
inspection conducted at the target agency A October to 5 November 1973. 


ib? piil — LTC, MI » a 


Deputy Commander 
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DS REPORT OF COUNTERINTELLIGENCE INSPECTION 
OF 
United States Army Management Systems Support Agency 
Room BD 1028, The Pentagon 


aed SECTION I. INTRODUCTION 


-— 


]. An announced counterintelligence inspection of the United States Army 
Management Systems Support Agency (USAMSSA), Room 8D 1028, The Pentagon 
was conducted during the period 29 October through 5 November 1973, by the 
following Special Agents of the Pentagon Counterintelligence Force, 902d 


Military Intelligence Group: 
n William H. J. Count 


George M. Vaughn. 


2. Captain James K. Clements, Security Manager, acted as contact for and 
assisted in coordinating the activities of the inspection. 


3. The last counterintelligence Service was conducted during the period. 
21 to 25 August 1972. 


| SECTION II. SCOPE 


4. This inspection included an examination of the degree of compliance with 
DOD Information Security Program Regulation 5220. TR and AR 380-5 of the 
following offices of USAMSSA: ^ 


Headquarters, Management and Administrative Support Group 
Scientific Systems Division 

Systems Development Division 

Operations Division 


5. USAMSSA has on hand approximately 850 SECRET documents and approximately 
20 linear feet of CONFIDENTIAL material. No TOP SECRET documents are main- 


tained within the USAMSSA. r- 
SECTION III. FINDINGS AND RECOMMENDATIONS 


6. There are no uncorrected or repeated findings. 


7. Current Findings: No major deficiencies or Shortcomings were noted during 
the inspection. Minor administrative deficiencies were corrected on the spot. 


8, Physical Security: Only those aspects of physical security relating to 
classified storage were inspected in conjunction with this service. 

four of the containers utilized for the storage of classified material co not 
meet the minimum requirements set forth in paragraphs 5-101 and 5-102, DOD 
Information Security Program Regulation 5200.1R. USAMSSA has requisitioned 
approved security containers to replace the unapproved containers, The 
unapproved containers are under 24-hour observation by USAMSSA personnel. 
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cu 3. . SECTION IV. COMMENTS 


~ 
`, 


9. The overall security posture of the serviced area is excellent. The 
USAMSSA Security Education Program is considered adequate. Incoming 
personnel are briefed concerning the handiing, storage, and transmission 
of classified information. In addition, all personnel are given a periodic 
review to determine their compliance with existing security regulations. ! 
USAMSSA is currently revising its existing SOP to enhance the overall ! 
security posture. Reproduction of classified material is held to a minimum 
consistent with operational necessity. A copy of the restrictions imposed 
on reproduction of classified material is posted near the reproduction 
machine. The USAMSSA requires a 100% monthly inventory of all SECRET docu- 
: ments recorded on the Division Log. Additionally, the USAMSSA requires 
a doublecheck of each item of equipment within the individual offices and 
that DAS Form 11 (doublecheck List) be signed and maintained on a daily 
working basis. The duty officer is required to carry numerous keys during 
his after duty checks. Master keys would better serve this purpose. The 
Pentagon Custodial Engineers have such master keys and arrangements could 
be made with them to obtain master keys for. the offices within the unit. 
The USAMSSA needs to implement a preventive-maintenance program on its 
security containers, as handles on several security containers are loose. 


SECTION V. EXIT BRIEFING 


- 


10. All aspects of this service were discussed during an exit briefing on 
9 November 1973 with Captain James K. Clements, Security Manager. 
. E 


r 


/BYRON W. HUNT : 
TC, MI 
Commanding : ———— -—— 
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DEPARTMENT OF THE ARMY 
WASHINGTON FIELD OFFICE 
fih. MILITARY INTELLIGENCE GROUP 
WASHINGTON. DC 20319 


Tey REE T0 : 
ICGP-b-VA 13 Decerber 1973 


QUARTERLY PROGRESS REPORT NUMBER 2 
Period: 25 October 1973 to 13 December 1973 
WARNING NOTICE: SENSITIVE SOURCES AND METHODS INVOLVED 


TM SUBJECT: Operation Lanyard Mood 
{Ws CIRCUMSTANCES: 


On 25 October 1973, OPLAN Lanyard Mood was formally re-activated ina 
visit to MAJ Clyde Bryant, Security Officer, Defense ’Languare Irctitgta 
East Coast (DLIEC), by MAJ D.N. Kappel, Commander WFO- CW3 Clarence EZ. 
Barker, Liaison Officer, WFO: and CW2 Guy J, Battiste II, Project Liaiscn 
Officer (PLO), DLIZC. On 30 Cctcber 1973, PLO briefed MA id Sryant on the 
CISP. It was agreed that the briefing of the Comrander, DLISC, should le 
delayed until the Oplan was rewritten ard a positive approach to the 
program was developed, To date, all meetings with VAJ Bryant have teen to 
further that purnose. i 


{i RECAPITUL!TION OF OPERATIONAL PROGRESS DURING THE TCOIOD: 


Screening cf personnel at DLIEC has begun fog the purpose of identifying 
those individuals whose backgrounds and/or activities might fall within the 
scope of the EZI in the Oplan, as well as these individuals who may be 
ccnsidered prospective sources in the future. 


3. (e SIGNIFICANT COUNTERINTELLIGENOS INFORMATION DEVELOPS): 


ae T 


Referred 


4 > COMMENTS, REMARKS, AND RECCUMENDATICHS: 


The revised Cplen for Lanyard Mocd was submitted to Headquarters, 
109th KI Group on 5 December 1973. Pending approval of the Onlan, the PLC 
will continue laying the groundwork for the operation at DLIEC, ari sireenine 
personnel files to determine those personnel gho mirht be of operational 
interest. The formal briefing of the Commander, DLISC, has nct beon 
scheduled, but a target date for the briefing is within the first iuo weeks 
of January 1974. DLIZC has proven in the past to be a successful CIS? * 


»iTpev, 
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and can be as productive in the future if approached properly. The 
structure of DLIZC, being divided into separate departments for each 
language, results in the departmenta becoming cliques of persons from 
Similar backgrounds or countries, and therefore the instructors have little 
contact with persons outside their own department. This creates a more 
delicate situation than normal,and means that the operation must be 
approached slowly and positively, as rushing into something might result in 
a case of bad judgement and turn the situation from delicate to explosive, 


« 


YY J. BATTISTE II 
"CW2, MI 
Project Liaison Officer 


^ 
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- DEPARTHENT CF THE ARMY 
SYRACUSE-SSNECA FIELD OFFICE 
409TH MILITARY INTSLLIGHICE GROUP 
PO BOX 73 SYRACUSE NEV YORK 13201 


ICGP-B-SY 11 December 1973 


QUARTERLY PROGRESS REPORT NUMBER 1 
Period 1 October 1973 to 31 December 1973 


SUBJECT: -Operation CANINE PLATE (U) * l 


T 
2 Had ftt » 
Fiets n OCES AND AETHANT IMUA 


i. CIRCUMSTANCES: On 16 November 1973, an initial briefing was given 
conceyning the CISP at Seneca Army Depot, Romulus, New York, 14541, code 
named CANINE PLATE. Present for the briefing were COL Allen H. Light, Jr., 
Depot Commander; HAJ Noel L. Weaver, former Svracuse-Seneca Field Office 
Commander; CPT Denis F. Ausflug, present FO Coxsander; and Cii2 Francis L. 
McGinn, Jr., CANINE PLATE Project Liaison Officer. 


Al RSCAPITULATICY OF OPERATIONAL PROGRESS DURING THE PERIOD: Jn the 
briefing of 16 November, COL Light was informed of the intent and airs of 
CANINE PLATE, reference HFR, 6 December 1973, re: CANINE PLATE. No other 
overt activity has taken place. See paragraph 4 below for additional remarks. 


3. (U) SIGNIFICANT COUNTERINTELLIGENCE INFOSNATION DEVELOPED: None. 


(t CORMENTS, REMARKS, AND RECOMMENDATIONS: The project liaiscn officer 

ha’s been on station since December 1972. In the past year, through 

associations formed at social activities at the Seneca Army Depot Officers 

Club, the only area in which tne PLO has sufficient reason for contact 

with depot personnel, three or four likely prospects^for conventional 

sources have been spotted. An approach will be made as soon as one very 

significant problem has been resolved. It is almost certain, because of the 

very high degree of security consciousness of depot personnel, that any 

approach by the PLO will be treated with suspicion and reported to the 

depot security officials as a possible penetration attempt, or as a test 

of their SAEDA reporting. system. This is directly against the wisnes of 

COL Light, who wants knowledge of CANINE PLATE to be confined to himself, 

This leads to the conclusion that all prospective sources, at the time of 

recruitment, must be directed to ask COL Light any questions they may have 

concerning the PLO's veracity. This would reveal the identity of the sources 
Classifed by, © 9T us o UAE Sue ciem 
EXEMPT FROM GENERAL DECLASSIFIC#TION 
SCSEDULE OF EXECUTIVE ORDER 11652 

cec BASEPTION CATEGORY 22002 
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to the Depot Comzznder. The chances of having the project revealed with 
subsequent embarrassment to the Depot Cormender and to the 109th LI Group 
are too likely to be ignored. Disclosure of the identity of conventional 
sources, when necessary, does not apuear to contravene existing regulations: 
the same situation would anply to confidential sources although disclosure 
of their identity can only be done with the permission of the Commander, 
USAINTC, Fuller discussions of this matter will be held on 14 December 1973 
with the Commander, Northem Area Contrel Office; at which time opinions 
and advice will be solicited, - 
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PARTHE WT OF THE ARHY ` 
HEADQUARTERS 115TH MILITARY INTELLIGENCE GROUP 
PRESIDIO OF SAN FRANCISCO, CALIFORNIA 94129 


lICGP-»-50 14 December 1973 
QUARTERLY PROGRESS REPORT HUZXBER 1. 


For the Period 10 September 73 to 10 December 73 


: Rees MIT amp eem tM: 
SUBJECT: ICIP CENTAUR RACE (U) SENGT ET VOL FED 
1l. CIRCUMSTANCES: On 5 December 1973, aJ Glen E, Robinson, Fort 
Lewis Field Office Commander, briefed LIC Homer Pickens, ACofS, 9th Infantry 
Division and Fort Lewis, representative of the Commanding Generel, 9th Infan- 
try Division and Fort Lewis, on the progress of Internal Counterintelligence 
Program (ICIP) CENTAUR RACE, 


HT MM 
as L C4p]lteiaeQjzt2 4 0a 


2, RECAPITULATION OF OPERATIONAL PROGRESS DURING THE PERIOD: 


a, A study concerning insertion of sources into the Fort Lewis military 
community has been Pie aaa and results will be forwarded by Separate corres- 


pondence . 


t, Aggressive screcning, spotting, and assessment of Installation con- 
ventional sources and potential Confidential Sources is continuing and has | 
been expanded to include all targets on Fort Lewis, | 

3 4 | 

c, The first Source Lead and Development Report (SLIR) for ICIP CENTAUR 

RACE will be prepared and submitted within 30 days, 


SIGNIFICANT COUNTERINTELLIGENCE INFORMATION DEVELOPED: There has 
been no significant counterintellizence information developed through the 


ICIP to date due to the lack of formally recruited sources, 

MX COMENTS, REMARKS, AND RECO;CX-NDATIONSZ: LTC Pickens, ACofS, 9th 
Infantry Division end Fort Lewis, continues to have an interest in ICIP. 
CENTAUR RACE, and has cooperated with Fort Lewis Field Office to the fullest 
extent, It is the desire of the Commanding General, 9th Infantry Division 
and Fort Lewis, not to te present for briefings unless Significant counter- 


intelligence information is to be discussed, 


see Ce Ye 
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3 December 1973 
, * QUARTERLY PROGRESS RZPCHT NUBI 
CENTAUR SALÈ 


Period 13 October 1973 to 28 November 1973 


Le (UJ CIRCUIISTANCES: 


.0n 28 November 1973, CW3 James E, Harnish, Project Liaison Cfficer (FLO), 
MERDC, provided Colonel Tehno R. Bukkala, Commander, NERDC, Leslie L, Askew, 
Security Officer, HERDC, and Edna T, Payne, Assistant Security Officer, MRDC, 
with the 2nd Quarterly CISP Briefing, The briefing was presented one week 
earlier than projected due to the uncertainty of the Commander's pre-holidey 
December schedule. The briefing was well received with no problems encount- 


ered. uw 


2. RECAPITULATICH CF OPE ATICKAL PROGRESS DURING TEE PERICD: 


* 
Six'prpspective Sources were spotted during this period. 


3. TGHIFICAiMT COUHTERIPTELLICENCZ INFURM TION DEVELOPED; 


During this period three Agent Reports vere produced, These reports were 
as follovs:[ B64 D — —Q- 


» report submitted :5 October 1973, concerned suitability due to 


Pdebteiaess;| pS, mw[ - be 
CIV[ be [report submitted 5 November 1973, concerned suit- 

ability due to alcohol drinking problem; b6 | DPCB: 
SSN report submitted 22 November 1973, 
ed à /threstening telephone ca 


(Uc 
Me) COMETS, REiiARZS, AND RECOUMENDATIONS: 


concern 


4, 


,Át the present time there is no approved CPLAN available for this pto- 
ject at the Washington Field Cffice, The next Quarterly Briefing of the 
Commander, MEDC, will be within the first two weeks of March 1974, and 
will realign the briefing schedule. NenDC is a good CISP target, and hes 
the potential for a successful project, howaver the PLO's time cn site is 
limited due to being PLO at another installation also, To be more cfiactive 


MeRDC must be a full time project. 
LIPPER Chak 
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j 3 December 1973 


QUARTERLY PROGRESS REPORT NUMBER 2 
SUBJECT: CENTAVO KID 


Period 12 October 1973 to 12 November 1973 


nt k 4 » -er 2 110r ' LB onis ad (TO pn Um tm 
WARNES HOTICE-SERSHIVE SCHRCES AND MEIRUDO bevel 
1. | (UW) CIRCUESTANCES: 
alas On 12 November 1973, the Commander, Harry Diamond Laboratories(HDL), 


was briefed on the revised CENTAVO KID OPLAN, Present at the briefing were, 

Colonel David W, Einsel, Commander, HDL, Major D.N., Kappel, Commander, WFO, 

LO9th MI Group, Mejor Thomas R, Mooney, Executive Officer, HDL, CH3 James 

E, Hornish, PLO, Alfred F, Schneider, Security Cfficer, HDL, and James H. 
-Yeick, Assistant Security Officer, HDL, Due to the close proximity be- 

tween this briefing and the December Quarterly Briefing, both were com- 

bined, The briefing was well received and no problems were encountered, 

The next Quarterly Briefing will be delivered within the first tvo veeks 

of Merch 1974, and will realign the briefing schedule, 


2. RECAPITULATION OF OPZ-ATTION;L PROGRESS DURING THE PENACDS 


Since the approved and revised CPLAN has been evailable, six potential 
Sources are undergoing Local Agency Checks. A problem in cooperation as in- 
dicated in Quarterly Yrogress Report “umber 1 within the HDL Security 
Office has been resolved end cooperation from the Security Office has im- 
proved, : 


One’ Agent Report was produced during this periodas follows? LAKERS 
Guillermo B., DPCB: 29 January 1935, Buenos Aires, Argentina, civ[t6 ] r 
report submitted 19 October 1973, concerned suitability infor- 
metion, 


4, (U) CCHiESTS, REMARKS, AND RECCO GZUDATIONS: 
None . 


goné fy ero A 


JAHZS E. H-RNISH 
CW3 — 
Project Liaison Officer 
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PARTMENT OF THE ARMY 
FORT CARSON FIELD OFFICE 
115TH MILITARY INTELLIGENCE GROUP 
COLORADO SPRINGS, COLORADO 80901 


ICGP-F-CÀÁ 10 Dacember 1973 


QUARTERLY PROGRESS REPORT NUMBER 1. 


| PERIOD: 11 September 1973 to 10 December 1973 
| fake pomerium eoi ici igni en Fits eris 
| SÜBJECT: Operation Canary Stone (U) 
1: CIRCUMSTANCES. 


Effective 1 December 1973, the Dugway Proving Ground Resident Office 
was established and became operational. SFC Pete A. Gonzales (PLO) has 
been assigned to the Dugway Nesident Office, esmentbaicewsnted-nome 
C CE ENDE E To date, the PCO has not been 
assigned to Operation Canary Stone, therefore, no progress briefing was 
preserves to the Commander, Dagway Proving Ground, pertaining to the past 


quarter's activities. 


2. (U) REOSPITULSTION Or OPERATIONAL PROGRESS DURING PEniod. 


No operational assets were utilized during the reporting period. 


3. (U) SIZNIFICANT COUNTERINTSLLIGINCE INFORMATION DEVELOPED. 


None has been developed during the reporting period. 


4. (U) COMMENTS, REMARKS, AND RECOMMENDATIONS. 
The Dugway Resident Office is located in Room 2204, Building 5234, 

Dugway Proving Ground, Dugway, Utah. The Intraservice Suvsort Agreement 

between the 115th MI Group and Dugway Proving Grcund bas been finalized 


and is in the process of being signed by ap.ropriste unit representatives. 
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THIS MUST REMMIN TOP DOCUMENT 


DOSSIER NO. zroii1940N 


Vol 4 of 7 Vols 


E 
"1n As of 18 Sep 85 all materia) included 
Bd (Date) 


in this file conforms with DA policies currently 


in effect. 


18 Sep 85 
Signature Date Signed 
i $5 
rinted Name Grade 


Pietra for 
Criteria vate AR 381 erste 43 
Reviewer {fuer | pate Agr" 


THIS MUST REMAIN TOP DOCUMENT 


IA (HQ) Form 2214 Replaces MIIA Fm 315, 1 Jun 75, which may be 
(4 Sep 78) used until supplies are exhausted. 


Page 
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CONTENIS 


TITLE 


Memo for VCSA from UofA, SUBJ: ICIP 
Memo thru VOSA for USofs, SUBJ: ICIP 


lst Ind to USAINTA, Approval of CANTER RIDE 


Ltr from USAINTA, Evaluation of Selected 
Installations in Panama Canal Zone 


Quarterly Report, lst Qtr, CY 75 


Ltr to Cdr, APGapproving continuation of 
GONDOLA STAR 


Ltr to Cdr, PCF, disapproving OPlan 
Quarterly Rpt, 2nd Qtr, CY 75 


lst Ind to USAINTA, Approval of revises 
OPLAN CANS RY EFFORT 


MI 


Quarteriy Rpt, 3d gtr, CY 7 
Memo for Record, Suri: ICL? CERRY Erru 


Msg to LSALU on proposed ICI? 


DP to USAINTA, Cuerterly I^I? Reports: 
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DATE 


21 Jan 75 
h Feb 75 
7 Mar 75 

28 Apr 75 


27 May 75 
iio 75 


1 Aug 75 
15 Sep 75 
15 Sep 75 


2¢ Now 75 


METTE 
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ICIP'S TERMINATED, £5 OF Fas T5 


CANAL ROPE 
CAHARY STONE 
CANTINA ARCH 
CAUYON HIST 


CONTAUR SALE 


e 


EJTRA TAXI 


CENTURY SQUAD 


JUNDOLA PLAG 


US Army Communications Comzand, Ft Huachuca, AZ 


Dugway Proving Orcund, UT 


US Army Air Defense Center, Ft bliss, TX 
Unstilla Army Depot Activity, Hermiston, Oregon 


US Army Mobility Egui:iment Kesearcn and Develop- 
ment Center, Ft Belvoir, V. 


USArmy Electronics Commend, Ft Vonmouth, NJ 


US Army zlecironics Proving Ground, Ft Huachuca, #2 
Defense Language Institute Hast Coast, Wash. Navy Yere 
Picatinny Arsenal Armarents ^omesnd, Dover, ii 

US Arny War Coliege, Carlisle barracks, PA 


Reinstated for 6 Months. 


D uic ASST iED 
-5 1991. 
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DAMI -DOH Quarterly ICIP Reports (U) 
CDR, USAINTA DAMI -DOR UA 
ATTE: MIIA-SO LTC Haeoile/mjb/56150 


FT MEADE MD 20755 
Reference, message, DAMI-DOB, 0321152 Dec 75. 


1i. (v) 
AB, Attached for your files is a copy of the INFORMATION MEMORAKDUM to the Under 
Sec ry of the Arwy (less inclosures) which forwarded summaries of the nine on- 
going CONUS ICIP operations as subaitted by your headquarters. The sumary pertaining 
to a preposed ICIP by the $6th MI Group in support of UASA wes not included in this 
submission. Upon receipt of a response to the above referenced message, a decision i 
will be made whether to include that opecmtion in the sext quarterly report. 


3. In etaffieg the Quarterly MIP Report within ACSI, the Acting Director of : 
Iatelligence Operations noted that many of the summaries of on-going actions contained i 
too many details of individual cheracter/behavior issues. In future quarterly reports, | 
suítability-type information pertaining to iodividusis covered by the ICIP project 
should be either eliminated or summarited im general cocments. 


4, On a seperate matter, when the ACSI reinstated the ICIT CONDOLA STAR in 
July 1975, he indicated he would rewiew the ICIP in sir months to determine if 
significant information had been developed to warrant continustion of the proiect. 
It is requested that your headquarters conduct a review of this ICIP and furnist: 
your comments sod recammendations to this office by 9 January 1975. 


FOR THE DIRECTOR OF INTELLICENCE OPERATIONS: 


feed: L Bir 
1 Incl L. A. SPIRITO | 
as Colonel, GS | 


Chief, HUMINT Division 


M TRES roc n 


ChesiSedbs Mv 0A | 


gx comes ; 3 


d o M Dorn e —Á— € 


E FORM 41 


cae un (IGPR) 100-11.206 


Page 1846 of 3957 


Page 1847 of 3957 


^. — 34$ 


Page 1847 of395 4 


= ————— ! Page 1848 of 3957 


M Ar m ep he, 


x : 1 P3 USARE on. rc. E 


respe Á asa MEG 

= EC "24 ; 
E kh indies Fe a a 
$a» SAMS of DOr? peg irm (of 
seme 


be Kem eut hepr week, 


D USRCEIR Fim ho Uy ene 
cA thet piens Ker rot 
des Fondue dh By rot 
A P 

^ onze dul IT fe 67 Sl 
DT X preted Oan P | 

p TA "E me 2 See ! Eh 

Jearth go r | JO6292290 
"M | WE 


Page 1848 of 3957 


—————————————— 


. Page 1849 of 3957 


e— c o HH S REC Re HR aae 9— om ——— —— —— —M ——— À— — —À TELE ee re 


: M t REGRADED UN NO} ASSIFED 
z P eor e OM SEP 
- pE LE X xw BY co USAINSCOM FOVPO, 


rar 
1 
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P Tad e IADEROSA, CHIEF, CI DIV, ODCSI, USAREUR FOR COL "s 
X» P $mITO, “CHIEF, CI DIV, OacSI, DA} INFO LTC ERMES, e, 


ZEW 


$ DET, USAINTÀA. 


o = 
: SUpykeTs INTERNAL COUNTERINTELLICENCE PROGRAM (ley) an 
"| Q A DA pAMI-DOR é3x1i52 DEC 75 ($) 

i 


A HBG kawo TOPIC 1716312 SEP Ta (Ude 
e ANT {126-74 TOPIC 1841382 SEP SEP 14 QUO 


ao = Tois ium am Despi. E e 
> MELE ¢ . CA uf cmq 


of 


em 1¢D0“0P 2517432 gun 73 (£e. 
BASED oN THE WEN POLICY CONTAINED IN REF A, THIS OFFICE 
aris, Pavano o OPLAN" 5 FOR ALL USAREUR Ics, ONGOING AND PLANNED; ` 
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E SESS uz ele 


6 "Mh ACSI APPROVAL. six THE ABSENCE OF DETAILED ARMY- 
‘ip Ku on PA 1T IS DIFFICULT TO DETERMINE WHICH USAREUR 
ore 


Re A = 


b jams wo PRAJ ECTS NEET THE CRITERIA AND DEFINITION OF ai 


PE rir BY GAcSI+ In TEIS REGARD, THE FOLLOWING 


ite sd @PERAT IONS ARE DESCRIBED: 


Myptm pec 


T: 


« ËS EARLY STAGES OF IMPLEMENTATION AND WHILE A NUMBER OF COUNTER- 


ghosts OF CONFIDENTIAL SOURCES HAS YET BEEN ACCOMPLISHED. 


Be GROUP BANDI CI PROJECT BASED UPON REF F AND C INVOLVING 
USAINTA RECRUITMENT OF 19 STERILE SOURCES IN CONUS FOR IN- 

" SKTION INTO SeTk ARTY BDE,USAREUR FOR COLLECTION OF COUNTER- 
(C  SUBVERSION AND COUNTERSABOTAGE INFO. THE END OF US INVOLVEMENT 
Sg VIEN AND TKE CONCOMITANT SHARP DECREASE IN SUBVERSION / 
~ AABOTAGE ING IDINTS VIRTUALLY ELIMINATED THE NEED FOR THESE 
je. ABURCES. NORMAL ATTRITION BAS RESULTED IN OWE REMAINING GROUP 

WAND SQURCE IN ÜSAREUR WHO IS CURRENTLY HANDLED AS A CASUAL 
 CMIEMSIVE COUNTERESPIOMAGE SOURCE. = | Ec 
| Ce CERTAIN SMILE: AN ICIP IMPLEMINTED IN 1973 WITHIN gd 
| CERTAIN KEY STAFF OFFICES AT HQ USAREUR IN AN EFFORT TO IDENTIFY:  : cpp 
REGRADED UiCLASSIEED : 551 EN 
ON “=F -5 igg; LO s 


C 

C 

i BY CDR USAINSCOM FOPO 
~ AUTH PARA 1-603 DoD 5200.1-R 
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XA Pi Betifus: ACTUAL : 
OPERATIVES GH Bet wit ree” CERTAIN SMILE WAS E: 
"A a ser? m iis 4D IT'S ASSETS REDIRECTED 70- E 
sourct PROGRAMe THIS OFFICE IS CURRENTLY F E 
y ‘an QPLAM FOR CINCUSAREUR APPROVAL WEICH MILL IN- 
JéATIVELY ADDRESS THE SUSPECTED WIS THREAT AGAINST H 3 


^ "P. GAREFREE TALIT: RECENT DEVELOPMENTS IN BERLIN BASED 
COFCO 8 WAVE REVEALED INTINSE INTEREST BY SIS IN DET ka 
" MERCIAL FORCES UNIT STATIONED IN WEST BERLIN. MOREOVER, $15 


in CASE OFFICERS HAVE DISCLOSED SUFFICIENT KNOWLEDGE OF DET A TO 
t RAISE Tus POSSIBILITY OF A SUCCESSFUL 5]5 PENTETRAT ION OF DET 


cay cnt ortho 
‘ 


‘ope | 2 
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ES 


eR. 


3 m. qeu AS THE RESULT OF DEMONSTRATED OR 
EE TN 
i NPtci Sais THREATS« IN ALL CASES, APPROPRIATE COMMANDERS 


HN pat trey ow THE PERCEIVED HOIS THREAT AND HAVE EITHER 
T try or CONCURRED WITH THE CI NEUTRALIZATION PLAN» 


$c CH d os cpm. M 
: NEC 


"e; "m TO YOUR OFFICE FOR APPROVAL; QUARTERLY STATUS REPORTS 
P^ ALSO WILL BE FURNISHED x 
^e CU) REQUEST YOUR COMMENTS AS WHETHER EITHER OF THOSE PRO- 
JECTS DESCRIBED IN PARA 1D AND iE, SUPRA MEET THE CRITERIA FOR 
^. ICIP AND THUS REQUIRE ACSI APPROVAL. 
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ROUTING AND te tm SLIP 
LTC HAENDLE 
BAMT-DOH  — — — — |. 


REMARKS 
. Per our fonecon 29 Dec 75, attached is the 


of ICIP Status report from USARBUR, One of our —— 4 
people was givem the copy during a visit to Arlingtog 

| EU 
Hall] Station, M E 


Do NOT use this form RECORD of | a 
disapproval, clearmeces, and sinr acdan aE 


"JA Peonett Pr 
Spec Aot Sect, 30D 454 


oP Tic Fotu 4 
AVGUST 1947 
OSA FR {| 41CFRJ. 900-11.200 
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EHTED STATES 5843 SECURG ! AGEMCT itiD STATION, 4U6ssulo 
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15 December 1975 


SUBJECT: Internal Counterintelligence Program Quarterly Status Report (U) 


EXCLUSIVE FOR Colonel William B. Bolden. . ———— 
Deputy Chief of Staff Security 

Headquarters "E 

U.S. Army Security Agency 

Arlington Hall Station 

Arlington, Virginia 22212 


‘A. : (U) Attached at inclosure l is the first Quarterly Status Report, 
.for the period ending 15 October 1975. ` 


2. Your attention is invited to potential source B58,786 referred BE 
to in paragraph 5. Appropriate coordination will be effected by the 

` 66th Military Intelligence Group, this Command and your Headquarters 
before utilization is effected. 


FOR THE COMMANDER: 


3 
= 
EB b 

| 
E OU AK s 
č | eO Vs ot on’ f o8- 

ge sr 

Dx OM Lo d | Cssiütd by: Para. 4L,AR381-12,180ct74  . 
j ai UA er? EXEMPT FROM CENERAL DÉPLISSPICATIQN | 
- MSS SCHEDULE OF ELECTIVE OLBER 11632 


i "o EXEMPTION CATEGORY 2... S 
BECLASSIFY ON Notification ef.ACSI,DA “aye 
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AEUMI-N-CE gs ?4 October 1975 
D03120-518-75 


“SUBJECT: Internal Counterintelliaence Progran (ICIP) 
(aren: STATUS REPORT) (QSR) 


6th p Intelligence Group 
BE FEHI -T-6l ee FOR ICIP CONTROL OEFICER) 


desc 


a m References: 
— a. OPLAH, 51]th HI Battalion, AEUHI-N-CE, 1-75, 1 May 1975 
= t. AEASB-CI(SO), OTG 1516402 July 1975, ICIP 
2. (U) This is the first ICIP Quarterly Stetus Report. in accordance with 


? T i, 

: AM auo 
DETERIUS Ves TD bli s " i 
iy 3! is. de Map utis TP E te 
k POSU MA ru RR oh als tf 
UBASA 72012. Mab AeA Gt ArT. 
BH cv “ ; [S 


TE 
a 


" 


references, covering the perfod ending 15 October 1975, : 
E. s 
AWe General: ES 


d E 
5 i 


B. Activity at the target fs fn tho drawdown stage, pending auto- 
ee: mation ín carly 1976 uncer the LA FAIRE VITE Program. Since i July 1975, 
t | personnal rzrning has been reduced to about 50 percent of previous target 
E strength; most personnel have been ressstgned to USASAFS fugsburg. In 
June 1975, cn official release was ende by letter to the Buergeroeister E 
(rayer) of nír*5ach, which provided details of the withdrawal. Portions of 
‘the latter weve reportedly published in arca newspapers. A copy of the 
iden "rA of the Wetter to the MISES s office fs attached as 
closure , 


w 


2a d 


am 


Sdn 


b. Contrary to the letter fnclosure. 4t appears that Sone tarcet 
personnel in excess of the progressed approximately seven (7) individuals 
who will mafntain end guard tha autcaated site, may remain in the area 
for varyfíng periods up to T duly 1976. These include al] persennel . who 


en eT ipa 


ps m REGRADE 


SE "E " ED UNCLAS 
2nd E 35609 o | SIFIED 
© owes 2 . BY ops TAA 
: A ml acsi), ro Tele irii CF ACSI, DA AUTH PARA bera 


P" 
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o . i 
; Q0 CAEUST-DI-CE 24 October 1975 
z SUBJECT: . Internal Counter intel! fgence Program (ICIP) | 
i i are scheduled for DEROS or ETS fn FY76 as funding is not available for two | 
ž i . CS moves in a single fiscal year. to figures were available at the time ; 


of the QSR preparation as to how many personnel would be affected, nor had 
tt been determined what would be their duties during the approximate period 
ee 
r. ications site — USAF Security Squadron) 


) came area 15 scheduled to close at about the sane time the 


- 


target M tatontel; po USAF personnel wil] romain in the area. As far - 
j. the French, and Bundoswehr sites will continue to 

: nS 

The $even or eight personnel scheduled to remain at the target E 
 Jenmnentiy will be billeted at the top of Hount Hoherbogen, in a newly E 
H rE building, adjacent to the present operational area. The senior ra 
Ec will be an RCO, crede E6 or E7, who vill probably have one cf ap 

the supervisory communications equipment maintenance HOS's. Other personnel. = 

ee eed there will be equipment and antenna array repair and maintenance E 
specialists and guards. AII personnel will be single or unaccompanied. (XE, 
. At the writing of this report, none of the: permanent party had been selected. — ^ — 


Operational Matters: 


a. SHLH-F makes a reconnafssance of the Rimbach area approxiiately 
once a month. The sightings usually tnvulve travel along the PRA perimeter 
: . * roading Teadino north and south out of Rimbach. Perfmeter roads of PRAS, 

H of excluding Autobahnen, are off limits to SMLH-F vehicles. On 3 June 1974, 
DOW s o& SMLN-F vehicle was "disabled on the access road leading to the target 
oO Cote operattonal site, well within a PRA, and was assisted by a Chief Warrant 
5x | . "Officer assigned to the target, who was not aware of the correct PRA 
AE XS boundary. There have been no SHLH-F detentions fin the area, and none are 
Mkely,. since the closest Military Políce are located at Hohenfels Training 
. Area (RFA), 80 kilometers away. 


b. In Marcht1975, during a Matson visit with MA hard Douma, 
arcet ccmaander, the PLO was advised that MAI. bo 
|. bÓ — ^ —  — pad ad been transferred to Ramstein, FRG after appcaring 


befora a boa Tace chargés of homosexuality. ' 


| 
ZEE. c. In foril 1975, s B ANN. & possible SAEDA 
.* {ncident (Group Case 75-061P); during the subsequent investigation it was 


€" mn. 


\ determined she had reported to Efelu Office Augsburg a siinilar approach Sad | 

ab -> by the same individual a year serlfer. {arcet personnel were dubious as — - {38 

INL to the veracity of statements made uis who was transferred to ^ —— BES | 
" .  USASAFS, Augsburg on 1 August 1975. l T 


. |^REGRAD | 
Es yd ON hin -5 NN 2 3557 P 
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- AEUT--CE 24 October 1975 $ 
SUBJECT: Internal Counterintelligence Program (ICIP) : 


d. In May 1975, HAJ Douma advised the PLO that some of the target 
personnel had a tendency to talk too openly about their jobs in public, 
and thet his solution had been constant refteration to unit personnel 
on the dangers of loose talk. Ho specifics were provided on individuals 
concerned. The PLO did not press for details as he considered it a 
comaand matter. HAJ Douma believed the security posture of the target 
was steadily improving. 


e. The preliminary investigation of B NEM. however ,- 
. $n Yow key due to the lack of credible spectfic allegations. [b6  ] 
operates the Hoherbogen Restaurant, situated near the target adninistrative 
area. He allegedly travels regularly to CSSR to visit relatives and to 
dttend dog shows. Target personnel patronize the restaurant regularly, 
primarily because of fts convenfent location. Los es never reliably 
reported to have shown undue curiosity about target operations and per- 
“gonalities, but remains, nevertheless, well-informed because of overheard 
conversations of target personnel-customers. In Junell975,| b6 — told 
the PLO he was not looking forward to the departure of the ricans be- 
cause he would have to "put up" with local German customers, who were much 
wore troublescme than target personne}. In October 1975,[b6 | remarked 
to HAJ Douma that he had made several trips to Augsburg to negotiate the 
purchase of a tavern there. [b8  ]said he intended to sell the Hoherbogen 
Restaurant and move to Augsburg, where he will open a tavern/restaurant 
two kíloweters from the "ASA kaserne," Activity of[b6  ]will continue 
fo be monitored in the Rimbach area, and if he moves to Augsburg, he 
should be made a target of continuing interest by Field Office Augsburg. 


; f. In July 1975, CPT a) 1 Protestant Chaplain at 

, .. WTA, advised that an individual assigned to the target had sought his 
spiritual guidance as a result of extrene emotional anxiety, due to his/ 
her involvement with a group 6$ USASA personnel vho were engaged in satanic 
religious practices at the target. Pee revealed no details nor identi- | 
ties, due to the sensitivity of communications to a chaplain, however, the 
identity of the individual involved is believed to have been established 
(see para 4j, below). 


(77 g. 1n July 1975, two target personne? applied for Military Intelli- 
gence duties in ACGP-97. One im r was assisted in 
completion of required forms and processing/intervfew is in progress. 

The other individual (Pal Bo. oen) will not be able to apply until 
Decesber 1975, when he has 12 months remaining to DEROS. He expects to be 


transferred to USASAFS, Augsburg prior to that time and has been advised 
to initfate his processing at Field Office Augsburg. 


ry 


€ 


Se ~ hama ipe mn mtm s 


| 3 
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i "ABUT -1t-CE | = 24 October 1975 
` i . * SUBJECT: Internal Counterintelligence Program (ICIP) 


tions of possible intelligence activity were substantiated. ) | 
alae sald he personally was suspicious of tml a former " 
ber ef the target unit, who operates "| b6. |'s Club” fn Roetzting. 


uses his US citizenship and former Army service as a method of gaining | 
s5 to information fron US Forces mcnbers who patronize his establishment. -< 
L3 —- —— [55 land his activity was previously knovn to HI/PAD during the! pg | id 
= i . favestigation ond not determined to warrant further investigation. 

-ds a non-DoD affiliated us citizen.) 95 


t. In July 1975, USASAE, Augsburg requested agency checks fn 

Koetzting on be and Dr.| b6 | who were friendly with target 

personnel and tho had becone knowledgeable of classified defense informa- 2. 

tion as a result of this relationship. There was no indication any of EE. 

the[b6 ]s had attempted to elicit defense information. Agency checks ` i 

failed to reveal any derogatory information concerning the b6 pes yi Ae 
us 5. yg 


UE E a practicing dentist in Koetzting. In ear] 
i MAJ Douma advised the PLO that in early 1975, SP4 Pg = fand her 
i dependent husband| b6 — | a US citizen, had attempted to establish 
: a Gernan-Anerican Club betwecn target personnel and the local communities. a 
= } In this connection, thej b6 |s mentioned being acquainted with a dentist 
in Koetzting. nfi. Nothing of consequence ever cameo of tbe attempt to 
form an organization. Later, date unknown, Douma was advised by Commander, LA 
Forward Gperetions Battalion, Augsburg (his supervisor) of a report that - 
had discussed classified infomation with German acquaintances. 
n an interview of by Douma, she admitted having discussed 


details of LA FAIRE VITE with her husband in early 1975, and to have 
mentioned the project fn the presence of one[ b6 — 1] a German 
national acquaintance residing in Munich.[b6  ]was subsequently given 


à written reprimand ín connection with the compromise. (bo “mentioned 

nothing about any other German acquaintances, and denied ccupromnising any 

classified information to any other foreign nationals. No information 

tas made available to Douma when he was tasked by his higher headquarters 

to investigate the tncident, as to the identity of the German acquaintances 

tho were supposed to have received the classified defense infonnation. 7 
departed the target on 19-July 1975 for CONUS and separation 


from active duty. . 


"can 
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Orde na mee 


d AtUAl-N-CE à LU UGLUR ach 2 
: '*SuBJECT: Internal Counterintelligence Program (ICIP) 


'j. In August 1975. HAJ Douma advised the PLO.that sP4| bs 
attached to the target from the 502d ASA Group as è Czech linguist Voice 
Intercept Specialist (9862LCX), had exhibited severe mental trauma inme- 
diately folloxing the departure of a close female acquaintance from the . 

. . target on 30 dune 1975, and had been placed on extended leave status. cid 
eee yconsulted CFT (Chap) œ — lat HTA and the USASAFS Augsburg 
Staff chaplain, but hed allegedly declined psychiatric counselling. On | 
her return from io. rid access to pisi. n was ewig sus- 3 
and Domma cou vect| ©  ]to receive counselling, as he was - 0| 
ery concerned about her emotional stability. [ ^  |had a DEROS of "X | 
teier 1975. s dur E i . 


=" in August 1975. the PLO advised KAJ Douma that a German agency 
reported a US soldfer named| =o  |was trafficking tn drugs in : 

d. After the PLO provided descriptive data obtained fiom a FRG 

| 4 


P 
 Aéncy dentified| +s las SP4| — :6 — — — 5 \a Russian- 


Yinguist Voíce Intercept Specialist, attached from the 502d ASA Group. 

Douma was requested to watch pg  pactivities closely and pass any 
information to CID at HTA. DEROS 1s June 1976, putting him 

ín the category of those mentioned ín paragraph 3b, above, who may remain 


&t the target without any specific duties. 


: 1. In September 1975, B58,786 (who 1s undergoing preliminary source 
€ à assessment) advised that in approximately April 1975, a female soldier 
s C. traffic analyst assigned to the target, whose name he could not recall, 


V' had compromised a TOP SECRET/CRITIC/CODEHORD message to[ — i6. 
dependent and G5-2 clerk typist in the unit administrative office. 


had only a Confidential clearance. The compromise although known by the 
target conmander,was not reported to USASAFS, Augsburg. 


trie no Apter aram. 


Pre yt taney 


m. Ko specific information has been reported to indicate that 
Hostile Intelligence agencies are in contact with any target personnel. 


(Ue Source Activity: i 


H $ 

M 
| a 
2 
| | a. One potential source (B58,7B6), has been spotted at the target 
e for reassigment to USASAFS, Augsburg on approximately 15 December 1975. 


In accordence with paragraph 3b of reference a, a Lead Development Report 


rd 


is being prepared and will be forwarded separately, recommending his possible - 


t S 
Ys 

p and is being assessed. fame traces are not yet complete. He 1s scheduled 
ur | 

utilization as a defensive installation source.in Augsburg. 


b. The lack of identification of any personnel who will make up the 
permanent party at the target has inhibited any meaningful spotting/ 
assessing activity to date; lS$ 4 
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AEUAI-AA-CE ` . 24 October 1975 
SUBJECT: Internal Counterintelligenee Program (ICIP) 


(Ud, Comments: 


a. The PLO was indoctrinated for SI on 9 October 1975. Request 
Special Operations Detachment determine if any wore Quarterly Security | 
Inspections are scheduled for target, and arrange for prior notification 
.and coordination so tnat the PLO may accompany the inspecting team. Any 
Ansight gained into security problem areas not evident from routine | 


Ífaison contacts would be of great value to t the PLO in accomp!{ shment of. 
his misston. l i | 


b. The PLO has reported that he fs unable to pursue a more : | 
aggressive approach with the target commander concerning identities l 
of personnel who will remafn at the target. without arousing suspicion 
as to his true motives. Request Special Operations Detachment attempt y | 
to identify those indíviduals as soon as the determination is made. : 


As presently visualized, according to avail- 
e information, any source recruited at the target would be primarily 
reporting on six or seven other personnel, with whom he is living ín a à | 


c. The short ortod remaining of continued operations at the tar 4 2 
raíses the question as to wh uld he justified at that . | 
Soca fon Tn the Tong tem, 


i very close, restrictive environment. It can be expected the majority of m 
the informaticn reported will be of an adverse suitability nature. a | 
Further, it con be expected that with target automation, Hostile Intelli- = 


gence efforts at the target will take a lower priority inasmuch as product zE 
expolitation through the human exploitable factor will no longer be | 
present. The Commander, USASAFS, Augsburg raised sone of these points ! P 

when reference a e a Was staffed through. his office.” i | 


we ee a rara 


1 Incl 
as 


Tel: Nbg Kil (2621 )-6446/Fosf 
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5 cune lyi: 


nerrosgrsgefTreilitenr acl 


Doseenaw. Of iaer f "P ; 

te * j S =, n cim i 

x * a 

E e. ane cursose cf this letter is to auvire you, ane therefore aii nimoacn i 
E 3I. ity cfricitls sna curinessmen, of x projected ch Lye in vie US ; 
AL! Unis posture ani orerence in tne comunity of nisdach, oun no;erzb2en, E 

ts 


HN. ine E urrounding area. : 


T Sibe werican nilit tary comsunity in this arcs now consists sf elenents 
f toth ‘tne United : States am aki the United „tates air Forco, 45 weil as a! 


Be “Eign ficant muuber of wives and cenendent children, ike total azeritan n. 
c population currentiy is Gust over three Lunércu people. : v d 
- 
iS p. * zs enting in august 1575, the Americar. co;unity viia cecrease in size, Hi 
P2 Faith the lergest majority or our neopie cepirting on or about 1 hovenber "t 
E: c 13 seceubsr respectively. 2y | r&rch 1&5 there sill te approxinately EE 
E Seven v» T personnel anri probably no wive: sun: cniloren resniring in the va 
$^ Brea, Yney wiil live in a LL Arsy onea faciiity on tos of rount róneroocen e t j 
E por Sel stein Aidge). dii E 


T This trarsforzation is the result of à projrasxicu technical change in , "dz 
we averican comuunications function locates in thir area, ‘ a 
ie at tris tize, ang with this announcement, please accept my personal 

ritituce, as veli as that of the US army aru tie US air Force, ror the 

wncerrtanding ana sarete stijenu bas Leen se grüciously extenaged t5 the - 
Merican cilitery forces ana their familie: over Upese sany years by EE 
ou, the ni.oacb Cosronity ofzicial ctaff, anc tue entire cumnunity of ` 
XAmb.cn. Le «iil co sll that ṣe can to insure that the sail rorce 
enining continues to Aper iate «na helo maintain tue relationship tnat 
e rive enjoyed. l 


| > * E : 
: 3 ; 
4 ` f - l l af - 
i * alite AOA M . 
! 
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18 November 1975 


FEGRABED URS- 
PREGRADE GEP 


veremcniied. Mast ba aufÉciontliy detailed to identily 


USAREUR of the Quarterly Rep quiremen 
‘Seon FOR aco. f Doocrlba brinf'y the roqnirensent, burigreend and ection iubes or 
Pi xe Wexmom. — 


"I. 
- 


E E i of S50 messages between USAREUR and USAINTA, HBG 2802, 
75 and fer 1092, 01115402 Jul 75 , ODCSI, USARNIR requested 
in coordinating with COR, USASA a draft OPIAN of an ICIP in support of 
Station, Augsburg, PEG. The CDR, UASA approved the proposed Operations 


Es 


=< Ney k Nanorendum for Record prepared by former ICIP actíon officer, dated 
35 | , Outlines the ACSI's stated policy regarding his validation of ail 
plans for the ICP. — -i$ 


Dina 


é,- (5 At BLD ie a Memorandum to the Vice Chief of Staff from the Under Secretag 
of the Army outlines the requirement for quarterly reports on the ICIP. wE 


2{Likey Discussion: 


a(Lf&) The UMREUR proposed ICIP in support of the USASA Field Station in 
3 $ Augsburg marks the first extension of the program overseas. There is no indication 
IE that the ACSI bas validated the OPLAN for the project. - 3 


b. (U) This action advises USAREUR by message of the ACSI's policy on the ICIP € 
and requests the OPLAN be forwarded for ACSI review. The message further advises of 
the quarterly report requirement to the Under Secretary. 


t ee ot ay 


3. RECOMMENDATION: That the Acting Director of rations sign the message. T E 
i Wel: hat ehe actos ope RE 


d UON. ene prypi-ni pania tm stp oir DEN cuin) qae mt n ncn POE nip rogo" con^ 
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NO 
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CINCUSAREUR HEIDELBERG GERMANY//AEAGB-CI// 
INPO: COR USAINTA FT MEADE H"P//Ü'IIA-SO// 
SUBJ: INTERNAL COUNTERGNTELLIGENCE PROGRAM {ICIP} {8} 
À- USAREUR MSG 1917552 JUN 75 (SSO MESSAGE) 
B. USAINTA MSE OLI5Y0Z JUL 7S (S50 MESSAGE) 


C. DISCUSSION MG BDILLARD/AR KELLY. 21 NOV 75 
3 REFS A AND B PERTAIN TO AN ICIP FOR THE USASA FIELD 
STATION. AUGSBURG, FRG BHICH INDICATED CDR USASA HAD APPROVED AN 
OPLAN PREPARED BY Lb MI GP. DURING REF C MR KELLY BRIEFED MC 
DILLARD ON BACKGROUND AND SPECIAL CONTROLS PERTINENT TO ICIP. 
eC IN EIGHT Of YOUR POSSIBLE ENTRY INTO THE ICIP FIELD. THE 
FOLLOWING INFORMATION IS FURNISHED AS BACKGROUND: {Ut 

A. XU) THE PRESENT ICIP {FORMERLY KNOWN AS ACIP} IS A CI 
SERVICE TO VARIOUS SENSITIVE INSTALLATIONS IN CONUS UNDER USAINTA'S 
MONITORSHIP AND CONDUCTED BY THE TUO CONUS MI GROUPS. SINCE THE 
PROGRAM HAS BEEN PRIMARILY A CI SERVICE CONDUCTED BY USAINTA. THERE 
2d NO DETAILED ARMY-WIDE GUIDANCE ON ICIP. THE NEWLY PUBLISHED 


E m 
« HH 
| O8 REGRAD 
=f E 
E ON UNCLASSIFIED 
2 BY CDR T3 5 aap 
i 1 N m NS e 
: LTC HAENDLE/DAMI-BOH/SLBS9/2 DEC 75 AUTH PARA 1 4 FOVPO 
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NO 
AR 341-20 MENTIONS ICIP AS A CI SERVICE BUT DOES NOT CONTAIN POLICY 
OR PROCEDURAL SPECIFICS. 

BY MEMORANDUM TO THE VICE CHIEF OF STAFF. ARMY, DATED 
& FEB 72. THE UNDER SECRETARY OF THE ARMY DIRECTED THAT QUARTERLY 
REPORTS ON THE ICIP BE FURNISHED HIS OFFICE BASED UPON HIS CONCERA 


P s AT THE TIME FOR COMPLIANCE WITH THE VARIOUS DOD AND DA DIRECTIVES 
F PERTAINING TO THE PROTECTION OF NON-AFFILIATED US CITIZENS AND 
d ORGANIZATIONS. THESE QUARTERLY REPORTS HAVE BEEN REGULARLY 


FURNISHED SENCE MARCH 3972. 

IN SEPTEMBER 3974, THE ACSI ESTABLISHED POLICY FOR 
USAINTA THAT ICIPS HOULD SE CONDUCTED ONLY AT THE MOST SENSITIVE 
INSTALLATIONS OR ACTIVITIES. HE PERSONALLY REVIEWED THE EXISTING 
PROJECTS AND DIRECTED THAT THEIR NUMBER BE REDUCED FROM 19 TO 4. 
LATER REINSTATING ONE ON AN INTERIM BASIS. HE ALSO ASSURED THE 
UNBER SECRETARY OF THE ARMY THAT HE WOULD PERSONALLY APPROVE ALL 
NEM USAINHTA ICIP PROJECTS. 
3- THE PROPOSED ICIP IN SUPPORT OF THE USASA FIELD STATION IN 
FRG WOULD EXTEND THE PROGRAM OUTSIDE CONUS FOR THE FIRST TIME. IN 
VIEW OF THE ACSI'S COMMITMENT TO THE UNDER SECRETARY. ARMY-WIDE 
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PROCEDURES NEED BE ESTABLISHED WHEREBY PROPOSED ICIPS ARE REVIEWED 


AND APPROVED BY THE ACSI AND QUARTERLY REPORTS OF ON-GOING ICIPS 


ARE FURNISHED THE UNDER SECRETARY- 
(Ye If YOU STILL WISH TO PROCEED WITH THE ICIP IN SUPPORT OF THE 


Pi aioe ny 
1 


a Apt one le A II 
aer vm Hurts 
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OPLAN BE FORWARDED FOR ACSI REVIEW. ATTN: 


BURNISHED ALONG BITH SAMPLES OF PREVIOUS REPORTINC. 


USASA FIELD STATION. IT IS REQUESTED THAT A COPY OF THE FINALIZED 
BAMI-BOH. AFTER ACSI 
APPROVAL. INSTRUCTIONS AND FORMAT FOR THE QUARTERLY REPORT WILLE BE 


XGDS-2005 


1695-62) (65) 
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UPC 


3 Hoi, ; aa : 
, 


[m 


L do SSO INTEL AGENCY FT MEADE MD 


"C ^on ^ n^n. A 


/ COPY FURNISHED: imet Her 
DATE: 20 JUN 875 


F 1917252 JUN 75 
FM SSO hEILILSIRG GERMANY 


INFO SSO ACSI LA WASH LC 
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FROM COL IALEROSA, CälEF, Cl LIV, ODCSI, USAREUR FOR LTC GRIMES, CLR, ^ 


SO LET, USAI"TA; 
SUBJ CCT: 
Ae INT iicé-74 TOPIC, 14¢15682 SEP 


S IN ACCORLA"Crz WITH GUILA"Cz IN 


OPERATIONS PLAY (COPLAN) TARGETTING AN 


IVE WR KELLY, 


STATION, AUGSBURG, FRG CUSASAFSA). ON 


WAS PROVILEL See, 


ReTURVEL TO oeTz MI GP FOR FORWARLING THRU OLCSI 


FOR FURTHER COORLIVATION WITH USASA. 
e6TE MI GP, COMMAYLER, 
ChIEF OF STAFF SECURITY, 
FOR COORLI"ATIO: A"L GUILA"CE. 


irt 


ORLI"ATIOw OF OPLA“, 


LEP LIR OPS, OACSI, LA. | E 
[TERIAL COUNTERINTELLIGE°CE PROGRAM ICIP) (U) : 
74 (U) 


USASAFSA, FOR COORLIMATIOY 
USASAFSA, FORWARLED OPLAN 
EEADQUARTERS, USASA, ARLI"GTO" EALL STATION " 


IN VIE OF FACT USAINTA I"TENLEL TO REVIEW 
RECOMizNL APPROPRIATE OFFICE 


A, 66TH MI GP PREPARED ICIP 


ELESENT OF ThE USASA FIELD 


ze MAY 15, FINALIZED OPLAN — 
AYL COMMENT THE“ TO BE E 

USAREUR TO USAINTA x 

COVTRARY TO SPECIFIC REQUEST BY $, 
LIRECT TO LEPUTY = 3 


A"L EFFECT CO- E 
AT USASA BE 


CO"TACTz, I" EFFORT TO OBTAIN COPY Or OPLAN ANL EFFECT COORLI"ATIO", 


iS — 5 


367 7 


Gl? 
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b ON 
LO 21 5 
— —— je ae pri . As ^. — 
- Se (OU) USARCUK ACTION OFFICER 15 MR BEISAMIN Je ROSETO, (SECURE 


FENE 674c) HEIDELBERG MILITARY zizi-1354. 


XGLS-e 
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REGRADE" Dest - <ovrO. 
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- 7 COPY aun amoo Yo AL ! 


DRNI-DUS ease rne — ER 


wis 
DATE 2 JUL 0255 A f 


P exces? Jil 45 


— 


fo o$20 ITL AG 


TO $30 r.lizLB5e e RHAI 


PFO >50 ACs] iå 


E TAL ZROSA Ci Cl LIV OiCSI USARELR 

E da azLLY LiF LIR GPS OACSI LÀ 

i IUUERCAL COUCTTRIUTZLLIGCUCI PROCRAI (ICiP) (UD 

£36 ecu- TOPIC i$. 4332 JUS 7/3 

(A8 trO“ RLCZIPT OF RIF NSG COPY Or ICI4 OPL&^ OSTAI"LI 
PROS ke QhiA £n Peet das PO? AEDITIO I6 Coe 


eJ JU" 12 ACA whe ALVIIZL TREAT v£&i"TA rat YO id4JORk OzJzC- 


= R-GULSTI EL OLÇSI USARZUR. Sy JUI 13 El ASA RIP IUTORÁIL 
7 | Gek TA THAT GOP SOLDARL, LRALOAPPEOVTLO TEE OPLAN AUL COCOT 
| AS CUTLIUI. ATL RAL APPROVIL COZRZSPOYDIUCE WELCH UOTIFIZS 
fh. ADR PISLLO UTR OF THIS ACTIO. TEE hi AEA ROS DAS TORUS 
TRAT OL.C.I USARILR &OULL BZ ALVISEL IÁM4ELIAT:ILY VIA SG OF | 
| TRE QWORASLE COORL RECLIVEL FROM He ESA. TE 
= “oe, FOL ORI G OZSEEVATIONS ARE BASIL O" HIVIZ: OF- 
O PLAC EU. LXPIRISUCI GAIUEL LY TRIS kl COUIUCTIUG ICIP: 
dei, TLL OPLA“ IS VEDROUGL ATL WELL -RiTTZU, AUL IP LIT 
567 
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—:ÉONHPENTIRE —— — 


CO'TIVL.S AS &" ASA SUBORLIVATE UviT OF SUFFICI=°T Siz, 
LIPLEAL’TArIO” GF OFLA’ SOUL, Là PROLUCTIV 


Be LER A’ IG I^3S60zCT1O" TEIS he WAS wULRIZL Re OVERALL 


ME ole] 


ALTLOERITY FOX CO".UCTi76 ICIP» USAITTA GAS ['FORGLL’ TEAT 


AR bitais, CI TVS, SUPERVISION AVi CONTROL (CEAP 111) IS 
AT OACSI FOR APPROVAL AVL IAPLDAIMTATIOU, AYL TEIS AR «ILL 
PROVIL £ MECDSSARY ACT;OZIIATIO" FOR ICIP. 
ce I"CLULI"6& Az RIF, AR besii, ACCUISITION Avy STORAGE 
OF IFO CO CIR IG "O' -APPILIATZL PERSONS AML ORGA"IZATIOUS 
SHOULL BL CO SILZKiie | 
ie AUi ETFO L_VELOPZL TiAT BZCONIS CzCO OR APPEARS TO 
LAVI OZCO LEPLOITASLI POTIUTiel SHOULD BE REPORTER TERU 
OFCO CBA ILLS 3 | ; P 
z. (U) THIS ià I$ PRIPARZL TO REULIR ALLITIOUAL : P 
ASSISTATCL AS RIGUiRIlL. REGULST TEIS Bc BI REPT I‘ FORALL 


RE Iz:VcLOB2E TS TEIS irs XC. i7-(52) 
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DAMI-DOI-C | i 27 September 1974 


MEMORANDUM FOR THE RECORD 


BUBJECT: ICIP Briefing for Under Secretary of the Army (U) 


On 25 September 1974 MG Aaron briefed Mr. Herman Staudt, on the 
Mr. Staudt expressed reservations about operational control withtn 
the program and concern about the sudden rapid growth. He wanted assur- 
ances that the program was carefully monitored precluding the possibility 
for embarrassment. 


2. General Aaron assigned the following tasks to USAINTA through 
Mr. Leslie Hime, the USAINTA representative at the meeting. 


a. Prepare all the operations plans for Reviews General Aaron will 
personally re-validate each phan 


b. Prepare source dossiers for review. General Aaron wants to be able 
to personally be assured that all sources are of such maturity and stability 
that they would not cause any embarrassment to the Army. 


3. General Aaron will personally validate and approve all future 
operations plans and will assume command and control of the program. Only 
essential plans will be approved and permitted to continue. General Aaron 
did not consider the operation at the War College to be essential. 


4. (VU) Operations plans and dossiers will be reviewed on 4 October 1974. 


er > 


RICHARD EBERSOLE 
Major, GS 


Regi ofed PASTEI pen gaan Separated 
Frem Classik: d Inciosures. 
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8 FES 1572 l 


l -O ISRARI FOR TOR VICE CHIEF OF STATT 
| — United States Aray 


i —— Counterfntellisence Propran (A: zm) ‘Operat ions 


"On & Debor 1571 yon forvarded to ne a mesorenhm fron the 
Ausietant Chief of Staff for Isteliizence, MeIZCT: Countevtarel- 
"Mgence Policy Guidance, waich inforsed ne of the ACSI's decision 
‘te Feactivate certain Acgressive Ceunterinteliisance Proaran (ACI? 
Operations. Attached to the mecorandin vas the operation plcn far 
one Such operction. I have reviewed that ormiorandus and the sttachet 

^ plan; ard &lt^oush I anprecinte the censcfenticus steps which have ` 
- +" been tekon to soure adherence to currert peliciez in this area, I 
=e venain concerned that this proar may be placing o5 inc high; _ 
i wlnerable position. = 
Dor Divective 5200. 27 and the f£npleienrtirg Army z201ícy leirer 
dated 1 Jure 2971 f-zo0se two Testrictions which ato zarticvlzr.y 
Yelevant tc ASIF operations. First, they require thet there be 
“mo covert or othervise Jeceptive surveillance cr pone ivetica of 
civil'-o orcacisationg withes:r the prior appraval of the Chairman, 
DIEC ino» the Assistant Secretary of Defense (Corstvoliar}}. Secerd, 
they .ronitít casicnins Dob pcraonz2l “te attend zublíc e? cricvses -` 
eet: ‘38, GenomBtrotiors, or ether sinflar activities for the ! vant 
putpore of acquiring tnforastiou the coliection of which ia 
authorized wichout wy prior epproval, except in ctereency sitca~ et 
tions. These prohibitions apply whether or rot the foret ^ tarzet^ 
of the cperation is affilísted with the Department cf Defense. 
Althoush the ACSI letter approvinz the first reactivated ACIP 
operatio» incorporates treae restrictions by reference (parzcraph 
‘ F 3a), the operation plan an. relates docusents chviously asse 
that confidertiol sources working fu the operation say obtain aml 
report inforestion vhieh they receive in the cocran of activities 
eff militery installations. While the plan prohibits extenjínr, 
the collection effort "cirectly to aon-DoD personnet (parapreoh 
4a(a)), and shile the ACSI approva? lettez orohibits nakin vad- 
, DoD peracemel tarzata of off-post survetilacce. I would assise 
that it is entirely pessible test In the course of their off--nert 
activitics conficential sources wight obtain anc report irforuation 


vost 


hie 
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on non-cFliliared civiiisnz. Althewh such zctivíty vteht uot in 
ell cituctions ba forbidden ty Dob Directive 5200.27, 2t fo clesriy 
on the borcerifne, and X thercfore feel it is very íxporiant thet . ` 
these eperztions be closely superviaee ani tfshtly controlled. <% of | 


i. . In order to xzke an inforued cecision abeut whether further 

i t i controls ar^ accesrary (inelucirt possihia Tater Secretsry or PIRG 
: zevíew of each cperation), I would appreciate your takoy the 

following steps: ] 


1. EZezinnirz March 31, 1972, I wevlc lire to 3 
"E | gecefve a qoartezly report caatetzinr the followin: ` -en 
: 'dÉnfornation ou enei ACI? operation in proeress at wc 
a avy tine during the reporting prind. Date approved, 
eode-nsz2, lesstion, nomber of confidential sources 
.WSed during reporting period, mmber of instances 
£u Watch ínforastion en non-affiliated eciviliars is 
obtained off -post and repcrted, aud a brief narrative 
_@taterent exnleining whether useful inforzation vas f "n 
 Cbtsíns2 durízz the reporting period, whether the P oue x 
operation is to be continusd, ead £f so, why. These . PU M 
` reports may be Subzítted 30 days 2fter the close of mM = 
the ealeróa- quarter which they cover, o o £- 


bids i 


2. Sith the sceond quarterly report. whieh vili 

bo cue Juty 21, 1272, I would like ts receive a f.11 = 

. emalyeis of thie orosrmEm, including its value fn carrs 

ef sroducine useful fafornation end the axequacy of the 

C(292n.ITO.8 “Thick have teen l-posod. Recosrendatisse for 
cay fc;ther necessary controiz Shculd be included. 


o — rere a 


(sgd) Keunetb È- Boelies 


T Kenneth t. Belies 
i E Under Secretary of the Arg 


i «CU5 1vVA NL LHEVEWA 
ow coh ah : MCE 

Lue UN Hm B I0 OT WH AAS 
DR (507 üstosi C3Dllb 


a RE "o WDNIMIZISYIUAE, ur 
e 7 " Cl2b7;24&D : 


a 
- 
ia? 


WASHINGTON, D.C. 20301 


DASM-666-75 


2 Decem 


THE JOINT STAFF 


i 

! co 
ME: 
i 
Y 


| 


FORT GEORGE G. MEADE, MARYLAND 20755 


$ 


rapes, 


' Subject: ICIP Coverage 


« 


4. Reference is made to J3M-1994-74, dated 26 November 
71974, subject: Request. for Internal Counterintelligence 
Program (ICIP) Coverage (c). 


TE 5. Subject program authorized by the reference is hereby 


rescinded. 
— Fo 
NO, A 
E. "Oo PETER O'BRIEN 
4 Colonel, USA 
E. Dircctor, 
a Administrative Services 
P y 
Z 
C 
z c S je 
S v 


9 O 
Se Ce? Classificd by Chief, ANMCC 


MEMORANDUM FOR TIE COMMANDRR, US ARMY INTELLIGENCE AGENCY, 
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Mr. Kelly 
Acting Director of Operations 


3e: 


REMARKS 


l. ta The JCS support portion of 
Pt. Ritchie, MD has been cancelied!ün response to 

a letter from the Director, Admin Services Div, JCS, 
dated 2 Dec 75, which récinded the earlier request 
for support.  doweve- e YCIP continues t 

irmy elements at Ft. Ritchie, 
COLLA n nnt 


the ICIP at ~ 


2, (Y) The current Commander, 902d MI Gp is review- 
ing all current ICIPs managed ty his group and 
anticipates furnishing recommendations in “arch 
regarding continuation of each project. CANARY 
=FFORT (€) will be included in his review. 


p-———— ul 


SUBJECT TO GEXFE il PTCVASSN di 
SCHEDULE C as porpre ronne t22 
Z TOMAT "CHER! QU ev UD AD TYO Y 


o not s ca TER VANS rst 
Dy prx sips acon 7 uxt 


L. A. SPIRITO 2 Feb 76 
CoL, GS, dans HUMINT Division 7" L087 
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REMARKS 


1. Re: MG Aaron's question attached Ops kl, 
the individual who met with the JCS Security 
Officer was CWO Garry Peisen, FI. Ritchie RO, 
9026 MI Op, and not a representative of PCF as 
: previously reported. A PCF representative 

' escorted Peisen to the JCS Security Office but 
did not participate in the discussions. 


^. Mr, Guerrieri has still not determined if 
| any sort of briefing will be required and will 
advise this office when a decision is reached. 


Do NOT use this form as a RECORD of approvals. concurrences, 
disapprovals, clearances, and similar actions 


: / ?5 Nov 75 
L. A. SPIXITO, COL, GS — 
Chief HUMINT DS$Mision 377 74087 
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DEPARTMENT OF THE ARMY 

OFFICE OF THE ASSISTANT CHIEF OF STAFF FOR INTELLIGENCE 

WASHINGTON, D.C. 20310 


4* 
DAMI-DOH NI ed 


MEMORANDUM FOR: MR, KELLY, ACTING DIRECTOR OF INTELLIGENCE OPERATI = quie 


SUBECT: Discussions with JCS Security Officer on ICIP CANARY EFFORT 


F 

F . 

b l; k At the request of LTG Grimes, Special Operations Detachment, 

s USA LTC Haendle from this office visited Mr. Guerrieri, Chief, 

: Security Office, JCS on 20 Nov 75 to determine if he had requested 

fe o briefings for the Director of the Joint Staff and the J3, JCS. Li 

7 Grimes had learned that the 902d MI Group was preparing to brief on the 
d ICIP CANARY EFFORT at Fort Ritchie, MD and questioned the need for such 
y briefings. 


2. (K Mr. Guerrieri stated that he had learned in passing conversation 
un a member of the PCF that Army was providing ICIP support to Joint 
Activities at Fort Ritchie, MD. He was disturbed about the potential embar- " 
rassment of such activities and stated he had not previously been aware of 
this type of support. He had requested that various JCS offices be briefed. 
He read from a letter prepared by the Commander, Alternate National Military 
Command Center (ANMCC) to the Commander, USAINTA, dated November 1974 which 
had requested ICIP support and indicated this request had not been cleared 
with either his predecessor or the J3, JCS. (This request was never for- 
warded to OACSI so far as can be determined). 


3 ) It was explained that an exísting ICIP CANARY EFFORT in support 
of Army otganizations at Fort Ritchie, MD had recently (Sep 75) been 
revalidated by the ACSI resulting from a reorganization of the supported 
command, Included in the revised OPLAN was overlapping support to the 
ANMCC and its Support Directorate, However, the ICIP, which has been in 
exis&ence for several years, was primarily in support of Army activities, 


"nu. ) Mr. Guerrieri indicated he would prefer that no such operation 
existed in support of JCS activities at Fort Ritchie and would so recommend 
this to his supervisor, COL O'Brien, Director of Admin Services, JCS. It 
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DAMI-DOR . 
SUBJECT: Discussions with JCS Security Officer on ICIP CANARY EFFORT 


was agreed that a USAINIA representative would brief Mr. Guerrieri and 
COL O'Brien at their convenience on ICIP CANARY EFFORT. Further that no 
higher representatives need be briefed unless it was determined to be 
necessary after the initial briefing, Mr. Guerrieri would inform DAMI-DOH 
when (or if) a briefing on the ICIP was required. 


i L. A. SPIRITO 
r Colonel, GS 
r Chief, HUMINT Division 
1 
BR 
us 
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DANI-DOH | .i 


MEMORANDUM POR: GR. KELLY, ACTING DIRECTOR OF INTELLIGENCE OPERATIONS 


SUBECT: Discussions with JCS Security Officer on ICIP DAN^RY EFPORT | 


wps 


2, At the request of LTG Grimes, Special Operstions Detachment, 
USAINT’, LTC Heendie from this office visited Mr. Guerrieri, Chief, 
Security Office, JCB ou 20 Nov 75 to determine if he had re „vested 
briefings for the Director of the Joint Staff and the I3, KS. LIC 
Crimes hed learned that the 902d MI Group wee preparing to bgief on the 
ICIP CANARY EFFORT at Fort Ritchie, MD and questioned the need for such 
briefings. 


(mom 
DACH 


"us 


2. Mr. Guerrieri stated that he hed learned in psesing conversation 
with s mesber of the PCF thst ¢ray was providing ICIP support to Joint 
Activities st Fort Ritchie, MD. He was disturbed about the potential embar- 
rasswent of such ectivities and stated he had sot previously been awore of 
this type of support. He had re,vested that various JCS offices be briefed. 
He resd from a letter prepored by the Commander, Alternate Nationsl Military 
Command Center (AMMCC) to the Commander, USAINT‘, dated November 1974 which 
had re;uested ICIP support snd indicated this request had not been cleared 
with either his predeceasor or the J3, JCS. (This rejuest was never for- 
werded to O^CSI so fer as can be determined). 


Y^ 09 Ree CROP SEE 
Mt 
* 


3. It was explained thet en existing ICIP C4NARY EFFORT in support 
of Arey orgenizetions at Fort Ritchie, MD had recently (Sep 75) been 
revalidated by the 4CSI resulting from a reorgenization of the supported 
command. Included in the revised OPL'N was overlapping support to the 
ANMCC and its Support Directorete. However, the ICIP, which hes been in 
existence for several years, was primarily in support of rey activities. 


å. Mr. Guerrieri indicated he would prefer that no such oparstion 
exis in support of KS activities at Fort Ritchie snd would so recommend 
thie to his supervisor, COL O'Brien, Director of Admin Services, KS. It 
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D^MI-DOH x 
SUBJECT: Discussions with JCS Security Officer on ICIP C'N'RY EFFORT 


wae agreed thet s DS‘INTA representative would brief Mr. Guerrieri anc 
COL O'Brien st their convenience on ICIP C4MARY EFFORT. Further thet no 
higher representatives need be briefed unless it was determined to be 
macessary sfter the initial briefing. Mr. Guerrier! would inform DAMI-DOH 
when (or if) a briefing on the ICIP vas required. 


/ ÁÉ.. 
í Signed i ltt 
L. ^. SPIRITO 
Colonel, 0$ 
Chá4f, HUMINT Division 
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MEMORANDUM FOR RECORD 


SUBJECT: ICIP CANARY EFFORT 


l. (U) On 19 Nov 75, LTC Grimes USAINTA requested that I visit a Mr. 
Guerrieri, Chief, JCS Security Office, 1A688, The Pentagon to determine . 
if Guerrieri had requested briefings on CANARY EFFORT for the Director 
of the JCS and J3. LTC Grimes indicated he had just learned the 902d 
MI Gp was ginning up for these briefings which he considered unnecessary. 
LTC Grimes advised the 902d MI Gp to hold up until informed otherwise. 


oN Mr. Guerrieri was not in his office on 19 Nov 75 and was not 
visited until 1430 hours, 20 Nov 75. In the meantime, the undersigned 
determined that a request for an ICIP had been initiated by the Commander, 
Alternate National Military Command Center (ANMCC) to the Commander, 
USAINIA in November 1974. Correspondence between USAINTA and the 902d MI 
Gp established that the existing ICIP CANARY EFFORT could be expanded to 
provide coverage to the ANMCC. (None of this correspondence was discussed 
at OACSI level so far as could be determined). In the meantime the 902d 
determined that the OPLAN for CANARY EFFORT required revision due to a 
reorganization of the Supported Army Command. It was decided to add target 
coverage to the ANMCC as well as the AJCC, ANMCCSD, and ECTC, all at either 
Ft Ritchie (Site R) or Ft Detrick. The revised OPLAN was approved by the 
ACSI on 15 Sep 75. 


3. In conversation with Mr. Guerrieri, it was determined that he 
learned of the ICIP in passing during a conversation vith a representative 
of the PCF, He was more than a little disturbed that no one in JCS, partic- 
ularly the Security Office, was aware of the project. He reiterated at 
great length that he recognized the Army was merely responding to a 
legitimate request, prepared on JCS stationary, but that the potential for 
embarrassment from such an operation clearly disturbed him. The undersigned 
discussed briefly the fact that the Army ICIP in support of Army activities 
at Ft Ritchie had existed for many years. Even though the ANMCC request 

for support occurred in 1974, the expansion of the Army Security service to 
include joint activities was not approved by the ACSI until Sep 75. 
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aD 


DAMI-DOH 
SUBJECT: ICIP CANARY EFFORT 


Further, from correspondence received at OACSI, the indications were that 

the ICIP still supported Army commands in the main, but could be of assistance 
to the ANMCC 1f serious breeches of security were uncovered which affected 
joint activities in adjoining areas. Mr. Guerrieri reiterated his concern 

for the Privacy Act impact upon such security operations and generally gave 
tbe impression he was concerned that the ICIP would cause his office head- 
aches in the future. He would prefer that no such operation supported JCS 
activities and would so recommend this to his boss, COL O'Brien, USA, 

Director of Admin Services, JCS. 


4. (0) It was agreed that a USAINTA representative would brief Mr. Guerrieri 
and COL O'Brien at such time as he preferred. No higher or other JCS repre- 
sentatives would be briefed unless it was decided to be necessary after the 
initial briefing. Mr. Guerrieri will contact DAMI-DOH to arrange for a 
briefing. 
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ONTROL RUMSER 


Internal Counterintelligence Program (ICIP) (U) p 
17 Nov 75 
ACTION REQUIRED 
To obtain approval of the quarterly ICIP report 


MEwMOnAMOUM rom mucomn. (Describe briefly the requirement, backgromnd and action iahen or reccmmendod. Must be sufFiciontly doiusied t» identify. 
the action withoat recourse ho ather sources. ) : 
1. (U) Background: By memorandum dated 8 February 1972 (IAR.R), the Under Secretary 
of the Army requested that the VCSA provide a quarterly report on ali ICIP operations. 


2. Discussion: 


ul. During the past quarter, the ICIP OPLAN at Fort Ritchie, MD was revised to 
reflect target area realignment resulting from the reorganization of the US Army 
UU. Command, The ACSI approved the revised OPLAN on 15 Sep 75. 
b 


P The Commander, USASA approved an Operation Plan in July 1975 for an 
ICIP under the purview of DCSI, USAREUR and 66th MI Group at the Augsburg Field 
Station, USASA, FRG. A separate staff action directs a message from the Acting 
Director of Operations, OACSI to DCSI, USAREUR to furnish the Operations Plan for this 
ICIP for ACSI validation. Information regarding this new ICIP is not included in the 
attached quarterly report. 
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DEPARTMENT-OF'TME ARMY F^ 


OFFICE OF THE ASSISTANT CHIEF OF STAFF FOR INTELLIGENCE 
WASHINGTON, D.C. 20310 


: 0 4 DEC 1975 
DAMT -DOH 
MEMORANDUM THRU: Ságs-OHSRR-OP- ORAE —UNEFES-STRTES BRAY Ce afi- 
—B DEC iy- 
o "P ndr Js sm 
FOR: a. Pi est dx. 
eic, CS 


SUBJECT: Internal Counterintelligence Program (ICIP) (U)sw, 
INFORMATION MEMORANDUM 


7T 


1. During the p quarter, five of the ongoing operations provided 
information which seyved to enhance the security at the facilities con- 
cerned. Personne articipating in ICIP operations at Harry Diamond 
Laboratories, , and Fort Ritchie, Maryland, identified security 
hazards which required follow-up investigative action, 


ii var: 


AVY, With the revalidation of the ICIP at Aberdeen Proving Ground, 
Maryland in July 1975 for a period of six months, the total number of 
active ICIPs in CONUS was raised to nine, The ICIP OPLAN at Fort Ritchie, 
Maryland was revised on 15 September 1975 to reflect target area realign- 
ment resulting from the reorganization of the US Army Communications 
Command, 


3. (U) Summaries of the nine on-going CONUS ICIP operations are inclosed. 


9 Incl 


he ETOD R, ARRON 
l hic sr Geomeral, GS 
ied AGsi5 fer Intsllicenss 
NT sS 0 8 DEC 1975 
c y «o aÑ v 
-919 . 
aco ^d ow C eno \ OTED - OCSA 


oN ave 40> 
Barn Uu. : 


WILLIAM G, HANNE |. 


DA__-------- Assistant to the pi 
: ALS oe . eccacA TION 383 of the Aray Bur T 


met m 


Mute : tj 
dcm um 31. pee rx mcd š E LTC Haendle/56159 


n : Typed by T. Shamblen 


Bu «à 


te tán > STEER 


Page 1888 of 3957 


_CONEDENERE 


is CANARY EFFORT:  (OACSI Revalidation - 4 Feb 75) 
a. Location: Fort Ritchie, MD 
b. Confidential Source Utilization: Three confidential sources 


c. Information Obtained or Reported on Non-Affiliated Civilians: 


d. Useful Information Obtained: 


(1) At an undetermined time within the past year, the Pentagon 
Telecommunications Center (PTC) requested that the Joint Chiefs of Staff 
(JCS) Communications Center provide the PTC with a magnetic tape con- 
taining test messages recorded by the Burroughs D825 Automated Message 
Processing System, a system used by the JCS, in order for the PTC to 
devise a coding system which would provide compatibility between the 
PTC's IBM 360/50 System and the Burroughs System used by the JCS. The 
JCS Communications Center could not provide the test message tape because 
of technical factors. This led to the Telecommunications Directorate, 
Site R, Ft Ritchie, receiving the tasking for the test tape preparation. 

A number of innocuous, unclassified messages were prepared by the comu- 
nications personnel at Site R on a 2,500 foot reel of magnetic tape, which 
was sent to the PTC, where, because the messages were unclassified, it lay 
in open storage, unsecured, for about six weeks, During the processing 
which followed to make the two systems compatible, it was discovered that 
the tape also contained fragments of highly sensitive, classified messages 
which had been picked up from residual magnetísm on the drums or reels of 
the Burroughs equipment when the test messages were recorded. A source 

of this ICIP reported this information believing that a compromise could 
have occurred when the test tape was not secured. The information was 
reported to the Commander, US Army Communications Center Operations Com- 
mand, who initiated an investigation of the incident which resulted in a 
change of security procedures for the handling/storage of computer tapes, 
reels, and discs. Since the PIC is a secure area in itself, it is believed 
that the information in question had not been compromised, 


(2) During the reporting period, sources surfaced adverse suitability 
information on 47 individuals assigned to Fort Rítchie and the Alternate 
Joint Communications Center (AJCC), Site R. In the majority of instances, 
the adverse suitability information dealt with drug abuse, Information 
was brought to the attention of the ICIP Coordinator of the supported 
command. individuals concerned are being monitored, and an investigation 
was requested on one individual. 
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e, Operational Status: 


(1) The revised CANARY EFFORT Operations Plan which reflected target 
realígnment resulting from reorganization of the USACC into the 7th Signal 
Command was approved by the ACSI on 15 September 1975. A request has been 
submitted for assignment of an additional Great Skills PCO to provide more 
adequate coverage of the increased target areas which have resulted from 
thís reorganization, 


(2) On 1 July 1975, CPT Richard E. Graff, Project Liaison Officer 
(PLO), CENSUS TIME, was introduced to COL Donald E. Clark, Commander, USACC 
Operations Command, at the AJCC, Site R. COL Clark had been previously 
briefed on the ICIP on 18 March 1975, but the purpose of this meeting was 
to acquaint COL Clark with the ICIP CENSUS TIME which is conducted at the 
Pentagon Telecommunications Center (PTC), prior to his assumption of com- 
mand at the PTC. On 1 August 1975, the CENSUS TIME and CANARY EFFORT 
Project Liaison Officers briefed COL Clark at the USACC PTC on both of 
these ICIPs since both of them involve USACC Operations Command and its 
subordinate elements. 


TROTTER ay ese quite rnnt 
we 30,7 


(3) On 18 August 1975, the CANARY EFFORT PLO and COL Stubblebine, 
Commander, 902d MI Group, visited the USACC East Coast Telecommunications 
Center (ECTC), Ft Detrick, MD, for a facility briefing, since the facility 
is now being covered in the revised CANARY EFFORT OPLAN. The introductory 
briefing on the ICIP was presented to LIC Jackie L. Manbeck, Commander, 
USACC ECTC, and CW2 George S. Trivett, OIC, Security Division, USACC ECTC. 
The CDR, 902d MI Group, and the PLO also made a courtesy visit to COL J. A. 
Pastore, CDR, Fort Detrick. 


vit 


sor 


(4) On 27 August 1975, COL John S. Eberle, CDR, USACC Site R Tele- 
communications Center, was provided an introductory briefing on the ICIP 
CANARY EFFORT. 


(5) On 18 September 1975, the Quarterly Progress Briefing was pre- 
sented to the CDR, USACC Operations Command, COL Clark, at the USACC 
Operations Command, USACC PTC, Wash, DC, in conjunction with the CENSUS 
TIME Quarterly Progress Briefíng because of the inter-relationships of 
both ICIPs. 


(6) On 25 September 1975, the PLO presented the Quarterly Progress 
Briefing to the supported command with the folloving in attendance: 
COL Harold C. deMoya, CDR, Ft Ritchie; COL John S. Eberle, CDR, USACC 
Site R Telecoumunications Center; COL John J, Plosay, Jr., Deputy CDR, 
Fort Ritchie, and ACSI&S, 7th Signal Command. All of the above offi- 
cials expressed their appreciation and continued enthusiasm for the ICIP 
and made laudatory comments concerning the counterintelligence support 
rendered during the reporting period. 
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QD CANINE PLATE: (QACSI Revalidation - 4 Feb 75) 
a. Location: Seneca Army Depot (SAD) Romulus, NY 
b. Confidential Source Utilization: None. 
c. Information Obtained or Reported on Non-Affiliated Civilians: None. 


d. Useful Information Obtained: None. 


e. Operational Status: On 23 September 1973, COL Alden L. Cox, 

Commander, Seneca Ármy Depot, was given the ICIP Quarterly Progress 

. , Report which included the history of CANINE PLATE from its inception. 
COL Cox assumed command of Seneca Army Depot on 4 Sep 75 from recently 
promoted BG Alan A. Nord. With the PLO now having full, unescorted 
access to Directorate for Special Weapons and the Special Weapons Storage 
Area, tbe prime target area, source recruitment has increased with six 
(6) conventional sources being used. Additionally, initial assessment 
was made of one potential source. With the favorable attitude toward 
ICIP operations evinced by COL Cox it is anticipated that development 
of the operation vill continue. COL Cox stated that he was happy with 
present state of the operation; he did caution that under no circumstances 
did he want any "flap" over the program, 
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Now RIDE: (OACSI Approval - 4 Mar 75) 


a. Location: US Army Missile Command (USAMICOM), Redstone Arsenai, 
AL 


b. Confidential Source Utilization; One 


c. Information Obtained or Reported on Non-Affiliated Civilians; 
None 


d. Useful Information Obtained: 


(1) Source continues to provide substantial information concerning 
eight of the persons who were subjects of the allegations which led to 
the request for the operation. Although Source has been unable to 
absolutely confirm or refute the allegations made, he has been able to 
develop associations with all of the individuals involved, to include 
being invited to social functions at which these persons were ín attendance, 
Fragmentary information provided thus far has caused reason to doubt cer- 
tain of the allegations, but ínvestigation continues and further information 
will be reported as received. 


(2) Source continues to monitor the security posture of the target 
ee area, reporting security infractions, hazards and weaknesses as they occur. 
Source has reported a renewed practice of poor housekeeping, and a continued 
lack of compartmentation, lack of control of production facilities, absence 
of control of hand baggage brought into and out of the target area, and 
possible compromise of the present badge system due to loss and improper 
exposure off-post. In an attempt to contribute to the security posture of 
the target area, Source, in his official capacity as the Administrative 
Technical Assistant to the Director, Advance Sensors Directorate {ASD), 
has created and published a complete guide to current security regulations 
and policies. Copies of the publication were distributed throughout ASD 
with specific distribution to those persons involved with the storage, 
creation, or control of classified defense information. 


(3) Source is attempting to monitor the duty-hours activities of an 
individual of Jordanian birth presently employed in ASD as a DAC. This 
employee appears to be of possible Ci interest because of his alleged 
enthusiastic involvement with other Arabic linguists and his reported 
recurring trips to New York City, ostensibly for the purpose of purchasing 
items for his off-duty business interests. 


e. Operational Status: 


(1) COL Arthur G. Lange, Jr., Chief of Staff, USAMICOM, was briefed 
on the information provided by Source during the 25-26 June meetings on 
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18 July 1975 by the PLO and on information provided during the 6-7 August 
meetings on 22 Aug 75 by the PLO. Information provided during the 17-18 
September meetings will be provided to COL Lange during the next reporting 
period. COL Lange expressed his appreciation for the information pro- 
vided, noted the security weaknesses developed, and indicated that he would 
examine ways to improve the security posture of USAMICOM. COL Lange was 
cautioned that correctíve actions must be taken in such a manner as to 
protect the Source. 


(2) COL Axelson, former Deputy Director, US Army Missile Research, 
Development and Experimental Laboratory (USAMRDEL), retired on 31 Jul 75 
and was replaced by COL William P. Gojsza on 2 Sep 75. The PLO briefed 
COL Gojsza on the background of the operation and the individuals involved 
on 25 Sep 75. MG Vincent H. Ellis, USAMICOM Commander, was succeeded by 
MG George E. Turnmeyer on 1 Oct 75. The PLO will brief MG Turnmeyer on 
the ICIP during the next reporting period after coordination has been 
conducted with COL Lange, CofS, USAMICOM. 
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5. QD us TAX: (COACSI Revalidation - 4 Feb 75) 


a. Location: Sierra Army Depot (SIAD), US Army Materiel Command, 
Herlong, CA i 


b, Confidential Source Utilization: One 


c. Information Obtained or Reported on Non-Affiliated Civilians; 
None 


d. Useful Information Obtained: None 


e. Operational Status: One confidential source was recruited during 
the reporting period. In addition, three conventional sources are 
currently being used to provide coverage in the target area. -The quarterly 
2 š progress report to SIAD officials has been delayed until 28 October by the 
e. direction of the Commander, 525th MI Group. The Commander, SIAD, continues 

to be interested in suitability information especially about the illegal 
: use of drugs among SIAD personne] and has requested the Project Liaison 
Officer to continue to emphasize such requirements to Sources. In addi- 
tion, the commander was provided support to augment depot security during 
exercise Golden Gloves which terminated 29 September 1975. 
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5. CENSUS TIME: (OACSI Revalidation - 4 Feb 75) 


a. Location: Pentagon Telecommunications Center (PTC), US Army 
Communications Command (USACC), The Pentagon, Washington, DC 


b. Confidential Source Utilization: One 


c. Information Obtained or Reported on Non-Affiliated Civilians: 
None 


d. Useful Information Obtaíned: The Commander, PTC, has reassigned 
the civilian employee reported in the Fourtb Quarter FY 1975 Quarterly 
Report as having questionable suitability characteristics and conduct to 
a new job within PTC requiring minimum contact with classified informa- 
tion. Supervisors will continue to monitor his conduct and activities. 
An Army NCO assigned to PTC attempted to commit suicide by slashing his 
wrists. The NCO reportedly did so in a moment of deep despair and de- 
pression over personal and financial problems. Local police officers, 
investigating the suicide attempt, reported that the NCO denied being in 
financial straits and produced his wallet for the officer showing him 
about $2,000.00 in $100 denominations. The investigating officer observed 
a screen in the NCO's apartment, of the type believed to be used by mari- 
juana dealers. Ail information regarding the incident was provided PTC. 
The NCO's access has been suspended and the Security Officer of PTC has 
requested that a limited investigation be conducted. 
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e. Operational Status: 


(1) On 18 July 1975, COL Donald E. Clark assumed command of PTC. 
COL Clark formeriy had been at Site R, Ft Ritchie, one of the primary 
targets of the ICIP CANARY EFFORT. In his initial briefing on CENSUS 
TIME on 1 August 1975, COL Clark indicated to LTC Chad B. White, CDR, 
PCF/NCR Field Office, 902d MI Gp, that he desired to have an evaluation 
of the current security posture of PTC. During the period 8-12 August 
1975, a courtesy Security Vulnerability Analysis (SVA) was conducted and 
provided the supported command. 


(2) During the reporting period, PTC was directed by its higher head- 
quarters to comply with Army Regulation 50-5, Human Reliability Program, 
in conjunction with their storing of two-man control items. The PTC 
Security Manager requested implementation assistance from the PLO. The 
PLO, by means of liaison with the US Army Nuclear and Chemical Surety 
Group, Fort Belvoir, VA, provided PIC with the requested direction and 
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(3) On 18 September 1975, the PLO presented the Quarterly Briefing 
on the progres of the ICIP to COL Clark, CDR, PTC, and Mr. Daniel E. 
Thompson, Technical Director, PTC. 
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6. OQ us KID: (OACSI Revalidation - 4 Feb 75) 


a. Location: Harry Diamond Laboratories (HDL), Washington, DC 


b. Confidential Source Utilization: None 
c. Information Obtained or Reported on Non-Affiliated Civilians: None 
d. Useful Information Obtained: 


(1) During the reporting period no additional information was developed 
Bince the previous quarter concerning the visits of the First Secretary, 
USSR Embassy, Washington, DC to meetings of tbe Institute of Electrical and 
Electronics Engineers, a professional society for engineers, which were held 
in the HDL auditorium, COL Einsel, Commander, HDL, made a determination that 
the society could no longer hold meetings at HDL in order to preclude any 
potential security threat and any potential for a repeat of the incident. 


T T ran de est 
Tua: E 


(2) The Security Officer, HDL, took several actions in response to 
recommendations contained in the Courtesy Security Inspection report sub- 
mitted during the last quarter. These included a pilot 100% inventory of 
SECRET msteríal to determine feasibility of a complete inventory at HDL, 
guard force personnel were shifted to new areas and security routines were 
considerably tightened because of laxness; a study was completed or possible 
new badges for HDL and security lectures were presented, 
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(3) On 5 and 17 September 1975, unidentified light aircraft flew 
over the test site, Woodbridge Research Facility (WRF), HDL, where a series 
of tests on foreign equipment under the ROUGE-EMORY program was in progress. 
In both instances the aircraft circled over the ROUGE-EMORY test site for 
about 5-7 minutes. During the years WRF has been at its present location 
no known overflights of this type have been reported. The overflights are 
being investigated in coordination with the FBI. 


(4) On 8 Aug 75 a civilian employee, HDL, was referred to the PLO by 
the FBI, The employee claimed that she was being followed by members of 
the HDL Security Office, who were involved with a homosexual group at the 
Van Ness Avenues Facility, HDL. She named a number of persons at HDL as 
being involved in the group. After investigating her story the Commander, 
HDL, believed that she is suffering from psychiatric problems. The 
Commander plans to have employee visit a psychiatrist for a complete 
evaluation. 


e. Operational Status: 


(1) A final decision has not been reached by the Secretary of the 
Army on the creation of the Harry Diamond Developmental Center, a decision 
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had been expected by the middle of September 1975. Criticism by e state 
congressional delegation to the move, which would result in the loss of 
1200 jobs in the state, has delayed a final decision. 


(2) On 17 September 1975, COL Thomas McGregor, Commander, HDL, who 
replaced COL Einsel, MAJ Kenneth F. Keller, HDL, and Mr. James F. Yeick, 
Security Officer, HDL were briefed on the quarterly progress of the ICIP. 
COL McGregory, an MI Officer showed considerable interest in the ICIP. It 
is expected that the excellent attitude toward the program that was shown 
by COL Einsel will be continued by COL McGregor. : 
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7. GONDOLA STAR: (QACSI Revalidation - 11 Jul 75) 
a. Location: Aberdeen Proving Ground (APG), Aberdeen, MD 
b. Confidential Source Utilization: Eight confidential sources 


c. Information Obtained or Reported on Non-Affiliated Civilians: 


d. Useful Information Obtained: 


(1) Sources reported that on 13 August 1975, an unknown number of 
--- - Swedish citizens visited the US Army Ballistic Research Laboratories (BRL) 

The PLO determined that the vísit had been fully coordinated with the 

. proper officials. A Source reported on 26 September 1975 that seven 
Swedish citizens visited the US Amny Materiel Systems Analysis Activity 
(AMSAA), APG. The PLO determined that the visit had not been properly 
coordinated, but that AMSAA had taken steps to insure that the visitors 
would not be given access to classified information until guidance was 
provided by HQ, US Army Materiel Command (AMC). 
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(2 Sources reported three instances of foreign travel during the 
period. A civilian pharmacologist employed at the Biomedical Laboratory, 
Edgewood Arsenal, attended the Sixth Congress of the Internationa? Union 
of Pharmacologists (IUPHAR) in Helsinki, Finland, held from 20 to 25 July 
1975 and attended a luncheon during the Congress hosted by a representative 
of the USSR. After the Congress, the employee took part in a five-day 
tour to Leningrad, USSR, sponsored by TUPHAR. This information is being 
exploited as a DOMEX lead. In another instance, a civilian employee of the 
Development and Engineering Directorate, Edgewood Arsenal, visited Poland 
and Czechoslovakia for about one month in June and July 1975. . The employee 
and his spouse allegedly visited relatives in both countries. The employee 
wili be debriefed by USAINTA. In the third instance, a civilian employee 
of the Human Engineering Laboratory (HEL), APG, planned to take part in a 
National Geographic Society tour of the USSR in October 1975, The employee 
will be debriefed by USAINTA after his return. 


(3) A source reported three instances of alien enlistees who were 
assigned to the Human Engineering Laboratory (HEL), APG. Follow-up action 
by the PLO determined that the Installation Intelligence Officer was aware 
of the status of the three, that they did not have security clearances and 
had no access to classified information. In the case of one of the 
enlistees who allegedly suffers from periods of amnesia, action was taken 
to deny him a security clearance. 
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(4) Source reported three instances of civilian employees of 

Edgewood Arsenal and one employee of AMSAA, APG, who allegedly engaged 
in extramarital affairs with other civilian employees. The situations 
are being discreetly monitored to determine if there is any substance 
to the allegations before investigations are conducted. An official 
source reported that an Army officer assigned to AMSAA was allegedly an 
alcoholic, was cohabitating with a female secretary of AMSAA and had 
engaged in sexual relations with an Israeli female captain assigned to 
act as the officer's interpreter during an Oct 74 TDY trip to Israel. 
Follow-up action disclosed that the officer had been transferred to the 
US Army Concepts Analysis Agency, A Summary of Information has been 

_ prepared and will be forwarded to that Agency. A source reported that 

/& physical scientist employed in the Chemical Laboratory, Edgewood Arsenal, 
displayed indications of mental and emotional instability. Follow-up by 
the PLO revealed that the employee had been directed to undergo a "fitness 
for duty" physical examination which includes a psychiatric evaluation, 
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(5 An official source reported to the PLO rumors that a civilian 
employee of the BRL, APG, was involved in difficulties with the police. 
Follow-up revealed that the Havre de Grace Police Department, Havre de 
Grace, MD has seven charges on file against the employee ranging from 
possession of marijuana to grand larceny and assault and battery. The 
employee is absent without leave. An investigation for suitability of 
the employee is underway. 
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(6) A source reported that a high ranking civilian employee of the 
Human Engineering Laboratory (HEL), APG, brought his eight-year old son 
ín a controlled access area where a classified test was being conducted 
and remained overnight. The incident was reported to the APG Security 
Officer and the employee was admonished and counselled by his supervisor. 
The same source reported that within the HEL classified reports were 
being typed on one-time typewriter ribbons and carbon that were not being 
handled as classified waste. The Security Officer, HEL, has stopped the 
practice and these items are now being disposed of with the classified 
waste. Another source reported ten separate situations at AMSAA which 

constituted security hazards or violations, Brought to the attention of 
the AMSAA Security Officer, all have been corrected. 


e. Operational Status: 


(1) Following revalidation of the ICIP on 11 July 1975, both the PLO 
and the PCO concentrated their efforts on reactivating and expanding the 
ICIP. During the latter half of July, the six confidential sources which 
had been used previously were recontacted and reactivated, one CIRL whose 
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recruitment had been postponed when the project was suspended was recruited 
on 5 Aug 75; a Source Lead Development Report on another CIRL was approved i 
and this source was recruited on 4 Sep 75. These two sources were the first 
ones recruited in the US Army Materiel Systems Analysis Activity (AMSAA), 

a critical sensitive activity at APG. The PLO reestablished liaison contacts 
with local, state, and federal agencies in addition to maintenance of 
contacts with ICIP coordinators and security officers of those activities 
receiving ICIP support at APG, The PLO also established new casual sources 
in critical areas of the ICIP-supported activities at APG and vetted two new 
CIRLS who are under initial assessment. - . : 


(2) On 22 Aug 75, COL Kenneth L. Stahl, CDR, Edgewood Arsenal, was 
provided an up-date briefing by the PLO on the status of the ICIP and 
informed that the ICIP would require revalidation in six months. COL Stahl 
named CPT Vincent J. Falconio, Security Officer, Edgewood Arsenal, as the 
new ICIP Coordinator and requested that he be given the initial ICIP briefing. 
CPT Falconio was given the initial ICIP briefing and a status report on 
GONDOLA STAR on 22 Aug 75. COL Stahl advised that COL Burt Dall had been 
assigned as Deputy Commander, Edgewood Arsenal, and requested that COL Dall 
be given a briefing. 


(3) On 17 September 1975, presented the initial ICIP briefing to COL 
Dall. In the absence of COL Stahl, who was on leave, COL Dall and CPT 
Falconio, Edgewood Arsenal Security Officer, were also given the Quarterly 
Progress Briefing on 17 September 1975. 


(4) The PLO presented the Quarterly Progress Briefing to COL Alvin D. 
Ungerleider, Commander, APG; and Mr. Harry A. Mencke, Installation 
Intelligence Officer, APG. Both COL Stahl and COL Ungerleider expressed 
their pleasure that the CONDOLA STAR ICIP had been reinstated by the ACSI 
for an additional six months. 
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8. LENS HOLDER: (OACSI Revalidated - 4 Feb 75) 
a. Location: White Sands Missile Range (WSMR), NM 


b. Confidential Source Utilization: Two confidential sources were 
utilized during the reporting period. 


c. Information Obtained or Reported on Non-Affiliated Civilians: 
None , 


d. Useful Information Obtained: None 


e. Operational Status: One additional confidential source was 
recruited during the reporting period and one individual is presently 
under assessment as a potential confidential source. On 30 September 
1975, the Project Liaison Officer presented the Quarterly Progress Report 
to MG O. L. Tobiason, Commanding General, WSMR. The following personnel 
were also present at the briefing: LIC Charles I. Davis, Chief, Security 
Office, WSMR; LTC Arthur D. McQueen, Operations Officer, 525th MI Gp, 

CPT Marcel Hull, SAIC, Ft Bliss Resident Office, 525th MI Gp and GS-13 
William F, Arket, Chief Intelligence Division, WSMR, Since MG Tobiason 
was unfamiliar with the Enternal Counterintelligence Program (ICIP), the 
ICIP was explained in detail from its initiation to the present at WSMR. 
MG Tobiason was pleased vith the ICIP LENS HOLDER. 
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9. — LENTIL MONKEY:  (OACSI Revalidation - 4 Feb 75) 


a. Location; Defense Language Institute (DLI), Presidio of 
Monterey, CA : 


b. Confidential Source Utilization: Eight (8) confidential sources 


c. Information Obtained or Reported on Non-Affiliated Civilians: 
None 


d. Useful Information Obtained: 


(1) The temporary instructor in the Chinese-Mandarin Department, 
previously reported in the 4th Quarter, FY 75 Quarterly Report, who 
questioned her students about their future dutíes and expressed her 
displeasure at teaching Chinese to students to enable them to spy on 
the People's Republic of China, submitted her resignation on 4 September 
1975, Her last working day was 5 September and she departed the Presidio 
of Monterey area. 


(2) The instructor in the German Language Department, previously 
reported in the 4th Quarter, FY 75 Quarterly Report, who travelled to 
East Germany without notifying the DLI Security Officer, has been 
officially admonished by the Chairman of the German Language Department. 
She was advised that any future disobedience of DLI Regulations will be 
punished with a 10 day suspension in accordance with Civil Service Regula- 
tions. 


(3) An ICIP source developed information that an instructor in the 
Russian Language Department is a former member of the Soviet Army's equiv- 
alent to the US Army Security Ágency and that he had received special 
training in the English language while in the Soviet Army. This indivi- 
dual left the Soviet Union in Apr 74 and was hired at DLI in Oct 74. This 
instructor was recently joined by a former coworker in the Soviet Union. 
The new instructor left the Soviet Union in Apr 75 and was hired at DLI 
in Jul 75. These two individuals taught together at the Leningrad Herzen 
Pedagogical Institute in Leningrad, USSR in the late 1960s and early 1970s. 
Messages of inquiry concerning these individuals were sent to USAREUR and 
a request was sent to the 525th MI Group to conduct discreet checks on the 
first individual and the Civilian Personnel Office, DLI, submitted a NAC 
request on the second individual. 


e. Operational Status: 


(1) During the reporting period three sources were terminated due to 
their graduation and five sources were recruited, Four students and a 
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Technical Language Ássístant are presently being assessed. 


(2) On 5 Sep 75, COL Samuel L. Stapleton, who replaced COL Koenig 
as Commandant of DLI, received his first Quarterly Briefing on ICIP 
LENTIL MONKEY. As a result of the briefing, COL Stapleton directed his 
security officer to prepare a videotape security lecture to be given to 
all students on their arrival at DLI. COL Stapleton further directed 
his security officer to closely coordinate the videotape with the Project 
Liaison Officer in order to insure coverage of all aspects of the security 
Bituation at DLI and to determine the most expeditious was to obtain 
background investigation for ali instructors who have not previously had 
such investigations. The Security Officer was instructed to investigate 
the possibilities of having bring-up investigations conducted on pre- 
viously checked instructors; in addition, he is to coordinate with the 
= Civilian Personnel Office to initiate procedures whereby the hiring of 
. new instructors would be contingent on their receiving favorable security 
n checks. In attendance with COL Stapleton at the Quarterly Briefing was 

MAJ Richard A. Erickson, Security Officer, DLI. 
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(3) On 5 Sep 75, subsequent to the Quarterly Briefing, a visit was 
made to DLI by USAINTA personnel concerning the ICIP, The purpose of 
the visit was to acquaint the incoming DLI Commandant with some of the 
potential security problems at DLI which have arisen in the past from . 
the varied, foreign backgrounds of the instructors and the fact that the 
Students are destined for intelligence assignments. The Commandant 
indicated that he believed the ICIP would prove to be a valuable adjunct 
to the DLI security program and that he would support the program whole- 
heartedly. Key personnel in attendance were COL Stapleton; COL William 
F. Strobridge, CDR, 525th MI Group; LTC Grimes, CDR, Special Operations 
Detachment, USAINTA; MAJ Richard A, Erickson, Security Officer, DLI; and 
Mr. Jeremy H. Hughes, PIO. 
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DEPARTMENT OF THE ARMY 
HEADQUARTERS 
U. S. ARMY INTELLIGENCE AGENCY 
FORT MEADE, MARYLAND 20755 ° 


OCT 2 £ 1975 
MITA~SO-SA 
SUBJECT: Quarterly Reporting of Intemal I M 
Program (ICIP) Operations (U) 

7 i H@UA (DAMI-DOI-C/MAJ EBERSOLE) 
p WASH DC 20310 
E 1. During September 1975, at the Woodbridge Research Facility 
E , Harry Diamond Laboratories, personnel conducted a series of 
FL classified tests on foreign equipment under the ROUGE-EMORY Program. 


Since HDL is supported by the ICIP CENTAVO KID, the Project Liaison 
Officer (PLO) provided assistance to WRF to determine times when the 
air space over WRF would be free of satellites. The storage area was 
checked for security and the PLO made several suggestions conceminz 
the camouflaging of the test material while it was in the open. WRF 
adopted the suggestions. On 5 September, a light aircraft identified 
only as a Piper Cherokee 140, flew over the test site at which the ROUGE- t 
EMORY material was located, circling and hovering over the site from 5-7 
minutes. (On 17 September, an unidentified light aircraft again flew over 
the WRF, particularly circling over the area where the ROUGE-EMORY test 
equipment had been set up previously. Light aircreft normally avoid the 
WRF because of the numerous antennas and towers at the Facility. During 
the time WRF has been at its present location, no known overflights of 
this type have been reported. The overflights are being investigated in 
. coordination with the FBI. 


w 
2, The ICIP providing support to activities located at Edgewood 
Arsenal and Aberdeen Proving Ground was reactivated during the reporting 
period as a result of revalidation action by the OACSI on D July 1975, 
raising the total number of active ICIPs in CONUS to nine. The ICIP OPLAN 
at Fort Ritchie was revised on 15 September to reflect target area re- 
alignment resulting from reorganization of the US Army Communications 
Command (USACC). 


3. USAINTA is monitoring an ICIP started on about 1 July 1975 at the 
Amy Security Agency (ASA) Augsberg Field Station, Federal Republic of 
Germany. USAINTA reviewed the operations plan for the ICIP, coordinated 
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rting of Internal Counterintelligence 
Ope rations (v) 


MIIA-S0-SÀ 
SUBJECT: Quarterly Repo 

Program (ICIP) 
the plan with ASA, and notified ODCSI, USAREUR that the ICIP was approved 
by the CO, ASA, During the reporting period, no 4nformation was received 


concerning the ICIP. 


h. (0 Brief status reports for each ICIP 
‘attached as inclosures. 


operation reported upon are 
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OCT 2€ 1975 
w1A-80-SA 


SUBJECT: Quarterly Reporting of Internal Counterintelligence 
Program (ICIP) Operations (U) 


RAA (MNI-ROI-C/XJ DEAE) 
wm DC 3090 


l. During September 1975, at the Woodbridge Research Facility 
Jarry Diamond Laboratories, personnel conducted a series of 
elossi fied testa en foreign wader the ROUGS-EMORY Programa. 
Since HL is supported by the ICIP CENTAVO EID, the Project Lisison 
Officer (PLO) provided assistance to WEF to determine times when the 
free of satellites. The storage ares was 


tine WRF has been at ite present location, no known overflights of 
this type have been reported. ‘The overflights are being investigated in 
coordina with the PRT. 
g. The ICIP providing Support to activities located at Edgewood 
and 
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mo "analy Reporting of Internal Counterintelligence 


Program (ICIP) Operations (U) 


plan ICIP was approved 
and notified ODCSI, UBAREUR that the 

hang m gi "wg Purine the reperting period, mo information was received 

concerwing the ICIP. 


h. (8) Brief status reports for each ICIP eperation reported upon are 
attached as inolosures. 


WILLIAM I. JENKINS 
e -< Special Assistant (OPS) 


-ACSI FORM 28, 13 Sep 71 
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ACTION 
(ueaJECT OFFICE SYMBOL _ BSUSPERSE 
- DAMI -DOH 
DATE 
Internal Counterintelligence Program (ICIP) Operation 11 September 1975 


action manno CANARY EFFORT {U 
To furnish ACSI, DA approval of subject OPLAN to CDR, USAINTA, 
MEMORANDUM POR RECORD. — (Describe briefly the requirement, bachground and action imken ar recommended. Mast be sufficiently detailed te identify 
the recourse io ather sources. } - . 
BACKGROUND: By letter dated 9 September 1975, subject as above (TAB B), the 
Director of Operations, USAINTA (MIIA-GPC-SO) forwarded to (ACSI (DAMI-DOH) for 
review and approval, a revised operations plan for CANARY EFFORT (U) which provides for 
continuation of the existing ICIP at Fort Ritchie, Maryland. Revision of the existing 
OPLAN was necessitated by tbe reorganization and redesignation of the US Army Communica- 
tions Command (USACC) - CONUS as the 7th Signal Command effective 1 July 1975. 


AU%,. DISCUSSION: 


a. Ma jor changes in the revised OPLAN are as follows: 


ONTROL NUMBER 


(1) Realignment of target areas and increased coverage to the Telecommunications 
Directorate, the Alternate Joint Command Center (AJCC), the Alternate National Military 
Command Center (ANMCC), the Alternate National Command Center Support Directorate 
(ANMCCSD), and the East Coast Telecommunications Center (ECTC). All are considered 
priority I for the purposes of counterintelligence support. The ECTC is located at 
Fort Detrick and the other activities are all at Fort Rítchie. 


(2) The Execution Phase of the revised OPIAN remains essentially unchanged except 
for the addition of a Project Case Officer (PCO) at Fort Detrick to assist in providing 
coverage for the ECTE., 


(3) The OPLAN provides that each source and individual involved in the conduct 
and control of the operation will sign a certificate stating that he has been briefed 
and understands the provisions and constraints imposed by AR 380-13. 


b. There is no significant change in the objectives of the OPLAN, 


3. (U) RECOMMENDATION: That the ACSI approve the revised OPLAN and sign the lst 
Indorsement to the USAINTA letter at TAB A. 
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DEPARTMENT OF THE ARMY 
HEADQUARTERS : 
U. S. ARMY INTELLIGENCE. AGENCY 
FORT MEADE, MARYLAND 20755 i 


U 9 SEP 1375 
MI1A-GFC-SO(SA) 


SUBJECT: Internal Counterintelligence Program (ICIP) Operation 
CANARY EFFORT (U) 


HQDA (DAMI-DOI-C/LTC MHAENDIE) 
WASH DC 20310 


QUT 


Ls The 1 July 1975 reorganization and redesignation of the US 
Army/Communications Command (USACC) - CONUS as the 7th Signal Command 

i resulicd in a realignment of target areas of the ICIP CANARY EFFORT (u) 
at Fort Ritchie, Maryland. Attached as inclosure 1 is a revised opera- 
tions plan for CANARY EFFORT (U) which provides for continuation of the 
existing ICIP and reflects the changes brought about by this reorgani- 
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zation. 
F 2, The new Tth Signal Command reorganization has necessitated a 
chanfre in the mission of the ICIP to provide increased coverage for 


the Alternate Joint Command Center (AJCC) and those activities desig- 
nated by the Commandcr, 7th Signal Command, as listed in paragraph 4, 
below, and Annex A. There is no significant change in the objectives. 
The activities listed in Annex A will be considered Priority I for 
purposes of counterintelligence support. The Execution Phase of the 
revised OPLAN remains essentially unchanged except that an additional 
PCO will have a base of operations at Fort Detrick, MD, to assist in 
providing coverage for the East Coast Telecommunications Center (ECTC ), 
which is located at Fort Detrick. The revised OPLAN provides that each 
source and individual involved in the conduct or control of the opera- 
tion will be thoroughly briefed on the provisions and constraints of 
AR 380-13 and additionally will be required to sign a certificate stat- 
ing that they have been briefed and understand the limits imposed by 

AR 380-13. 


3. (U) Four organizational charts which show the former and present 
command and staff organization by line charts of the 7th Signal Command 
are attached as inclosure 2. These charts illustrate the principal 
internal changes occurring as a result of, the 1 July 1975 reorganization, 
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MIIA-GPC-S0(SA) 
SUBJECT: Internal Counterintelligence Program (ICIP) Operation 
CANARY EFFORT (U) 


lh. ( The Telecommunications Directorate, primary target for the 
presént ICIP, was formerly undcr thc operational control of the 
Commander, Fort Ritchie. With the reorganization, the Telecommunica- 
tions Directorate, as well as USACC Site R Telecommunications Center 
and all other USACC Telecommunic::tions Centers in CONUS, are under the 
operational control of the newly established USACC Operations Command. 
In addition to the USACC Operations Command elements indicated, the 
following: additional activitics will be supported by the revised opera- 
tions pian: 


: a, Alternate National Military Command Center (ANMCC). 


a b. Alternate National Military Command Center Support Directorate 
E (ANMCCSD). 


c. East Coast Telecommunications Center (ECTC). 


5. (U) Recommend approval of revised plan at inclosure l. 
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2 Incl Via y, Á PATTAKOS 


FOR THE COMMANDER: 


as , 
rector of Operations 
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EONTROL NUMBER 


OFFICE SYMBOL 
DAMI-DOH 
DATE 
3 Sep 75 
To obtain approval of the quarterly ICIP Report 


MEMORANDUM POR RECORD. (Describe briefly the reqeirement, bechgroand and action icken or recommended. Must be sefficiently detaited ts identify 
the action without receurse ia other azarces. ) f - 

1. (U) Background: By memorandum dated 8 February 1972 (TAB B) the Under Secretary 
of the Army requested that the VCSA provide a quarterly report on all ICIP operations. 


+ AC .,.9N SHEET 
ro PP ILLE 
marr- p ' . 


Internal Counterintelligence Program (ICIP) (vu) 


ACTION REQUINED 


2. 


Discussion: 


4 a. During the past quarter, in response to a request from the Commander Aberdeen 
M Proving Ground, the ICIP which had been terminated at that installation was revalidated 
p for six months, This operation will be reexamined during the first calendar quarter 

Hd 1975. 

e 

v b. Memorandum at TAB A provides the information required by the Under Secretary 
ES of the Army for the remaining eight ICIP operations. 

& 3. (U) Recommendation: That memorandum at TAB A be approved and signed, 

t 

a 


MFR = Cy of VCSA/USofA appr fwd to USAINTA 29 Sep 75 
RAE 


REGRADED UNCLASSIFIED 
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av COE USAINECOM FOUPO 
TH PARA 1-603 DoD 6200.1-R 
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PARTMENT OF THE ARMY 
HEADQUARTERS 
U.S. ARMY INTELLIGENCE AGENCY 
FORT MEADE, MARYLAND 20755 


— JUL 17 1975 


SUBJECT: Quarterly Reporting of Internal Counterintelligence 
Program (ICIP) Operations (U) 


HQDA (DAMI-DOI-) 
WASH DC 20310 


AG aoe incidents of counterintelligence interest involving 
e 


S ts or persons tentatively identified as Soviets were reported 
upon during the fourth quarter of FY 1975. One such report was that 
a First Secretary of the USSR Embassy visited an auditorium in the 
Harry Diamond Laboratories (HDL), on two occasions to attend evening 
meetings of the Institute of Electrical and Electronics Engineers, 
Inc., (IEEE), a professional society for engineers. The Soviet 
official attended one IEEE meeting, but was refused entrance to a 
second meeting. Although only unclassified matter is presented at : 
these meetings, the potential security dangers are self evident, ; 
Details of the incident were reported to the FBI. 


Ce "RETINA rene [P 


a pant y, 


os Two other incidents involving persons tentatively identified 
as Soviets occurred in the Fort Ritchie area. The first report, which DOR 
was in April 1975, concerned an individual bearing a strong resemblance 
to a KGB member who paid an unusual amount of attention to a shipment 
of sensitive equipment destined for Fort Ritchie. The second incident 

concerned an individual assigned to Fort Ritchie who reported that a 
man representing himself as a contract employee attending a DOD- 
sponsored conference in Pennsylvania claimed extensive contact with 
Soviets in Hagerstown, MD. Although the latter incident occurred in 
1974, because of the sensitivity of Ft Ritchie, both incidents have 
been reported to the FBI with a request for an investigation to include 
a determination if there is any relationship between the two incidents. 


3e Correspondence was submitted on the ICIP GONDOLA STAR at 
Aberdeen Proving Ground which was reported in the 3d Qtr, FY 75, as 
scheduled for termination, requesting that the Operation be reconsidered 
for continuation, Excluding this ICIP, there were eight active ICIPS 

at the close of the reporting period, 


s 
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MIiA-GPC-SO 
SUBJECT: Quarterly Reporting of Internal Counterintelligence 
Program (ICIP) Operations (U) 


h. (U) Brief status reports for each ICIP operation reported upon 
are attached as inclosures. 


FOR THE COMMANDER: 


OL ur teen 


8 Incl ALBERT Ne WEIDHAS 
as Colonel, MI 
Director of Operations 


N 


A 
es MOM Assistant to the Director 
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DEPARTMENT OF THE ARMY 
OFFICE OF THE ASSISTANT CHIEF OF STAFF FOR INTELLIGENCE 
WASHINGTON, D.C. esto - 


we, 


- 
^ 
» 0^ 
E af. 
. wf. 
* ' 


MEMORANDUM THRU: VICE CHIEF OF STAFF, UNITED STATES ARMY 


NOTED py — *5 SE? 1975 
FOR: -UNDER-SECRETARY-OF-FHE-ARMY— Y 
THE UNDER SECRETARY OF THE ARMY 
SUBJECT: Internal Counterintellígence Program (ICIP) (U) -- INFORMATION 
MEMORANDUM 


1. rss the past quarter, three incidents surfaced as a result 
of ICIP operations which involved known or suspected Soviets. One 


report concerned a USSR Embassy official who visited an auditorium at 
the Harry Diamond Laboratories on two occasions, to attend evening meet- 
ings of the Institute of Electrical and Electronics Engineers. The l 
official attended one meeting, but was denied entrance on a second 
occasion, The other two incidents occurred in the Fort Ritchie, MD 
area. Ome concerned a report of an individual bearing a strong 
resemblance to a KGB member who was particularly concerned about a 
shipment of sensitive equipment destined for Fort Ritchie, while the 
other involved a man representing himself as a contract employee 
&ttending a DOD-sponsored conference in Pennsylvania, who claimed 
extensive Contact with Soviets in Hagerstown, MD. All three incidents 


In response to a request from the Commander, Aberdeen Proving 
Ground, MD, I have revalidated GONDOLA STAR for a six-month period. I 
plan to closely monitor the results of this operation, and will make a 
final determination in January 1976 as to whether or not it should 
continue. 


3. (U) Summaries of the eight on-going ICIP operations are inclosed. 


18 SEP 1975 Y i : £5 | 


RECOMMERD APPROVAL - VCSA —— "^ROLD R. AARON 
8 Incl Major General, GS 
as lu ACofs for Intelligence 


e WILLIAN G. Es 7 c S/, 2A 
jor, GS 2 d 
Pe acest Ro gy D Sor 


MAJ Ebersole/56159 
+ Typed by G. Rivera 


soo o €^ 7 " the Army Staff H k 
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a. Location: Fort Ritchie, MD. 


l. CANARY EFFORT: (OACSI Revalidation - 4 Feb 75) 


b. Confidential Source Utilization: Three confidential sources. 


c. Information obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d. Useful Information Obtained: 


(1) Information was surfaced pertaining to the alleged abuse of drugs 
on the part of seven (7) individuals assigned sensitive/critical duties. 
Additionally, adverse suitability information concerning nine (9) individuals 
was reported, This information involved indebtedness, alcohol abuse, moral 
improprieties and mental instability. As a result of the information 
furnished, four individuals had their access to classified information 
suspended; investigations were requested on three individuals; and the 
activities of the other individuals are being monitored. 


(2) Information was reported concerning an individual who resembled a 
suspected KGB member, The individual has paid an inordinate degree of 
attention to the activities of a US civilian firm and a sensitive ship- 
ment destined for Fort Ritchie. Another individual reported conversations 
that occurred in August 1974 in a bar in Waynesboro, PA where he learned š 
that an individual believed to be a contract employee claimed to have 
had contacts with Soviets who worked in Hagerstown, MD. Both incidents 
were reported to the FBI with a request for investigation. 


e. Operational Status: 


(1) On 25 June 1975, the PLO briefed COL Harold G. deMoya, Cdr, 
Fort Rítchie, and COL John J. Plosay, Jr., Deputy Cdr, Fort Ritchie. 


(2) COL Donald E. Clark assumed command of the 7th Signal Command 
(which includes the Pentagon Telecommunications Center) on 18 July 1975 
and was briefed on CANARY EFFORT. The 902d MI Group which is conducting 
the ICIP at Fort Ritchie prepared a revised operations plan reflecting 
changes in mission and target areas which resulted from the reorganization 
of the US Army Communications Command (USACC) into the 7th Signal Command. 
Prior to the reorganization.the Telecommunications Directorate, located at 
Site "R" and the primary target for the ICIP, was under the operational 
control of the Cdr, Fort Ritchie. Under the new organization, the 
Telecommunications Directorate, as well as the telecommunications centers 
throughout CONUS, are under the operational control of a new established 
activity, the USACC Operations Command. 
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2. CANINE PLATE: (OACSI Revalidation - 4 Feb 75) 
a. Location: Seneca Army Depot (SAD), Romulus, NY 
b. Confidential Source Utilization: None. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d, Useful Information Obtained: None. 


e. Operational Status: On 6 May 1975, COL Alan A. Nord, recently 
assigned as Commander, Seneca Army Depot, was provided an initial 
briefing on the ICIP Operation CANINE PLATE (U). COL Nord stated that 
he favored the expansion of the Operation and the PLO should be allowed 
full, unescorted access to the Directorate for Special Weapons and the 
Special Weapons Storage Area. The last change would permit spotting 
and assessing potential sources in areas not open previously to the 
PLO except by peripheral contact. During the reporting period, con- 
tact was made with four conventional sources. Additionally, initial 
assessments were made of two potential sources, one in the Transporta- 
tion Division and one in the Directorate for Quality Assurance. The 
PLO has been involved with providing informal counterintelligence 
assistance to the Military Police Company responsible for the physical 
security of SAD, Since the initial briefing on the ICIP was presented 
to the Commander on 6 May 75, a subsequent Quarterly Progress Report 
was not given. With the expanded latitude and favorable attitude toward 
ICIP operations evinced by COL Nord it is anticipated that development 
of the operation will be accelerated, 


Page 1918 of 395 


i CANTER RIDE: (OACSI Approval - h Mar 75) 


8. Location: US Army Missile Command (USAMICOM), Redstone 
Arsenal, AL 


b, Confidential Source Utilization: One. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None, 


d. Useful Information Obtained: The ICIP confidential source 
provided substantial information on security weaknesses within the 
p supported comand to include poor housekeeping practice, lack of 
ae control of reproduction facilities, Lack of proper control of area 
C access, lax security attitudes and possible compromise of security 
ia badges through continued loss. As a result of the information pro- 


fa vided by the source, the Director, US Army Missile RD&E Lab, directed 
: i that poor housekeeping practices be corrected prior to 1 July 1975 

tt Subject to his personal inspection. Source will continue to monitor 
f the security posture of the target &rea, Additional information has 


been obtained on the personalities involved in the previous investi- 
gation under provisions of AR 15-6 which led to the initiation of 
the operation for the insertion of a Confidential Source into the 
target area, Information provided has resulted in the initiation of 
d credit checks and local agency checks to confirm or refute allegations. , 


e. Operational Status: On 16 April 1975, confidential source, a 
Military Intelligence warrant officer was inserted into the target area 
as an administrative officer. This source appears to be very well 
received within the target area and has provided substantial informa- 
tion to include information noted in paragraph 1d above. His outgoing, 
friendly manner coupled with his professional intelligence background 
wiil increase the potential of the ICIP operation, COL Arthur G. Lange, 
Jr., Chief of Staff, USAMICOM, was briefed on the implementation of the 
operation on 7 April 1975. He was subsequently briefed on 9 June and 
will be briefed subsequent to each meeting with the confidential source. 
The briefing given COL Lange after each meeting with the confidential 
source will be given in Lieu of the Quarterly Progress Briefing since 
this will keep USAMICOM informed of the progress of the operation on a 
more current basis than would be the case if briefing were confined to 
Quarterly Progress Reports. The PIO's briefing was well received by 
COL Lange, who indicated that he would inform MG Ellis. 


M a 
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AC ) CANVAS TAX: (OACSI Revalidation - 4 Feb 75) 


a. Location: Sierra Army Depot (SIAD), US Army Materiel 
Command, Heriong, CA 


b. Confidential Source Utilization: None. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d, Useful Information Obtained: None. 


e. Operational Status: Four conventional sources are currently 
being used to provide coverage in the Priority I Targets which are 
Exclusion Area I, Storage Area for Special Weapons; and Exclusion 
Area II, Maintenance and Calibration Facilities for Special Weapons, 
Recruitment of one confidential source is pending and a second poten- 
tial source in Exclusion Area II is undergoing initial assessment. 

The Quarterly Progress Report was presented by the PIO on 3 July 1975 
to the following SIAD officials: COL Robert Hawlk, Commander, SIAD; 
LTC Bernard Render, Dep CDR, SIAD; MAJ John Jolley, Provost Marshal/ 
Security Officer, SIAD; CPT Wayne Herringer, Intelligence Officer, 
SIAD; and Mr. Anthony Tornabene, Asst Intelligence Officer, SIAD, The 
Commander, SIAD, requested that the PLO brief him on the nature of the 
EEI levied on sources in the ICIP. The Commander indicated that he is 
interested in determining if the remoteness of the area and the type 
of duty has any bearing or influence on the number of suitability cases 
among SIAD personnel. The Commander feels that there may be a number 
of suitability cases among his present personnel involving such factors 
as sexual promiscuity, alcohol or drug abuse, or excessive indebtedness, 
By identifying these individuals, the Commander will strive to reduce 
personnel problems at STAD. COL Hawlk indicated that he was satisfied 
with the progress being made in efforts to develop the ICIP and make 

it a more viable operation. 
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5. v CENSUS TIME: (OACSI Revalidation - 4 Feb 75) 


a. Location: Pentagon Telecommunications Center (PTC), US Army 
Communications Command (USACC), The Pentagon, Washington, DC 


b. Confidential Source Utilization: One. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


T 


d, Useful Information Obtained: An ICIP source reported that a PTC 
civilian employee’s effeminate gestures and high pitched voice were respon- 
sible for office gossip that the employee was a homosexual, The employee, 
who is currently employed as a relay operator, was transferred from the 
coding and decoding section because he allegedly coded an obscene message 
that was to be sent to an overseas user. The ICIP source provided other 

: information concerning possible security violations involving the employee. 
The employee's dossier was examined and it was noted that during a back- 
ground investigation conducted approximately ten months ago, there were 
recommendations that the employee not be considered for positions of trust 
and responsibility. Investigative efforts are continuing to verify or 
refute allegations concerning the employee. 


SAU Ito huc ne mH n 
* ye Boy nie d i 


e. Operational Status: The reorganization of the US Army Communica- 
tions Command at Ft Ritchie into the 7th Signal Command has had an effect 
on the operational status at the PTC. COL Clark, who has a positive atti- 
tude toward the ECIP assumed command of PIC in July, and was given a full 
progress report of this operation. All personalities in the operation 
have changed. In addition to the new commander who is amiable to the 
program, there is a new security manager, CPT Richard Pederson, who gave 
the program support previously when he was assigned to the Defense Language 
Institute, East Coast, Washington, DC. A new PLO has also been assigned to 
the operation. With the above personnel changes and COL Clark's encouraging 
attitude, this ICIP is now afforded an excellent opportunity to expand and 
be more productive. 
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6. bD CENTAVO KID: (OACSI Revalidation - 4 Feb 75) 
a. Locationt Harry Diamond Laboratories (HDL), Washington, DC. 
b. Confidential Source Utilization: None. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians - None, 


d. Useful Information Obtained: 


(1) It was reported that a First Secretary at the USSR Embassy in 
Washington, DC had attended a meeting of the Institute of Electrical and 
Electronics Engineers, a professional society for engineers, which was 
held in the HDL auditorium. The subject matter presented during the evening 
was unclassified, When the Soviet official attempted to attend a second meet- 
ing of the society, he was denied entry. Both incidents were reported to the 
FBI. The Commander, HDL was advised that the use of the auditorium by out- 

: side groups would render it insecure until appropriate security checks were 

conducted, 


Y 


Dn cuuETR j 


(2) The PLO noted and called to the attention of the HDL Security 
Officer several minor security problems during the period. These were 
either corrected on the spot, or recommendations for correction were made. 


e. Operational Status: The final report for the reorganization of : 
HDL into the Harry Diamond Developmental Center (HDDC) was submitted to 
Congress and the Secretary of the Army. It was expected that the 
Secretary of the Army would make a final decision by September 1975. The 
consolidation of various electronics facilities under the control of HDDC 
will make HDDC the prime center for electronics research and development 
in Department of the Army. If approved, the consolidation at HDL would 
begin in October 1976. COL Einsel, Cdr, is scheduled to depart HDL 
about September 1975. His replacement will be COL Richard H. Sawyer, 
_ who is now serving as the Commander of the Watervliet Arsenal, Watervliet, 
New York, On 11 June 1975, COL Einsel, Cdr, HDL, and Mr. James F. Yeick, 
Security Officer, HDL, were briefed on the quarterly progress of the ICIP. 
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7. LENS HOLDER: (OACSI Revalidation - 4 Feb 75) 
a. Location: White Sands Missile Range (WSMR) , NM. 


b. Confidential Source Utilization: One confidential source was 
utilized during the reporting period. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d. Useful Information Obtained: The following information on WSMR 
personnel reported by the confidential source in this ICIP was reported 
to the Chief, Intelligence Division, WSMR, who took action as indicated: 


(i) A report to the Security Officer, Army Missile Test and Evalua- 
tion (ARMTE) Directorate that an ARMTE employee frequently left his 
security container open and unattended resulted in a special briefing 
on WSMR Regulation 380-5 (Security Regulation) for all ARMTE employees 
who also were required to sign certificates that they understood the 
requirements of the security regulation. 


(2) The civilian firm which contracts for security guards at WSMR 
permitted an enlisted man to work part-time as a guard in the Exclusion 
Area of TRASANA without having the proper security clearance for that 
area. The Security Office, WSMR, has now insured that the enlisted man 
has been processed for the proper clearance by the contractor, 


(3) Reports of several instances of laxity on the part of TRASANA 
security guards at night and instances of classified material left in 
in/out boxes after duty hours. The Security Officer took immediate 
action upon receiving this ínformation to re-orient guards and personnel 
on their security obligations. Source has reported a noticeable improve- 
ment in security since the earlier reports. 


(4) Reports of an Army Officer assigned to the Office of Missile 
Electronics Warfare (OMEW) who allegedly was misappropriating computer 
and electronics equipment to build his own computer at home were passed 
in a Summary of Information to the Sixth Region US Army Criminal Investi- 
gation Division Command for action by that agency. 


e. Operational Status: One confidential source was recruited early in 
the reporting period, A second confidential source is in the final stages 
of assessment in the Office of Missile Electronics Warfare. On 17 June 1975, 
the PLO presented the Quarterly Progress Report to MG R. J. Proudfoot, Com- 
manding General, WSMR. The following personnel were also present at the 
briefing: COL William F. Strobridge, Cdr, 525th MI Group, LTC Charles I. Davis, 
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; Chief, Security Office, WSMR, and Mr. William F. Arket, Chief, Intelligence 
i Division, WSMR. MG Proudfoot indicated that he was pleased with the pro- 
gress of LENS HOLDER and stated that WSMR needed this type of program. 
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8. 09 LENTIL MONKEY: (OACSI Revalidation - 4 Feb 75) 


a, Location: Defense Language Institute (DLI), Presidio of 
Monterey, CA, 


b. Confidential Source Utilization: Six (6) confidential sources. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 7 


d. Useful Information Obtained: 


(1) A Source in the Chinese-Mandarin Language Department furnished 
information concerning a temporary instructor of that department who 
closely questioned her students about their knowledge of their future 
duties and expressed her displeasure at teaching Chinese to students 
. to enable them to "spy" on the People's Republic of China. A DCII 
M check, made to revíew the instructor's USAIRR Dossier, revealed no 
dossier ín the files. The instructor who was born in Canton China and 
is a British citizen, will not have her employment contract with DLI 
renewed when it expires in September 1975, 


mps veu 


(2) Information was reported concerning the travel of an instructor 
: of the German Language Department to East Germany without the required 
E notificatíon to the DLI Security Officer. The DLI Security Officer 
& plans to permit the instructor to perform the travel and upon return 


to DLI will question her concerning non-compliance with DLI regulations. 


(3) A Technical Language Assistant in the Russian Language Depart» 
ment reported a visitor to that Department in late May. The visitor 
requested copies of training material used in the Russian Dept, claiming 
he wanted it for training purposes in his reserve unit. The visitor 
was given two training exercises which were unclassified and taken 
largely from Russian language periodicals. The visitor, who was told 
to return later because additional material was not readily available 
did not return. Sufficient identifying data was not obtained on the 
visitor but an attempt is being made to obtain fuller identification. As 
a result of the incident the Director DLI, at a staff meeting placed 
special emphasis on the responsibilities of all staff members to be 
alert for unauthorized visitors. In addition, visitor requirements and 
restrictions were published and distributed throughout DLI. 
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CONTROL NUMBER 


Lis ACTION SHEET P 


RST OFFICE SYMBOL 
Internal Counterintelligence Program (ICIP) (V) DATE 
30 July 1975 


ACTION NEQUEMD 

To provide approval/disapproval to an operation plan. 
ENDORANDUN POR SECORD. (Describe briefly the requirament, background and ection taken or recommended. Bu st be sufficiently detaited to identify 
the action witheat recourse te ather sources. } ý 


l. Le Inclosure to TAB À is an operations plan for an ICIP submitted 
inférmally by the Pentagon Counterintelligence Force. The plan calls for an ICIP in 


the QACSI Communications Center. 


2. DISCUSSION: While the QACSI Communications Section is a sensitive element 
of OÁCSI, it is extremely small and confined. Security would be difficult to maintain 
as evidenced by the fact that several individuals in the QACSI administrative office 
were aware of the proposed ICIP. 


3. (U) RECOMMENDATION: That the proposed ICIP be disapproved and the memorandum at 
TAB A be signed and forwarded to the Commander, Pentagon Counterintelligence Force, 


REGRADED UNCLASSIFIED 
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MOCRANDUM POR; COMMARIER, PENTAGON COVNTERINTELLICENCR PFORCE 
SURJECT: ‘eternal Counteriutelligence Pregrem (ICiP)(U) 


t. (WV) Subeequemt to the subuission of the íacicsed operations plan, the 
entire ICI? wes critically reviewed. The result of this review vas the 


i^ c rM . 


; termination ef speretions at iastallations and facilities where degree 

A ef sensitivity e£ the facility, er the type inforsation developed did not 
T justify the expenditure of resources. 
i 2. The OACSI Commaications Section, while an extremely sensitive 
: el e£ OACUI, ia staffed primarily with senior NCOÓ's and a wmber of 


civilians who have been employed in the same area for considerable periods 
ef tine. The number of persoanei employed in the Commmicarions Section 

is approximately 30, aad these individuals asa the area on a 24 hour basis. 
They process large volumes of mail end messages sach month and there is 
comaidexable preasure exerted continually to Ímeure correspondence handling 
fia correct. Considering the size of this element, amd the workiag con- 
ditions under which they operate, the security of em ICIP is doubtful. 
Further, the pressures aed frustrations could be expected to increase if 
there were any indications of the existence of am ICIP. 


5. ( The activities of this element have been examined, and other than 
the sensitivity of the facility, there is no indication as to why this ele- 
ment vould be a more lucrative target for an ICIP than any other element in 
CSI. 


4. (U) The attached operations plan is not favorably considered because 
the target ts mot considered sufficiently appropriate fer en ICIP. 
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4 ELI d. 
OPERATIONAL PLAN 
SUBJECT: Operations Plan, Internal DATE: 5 November 1974 


Counterintelligence Security 

Program, Office Chief of Staff REPORT NO: 
for Intelligence, The Pentagon, 

Washington, DC PROJECT NO: 


REFERENCES: (U) 
Chapter 5, Sectíon III, USAINTC Regulation 381-100, 1 March 1974 (C) 


- b. Chapter 2, USAINTC Regulation 381-100-1, 8 February 1974 (S) .. 


F 

:. c. DOD Directive 5100.49, dated 3 December 1965, Subject: Pentagon 
E Counterintelligence Program. 

Eo. d. AR 381-115, dated 2 July 1969, Subject: Counterintelligence 

E Investigative Agencies. 


e. AR 381-130, with changes 2-4, Subject: Counterintelligence 
Investigations, Supervision and Control. 


f. FM 30-17, dated January 1972, Subject: Counterintelligence 
Special Operations. . 


g- FM 30-17A, dated February 1973, Subject: Counterintelligence 
Special Operations (C). 


h. AR 380-13, dated 30 September 1974, Subject: Acquisition and 
Storage of information Concerning Non-Affiliated Persons and 


Organizations. 


(4 
1. MISSION: 


a. Requirement: The mission of the OACSI, Administrative Office, 
Communications Section is to process incoming and outgoing mail; provide 
mail pick-up and delivery; world wide attache pouch support via coordí- 
nation with the State Department. The Communications Section also main- 
tains a registered mail record; a TOP SECRET Control Office; and operates a 
NATO, SEATO and CENTO sub-registry. There are approximately twenty 
thousand messages per month up to and including collateral TOP SECRET 
handled by this section. 
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b. Objective: This operation will provide the ACSI with a concen- 
trated, aggressive security service within the confines of the Pentagon 
Reservation, and will provide a fast factual reporting system of any im- 
minence of activities which would necessitate immediate command action and 
possibly pose a direct threat to the security of OACSI Communications 
Section. In order to accomplish the objective of this operation, an 
effective and coordinated use of overt and covert counterintel]igence 
Sources and techniques will be implemented which are designed to detect, 
neutralíze, and eliminate the foliowing elements and factors which pose 
a direct threat to the security of the Communications Sections. l 


(1) Acts of espionage, sabotage, or subversion. 
(2) Hostile foreign intelligence activities. 


(3) Disloyalty, disaffection, and other threats to the security 
of OACSI. 


(4) Character weakness, habits, or improper conduct which makes 
personnel assigned to the Communications Section vulnerable to coercion or 


blackmail. 


(5) Acts of the Communications Section personnel affiliated with 
anti-Army dissident organizations which seek to disrupt the maintenance of | 
good order, discipline, and morale within the Pentagon. 


c. Base of Operations: Special Operations Section, Pentagon Counter- 
intelligence Force/National Capital Region Field Office, 902d MI Group, 


Room BE 800, The Pentagon, Washington, DC 20310. 


2 (Uses PERSONNEL: 


a. Confidential Source Personnel: To be selected from personnel assigned 
to the Communications Section, OACSI. 


b. US ARMY Intelligence Personnel: The following personnel of PCF/NCR 


FO will function in the capacities indicated: 


(1) Project Officer: CPT Kenneth R. Schlag 

(2) Project Control Officer (PCO): CW2 Shawn M. Sandlin 
(3) Alternate PCO: CW2 Leonard NMN Gross 

(4) Project Liaison Officer (PLO): CPT Kenneth R. Schlag 


(5) Alternate PLO: SFC George E. Perry 


3. (C) COVER AND DOCUMENTATION: (SEE ANNEX A) 
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) 
: a. The ICIP rroject Officer and PLO will fun.cion in a completely 
overt manner. No attempt will be made to conceal their affiliation with 


military intelligence. 


b. The PCO will employ shallow cover in his contacts with confidential 
sources. He will not disclaim affiliation with US Army Intelligence, since 
to do otherwise would alarm prospective sources. 


4 (Whey EXECUTION: 


a. Concept of Operations: 


(1) The ICIP will be implemented by using the coordinated employment 
of overt liaison contacts and confidential source{s). Only confidential 
sources will be used in this operation due to the small size of the target 
area. 


(2) A concerted effort will be exerted towards the collection of 
information concerning military personnel assigned to the Communications 
Section. Collection will not extend to non-DoD personnel. In the event 
any individual not affiliated with DoD is identified as posing a threat 
against the Cables Section, the provisions of reference h will apply and 
prompt coordination will be effected with the appropriate authority. 

Each individual and source involved in the conduct or control of the 
operation will be briefed on current policies and constraints pertaining 
to counterintelligence activities as they concern persons and organizations 
not affiliated with DoD, reference h. 


(3) The PLO vill be the point of contact between the ACSI and PCF. E 
The PLO will present to the ACSI or his designated representative, a 
quarterly briefing on the progress of the operation. In the event the 
PLO receives information requiring immediate action by OACSI, the information 
will be released to the ACSI and the Commander, 902d MI Group. Such 
information will be sanitized or otherwise protected to insure continued 
operational viability and source utilization. 


(4) Specific EEI to be pursued are: 


(a) Determine the existance of espionage, sabotage, or subversíon 
within the target or directed agaínst the target. 


(b) If espionage, sabotage, or subversicn is known or suspected, 
identify the perpetrators, the nature and scope of their activities, their 
methods of operation, and the foreign or domestic organization controlling 
such activity. 


(c) Determine the prevalence of dissident activity within the target 
area, identify military or civilian personnel involved, and resolve whether 
such activity is supported or directed by elements outside the OACSI. 
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(d) Detect and report adverse suitability information, 
foreign contacts by Cables Branch nilitary members, and other 
significant matters which may be exploited by hostile intelligence 
services. 


a. The following activities and types of individuals will be sub- 
jected to continuous and intensive counterintelligence coverage: 


(1) Known or suspected security risks. 
| : (2) Persons who are known or suspected to associate with persons 


who are known or suspected members of hostile intelligence or subversive 
organizations. 


EP 


c. Implementation: 


(1) Overt Phase: The overt phase will begin immediately upon 

approval of this plan. Close liaison will be maintained with selected 

i OACSI Staff and security personnel. The PLO will be primarily responsible 
for the spotting and assessment of prospective confidential sources. The 
Spotting will be continuous throughout the operation so as to assure an 
adequate bank of prospective sources for possible covert utilization. 
The PLO will conduct the overt functions as necessary to include invest- 
igative activities and quarterly briefings concerning the status of the 
ICIP. 


TPR Ye ees 


(2) Covert Phase: The covert phase will be the responsibility 
of the PCO with the assistance of the Alternate PCO. This phase will include 
the exploitation of confidential sources who have been recruited from among 
the military personnel. The PCO is also responsible for vetting, recruit- 
ment, targeting, training, and disposition of confidential sources. The 
objective of this phase will be the development of, timely reporting of 
credible information relating to the detection, neutralization, or exploit- 
ation of factors or individuals who pose a direct threat to the security of 
the Cables Branch, and thus the United States. 


s (uo COMMUNICATIONS: (SEE ANNEX B) 


a. Communications between the Project Officer and PCO/PLO will be 
conducted almost exclusively through personal meetings; telephone will 
serve as an alternate. 


b. Primary communications with confidential sources wili be through 


personal meetings at pre-selected safe sites in the Washington Metropolitan 
area, or the Pentagon. 


C. Alternate means of communications with confidential sources will 
be via US Mail, using Post Office boxes in the Arlington, Virginia area. 
À Post Office box may also be used by the confidential source, if circum- 
stances at his residence indicate a possibility of other persons gaining 
access to his personal maíl. 
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d. Emergency means of communications from confidential sources to PCO 
will be by telephone to an existing unlisted telephone number located 
in the office of the Special Operations Section, PCF/NCR. After duty hours, 
the confidential source will leave a message for the PCO at a telephone 
located in the PCF. This telephone is manned 24 hours a day, and night personne 
will be briefed concerning their actions should a source telephone and ask 
to speak to the PCO. The source will be asked to leave his name (cover name) 
and a telephone number where he may be reached. PCF night personnel wiil then 
immediately pass the information to the PCO, or if the PCO is unavailable the 
alternate PCO. From PCO to source, emergency communications will be by 
telephone call to sources home or office, as appropriate, 


e(UXe- TRAINING: 


Training of confidential sources will be continuing process and a 
portion of each meeting will be devoted to instruction. Emphasis will 
be placed on security of the operation and the source and reporting 
procedures. Observation and description, targeting, and related subjects 
LES based on source's role will also be included. Each indivudual and source 
Dio involved in the conduct of the operation will be briefed on current 
| 
| 


quas 


“ate 
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policies and constraints pertaining to counterintelligence operations 

and activities as they concern persons and organizations not affiliated 
with DOD, Reference h. The training administered to source(s) will be in 
P the quantíty necessary to develop the maximum information from the target 
comensurate with the previous intelligence and experience of source(s). 


7. FINANCE AND LOGISTICS: (SEE ANNEX C) š 


B.(LXe3 TERMINATION: (SEE ANNEX D) 


a. Confidential sources recruited under this plan will be terminated 
when their usefulness to the plan ceases, when they show indicators of 
insecure security practices which would jeopardize the operation, are no 
longer amenable to control, or when the operation is terminated by proper 
authority. Circumstances under which termination is effected will deter- 
mine whether termination is with or without prejudice. 


b. The only commitments made to confidential sources employed in 
this operation will be assurance of personnel and job safety through 
anonymity, and of reimbursement of any legitimate expenses incurred during 


CONFIDENTIAL 42 


- 
—7 


5 


i 


ge 1932 of 3957 


c. Knowledgeability of confidential sources will be limited to the 
following: 


(1) Name and physical description of the PCO and Alternate PCO. 
(2) Location of meeting sites as well as that of PCF. 


(3) Means of alternate and emergency contact with PCO: Namely the 
Post Office Box number(s) and the telephone number(s) where PCO may be 
contacted in the event of an emergency. 


(4) The approach method used by the PCO in his initial contact with 
confidential sources. 


m 


d. As a control factor, confidential sources will be required to 
sign a statement evidencing their willingness to cooperate and attesting 
to the fact that all facets of security will be strictly adhered to. 
This will not be construed to be a contractual agreement, but will be 
used as a physhological instrument to enhance the security of the operation. 


OUTRE 


EA U^ 


e. Security considerations are contained in ANNEX E. 


9. (Ler COORDINATION AND LIAISON: 


Liaison with designated OACSI officials and other appropriate Pentagon 
Agencies will routinely be effected the PLO. - S 


10. (U) REPORTING: 


a. Formats for operational reports are contained in Chapter 5, Section 
III, USAINTC Regulation 381-100 (reference a.) 


b. Production reports will be in Agent Report Format. 
ANNEX A-Cover and Documentation (p 
ANNEX B-Communications (9) 
ANNEX C-Finance and Logistics (£j 
ANNEX D-Termination ue) 
ANNEX E-Security Considerations I2] 


ANNEX F-Knowledgeability List (U) 
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ANNEX B - Communication 


l. A Communication: 


a. Primary: The primary means of communication between the PCO and 
the source(s) will be personal meetings at selected safe sites in the Pentagon 
building or in the surrounding area of Northern Virginia or the District of 
Columbia. Personal meetings will be held to the absolute minimum consistent 
with operational requirements. Details of future meetings will be established 
at each meeting or through telephonic communication initiated by either the 
PCO or source(s) to previously exchanged telephone numbers. 


b. Emergency: To establish an unscheduled meeting on a priority basis, 
Source will call the PCO through an unlisted commercial number on the 
fs; PCF/NCR FO call director. Source(s) will identify himself through a pre- 
E arranged code name (cover name) and ask to speak to the PCO. If the PCO is 
d not in available at the time of the call, the message will be transmitted to the 
E^ 0 PCO by PCF personnel as soon as possible. The PCO, to establish an unscheduled 
S meeting with source(s), will contact source(s) by a pre-established telephone 

number in conformance with source(s) work schedule or off duty habits. 
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Freedom of Information Act/Privacy Act 
Deleted Page(s) Information Sheet 


Indicated below are one or more statements which provide a brief 
rationale for the deletion of this page. 


Z Information has been withheld in its entirety in 
accordance with the following exemption (s)}): 


5 USC 552 (b)(1) 


It is not reasonable to segregate meaningful portions of the 
record for release. 


Information pertains solely to another individual with no 
[| reference to you and/or the subject of your request. 


Information originated with another government agency. It has 
been referred to them for review and direct response to you. 


[| 


Information originated with one or more government agencies. 
We are coordinating to determine the releasability of the 
information under their purview. Upon completion of our 
coordination, we will advise you of their decision. 


[ 


DELETED PAGE(S) 
NO DUPLICATION FEE 
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ANNEX D - Termínation 


1. Termination of the operation: Termination will be accomplished l 
based/upon an objective evaluation of the effectiveness of continued 

utilization of source towards the accomplishment of the goals of this 

| . operation, with the final decision to terminate resting with OACSI, 

| Department of the Army. 

| 


2. Termination of source(s) with prejudice: In the event source(s) 
violáte basic security practices and are terminated for that reason, they 
will be prosecuted for violation of the appropriate statute or directive, 
should such an action be deemed feasible and advisable in connection with 
the nature of the violation and their activities in support of the oper- 
ation. Should prosecution be inadvisable, source(s) will be required to 

E. execute a debriefing statement, and detailed instructions will be given 

E regarding the possible consequences should they reveal their MI affiliations 
[ 


J^ 


E 


and activities. 


if (t Termination of source(s) without prejudice: Upon termination of 
| & this/operation or at such time as source(s) are considered to be of no 

; further value within the scope of this plan, and provided source(s) have 

: committed no flagrant violations of security, they will be paid all out- 
standing reimbursable expenses incurred. A detailed security briefing con- 
cerning disclosure of information concerning their MI affiliations and 
activities will also be administered. If deemed advisable at the time 


t of termination, source(s) may be presented a properly sanitized letter of 
: commendation/appreciation or other appropriate recognítion for their co- 
operation. 
4. Commitments: No commitments other than those relating to reim- 


bursement of legitimate operation expenses incurred during the course of 
the operation will be made. Source(s) will be given assurance of personal 


safety gnd protection of careers and reputations. 


Knowledgeability: Source(s), during the course of the operation 
will be knowledgeable of the following: 


a. PCO: by name and status as Specíal Agent, US Army Intelligence. 


b. Facilities: Source(s) will not be routinely exposed to facilities 
housing PCF during the course of their covert activities.  Hovever, the 
existence of PCF is common knowledge throughout the Pentagon, and the 
likelihood that source(s) will, at a minimum, know the location of PCF is 
unavoidable. l 


c. Modus Operandi: Source(s) will be exposed to modus operandi only 
in direct relation to the requirement levied by the PCO. 


d. Location of meeting sites. 
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Box numbers and locations and telephone numbers where PCO can be reached 
in an emergency. 


N 
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ANNEX E - Security Considerations 


Ls The activities engaged in by individuals assigned to OACSI which 
may-fe considered to be disruptive of military operations, contrary to 
good order and discipline, and posing a threat to military security are 
unknown at this time. The number of military personnel engaged in activities 
relative to active and/or passive resistance to the military is also unknown. 


a. The inter-relationship of military and civilian community in 
the National Capital area is such that it can be expected to present a 
degree of security risk in that confidential source(s) covert activities 
could be revealed through indiscretions on the part of source(s) in devia- 
ting from normal routine of activities normally associated with the work 
environment. This risk will be substantially limited by extensive training 
of source(s) in the areas of personal security and operational security. 
Further, close monitoring of all activities of source(s) for the purpose of 
determining the presence of or lack of derogatory security indicators will 
preclude unexpected security developments and will provide a means by which 
source(s) may be further trained, guided, and controlled in their activities. 


aR Coe t c 


b. Project Control Officer/Confidential Source relationship could be 
revealed inadvertently by the passive element of the military establishment, 
thus posing a threat to the security of the operation. This possibility 
will be reduced by close adherence to fundamentals of security in the . 
conduct of personal meetings, telephone calls, and all other contacts between 
PCO and source(s). 


à ;f In the event that either source(s) or this operation are compro- 
mise, USAINTA will not confirm the existence of such an operation, the 
employment of source(s), or interest in organizations/personalities in- 
volved in alleged subversive activities. Should source(s) be compromised 
PCO will immediately instruct source(s) to cease all operations; activity, 
and will debrief in detail concerning all aspects of the possible compro- 

n mise. Based upon an evaluation of the situation, source(s) may be termi- 
nated and the operation may be suspended pending an analysis of the com- 
promise and its ramifications. Ail sources so terminated will be adminis- 
tered the appropriate security debriefing. 


3 ¢ Security measures must assure: 
a. Strict need-to-know restructions concerning the existence of this 


operation and the methods by which it is implemented will be applied. A 
PCF Knowledgeability list will be maintained. (See ANNEX F) 


b. Briefings on the existence of this operation will be given only 
to the ACSI or his designated representative. 
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ANNEX F - Knowledgeability List (U) 


1. LTC Byron W. Hunt Commander, PCF 
2. MAJ Kenneth G. Hetzel . Operations Officer, PCF 
- 3. MSG Daniel W. Leber Jr Operations NCOIC, PCF 

4. CPT Kenneth R. Schlag PCF | 
| 

5. CW2 Shawn M. Sandlin PCF | 

6. CW2 Leonard NMN Gross PCF | 

7. SFC George E. Perry PCF ' 
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| Retention of Internal Counterintelligence Program p TNR 


oATE 


3 July 1975 


(ICIP) (uU) 


| cro" micumeo 
To respond to 8 request from the Commander, APG for continuation of ICIP. 


MEMORANDUN POR RECORD. (Describe briefly the requirement, background end action taken or recommended. Bust be sufficiently dataied to identify 


the recourse te ether sources. ) 
1. BACKGROUND: During the last quarter, calendar year 1974, the ACSI conducted 
i a review of the ICIP, and based on the results of this review, he directed the termi- 


nation of 12 of the 19 onegoing operations, The operations terminated were those which 
; were less productive or conducted at installations of lesser sensitivity. Among the 
x i operations terminated was GONDOLA STAR which had been conducted in the Aberdeen Proving 
| Ground (APG)/Edgewood Arsenal (EA) area. At RED TAB B is a recommendation from the 
Commander, APG indorsed by the Commander, Test and Evaluation Command (TECOM) and the 
Commander, Army Materiel Command, that the iCIP be continued at APG/EA. 


irn 


yo 


3 2 DISCUSSION: 
E k a. The APG request advises that they recognize information developed in GONDOLA 


cy 


STAR has been of limited CI value in the past, however, they consider even negative 
reporting to be significant. The TECOM indorsement emphasizes the probable significant 
increase in travel during the Bicentennial period and the proximity of APG/EA to New 
York and Washington would make those facilities more wilnerable to hostile intelligence 
agencies, 


b. The ACSI reexamined the operation and advised that he would consider continuing | 
the operation for a sixemonth trial period to determine if any more significant infore 


mation can be developed to indicate a hostile threat to APG/EA. On 2 July 197 


Deputy Under S roposal. 


c. Letter at RED TAB A advise the Commander, APG of the ACSIfs decision to 
continue the operation for another six months and then reassess íts progress. 


3. (U) RECOMMENDATION: That letter at RED TAB A be approved and signed. 
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11 JUL 1975 


Retention of Internal Counterintelligence Program (ICIP) (U) 


Commander 

US Army Materiel] Command 
5001 Eisenhower Avenue 
Alexandria, Virginia 22333 


Commander 
UB Army Test and Evaluation Command 
Aberdeen Proving Ground, Maryland 21005 


Commander 
Aberdeen Proving Ground 
Maryland 21005 


l. (U) Reference letter, STEAP-IN, sutject as above, 17 April 1975, 
"à indorsements, 


During the past several years, the ICIP effort has grown rapidly. 
Unfortunately, sufficient resources to conduct these operations have not 
always been available. In order to make optimum use of these scarce, 
highly trained resources, it became necessary to conduct a total review 
of the progran and make adjustments. This review revealed that GONDOLA 
STAR was a marginal operation end I directed its termination. 
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AMI -DON 11 JUL 1975 
SUBJECT: Retention of Internal Counterintelligence Program (ICIP) (J) 


3. (U) 1n light of your request that tbis eperation be continued, and 
considering the fact that the Commander, USAINTA bas advised me that 
sew sources with Ímpreved access bave been recruited, I will revalidare 
GONDOLA STAR fer a six-menth period. In January 1976, I will assess the 
pregress of this operatien and wil] then determine if we will be able to 
continue tbis effert. 


(sed) Harold R. Aaron 


HAROLD R. AARON 
Major General, GS 
ACots for Intelligence 
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AMCSS (17 Apr 75) 2d Ind (U) 
SUBJECT: Retention of Internal Counterintelligence Program (ICIP) (U) 


29 April 1975 


HQ, US Army Materiel Command, 5001 Eisenhower Avenue, Alexandria, VA 22333 
29 April 1975 


TO: HQDA (DAML) WASH IC 20310 


Forwarded for your consideration. This headquarters supports the requests 
and recommends favorable consideration be given to the continuation of the 


program. 


* 


FOR THE COMMANDER: 


ROBERT L. KIRWAN 


Brigadier General, USA 
Chief of Staff 
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(i) 
AMSTE-SE (17 Apr 75) 1st Ind $$ 
SUBJECT: Retention of Internal Counterintelligence Program (ICIP)(U) 


Headquarters, U, S. Army Test and Evaluation Command, Aberdeen 
Proving Ground, Maryland 21005 8 & APR w75 


TO: Commander, U, $. Army Materiel Command, ATTN: AMCSS, 
9001 Eisenhower Avenue, Alexandria, Virginia 22333 


1. (U) I recommend that GONDOLA STAR be continued as an active 
oa CR operation in the Aberdeen Proving Ground area. 


, The conditions set forth by the Commander of Aberdeen Proving 
E I feel support this continued operation. The recently revised 
ACSI EEI reveals that the weapons, tanks, and chemical defense 
RDT&E conducted in the Aberdeen Proving Ground area, to include 
Edgewood Arsenal, are of interest to Communist Bloc intelligence 
agents. With the advent of the Bicentennial year, Aberdeen Proving 
Ground will be open to significantly more tourists visits commencing 
on 14 June and extending throughout the Bicentennial period, During 
that year, the closeness of Aberdeen Proving Ground and Edgewood 
Arsenal to the New York City and Washington, DC areas make it vul- 
nerable to hostile intelligence gathering agencies and their desire to 
exploit the situation to secure EEI, I conclude that security of USAAPG 
will be vulnerable and that ICIP will be of greater importance than 
ever during this coming period. I intend to maintain all normal in- 
ternal security measures and ICIP support on a continuing basis would 
be a valuable supplement to these measures. 
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DEPARTMENT OF THE ARMY 
US ARMY ABERDEEN PROVING GROUND 
ABERDEEN PROVING GROUND, MARYLAND 21005 


APR C gor, 


SUBJECT: Retention of Internal Counterintelligence Program (ICIP) (U) 


‘Commander 
US Aray Test and Evaluation Command 


M 1. This headquarters has been advised by your Security Officer at a 

k - meeting held on 9 April 1975 that the Internal Counterintelligence Program 

i — for Aberdeen Proving Ground, Operation GONDOLA STAR (U), is scheduled for — 
termination. It is understood that the AMC Security Officer desires a 


review of the impact of such an action upon this installation. 


ELT 


2. It is recognized that specific information of counterintelligence 
value developed by Operation GONDOLA STAR nas been somewhat limited in 
the past; however, it must be acknowledged that even negative reports are 
Significant provided that effective coverage of critical target areas has 
been maintainecé. In some cases, reports received from ICIP sources have 
served as useful early warnings of developing situations on which cor- 
rective action could be promptly initiated. If this operation is termi- 
nated, the sensitivity and espionage potential of this installation would 
remain whereas one tool for building a strong security posture would be 
removed. 


3. The importance of Aberdeen Proving Ground as an espionage target 

is obvious, Research and testing programs generate information of world- 
wide intelligence interest, and scientific personnel have frequent contacts 
with foreign nationals. The diversified missions of several tenant activi- 
ties include projects which have been reported to have high priority among 
Soviet intelligence collectors. Therefore, ICIP support would be a useful 
du. to our normal internal security me&sures. 


H, It is recommended that GONDOLA STAR be continued as an active | 
counterintelligence operation and strengthened with such resources as may | 
be feasible. 


TUUM 
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-ONTROL NUMBER 


2 ACTION SHEET * 
TCI : OFFICE SYMBOL 
DANI =DOH 
Internal Counterintelligence Program (ICIP) (U) - DATE 
14 May 1975 i 
ACTION RECURSO ! 
To obtain approval of the quarterly ICIP report. 


- POEM . (Describe briefly the requirement, bochground and action taken or recommended. Must be sufficiently detailed to identify 
the action without reveurse to other seurces. ) 


1 (es BACKGROUND: 


a. By memorandum dated 8 February 1972: (BLUE TAB B), the Under Secretary of the 
Army requested that the VCSA, US Army, provide a quarterly report on all ICIP 
operations. 


b. A report covering the fourth quarter, calendar year 1974 submitted in February 
1975 reflected the results of a review conducted by the ACSI. 6€ the 19 ongoing 
operations, 12 were identified for termination. 


2(0)es DISCUSSION: 


mnm np 


- 


&. During the past quarter, 1l operations were terminated. This leaves one 
operation pending termination. One new operation was approved by the ACSI on 4 March 
1975. This operation, CANTER RIDE (U) at the US Army Missile Command, Redstone 
Arsenal, AL, raises the number of active ICIPs to eight at the close of the quarter. 


wp en tesi z 
», 


cod 


b. Memorandum at BLUE TAB A provides information required by the USofA. 


3. (U) RECOMMENDATION: That memorandum at BLUE TAB A be approved and signed. 
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DEPARTMENT OF THE ARMY 
OFFICE OF THE ASSISTANT CHIEF OF STAFF FOR INTELLIGENCE 
: WASHINGTON, D.C. 20310 


DAMI -DOH l i 27 MAY 675 


MEMORANDUM THRU: VICE CHIEF OF STAFF, UNITED stares-amer—W7AG , yay 1975 
FOR: -UNDER SECRETARY-OP-THE-ARMY- NOTED. usa 


SUBJECT: Internal Counterintelligence Program (ICIP) (U)--INFORMATION 
MEMORANDUM . 


l. 2 During the past quarter, action was initiated to terminate 
12 ICIP operations that were considered to be relatively unproductive 
or located at less sensitive installations. Eleven operations have 
been terminated and the twelfth will be terminated in the near future. 
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2. A new operation, CANTER RIDE, was initiated at the US Army 
Missile Command, Redstone Arsenal, AL, raising the total number of 
active,operations to eight. 

3. Three of the ongoing operations continue to provide infor- 
mation which serves to enhance security at the facilities concerned. 
LENTIL MONKEY, at the Defense Language Institute, continues to be 


the most active operation, surfacing security weaknesses involving 
both instructor and student personnel at that facilíty. 


4. (U) Status reports for each operation are inclosed. 


8 Incl HAROLD R. AARON 


as - (COgapmerrtT) Major General, CS 
. ACofS for Intelligence 


DAMI-ZA 


U 
aEGRAPER -5 1997 coro Classified by. 
N scOM 4 EXEMPT FROM GENERAL DECLASSIFICATION 
oO SAIN £200. 
pr v 603 DoD SCHEDULE OF EXECUTIVE ORDER 11652 
zu PARA EXEMPTION CATEGORY — 2 0. 
DECLASSIFY ON. 2l December 2005. 


7 4 MAJ Ebersole/74087/19 May 75 
Typed by J. Lukasik 
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MG Harold R. Aaron 
ACofS for Intelligence 
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Pentagon 


Noted and returned. 
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DEPARTMENT OF THE ARMY 
HEADQUARTERS 
U. S. ARMY INTELLIGENCE AGENCY 


FORT MEADE, MARYLAND 20755 
"n — 
i 


A? SPR 975 


SUBJECT: Quarterly Reporting of Internal Counterintelligence Program 
(ICIP) Operations (U) 


HQDA (DAMI-DOI-C) 
WASH DC 20310 


" W Internal Counterintelligence Program (ICIP) operations during 
the third quarter of FY 1975 were characterized by & large scale slow- 
down of activity in all operations as those operations selected for 
termination early in the quarter were phased out. By 31 March 1975, 

li ICIPS, with supporting confidential sources, were terminated and one 
additional ICIP is scheduled for termination, 


e. Upon completion of the termination actions described above, 
seven ICIPS remained active. One new ICIP operation providing for insert 
of an agent in a covert status in the US Army Missile Command (USAMICOM), 
Redstone Arsenal, AL, was approved on 4 March 1975. The USAMICOM opera- 
tion, which has the nickname CANTER RIDE (U) raises the total of REEEVE 
ICIPS to eight at the close of the quarter. 


3. (U) Brief status reports for each ICIP operation reported upon, 
including both those terminated and those continued, are attached as 
inclosures. 


FOR THE COMMANDER: 
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OY CANARY EFFORT: (OACSI Approval - 16 Feb 72) 
a, Location: Fort Ritchie, MD 


b. Confidential Source Utilization: Three sources were used during 
the reporting period. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None, 


d. Useful Information Obtained: Information surfaced pertaining 
to the use of drugs and moral improprieties on the part of a civilian 
employee assigned to the Office of the Comptroller prompted à suitability 
investigation of the employee, The employee's access to classified in- 
formation has been suspended. Adverse suitability information consist- 
ing of drug abuse, indebtedness, moral misconduct and mental instability 
on the part of six military policemen assigned at the Alternate Joint 
Command Center and Fort Ritchie was provided the Provost Marshal and the 
Director of Security, US Army Communications Command (USACC). Investi- 
gations of the allegations are being made. Information reported on an 
Army NCO assigned to the Engineering & Installation Office, USACC, 
alleging excessive gambling and unexplained affluence is being checked 
prior to requesting that a limited investigation be conducted. 


e. Operational Status: On 18 Mar 75, the PLO briefed COL Donald =. 
Clark, interim Director, Telecommunications, on the ICIP. COL Clark is 
scheduled to become Commander, USACC Operations Command, after the re- 
organization of USACC on 1 Jul 75. On 20 March 1975, the PIO presented 
the Quarterly Briefing to COL Harold G, deMoya, Commander, Fort Ritchie, 
and COL John J, Plosay, Jr., Deputy Commander, Fort Ritchie. COL deMoya 
expressed his appreciation for the support provided by the ICIP at Fort 
Ritchie. 
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U 
it CANINE PLATE: (OACSI Approval - 18 Sep 73) 
4. location: Senece Army Depot (SAD), Ramulus, NY. 


b. Confidential Source Utilization: None. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d. Useful Information Obtained: None. 


e. Operational Status: On 13 Jan 75, COL Alan A. Nord assumed 
command of Seneca Army Depot. The Commander, 902d MI Group, had 
scheduled a briefing on the ICIP CANINE PLATE for COL Nord in mid-March 
1975. That briefing was cancelled and is now scheduled for the follow- 
ing quarter. Operational progress has been stalemated during this re- 
‘porting period pending the briefing of the new Depot Commander. Subse- 
quent to that briefing, it is anticipated that development of the opera- 
tion can be accelerated. i 
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Uu CANTER RIDE: (QACSI Approval - 4 Mar 75) 


Location: US Army Missile Command (USAMICOM), Redstone Arsenal 
(RSA), AL. 


b. Confidential Source Utilization: None. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d. Useful Information Obtained: None. 


e. Operational Status: During the past year several significant 
Security weaknesses surfaced at USAMICOM, prompting the USAMICOM Chief 
of Staff to request an ICIP operation at that facility. These weak- 
nesses included mishandling and loss of classified documents and alle- 
gations concerning suitability of some employees. Considering the 
sensitivity of the facility and the evident security weaknesses, a 
degree of urgency in initiating this operation was apparent. Unlike 
previous ICIP operations, the planning for this operation envísioned 
the use of a trained military intelligence warrant officer, a "Great 
Skill" officer, as the principal confidential source in order to ex- 
pedite the initiation of this operation. The source has been selected 
for insertion in the target area (the US Army Missile Research, Develop- 
ment ànd Engineering Laboratory (USAMRDEL)), and has been províded 
&dministrative and operational training to enable him to function in his 
cover capacity as an administrative officer. The source will be assigned 
in the target area in April 1975, On 14 March 1975, the Commander, Red- 
stone Resident Office, 902d MI Group, briefed COL R, A. Axelson, Director, 
USAMRDEL, informing him that the requested counterintelligence special 
support had been approved on 4 Mar 75 and it was proposed to insert an 
agent by mid-April 1975. . 
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a, Location: Sierra Army Depot (SIAD), Herlong, CA. 
b. Confidential Source Utilization: None. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d. Useful Information Obtained: None. 


e. Operational Status: A new Project Liaison Officer (PIO) was 
assigned to this operation and arrived on station in January 1975. The 
PLO will perform the functions of both the PLO end the Project Case 
Officer (PCO). The PIO has been engaged in familiarization and orienta- 
tion with SIAD and will perform spotting and assessment of potential 
sources in the coming weeks. On 20 March 1975, the Quarterly Briefing 
was presented by the PLO to the supported command. Those in attendance 
at the briefing were COL Robert Hawlk, CDR, SIAD; LIC Bernard Render, 
Dep CDR, SIAD; and MAJ John Jolley, Security Officer, SIAD. 
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004. E TAX: (OACSI Approval - 8 Mar 74) 
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-CONFAIBENTIA . 


5. k | CENSUS TIME: (OACSI Approval - 5 Feb 74) 


8. Location: Pentagon Telecommunications Center (PTC), US Army 
Communications Command (USACC), The Pentagon, Washington, DC. 


b. Confidential Source Utilization: One source was used during 
the reporting period. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d. Useful Information Obtained: None, 


e. Operational Status: This operation is conducted by representa- 
tives of the Pentagon Counterintelligence Force (PCF). Early in the 
quarter, it was necessary to divert virtually the entire strength of 
PCF from their normal functions to a files screening project at the 
Counterintelligence Analysis Detachment and the Special Security Group. 
Both the PLO and PCO were assigned to the files screening project and 
were able to devote only a limited amount of time to this ICIP operation. 
This precluded any significant expansion or development of the ICIP. The 
supported command requested that an attempt be made to obtain information i 
on several persons assigned to PTC suspected of drug abuse. Sources have 
failed to surface any concrete information to date ín this connection. 


On 1 April 1975, the PLO presented the Quarterly Briefing to COL Joseph 
T. Adinaro, Commander, PTC. 
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WM CENTAVO KID: (OACSI Approval - 18 Oct 73) 


a. Location: Harry Diamond Laboratories (HDL), Washington, DC. 
b, Confidential Source Utilization: None. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None, 


d. Useful Information Obtained: Investigation of allegations of 
misconduct on the part of a DAC employee of HDL while the employee was 
on TDY were inconclusive, but the HDL Security Officer and the employee's 
supervisor are continuing to monitor the employee's activities. The PLO 
called the attention of the HDL Security Officer to several minor se- 
curity problems during the period which were corrected on the spot. 


e. Operational Status: During the period approximately 400 HDL 
personnel were moved from the HDL offices at Connecticut and Van Ness 
Avenues, NW, Wash, DC, to HDL facilities in White Oak, MD, The move 
is part of a reorganization and centralization of US Army electronics 
research facilities into one organization which will be named the 
Harry Diamond Developmental Center, On 5 March 1975, the PLO presented 
the Quarterly Briefing to COL D. W, Einsel, Jr., Commander, HDL, and 
Mr, James F. Yeick, Security Officer, HDL. 
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: ja vm HOLDER: (OACSI Approval - 7 Aug Ti) 
&. Location: White Sands Missile Range (WSMR), NM 
b. Confidential Source Utilization: None. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


g d. Useful Information Obtained: None 


e, Operational Status: The Project Liaison Officer (PLO) for this 
operation will also perform the Project Case Officer (FCO) function 
when Source assets are obtained. One prospective source has been identi- — 
fied in the Missile Electronic Warfare Technical Area (MEWTA), and re- 
cruitment is planned for the next quarter. On 18 March 1975, the PLO 
j presented the Quarterly Briefing to Mr. William F. Arquette, Chief, 
Intelligence Div, WSMR, Mr. Arquette, speaking for the Commander, WSMR, 
expressed satisfaction with the progress of the ICIP to date. 
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8. (2, LENTIL MONKEY: (OACSI Approval - 26 Oct 71) 


a. Location: Defense.Language Institute (DLI), Presidio of 
Monterey, CA. 


, b. Confidential Source Utilization: Five confidential sources 
were utilized during the quarter. 


c. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None. 


d. Useful Information Obtained: 


(1) An instructor in the Chinese-Mandarin Language Dept may have 
had contact with personnel of the Peoples Republic of China during a 
business conference in Jan 75. The instructor, who has several commercial 
enterprises, allegedly attended a conference in Dallas, Texas, where the 
Chinese were present. An effort is being made to obtain further details. 


Ram 


M 


(2) Sources of the operation provided information which established 
the existence of contacts between an instructor of the Arabic Language 
Dept and officials of the Palestinian Liberation Organization, The in- 
structor, who is & US citizen, allegedly utilizes a Lebanese passport 
when he travels in the Middle East. Summaries of Information containing 
details have been passed to the FBI and the Immigration and Naturaliza- 
tion Service. 

pec 


(3) | ionis in the project surfaced a series of reports on a USAF 
student, who, through his Czech language instructor, has socialized 
with citizens of Czechoslovakia, By USAF regulations, the NCO was to 
have reported promptly any contact with citizens of a Communist Bloc 
country. The NCO failed to make the necessary report. The informetion 
was passed to the OSI by Summaries of Information and the OSI is now 
conducting an investigation of the USAF student. [UCM 


(4) Suitability information concerning DLI students was passed to 
the Security Officer, DLI. 


e. Operational Status: Of the five confidential sources used in the 
operation, two were terminated during the period due to their graduation. 
The remaining three provide coverage in the Russian, Czech, and Serbo- 
Croatian Language Department, Prospective confidential sources are being 
assessed in the Russian, Czech, Polish, and Chinese-Mandarin Departments. 
In addition to the confidential sources, 21 conventional sources Bre pro- 
viding coverage in ten language departments. All sources are concentra- 
ted in the Priority I language departments. The PLO provided the Quarterly 
Briefing on 21 March 1975 in the Office of the Director, DLI. Those 
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attending the briefing were COL James R, Koenig, Director, Dii; 
COL Avery Kay, Deputy Director, DLI; and MAJ Richard Erickson, 
Security Officer, DLI, COL Koenig stated that he believed the infor- 
mation gained from the ICIP had been particularly helpful and had been 
largely responsible for several command letters published by DLI in an 
effort to improve internal security at DLI. The Director also stated 
that as a result of infbrmation provided by the ICIP, the teaching 
texts and materials of all DLI courses are being reviewed to eliminate 
politically contentious materials from the language courses. 
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The attached is forwarded for your information. This 
is the result of a 902nd MI Group review of five key 
facilities in the Canal Zone to determine if the 
security posture at any of the facilities warranted 
initiation of ICIP operations. After reviewing the 
package, I concur with the USAINTA recommendation that 


ICIP operations are not appropriate. 


ce 


Do NOT use this form as a RECORD of approvals. concurrences, 
dsepprovals, dearances. 


and similar actions 


7 
iC. GRITO, COL, GS 


Chief, HUMINT Division 
8041-101 
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DEPARTMENT OF THE ARMY 
HEADQUARTERS 
U. 5. ARMY INTELLIGENCE AGENCY 
FORT MEADE, MARYLAND 20755 


28 APR i975 
MITA-SO 


SUBJECT: Evaluation of Selected Installations in Panama Canal Zone (U) 


BQDA (DAMI-DOI-C) i 
WASH DC 20310 


1, During a 19 Feb 75 visit by the ACSI to the 902d MI Group, the 
902d was tasked to explore the possibility of the need for an ICIP 
operation in the Panama Canal Zone. The 902d MI Group has sonducted a 
review of five key installetions/units for evidence of past and present 
HoIS threat indicators. 


2.5 The five installations/units which were assessed are }70th MI 
(TAB A); 193d Infantry Brigade (TAB B); USASA Det, SOUTHCOM, and 
loBth ASA Det (TAB C); Armed Forces Courier Station - Panama (TAB D); 
J-2/3 Directorates’ Warning and Operations Centers - SOUTHCOM (TAB E). 
A threat assessment common to all activities, units, or installations - 
in the Canal Zone is attached as TAB F. 


3. X Commanders of the installations concerned in each instance have 
stated that current counterintelligence support is adequate to maintain 

& proper security posture and an ICIP operation is not warranted at this 
time, The Commander, 902d MI Group concurs in this position and recommends 
that an ICIP operation not be initiated at any of the five units assessed, 
USAINTA also concurs in this recommendation, 
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470th MILITARY INTELLIGENCE GROUP 


1. ( - GENERAL: The 470th Military intelligence Group (MIGP) is a sub- 
ordinate unit of the 193d Infantry Brigade (Canal Zone). This unit con- 
sists of 67 military and 18 civilian personnel. There are 80 personnel 
assigned to the Group Headquarters, Fort Amador (FA), Canal Zone (CZ), 
on the Pacific side of the isthmus, and 5 stationed at the Atlantic Field 
TOM ode Office, Building 214, Fort Gulick (FG), C2, on the Atlantic side. Due to 
the importance and sensitivity of its mission, the 470th MIGP is considered 
a CRITICAL SENSITIYE activity. 


2. (U) HISTORY: The 470th MIGP was born on 12 July 1944, as a Counter- 
intelligence Corps Detachment. It was first picked up on the Army's active 
duty roles on 31 July 1944, at the post of Quarry Heights, CZ. The 470th 
Intel Corps Detachment was redesignated and reorganized into an Intel Corps 
Group in September 1964, with a Security Service Detachment, the 508th MID 
in support of the 193d Infantry Brigade, the 610th MID, and the 471st MID 
in Puerto Rico. Two years iater, in 1966, the unit was renamed the 470th 
MIGP, its present designation. . 


sf MISSION: The mission of the 470th MIGP is to detect treason, sedi- 
tión, and disaffection; to detect, prevent, and neutralize espionage, sub- 
version, and sabotage directed against the United States Army, its personnel 
and installations; to conduct counterintelligence (C1) operations; and to 
collect intelligence through conduct of HUMINT operations. 


& 
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4. (FOUO) SECURITY HISTORY/PRESENT SECURITY POSTURE: Building 47, FA, 
where the headquarters, 470th MIGP is located, is a two-story masonry 
structure used for administrative office space. The 470th MIGP has a 
photographic laboratory located on the first floor of Building 46, a motor 
pool located in Buildings 96 and T95, a Liaison Office located at Build- 
ing 49, all at FÀ, and an Atlantic Field Office located at Building 214, 
Ft Gulick, CZ. A Counterintelligence Survey was conducted on the 470th 
MIGP on 12 December 1966, to establish basic security requirements.  Sub- 
sequent CI inspections disclosed no major deviations from requirements 
established ín the 8urvey. Security Assistance Visits are utilized by 
the 470th MIGP in maintaining a good security posture. There have been 
no acts of espionage, sabotage or subversion detected in the unit. 


5. SECURITY SUPPORT ACTIVITIES: There are several US military and 
civilian activities in the CZ that render direct or indirect intelligence 
and CI support, external physical security support, security assistance, 
and police services to the 470th MIGP. These support activities augment 
the internal security procedures of the 470th MIGP and assist it in accom- 
plishing its mission. The units or activities which provide direct or 
indirect support to the 470th MIGP are as follows: 
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a. Canal Zone Field Office (CZFO), 902d MIGP, Fort Amador, C2: 
Conducts Personnel Security Investigations (PSI) in the CZ. Provides CZ 


based surveillance and counter-surveillance support operations. Provides 
Security Assistance services in support of the 470th MIGP's mission. Con- 
ducts CI surveys, inspections, technical surveys and inspections, SAEDA 
lectures, penetration inspections, and CI related advice and assistance 
in support of the Group's security objectives. 


- b. United States Army Security Agency (USASA) Detachment -USSOUTHCOM, 
Fort Clayton (FC), : Provides advice and assistance on capabilities 
and limitations of EW and SIGINT. Evaluates intelligence requirements ín 
terms of USASA mission capabilities and maintains a continuous estimate 
of the local CRYPTOLOGICAL situation. Provides COMINT during contingency 
a£fuations. 


c] Naval Intelligence Service, FA, CZ: Provides information of intel- 
ligence and CI interest on local hostile activities and potential threats 
in functioning as a member of the Delimitation Committee. 


1 ^tm 


à orici of Special Investigations, US Air Force, Howard Air Force 
5 Base, CZ: Provides intelligence and CI information regarding hostile 
B organizations and their activities as well as threat information of in- 
terest. Functions as a local member of the Delimitation Committee. 


e. Provost Marshal Office, 193d Infantry Brigade, FC, CZ: Assists 
in preventing unauthorized vehicle and personnel entry in and adjacent 
to US Army installations and structures in the CZ. Provides additiona! 
security guard and personnel restrainment force when required. Conducts ` 
Physical Security Surveys and Inspections. Maintains criminal investi- 
gatíon files for reviev and use during the conduct of PSIs. Assists in 
preventing overt acts of sabotage by having mobile and foot Military 


Police un . 

f. ¥ Criminal Investigations Detachment, Corozal, CZ: Provides infor- 
mation of intelligence interest uncovered during criminal investigations. 
Maintains files of all investigations conducted which are available for 
use during the conduct of PSIs or for intelligence purposes. 


g. Internal Security Office, Canal Zone Government, Balboa Heights, CZ: 
Maintains files which are available for review during the conduct of PSIs 
or for intelligence purposes. Within the constrainte of DA policies, pro- 
vides information regarding intelligence matters of mutual benefit on US, 
Panamanian, Central and South Americans, a8 a local security agency. 


h. \ Temi gration and Naturalization Service (IN), District Court House, 
Ancon, CZ: Provides information regarding citizenship status on US natu- 
ralized citizens who are DOD-affiliated and of intelligence interest or the 
subjects of PSIs. Provides possible threat information of interest uncov- 
ered during normal IN functions. 


6. (U) THREAT: See Tab F which is classified SECRET-NO FOREIGN DISSEMI- 


NATION. "n 3, 
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7. (U) COMMANDER'S EVALUATION: The 470th MI GP advised that current 
CI support rendered by the CZFO, 902d MI GP is considered adequate in 
maintaining a good security posture. In the event a problem develops 
which falls within the purview of the Internal Counterintelligence Pro- 
gram or any other security support operation, a request for that service 
will be submitted. 


s (Wey CONCLUSIONS AND RECOMMENDATION: A detailed and minute search 
of the files of the Security Manager, 470th MI GP, as well as our own 
files, failed to disclose any history or current trend of bad security 
practices, disaffection, espionage, sabotage or subversion within the 
unit. Administrative security deficiencíes found during the course of 
routine CI inspections had been corrected. The main threats, as pointed 
out in paragraph 6 above, are external rather than internal in nature 
and are targeted against by the entire intelligence community in the CZ. 
The commander clearly feels that current CI support rendered is adequate 
and has no desire for an ICIP operation at the present time. Based on 
the facts presented above, it is believed that an ICIP operation ís pre- 
sently neither warranted nor justified in the 470th MI GP. Recommend 
that an ICIP operation not be instituted in the 470th MI GP at this time. 


a 


a 


ogai 


Page 1964 of 3957 


im — —— 


i 


193D INFANTRY BRIGADE (CANAL ZONE) 


D 


1. GENERAL: Within the Headquarters, 193d Infantry Brigade (Canal 
Zone), Fort Amador (FA), Canal Zone (CZ), and its subordinate units or 
elements, only the Brígade Command Group (BCG), the Directorate of Intel- 
ligence (DINTEL), the Directorate of Operations, Plan and Training (DOPT), 
and the 470th Military Intelligence Group (Mi GP), were considered as 
falling in the category of CRITICAL SENSITIVE. BCG, DINTEL and DOPT are 
all located at Building 1, FA, and will be dealt with in this Tab. The 
470th MI GP is located at Building 47, FA, and is addressed separately 

in Tab A. 


2. (U) HISTORY: On 1 July 1917, US Army personnel in the CZ were formed 
into a separate command and designated as the "Panama Canal Department”. 
With the formation of a unified Caribbean Command in November 1947, the 
US Army element in the CZ was designated the US Army Caribbean Command 
with its Headquarters located at Quarry Heights (QH), CZ. In 1949, the 
Headquarters was moved to FA, its present location. On 6 June 1963, the 
US Army Caribbean Command was redesignated the US Army Forces Southern 
Command (USARSO), and remained so for ll years. With the disestablish- 
ment of USARSO on 31 October 1974, the 193d Inf Bde assumed all command 
functions and was redesignated Headquarters, 193d Inf Bde (CZ). 


3. (U) MISSIONS: 


a. BCG: The BCG, under the direction of the Commanding General, US 
Army Forces Command, (FORSCOM), Atlanta, Georgia, commands all subordinate 
US Army units and activities in the CZ; maintains a combat-ready operational 
posture; provides support to the unified command as directed by CINCSO; and 
exercises operational control over USACC Agency-Panama. 


b. DINTEL: The DINTEL, manages the collection, evaluation and proces- 
sing of information into intelligence and the establishment of required 
intelligence, counterintelligence (CI) and security programs in support 
of the installation command's mission. 


c. DOPT: The DOPT prepares, maintains and supervises the execution 
of policies and directives for the tactical security and defense of the 
Brigade's area. Plans, directs and coordinates for the Commander all CZ 
defense operations required of the Brigade including joint operations. 
Monitors and reports operational readiness.  Formulates and coordinates 
estimates, plans, policies and functions pertaining to force structure, 
organization, equipment, and training of subordinate units. Supervises 
and coordinates reserve component matters within the Brigade.  Advises 
on and supervises all Army Aviation matters. Supervises the activities 
of the Emergency Operations Center (EOC). 
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«(U3e- SECURITY HISTORY/PRESENT SECURITY POSTURE: Building 1, FA, 
where the BCG, DINTEL, and the DOPT are located, is a three-story i 
masonry structure used for administrative office space.  Counterintel- 
ligence (CI) surveys were conducted on Building 1 in July 1961, and 
during the months of August and September 1970. At that time, Building 
1 housed USARSO'S Command Group, G-2, and G-3 offices, now the BCG, 
DINTEL, and DOPT respectively. Subsequent CI inspections have dis- 
closed no major deviations from the security requirements established 

in the CI surveys. Additionally, Security Assistance Visíts are pre- 
sently being conducted on the activities as requested, with formal 
Becurity inspections for CI purposes scheduled locally for the remainder 
of Fiscal Year 75. There have been no acts of espionage, sabotage or 
subversion detected in the BCG, DINTEL, or DOPT. 


sU ; SECURITY SUPPORT ACTIVITIES: There are several US military and 

civilian activities in the CZ that render direct or indirect intelligence 
and CI support, external physical security support, security assistance, 

and police services to the 193d Infantry Brigade (Canal Zone). These 


` support activities aguent the internal security procedures of the Brigade 


and assist it in accomplishing its mission. The units or activities 
which provide direct or indirect support to the Brigade are as follows: 


a. Canal Zone Field Office (CZFO), 902d MI GP, FA, C2: Conducts 


Personnel Security Investigations (PSI) in the CZ. Provides CZ based 
surveillance and counter-surveillance support operations. Provides 

Security Assistance services in support of the Brigade's mission. Con- 

ducts CI surveys, inspections, technical surveys and inspections, SAEDA 7 
lectures, penetration inspections, and CI related advice and assistance 

in support of the Group's security objectives. 


b. 470th Military Intelligence Group, FA, CZ: Provides intelligence 


operations and services to detect treason, sedition and disaffection and 
to detect, prevent and neutralize espionage, subversion and sabotage 
directed against the US Army, its personnel and installations in the CZ. 
Conducts CI operations and collects intelligence through conduct of 
HUMINT operations. 

c. United States Security Agency (USASA) Detachment-USSOUTHCOM 
Fort Clayton (FC), CZ: Provides advice and assistance on capabilities 
and limitations of EW and SIGINT. Evaluates intelligence requirements 
in terms of USASA mission capabilities and maintains a continuous esti- 
tate of the local CRYPTOLOGICAL situation. Provides COMINT during con- 
tingency situations. 


"am - 


d. Naval Intelligence Service, FA, C2: Provides information of intel- 
ligence and CI interest on local hostile activities and potentíal threats. 


e. Office of Special Investigations, US Air Force, Howard Air Force 
Provides intelligence and CI information regarding hostile 
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. organizations and their activities as well as threat information of 
interest. f 


t (UProvost Marshal Office, 193d Infantry Brigade, FC, CZ: Assists 
in preventing unauthorized vehicle and personnel entry in and adjacent 
to US Army installations and structures jn the CZ. Provides additional 
security guard and personnel restrainment force when required. Conducts 
Physical Security Surveys and Inspections. Maintains criminal investi- 

_ gation files for review and use during the conduct of SIs. Assists in 
preventing overt acts of sabotage by having mobile and foot Military 
Police patrols. 


(U) sf criminal Investigations Detachment, Corozal, CZ: Provides infor- 


mation of intelligence interest uncovered during criminal investigations. 
Maintains files of ali investigations conducted which are available for 
use during the conduct of PSIs or for intelligence purposes. 


h.(yaternal Security Office, Canal Zone Government, Balboa Heights, CZ: 


Maintains files which are available for review during the conduct of PSIs 

or for intelligence purposes. Within the constraints of DA policies, pro- 
vides information regarding intelligence matters of mutual benefit on US, 

Panamanian, Central and South Americans as a local security agency. 


Dv nera 


i lumigration and Naturalization Service (IN), District Court House,. 
Ancon, CZ: Provides information regarding citizenship status on US natu- 
ralized citizens who are DOD-affiliated and of intelligence interest or 
the subjects of PSIs. Provides possible threat information of interest 
uncovered during normal IN functions. " 
6. (U) THREAT: See Tab F which is classified SECRET-NO FOREIGN DISSEMI- 
NATION. 


7. (U) COMMANDER'S EVALUATION: The 193d Infantry Brigade (Canal Zone) 
advised that the current support rendered by the CZFO, 902d MI GP, is 
considered adequate in maintaining a good security posture for the Brigade. 
Should a problem arise which falls within the purview of the Internal 
Counterintelligence Program, or any other security support opération, a 
request for that service will be initiated. 


af CONCLUSIONS AND RECOMMENDATION: To gather the information 
necessary to make a recommendation, a complete review of the files of 

the BCG, DINTEL, and DOPT was made. It was determined that there was 

no evidence of any security problems which could not be corrected by 
routine Cl support. The review did not disclose any trends which might 
lead to weakening of the security posture. Based on information and 
facts already atated, and the feelings of the commander that his security 
posture is adequate, it is felt that at the present time, an ICIP opera- 
tion is neither warranted nor justified. It 15 recommended that an ICIP 
operation not be instituted at this time. 


Regraded UNCLASSIFIED on 
3 Bee CU 

by USAINSCOM FOLI/PA 

Auth para 4-102, DOD 5200-1R 


GEGRADED UNCLASSIFIED 
SEP -5 1997 
BY CDR USAINSCOM FOPO 


. Page 1967 of 3957 


AUTH PARA 1-603 DoD &200.1-R 


TUNES. (007 


"9 
[2] 
-— 
^ 
Pr 


a 


Qcc..202 


opem 116 


dd. 


MEAL DECLASSIFICATION 


VATTIVE 


CM, JOID AE Gar uff y 


US ARMY SECURITY AGENCY DETACHMENT SOUTHERN COMMAND 


AND 
408TH ARMY SECURITY AGENCY DETACHMENT 


1, uw GENERAL: The US Army Security Agency Detachment Southern Com- 

mand (USASADSC), which includes the 408th ASA Detachment is a subordinate 

unit of the US Army Security Agency, Arlington Hall, Virginía, and is a 

tenant unit in support of the 193d Infantry Brigade (Canal Zone).  USASADSC 
has its Headquarters in Building 220, Fort Clayton (FC), CZ. Due to the - 
extreme sensitivity of its mission, the USASADSC is considered a CRITICAL 
SENSITIVE activity. 


2. (U) HISTORY: Headquarters, US Army Security Agency Southern Command 

was established in the Canal Zone in June 1949. The headquarters was 

located in Building 220, FC, CZ, with an operational site located at 

Chiva Chiva, CZ. On 31] March 1971, it was redesignated USASADSC, and | 
the site at Chiva Chiva was closed. All operational functions were con- 

solidated in Building 220. With the redesignation, the 408th ASA Detach- 

ment was formed to enable the headquarters to assume its íncreased tactical 


role. 
3. W MISSIONS: 


a. USASADSC: The USASADSC operates as the senior USASA element in 
Latin America for command and control purposes. Conducts liaison between 
local forces and USASA elements in the CZ and higher USASA Headquarters. 
Operates and maintains a CRITICOMM terminal station, and coordinates 
and furnishes advice and assistance to US Military Forces in the CZ on 
capabilities and limitations of EW and SIGINT. Evaluates supported com- 
mand intelligence requirements in terms of USASA mission capabilities, 
and maintains a continuous estimate of the cryptologic situation. 


b. 408th ASA Det: The 408th ASA Det. provides a separate US Army 
Brigade with direct communications intelligence (COMINT) during contin- 
gency situations and issues intelligence information reports to SSO, 
Panama. Provides, within the limits of its capabilities, COMINT infor- 
mation to an ÁSA Battalion, Group, or Theater Headquarters in support 
of the national intelligence effort. 


4. (FOUO) SECURITY HISTORY/PRESENT SECURITY POSTURE: The USASADSC 


‘and its subordinate unit, the 408th ASA Det, are administratively and 


operationally located in Building 220, FC, CZ. Counterintelligence 
Services support is primarily the responsibility of the Technical Services 
Activity (TSA), US Army Intelligence Agency (USAINTA), Fort Meade, Mary- 
land. Locally, the Canal Zone Field Office, (CZFO), 902d Military Intel- 
ligence Group (MI GP) furnishes routine investigative support and emergency 
technical support. The last CI Inspection/Technical Service was conducted 
during December 1974 by TSA and disclosed no major security problems. A 
check of local files and those of USASADSC did not indicate any weakness 

in their security posture, or trends which could lead to security weak- 


a nesses. It was found that USASADS eck ie upgrade the 
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integrity of their security program. There have been no acts of espionage, 
sabotage or subversion detected in the unit's history. 


5. (C) SECURITY SUPPORT ACTIVITIES: There are several US military and 
civilian activities in the CZ that render direct or indirect intelligence 
and CI support, external physical security eupport, security assistance, 
and police services to the USASADSC. These support activities augment the 
internal security procedures of the Agency and assist it in accomplishing 
its mission. The units or activities which provide direct or indirect 
support to the Agency are as follows; 


B alUkzro, 902d MI GP, Fort Amador (FA), CZ: Conducts Personnel Security 
T Investigations (PSI) in the CZ. Provides CZ based surveillance and counter- 
. surveillance support operations. .Provides Security Assistance services in 

A Support of the USASAD's mission. Conducts CI surveys, inspections, technical 
M surveys and inspections, SAEDA lectures, penetration inspections, and CI 

s related advice and assistance in support of the Agency's security objectives. 
hi 


NE Military Intelligence Group, FA, CZ: Provides intelligence 
operations and services to derect treason, sedition and disaffection and to 
detect, prevent and neutralize espionage, subversion and sabotage directed 
against the US Army, its personnel and installations in the CZ. Conducts 
CI operations and collects intelligence through conduct of HUMINT operations. 
t 

x 

c aval Intelligence Service, FA, C2: Provides information of intel- 

ligence and CI interest on local hostile activities and potential threats. , 


ZG ffice of Special Investigations, US Air Force, Howard Air Force 
Base : Provides intelligence and CI information regarding hostile organ: 
gations and their activities as well as threat information of interest. 


ef iprovost Marshal Office, 193d Infantry Brigade, FC, CZ: Assists in 
preventing unauthorized vehicle and personnel entry in and adjacent to US 
Army installations and structures in the CZ. Provides additional security 
guard and personnel restrainment force when required. Conducts Physical 
Security Surveys and Inspections. Maintains criminal investigation files 


for review and use during the conduct of PSIs. Assists in preventing 
overt acts of sabotage by having mobile and foot Military Police patrols. 


(OF Erase: Investigations Detachment, Corozal, CZ: Provides infor- ^ 


mation of intelligence interest uncovered during criminal investigations. 
Maintains files of all investigations conducted which are available for 
e during the conduct of PSIs or for intelligence purposes. 


h. Internal Security Office, Canal Zone Government, Balboa Heights, CZ: 
Mainta files which are available for review during the conduct of PSIs 
or for intelligence purposes. Within the constraints of DA policies, pro- 
vides information regarding intelligence matters of mutual benefit on US, 
Panamanian, Central and South Americans.as a local security agency. 
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ie ration and Naturalization Service (IN), District Court House, 
Ancon, CZ: Provides information regarding citizenship status on US natu- 
ralized citizens who are DOD-affiliated and of intelligence interest or 
the subjects of PSIs. Provides possible threat information of interest 
uncovered during normal IN functions. 


i. Umited States Amy Security Agenc Arlington Bail Station, 
Arlington, VA: CI and technical security support is provided USASADSC 
-~ by scheduled visits from its higher headquarters in Arlington, Virginia. 


j. TSA, USAINTA, Fort Meade, Maryland: Provides technical and oounter- 
intelligence services to field activities of ASA by programming and scheduling 


inspections worldwide. Responding to field elements in semi-critical case, 
i to insure proper security measures are being complied with, in order to main- 
tain field elements in a high state of operational readiness. 


P 6. (U) THREAT: See Tab F which is ch&ssified SECRET-NO FOREIGN DISSEMI- 
NATION. 
: 7. (U) COMMANDER'S EVALUATION: The Commander, USASADSC, advised that 


the CI support received from TSA, the CZFO, 902d MI GP, and his own in- 
ternal security personnel is considered adequate in maintaining a good 
security posture. In the event a problem develops which falls within 
the purview of the Internal Counterintelligence Program or any other 
security support operation, a request for assistance would be submítted 
through his Headquarters. 


8. We CONCLUSIONS AND RECOMMENDATION: A detailed search of the security 
files of USASADSC, to include the 408th ASA Det, failed to disclose any 
weakness in their security posture or indicate a trend ín that direction. 
Past CI services by TSA indicated some minor deficiencies, but those had 
been corrected shortly after the service was completed. Due to the extreme 
sensitivity of the unit, the Commander maintains a constant check of his 
unitis security program. This program is felt to be adequate. The main 
threats, as pointed out in paragraph 6 above, are external rather than in- 
ternal in nature, and are targeted against by the entire intelligence 
community in the CZ. In evaluating the ICIP program, the Commander asked 
for guidance from his Headquarters in the US. The guidance he received 
agreed with his determination, that he had no desire for an ICIP opera- 
tion at the present time. Based on the facts presented above, it is 
believed that an ICIP operation is presently neither warranted nor justi- 
fied, and it is recommended that an ICIP operation not be instituted in 

the USASADSC at this time. 
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UNITED STATES ARMY COURIER STATION - PANAMA 


(a) 


1. GENERAL: The United States Army Courier Station - Panama 
(USACS-P) is a subordinate activity of the Office of the Adjutant Gen- 
eral, Washington, D.C., with its office located at the Air Freight 
Terminal, Howard Air Force Base (HAFB), Canal Zone (CZ). This activity 
consists of only two individuals, one officer and one NCO. Because of 
the activity's continuous mission of handling extremely sensitive Depart- 
ments of State and Defense documents and material, it falis in the 
CRITICAL SENSITIVE category. 


£ 
n 


2. (U) HISTORY: On 15 January 1966, the United States Army Courier 
Service was organized under the jurísdiction of the Office of the Adjutant 
General, Washington D.C. At that time, the United States Army Courier 
Transfer Station, United States Army Forces Southern Command (USARSO), 
Fort Amador, CZ, was disestablished and the USACS-P created and located 
at HAFB, where it hes been to present. 


3. Py MISSION: The mission of the USACS-P is the secure and expedient. 
transportation of material authorized protected handling by courier; to 
provide facilities for receiving, safeguarding, processing, delivering, and 
dispatching such material; te provide transportation facilities for TOP 
SECRET and CRYPTOGRAPHIC material to US Forces in the Panama Canal Zone, 
: the Panama Canal Company, Federal Aviation Agency, Oceanographic Repre- 

pis sentative, "U-S;. Embassy - Panama, ships or units of the North Atlantic 
A Treaty Organízation, the Southeast Asia Treaty Organization, and the US ot 
State Department. 


4. e SECURITY HISTORY/PRESENT SECURITY POSTURE: The Air Freight Ter- 


mina], HAFB, where USACS-P is located is a one-story concrete block office 
and warehouse structure used for the storage, maintenance and administra- 
tion of in-transit freight and related material.  USACS-P has a steel- 
feinforced concrete vault facility which meets the physical security 
requirements for storage of TOP SECRET material. An initial CI Survey 
was conducted on 28 April 1966, with recommended security requirements 
subsequently implemented.  USACS-P's most recent CI inspection was con- 
ducted on 13 April 1973, with no major deviations from recommended 
requirements recorded. A search of the activity's files failed to reveal 
amy history of security violations. There is no reason to believe USACS-P 
personnel have been involved in any security infractions. There are no 
reasons to believe the security objectives of USACS-P are not being met. 
USACS-P is scheduled for a routine CI inspection in 1975 by its parent 
organization, Headquarters, Ármed Forces Courier Service (AFCS), Washing- 
ton D.C., 20314. 


5.° 4 SECURITY SUPPORT ACTIVITIES: There are several US military and 
civflian activities in:the CZ that render direct or indirect intelligence 
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and CI support, external physical security support, security assistance, 
and police services to the USACS-P. These support activities augment 
the internal security procedures of the USACS-P and assist it in accom- 
plishing its mission. The units or activities which provide direct or 
indirect support to the USACS-P are as follows: 


o(Ycana Zone Field Office (CZFO), 902d MI GP, Fort Amador (FA), CZ: 
Conducts Personnel Security Investigations (PSI) in the CZ. Provides CZ 


based surveillance and counter-surveillance support operations. Provides 
Security Assistance services in support of the USACS-P mission. Conducts 
CI surveys, inspections, technical surveys and inspections, SAEDA lectures, 
penetration inspections, and CI related advice and assistance in support 
of the USACS-P security objectives. 


»(Ue70en Military Intelligence Group, FA, CZ: Provides intelligence 
operations and services to detect treason, sedition and disaffection and 
to detect, prevent and neutralize espionage, subversion and sabotage 
directed against the US Army, its personnel and installations in the CZ. 
Conducts CI operations and collects intelligence through conduct of HUMINT 
operations. 


cl United States Army Securit ency (HSASA) Detachment-USSOUTHCOM 
Fort Clayton (FC), CZ: Provides advice and assistance on capabilities 
and limitations of EW and SIGINT. Evaluates intelligence requirements 

in terms of USASA mission capabilities and maintains a continous estimate 
of che local CRYPTOLOGICAL situation. Provides COMINT during contingency 
situations. 


a Uo Intelligence Service, FA, CZ: Provides information of intel- 
ligence and CI interest on local hostile activities and potential threats. 


ell £fice of Special Investigations US Air Force, Howard Air Force 
Base, CZ: Provides intelligence and CI information regarding hostile 
organizations and their activities as well as threat information of interest. 


= 


f \WUprovost Marshal Office, 193d Infantry Brigade, FC, C2: Assists 
in preventing unauthorized vehicle and personnel entry in and adjacent to 


US Army installations and structures in the CZ. Provides addítional 
security guard and personnel restrainment force when required. Conducts 
Physical Security Surveys and Inspections. Maintains criminal investiga- 
tions files for review and use during the conduct of PSIs. Assists in 
preventing overt acts of sabotage by having mobile and foot Military 
Police patrols. 


riminal Investigations Detachment, Corozal, CZ: Provides infor- 
mation of intelligence interest uncovered during criminal investigations. 
Maintains files of all investigations conducted which are available for 
use during the conduct of PSIs or for intelligence purposes. = 
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h. Internal Security Office, Canal Zone Government, Balboa Heights, CZ: 


Maintains files which are available for review during the conduct of PSIs or 
for intelligence purposes. Within the constraints of DA policies, provides 
information regarding intelligence matters of mutual benefit on US, Panamanian, 
Central and South Americans as a local security agency. 


i. Immigration and Naturalization Service (IN), District Court House, 


Ancon, C2: Provides information regarding citizenship status on US natu- 

. ralised citizens who are DOD-affiliated and of intelligence interest or 
the subjects of PSIs. Provides possible threat information of interest 
uncovered during normal IN functions. 


j. Headquarters, Armed Forces Courier Service, Washington, D.C.: Pro- 


vides CI services and support in forms of surveys, inspections, and visits. 
Provides intelligence and security information and guidance through direc- 
tives, regulations, and staff visits. Coordinates with local commands for 
additional CI and security support when required. Provides assistance in 
matters of security as a higher headquarters. 


n" 
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6. (U) THREAT: See Tab F which is classified SECRET-NO FOREIGN DISSEMI- 
NATION 


7. (U) COMMANDER'S EVALUATION: The Commander,USACS-P, advised that 
USACS-P consists of only two persons and that the present counterintelli- 
gence services provided USACS-P are adequate and meets his security re- 
quirements. USACS-P does not desire additional CI support at this time. 


8. (FOUO) CONCLUSIONS AND RECOMMENDATION: An examination of security 
and administrative files failed to disclose information that USACS-P's 
security posture was anything but sound and secure. In addition, security 
checks provided by Headquarters (HQ), AFCS, revealed that USACS-P was per- 
forming its mission, to include maintaining a good security posture, in 
an outstanding manner. An in-depth study of the local hostile threat and 
the mission of USACS-P conducted with the Commander, USACS-P, failed to 
indicate that an on-going or potential internal security threat exists. 
There are no reasons to believe that the normal CI support and service 
provided USACS-P by HQS, AFCS, in conjunction with local intelligence and 
security agencies, CZ, is not adequate coverage to identify and neutralize 
any CI threat to USACS-P. In view of the existing CI coverage of the 
USACS-P, and that there are only two persons assigned to it, additional 

CI support is not recommended for USACS-P at the present time. 
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J-2/3 DIRECTORATES’ WARNING AND OPERATIONS CENTER 


ide GENERAL: The J-2/3 Directorates' Warning and Operations Center 
(J-2/3 DWOC) is a subordinate joint activity of the J-2 and J-3 Directo- 
rates, United States Southern Command (USSOUTHCOM), Quarry Heights (QH), 
Canal Zone (CZ). The J-2/3 DWOC is housed in Building 81, “The Tunnel", 
a building that is tunneled into a hillside in QH, and is a combined 
service activity manned by US Army, Navy, and Air Force personnel.  Be- 
cause of its communication capabilities and functions within USSOUTHCOM, 
and its support to the JCS, the J-2/3 DWOC is considered a CRITICAL 
. SENSITIVE facility. 


2. (U) HISTORY: Caribbean Command, a Unified Command under the JCS, 
had its genesis in the World War II Caribbean Defense Command which was 
organized in early 1942 and was composed of the Panama Canal and Puerto 
Rican Departments of the Army, the 10th and 15th Naval Districts of the 
Navy, the Trinidad Base Command, and the Panama Canal. The Caribbean 
Command was established at QH, CZ, on 1 November 1947, by authority of 
ae the JCS. The Component forces assigned to Caribbean Command consisted 
mo, of the Army and Air Force elements of the Caribbean Defense Command and, 
with the exception of certain fleet facilities and bases, of the Navy's 
Caribbean Sea Frontier. On 6 June 1963, the Caribbean Command was re- 
designated USSOUTHCOM. 


s(u}eeouey MISSIONS: 


a. J-2 Warning Center: The J-2 Warning Center supports the Direc- 
tor of Intelligence through the operation of the Warning Branch by pre- 
paring and disseminating current intelligence and warning indications 
and through the preparation of current and long range estimates, studies 
and assessments. Provides supervision and personnel for the J-2 element 
of the Battle Staff and the Emergency Relocation Site (ERS) when activated. 


r, Ray "c 


b. J-3 Operations Center: The J-3 Operations Center implements JCS 
emergency action procedures within USSOUTHCOM; prepares, coordinates, and 
disseminates USSOUTHCOM Emergency Action Procedures (EAP) in support of 
the JCS. In addition, prepares, coordinates, disseminates and implements 
USSOUTHCOM Control of Civil Disturbance Posture, USSOUTHCOM EAP, VOL III. 
. Supervises the manning and operation of the emergency actions section of 
the Joint Operations Center and the ERS. Prepares, reviews, coordinates 
and supervises plans within the USSOUTHCOM command and control system to 
insure interface and capability with the Worldwide Military Command and 
Control Systems. 


4 [ykrevey— szcunrry HISTORY/PRESENT SECURITY POSTURE: Building 81, the 
x where the J-2/3 DWOC is located, is constructed of steel rein- 
forced concrete EE in Sib-atrars rock in Ancon Hill, QH, CZ, with 
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the building extending through.the hill. The entrance to the tunnel is 
manned by armed guards and unauthorized access to it could result in 
exceptionally grave danger to the US. The J-2/3 DWOC is a highly sensi- 
tive operational activity and is the coordination nerve center of USSOUTH- 
COM. A Ci Security Survey was conducted on the tunnel in 16 June 1961, to 
determine the security measures necessary to limit or deny unauthorized 
access to it. Subsequent CI inspections and Security Assistance Visits 
have been conducted to insure compliance with the procedures established 
in the Security Survey. There are no known on-going internal threats in 
the J-2/3 DWOC. 


K SECURITY SUPPORT ACTIVITIES: There are several US military and 

civilian activities in the CZ that render direct or indirect intelligence 
and CI support, external physical security support, security assistance, 

- and police services to the J-2/3 DWOC. These support activities augment 

: the internal security procedures of the J-2/3 DWOC and assist it in accom- 
plíshing its mission. The units or activities which provide direct or 
indirect support to the J-2/3 DWOC are as follows: 


a. Canal Zone Field Office (CZFO), 902d MI GP, Fort Amador (FA), CZ: 
Conducts Personnel Security Investigations (PSI) in the CZ. Provides CZ 
E based surveillance and counter-surveillance support operations. Provides 
i Security Assistance services in support of the J-2/3 DWOC mission. Con- 
ducts CI surveys, inspections, technical surveys and inspections, SAEDA 
lectures, penetration inspections, and CI related advice and assistance 
in support of the Group's security objectives. 


MEA 


b. 470th Military Intelligence Group, FA, CZ: Provides intelligence 


operations and services to detect treason, sedition and disaffection and 

to detect, prevent and neutralize espionage, subversion and sabotage direc- 
ted against the US Army, its personnel and installations in the CZ. Con- 
ducts CI operations and collects intelligence through conduct of HUMINT 
operations. 


c. United States Army Security Agenc USAS) Detachment-USSOUTHCOM 
Fort Clayton (FC), CZ: Provides advice and assistance on capabilities 
and limitations of EW and SIGINT. Evaluates intelligence requirements 
in terms of USASA mission capabilities and maintains a continuous esti- 
mate of the local CRYPTOLOGICAL situation. Provides COMINT during con- 
tingency situations. 


d. Naval Intelligence Service, FA, CZ: Provides information of 
intelligence and CI interest on local hostile activities and potential 


threats. 


e. Office of Special Investigations, US Air Force, Howard Air Force 
Base, CZ: Provides intelligence and CI information regarding hostile orga- 
nizations and their activities as well as threat information of interest. 
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 [Wyrovost Marshal Office, 193d Infantry Brigade, FC, CZ: Assists 
in preventing ynauthorized vehicle and personnel entry in and adjacent 
to US Army installations and structures in the C2. Provides additional 
security guard and personnel restrainment force when required. Conduct 
Physical Security Surveys and Inspections. Maintains criminal investi- 
gation files for review and use during the conduct of PSIs. Assists in 
preventing overt acts of sabotage by having mobile and foot Military 
olice patrols. 


i (U) g- iminal Investigations Detachment Corozal, CZ: Provides infor- 
mation ox intelligence interest uncovered during criminal investigations. 


Maintains files of all investigations conducted which are available for 
during the conduct of PSIs or for intelligence purposes. 


fut ternal Security Office, Canal Zone Government, Balboa Heights " 
Maintains files which are available for review during the conduct of PSIs or 
for intelligence purposes. Within the constraints of DA policies, provides 
information regarding intelligence matters of mutual benefit on US, Pan- 
amapian, Central and South Americans as 8 local security agency. 


ration and Naturalization Service (IN), District Court House 
Ancon, CZ: Provides information regarding citizenship status on US natu- 
ralized citizens who are DOD-affiliated and of intelligence interest or 
the subjects of PSIs. Provides possible threat information of interest 
uncovered during normal IN functions. 


6. (U) THREAT: See Tab f which is classified SECRET-NO FOREIGN DISSEMI- 
NATION. 


7. (U) COMMANDER'S EVALUATION: The CINC, USSOUTHCOM, advised that CI 
support presently being received from the CZFO, 902d MI GP, together with 
the internal security programs and checks, are adequate in maintaining a 
good security posture. If at any future date, problems develop which 
would be considered within the purview of the Internal Counterintelligence 
Program or any other security support operation, a formal request for 
assistance would be submitted. . 


8 (uXe- CONCLUSIONS AND RECOMMENDATION: After completing a review of 

the files concerning the J-2/3 DWOC security situation, it was determined 
that the security posture of the J-2/3 DWOC was adequate. No espionage, 
subversion or sabotage activities have been detected, and no trends seen 
to be developing which would lead to weakesing the security posture. 

Taking into consideration the sensitivity of the area and the strict con- 
trols utilized by personnel of the activities, it is felt that the routine 
CI support now being given J-2/3 DWOC is adequate. Based on the informa- 
tion and facts stated, an ICIP operation in the DWOC at the present time 
is neither warranted nor justified. It is recommended that an ICIP opera- 
tion not be instituted in the J-2/3 DWOC at this time. 
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THREAT 


_ (SAND) THREAT: A current assessment of the threat to the Canal Zone (CZ) 
is as follows: 


a. b1 


d. 


- 


qur PERO ht ns 


raters 


f. The ever-present controversy over Canal negotiations provides a 
hostile threat from dissatisfied US employed local nationals. Their dis- 
satisfaction might cause disaffection and subversion among US personnel 
sympathetic to the Panamanian cause. i 
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CANTER RIDE (U) DATE 
6 March 1975 
ACTION BEDUNED i 
To inform the CDR, USAINTA subject OPLAN (ICIP) approved by ACSI, DA. 
MEMORASINA POR RECORD. | ( Describe briefly the requirement, background and action toksa or recommended. Must be onfliciontly detailed to identify 


the action adhesi recourse be ether sources. ) 


a BACKGROUND : 


a. By letter dated 25 February 1975, subject as above >» CDR, USAINTA 
(MIIA-SO), forwarded to DAMI-DOI-C for review and approval of 902d MI Group Operation 
Plan OP-001-75-902, subject: Internal Counterintelligence Program (ICIP)(U), (Project 
Canter Ride)(U). 


v 


b. By Memorandum Thru DAMI-DO for ACSI, DA, subject as above, dated 28 February 75 
, DAMI -DÓI recommended that the OPLAN be approved. On 4 March 1975, the 
ACSI, DA approved the OPLAN. 


2. (U) DISCUSSION: By ist Indorsement to USAINTA letter, DAMI-DOI advises the CDR, 
USAINTA that the ACSI, DA approved subject OPLAN on 4 March 1975. 


den HAN EE d spen 


3. (U) RECOMMENDATION: The attached lst Indorsement to USAINTA (ORANGE TAB A) be 
approved and signed. : 


Classified by__-AR_381-J02_.__.-------- a 
EXEMPT FPOM GENERAL DECLASSIFICATION 
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m 
MEMORANDUM THRU: BRIGADIER GENERAL KELLEY Jae TS” 


FOR: MAJOR GENERAL Uf 


SUBJECT: CANTER RIDE (U) 


| 2. (C) Most of the personnel assigned to ASD are scientifically oriented, 
and it is this scientific orientation that has been considered the primary 
cause for an uncooperative and lackadaisical attitude toward security. 

n This attitude, coupled with prevailing unfavorable opinions of intelligence 

personnel in general, results in an environment not suitable to a conven- 

tional ICIP operation. 


£e A Sensitive Activity Vulnerability Estimate dated 5 February 1974, 
conducted at the US Army Missile Command, surfaced a number of security 
shortcomings. Other investigative efforts at this facility have revealed 
alleged questionable suitability activities on the part of some individuals 
assigned to ASD. 


«[dyo À review of the Sensitive Installation listing reveals that all 
activities at Redstone Arsenal (with the exception of the US Army Missile 
and Munitions Center and School) are considered "highly sensitive." A 
review of the Hostile Intelligence EEI maintained at CIAD revealed that 
information on missile technology continues to be a high priority Hostile 
Intelligence EEI. 
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DAMI-DOI-C 
SUBJECT: CANTER RIDE (U) 


5. It is recommended that the attached OPlan be approved. 


O A 


—=—— 
1 Incl LEONARD A. &PLIRIT 
as (CONEIENTIAL) Colonel, GS 
Chief, Counterintelligence 
nn | and Collection Division 
Approved 
Disapproved 
See Me 
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DAMI-DOI-C (25 Feb 75) lst Ind ] 
SUBJECT: CANTER RIDE "c 


BA (DAMI-DOI-C), WASH DC 20310 


i TO: Comsader, US Army Intelligence Agency, ATTH: MIIA-$C, Fort Meade, 
Maryland 20755 : 


The attsched OPLAN, subject as above, was approved by the ACSI on 4 March 
1975. — : 


POR THE ASSISTANT CHIEF OF STAFF FOR INTELLIGENCE; 


Tu 


F : 2 Incl EUCENE KELLEY, JE. 

E de ac Brigadier General, CS 

G Director of Intelligence 
is Operations 


_CONADESTAL 


DEPARTMENT OF THE ARMY 
_ HEADQUARTERS 
U. S. ARMY INTELLIGENCE AGENCY 
FORT MEADE, MARYLAND 20755 
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HQDA (DAMI-DOI-C) 
WASH DC 20310 


' er Forwarded for your review and approval is 902d MI Group Operation 
; Plan OP-O01-75-902, subject: Internal Counterintelligence Program 


(ICIP) (U), (Project CANTER RIDE (U)) (TAB A). 


AE Siar eerie pw 


: This specialized counterintelligence suprort 
was requested by CG, USAMICOM, to enhance the security of the Directorate 


: and determine the extent, if any, of hostile intelligence penetration of 


, Redstone Arsenal. A feasibility study is at TAB B and provides additional 
detailed background information. 


a «a 


as Colonel, MI 
Commanding 
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DEPARTMENT OF THE ARMY 


HEADQUARTERS, 902D MILITARY INTELLIGENCE GROUP 
FORT MEADE. MARYLAND 20755 


MIIA-GPB-AC(SP) OPERATION PLAN DATE: 


SUBJECT: Internal Counterintelligence Program (ICIP) (u) 
REPORT NO: OP-001-75-902 


PROJECT: CANTER RIDE (U) 


" (U) REFERENCES: 
d . a. AR 380-13, Acquisition and Storage of Information Concerning Non- 
k i affiliated Persons and Organizations, 30 September 1974, 
l H i 
B | b. UBAINTA Regulation 381-100-1, Counterintelligence Special Opera- 


tions, 8 February 197h. 


c. ` Memorandum, Redstone Resident Office, 902à MI Group, Subject: 
Request for Counterintelligence Special Operations, 23 September 197^. 


d. LIR, AMSMI-X, Headquarters, US Army Missile Commend (USAMICOM), 
Subject: Request for Special Counterintelligence Support, 30 Septeriber 1974. . 


[3 
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e. Feasibility Study, MIJA-IA-0, Subject: CANTER RIDE Feasibility - 
Study (U), 12 November 1974. 


f. See Annex A (Doctrinal References for references relating to doc- 
trine, modus operandi and operational restrictions.) 


1. (C) MISSION: 


a. Requirement: The 902d MI Group, with the assistance of the Composite 
Intelligence Activity (COMPIA), USAINTA, will develop and implement an Internal 
Counterintellizence Program (ICIP) operation | b! — JTe 
operation is designed to provide special counterintelligence support to the 
Commanding General, US Army Missile Command (USAMICOM), Redstone Arsenal (RA), 
Alebama, in response to reference d above. The 902d MI Group will be respon- 
sible for the planning, operational control and monitorship of the operation 
While COMPTA will provide for the 
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OP-001-75- 902 
SUBJECT: Internal b otiberinteriiesnes Progran (ICIP) 


Further information pertaining to the target is con- 
tained at Annex I (Target Information). 


b. Objective: | 


(1) To enhance the security of the directorate by identifying those 
activities, practices and personnel employed within the target area which 
have been, and may continue to be, involved in the existent security 
weaknesses affecting the security of classified defense information within 
USAMRDEL. Further information pertaining to existent security weaknesses | 
of the target area is contained at Annex J (Security Weaknesses). | 


(2) To determine the extent, 1f any, of Hostile Intelligence Service | 
(Ho1S) penetration of Redstone Arsenal. Any information pertaining to this 
subject developed by the operation will be expeditiously pessed to the 
appropriate office of the US Army Intelligence Agency for possible exploita- ; 
tion under the provisions of AR 381-47. | 


c. Base of Operation: Redstone Arsenal, AL 


d. Each individual &nd source involved in the conduct or control of the 
operation will be briefed on current policies and constraints pertaining to l 
counterintellizence operations and activities as they concern persons and 
organizations not affilleted with the Department of Defense. | 


e. The scope of the operation will not be expanded to cover off-post 
targets not affiliated with the Department of Defense without prior Boprovel 
IAW provisions of Appendix B, AR 381-13, d&ted 30 September 197h, Acauisition 
and Storage of Information Concerning Nonaffiliated Persons and Organizations. 


(€) PERSONNEL: 


a. Agent Personnel: [See Annex B (Agent Personnel)] 


b. US Army MI Personnel: [See Annex C (Knowledgesbility List)] | 

(1) Case Officer: A "Great Skills" member of the Military Intelligence | 

, Officer Excepted Career Program (MIOCP) utilized under the provisions of 
AR 614-1135, dated 1 Noverber 1974, is required. 


(2) Alternate Case Officer: Commander, Redstone RO, 9024 MI Group. 
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OP-001- 75-902 
SUBJECT: Internal Counterintelligence Program (ICIP)(U) 


3. (€) COVER AND DOCUMENTATION: [See Annex D (Cover and Documentstion)) 


| b. b 
I 


B. Itiner : 


4. (c) EXECUTION: 
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OP-001-75-902 : i 
telligence Program (ICIP ){U) 


SUBJECT: Internal Counterin 


(2) 
a €. Security Considerations: 
2 Q) 
(2) 


5 {ue} COMMUNICATIONS: i 


a. This OPlan provides for the use of personal meetings, US Postal 
The 


Service and telephonic contacts to effect necessary communications. 
communications system will be designed to assure & continuous and secure 
means for the transmission of information and will provide for a primary, 


alternate and emergency channel es follows: 


| Df Xm "— | 
4 -— 
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SUBJECT: Internal Counterintelligence Program (ICIP)(U) 


| (1) Primary: Used for normal requirements. 


| i (2) Alternate: Used to prevent overloading of the primary system or 
f in the event that the primary channel cannot be used. 


i ; (3) Emergency: Used only ín such instances wnich require the urgent l 
i transmission of information when the primary or alternate systems will not | 
| . suffice. 


b. Details of the communications systems are contained in Annex E 
! - (Communications) to this OPlan. 


i '6.Xe) TRAINING: The source will be trained jointly by the 902d MI 
2 : Group and COMPIA in the skills necessary to &ccomrlish his assigned tasks 


b. | in a secure and effective manner. Source training will be continuous and 
E will be dictated by the experience and background of the source and the 

| gf . operational situation within the target area. Specific minimal training 
E requirements to include the provisions of AR 380-13 and standard Essential 
E t "Elements of Information (EET) are contained in Annex F (Training) to this 
i OPlan. . 


8. ) TERMINATION: 


^ B. Termination with or without prejudice: The source recruited for 


this operation will be terminated when his usefulness to the operation 
ceases, he shows indications of insecure practices which could compromise 
the operation, he is no longer amenable to control, or the operation is 

: terminated. Circumstances under which termination is effected will 
determine whether termination is with or without prejudice. The terms 
"with or without prejudice" do not indicate the manner in which the source 
will be terminated, but rather whether or not the source would be considered 
for use in future operations of this nature. Circumstances under which 
termination is effected are outlined in Annex H (Termination) to this OPlan. 


b. Commitments: The only commitments to be made to the source will be 
assurance of personal security and reimbursement for expenses incurred at 
the direction of the c/o. At termination & severance statement will be 
obtained from the source in the appropriate format and will include a 
provision that the source has no further claim. 


e. Knowleageabinity: [1 SSS 
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OP-001- 75-902 
 SUBJECT: Internal Counterintelligence Program (ICIP)(U) 


suyo COORDINATION AND LIAISON: 

&. Coordination between Headquarters, 902d MI Group; the Atlanta Field 
Office; Redstone Resident Office; COMPIA, USAINTA and appropriate personnel 
at RA has been established and wili be maintained on a continuing basis. 


b. Coordination and liaison between COMPIA and DA personnel assignrents 


x : branches has been established to ensure the identification end procurement 
E - , of a suitable agent for utilization in the operation. 
i : c. Coordination with additional personnel at RA may be determined 


to be necessary in the accomplishment of the operation. Consideration is 
presently being made to the possible briefing of the Chief, COMPACT, RA, 
. to ensure proper assignment of the agent. However, as the operation will 


Ae ai. 


: be conducted under strict "close-holà" rules, the briefing of additional 
personnel at RA vill be accomplished only when deemed absolutely necessary, 
; and upon the approval of the 902d MI Group Commander. 
E 10 Uke Reports: 
E a. Source administration, operational reports and periodic status 
Ec reports will be submitted in accordance with reference b. s 


b. Appropriate USAMICOM representatives will be informed cf the 
information gleaned from the operation as it is developed. 


ANNEXES : 


A - Doctrinal References 

- Agent Personnel 

- Knowledgeability List 

- Cover and Documentation 
Communications 
Training 

- Finance and Logistics 

- Termination Plan 

- Target Information 


J - Security Weaknesses 
ki bi |Plan 
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Annex A (Doctrinal TAE to OPlan QP-001- 75-902 
E. References contained in this Annex are those which arfect the eaninis- 
tration and conduct of the operation, as opposed to those vanich stcenhish 
the requirements for the operation and are listed under RESERENCIS in the 
heading of this OPlan. 
1l. Defense Intelligence Agency Manual (DIAM) 58-11, Vol IT. 
2. Field Manual (FM) 30-17, Counterintelligence Operations, Jenuary 1972. 
3. FM 30-174, Counterintelligence Spedfial Operations, February 1973 
E he Army Regulation (AR) 381-241, Provisions for Bann ene San 
i * 1965 with changes 1 through 4. 


| 5. AR 614-115, Assignments, Details and Transfers - Military Intcllizence 
|| .' Officer Excepted Career Program (U), 1 November 1974. 
7 | ” 


Ms 6. USAINTA Regulation 381-1, Provisions for Adzinistr&tion, Supervision, 
Control and Use of Intelligence Contingency Funds (U), 20 August 197%. 


7- USAINTA*Regulation 381-100, Counterintelligence Activities and Fees 
cedures, 13 February 1974. 


P ." B. 902d MI Group OPlen QUIZ TALK (U). 


9. LTR, AGAM-P(M), ACSI, DSCI, Subject: Availability of Special Counter- 
intelligence Support, dated 17 September 1965, and Chapter 5, Subject: 

b1 (C) to AR 382-102 (5), Subject: 
Intelligence Cover and Operational Support Activities (U), November 1915. 
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Annex C (Knowledgeability List) to OPlan OP-001-75-902 
1. US Army Missile Command: 
a. MG Vincent H. Ellis, Commanding General 
b. COL Arthur G. Lange, Jr-, Chief of Staff 


‘ee Dr John L. McDaniel, Director, USAMRDEL 


i à. COLR. A. Axelson, Deputy Director, USAMRDEL l : 


. 9024 MI Group: (Additional personnel of the 902d MI Group will be brief ed 


A E the operation only upon the approval of the Group Commander). E 
E . a. COL Albert N. Stubblebine III, Commander 

a i b. ITC Dale L» Hartig, Deputy Commander 

H d c. LIC Alton R. Westrick, Operations Officer 

i3 | d. MAJ Hugh W. Fitzpatrick, Jr., Asst Operations Officer 

" e. CWh Edward P. Clark, Special Investigations Desk 

T f. CW2 Benjamin W. Struchen, Special Operations Desk 

; - 


 £ CPT Rodney J. Sollenberger, CDR, Atlanta Field Office 
b b. CPT Bobby E. Gipson, CDR, Redstone Arsenal Resident Office 
3. ] Case Officer Personnel: 
&. Primary: (to be determined) 


C b. Alternate: CPT Bobby E. Gipson 
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APPENDIX I to ANNEX C, OPLAN OP 001-74-902 DATE: 29 January 1975 
PROJECT NAME: CANTER RIDE (J) | 


SUBJECT: Knowledyeabitity List 


1, The following personne? have full € of the | ain 
- a. 902d MI Grou Personnel 
pat aL DEM OE NU C DLL RDNCEE 
p^ 7. o9. i ^) O4 William ADDE Cnief, Liaison Branch, Pentagon Counterintelli- 
P Force. 


(2) SGT Dave Horn, Liaison Branch, Pentagon Comteren ane Force. 
b. USAINTA Personnel . 
(0) COL Willian S, Wolf, CPP. mE 


|. (2) QOL Hassel L. Parker, DCDR. . - 
^" (3) QOL William T. Singleton, Chief, CI Div. ^ / | 


E ^ . (4) LiC Donald B. Grires, Chief, Special Ops Br. 
(5) James Hession, GS-13, Chief, Intel Div. 


| 

| "e i | (6) Gordon Huff, GS-15, Exec Asst to Chief, COPIA. 
: | (7) Les Hime, GS-12, Civ Adv t6 Chief, Special Ops Br. | 1 7 -. 
: (8) Rocco Melo, GS-13, Civ Adv to Chief, Special Ops Br. | 
| (9) MAJ Joseph S. Kieffer, Chief, COPIA. S 


. (10) CPT Lawrence A. Edell, Chief, Svcs Sec, COPIA, 


Qi) CT Richard A. Govoni, Chief, Ops Sec, ‘COMPA, 
| © (02) ALT James A. Holliday, Svcs Sec, COMPIA, — ! 
(13) COW2 Mellberth Bowling, Alternate Project Officer, COMPIA. 


(14) C2 John Mculla, Ops Sec, COMPIA, 


* (15) wol Donald J. Rander, Project iNET, COPIA, 
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(16) Dolores J . Crounse, GS-5, Adnin Sec, COPIA, 
(47) Judy C. Howard, GS-5, Acnin Sec, COFIA, 
(18) SFC James D, Blessing, Ald Sec, COMPIA, 
09) SFC Robert J. Snyder, Ops Seg, COMPIA, 

(20) SSG William R. Quinton, Svcs Sec, COPIA, 


TE I to ANNEX C, OPLAN CP 00i-74-902 °: "ON: January 1975 
1 


Hm = 


.^ (21) SPS Douglas B. Miller, Svcs Sec, COMPIA. 


, €, Other MI Personel 


és . , 
oo y ney a arae 
. pies sie 
ae 


|] t. O5 Ralph4v, Ochs, Assignments Officer, MI Br, OPD, MILPERCIN, 


i A The following personnel have limited knowledge of the operation: 


+ 
6 


"8, USAINTA Personnel . l 
(2) Auter Ackley, Jr., SEEN. cfficer. 9, 
(Z) CPT Noel Jones, Special Cps Br. | 
(3) CHS Robert J. Finch, USMSD, 
(4) C¥2 Paul B. Maison, USAASD, E 
b. Other Personnel 
COL Ransom Barber, Chief, MI Br, OPD, MILPER CEN. 
capt Donald B. Polatty, USN, Dir, Personnel & Adxinistration Div, INA, 
-@) LTC C. P. Joiner, Jr., ŒR, 901st MI Det. / l 
(4) LIC Floyd W, Cox, Jr., Chief, Admin Servicos Div, DNA. 
(5) MAJ David A. Harrison, Chief, Mil Pers Div, DNA. 
| (6) CPT Doneld Howell, Chief, Mail & Records Br, INA. 
NU eis Darrell Graf, , Assignments orticer, AG Br, OPD. i E 
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APPENDIX I to ANNEX C, OPLAN OP 001-74- -902 MEE 29 January 1975 


(8 oss Charles B, Decker, Deputy Chief, US Amy Staff Officer Personnel 
Div, TAG. : 
(9) set Edward J, Poucette, a US |Amy- Staff Officer Personnel Div, 


> 


*- d . Qo). .MSG Larry e: ud FEAO, Fort Myer, VÀ. 


#02) Em c. F. Fry, USAINTA Liaison officer to the Army Material Conzand. 
u n osure t S . . e: | * io » 
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. 1. (M) c/o Cover and Documentation: 
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j .cAppenéix 1 (Couzur ations Diegren) to Annex E {Ce amications) to OPlan 
OP-Q01- 75-902 - . : 
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Annex F (Training) i JPlan OP-001-75-902 
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Appendix 1 (Standard Essential Elements of Information) to Annex F 
(Training) to OPlan OP-001-75-902. 
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Appendix 2 (Specif! Essential Zleuents of Informa’ n) to Annex F (Trainizs) 
to OPlan OP-O01-75-,.2 E . . 
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Freedom of Information Act/Privacy Act 
Deleted Page(s) Information Sheet 


Indicated below are one or more statements which provide a brief 
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5 USC 552 (bY(1) 
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O 


DELETED PAGE(S) 
NO DUPLICATION FEE 


FOR THIS PAGE. 


Page (s) 503-504 


IAGPA-CSF Form 6-R 
1 Sep 93 


Page 2002 of 3957 


Page 2003 of 3957 


- Ue l £a The source may be terminated with or without prejudice, which 
"indicates & recommendation for future utilization only. 

t t A . 

:,”.*@. A source may be terminated with prejudice for any of the following 
reasons: 


tA 


(1) Control by Hols. 


: .' (2) Complete ineptitude. " MEME 


7 A soe 


n (3) Unvillinzness to accept direction or guidance from the C/O, or 
= TE continuous disregard for security instructions. 


: zs " (4) Compromise as a result of his own actions, in violation of the 
wg A O's instructions. 2 


(5) Deliberate distortion or fabrication of information. 
_ ©) Habitual law violation. 


“(7) Inability to give satisfactory EE for long absences or 
"..  ., BuBpicious actions. 


MEE b. A source may be termin ated without prejudice for any of the 
oe os ne reasons: 


(1) Compromise ee no fault of his own. 


; IT --° (2) Toss of placement and/or access. P c 


M 


(3) Desire of the source to terminate for non-operational reasons. 


KON Deterioration of health of the source to a degree that he cannot E 
continue his efforts. z : m 


(5) Recruitment of other assets who have better placement and/or ACCESS. 


(6) Termination of the operation. 


SS 
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Freedom of Information Act/Privacy Act 
Deleted Page(s) Information Sheet 


Indicated below are one or more statements which provide a brief 


rationale for the deletion of this page. 


Information has been withheld in its entirety in 
accordance with the following exemption(s): 


3 USC 552 (b)(1) 


It is not reasonable to segregate meaningful portions. of the 


record for release. 


d] Information pertains solely to another individual with no 
reference to you and/or the subject of yoür request. 


f Information originated with another government agency. It has 
been referred to them for review and direct response to you.: 


1 " 


EX] Information originated with one or more government agencies. 
We are coordinating to determine the releasability of the 
. information under their purview. Upon completion of our 
| coordination, we will advise you of théir decision. 
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ex I (Target Information) to OPlan OP-001-75-902 


1. The initial specific target of the operation is the Optical 
Guidfnce Technology Office (OGTO), which is en office within the Advanced 
Sensor Directorate (ASD) located in Building 5400, a restricted area located 
on Redstone Arsenal (RA). Mr J. Ducote is the director of OGTO and Mr W. J. 
Linberg is the director of ASD. Neither of these persons i- aware of the 
operation. ASD is one of several directorates under the US Army Missile 
Research, Development and Engineering laboratory (USAMRDEL) which is 
responsible for developing concepts for new missiles. Dr J. McDaniel, 
Director USAMRDEL, and COL R. A. Axelson, Deputy Director USAMRDEL, have 
been briefed on the operation.  USAMRDZL is, in turn, one of nine directo- 
rates which are collectively responsible for the developing, testing and 
procurement of missiles for the US Army Missile Command (USAMICOM). ‘The CG, 
USAMICOM, Major General Vincent H. Ellis and the CofS, COL Arthur G. Iange Jr., 
are aware of the operation. i 


2. (U) Further information pertaining to RA, USAMICOM, Huntsville and a 
map of RA are provided in Appendices to this Annex. 
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Axed Uaia L ss ~ i & 
U.S. Army Missile Command e FICOM) : "T 


U.S. Army Missiie and Munitions Center and School (? ae 


“US. Army Medica al Departmen it Activity (MESDAC) 


Ballistic Missile Defense Systercs Command (2MDSCOM) 
U.S. Army Eusinear Division, Hantaville 2 
Ballistic Missile Defense Advanced Technology Center (ZMDATC) .. mo Puoi 


Redstone Readiness Groun 


s 


Redstone Arsenal is a combination cf lwo U.S. Army arsenals established in 1941, for the production of artillery shells. Today 2 i = 


nerve center of tae Army's missha an-l socket pisgrams 
The 38,655 scies were designsted tise center of research and development activities for rockets and related items in Octeber. 
Sane 


Recruitment of technical and profess: ael personae! tean in Bener 1519, and a Research and Development Division was estt Uite 


the next moath. 

Redstonc Arenal wus declared, Ou nrüve instellaticn by the Department of the Army on June 1. 1049. Soine of the Army's rocket exz — 
who had Een werking at Ft. Diis, Taxas were moved to Redstone in April, 1950. This iz cluded the team of scientists and engine: 
heedad by Dr- Werther von Beun. 

: Six Ipafor Amny a areacies are now fcomted on Redstone and in neizhboring Huntsville. Based on the arsenal ate the U.S. Aeris Miz 
‘Command and the U.S. Army Mix: » and Manittuns Center and School, The George C. Marshall Space Fiight Center of the N 


ote 
z7 


Aeronautics tad Spece Adminisz3: ri is also sited on tha arsenal as weil as a government-owned, coalactor-operated facility engage 
pecket propellzat research and marzcties — the Huntsville Divisicn of Thiokol Chemica! Corperstion. 

ta nearby 1tintsville are the Anny s Suiiistic Missile Defense Systems Command and Ballistic Missile Dofense Advanced Techaots: 
“Center, The U.S. Army Engineer Mis isicn, Hunisville, 20d the Redstone Readiness Group. . 

The arsenal land aree. includes :1.—6 minor mountzins, 94 miles of rzilroads, more ihan 330 miles of roads and mere thea z Xr 

buildings. Ther» is a jet length ziz£i i: ond modern c37z0 docks on the Tennessee River, the arsenal's soutl;czi boundary. Army butas. 


i at more than 5229 million. 
rough Redstone gates each day. in an average month, some 8,002 trensirat visitors ere bz; 


334 Or tour one Gr more cf tie yovcmment agencies on the instalation. 
The jusex9l ha: a daily government «cd contractor working population of about 25,009. Although ro civitiaus live on the erzens 


iy thd 


and equipment 2t Pedsione are vaiz 
An avez ke of 20.050 vehizzes p 


than 1,009 military families reside it Zcvamment quarters. Approximately 1,500 children cf military personnel residing on the pee 


attend schools ia iZurtsville. 
Civitiaa employ ves warkins for the 1-patmert ef the Army at Redstoae and in Huntsville number abort 10.000. Approximately 4% 


soldiers ure ccsignud to the varios Army communcis and agencies, The total Army payroll at Redstone and in Huntsvilie exceeds §2 


Amillinn. 
Nearly 52 Eiliion was spent Ies? evar by the Army at Redstone and in Huntsville. About 85 percent of the amount went to Ames 


industry. p: cnapan *irough errari» ty compenics tor missile syste:a research, development and production. 


———. 


This is an excerpt from Reastene Arse m | 
mal, dated 1974, an f 
Sener a a g 
published by Military Pibli-hers, a private firm in no vay connected with 
the MN eot of the ai TEN 


Y So, = . . E . . - - i T 4. 


i 
i 
i 
i 
i 
i 
j 


Page 2008 of 3957 
l 


"Beiiquasgns db Rez: 


"runs Ine irsiallation. 7 jl] - . 
MICOM is tsponsib!efor:niss.cs and  . E Wa n 
“pockets and the suppor myi : PIT i : cine 
-  fequized to field them a2 wes non systems. — i i A 


The cor: 3nd's misina it ird : Lowe EE 


research, development. orig: à c» - ire a , 
2. testing. procurement. p : iis and Pe. SOT. A 
; bogizies suppert o£ cperatiunal missile jue i T x D e ME = ee 
. and tocket systems. ioc. s aU 11 EN 
P : Activated in 1502, SECTA! coinbiaes the - - te x " Ue 
facilities. :6t8onael on : 
: several p.c !ecesso; Ar c : 
* - which. 5i the same lc. i 
the Army's expaadi: D `; k . 
to activitios at Redstozz Arsenal for more : d Un P E a 
Chan 25 yars. 7 . ` S UM e ; 
A eS. is pr-icoossors Beháez hs Amys iirst I . "a — vos : : 
A 2000 geaeaton missile are scott systems and : v ' ; | 
: Merce tater atis the baie : : 
. 3954 te carly Americ, E 
Qo09 explevaticva eifa:ts —i :3 the i - i . 
p bes ot our first s: ic earth : . TN Ea 
teite., NASA's t sohicie $7 Uo ' 
i L5 at orgeniz.t! w Marshall j 
. _. Space Fix: Canter. a; slat ; This is an excerpt fron Redstone fe eral: 
"E d p act ee 3 from a 4 dated 1974, en unoffíciel guide published 
s piss Arma i - - j 
ay i explivecs d Ties Safeguard b by Military Publishers, a private firm, in 
i ABM eycteca also Segen >: erceurchand f .no way connected with the Department of the 
: "s émwiirmes fOraflazssclud by ene af p». Army T : » 
P MICOSUS h pues s F CN - "-— e GA . a 
e _ MICOS s progrsas t: cuy ssladsafui į Sr oe P : 
e ] gpeciruim of weapon sz c. sging ficin 4 : Fe . pa 
ij Tant antitank L S "dt d £4 x 
- : wt omhing BO I m H - 
" Ta = ET Tomnaiett H v f - mo e $ s 
og tet-anolosy F E = <3 B 
| i wiinitions, t7 : . : 
i aud P i c * . x . S A 
pisses that home e n3. "vU. : . : em 
MICOM us elso the ayee f v E wt . — 
-— ta ed: vance high enz ; tex haglesy. bo . t EA = . 
2, most of its d E fe 
T ns ete at Pics t. : 
è taat rar-3rs. L NE 
ne - Es F 
T Ju million. bte Y HEN - - 
h ' ayers: meote than ane [owe 1 [o re s I 
ee ig x T facludiag Sands ceverip Li-ition of Pes , : "S 
si missis and rockets for S. Amayas $77 06 . 
j > Well as mzay allied notis v biuh elso t 
: ` employ U.S. Army mis and rockets. Box r 
> Missiles and rochet: ax net FR E z 
E manvfer tured at Pedsoss Arenal. m coe to =: 
eu 7 Jraditinnslly. the Army ke tured to HE PS US : s . 
= _ American industry and 2asiaess for their Ü ` tn 
zo 2. manghene, 4 tesk man "E 
me "ITO WMICOM supports an /. E z Mc 
D : Commend elzment based ai; Tarah ; m 
IS i. . . Arsenai: the project off: cuccting the t- RII 5 
. 22.77. SAM-D advanced air deiense system. E e- E c 
sso d , Seldiers a: Redstone Aree ? work with E: Doe e IF 
" -l gome afiha most advanze! uquipmentin è. m 
, ` the Army Tacir daily tasks moy range 3 3 - "m 
i from a research project is training new fet Den Los ? i et 
= t7 7 members of the Armay Row to repair ? : EE = ss e$ 
: .co €mnjcurnb ni the arissily tems. Here, — | & e are d 
- r tke soldi: GN perform ts tekaca! side of w — c i sep Mette. n 
- thei: jeb 2nd cortribei: tinue part ioward 7 i - c p dm. ui eec = 
ESSA, o3 et mahing zeir Amy Iris edet. 2 E - m $1 ee a ; -.- 
e uiis Appendix 2 to Annex Y (Tavget Ine — 0007 OT. 


Ce 


- 


yy? " 


» 


Mery 


f. 


- 
ai x 


te 


. 
[4 
? 
H 
r 
3 
Ns 
; 


uu 


* 
r 
* 


bey ages 


he, 


] 
PEL I I 


ert 


PTUS 


* 
sn 
. 
D 


= 
ee eo T 


sw. 
. 
. 
rere 


wie ee 


L] 
] 
p de 
m amatur tul inea o ah 


Page 2009 of 3957 


-rr = 


; EJN vyny y 7 
2; ou-t: vy V S A * - 
z j} r y > ^ 


EI NE .-1xPala o» i €* 


A Gocd Place to Live $ : 


a 


fio a lnnn S minul 2t 
sure 1936. grt nany tt 
A nfi y. seasan! its tW, Me 


Huntsville, e: 
Jinan: than 140.1) 

elivironments 
bien with the o 
yet it is a vita? pe efi 
every ese. itis s tie an 
itself is progra sive, fo: grow 
pulsating space ase. wccoted i ts 
section, it is conysnicat to ane or fee is 
the South. For the ii ^or enthzz ist, the natur: 
the fisherman, theer eat. theesyseect the bus! 
woman — it is Ihe place t9 be and tne ni tote bay 

Many military f- 5 reside! i 
family moving into t 
Office et Redstone bd Th: ni 
and homes for pit hase in Bui: 0; 
this referral assistance. the nev: fan! 

Huntsville offers schsaling tli a m ge loved, 
special education classes tror th schocl ; 
require it. There are tiree college: iin Siunisvit He an | 

work toward a degree by the many nigh! courses Gileret. 


= 
* 


: This is an excerpt from Redstone Arsenal, dated 1974, an unofficial l 
i guide published by ‘Military Publications, & PESE firn, in no way 
“Feommected | with the dm d of the Aruy. = 
T. i 
E. : : 
t : | l P et . fe - ity ' 
! i . 20 : E $ e ! i 
H * ^s Y Ru we ud ey t i ae B te 
ex ad Appendix 3 to Annex I (Target Xuzorzation) blè " i 


Page 20090 3r —  — 


Page 2010 of 3957 


Freedom of Information Act/Privacy Act 
Deleted Page(s) Information Sheet 
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. accordance with the following exemption(s): 


E use 552 (b)(1) 


It is not reasonable to segregate RR portions of the 


record for release. 
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reference to you and/or the subject of yoür request. 
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Information originated with one or more government agencies. 
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‘Annex J (Security Weaknesses) to OPlan OP-001-75-902 i 


iV Colonel Arthur G. Lange, Jr., Chief of Staff, US Arny Missile 
Command (US2MICCM) has requested e counterintelligence operation be 
initiated within USAMICOM to ensure the security of that command with 
emphasis on security of classified defense information. The chain of 
event, list of persons involved, and allegations which fostered the 
request are as follows: 


&. Chain of Events: 


- (2) On 14 May 1974, a SECRET document entitled "Vuneretility Assessment 
‘of Army Electro Optical Missile Systems (U)", copy 7, dated 7 December 1973, 
‘Was determined to be missing and has not been found. Compromise vas not 
7; considered remote. 


(2). On 16 May 1974, a CONFIDENTIAL document entitled "Internal Technical 
Note RET2-35, Digital Simulation of the Texas Instrument's Cannon Launched 
Guided Projectile (U)", dated 24 October 1972, was found in a desk drever of 

- Mr[_ b6 _____ }) a member of OGTO. The document was found in the desk during 

en after-hours check for SECRET material referred to in para la(1) above. 
The classification markings had been excised from the document. Durinz the 
investigation for this incident,[b6 |admitted in his sworn statement that 
he had found another CONFIDENTIAL document in his desk on 12 June 1974. 


^o bd . 


- . 7*5 — (3) During the week of 20 Septerber 1974 another SECRET document entitled 
"Laser counterreasures/counter counter measures (U)", Progress Report, Pitren 
pun laboratory, Frankfort Arsenal, was found to be missing and could not : 
accounted for. The investigation is ongoing and it is anticipated that 
will be considered responsible and ray receive a letter of reprirand 
lay 's JORE of pay- 


n b. Personnel within OGTO and ASD who may be of eounteriutelligence pereat 
include the following: 


i . (1) | b6_); GS15, Supervisor, OGTO. 

| fees, 5 (e)| t6 ^ ^ | [| 66 p} GS12, Physicist, formerly assigned OGTO, 

| i; m (3) | b6 — |] osi, Aerospace Engineer, OGTO ; 
(00100 0) nee [BET] Cst, pist. | ; 

Ul G)[ t6 —  ;] [59 3} S14, Engineer, OGTO. aL 

|o (6) [BEY 5, Pasicist, com. © 

o0 (Q0 BET MAE G512 (formerly 1LT), Engineer, 0010. 

(8) [b6 — Jj Nee: [b6 |] [b6 ]) G55, Clerk, OGTO. 


D| b6 | | eH G511j Electronics Techhician, OGTO. 


. 34 
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“Annex 3 J (security Weaknesses) to OPlan oP-001-75- -902 


-Co During an investigation into tbe loss of documents listed TT 
maA allegations were rade Which reflected adversely on persons assigned 
to OGTO, ASD and. USAMICOM. In general, the allegations are as follows: 


LOL DS es[ 88 Yon sears tio set 


(2) [b6 ^ ]eonducteà herself in a ranner to suggest that she was 
"evailaeble" or as a practical joke by sitting in[b6 ^] ana[t$ lep 


; ; uring office meeting Se 
m (3) [ b6 ^  ]was so rad that he claimed he vould "ki1i"[b6 — | 
A 00053 e “screwing his girl" in reference to[be | 


s] w [56  ]weiieves| b6 | placed CONPIDENTIAL documents in bG — } 


" | ) desk because of jealousy. 
| 
| 
t 
i 


~ 


zear | b6__Jatreses there is a meeting place for sexual activities 
by[b6 Jand other members of the office. - + 
(6) Pornographic films shown in this neeting puce during office ` 
lunch hours. | l 
(7) [88 — Jana [D8 ]took two secretaries to this T i Tere 


: (8 Office calls and contacts with a Merge CieyeLma, I now deceased, who 
vas ` ed “Bucking Bronco". l 


LN F E (9) Homosexual — byl b6 |] 
9 EC P Qo) [b8 — |tntoxtcated on the job. 
UM | Qj t6 | | b6 — ]useà to place Persons under obligation. 
T (12) [bs] ana [D6] procur tng secretaries for sex. U l ci 


(13) Someone pleced s : m 
ugar in the gas tank of 
* the motor. [bó [alleges that it was| b6 } o 's truck and deneerd 


(Bj (U) Further information t i 
pO. o include sworn stat 
wg iii 902d MI Group, and Pe USAINTA. ements Mc iud ds 
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ANNEX K to OPLAN 001-74-902 |, — ; = DATE: 29 January 1975 
PROJECT NAME: CANTER RIDE (U) PROJECT NUMBER: IA-74-001 . 


SUBJECT: 7 


.1. (U) AUTHORITY/REFERENCE: 


-- OPLAN OP 001-74-902, dtd 21 Nov 74, Subject: | Special Counterintellipgence 
Support, and references cited therein, - l 


2. (ef BACKGROUND/OBJECTIVES: 


m PET A 
vU 


i a. 
z- 
- 
fc d 
Ur 
ie 
m ) 
t o] 
B : 
P0 
z: = 
b. 


b1 


Ss b1 | MINE 


3.- (Ej CONCEPT OF OPERATION: 


— 
a. 
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2 * pe EXEMPT £RCLI GENERAL DSL 33 ELATI 
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MIIA-IA-O 12 November 1974 


SUBJECT: CANTER RIDE Feasibility Study (U) 


1. (U) References: 


a. Letter, Redstone Resident Office, Redstone Arsenal, Alabama, 902d 
Military Intelligence Group, MIIA-GPR-RS, dated 23 September 1974, Subject: 
Request for Counterintelligence Special Operation (U), with inclosures. 


b. Letter, Headquarters, US Army Missile Command, Redstone Arsenal, 
Redstone, Alabama, AMSMI-X, dated 30 September 1974, Subject: Request for 
Special Counterintelligence Support (U), with Ist indorsement, Headquarters, 
902d Military Intelligence Group, Fort Meade, Maryland, dated 9 October 1974, 


c. Discussions between representatives of the 902d Military Intelligence 
Group and the Composite Intelligence Activity (COMPIA), on 27 September and 
4 October 1974. 


d. Chapter 5, AR 381-102 (S). 
2. (ef Section I. Purpose of Study. During the period 16 to 17 October 1974, - 
COMPIA Project Officers, Mr. Mellberth Bowling and Mr. Donald J. Rander, visit- 
ed the Redstone Resident Office, 902d MI Group, Redstone Arsenal, Huntsville, 
Alabama, for the purpose of compiling the necessary information 


into the Optical Guidance Technology Office (OGTO), Advanced 
Sensors Directorate {ASD}, US Army Missile Research, Development and Engineer- 
ing Laboratory (USAMRDEL), US Army Missile Command (USAMICOM), Redstone : 
Arsenal, Alabama. In addition, the study was conducted to determine the nik 
feasibility of providing assistance to the Commander, USAMICOM, through the ' 
use of a[ » |to improve the security posture of the Command. 


Coordination. 


CLASSIFIED BY COR USAINTA . 
EXEMPT FROM CENCRAL DECLASSiF'CATION 
5 r$ SCHEDULE CF re TUTE CADER 11652 


ERE tomm ae 
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MIIA-IA-0 . 12 November 1974 
SUBJECT: CANTER RIDE Feasibility Study (U) 


«3e Section 1I. Findings. 


a. USAMICOM, a subordinate command of the US Army Materiel Command (AMC) 
is commanded by Major General Vincent H. Ellis, and has been classified as a 
"Highly Sensitive" Class II Installation by the Department of Army. In 
addition to the requisite Table of Organization and Equipment, logistical, 
and administrative support elements, USAMICOM consists of various US Army 
Missile Systems project offices, a contingent of missile systems Liaison Offices 
with foreign allied military forces to include Senior Staff Technical Repre- 


.sentatives stationed at CONUS and OCONUS installations, a compiement of special 


activities, such as the US Army Metrology and Calibration Center and the 
Missile Intelligence Agency, and six sensitive Directorates, three of which 
are considered "critically sensitive" by USAMICOM. This category applies to 
the USAMRDEL, the Directorate for Procurement and Development (DPP), the 
Directorate for Product Assurance (DPA), and the Missile Intelligence Agency 
(MIA). The mission of these Directorates is directly related to the crucial 
phases of research and development of all current and future missile systems 
in the US Army and to the contracting to appropriate firms for production. 
The Advanced Sensors Directorate (ASD) of the USAMRDEL is of specific interest 
to this study as indicated in references listed in'paragraph 1, above. 


b. USAMICOM has a significantly large number of civilian employees and 
assigned military personnel, who by the nature of their duties, require access 
to critically classified defense information and material. Suitability chort- 
comings such as drug and alcohol abuse, possible homosexuality and immoral 
activity, and excessive indebtedness, all of which have been alleged against . 
USAMRDEL personnel, serve to create a fertile field for Hostile Intelligence 
(HolS) offensive intelligence operations against the Command. The human | 
element of USAMICOM, therefore, must be considered particularly vulnerable i 
to the security of the Command. The desirability of advanced knowledge of 
the US Army missile systems must be considered lucrative to HoIS. By obtain- 
ing this type of information, the efficiency of these systems in a future 
battlefield environment could be impaired and thereby adversely affect the 
national defense of the United States. In a Sensitive Activity Vulnerability 
Estimate (SAVE), dated 5 February 1974, conducted at USAMICOM, a number of 
violations and shortcomings were noted in the above critical directorates. 

A synopsis of the SAVE and other incidents which have occurred in USAMRDEL 
subsequent to the SAVE, follows: 
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MIIA-IA-O . 12 November 1974 
SUBJECT: CANTER RIDE Feasibility Study (U) 


(1) In MIA, SECRET material was discovered in containers which also 
contained unclassified material. SECRET documents were also stored in un- 
authorized security containers. Accountability for classified documentsin 
MIA is maintained on Automatic Data Processing (ADP) equipment which is also 
used extensively for routine office functions. This practice has been 
continued despite the fact that the classified document custodidns are not 
properly trained in ADP security procedures. 


. (2) -Most document custodians are not knowledgeable of the provisions 
of DoD Regulation 5200.1-R or AR 380-5 and other AMC and USAMICOM security 
regulations. 


(3) Personnel of USAMICOM are not receiving proper security indoctrina- : 
tion instructions in accordance with applicable regulations. There is a 
general lack of security consciousness throughout the Command, but is especially | 
evident amongst the civilian, scientific-oriented personnel, who refuse to | 
properly wear and displey their security badges or assist in sound security 
practices and procedures. 


(4) Conference rooms utilized to discuss classified information are not 
properly secured and maintained. No record of CI Technical inspections for 
sensitive areas and conference rooms was available, 


(5) There is an inadequate number of qualified Security Support Special- 
ists assigned to USAMICOM. USAMRDEL shares such a (support officer with three 
other Directorates or project offices. 


(6) Classified Document Custodian duties within USAMRDEL are normally 
assigned as an "extra duty". This practice fosters resentment of the respon- 
sibility on the part of personnel assigned the task. This has resulted in - 
poor administration of the control of classified documents, a factor which 
significantly contributed to the loss cf seven SECRET documents in USAMRDEL. 
In each case, it was determined that the fault was an administrative error 
on the part of the custodian. Subsequent to the above incidents, on 14 May 
and 20 September 1974, two more classified documents were discovered missing 
from OGTO, the office within USAMRDEL referenced in la, above. The 14 May 
violation was discovered during a non-duty hours check. In this instance, 

a CONFIDENTIAL document was found in a desk. The classified markings had 
been removed. The 20 September incident occurred after a 100% inventory 
and resulted in a reprimand and possible loss of one day's pay for 

GS-15, upon whom the responsibility for the loss was fixed. 
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(7) Uncleared personnel have access to Building 5400, a RESTRICTED AREA, 
which houses in part USAMRDEL and in particular, the Advanced Sensors 
Directorate and OGTO. The Building’s Cafeteria employees do not have secur- 

í . ity clearances yet they have entrance badges. These badges do not identify 
f the bearer since they have neither the picture nor the name of the individual. 
No roster is maintained of these personnel. . 


Singularly, the above infractions and violations do not justify the use of 
a SCOPI asset. Collectively, however, these security problems constitute a 
serious threat to the security of the Command as similar situations exist in 
most of the other critically sensitive Directorates. In addition to the above 
security problems, the Request for Special CI Support, reference in 1b, above, 
outlines a serious suitability problem which allegedly involves the entire 
office staff of OGTO. 


sue Analysis. 


a. Based upon the Findings as outlined above, a SCOPI is believed to be 
the most advantageous investigative tool to assist the requestor Command 
because the local Military Intelligence personnel are highly visible in the 
&rea and do not have at their disposal the resources necessary to provide the 
Commander of USAMICOM indepth CI support. The RRO has two enlisted agent . 
personnel: and one MI Officer present for duty. This office conducts 36 CI 
Inspections and Checks of USAMICOM and the US Army Munitions School and Center 
units annually. The inspected elements have an aggregate of over 100,000 
SECRET documents and approximately three linear x of CONFIDENTIAL material. 
About 350 classified document custodians routinely maintain these documents. 

In addition to being tasked to conduct SAVE studies, the RRO is tasked with 
normal liaison contact, suitability investigations, incident investigations, 
occasional PSI investigations, and security indoctrination briefings when time 
permits. Even though these accumulative services benefit the Commander in 
terms of CI Support, RRO personnel have noted that corrective follow-up actions 
concerning reported infractions have proven to be of a temporary nature. This 
has been evidenced by the recurrence of similar violations and infractions dur- 
ing a short period of time following the conduct of CI services. The local 

.CI effort has been hampered by the existence of a large number of uncoopera- 
tive and apathetic scientifically oriented personnel in the Command. The 
attitude of these personnel toward sound security practices and procedures can 
only be described as uncooperative and lackadaisical. It is therefore 
considered highly unlikely for the RRO to be successful in conducting an ICIP 
operation in the area. Additionally, past intelligence related investigations 
concerning USAMICOM personnel has fostered an unfavorable attitude toward 
intelligence personnel in general. The following details the procedures 
through which personnel are acquired in USAMRDEL. 
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b. There are 162 civilian personnel assigned to the Advanced Sensors 
Directorate. The director is Mr. William J. Lindberg, GS-15. Seven of these 
civilians normally perform duties in the Optical Guidance Technology Office, 
which is the specific target area of the requested support as outlined in 
above references, under the supervision of Mr.| b6 GS-15. The 
General Schedule rating of the Directorate's employees range from GS-1 to 
GS-16. The majority of ASD personnel perform duties related to research 
and development which are highly technical in nature. When deemed necessary, 
all personnel of USAMRDEL are subject to being required to perform functions ' 
in other Directorates and Offices to fulfill specific project requirements. 
However, in instances wherein additional manpower must be procured from 
resources outside of USAMICOM, the request for Personnel Action (SF Form 52) 
may be initiated by the respective office supervisor or the Director of the 
Directorate concerned. The request must be staffed through the appropriate 
chain of command within the Directorate to the Civilian Personnel Office (CPO), 
USAMICOM. The request is then reviewed by the CPO Technical Services Branch, 
where it is recorded in the Personnel Control Roster. Following this action, 
the request must be reviewed by the CPO Position/Pay Management Branch, where 
it is closely reviewed to determine the correctness of the pay grade and job 
description. From that Branch, the request is forwarded to the Recruiting 
and Placement Branch for recruitment action. In any event, positions are 
normally filled from personnel listed on the DoD Stopper List, local RIF 
lists, internal promotion, lateral transfer or direct hire. 


c. Requisitions for military and civilian personnel for assignment to 
USAMICOM are unique in terms of routine requisition assignments in other 
comnands of the US Army. All assignments to USAMICOM are dictated on the 
basis of current and future project requirements which fluctuate according 
to the mission, necessity, and special qualifications of desired personnel. 
This system is known as Project REFLEX. It provides authority to fill 
temporary or permanent positions for the duration of a specific project at 
the completion of which the individual may be reassigned or shifted to another 
office within USAMICOM. 


d. There are only three authorized military positions within the Advanced 
Sensors Directorate. One of these positions is a LTC, MOS 2157 (Research 
and Development Coordinator), located at White Sands Missile Ranpe, New 
Mexico. The remaining two, a 2LT, MOS 7302 (Physicist) and a CPT, MOS 7601 
(Electrical Engineer) are assigned to Redstone Arsenal, These positions are 
currently filled. Requisitions for US Army personnel assigned to ASD or the 
USAMRDEL are submitted by the Consolidation of Military Personnel Activities 
(COMPACT), USAMICOM to AMC on a Projected Requisition Authority (PRA). The 
need for personnel is determined by COMPACT, who subtracts or adds gains and 
losses using current personnel strength figures which are compared with the 
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PRA account. Should it be determined that a shortage of personnel exists, 
COMPACT may then submit the requisition to AMC who, in turn, submits the 
: request to DA. Personnel can be assigned either directly to the USAMRDEL, 
i or to COMPACT on DA orders for further assignment within the Command, 


e. As a minimum, a SECRET security clearance is required for all 
civilian and military personnel assigned to USAMRDEL. Upon arrival of 
military personnel in the Command, the Clearance and Intelligence Branch, 
Internal Security Division, COMPACT reviews the individual's 201 file, 
Medical and Dental Records. This is a routine procedure conducted to 
determine the person's eligibility for a security clearance. The individual 
must fill out a locator card, a request for security clearance statenent, 
and a local office personnel data card. COMPACT determines the degree of 
clearance required, based on the sensitivity of the position to which the 

i individual is to be assigned. if a valid DA Form 873 (Certificate of Clear- 
ance and Security Determination) is in tle individual's file, and no derogatory 
information is revealed in the files review, a SECRET clearance is normally 
granted. Should the file not contain a valid 873 form, appropriate action 

is initiated for verification of security clearance data through USAIRR. 
Although contrary to routine procedures, the USAIRR Dossier may be requested 
for review. 
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f. Due to the highly technical nature of the civilian positions within 
ASD it is not considered feasible to b1 into any of 
these positions. Because the three authorized military positions within ASD 
are currently filled. an alternate military position must be considered for 

b1 The viability of utilizing a SCOPI asset in ASD 

under the guise of a Classified Document Control Officer (CDCO) appears 
highly favorable since the Command plans to centralize the classified docu- 
ment control unit within ASD and acquire a properly trained classified docu- 
ment custodian to maintain the documents. This position has Command sanction 
as it would serve to decrease the recurrent difficulties experienced by the 
Command in the control of classified material and would be widely accepted 
by ASD personnel because of their dislike for performing the extra duties as 
a CDCO. Through the use of Project REFLEX, 
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b1 


(1) Age: 35 to 40 years. 


(2) Marital Status: Unmarried. 


(3) Race: Caucasian. 


(4) Ethnic background: Preferably born in.the Southern region of the 
United States. 


(5) 
(6) 


(7) Rank: WO, CW2 or CW3. 


Training and experience: 


As most of the local 
personnel are Caucasian and from the Southern region of the United States, 
these characteristics are deemed beneficial to mission accomplishment. 
Operational control of the SCOPI will be executed by the 902d MI Group, who 
will be responsible for writing the Operations Plan. A CI Inspection of ASD 
is currently in progress by the RRO, 902d MI Group. Significant findings 
Will be reported to COMPIA if deemed relevant to the proposed requested 
Special CI Support. 


6. £j] Conclusions. In view of the collective security shortcomings noted 
in the Command, the highly sensitive nature of the mission of the Command, 
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and the severely limited options available to local MI activity in the area, 


= 7. 2Y Recommendation. 

& 
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REFERE, CE OR OFFICE SYMBOL SUBJECT 


"CANTER RIDE (UW) SE RS A d 


MIIA-IA-O 


To = MOM Chief, CONPIA Da - Po L3 
ATTN: Mr. Ackley . Rander/dic/6364 


l. Your attention is invited to paragraph $: Annex G; and paragraph 6, Anucx X 
of OP001-75-902. — . ^ .. sso php. cundo. or Rri Saase oel wo s su et s 


aues i E wt 6x cis 
r oe - 


XA. 


2. Request your concurrence and recommendations. 


A . d p p 
. | : 
ief, Composite Intelligence Activity 


"€. 95 


P - 
+ 


A Incl ` 
Ltr 902d MI Gp 21 Nov 74 AS 


ar 4 = á 
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:3 
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Concur with the 


l. 


ee b. If payment of — per dici is considered essential in this instance, 
then it must be authorized by classified orders and paid through CPT Denny's 


RAISE: » vx 


“e. It is true that partial per diem is authorized for duty in excess of 
10 heute per day away from a persons normal cuty station; however, it is suggested 
that the daily training time be adjusted so as to edupe the gerak tire to, 


less than 10 hours per day. 


2. Funds are available to support, “this project for the remainder of FY 75. . 
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MEMORANDUM THRU: VICE CHIEF OF STAFF, UNITED STATES ARMY 
MEHORANDUM FOR: WER SECRETARY OF THE ARMY 
SUBJECT; Iaternal Counterintelligence Program (ICIP) (U) 


uw 


EDO SUME: leas e 
x 


1. (U) This is in response to your Memorandum on 17 Ja&nuary 1975 to 
the Vice Chief of Staff in regard to subject and serves &s the Quarterly 
ICIP Report for the 2d Quarter, FY 2975. . 


2. On 2 October 1974, I directed a review of the entire ICIF pro- 

gran with a view towards the elimination of those no longer considered 

of sufficient merit to warrant retention. The criteria used in evalu- 

ating each ICIP operation was: (a) The sensitivity of the installation/ 
activity 1s auch that some type of special counterintelligence support 

[t is required or (b) There is a known threat ef sufficient magnitude to 

l the installation/activity to warrant s need fer some type of special z 

counterintelligence support and (c) The information desired cannot be 

obtained except through the use of confidential sources. 


3^ (4C) Based on this review and considering your 17 Jamary guidance, 
| 1 directed the termination of 12 ICIP operations at the following head- 
| quarters: 


a. Hq, US Army Communications Command, Fort Huachuca, Arizona 
(CANAL ROPE). m" 


b. Dugway Proving Ground, Utah (CANARY STONE), 
€. US Army Air Defense Center, Fort Bliss, Texas (CANTINA ARCH). 
d, Umatilla Army Depot Activity, Wereisten, Oregon (CANYON ROSTER). 


€. US Army Mobility Equipment Research and Development Center, 
Fort Belvoir, Virginia (CENTAUR BALE), 
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f. Hq, US Army Electronics Command, Fort Monmouth, New Jersey 
(CENTRAL TAXI), 


g. US Army Management Systems Support Agency, The Pentagon, 
Washington, DC (CENTURY SQUAD). 


h, US Army Electronics Proving Ground, Fort Huachuca, Arizona 
(GONDOLA FLAG), 


4, Aberdeen Proving Ground, Aberdeen, Maryland (GONDOLA STAR). 


j. Defense Language Institute East Coast, Washington Navy Yard, 
Washingten, DC (LANYARD MOOD), 


k.e Picatinny Arsenal, Armament Command, Dover, New Jersey 
(LEND TONE). 


1. US Army War Collage, Carlisle Barracks, Pennsylvania (LENIENT 
CLOUD). 


4. (U) The remaining seven ICIPs are worthy of retention as ther nee: 
your criteria. Reviews of these seven operations are attaches at Incl l. 
Reviews of the 12 to be terminatec are at Incl 2, 


e veg yenn tnn" 
Sil, HL. DiS one nEDUG 


2 Incls HAROLE R, AARON 
as Major General, CS 
ACofS for Intellipence 
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Internal Counterintelligence Program (ICIP (U) E 
31 January 1975 


ACTION REQUIRED 
To respond to tasking from the USofA pertaining to ICIP. 


MEMORANDUM POR RECORD. (Describe briefly the regniremant, bachground and action lakan or recommended Must be sufficiently detoilad to identily 
the action withow! receersa to other sources. } 


1. BACKGROUND: 


a. At the direction of the USofA quarterly reporting of ICIP has Leen furnished 
to him through the VCSA since February 1972. In a memorandur to the VCSA (RED TAP B), 
the VSofA suggests that in more than half of the ongoing operations, no useful infor- 
mation was developed. He directed a detailed review of the benefits derived through 
the program over the last two years. 


b, On 29 January 1975, the ACSI directed the termination of 12 of the 19 ongoing 
operations. They will be terminated on a time phase basis with all 12 being terni- 
nated by 31 March 1975, 


2. DISCUSSION: At RED TAB A is a memo through the VCSA to the USofA replying tc 
the comments of USofA and providing the requested information pertaining to the 
program. f 


3, RECOMMENDATION: That the memo at RED 1À- A be approved anc signed. 


4iConunue on plas: tond) 


IMPLICATIONS "SINFO ves [] No T] | PR PROGS yes |. NO , BUDGET ves () no [^] 
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OFPicE NAME PHONE | | ammALS 
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DEPARTMENT OF THE ARMY 
OFFICE OF THE UNDER SECRETARY 
WASHINGTON. D.C. 20310 


17 January 1975 


MEMORANDUM FOR: VICE CHIEF OF STAFF, U.S.A 


SUBJECT: Internal Counterintelligence Program (ICIP) 


I have received and reviewed the latest quarterly report of ICIP 
operations during 1974 as requested. In 1972 the Under Secretary 
authorized a trial run of this subject program. Jucging from this 
report, the program has grown considerably and includes installations 
that I did not appreciate were considered sensitive. A cursory review 
of the data presented suggests that in more than haif the c&ses. no 
useful information was obtained. 

It would appear to me appropriate to review tħ. results of this 
experiment to date in order te establish that the program is in 7 
of such a value that ir should be continued in the future. 


c 


I would therefore appreciate a detailed report documenting al! of 
the benefits, information, etc., that have been obtained through this 
program over the last two years. It would also be helpful to have & 
statement fcr each listed installation of the sensitive character c7 
the mission that necessitates an ICIP operation, Finally. I woulG 
appreciate an indication of your subjective judgment as to how many 

of the issues that arose from these ICIP efforts would not have oth r- 


wise come to our attention. 


Inclosure Herman R. Staudt 
Memo, 29 Nov 74, Under Secretary of the Army 
Subj: ICIP Operarions 


REGRADED FOR OFFICIAL USE ONLY 
WHEN SEPARATED FROM 
CLASSIFIED INCLOSURES 
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RR L OFFICE OF THE CHIEF OF STAFF 
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i, SEE iW WASHINGTON. D.C. 20310 

| i 

DE Jy 4, t 
pou E pi. ae 29 November 1974 

Nai CENE 
7 1 


pos 
MEMORANDUM FOR: UND ‘SECRETARY OF THE ARMY 


SUBJECT: Internal Counterintelligence Program (ICIP) Operations fi^ 


1. (U) Reference is made to memorandum, Under Secretary of the Arcy, 
dat February 1972, subject as above, 


2. During the third quarter of CY 1974, the ICIP at Edceveos 
Arsenal Maryland (CANAL LOOP) was combined with the Aberdeen lrovi:, 
MC ICIP (GONDOLA STAR). The nickname CORDOLA STAR was retain <. 


i 3, With the subsidence of anti-military activity at Fort Devis. 

i Washington and in the absence of a specific on-post threat, the £e. 

; manding Ceneral, 9th Infantry Division requested that the Pert Lei 

: ICIP (CENTAUR RACE) be terminated. This ICIP was inactivated on 

74, During the same time frame, LENS HOLDER, a new ICIP devetrjs ^ 
White Sands Missile Range was approved on 7 Aug 75, With the ici 
tation of this ICIP, the total number of active ICIP operations »' 
close of the quarter was 19. Brief status reporte are attache, 


A 7) After briefing you on 25 September 1974 en the states r 
program, the Assistant Chief of Starf fer Jntellinence perser cite 
viewed and revalidated each on-going operation, Each eperities oi! 
revalidated on an annual basis hereafter. Additionallc, V7 
initiated a systematic review of all source dossiers to jusur. 
sources possess sufficient maturity and stability to enailo the: 
function efficiently and effectively in ICIP operations, 


aan d d 

BE 
] Inci VATSEX Tooker NT, " 
as (CONFIDENTIAL) General, United Site. 


Vice Chief of Stafi 


Clossified bv |... | DAMI E 

FXEMPT FRO CTERAL DECLASSIZICATION REGRADED UNCLASSIFIED 
SCHEDULE OF EXECUTIVE ORDER 11652 ON SEP -$1997 ; 
FXEMPTION CATEGORY 2 BY CDR USAINSCOM FOV/PO 
DECLASSIFY ON__31_December 2004 __ 6,3, AUTH PARA 1-603 DoD 6200.1-R 
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WASHINGTON, D.c. 20310 


"MEMORANDUM FOR: VICE CHIEF OF STAFF, U.S. 


| 
| 
i 
* . t " 4 
l -ps d 
I have received and reviewed the latest quarterly report of ICIP in 


SUBJECT: Internal Counterintelligence Program (ICIP) =": ' 


operations during 1974 as requested. In 1972 the Under Secretary 


authorized a trial run of this subject program. Judging from this E i 
report, the program has grown considerably and includes installations 2S RANA, 
that I did not appreciate were considered sensitive, A cursory review 


of the data presented suggests that in more than half the cases, no ANV 
useful information was obtained. ; 


7 It would appear to me appropriate to review the results of this NN f 
order to establish that the program is in fact . PC 


experiment to date in 
of such a value that it should be continued in the future, 


I would therefore appreciate à detailed report documenting all 
Ex the benefits, information, etc., that have been obtained through this 
" ‘program over the last two years. It would also be helpful to have a og 
statement for each listed installation of the sensitive character of AE 
the mission that necessitates an ICIP operation. Finally, I would `.. oe 
appreciate an indication of your subjective judgment as to how many ` 
of the issues that arose from these ICIP efforts would not have other- 


wise come to our attention. - " t 


Herman R. Staudt i 
Under Secretary of the Army. 
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, 
DOSSIER NO. cow 


Vol 5S of 7 Vols 


As of 18 Sep 85 all material included 


(Date) 


in this file conforms with DA policies currently 


in effect. 


Signature Date Signed 


i S5 
Printed Name Grade 


Peviewed for Retention 
. Criterla UP AR 881-10 
Reviewer 1/54, ne Date ye gor 


THIS MUST REMAIN TOP DOCUMENT 


IA (HQ) Form 2214 Replaces MIIA Fm 315, 1 Jun 75, which may be 
(1 Sep 78) used until supplies are exhausted. 
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2. Of the operations cited in Ref B above, only CARELESS 
TOKEN (U) appears to meet the concept of the ICIP as a security 
service in support of an installation's (or command's) — € 


program, Ref C forwarded the ACSI's approval for this ICIP. We 


concur with the views expressed in Ref B that CARDINAL FLIGHT (U) 
and CAREFREE TALENT (U) are defensive CE operations which are not 
within the scope of the ICIP. 

tegus you provide a summary of the ICIP CARELESS TOKEN 


(U) for the next ICIP quarterly report by 20 Apr 76 in the follow- 


ing format: 


10. CARELESS TOKEN (ACSI Revalidation 25 Feb 76) 


A. LOCATION: " 
B. CONFIDENTIAL SOURCE UTILIZATION: (NUMBER OF 
SOURCES USED) 
C. INFORMATION OBTAINED OR REPORTED ON NON-AFFILTATED 
CIVILIANS: (NORMALLY "NONE" ) | 
D. USEFUL INFORMATION OBTAINED: 
Q) 
i (2) ETC E ve 


ri REGRADED UN CLASSIFIED 

ON SEP -5 1997 \ 
BY CDR USAINSCOM FOPO 
AUTH PARA 1-603 DoD 6200.1-R 
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(Contains a summary of information obtained in the oper&- 
tion which should not exceed two pages. Content varies by project, 


but numbers and types of incidents/occurrenres reported by sources 


such as poor security practices, suitability of personnel, suspi- 
cious activities and other CI indications are normally included. 
Names of individuals are not included inieee particularly signifi- 
cant.) 

E. Operational Status: (Source lead development, results 
of briefings to supported commanders, anticipated or past changes 
in the operation, etc). 

4. ÈU) A copy of the summary as rewritten by this office and | 
approved by the ACSI vill be returned to you for future guidance. 


XGDS-2 31 Dec 2006, AR 381-47. 


RE¢ 
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SQ) LL. 


-QUEIMNIIALOIDMALLOGECA PIC 
BCS1, USAMENR FUR COL LABEROSA, CR CI DIV; BSAINTA POR LIC GRADES, 


Cha sO DT 
Phew COL REISS, CHIEF NMMIRT DIV 


SERIECT: INTERNAL COUNTERINTELLICENCE PROCRAM (ICI?) (U) 

A. ERG 1691 TOPIC 0215252 Apr 76. 

B. MBG 0672 TOPIC 061755 Jan 76. 

C. AMAGB-CI (SO) OPLAN 1-75, : May 75, with oth Ind, ACSI, DA, 
25 feb 76 (ICIP CARKLESS TOKEN (U)). 


iA The tmpect of Executive Order 11905 on Cownterittelligence 


01 02 SR n wills 
| 
| 
| 
| 
| 
i Operations and the Army Gereral Counsel's interpre@etion of the EO 
i 
: by memorandus, dated = Mar 76, has temporarily delayed ímplemeut?- 
tio» of DA policy on tbe Internal Cowrterintellígence Progras ! 
| (ICIP). The OACSI and USAINTA staffs are currently preparing | 
i 
recommendations for the ACSI to consider whether any or 211 of the 


verious ICI? prejects should be contírmed. 


REGRADED UNCLASSIFIED 

ON p- B 100- 

BY CDR USAINSCOM FOPO 
AUTH PARA 1-603 DoD 5200.1-R 
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(Ud, Of the operations cited in kef E above, only CARELESS 

TOKIE (V) appears te meet the concept ef the ICIP as & security 
servite in support ef en installatien's (er eomnand'a) security 
pregres. Ref € ferwerdaé the ACSI's approval fer this BCIP. We 
eeacur vith the views expressed in Raf B chet CARDINAL FLIGHT (U) 
and CAREFREE TALENT (WU) sre defensive CE operations which are pot 


hin the scope ef the ICIP. 
(^u Request you provide 2 summery of the ICIP CARELESS TOKEK 


(V) fer che next ICIP quarterly report by 2C Apr 7% in the follow- 


ing format: 
(Ula CARELESS TOKE! (ACSI Revalidatíor 25 Feb 76) 
A. LOCATIOR: 


B. CONFIDENTIAL SOURCE UTILIZATION:  (NUMBET OF 
SOURCES USED) 
C. INFORMATION OBTAINED OR REPORTED OX MOH-AFPILIATED 


D. USEFUL INFORMATION OBTAINED: 

(1) 

Q) Bre 

REGAN UNCLASSIFIED 


AFOVPD n 
BY ev co SANE 5200.1-R 
TH 


| 

CIVILIANS;  (NOBMALLY "NONE") 
| 

| 3 DoD 
| 

| 

i 
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{Contains a summary of informeríon ebtzined in the oparz- 
tien shieh should not exceed two pages. Content varies by project, 
but aunbers and types of incidests/occurrences reported by sources 
puch as peor seeurity practicas, suitability ef persennal, suspi- 
efeus activities sad other CI indications are sermelly included. 
Zames of individuais are wet included waless particularly sigaifi- 
eant.) 

E. Operetional Status: (Source lead development, results 
ef briefings io supported commenders, anticipated or past changes 
in the operation, etc). 

à. (WU) A copy of the cummary s revritten by this office and 
approved by the ACSI vill be teturned to you for future guidance. 


XGbS-2 31 Dec 2006, AR 351-47, 


ED 
QADED wn eo 
REG -5 we. COUR, 
ow Fi ANSE SUD $200. 
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D'MI-DOH (10 Jun 75) j 
SUBJECT: Internsl Countgríntelligence Progr^n (ICIP) (0) 


| B.D, Office of the ‘CofS for Intelligence, Washington, DC 20310 


TO: Cownaoder, US ‘ray Europe and Seventh ‘ray, ‘TIN: DCS for Intelligence, 
{PO Mew York 09403 


„£ The Operations Plan for ICIP C’RELESS TOKEN (U) in support of 
Detscheent N, US trey Security ‘gency, Field Station, 'ugsburg, FRG ie 
approvad. 


2. (0) ‘es indicated in esrlier correspondence, a Memorsndum to the 
Under Secretary of the ‘ray ís prepsered „uarterly by the Office of the 
+esistont Chief of Staff for Intelligence, D' Stsff which includes s 
brief summary of each ongoing ICIP. Field input is re uested by the 
l$th of the month following the end of the ;usrter. > copy of the 
previous .uerterly report is ettached »s sn sddec enclosure to this 
correspondence, 


2 Incl 
tdded 1 Incl 
*& 
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mee 
REGAAD] , 
ON SEP -5 98]. nis COD Qmm 
a n nepi u diui 


—OMTROL NUMBER 


nternal 
ACTION MEQUIMED 
TO obtain ACSI approval for termination of three and retention oj one 
MEMORANDUM POR RECORD. ( Describe briefly the rsquiremem, bechgrouad and action taken or recommended. Must ba sufficiently detailed te idantify 
the action attheat receare: io other scarces. ) : 


1. (U) Background: 


=- Para $, DAMI-DOH ltr, 8 June 76 (TAB B) and USAINTA reply, MITA-SO-SA ltr, 
25 Jun 76 (TAB C). 


2. Discussion: 


Ww 
-- qn Cdr, 902d MI Group reviewed ICIP, GONDOLA STAR and requested termination 
effective 30 June 76. 


o Confidential sources used in GONDOLA STAR terminated. 


o (WU) Supported commanders, Edgewood Arsenal/Aberdeen Proving, briefed and 
concurred in termination. Commanders will be supported by 902d MI Group under DSCCP. 


-- Cdr, 525th MI Group reviewed CANVAS TAX (Sierra Army Depot), LENS HOLDER 
(White Sands Missile Range), and LENTILE MONKEY (Defense Language Institute) to 
determine possible termination and/or replacement with a program similar to DSCCP. 


Cdr, 525th recommends termination CANVAS TAX and LENS HOLDER effective 
“on 31 Aug 76. A DSCCP will be established for Sierra Army Depot and White Sands 
Missile Range by them. 


-- Present techniques used by LENTIL MONKEY best suited to provide required 
support to Defense Language Institute. LENTIL MONKEY continues to be productive, 


ON LENTIL MONKEY revalidated effective 1 July 76. 


3. (U) Recommendation: That ltr (TAB A) to USAINTAÀ be approved and signed, 


(Continue on plain bond) 
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1 ‘ JUL mor 
DAMI-DOH 
SUBJECT: Ynternal Counterintelligence Program (ICIP) (U) 
| i Commander 
' US Army Intelligence Agency 
| ATIN: MIIA-30 
l ; Fort Meade, MD 20755 i 


1. References: 
a. Letter, MIIA-SO-SA, USAINTA, dated 25 Jurc 1276, subject as abow. 
b. Letter, DAMI-DOH, date? ? June 1976, subjcct as above. 


2. Your recommendation, reference a, paragraph 5, to termirate ICIP, GONDOLA 
STAR (U), effective 30 June 1976, is approved. 


3. Your recommencetio:, reference a, paragrap? 6, to terminate ICIP, CANVAS 
l TAX (U) and LENS HOLDER (U) effective 31 August 12776, ia approved. 


a. ICIP, LENTIL MONKEY (U) is revalidatec effective 1 July 1576. 


. Sein. 4. 


JOHN A, SN PE. X 


Brigadier Genera CS 
Acting ACoÍS f: Inset 
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d 
CONTROL fOuUREA 


aU as EN SR an AN oa o ts t t I 
eamORAMDUmE POR macoen f Deseriba briefly the requirement, background and ection imken ar recommended, bius be asfficiently deteded to identify 
the action without receerce I» ether seurces. ) 


L. oe 


Contained in USAINTA's 3d Quarter, FY 1976, ICIP Operations Report, 11 May 76, 
was recommendation to terminate three operations: CANINE PLATE (U) at Seneca Army 
Depot; CENSUS TIME (U) at Pentagon Telecommunications Center and CENTAVO KID (U) at 


Harry Díamond Laboratories. 


-- USAINTA recommendation based on 902d MI Group review of ICIP's to determine 
advisability to terminate these ICIP's and replace them by an overt direct support 
comprehensive CÍ program. 


ae nee ee ee oe 


2. Discussion: » 


== After a thorough review of the ICIP report on these operations, it is deter- 
mined that they can be terminated with no adverse affect on the installations served, 
InstatRalions denavrral., MEM 

-- Increased overt liaison with additional security support will be provided the 
installation, by the 902d MI Group. 902d MI Gp Pamphlet No. 381-3, dated 22 Apr 76, 
outlines the Direct Support Comprehensive Counterintelligence Program (DSCCP) (TAB C) 
outlines overt liaison procedures without employing confidential sources. 


-- ICIP Reports on CANINE PLATE (U), CENSUS TIME (U) and CENTAVO KID (U) are 
attached at TAR B, 


-- With the termination of these ICIP's, there remaing four active CONUS ICIP 
operations. 


=- Ltr to USAINTA at TAB A, furnishes formai termination of these ICIP's and 
instructs USAINTA to conduct review of the remaining four ICIP's to determine need 
for continuance, and to forward results and recommendations to this office NLT 21 June | 


1976. 
(Continus on plain bond), 
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DAMI-DOH l l 
SUBJECT: Internal Counterintelligence Program (ICIP) (U)~ 
3. (U) Recommendation: That ltr JABA be approved by the ‘ACSI and signed 


NG ZSF iED 


REGAN P's Bs : 

P 
USAINSCOM FOV 
BY CDR ABA 1 4-603 DoD 5200.13 
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DAMI-DOH B JU i575 


SUBJECT: Internal Counterintelligence Program (ICIP) (uU) 
Commander j 
US Army Intelligence Agency 

ATTh:  MIIA-SO 

Fort Meade, Maryland 20755 


: 1l. (U) Reference, 34 Quarter, FY 1976, ICIP Operations Report, = 
h “Od you recommenddd termination of three ICIP operations. od 


3 

i 2. ( ICIP operations, CANIKE PLATE (U), CENSUS TIME (U), and 

CENTAVO RID (U) are formally terminated as recommended. 

3. (U) Request that a full review of the remaining four active CONUS 

ICIP operations be conducted to determine the need for their continuance 
or discortinuance, and the results, with your recommencations, be forwarded 
to this office NLT 2% June 76. 


aroa 
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Tweaks whl inp d ce nds 


ICIP REPORT 
l April 1975 to 31 March 1976 
CANINE PLATE: (OACSI Revalidation - 4 Feb 75) 
a. Location: Seneca Army Depot (SAD), Romulus, NY-. 


b. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


c. Significant Information Obtained During Period 1 Apr 75 to 31 
Mar 76: There was no significant information obtained during the period 
and there were no indications of any overt threat to the installation. 


d. Operational Status: CANINE PLATE was first approved by OACST, 
Då, for ixplementation on 18 Sep 73. During the reporting period 490 
manhours were expended in the ICIP. However, there vere no reports 
submitted, no funds expended, neither TDY nor ÍCF. There were no confi- 
dential sources utilized, only conventional sources. 4 


e. Comments: The installetion's mission remains the same, a supply 
depct for missile and artillery vespons syscexs with a nuclear capability. 
The Derct is considered a critical and sensitive installation; therefore, 
Temains as a potential target for HOIS. However, there vas no information 
reported to indicate che presence of any overt threat to the installation, 
ine MI Group has been conducting a tücrougn review of tne ICIP to detemine 


the advisability of terminating the operation. 


f. Recommendaticn: That the ICIP CANINE PLATE be terminated but that 
increases overt liaison with additional security support be provided the 
installation commander. 


nee einen eee d s oie ee 
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ICIP REPORT 


l April 1975 to 31 March 1976 


CENSUS TIME:  (OACSI Revalidation - 4 Feb 75) 


a. Location: Pentagon Telecomaunications Center (PTC), US Army 
Communications Command (USACC), The Pentagon, Washington, DC. 


b. Information Obtained Off-Post and/or Reported on Noa-Affiliated 
Civilians: None 


c. Significant Information Obtained During the Period 1 April 1975 
to 31 March 1976: : 


(1) An ICIP source reported that a PTC civilian employee was trans- 
ferred from the coding and decoding section because he had coded an 
obscene message that was to be sent to an overseas user. Adcitionally, 
the ICIP source provided information cencerning possible security viola- 
tions involving the employee. Because of the explovee's questionable . 
suitability characteristics and conduct he was assigned to a job in PTC 
requiring minimum contact with classified information. Supervisors will 
continue to monitor his conduct and activities. 


(2) An Army NCO assigned to PTC attempted to commit suicide by 
slashing his wrists. As a result of the information gained concerning 
the suicide attempt a Limited Investigation vas initiated. The NCO vas 
assigned to the Logistics Branch, PTC, pending results of the investiga- 
tion. The investigation revealed that the NCO has a large nusiber of 
outstanding debts, has lied on loan applications, and had ordered a 
1976 automobile which cost in excess of five thousand dollars. Inter- 
views concerning the NCO revealed alleged drug usage and homosexuality. 
The Limited inveszigation was completed end referred to PTC fcr adjudica- | 
tion. The decision was made not to revoke tne “CO's security clearance 
since he left the service on 9 April 1976 and vili not be allowed to 


re-enlist. 


(3) Adverse suitability infornation was reported on two addirional 
NCOs assigned to PTC. Based on medical reports and rebeliious attitudes ! 
one NCO was released from the Army by board action. The second NCO 
aiter a night of heavy drinking began hitting his wife when she tried 
to arouse him after he had “passed out." The wife filed assault charges 
with the Military Police but withdrew them later. The PTC commander 
counselled the XCO on his drinking. and marital problems and assigned 
him duties where he has no access to classified information. 


ae s. T 
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(4) During the course of an investigation of an enlisted WAC 
.member of PTC who was away-without-leave (KAWÜL Investigation), it was 
discovered that the CID was also investigating her for theft and ` 
trafficking in drugs. ‘he NI representative and CID agents coordinated 
their mutual investigations. PTC has suspended the WAC's access to` 
classified material pending completion of the investtgation. 


UA Mg wee o -n 


=_ 


d. Operational Status: 


(1) CENSUS TIME was first approved by OACSI, DA, for implenuentation 
on 5 Feb 74. 


(2) During the period of 1 April 1975 to 31 March 1976, 726 
manhours were expended, no TDY nor ICF funds were used. The operation 
produced seven information reports. One confidential source was used 
during the period but was terminated during the latter part of the period. 


e. Comments: The PTC cperations include an extremely high volume 
of multimedia ultra sensitive conpartmentec classified traffic processed’ 
at the highest level of the military esiabiisnzent command group being 
served, and includes the cryptographic operation, maintenance and logis- 
tical mission and support rendered to the JCS, the NHCC, departments and 
executive agencies of the government allied entessies, and the United 
Nations Building in New York. The installation remains as a potential 
target for HOIS;-nowever, there was no information reported to indicate 
the presence of any overt threat to the installation. The MI Group has 
been conducting a thorough review of the ICIP to determine the advisability 
of terminating the operation and imslementing an overt direct support 
comprehensive counterinteiliaence program. in view of the above the 
continuation of an ICI? is not warranted ar this time. 


f. Recommendation: That the ICIP CENSUS TIME be terminated and an 
increased overt liaison with additional direct security support be pro- 
vided the installation commander. . 
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ICIP REPORT 


1l April 1975 to 31 March 1976 
CENTAVO KID: COACSI Revalidation - 4 Feb 75) 
a. Location: Harry Diamond Laboratories, (HDL)y-Adelphia, MD 


b. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


c. Significant Information Obtained During Period 1 Apr 75 - 
31 Mar 76: x 


(1) Information was received that a First Secretary at the USSR 
Embassy, Washington, DC had visited HDL on two occasions. On one 
occasion he attended a meeting of the Institute of Electrical and Llec- 
tronics Engineers, INC., a professional society for engineers which 
was held in the auditorium of HDL. The subject matter presented during 
the meeting was unclassified. At a second meeting of the society the +,- 
Soviet Embassy official was denied entry. A repert of the incidents 
were provided to the FBI and the Conmander, HDi, made a determination 
that the society could no longer hold meetings at HDL in order to pre- 
clude any potential security threat. 


(2) On two occasions an unidentified light aircraft flew over the 
test site, Woodbridge Research Facility (WRF), FDL, where a series of 
tests on foreign equipment uncer the Range Emory program was in progress, 
In both instances the aircraft circled over tne Range Emory test cite 
for about 5-7 minutes. The overflights are being investigated in ccordi- 
nation with the FBI. 


(3) An employee, HDL, made allegations of inmoral activities by 
members of the HDL Security Office and a group at the Van Ness Avenue 
Facility, HDL. The employee claimed that she was being fellowed by 
members of the HDL Security Office. After investigating the erployee's 
story, the Commander, HDL, believed that she wes suffering from psychiatric 
problems and would have her visit a psychiatrist for a complete evaluation. 


(4) Suitability information concerning an employee of the Voodbridge 
Research Facility (NRF) a branch of HDL located in Woodbridge, VA, involved 
a problem of alcohol abuse. After counseling, the employee participated 
in a rehabilitation program. 
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Page 2050 of 3957 


(5) A courtesy penetration test of HDL's Adelphi Facility was 
conducted and revealed several securitv weaknesses vhich vere corrected 
by the supported command. As a result of the test a number of security 
guards were transferred and guard procedures were changed. In addition 
a New raznetic coded badge was approved for purchase in FY 77. As a 
follov-up implementation of "Lessons Learned" in the penetration test the 
ICIP Project Liaison Officer (PLO) and the HDL Security Officer prepared 
and delivered a series of lectures and classes to the HDL suard force on 
the penetration test. Additionally, the PLO delivered lectures on the 
penetration test to the faculty and students of the Counterintelligence 
Dept, US Army Intelligence Corps School, Fort Huachuca, AZ. 


d. Operational Status 


(1) During the reporting period 880 manhours were expended, 18 in- 
formation reports were submitted and 41 memorandums were prepared and 
provided to the supported commander. 


(2) No TDY or ICF funds were expended. a 
2. Comments 


(1) ICIP CENTAVO KID was approved by OACSI, DA, 18 Oct 73 and the 
supported commander was briefed on the implementation of the operation 
cn l2 Nevemder 1973. 


(2) The mission of the HDL includes critical sensitive research and 
activities in support of the US Army. Some of the mere sensi- 
s include research into the hardening of communications 

t nuclear weapons radiation; tests of nuclear warhead 
ems to determine their ability to withstand nuclear 
on; develop fuses for use with nuclear warheads and 
opment and testing ef radiation hardened systems for 
Poseicon Missiles. 


" 
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(3) The installation remains a potential target for HOIS and the 
hostile intelligence service have an interest in the research and 
Gevziopzent activities of the type conducted at HDL. However, the amount 
or Significant information surfaced by the ICIP does not warrant the 
expenditure of manhours at this time to continue the ICIP, 


(4) The MI Group is reviewing the [CIP with a view cf terminating 
the program and instead implementing an overt direct support counter- 
inteliigence program. . 


f. Recommendation: That the ICIP CENTAVO KID be terminated and 
an overt direct support counterintelligence program be implemented. 
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E e iC conduct iu “source, ; multi-discipline counterintel- 
ithin Bene 2024.” MI ui Group. B area of operation. 


mS installations and units : in the group's area of operation 


do 
. iN Any situation exists that might adversely affect, iiec gonmander" s 


(3) Information indicates a probable employement of Wiiitary | resources 
to ‘counter a threat to the installation. 


In order to acquixe information of situations or conditions that may pose a 
threat to the supported commander, field elements must aggressively seek it - 
.and.not wait for it to be reported through normal sequence of events. This ~ 
is particularly essential for those unice/instailations declared to be cerit- 

| |, ical sensitive. iid s 


ame 


‘ b. the neci if s of agar 


er: ies: DE graduated. dntensity. egunteri tei i- 
"^ gence programs designed to provide’ the: proper coverage ‘based ‘on “the 7g ity 
^ wulnerabilit$ óf.a particular. installation., In relationship to- 'othef^grádu- 


ated counterinfélligence Programs. listed in USAINTA Regulation: QPi-100, ths 
-DSCCP- -would, -inecertain> "instances; JServetas a 
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4. (U) CONCEPT: 


a. The Direct Support Coiuprehansive Cou 


(DSCCP) is an overt, dedicated pc ciim ico fe 
program with the objective of detecting or ant cip2vin 


i 
faetors from any source (EUMINTP/SIGIUT/FhOTIET) which 
detrimental to the security rosture of the i à 
employs a Direct Support Special Agere 
rele of acquiring information and prow 
tinely nannez, while concerrently provid 
the: reduction and/or clisnination of secu 
threats posed by hostile factors. 


the required ME. 


3 
1 


Tiela O'riocsz, © nOn, end 


C. Tho D3CUCP is a Covpluans:teacy Dovv3 C ne to tie 
Counsnder to assist him in improving the secuvity postur? of 1.35 s 
luto. It is not intended to erplir.ts urp thc functions £z. 


P 
ili ss of the G-2 or of the Sex: 


5, (U) RESFTOSSIUCILITIES: 


a. The Corzmanádzr, 9922 


“I Groun, is the approving nutia 
Daccr operations er aae t 


ius .. 2 
teins the crovc2's aros af 


b. The $3, 902d HI Group is responsible for tha followlno: 


(1) Coordinating the selection of units/installations es candi 
Getes for DSCCP with the appropriate USAINTA staff eloments. 


(2) Monitoring DSCCP orerations on a continuing basis ond periodic- 
ally informing appropriato USAINTA staff clemencs of their progress. 


(3) Conducting an annul review of each DSCCP operation to devor- 
mine if it is still necessary end if so, to asure that it remains. viabic. 
Cc. Field Office Comsanders are responsible for tho followitg: 


(1) Initiating propesed DSCCL operations for ingtallaiticns Jorated 
within their areas of operation. 
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swath the full "Consent ‘and’ knowledge of the supported commander. 
AM i a wi ites DC 
Bos b. Xf The selection of installations to be considered. :for the 


DSCCP must be discriminatory and based on a genuine need d forjthis man- 
power intensive service in order, to avoid over-commitment. et. assets. 
The target installation must be one that is on the ACSI Sensitive l 
Installation and Unit List (SIUL) and one that is a potential. or actual 
target of hostile intelligence services. It is recognized that. some 
field offices and Tésiaeht offices have numerous sensitive installa- gua 3 
tions in their area, „many. of which. may-be-categorized- as critical..--. . ~~: 
Therefore, it is essentiàl' that each FO/RO.maintain a listing of these " 
installations in order "of priority. in determining the order :of no 58 
dty, "factors such, BS mission, .Bens: iivit parr impact, of compromise. AG 
. the security of the United ‘sta states, etc., will all-háve to be amied PES 
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communications intercept, overhead anc Grow... O her Appx- 
priate technicel/scientifie factors will he i This ánieo- 


mation will be extracted from the target analysis (Para 7a) 
SVA if one has been completed. The concent mast addroas actions to be 
taken to detect and counter these threats. 


. (U) Occasional expenditures i : ; SMippozt of tis preiron as 
ized and will bo processed i 

INTA Regulation 381-1. 5 vill be apn 
mal reyuest for authority if such curediiucos ere &nitici- 
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380-13. 


7 (We; GUIDELINES: 


CO below ars considered te bo minix 


Yne actions List i Bocntntial fas 
Yee. tye dom de ye f } PO DYOO-CSD* pori grê + t bə STI PE k] 
lEDILenentatios of this program aun ayé not to bo corte 2 
pucsuling. They should be modified as appropriate to mort 

rocds peculiar to the supported irs 


will likely dictate additional or 
oxlov to successfully attain the object 


à. (U) Conduct a taruot analysis of the unit/i 
tify, in order of pricrity, the mos: critical and ve 
multi-discipline threats to whieh they are expound. 
iz to the Following: USAINTA Security Supr : ; 
wails, completed SVA/SAVE Reports, CI Survey and Inspection Eeporis, Li/u- 
Crins Statisties and InciGent Reports, and Conzunicaciois Security 
enen available end applicable. 


ins original copy of the analysis 
maintained at tho FO/RO level. Appropriate data will be extracted nnd 
incluógod in the initial QOusrtecly Pro 

be reviewed and updated periodically 


Sevens eyed 
CLS a 


gress Report. The analysis snould 
i z 


n subsequent Quarterly Progress 


b- (U) Assign a mature, experienced MI Special Agent 28 a Direct 
Support Special Agent (DSEA) to provide all-source direct support to the 
supported commander or his designated representative. Tho BosA muet be- 
cewa intimately knowledgeable of the supported cormand?’s wission, fune- 
tions, security status and vulnzrabilities. As the program vill 
overt in nature, the DSSA will be browni as 
ontact to all within the sunperted uni 
d iS 
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c. { The task of the DSSA is to develop à sufficient number 
of sources of information to provide the best possible coverage to'the 
unit/installation and personnel of the element to detect security vul- : 
inerabilities, and make s6und-recomfendations for their reduction and/or PE 
elimination. “The DSSA should work Closely with the security manager to sao 
-Fooordinate Appropriate matters and to avoid duplication of effort. How- : 
“AF ever, care should be taken not to duplicate or usurp functions and .re- i 
göm Sponsipilities rightfully assigned to the security manager. 

Ibo . a SE SURE “Saint | oc E 

— (33 S iini SoürcéS-of ‘information will include Conventional Sources 
Wu unen yeas a andvoffictal)-- ama Liaison ‘Contacts as described in 
= £^ ERA -Confidehtial ‘Human Sources will not be utilized. 
y Bé 'ioviaen ‘through the "provisions of the Privacy'Act of 
The association between the DSSA and 


va pi E ED 

42)- "Maximum use will also be made of Documentary and Technical/ 

Materiel Sources to include, but not be limited to, SATRAN Messages, 

Department.of the Army intelligence publications and/or bulletins; 
USAINTA Security Support Bulletins and "THREAT" Manuals; SAVE/SVA re- 
ports; Military Police Reports, and Serious Incident Reports. Special 
attention should be paid to message traffic concerning alerts, advisor- 
ies or warnings concerning events Ox situations affecting the supported 
command. 


d. (€ A contact card file will be maintained at the supporting 
office to identify conventional sources and liaison contacts. This file | 
will be integrated into the existing contact card file already established 
‘for use in the routine mission of the FO/RO. It must be readily available 
for DSSA personnel at all times. Individual cards will be annotated 
when the contact is in support of a specific DSCCP operation.  LACs will 
be conducted on casual sources with the results reflected in the contact 
card file. 


e. Ww. Consideration should be given to conducting a system- 
- atic review of the dossiers of personnel occupying key and sensitive 
positions to insure that all such personnel have been properly cleared 
and to determine if unresolved security matters exist. This issue will 
be discussed with the supported commander if such a review is deemed 
necessary, the DSSA should recomnend that the commander undertake the 
action. .If-the commander requests that the review be:conducted by the 
DSSA, then the matter will be referred to group headquarters where re- 
. solution. will -be made in conjunction with the appropriate USAINTA staff 
r- elements. The DSSA may assist the supported command in the review of 


„He will advise the supported command to submit requests to USAINTA when- 
ever investigative action is indicated. 


| 
! 
t 
f 
äossiers but may not take any “investigative action to resolve issues. ` 
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country commercial overflights, comaunicatio 
vulnerabilities from air, ground or water, 
abilities and others as listed below. Depen 
information and its previous distribution within the intel 
munity, the information may be passed Jaterally or to Manes echelons in 
accordance with established reporting requirements. All information 
gleaned from the operation will be briefly summariced in the Quas 
Progress Report. 


g. (U) A list of ESI will be developed by the D555 in ord-- to 
focus specialized coverage on the specific requirements of the lota 
Situation and the supported commander. Examples of EZI are attached st 
APPENDIX B. It should Le noted that the EZI contain items of specif 
ntexrest to the supported commander and other itens that perti te 
woos 0-7 material for use by the US Army intelligence comunity. A copy or the 
developed EEI list will be attached to the initial Quarterly Progress 
Report. 


H 


"i h. (U) A Quarterly Status Report in the format contained 

P APPENDIX C will be submitted to Group Headquarters no later tim: 
working days following each calon2az quarter. The first report 
duc after the completion of the first full aquerter of ops 
initiation. The report shovla reflect the Cavelope s ani pv 
the operation, probleiss encountered, information obtained doriis; 
reporting period, future actions contomplate? and lessons Tourn? or 
recommendations es appropriate. 


8. (U) Redgucing Vulnerabilities: Once a czcuritv weanness cl huzacd 
hes been identified, the DSS4 then has the responsibility to make € 
recommendations for corrective actions to be taken by the supzorto8 
coumander to reduce or eliminate them. In making these recomman?#t 
the DSSA must use pus judgement based upon his background and oxe 
ence, cost verses absolute security, knowledge of similar insta: in 
caisuon sense, aud an intimate knowledge of those technical andos D dm 
specialized security services and/or investigations available to the 
Supported commander from other USAINTA elewents. Each corrective section 
must bo viable, made on its own merit, be practical end be vitii x 
capability of the supported command. USAINTA Security Suppor. Bul: 
contain excellent examples of "quick-fix" solutions. In those rore 
instances when corrective actions cannot be accomplished due to cost 
restrictions or limited resources available to the comuand, the coc 
der must be made aware of, and accept the possible security risk(s) 
involved. 

V) 
9, rob) It is visualized that situations, incidents ox conditions may 
be uncovered which could have serious deleterious effect on the security 
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ESSENTIAL ELEMENTS OF INFORM 


1. ( GENERAL: In devising EET applicable to the supported instal- 
lation, each one of the multi-discipline threats must be cnari 
conjunction with the mission and situation of the particular targe 
Tho actual or potential vulnerabilities thereby conceives bozons ERT 
affecting the supported installation. Since each installation hes its 
own specific situation, it is imperative that the DSSA worl. very closely 
with a representative of the supported installation in orGer to arrive 
at an EEI listing tailored to tho specific needs of tne command. 
references listed at APPENDIX A provide background information end 
guidance in devising LEI. Many of the areas covered by these references, 
“hich heretofore have been of little concern to the Special Agent, are 
now essential elements of knowledge to tho DSSA if he is to sus esniully 
accomplish his mission under tho D3CCP concept. This is particolurlv 


m 
r 
rr t 


necessary in the areas of SIGINT, PHOTINT, OPSEC ant Cocpzioz Security. 
Listed below are samolce EE] fox each category. Photvs 1 e pagic ard 
are only a raytial listing provided és an aid in devcloping a list 

= by K A 


2 
peculiar id the supported command. Some cf tno Lit 5 
te every DSSA but are includ: ar Em 
OX related pn The finzl Kel 
the source or sources that can provi 


2. ee HUMINT: the following elements are those normally abeributes to 
di segatio 


collection or exploitation by human intelligens sources. e 
will usu211y be obtai din by various HUCI:T sources, persona) 


by the DSSA and liaison contacts: 


a. HOLS subscriptions or regular acguisition of local and post 
ncws5prspers end periodiculs. Sources: LNG contacts me USAIN GS. 


b. Deliberate compromise of classified informastion or unsethor- 
ized releasc of military information to representatives of foreign 
governments (ARS 380-5, 389-10, 381-12 au2 381-12-1) 


C. Public information releases and local newspaper eriicles 
revealing unclassified bat useful (to HOIS) information regarding 
the command. 


d. Theft, suspected theft, or unauthorized reproduction of 
classified documents and or material. 


e. Reported or suspected blackmail or coercion of individuals 
cmployed within the supported command. 
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f. Actual or attempted physical breaches of restricted area 
perimeter security, external or internal. 


g. Early detection of persons whose activities and/or character 
5-5: * weüknesses- may render them vulnerable to hostile intelligence exploit- 
k ation. Suitability factors may include: 


(1) Excessive indebtedness or recurring financial difficulties. 


AV ` mo gro i 


(ag Unexplained: Areiuence. 


p I 


BABY ecoaact me the ‘individual vulnerable to pressure, such s 
:a5 homobeiual, criminal or amare? acts. an 
3€ E , “i 
44) ‘Excessive use of alcoholic beverages or improper use of drugs ual 
“or “narcotics. E 


. (5) Mental or emotional instability or history thereof. 


(6) "Those who attempt to commit suicide. 


(7) Drastic changes in behavior to indicate possible diexplainsd E 
pressures being brought to bear. 


m. 
px h. Personnel who —— and voluntarily work during non-duty 
E hours when unobserved access to classified data is possible. 
3 a . 
M i. Sudden unexplained or inadequately explained absences from 
work 
j. Membership in, or association with members of organizations i 
constituting a local threat against the US Army as defined in AR 380-13. eR 
k. Unsolicited correspondence from individuals, organizations or 4 
addressees known to be a threat to the US Army. . 35 
1. Allegations or denunciations of espionage or sabotage on the : bé 
part of sensitive installation personnel. c 


: 3. PHOTINT: This pertains to intelligence obtained by means of A 
P photography, mainly through HOIS satellites or HOIS commercial aircraft. DE 
Also included must be threats posed by hand-held cameras operated from i 
low-flying private aircraft and ground-level photography conducted from <3 
areas outside the perimeter of the installation. Photography from sea- Du 
borne platforms should be considered at installations located near . 
international waters. Sources of information for this type of data are ui 
documentary sources such as SATRAN messages, schedules of tests, opera- " 
tions and troop movements, as well as results of liaison contacts and 
personal observations. Some sample EEI are as follóws: 
i 
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ing activiticz dering periods of scheduled ovo.ri.lights by 


HOIS sutellites and commercial aircraft: 


(1) Large and significant training exercises. 
(2) Testing of eauipment and/or techniques in the cpon. 
(3) Uncamovilaged new or sensitive equipment. 


(4) Other significant movements and activities. 


(5) Concentration of transportation equipment, i.c., trans 


ete. 
b. Buil3 up of major item stockpiles in the open. 
’ c. Gradual build up of facilities at a test site. 


d. Repeated violation of eir restricted zones by commercial/privets 
planes. 


c. Appsarance of private aircraft ducing classified, or siy. fl 
tests/demonstrations. 


f. Placing, operating or testing cf new, significant or classified 


g. é a the vicinies, 
coinciding with the scheduling of now, unusuil and/or classified activit, 


h. Unobstructed windows and apertures in areas where 
matters are handled, permitting observation and photogranuhy 
areas. 


i. Foreign vessels, particularly from East Bloc Countrics, 
ing ,off-coast of installations near international waters. 


4. SIGINT: Signal intelligence is derived from the intercept æq 
anafysis of communications, COHINT, and from communications electromagnetic 
radiations, ELINT. HOIS SIGINT collection against US facilities is 
accomplished from air-borne, see-borne, and land-based platforms. HOTS 
capabilities in this field are described in the USAIRTA Threat Manual ass 
additional information as to specific threat to the supported installation 
may be found in reports of SVAs and SAVEs and/or reauested frea UEAIUTA. 
The field of SIGINT is a very complex and specialized ono. Adequate ! 
protection of a ccunand/installation from BOIS SIGIT collection reguir-. i 


REGRADED UNC 
ON gep 2 CLASSIFIED ELR 


19 
"i CDR USAINSCOM FOUPO 
TH PARA 1-603 DoD §200.1- 


Page 2065 of 3957 


the: application of Signal Security (SIGSEC) which inuluges 
Security (COMSEC), and Electronic Security (ELSEC). 
erolied to celecommunications systems and has four com 


security, physical security, transmission security and 


ELSE n5 to protective measures applied to elects 
of smications eguiprent end systems to prevent 


analysis or exploitation of those radiations by forci: intelligeucc. Tue 
DS55 must become sufficiently familiar with the above subjects lr 
recognize vulnerabilities, and know when to reconsend a rcc 

istancc. References lh, l, p, q, r, S, and 53 and e in 
provide additional information. Furthermore, the DSZA fucte 
with the staff element having responsiblity for SIGSEC 
installation. The EEI selected will be the type that 
by; human sources, preferably located in comsunication/ 
areas. Some EEI common to SIGINT are located in para 
Lu 530-1. Other sample EVI follow: 


a. Conducting tests on new or sensitive radars ana other non- 
co-rmunication envaitters within range of land basc, air-Loznt? OY Suede hol. 
HOLS ELINT platforms. 


ae oe M ae ^ 
rated, Jn^ormat 


E celiv opc 
hendles classi fiul inform: 


pue 
Eel 
m 
i 


b. Installing and operating electri 


proccscing circment whic lass tios vituoat ti: 
application of counprosising emanations control measures. 

C Poor telcphons security to incluse: 

(1) Discussion cf classified matters over Autovon and com. .ial 
telephone systens. 


(2) Discussions of upcoming events which can provis t3roffs to 
classified activities. 

(3) Use cf double tali in reference to classified mensus 

4) Reading/euoting verbatim portions of classificé matters. 
Ds OT3ER EEL: The following items are of interest to thu US Arüv 


intelligence community and vill be forwarded to this headquarters bv 
Agent Report format for appropriate action. A statement in 
will indicate if and how the information has bean reperted through other 
appropriate channels. As thi? information will be passed to USSA ior 
pozsible exploitation bt the Special Operations Detachment or the Di:iecior 
of Operations as aypropriate, the Agent Reports will be classifica 
CONSTIDEHTIAL-NO FOREIGN DISS£H4. Normally this infornration is not parsed 


to the local commander other than to insure that other proper reporting 
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procedures are being followed by the commana. 


a. Identification and extent of foreign contacts of military and 
DOD civilian personnel, with emphasis cn Soviet bloc countirioz. 


b. Intended foreign travel of military or DOD civilian personne] 
to Soviet bloc countries or attendance at social or official functions 
at which Soviet bloc counLrics ere present. 

c. Foreign business or prcfessional connections and the ertent 
thereof of military and DOD civilian personnel and their families, with 


emphasis on Soviet bloc countries. 


d. Solicitation by forcign national or organic.ti 
or official information through official or unofficial channels. 


e. Invitations by non-US Government organizations ox inG:;videnls 


to members of the supported comaznd to Participate in conte vones 
symposia or to submit papers for publications in profession" 
Os activities related to their govermmcnk employinent. 


^ = 
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2. (VU) SUvPOLIZD COMHAD 
major comaand(s) involve 


ivity(ies} receiving the suppozi Anf Lig 


ae 


ot 


3. ( ) TARG 5S: (In the initial report sums2rizce the results 
oi terget un: s conducted for all activities, installations, or 
s^parate elements designated and included in tho preguan, by order of 
priority of support.  Svbordinais elements large enough to be d^ SRI 
sub-targets will be listed in subparagraphs In subsequent roports, 
indicate only changes as they occur.) 


H 
m 
tz 
EM 
ut 
i 
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t 
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4. ( ) QUAREMELY BRIEFING OF SUPPORTED CQ! 


a. Circumstances: In brief narrative form, cite atols), identities 
s 


of all persons present, and subjects discussed and results of the br 


b. »urational Progr 
y AT as nay De reguilred, e utt 
s portein to duvelopsent of the progrem, inprevononts in th 
an? any operational reedjustagirts made ree the period. In 
:codific liens OF intese E z 
wnjropriate reports made during t 
otails of the topic discussed viti the 


o Poriod: In 
ut 


fs 
2 
B. 


D 


C. Sioniticant Countcerint nce Information Developed: In as 
many subparagraphs es may be regunrceu, Ci ite identities of “personalities, 


incidents, or groups dizcussod with reference to the report previously 


submitted. 


SUE 


^ n 


a. To the local conmanter end actions implementa or taken an a 


Su Ie Type Information Developed Action Taken Dats of Action 


b. To the intelligence community; 


Subject Type Information Doveloped To whom reported 


6. () COMHENTS, REM ARRS AND RECOMIONDATIONS : 


In this paragraph, indicate any general remarks or indications of special 


57/ 
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ini: cest wn by the supported command thay ere noi covered in ab ove 
paregraphbs mild reflect tho coumaudler'r Dent of 


vhethor it je 
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tno viability of tnc progr 
ever~ents 5 no sees ti 
Also indicated extent with which the 
has cooperate? zh the FU/22 &ud/ox tbis group ang 
which could serve to improve the DSCCP support to 
problem areas have been encount-vrai, finginas and 
will be provided. Lessons learned shouid be includeó 
planning and imolenentation of other operations. A tt 


Cunterod as to whether any inZTomabion concerning non-a: 


civilians or organizations was reported (AK 380- 13). 
reforence specific report or atiach copy. jtilize subparagrephs vo 
exulain or amplify information or Gata xeport6à. 


ROPE: Classify cach paragrezh according to ito content 
distribction of this report, care must bz texon 
contents of the report do not reveal 51/540 c 
cf this wovlé bo to include the Statement 
iufornation, reference Messages 
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DEPARTMENT OF THE ARMY |. PEGRADED UNCLASSIFIED 


HEADQUARTERS = 
U.S. ARMY INTELLIGENCE AGENCY BY corts Abom FOI/PO 


FORT MEADE, MARYLAND 20755 AUTH PARA 1-603 DoD 5200.1-R 


-. Jun Z3 1976 


SUBJECT: Internal Counterintelligence Program (ICIP) (U) 


r 


HQDA (DAMI-DOH/Miss Brannan) 
WASH DC 20310 " 


1. (U) References: 


a. Letter, MIIA-SO-SA, USAINTA, subject: Report of Internal 
Counterintelligence Program (ICIP) Operations (U), 11 May 76. 


b. Letter, DAMI-DOH, subject as above, 8 Jun 76. 


w Recommendations concerning the current four active ICIP 
operations are submitted in compliance with paragraph 3, reference lb. 


3. The 902d MI Group requested that its sole remaining ICIP at 
Aberdeen Proving Ground, GONDOLA STAR (U) be terminated effective 
30 June 1976. Confidential sources utilized in the ICIP have been 
terminated. Supported commanders at Edgewood Arsenal and Aberdeen 
Proving Ground were briefed on the termination of the ICIP and the 
concept of direct, overt, all-source counterintelligence support 
which the 902d will provide under tne Direct Support Comprehensive 
Counterintelligence Program (DSCCP). 


h. (U) Recommend that GONDOLA STAR be terminated effective 30 
"t 1976. 


: 0 The 525th MI Group reviewed each of its three active ICIPS, 

i om S TAX (Sierra Army Depot), LENS HOLDER (White Sands Missile 

: Range), and LENTIL MONKEY (Defense Language Institute) for considera- 
i tion of possible replacement with a program similar to the DSCCP of 
the 902d MI Group. As a result of this review the CDR, 525th MI Group 
believes that a program similar to the DSCCP can be established which 
would provide requisite support to Sierra Army Depot, CA and White 
Sands Missile Range, NM, which will permit termination of ICIPS at 


Clessited by . CLL LAITA... , 
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DEPARTMENT OF THE ARMY 
HEADQUARTERS 
U. 5. ARMY INTELLIGENCE AGENCY 
FORT MEADE, MARYLAND 20755 


MIIA-SO-SA 


JUN Z2 13/6 


SUBJECT: Internal Counterintelligence Program (ICIP) (U) 


HQDA (DAMI-DOH/Miss Brannan ) 
WASH DC 20310 


1. (U) References: 


a. Letter, MIIA-SO-SA, USAINT4, subject: Report of Internal 


Counterintelligence Program (ICIP) Operations (U), 11 May 76. 


; Letter, DAMI-DOH, subject as above, 8 Jun 76. 
cs 


Recommendations concerning the current four active ICIF 
operations are submitted in compliance with paragraph 3, reference lb. 


3. The 902d MI Group requested that its sole remaining ICIF at 
Aberdeen Proving Ground, GONDOLA STAR (U) be terminated effective 
30 June 1976. Confidential sources utilized in the ICIP have been 
terminated. Supported commanders at Edgewood Arsenal and Aberdeer: 
Proving Ground were briefed on the termination of the ICIP and the 
concept of direct, overt, all-source counterintelligence support 
which the 9028 will provide under the Direct Support Comprehensive 
Counterintelligence Program (DSCCP). 


4. (U) Recommend that GONDOLA STAR be terminated effective 30 


"h 1976. 
„(9 


The 525th MI Group reviewed each of its three active ICIPS, 
CANVAS TAX (Sierra Army Depot), LENS HOLDER (White Sands Missile 
Range), and LENTIL MONKZY (Defense Language institute) for considera- 


tion of possible replacement with a program similar to the DSCCP of 
the 902d MI Group. 


4-603 DoD 6200.1-R 


As & result of this review the CDR, 525th MI Group 
believes that & program similar to the DSCCP can be established which 


would provide requisite support to Sierra Army Depot, CA and White 
Sands Missile Range, NM, which will permit termination of ICIPS at 
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MITA-SO-SA 
SUBJECT: Internal Counterintelligence Program (ICIP) (U) 


those locations, Because of the transitory nature of the military 
community and the makeup of the civilian community at DLI, the present 
techniques used in ICIP LENTIL MONKEY are believed best suited +o 
provide the necessary support to the commander. LENTIL MONKEY has 
been very productive under existing operational concepts and should 
continue to provide significant developments in the future. 


b. The 525th MI Group recommends that, based on the above, 
CANVAS TAX and LENS HOLDER be terminated on 31 Aug 76 &t which vime 
a substitute support program will become effective. The 525th MI 
Group further recommends that, based on the above and the yearly 
analysis submitted with reference la, TENTIL MONKEY be revalidated 
and permitted to remain in effect. 


7. (U) USAINTA concurs in the recommendations of the 525th Mi Group. 


^ 
(aA : Pte 


WILLIAM 1a, JENKRINGS 
Special Adsistant (OPS) 
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> Brannan/DAMI-DOH/ 53504 
UE Lier RTT TS 
Gg MAND! BR TTAL SLIP 


TO (Nene, office symbol or location) 


PER CON - 
VERSATION 


“SUBJECT: Response to DAMI-24 question, | 
"Why so much WY for Canter au SIGMATURE — 


Ride?" 


REMARKS 


l. The Commander, 902d MI Group made the decision 
that the Project Control Officer (the individual who 
handles the sources) for Canter Ride be located at 
HQ 902d MI Group at Fort Meade, Maryland, and not 

at Redstone Arsenal, 


2. The Operations Plan for Canter Ride specifically 
specified funding for the Project Control Officer 
to be located at Fort Meade, Maryland, The OPLAN 
was approved at this level. 


3. The Commander's decision undoubtedly based on 


sensitivity of certain activities of employees at 
MIOOM, 


Do NOT use this form as a RECORD of approvals, concurrences, 
disapprovals, clearances, and similar actions 


FROM e alice symbof or location} DATE 

be "A ISS 5 7 PRONE 

Chief, DAMI-DOH 4 | 74087 
OPTIONAL FORM 41 $0a1-101-01 


AUGUST 1987 


GSA FPIAR ( ATCFR) )05-11.296 * GPC 1973 OF-- 490-218 
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JONWTROL MAREE 


OFPICB BYMOOL SUSPENSE 


DAMI-DOH 
OATR 


2 June 1976 


o obtain approval) 9g he Quarterly ICIP Report. 
wumonanoum POR amconp.  ( Describe briafiy the requirement, bochkgromd ead oction iuhen or recommended. Mast be unificiently detailed te identify 
abe astian wheat revearm ts other eeurees. ) 
1. (U) Background: On 8 Feb 72, the Under Secretary of the Army requested that the 
. VCSA provide a quarterly report on all ICIP operations. On 1 Apr 76, the Under 
Secretary of the Army requested, "On next quarter's review, please provide an analysis 
(of each ICIP for the past year) to include statistics." (TAB B). 


2. (5 Discussion: 


-- During the 3d Quarter two ICIP's were terminated, CANTER RIDE at Redstone 
Arsenal and CANARY EFFORT at Fort Ritchie. USAINTA will continue to provide overt 
CI support to these installations. 


-- At close of 3d Quarter, seven ICIP's were active. Summaries of each ICIP, 
plus the two which were terminated, attached as Inclosure J, TÀB A. —- 


-- In compliance with the Under Secretary's request, an analysis of each ICIP for 


the past year is attached as Inglosure 2, TABLA. Attached as.Inclosure 3, TARA, are 
the statistics for the ICIP's referred to in Jnclosure 2. 


-- USAINTA recommended in May 76 that three more ICIP's be terminated: CANINE 
PLATE (U) at Seneca Army Depot, CENSUS TIME (U) at Pentagon Telecommunications aL 
and CENTAVO KID (U) at Harry, Diamond Laboratories. ee be present wale 
hand led y arate action (Pero: E Jun T) ii d € 
ACH bien 76. 

oe Memorandum at JAB A transmits summaries of ICIP operations through 
the VCSA to the Under Secretary of the Army for third quarter FY 76, 


3. (U) Recommendation: That the Information Memorandum at TAB A be approved and 
signed by the ACSI, 


Gata Ss reti TRY fry Undi Ad, ? 


(Continue oa piain bond). 
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DEPARTMENT OF THE ARMY 
OFFICE OF THE ASSISTANT CHiEF OF STAFF FOR INTELLIGENCE 
j WASHINGTON, D.C. 20310 


REPLY TO 


arrention or: DAMI-DOH 


16 JU 275 
MEMORANDUM THRU: VICE CHIEF OF STAFF, US ARMY 
FOR: UNDER SECRETARY OF THE ARMY 
SUBJECT: Interna] Counterintelligence Program (ICIP) (U) -- 
INFORMATION MEMORANDUM 
1. During the 3d Quarter, January-February-March 1976, two of 


the On-going ICIP operations, CANTER RIDE at Redstone Arsenal, Alabama, 

EH and CANARY EFFORT at Fort Ritchie, Maryland, were terminated effective 
31 March 1976. Although these operations were terminated, the United 
States Intelligence Agency will continue to provide overt counter- 
intelligence support to the sensitive eléments at Redstone Arsenal and 
Fort Ritchie. i 


2, The total number of active ICIP operations at the close of the 
3d Quarter was seven. Summaries for each of these operations, plus the 
two which were terminated, are attached as Inclosure 1. 


— — . 


3. The Under Secretary of the Army commented on our J Aprii 1976, 
2d Quarter ICIP Information Memorandum that an analysis of each ICIP 
operation for the past year, to include statistics, be provided with 

this quarterly review. In compliance with this requirement, an analysis 
of each ICIP operation has been made for the past year and is attached 

as Inclosure 2. Also, attached as Inclosure 3, are the statistics for 
the ICIP operations referred to in Inclosure 2. These statistics provide 
a recapitulation of pertinent production, costs and manhours for these 
operations, 


4. After reviewing the 2d Quarter ICIP Report, I have directed that 
three more operations be terminated: CANINE PLATE (U) at Seneca Army 
Depot, Romulus, New York; CENSUS TIME (U) at Pentagon Telecommunications 


; RQSIFIED 
REGRADED UNCLASS! 
ON ous oem Pm Classified br. ACSIA DA 
BY are A 93 DoD XEMPT FRON CENERAL DICL'SS'CICATION 


AU SCHEDULE OF EXECUTIVE O2DER 11652 
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DAMI -DOH 
SUBJECT: Internal Counterintelligence Program (ICIP) (U) -- 
INFORMATION MEMORANDUM 


Center; and CENTAVO KID (U) at the Harry Diamond Laboratories, Adelphi, 
Maryland. Overt counterintelligence support will continue to be provided 
these installations by elements of thé appropriate Military Intelligence 
units. Before the end of June 76, the four remaining cases will be reviewed 
again for retention. 


5. Our goal is to assist the Army commander in improving the 
operations security (OPSEC) posture of his installation through the use 
of the complete spectrum of counterintelligence services. I am expanding 
the use of overt counterintelligence services and want to use the ICIP 
very selectively to ferret out espionage activities of hostile intelli- 
gence services. 


"heec Aw — | 


HAROLD R., ALTON 
3 Incl Major General, 23 
as (C) ACofs for Inis.i/;:nce 
e 
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Miss Brannan/53501 
Typed by: G, Rivera 
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1. (x EFFORT: (OACSI Revalidation - 4 Feb 75) 


a. Location: Fort Ritchie, MD 
b. Confidential Source Utilization: Three 


c. Information Obtained or Reported on Non-Affiliated Civilians: 
None. -— 


d. Useful Information Obtained: 


(1) On 15 January 1976, the Project Liaison Officer (PLO), as a result 
of a liaison visit with the Baltimore Division of the Federal Bureau of 
Investigation obtained data on the presence of Sino-Soviet Bloc personnel 
travelling within the environs of the target areas and information on 
those Sino-Soviet Bloc personnel residing temporarily in the environs of 
the target area. 


(2) On 28 January 1976 a member of the 572d Military Police Co, 
Ft Ritchie, was approached by an unidentified individual at Hagerstovn 
Junior College, Hagerstown, MD, who claiméd to be employed at Site R. 

i The individual described Site R in general terms, buf made no attempt 
to elicit information from the soldier. Investigative efforts failed 
to identify the individual. All available information was provided the 
Hagerstown Resident Office of the FBI. A USAINTA investigation of the 
incident is continuing. 


(3) On 28 January 1976, an unidentified individual approached a 
soldier assigned to the US Army Communications Command East Coast Tele- 
communications Center (JSACCECTC) and requested a tour of that facility. 
The individual appeared interested in the antenna configuration of 
Satellite Communications/Direct Communication Links (SATCOM/DSL). The 
request for the tour was denied. All available information was provided 
the Hagerstown Resident Office of the FBI. USAINTA investigation of the 
incident is continuing. 

(4) During the reporting period information was developed on a 
Non-Appropriated Fund (NAF) employee who is a bartender employed at the 
Ft Ritchie NCO Club, The bartender allegedly told the patrons that she 
was in the employ of both "Military Intelligence" and the'CIA." An 
investigation is being conducted by USAINTA. 


(5) On 18 March 1976, a US Army NCO assigned sensitive duties in 
the Alternate National Military Command Center (ANMCC) volunteered 
information concerning his entering into correspondence with an agency 
of the East German Government. The NCO, who has been researching his 
family history for the last six years, was attempting to obtain a record 
of the military service of his great-great grandfather in the period 
círca 1810. In the course of an inquiry to the Federal Republic of 
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Germany (FRG) Ambassador in Washington and the FRG Government, he was 
advised.to contact the German Historical Central Archives in East m 
Germany. The NCO volunteered the information to make it a matter of 

official record. He was given a SAEDA briefing under the provisions of 

AR 381-12 with special emphasis on reporting procedures. The NCO will 

inform Army Intelligence should he be contacted by any East Germany Agency 

and will provide copies of any correspondence he receives, At present the 
exploitation opportunities are unknown, pending any East German Intelli- 

gence Service overture. The Chief, ANMCC was briefed on the incident. 


e. Operational Status: 


(1) In February 1976, the 902d MI Group selected Operation CANARY 
EFFORT for termination. Supported commanders were briefed on the termination 
in conjunction with the scheduled quarterly briefings. All confidential 
sources used in this ICIP have been terminated. The effective termination 
date for CANARY EFFORT is 31 March 1976. 


(2) During the quarter, the PLO presented 21 SAEDA/Threat/Security 
Awareness briefings to personnel assigned to supported activities at 
Fort Detrick and Fort Ritchie. . 

(3) The PLO presented the Quarterly Progress Briefing to LTC Dale 
S. Cockle, CDR, USACC ECTC, on 30 March 1976, 


(4) The PLO, on 1 April 1976, presented the Quarterly Progress 
Briefing to COL John S, Eberle, CDR, US Army Communications Command 
(USACC) Site R. 


(5) On 5 April 1976, the PLO gave the Quarterly Progress Briefing 
to the supported command, HQ, 7th Signal Command and Fort Ritchie, vith the 
following officials present: COL Harold G, deMoya, CDR, Ft Ritchie; COL 
John J. Plosay, Jr., Deputy CDR, Ft Ritchie and Mr. Joseph J, Carroll, 
Ácting Assistant Chief of Staff, Intelligence and Security, 7th Signal 
Command and Ft Ritchie. 
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"2. w CANINE PLATE (OACSI Revalidation - 4 Feb 75) 

. NY 


a. Location: Seneca Army Depot (SAD), Romulus, P 


b. Confidential Source Utilization: None 


c. Information Obtained or Reported on Non-Affiliated Civilians: 
None oh 


d. Useful Information Obtained: None 
e. Operational Status: 


Five conventional sources are contacted on a recurring basis by the 
Project Liaison Officer (PLO) in this operation; one of these plans 
retirement in July 1976. One newly contacted official source is in a 
position to assist in spotting potential new sources. No threat infor- 
mation was surfaced during this quarter. Qn 5 March 1976 the PLO pro- 
vided the Quarterly Briefing to LIC Earl Hain, Acting Depot Commander. 
LTC Hain was designated by COL Alden Cox, CDR, SAD, to receive the 
briefing during the absence of COL Cox .- 
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$i CANTER RIDE: (OACSI Approval - 4 Mar 75) 


a. Location: US Army Missile Command (USAMICOM), Redstone 
Arsenal, AL. 


b. Confidential Source Utilization: One 


c. Information Obtained or Reported on Non-Affiiliated Civilians: 
None 


d. Useful Information Obtained: None 
e. Operational Status; 


On i8 February 1976, COL Hassel Parker, CDR, 902d MI Group, with 
the Project Liaison Officer (PLO) in attendance, provided a special 
briefing on this operation to MG Turnmeyer, CDR, USAMICOM. CCL Lange, 
USAMICOM Chief of Staff, was also present during the briefing. As a 
result of the briefing, it was agreed by the participants that since the 
operation had accomplished its objective it should be terminated and the 
insert source should be extracted to reduce the risk of compromise. The 
CDR, USAMICOM expressed his deep appreciation for the information provided 
by the operation and concurred with the suggested termination. The source 
used in this operation has been debriefed and reassigned. The effective 
termination date for CANTER RIDE is 31 March 1976. 
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4. CANVAS TAX:  (OACSI Revalidation - 4 Feb 75) 
a. Location: Sierra Army Depot (SIAD), Herlong, CA 
b. Confidential Source Utilization: Two 


c. Information Obtained or Reported on Non-Affiliated Civilians: 


d. Useful Information Obtained: None 


e. Operational Status: 


(1) The two confidential sources are providing coverage of the 
Priority I activities of SIAD which are Exclusion Areas I and II. Two 
conventional sources and one casual source cover the Priority II activi- 
ties which are the staff and security organizations of the Depot. One 
individual assigned to the Special Weapons Section, Exclusion Area II 
is under assessment as a potential source. 


(2) The Quarterly Progress Report fot the 2d Quarter, FY 76, which 
had been postponed at the request of the CDR, SIAD, was presented by 
the Project Liaison Officer (PLO) on 13 Feb 76 to the following SIAD 
officials: COL Robert Hawlk, CDR, SIAD; LTC Robert Render, Deputy CDR; 
MAJ Robert Folster, Security Officer; CPT Wayne Heringer, Intelligence 
Officer and Mr, Anthony Tornabene, Assistant Intelligence Officer. The 
following personnel from the 525th MI Group also attended the briefing: 
COL Donald Bradbury, CDR; LTC Arthur McQueen, Operations Officer, and 
MAJ Trevor Bissey, CDR, San Francisco Field Office. 


(3) ICIP Sources have been tasked to report any significent counter- 
intelligence EEI or indicators of hostile intelligence activity impacting 
on Operation Rocking Force (U), a special weapons project presently in 
progress at SIAD, 


` (4) The Quarterly Progress Briefing for the 3d Quarter, FY 76, will 
be presented by the PLO on or about 30 April 1976 to the SIAD officials 
listed in paragraph 4e(2), above. 
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s. o CENSUS TIME: (OACSI Revalidation - 4 Feb 75) 


a. Location: Pentagon Telecommunications Center (PTC), US Army 
Communications Command (USACC), The Pentagon, Washington, DC 


b. Confidential Source Utilization: - None 


c. Information Obtained or Reported on Non-Affiliated Civilians: 
None 


d. Useful Information Obtained: 5 
(1) The Limited Investigation reported in the last quarter on the 
PTC NCO who had attempted suicide and allegedly had involved himself in 
financial troubles, drugs, and homosexuality was completed and referred 
to PTC for adjudication, The decision was made not to revoke the NCO's 
security clearance since he left the service on 9 April 1976 and vill 

be allowed to re-enlist. 


(2) During the course of an investigation of an enlisted WAC member 
of PTC who had a SECRET security clearance and who was Absent-Without-Leave, i 
was discovered that Criminal Investigation Command (CID), Ft Meyer was also 
investigating her for theft and trafficking in drugs. The Project Liaison 

Officer (PLO) and CID agents coordinated their mutual investigations. Drug 
charges are pending the results of laboratory tests of substances purchased 
from the WAC by CID informants. PTC has suspended the WAC's access to 
classified materíal pending completion of the investigation. 
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(3) The PLO arranged with appropriate 902d MI Group elements to 
present formal SAEDA briefings to all PTC personnel, including the PTC 
elements in the Hoffman and Forrestal Buildings. This project is scheduled 
for completion in the next quarter. 


e. Operational Status: 


(1) The Hoffman Telecommunications Center has been brought under 


coverage of this ICIP, as requested by COL Donald E. Clark, PTC Commander, 
in the previous quarter. 


(2) On 24 March 1976, the PLO presented the Quarterly Progress Briefing 
to COL Clark, CDR, PTC. CW2 Leonard Gross, Alternate PLO, was also present 
&t the briefing. : 
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| 6. ej CENTAVO KID: (OACSI Revalidation - 4 Feb 75) 
a. Location: Harry Diamond Laboratories (HDL), Adelphi, MD = 


Confidential Source Utilization: None 


g 
'. 


c. Information Obtained or Reported on Non-Affiliated Civilians: 


d. Useful Information Obtained; 


(1) As a follow-up implementation of "Lessons Learned" in the 
courtesy penetration test conducted at HDL's Adelphi Facility in the 
previous quarter, the Project Liaison Officer (PLO) and the HDL Security 
Officer prepared and delivered a series of lectures and classes to the 
HDL Guard Force on the penetration test. The Guard Force is operating 
under new instructions designed to thwart attempted. penetrations. A 
new HDL Badge and Pass System, utilizing a magnetic coded badge and a 
computer control device, will be started in mid-1976. 


(2) The PLO delivered lectures on the penetration test conducted 
at HDL to the faculty and students of the'Counterintelligence Dept, 
US Army Intelligence Corps School, Fort Huachuca, AZ, on 20 and 21 
January 1976. 


(3) The PLO, assisted by other 902d MI Group personnel conducted 
several technical inspections at HDL. The PLO provided advice and 
assistance at several design meetings concerning new buildings at HDL. 


(4) Other security advice was provided by the PLO to the Woodbridge 
Research Facility (WRF), Woodbridge, VA, and the Gaithersburg Test Site 
(GTS), Gaithersburg, MD. The PLO assisted in devisiing Operational 
Security techniques at these sites, the only HDL facilities at which 
outdoor testing takes place. 


e. Operational Status: 


On 16 March 1976, the PLO presented the Quarterly Briefing to MAJ 
Kenneth F. Keller, Executive Officer, HDL, and Mr. James F. Yeick, 
Security Officer, HDL. 
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Te y GONDOLA STAR: (OACSI Revalidation - 11 Jul 75) 


a. Location: Aberdeen Proving Ground (APG), and Edgewood 
Arsenal, Aberdeen, MD 


b. Confidential Source Utilization: Eight 


c. Information Obtained or Reported on Non-Affiliated Civilians: 
None 


d. Useful Information Obtaíned: 


A confidential source identified an individual in the Biomedical 
Laboratory, Edgewood Arsenal, as an alien enlistee. Project personnel 
briefed the appropriate security personnel and a background investiga- 
tion, to include a polygraph examination, was initiated. The investi- 
gation had not been concluded at the close of the quarter. 


e. . Operational Status: 


(1) On 23 March 1976, the PLO presented the Quarterly Progress 
Report to COL Alvin D. Ungerleider, CDR, APG, on those activities 
pertaining to the Aberdeen area. Mr. Harry A. Mencke, Installation 
Intelligence Officer, APG, was present also. 


(2) On 25 March 1976, the PLO presented the Quarterly Progress 
Report on Edgewood Arsenal activities to COL Kenneth L. Stahl, CDR, 
Edgewood Arsenal, with CPT Vincent J. Falconio, Chief, Security Office, 
Edgewood Arsenal, also present. 


WE 

GRADED UNCUAS? 

RES : Tr : FOP 

a cos 603 DoD gx 

Puta PARA t Classe by i... Con. TT 

Exes TROM Feo 8v "UTICA TION 

BC oe ore 
ERIGAUCUAER S 
EEATT ON 44 EC a sese on 


5$ $ 


See eee Fs Page 2084 of 3957 


l 

| 8. LENS HOLDER: (OACSI Revalidation - 4 Feb 75) 
] 

| a. Location: White Sands Missile Range (WSMR), NM 
b. Confidential Source Utilization: Two 


c. Information Obtained or Reported on Non-Affiliated Civilians: 


d. Useful Information Obtained: 


(1) A confidential source reported that unknown persons Had attempted 
on ll January 1976 to penetrate the TRADOC Systems Analysis Activity 
(TRASANA). On 12 January 1976, it was reported that an unidentified 
individual claiming to be a colonel had been permitted to enter the 
TRASANA Compound. These incidents were reported immediately to the 
Security Officer, TRASANA. An investigation by TRASANA security 
personnel disclosed that there was no substance to the ll January report 
and the person ín the second incident of 12 January was identified and 
found to be à legitimate entrant into the facility. The incidents did 
serve to illustrate the security awarenes$ of the source and tae 
personnel involved. ` 


(2) A source surfaced information on 4 February 1976 that two 
enlisted soldiers at TRASANA were engaged in drug trafficking, but in 
separate individual operations. Local on-post investigation resulted 
in apprehension of one of the individuals. All available information 
on the second individual was reported to the Sixth Region, US Army 
Criminal Investigation (CID) Command for appropriate action. 


(3) A confidential source reported in March 1976 in three reports 
that such devices as radios, tape recorders, and "pocket" digital calcu- 
lators were being brought into a TRASANA Exclusion Area by personnel 
having access to the area. These devices reportedly could affect the 
computers used in the area, some of which have classified data in storage. 
The Activity Security Officer has been briefed on these alleged practices 
and ICIP project personnel have been tasked to provide follow-up reports 
on action taken by the supported command. The information contained in 
the reports has been provided to the Counterintelligence Services and 
SAVE Team elements. at USAINTA as a matter of interest. 


e. Operational Status: 


(1) The two confidential sources provide coverage of TRASANA and 
the US Ármy Electronics Command, Office of Missile Electronics Warfare 
(OMEW), WSMR. One individual assigned to the US Army Missile Test and 
Evaluation Directorate is under assessment as a potential source. 
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(2) The Quarterly Progress Briefing, postponed at the request of 
MG O, L. Tobiason, CDR, WSMR, will be presented during the next quarter, 
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9. LENTIL MONKEY: (OACSI Revalidation - 4 Feb 75) 


a. location: Defense Language Institute (DLI), Presidio of 
i Monterey, CA 


b. Confidential Source Utilization: Eight 


c. Information Obtained or Reported on Non-Affiliated Civilians: 
None 


d. Useful Information Obtained: 


i (1): The female instructor in the Czechoslovakian Language Depart- 
ment reported in the last quarter as preparing to resign her position 
and return to Czechoslovakia now is reportedly having serious health 
problems. It is unknown if her health vill cause a change in her 
original plans, and the FBI to date has not indicated whether or not 
that agency has a continued interest in the instructor or her spouse. 


(2) A Polish Language Department instructor plans to visit his 
mother and a brother in Warsaw in mid-1976, a confidential source has 
learned. The instructor has submitted no formal request to DLi for the 
trip yet. The instructor's activities are monitored as a matter of 
intelligence interest because of his and his brother's travels. His 
brother, a medical doctor has visited in the US and Canada frequently 
over the last 20 years and was once detained by US Customs at the 
Canadian border for attempting to smuggle Communist propaganda into the 
US. During a 1975 visit to the US, the instructor's brother visited 
DLI, attended Polish Language Department functions, talked with and 
photográdhed the students.  USAINTA is monitoring the instructor's activities. 


(3) A Czech language instructor is continuing his efforts to obtain 
the release of his children from Czechoslovakia. A confidential source 
surfaced the most recent information that the Czech Government has in- 
formed the instructor he could get his children out of the country if he 
pays the Czech Governnent $66,000. ($6,000 for the cost of his time in a 
Czech prison and $60,000 as an educational tax on his and his wife's edu- 

. cation.) Source did not have further information on this particular as- 
pect, but reported that in mid-February 1976 the instructor gave many of 
the DLT Czech students a list of newly published books in the Czech 
language. The books are distributed by a Canadian firm, "Sixty Eight 
Publishers," Box 695 Station A, Toronto, Ontario M5W 1G2 Canada. The 
instructor told his classes that the Czech military had officially changed 
their method of counting for example, using "21" instead of "l and 20," 
Insignificant in itself, this last item indicates that the instructor is 
maintaining ties with Czechoslovakian officials.  USAINTA is monitoring 
the instructor's activities. 
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(4) Information developed from official sources during the 

f period disclosed that an instructor of the Russian Language Depart- 

' ment (RLD} apparently is suffering from mental problems. The instructor 
| has written letters to a California senator, a nationally syndicated 

i columnist, and the FBI, alleging that he is under surveillance of 

Soviet and US intelligence constantly and that his life is in danger. 
The Commander, USAINTA, provided a summary report on the instructor to 
the ACSI. The instructor later sent a telegram to the President of the 
United States. Both the FBI and the Secret Service have made inquiries 
into the matter. On 23 March 1976, the Commandant, DLI, took administra- 
tive action directing the instructor to undergo psychiatric evaluation. 
The instructor refused initially and was administratively suspended 

from tedching. At the end of the quarter, the instructor agreed to 

the examination and final disposition of the matter is pending. 


e. Operational Status: 


(1) As a result of the RLD incident described in d(4), above, the 
DLI Commandant has directed that the Civilian Personnel Office and 
Security Office screen records of faculty members for indications of 
mental problems. Once identified, action will be taken to obtain treat- 
ment for the individuals concerned. 


(2) Eight confidential sources were utilized during the quarter; 
three sources were terminated due to graduation. Four new confidential 
Bources were recruited, including one Technical Language Assistant (TLA). 
Fifteen individuals are under assessment as possible sources, including 
one instructor and one TLA. In addition to the confidentia! sources, 
there are 16 conventional sources providing coverage of seven language 
departments and the DLI staff. 


(3) On 29 March 1976, the PLO presented the Quarterly Briefing to 

| COL Samuel L. Stapleton, Commandant, DLI. Also present at the briefing 

1; were COL Donald K. Bradbury, CDR, 525th MI Group; MAJ Trevor Bissey, CDR, 
San Francisco Field Office, 525th MI Group; CPT Brendon A. Xiques, SAIC, 
Ft Ord Resident Office, 525th MI Group; and Mr. James Green, Asst Security 
Officer, DLI. 


| : '  REGRADED.UNCLASSIFIED 

ON a. 

| BY CDR uSiltuseos rovPO 
AUTH PARA 1-603 DoD 6200.1-R 


2 562 


7 AS 


rere rt 


b1 Per FBI 


Page 2088 of 3957 


ee "TM - . à > * h 
SECRET 
ICIP REPORT 
1 April 1975 to 31 March 1976 
Ie CANARY EFFORT: (OACSI Revalidation - 4 Feb 75) 


a. Location: Fort Ritchie, MD 
b. Information Obtained Off-Post and/or Reported on Non-Af'filiated 
Civilians: None 


c. Significant Information Obtained During Period 1 Apri) 75 - 
31 March 76: 

(1) Confidential and conventional sources employed in the operation 
surfaced information on adverse suitability pertaining to 86 employees 
at Fort Ritchie, all of whom had security clearances and access to one 
of the sensitive activities supported. The suitability information 
included the entire spectrum in this category - alcohol and drug abuse, 
moral improprieties and mental instability. In these instances investi- 
gative action was taken to refute or substantiate the allegations or the 
individuals were removed from access to classified information. About 
50% of the cases reported involved some degree of drug abuse; these were 
referred to the Criminal Investigation Command (CID) for action. 


(2) Two separate reports were received concerníng suspected Soviet 
Intelligence presence and interest in the activities of the supported 
installation. Details of these reports were provided the FBI in May 1975. 
In one instance an individual resembling a known KGB agent paid an unusual 
amount of attention to shipment of sensitive cargo to Fort Ritchíe; in the 
second instance an individual assigned to Fort Ritchie reported that a 


Second person "Ap. earn al 
in Hagerstown, MD. | b1 Per FBI 
| 


(3) An ICIP source reported a possible compromise occurred when 
thé Telecommunications Directorate, Site R, was tasked to prepare a 
special test tape containing test messages which could be used for coding 
and to devise compatibility between two computer systems. The test tape, 
though it consisted only of innocuous, unclassified messages, also con- 
tained fragments of sensitive, highly classified messages which had been 
picked up from residual magnetism on the reels of the equipment when the 
messages were recorded. This latter condition was mot discovered until 
processing to make the systems compatible took place, after the tape had 
lain unsecured, in open storage, for about six weeks. A command investi- 
gation of the incident followed and a determination was made that apparently 
a compromise had not occurred, but as a result of the incident, changed 
security* procedures were put into effect for the handling and storage of 
computer tapes, reels, and discs. 
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(4) Two possible SAEDA approaches to soldiers stationed at Fort 
Ritchie in January 1976 are currently under investigation by USAINTA 
and the FBI. Reports of a Fort Ritchie NCO Club bartender professing 
to be employed by the "CIA" and "military intelligence" are currently 
being investigated by USAINTA. 


(5) In March 1976, an Army NCO assigned sensítive duties at Fort 
Ritchie volunteered that he had contacted by letter zn agency of the 
East German Government. The NCO desired to make the matter of the 
contact part of official records in the event he should be later con- 
tacted by any agency or person from East Germany. Though the NCO's 
action was part of his research of his family history and ostensibly 
is an overt, sincere effort on his part, the East German Intelligence 
Services (EGIS) often take such opportunities to make intelligence 
approaches, especially if the US soldier-target has special clearances 
and access to sensitive information. The NCO is under instructions to 
report any responses to his letter. 


d. Operational Status: 


(1) CANARY EFFORT was first approved for implementation by OACSI, 
DA, on 11 June 1965. 


(2) Operation CANARY EFFORT to be terminated effective 31 March 76. 
Supported commanders were briefed on the termination action during the 
quarter ending 31 Mar 76. Ali confidential sources used in the ICIP have 
been terminated. 


a " m 


(4) The Operation yielded 69 information reports and 116 other 
reports which were chiefly verbal reports provided to the supported 
commanders. 


e. Comments: The ICIP at Fort Ritchie clearly has been a productive 
operation at a critically sensitive installation, Information obtained 
as a result of the ICIP and acted upon by the commanders concerned has 
served to strengthen the security of the installation, The 902d MI 
Gruop will continue to provide counterintelligence support to the installa- 
tion under an overt comprehensive counterintelligence support program. 
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iCIP REPORT 


1 April 1975 to 31 March 1976 


up CANINE PLATE: (OACSI Revalidation - 4 Feb 75) 
a. Location: Seneca Army Depot -{SAD), Romulus, NY 


b. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


c. Significant Information Obtained During Period 1 Apr 75 to 31 
Mar 76: There was no significant information obtaimed during the period 
and there were no indications of any overt threat to the installation. 


d. Operational Status: CANINE PLATE was first approved by OACSI, DA, 
for implementation on 18 Sep 73. Five conventional sources are contacted 
on a recurring basis by the Project Liaison Officer (PLO). One official 
sources is in a position to assist in spotting potemtial new sources. During 
the last year, the PLO expended a total of 400 manhours in the program. No 
funds were expended. No information of counterintelligence significance was 
surfaced in this period. Only conventional sources have been utilized in this 
operation, 


D—————— Ó 


e. Comments: The ínstallation's mission remaims the same, a supply 
depot for missile and artillery weapons systems with a nuclear capability. 
The Depot is considered a critically sensitive installation and a potential 
target for HOIS. However, there was no information reported to indicate 
the presence of any overt threat to the installation. 
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ICIP REPORT 


1 April 1975 to 31 March 1976 


on CANTER RIDE: (OACSI Approval - 4 Mar 75) 


a. Location: US Army Missile Command (USAMICUM), Redstone 
Arsenal, AL : 

b. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


c. Significant Information Obtained During Period 1 Apr 75 to 
“31 Mar 76: 


(1) An inserted covert confidential source was employed in this 
operation to attempt to learn the existing situatian in the Optical 
Guidance Technology Office (OGTO), Advanced Sensors Directorate, 
USAMICOM, when reports received in 1974 alleged that lax security 
practices had led ro loss and possible compromise of classified informa- 
tion and that several employees were engaging in sex orgies in offices 
during the day. In Sep 74, the CC, USAMICOM, conducted a Command 
Investigation as a result of these reports under the provisions of Army 
Regulation 15-6. As a result of that investigatiom, the CG, USAMICOM, 
requested that an ICIP operation be conducted in OGTO. The Source, 
once in place, had to rely chiefly upon elicitatiom to obtain his infor- 
mation because of his covert status, but during the period, did succeed 
in surfacing adverse suitability information on a civilian physicist 
with access to sensitive, SECRET information which indicated that he was 
probably the catalyst for the sexually-oriented actiivities of the OGTO 
employees. The employee, apparently obsessed with sex, had numerous 
extra-marital relations during the last five years. The Commander, 
USAMICOM, was provided a summary of information on the employee for 
appropriate command action. The employee transferred to another office 
in USAMICOM, which apparently broke up the clique amd Source could uncover 
no new evidence of continuing activities among the remaining employees. 


(2) In addition to the above, the Source provided substantiali 
information on security weaknesses in the supportedi command to include 
poor housekeeping practices, lack of control of reproduction facilities, 
lack of proper control of area access, lax security attitudes, and 
possible compromise of security badges through continued losses by indi- 
viduals. Source provided such security weakness amd hazard details to 
the Project Case Officer who relayed it to overt ME project personnel 
at Redstone. The Project Liaison Officer provided these reports to the 
USAMICOM Commanding General and appropriate security personnel who have 
taken actions to remedy the security weaknesses. 
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| : 
bseraciona Status: 
l 


: cy (ebanrer RIDE was first approved by OACSL, DA, for implementation 
i on 4 Mar 75. 


cie b1 o) 


Ge operation yielded one Summary of Information and several 
oral reports on security weaknesses. 


“bbs the result of an 18 Feb 76 briefing presented to the 

USAMICOM Commanding General, the MI Group conducting the Operation, 

the project personnel, and the supported commander concurred in findings 

that the Operation had accomplished its original objective and should 
therefore be terminated. The CG, USAMICOM, declared that the operation 
was a success. The insert Source used in the operation has been with- . 
drawn and reassigned. The CDR, USAINIA, and the ACSI verbally approved 

! the termination of CANTER RIDE on 20 and 23 Feb 76, respectively with an 
effective date of 31 Mar 76. 


e.(Wrouments: Counterintelligence support contimues to be provided 
by elements of the MI Group stationed at USAMICOM. 
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ICIP REPORT 


l April 1975 to 31 March 1976 


(2) CANVAS TAX: (OACSI Revalidation - 4 Feb 75) 


i l a. Location: Sierra Army Depot (SIAD), US Army Materiel Development 
j and Readiness Command (DARCOM) Herlong, CA 


b. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians:' None 


c. Significant Information Obtained During the Period 1 April 1975 
to 31 March 1976: 


(1) Reports alleged the use of illegal drugs by military personnel 
at SIAD. However, no details were available. 


—— — 


(2) Information was reported that an exclusion area personal identi- 
fication badge was missing and that an inquiry failed to find or determine 
how the badge was lost. As a result of the missing badge incident, new 

i identification badges were issued. 


(3) An enlisted man assigned to SIAD was charged with malicious 
damage of a generator at SIAD and his security clearance was revoked by 
the Commander, SIAD. 

d. Operational Status: 


(1) During the reporting period 616 manhours were expended and 14 
Agent Reports were submitted. 


2) TDY funds totalling $29.35 were expended; | b1 | 
RM 1 


(3) At the end of the reporting period two confidential sources were 
being used. 


e.. Comments: 


(1) This ICIP was administratively implemented in April 1974. 
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(2) The mission of the Sierra Army Depot (SIAD) is the operation of 
the Depot for the receipt, storage, issue, maintenamce, and disposal of 
missile and artillery weapons with a nuclear capability. Included in the 
items handled by SIAD are ammunition, special weapors materials, propellants, 
explosíve components of guided missiles, supplies, petroleum and chemical 
supplies, fire control test and measuring equipment, and other special 
weapons with a nuclear capability.  SIAD also maintains a capability for 
systems modification in support of the joint AEC/DOD test firing programs. 


(3) Sierra Army Depot is the major storage areae for special weapons 
in the western part of the US. The special weapous rhat formerly were 
located at the Safeguard anti-Ballistic Missile Site and Savanna Army 
Depot are now at SIAD, which elevates it to one of the most important 
special weapons repositories in the US. The Depot is located in a re- 
mote area and its contents make it not only of interest to hostile 
intelligence, but also a target of terrorist groups who are involved in 
nuclear theft and blackmail. 


(4) The Department of Army Sensitive Installation and Unit List, 
January 1976, lists SIAD as "Critically Sensitive (CS)." 


(5) A large portion of the work force is in exclusion areas so access 
to them on a daily basis is severely restricted for project personnel. 
Coverage of these areas by confidential sources thus becomes necessary for 
effective CI coverage. A 20 Sep 75 report of the Nuclear Defense Agency 
entitled "Adversary View and Support - Nuclear Weapam Site Security; 
Adversary Capabilities," in assessing terrorist groups tactics employed 
to acquire a nuclear device and options available, ciites the method most 
likely to succeed as one in which a member of the regular work force has been 
approached, recruited and is on the terrorist groups payroll. The detection 
of this type of activity among members of a work force in an exclusion area 
is greatly enhanced by employing a confidential sourice program. At the close 
of the reporting period, two confidential sources were being utilized in the 
operation to cover the Priority I Exclusion Area, A third individual is under 
assessment as a potential confidential source. 


(6) Hostile intelligence services have high priority collection objectives 
pertaining to such activities as those conducted at SIAD. 


(7) The SIAD, as outlined briefly in subpara (5) and (6), above, 
appears highly vulnerable to a double threat, that posed by the in- 
creasingly active terrorist groups who operate on a global scale and the 
ever present threat of HOIS penetration, The ICIP is necessary as an 
additional means to provide "early warnings" to assist the Commander in 
formulating necessary plans and taking proper actiom to protect the 
sensitive and highly-destructive special weapons stored at this location. 
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(8) At the most recent Quarterly Briefing on 13 Feb 76, the SIAD 
Commander indicated that he was pleased wíth the type of support being 
provided and requested continuation of the ICIP. 
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ICIP REPORT 


B: "X April 1975 to 31 March 1976 
CENSUS TIME: (OACSI Revalidation - 4 Feb 75) 
a. Location: Pentagon Telecommunications Center (PTC), US Army 


Communications Command (USACC), The Pebtagony Washington, DC. 


b. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


c. Significant Information Obtained During the Period 1 April 1975 
to 31 March 1976: 


| (1) An ICIP source reported that a PTC civilian employee was trans- 
ferred from the coding and decoding section because he had coded an 
Obscene message that was to be sent to an overseas user. Additionally, 
the ICIP source provided information concerning possible security viola- 
tions involving the employee. Because of the employee's questionable 
suitability characteristics and conduct he was assigned to a job in PTC 
requiring minimum contact with classified information. Supervisors will 
continue to monitor his conduct and activities. 


(2) An Army NCO assigned to PTC attempted to commit suicide by 
slashing his wrists. As a result of the information gained concerning 
the suicide attempt a Limited Investigation was initiated. The NCO was 
assigned to the Logistics Branch, PTC, pending results of the investiga- 
tion, The investigation revealed that the NCO has a large number of 
outstanding debts, has lied on loan applications, and had ordered a 
1976 automobile which cost in excess of five thousand dollars.  Inter- 
views concerning the NCO revealed alleged drug usage and homosexuality. 
The Limited Investigation was completed and referred to PTC for adjudica- 
tlon. The decision was made not to revoke the NCO's security clearance 
since he left the service on 9 April 1976 and will not be allowed to 
re-enlist. 


(3) Adverse suitability information was reported on two additional 
NCOs assigned to PTC. Based on medical reports and rebellious attitudes 
one NCO was released from the Army by board action. The second NCO 
after a night of heavy drinking began hitting his wife when she tried 
to arouse him after he had "passed out." The wife filed assault charges 
with the Military Políce but withdrew them later. The PTC commander 
counselled the NCO on his drinking and marital problems and assigned 
him duties where he has no access to classified information. 
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: (4) During the course of an investigative of an enlisted WAC member 
i of PTC who was absent-without-leave (KAWOL Investigation), it was discovered 
i that the CID was also investigating her for theft and trafficking in drugs. 

l ' The MI representative and CID agents coordinated their mutual investigations, 
: . PTC bas suspended the WAC's access to classified material pending completion 
i : of the investigation, . 


d. Operational Status: 


(1) CENSUS TIME vas first approved by OACSI, DA, for implementation 
on 5 Feb 74. " 


(2) During the period of 1 April 1975 to 31 March 1976, 726 manhours 
were expended, no TDY or ICF funds were used. The operation produced 
seven information reports. One confidential source was used during the 
period but was terminated during the latter part of the period. 


e. Comments: The PTC operations include an extremely high volume 
Of ultra sensitive classified traffic processed at the highest level, 
and includes the cryptographic support rendered to the JCS, the NMCC, 
departments and executive agencies of the government, allied embassies, 
and the United Nations Building in New York. The PTC remains a potential 
target for HOIS; however, there is no information reported to indicate 
the presence of any identified threat to the installation, 
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(1 April 1975 to 31 March 1976 - 
[^ CENTAVO KID: (OACSI Revalidation - 4 Feb 75) 
a. Location: Harry Diamond Laboratories, (HDL), Adelphia, MD 


b. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


c. Significant Information Obtained During Periiod 1 Apr 75 - 
3i Mar 76: 


(1) Information was received that a First Secretary at the USSR. 
Embassy, Washington, DC had visited HDL on two occasions. On one 
occasion he attended a meeting of the Institute of Electrical and Elec- 
tronics Engineers, INC., a professional society for engineers which 
was held in the auditorium of HDL. The subject matter presented during 
the meeting was unclassified. At a second meeting of the society the 
Soviet Embassy official was denied entry.. A report of the incidents 
were provided to the FBI and the Commander, HDL, made a determination 
that the society could no longer hold meetings at HDL in order to pre- 
clude any potential security threat. 


(2) On two occasions an unidentified light aircraft flew over the 
test site, Woodbridge Research Facility (WRF), HDL, where a series of 
tests on foreign equipment under the Range Emory program was in progress. 
In both instances the aircraft circled over the Range Emory test cite 
for about 5-7 minutes. The overflights are being imvestigated in coordi- 
nation with the FBI. . 
(3) An employee, HDL, made allegations of immoral activities by 
| members of the HDL Security Office and a group at the Van Ness Avenue 
Facility, HDL. The employee claimed that she was being followed by 
menbers of the HDL Security Office. After investigating the employee's 
story, the Commander, HDL, believed that she was suffering from psychiatric 
problems and would have her visit a psychiatrist for a complete evaluation. 


(4) Suitability information concerning an employee of the Woodbridge 
Research Facility (WRF) a branch of HDL located in Woodbridge, VA, involved 
a problem of alcohol abuse. After counseling, the employee participated 
in a rehabilitation program. 
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(5) From 7 October to 6 November 75, a courtesy penetration test of 
HDL's Adelphi Facility was conducted. The penetrations were successful 
aod revealed several security weaknesses which were corrected by the 
supported command. As a result of the test a number of security guards 
were transferred and guard procedures were changed. In addition a new 
magnetic coded badge was approved for purchase in FY 77. As a follow-up 
implementation of "Lessons Learned" in the penetration test the ICIP 
Project Liaison Officer (PLO) and the HDL Security Officer prepared and 
delivered a series of lectures and classes to the HDL guard force on the 
penetration test. Additionally, the PLO delivered lectures on the 
penetration test to the faculty and students of the Counterintelligence 
Dept, US Army Intelligence Center and School, Fort Huachuca, AJ. 


. 


d. Operational Status: 


(1) During the reporting period 880 manhours were expendei, 18 
information reports were submitted and 41 memorandums were prepared and 
provided to the supported commander. 


(2) No TDY or[ bí frere expended. 


e. Comments 


(1) ICIP CENTAVO KID was approved by OACSI, DA, 18 Oct 73 and the 
supported commander was briefed on the implementation of the cperation 
on 12 November 1973. 


(2) The mission of the HDL includes critical sensitive research and 
development activities in support of the US Army. Some of the more sensi- 
tive activities include research into the hardening of communications 
equipment against nuclear weapons radiation; tests of nuclear warhead and 
missile systems to determine their ability to withstand nuclear weapons 
radiation; develop fuses for use with nuclear warheads and conducts develop- 
ment and testing of radiation hardened systems for Minutemen and Poseidon 
Missiles. 


(3) The installation remains a potential target for hostile intellizence 
services. 


2 604. 
2 
JEAN Link 
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ICIP REPORT 


1 April 1975 to 31 March 1976 ~ 


wy, 


} GONDOLA STAR: (OACSI Revalidation - 16 Jan 76) 


f a. Location: Aberdeen Proving Ground (APG) and Edgewood Arsenal 
: (EA), Aberdeen, MD 


b. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


m"————— 


c. Significant Information Obtained During Period 1 Apr 75 to 
31 Mar 76: 


(1) Confidential and conventional sources employed in the operation 
surfaced information on adverse suitability pertaining to 13 employees 
at Aberdeen Proving Ground/Edgewood Arsenal. The suitability ínformation 
included alcohol and drug abuse, moral improprieties, fraudulent claim 
on a TDY voucher and mental instability. .Action was taken to substantiate 
or refute the reported allegations. 


(2) Sources reported four instances of alien enlistees who were 
assigned to the sensitive installations. The Installation Intelligence 
Officer (IIO) was aware of the status of the four, that they did not 
have security clearances and had no access to classified information. 


=- veneer À ————————— M 


(3) Sources reported three instances of foreign travel during the 
period. One of these DOD affiliated employees who traveled tc the USSR 
after attending a scientific conference in Finland is being contacted by 
US Intelligence. In another instance, a DOD civilian employee visited Poland 
and Czechoslovakia for about one month in June-July 1975. The employee and 
his spouse allegedly visited relatives in both countries. The employee has 
been debriefed by USAINTA. Source reported that the employee plans to travel 
to these countries again in 1976. In another instance, husband and wife DOD 
employees took a Smithsonian Institution-sponsored tour to Moscow and 
Leningrad. The husband has been debriefed by USAINTA and the wife will be 
debriefed at her convenience. Source reported that the couple planned to 
take another trip to Russia in 1976. 


——————— ——ááá 


; l (4} Sources reported several instances of foreign contact by military 
i and DOD civilian personnel in the supported activity. In one instance a 
citizen of the Federal Republic of Germany was assigned on an exchange 
program to work until Sep 76. A report of a civilian DOD employee at 
Edgewood Arsenal with some unexplained periods of time in his background 
prompted a request for a Limited Investigation from the supported command. 


REGRADED UNCLASSIFIED Clasefied E acer a Tne: 

capt ren” eee 
zt CDR SEP eniNSCOM je EU 605 : o GF EZITE Ec “DER 
AUTH PARA 1- -603 DoD &20v. ens INIT CATEGORY 


- 2 = HS DECLACCIFY eU LA 


Page 2101of 3957 


A: j dc 


(5) Sources reported two instances of Swedish citizens visiting 
; the installations. It was determined that the one visit had been fully 
> coordinated with the proper officials. In the second instance, it was 
: determined that the visit had not been properly coordinated but that 
steps had been taken to insure the visitors would not be given access 
to classified information until guidance was provided by higher head- 
quarters. li 
(6) Sources reported numerous instances of security weaknesses or 
i poor security practices. These included unattended offices in which security 
| containers were left open, a CONFIDENTIAL document left unsecured over a three 
| day weekend, poorly controlled access to a classified scientific conference, 
movement of an office into a building in wbich no technical survey had been 
i conducted prior to the move, typewriter ribbons and carbon papers not being 
i disposed of as classified waste, and hígh-ranking civilian employee bringing 
| his eight year old son into a controlled access area where a classified 
test was being conducted and remaining overnight. 
| 
| 


d. Operational Status: 


(1) GONDOLA STAR was first approved Sy OACSI, DA for implementation on 
21 May 1965. On 18 Feb 75, the ACSI directed the termination of 12 ICIPS, 
including GONDOLA STAR, by 31 Mar 75. After reviewing correspondence 
initiated by the Commander, Aberdeen Proving Ground, which recommended 
that the ICIP GONDOLA STAR be continued, the ACSI reinstated the operation 
for a period of six months on 11 Jul 75, subject to a review after the six 
months elapsed. On 16 Jan 76, the ACSI approved continuation of the ICIP 
as an ongoing operation. The following statistics are for the period 11 Jul 
D |: 75 to 31 Mar 76: 


(a) During the reporting period 2,223 manhours were expenced and 84 
written information reports and 16 oral reports were submitted. [b1 ] 


(b) At the end of the reporting period eight confidential sources 
were being used in the operation. 


e. Comments: The ICIP has been a productive operation at a critically 
sensitive installation. Information obtained as a result of the ICIP and 
acted upon by the commanders concerned has served to strengthen the security 
of the installation. The 902d MI Group is conducting a comprehensive review 
of this operation for possible replacement of the operation by an overt 
counterintelligence support program. ; 
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ICIP REPORT 


1 April 1975 to 31 March 1976 


W 
s LENS HOLDER: (OACSI Revalidation - 4 Feb 75) 


8. Location: White Sands Missile Range (WSMR), NM 


b. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


c. Significant Information Obtained During Period 1 Apr 75 to 
31 Mar 16: 


(1) Several reports from confidential sources during the period 
indicated that employees in the TRADOC Systems Analysis Activity (TRASANA) 
and the Army Missile Test and Evaluation Directorate (ARMTED) were 
following poor security practices in daily activities and not adhering 
to security regulations for safeguarding sensitive classified information. 
These security hazards included leaving security containers open and 
unattended for periods during the day, failing to complete security 
forms affixed to classified material cofitainers, leaving classified 
material in work boxes after duty hours, and laxity on the part of 
security guards during night shifts. Security Officers of both TRASANA 
and ARMTED after being provided reports on these weaknesses briefed all 
their employees on requirements of WSMR Regulation 380-5 (Security 
Regulation) and reoriented all guard personnel on their security 
obligations. 


(2) A confidential source reported that a US Army Officer assigned 
to the Office of Missile Electronics Warfare (OMEW) was misappropriating 
computer parts and electronic equipment which he was taking home to build 
his own computer. A summary of available information was provided the 
US Army Criminal Investigation Division Command for investigation by that 
agency. The same confidential source reported on 4 Feb 76 that two en- 
listed soldiers in sensitive positions in TRASANA were engaged in drug 
trafficking, but in separate operations. Local on-post investigation by 


'the White Sands Missile Range Provost Marshal resulted in apprehension of 


one of the individuals. Information on the second soldier, allegedly 
involved in large-scale drug transactions and with criminal contacts, was 
reported to the Sixth Region, US Army Criminal Investigation Division 
Command for appropriate investigation. 


(3) A confidential source reported that unknown persons had attempted 
on 11 Jan 76 to penetrate TRASANA, which is an Exclusion Area. On 
12 Jan 76, the source reported an unidentified individual claiming to be 
a colonel had been permitted to enter the TRASANA Compound without the 
requirtd identification. Investigations by the TRASANA security personnel 
disclosed that there was no substance to the ll January report and the 
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person in the 12 January incident was identified and found to be a 

legitimate entrant into the facility. The incident did serve to 

illustrate the security awareness of the source and the personnel k 
involved. 


(4) A confidential source reported in March 1976 in three reports 
that devices, such as radios, tape recorders, and "pocket" digital 
calculators were being brought into a TRASANA Exclusion Area by 
personnel having access to the area. Many of the computers used in the 
area have classified information storage and the above-named devices 
allegedly can affect the computers' operations. The appropriate 
Security Officer has been appraised of these practices.  ICIP project 
personnel have been tasked to provide follow-up reports on actions 
taken by the supported command. The information has also been provided 
ag a matter of interest to the Counterintelligence Services and SAVE 
Team elements at USAINTA. 


d. Operational Status: 


(1) LENS HOLDER was first approved by the ACSI, DA, for implementa- 
tion on 16 Sep 74. 


v 


(2) Two confidential sources provide coverage of the twc principle 
supported activities, TRASANA and OMEW. An additional individual in the 
ARMTED is being assessed as a potential source. 


(3) During the reporting period, 1,053 manhours vere expended. 


b1 there were no TDY outlays. The operation 
produced 36 written information reports and 24 memorandums ard oral 
reports. 


e. Couments: 


(1) The mission of the White Sands Missile Range has remained un- 
changed since the inauguration of the ICIP and the previous OACSI revali- 
dation on 4 Feb 75. The mission of WSMR is to evaluate the Safeguard 
Missile System missile vulnerability studies, missile control systems, 
and perform pre-production tests and analyses of missile systems. The 
mission of WSMR makes it a prime target of hostile intelligence.  Activi- 
ties at WSMR which have Priority I requirements for support are TRASANA, 
OMEW, ARMTED, the National Range Operations Directorate, and the US Army 
Safeguard Systems Evaluation Agency. These elements develop electronic 
countermeasures techniques to nullify vulnerabilities discovered in 
missile systems, conduct pre-production tests of rocket and guided missile 
Systems, operate a nuclear effects facility and operare National Range 
Facilities for tests conducted at WSMR. 
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(2) The operation to date has proven to have value as an adjunct 
to the installation security program. The isolation of the installa- 
tion, dispersion of many of its facilities, and the extent and nature 
of its computer facilities and missile testing ranges present a lucra- 
tive target for hostile intelligence service (HOIS) penetration.  USMR's i 
proximity to the US-Mexican border renders it vulnerable to HOIS | 
operations based in a foreign country. Admittedly, the operation to | 
date has not surfaced hard evidence of HOIS presence or penetration, | 
but the scope of the threat must be recognized. Details of activities 
conducted at the site are of current interest to HOIS. The two-pronged 
capability of the ICIP, that is, extensive use of owert sources of all 
types, plus the covert effort exemplified by the confidential sources, 
appears to be necessary coverage at this time with the best potential 
for detection and discovery of HOIS activities. 
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ICIP REPORT 


yr 1 April 1975 to 31 March 1976 
(of inm MONKEY:  (OACSI Revalidation - 4 Feb 75) 


a. Location: Defense Language Institute (DLI), Presidio of 
Monterey, CA " 


b. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


c. Significant Information Obtained During Period 1 Apr.75 to 
31 Mar 76: 


(1) A source in the Chinese-Mandarin Language Department furnished 
information concerning a temporary instructor of that department who 
closely questioned her students about their knowledge of their future 
duties and assignments. She frequently expressed her displeasure in 
the task of teaching Chinese to students which would enable them to 
"conduct spying activities" directed at the People's Republic of China 
(PRC). The instructor also displayed a-rebellious and uncooperative 
attitude toward necessary DLI administrative requirements. Forn in 
Canton, China, she was a British citizen and no evidence of a pre- 
employment investigation could be found. DLI refused to renew her con- 
tract vhen it expired in Sep 75 and she departed DLI in that month. 


(2) A Confidential Source reported information on an instructor of 
the German Language Department who travelled to East Germany in míd-1975 
without notification or permission from DLI authorities. Upon completion 
of the travel, the instructor was admonished officially and informed that 
any future violation of the DLI regulations on foreign travel would re- 
sult in temporary suspension. 


(3) A visitor to the Russian Language Department in May 75 requested 
copies of training material used in the Russian Dept, claiming that he 
wanted it to use for language training in his reserve unit. The visitor 
was given two unclassified training exercises. Subsequent investigation 
identified the visitor and established that he was a former graduate of 
Russian at DLI, and additionally, that he was a bona fide member of a 
California-based Army Reserve unit. The incident, although not of a major 
significance as proven by the later investigation, did serve to underscore 
& need for better visitor control at DLI. The Director, DLI, placed 
special emphasis on this and the need for all personnel to be alert for 
unauthorized visitors and proper procedures for handling them. New visi- 
tor requirements and restrictions were published and distributed through- 
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(4) An instructor in the Hungarian Language Department travelled 

to Hungary in Sep 75 with a stated purpose of visiting relatives. A 
review of the instructor's file revealed extensive foreign travel in 
Europe since 1971 and frequent contact with relatives and other persons 

i in Hungary. File checks and inquiries of other agencies failed to re- 
veal any substantial derogatory information concerning the irstructor, 
but the potential hostage situation is evident in the continuing con- 
tacts. Monitoring of the instructor's activities continues. 


i (5) An ICIP source reported that an instructor in the Russian 

] Language Department allegedly is a former member of the Soviet Army's 

; equivalent to the US Army Security Agency who while in the Soviet Army 
received special training in English. This instructor left the USSR 

in Apr 74 and was hired at DLI in Oct 74. A coworker of the instructor 
left the Soviet Union in Apr 75 and was also hired as an instructor at: 
DLI in Jul 75. Both of the instructors taught together at the Leningrad 
Herzen Pedagogical Institute in Leningrad in the late 1960s and early 
1970s. The sequence of these events illustrate how quickly these indi- 
viduais are able to secure employment after leaving the USSR, employment 
in which they are placed in extremely close contact with US intelligence 
personnel. Monitoring of the activities of these individuals continues. 


(6) Two instructors in the Bulgarian Language Department who are 
man and wife were accused by fellow faculty members at DLI of being 
communists because of the unexplained details of their emigration to 
the West and the manner in which they left Bulgaria. The allegations 
led to charges and countercharges; full details of the incident were 
provided the FBI. The wife remains at DLI as an instructor, but as of 
the close of the reporting period on 31 Mar 76, the husband was employed 
elsewhere and no longer DOD-affiliated. 


(7) A DLI employee of the Hebrew Project at DLI also created 
considerable internal dissension and bickering within the Hebrew Depart- 
ment when he maintained close contact with the Israeli Consulate in San 
Francisco. This caused associates to become suspicious of his motives 
gnd high level contacts. The employee, an alien with an impressive 
background, including possible intelligence activities, later applied 
for employment with the National Security Agency (NSA), which has been 
provided all information availabie to USAINTA. 


(8) A confidential source reported that a Czechoslovakian Language 


Department (CLD) instructor was planning to withdraw her retirement fund 
Money and return to Czechoslovakia with her two sons, allegedly to live 
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(9) A second CLD instructor has disclosed to several sources over 
the last two years his continuing efforts to obtain the release of his 
children from Czechoslovakia. The Czech Government recently informed 
the instructor that he could obtain the release of his children if he 
pays the Czech Government $66,000 as reimbursement for the cost of the 
time the instructor spent in a Czech prison and an education tax on the 
education acquired in Czechoslovakia by the instructor and his wife. 

The instructor disclosed that the Czech military had changed its method 
of counting. The reports indicate that the instructor is maintaining 
close, continuing ties with Czech Covernment officials and that a hostage 
Situation with his children exists. Monitoring of his activities 
continues. 

(10) Monitoring also continues on activities of a Polish Language 
Department (PLD) instructor who plans to visit his mother and a brother 
in Warsaw in mid-1976. The instructor has not applied formally to DLI 
for approval for the leave and the trip. The instructor frecuentiy 
has travelled in the past to Europe. His brother, a medical doctor aiso 
travels extensively, and has been in the US and Cauada often during the 
last 20 years. During a 1974 visit to the US, the instructor's brother 
visited DLI, attended PLD functions at DLI, talked with the US Army 
students at length and photographed many of the students in attendance. 
US Customs once detained the instructor's brother at the: Canadian border 
for attempting to smuggle Communist propaganda into the US; US Customs 
confiscated the propaganda. 


(11) An instructor in the Russian Language Department apparently is 
suffering from mental problems. The instructor has written to a 
California US Senator, a nationally syndicated columnist, and the FBI, 
alleging that he is constantly under surveillance by the Soviet KGB and 
US intelligence and further, that his life is in danger. The instructor 
also has sent a telegram to the President of the United States. Both 
the FBI and the Secret Service have made inquiries into the matter and 
conducted local investigations of the instructor. On 23 Mar 76, the 
DLI Commandant directed the instructor to undergo psychiatric evaluation. 
Initially, the instructor refused and was suspended from his duties 
administratively. At the end of the reporting period the instructor 
agreed to the examination. The results and final disposition are pending. 
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d. Operational Status: 


(1) LENTIL MONKEY was first approved by ACSI, DA, for irplementation 
on ll September 1967. 


2) During the reporting period, 4,603 manhours were expended. 


(3) Production consisted of 360 written information reports and 
220 Memorandums and oral reports. 


nm—————M——"Ó€ a: 


(4) Eight confidential sources were active in the ICIP at the close 
of the period and additional coverage of language diepartments and 
administrative sections of DLI was obtained by 16 conventional sources. 


e. Comments: 


(1) The mission of DLI is to train DOD intelligence and communica- 
tions security specialists in every major foreign language. Military 
attaches, employees of the CIA and FBI, as well as other federal agencies, 
are also trained at DLI, making it an extremely enticing target for 
hostile intelligence service operatives. The majority of the faculty 
of DLI have foreign backgrounds, some have only recently arrived from 
Communist Bloc countries and rapidly achieved employment in an installa- 
tion where most of the students are in intelligence or destined for 
intelligence assignments upon graduation. Many of these instructors 
are in hostage situations by virtue of close, livimg relatives in the 
ComBloc countries with whom they maintain written contact and closer, 
if less frequent, personal contact. In maintaining contact with these 
ComBloc countries for any reason whatsoever, intelligence agencies of 
those countries in all likelihood have identified the instructors’ 
place of employment and may have contacted them undier one guise or 
another. 

(2) In addition to extensiveand frequent contacts with the govern- 
ments of HoIS, many instructors who probably are completely imbued with 
the American way of life and are now US citizens or who intend to become 
citizens, nevertheless are vulnerable targets. The instructors acquire 
personal acquaintances among many intelligence personnel and, in the 
course of teaching and associating with the military in year-long 
classes, learn of the students’ future assignments and do in some 
instances correspond with DLI alumnae after graduation. This unique 
characteristic of conditions at DLI serves to make the Institute an 
even more attractive target for HoIS approaches. 


- (3) As shown by statistics in paragraph d(2), and d(3), above, 
ICIP LENTIL MONKEY is the most productive of all the presently active 
ICIPS with a total of 360 written reports. Though 4,603 manhours were 
expended in the project, the actual cash outlay of} b1 for the 


year, the lowest cost figure for any of the active ICIPS. Viewed from 
the cost-yield ratio alone, this operation is an extremely successful, 
economical effort. 


Page 2109 of 395 


N 


&í5 


Page 2110 of 


3957 


P AE 
+ 


Page 21l1of 3957 


Period: 1 Apr 1975 to 31 Mar 1976 


INTERNAL COUNTERINTELLIGENCE PROGRAM 


ICIP INSTALLATION FIRST SOURCES AS INFO REPORTS MAN FUNDS 
INITIATED (1) OF 31 MAR 76 AR, SR OTHER HOURS  TDY CERNI 
REVALIDATED (R CONF. CONVEN 


CANARY EFFORT i/ USA Comm Cmd 1-JUN 65 3 o 69 is 31255 81 E 
Ft Ritchie, MD R-FEB 75 
CANINE PLATE 2/ Seneca Army Depot, 
AMC, Romulus, NY 
~~ “CANTER RIDE J/ | US Army Male Cmd z 
Redstone Arsenal, AL ‘ 
CANVAS TAX Sierra Army Depot, 
AMC, Herlong, CA 
CENSUS TIME 2/ Pentagon Telecom Ctr z 
USACC-CONUS, Wash DC -n. 
^ CENTAVO KID 2/ Harry Diamond Labs 
. AMC, Wash DC 
GONDOLA STAR Aberdeen Proving Gd BO | 
i Aberdeen, MD 
~~ ENS HOLDER White Sands Msle Rge, E --] 
; NM, TECOM, AMC 
* LENTIL MONKEY DLI, Pres of M, CA FEN 
TRADOC : 
TOTAL 24 51 589 447 | 14,4531] L,425||z — | 
l/ Terminated 31 Mar 76 Ciaxifiedbg |. CDR, USAINTA : 
2/ Terminated (Jun 76) EXEMPT FROM GENFRAT. DECLASSTFICATION 
after period covered SCHEDULE OF EX"^'7'7E ORDER 11653" 
by thia report " EXEMPTION GATEGORY 


CO IAL DEGLASSIFY ON___21 ec 2008 
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NT OF THE ARMY 
OFFICE OF THE ASSISTANT CHIEF OF STAFF FOR INTELLIGENCE 
WASHINGTON, D.C. 20310 


MEMORANDUM THRU: VIGR-GHEBF-OF-STAFF y- UNEFED -STATES ARMY /7..—.. acs, 


S Date Ta APR 90h 
COL Joh. 77:5. Exes., SAUS 


SUBJECT: Internal Counterintelligence Program (ICIP) (U)-- 
INFORMATION MEMORANDUM 


FOR: 


1. During the past quarter? six of the currently active Internal 


Counterintelligence Program (ICIP) operations provided information on 
incidents involving personnel suitability and conditions reflecting 
poor security practices or weaknesses. Reports of these relatively 
minor conditions were furnished the commanders of the supported commands 
who took immediate corrective action. 


2, (U) The total number of active ICIP operations remains at nine. 
Summaries of activity in these operations during the last quarter are 


inclosed. 

9 Inci ] iihi 
as (C) HAROLD R. A^RON 

Major General. GS 
CLASSIFIEU ACofs for Inteliizence 
ED umy 

REGRA -5 1991. pouPO 

ON SÉ gpinSCOM e ooo VP 

eY Soe 4-603 Do 

AUTH T 


Noted by the Under Secretary of the Army 

M with comment: "On next quarter's review, 

x ocT- DEC 757 please provide an analysis (of each ICIP 
wir for the past year) to include SEAPLSE Rer 


Pd 
or DERI s $7 p n 


Kolonel , 65 
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DEPARTMENT OF THE ARMY 
HEADQUARTERS 
U. S. ARMY INTELLIGENCE AGENCY 
FORT MEADE, MARYLAND 20755 


MAY 11 1976 


SUBJECT: Report of Internal Counterintelligence Program (ICIP) 
Operations (U) 


HQDA (DAMI-DOH/COL HAENDLE) 
WASH DC 20310 


1. ( During the 3d Quarter, FY 1976, two of the on-going ICIP 
operations were terminated effective 31 March 1976, CANTER RIDE at 
Redstone Arsenal, AL, and CANARY EFFORT at Fort Ritchie, MD. The 
Commander, USAINTA, and the ACSI verbally approved termination actions 
on 20 and 23 February 1976, and separate correspondence requesting 
formal termination was submitted to ACSI, DA, on 8 April 1976. The 
total number of active ICIP operations at the close of the 3d Quarter 
was seven. Summaries for each of these seven operations, plus the two 
which were terminated, are attached as TAB A, which is the quarterly 
report for the period ending 31 Mar 76. 


25 The former Project Liaison Officers (PLO) of the two terminated 
ICIPS, CANARY EFFORT and CANTER RIDE, are continuing to provide counter- 
intelligence support to the sensitive elements at Redstone Arsenal and 
Fort Ritchie. These activities now receive comprehensive assistance 
through an overt, all-source, multi-discipline effort named the Direct 
Support Comprehensive Counterintelligence Program (DSCCP). A review of 
ICIP Operations CANINE PLATE, CENTAVO KID, and CENSUS TIME is currently 
being conducted to determine which of these operations should be con- 


"fü to the DSCCP concept. 


3. Through a comment on the DAMI-DOH Information Memorandum to the 
Under! Secretary of the Army, subject: ICIP Program, dated 1 April 1976, 
the Under Secretary indicated that an analysis of each ICIP operation for 
the past year was to be provided with the next quarterly review. In 
compliance with those instructions, an analysis of each ICIP operation 
was made for the period 1 April 1975 to 31 March 1976. As a result of 
these analyses, five ICIPS (TAB B) are recommended for termination; four 
ICIPS (TAB C) are recommended for retention. At TAB D are statistics 


Cocco 1e CDR USAINTA 
Ee cs runes A 
de e os DB M. us ecce ms = 


5. 
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MIIA-S0-SA 
SUBJECT: Report of Internal Counterintelligence Program (ICIP) 


Operations (U) 


for each of the ICIP operations which are referred to in individual 
reviews. 
costs, manhours, and production for the nine ICIP operations covered 
in this analysis. 


These statistics provide a recapitulation of pertinent 


(U) Recommend approval of termination and retention actions in 
TABS B and C. 


~“; x^ 

: é / leg wet ec t 
4 Incl / Arad I. JENNINGS 7 
as Special Assistant (OPS) 

m2: 
a 
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MIIA-SO0-SA 


SUBJECT: Report of Internal Counterintelligence Program (ICIP) 
Operations (U) 


HQDA (DAMI-DOH/COL HAENDLE) 
WASH DC 20310 


y During the 3d Quarter, FY 1976, two of the on-going ICIP 
operations were terminated effective 31 March 1976, CANTER RIDE at 
Redstone Arsenal, AL, and CANARY EFFORT at Fort Ritchie, MD. The 
Commander, USAINTA, and the ACSI verbally approved termination actions 
on 20 and 23 February 1976, and separate correspondence requesting 
formal termination was submitted to ACSI, DA, on 8 April 1976. The 
total number of active ICIP operations at the close of the 3d Quarter 
was seven. Summaries for each of these seven operations, plus the two 
which were terminated, are attached as TAB A, which is the quarterly 
report for the period ending 31 Mar 76. 


2. The former Project Liaison Officers (PLO) of the two terminated 
ICIPS, CANARY EFFORT and CANTER RIDE, are continuing to provide counter- 
intelligence support to the sensitive elements at Redstone Arsenal and 
Fort Ritchie. These activities now receive comprehensive assistance 
through an overt, all-source, multi-discipline effort named the Direct 
Support Comprehensive Counterintelligence Program (DSCCP). A review of 
ICIP Operations CANINE PLATE, CENTAVO KID, and CENSUS TIME is currently 
being conducted to determine which cf these operations should be con- 
we to the DSCCP concept. 


3. Through a comment on the DAMI-DOH Information Memorandum to the 
Under Secretayy of the Army, subject: ICIP Program, dated 1 April 1976, 
the Under Secretary indicated that an analysis of each ICIP operation for 
the past year was to be provided with the naxt quarterly review. In 
compliance with those instructions, an analysis of aach ICIF operation 
was wade for the períod 1 April 1975 to 31 March 1976. As a result of 
these analyses, five ICIPS (TAB B) are recommended for termination; four 
ICIPS (TAB C) are recommended for retention. At TAB D are statistics 


S\IFIED a aE ee em iT 
pep Ut pen EU M = 
REGRA “5 CI MN 
ON NSC com FOUPO R 3 qu ala 
Bro DS 93 DoD 52004 i NECS d e . 
‘AUTH P 


i 
\ 


di Page 2116 of 3957 


MIIA-SO-58A 
SUBJECT: Report of Internal Counterintelligence Program (ICIP) 
Operations (U) 


for each of the ICIP operations which are referred to in individual 
reviews. These statistics provide a recapitulation of pertinent 
costs, manhours, end production for the nine ICIP operations covered 
in this analysis. 


5. (U) Recommend approval of termination and retention actíons in 


| 

| 4 Incl WILLIAM I. JENNINGS 

as Special Assistant (OPS) 
| 

| 


N 
BY CDR USAINSCOM FOVPO 


| 
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1. CANARY EFFORT:  (OACSI Revalidation - 4 Feb 75) 
a. Location: Fort Ritchie, MD 
b. Confidential Source Utilization: Three 


c. Information Obtained or Reported on Non-Affiliated Civilians: 
None 


d. Useful Information Obtained: 


(1) On 15 January 1976, the PLO, as a result of a liaison visit 
with the Baltimore Division of the Federal Bureau of Investigation 
obtained data on the presence of Sino-Soviet Bloc personnei travelling 
within the environs of the target areas and information on those Sino- 
Soviet bloc personnel residing temporarily in the environs of the 
target area. 


(2) On 28 January 1976 a member of the 572d Military Police Co, 
| Ft Ritchie, was approached by an unidentified individual at Hagerstown 
Junior College, Hagerstown, MD, who claimed to be employed at Site R. 
The individual described Site R in general terms, but made no attempt 
to elicit information from the soldier. Investigative efforts failed 
to identify the individual. All avaiiable information was provided the 
| Hagerstown Resident Office of the FBI. A USAINTA investigation of the 
incident is continuing. 


(3) On 28 January 1976, an unidentified individual approached a 
soldier assigned to the US Army Communications Command East Coast Tele- 
communications Center (USACCECTC) and requested a tour of that facility. 
The individual appeared interested in the antenna configuration of 
Satellite Communications/Direct Communication Links (SATCOM/DSL). The 
request for the tour was refused; the soldier reported the incident. 

All available information was provided the Hagerstown Resident Office of 
the FBI. USAINTA investigation of the incident is continuing. 


(4) During the reporting period information was developed on a 
Non-Appropriated Fund (NAF) employee who is a bartender, employed at the 
Tt Ritchie" NCO Club. The bartender allegedly claimed to patrons that 
she was in the employ of both "Military Intelligence" and the "CIA." 

An investigation is being conducted by USAINTA. 


(5) On 18 March 1976, a US Army NCO assigned sensitive duties in 
the Alternate National Military Command Center (ANMCC) volurteered 
information concerning his entering into correspondence with an agency 
of the East German Government. The NCO, who has been researching his 
family history for the last six years, was attenpting to obtain a record 
of the military service of his great-great grandfather in the period 
circa 1810. In the course of an inquiry to the Federal Republic of 
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Germany (FRG) Ambassador in Washington and the FRG Government, he vas 
advised to contact the German Historical Central Archives in East 
Germany. The NCO volunteered the information so it could be made a 
matter of official record in the event he should be contacted in any 
fashion by East Germany in the future. The Chief, ANMCC, was provided 
information on the above. The NCO was given a SAEDA briefing under 
the provisions of AR 381-12 with special emphasis on reporting proce- 
dures. The NCO will provide Army Intelligence with copies of any 
correspondence he receives in this regard. At present the opportunity 
for further exploitation appears minimal. 


e. Operational Status: 


(1) In February 1976, the 902d MI Group selected Operation CANARY 

EFFORT to be terminated and replaced by a Direct Support Comprehensive 

Counterintelligence Program (DSCCP) which is being developed by the 

902d MI Group. Supported commanders were briefed on the termination in 

conjunction with the scheduled quarterly briefings as described below. 

All confidential sources used in this ICIP have been terminated. The 
CDR, USAINTA, and the ACSI indicated verbal approval of the termination 
on 20 and 23 February 1976, respectively. The effective termination date 

for CANARY EFFORT is 31 March 1976. 


(2) During the quarter, the PLO presented 21 SAEDA/Threat/Security 
Awareness briefings to personnel assigned to supported activities at 
Fort Detrick and Fort Ritchie. 


(3) The PLO presented the Quarterly Progress Briefing to LIC Dale 
S. Cockle, CDR, USACC ECTC, on 30 March 1976. 


(4) The PLO, on 1 April 1976, presented the Quarterly Progress 
Briefing to COL John S. Eberle, CDR, US Army Communications Command 
(USACC) Site R. 


(5) On 5 April 1976, the PLO gave the Quarterly Progress Briefing 
to the supported command, HQ, 7th Signal Command and Fr Ritcnie, with the 
following officials present: COL Harold G. deMoya, CDR, Ft Ritchie; COL 
John J. Plosay, Jr., Deputy CDR, Ft Ritchie and Mr. Joseph J. Carroll, 
Acting Assistant Chief of Staff, Intelligence and Security, 7th Signal 
Command and Ft Ritchie. 
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2 (9 CANINE PLATE (OACST Revalidation - 4 Feb 75) 
a. Location: Seneca Army Depot (SAD), Romulus, NY 


v. Confidential Source Utilization: None f 
c. Information Obtained or Reported on Non-Affiliated Civilians: 
None 


d. Useful Information Obtained: “None 
e. Operational Status: 


Five conventional sources are contacted on a recurring tasis by the 
Project Liaison Officer (PLO) in thís operation; one of these plans 
retirement in July 1976. One newly contacted official source is in a 
position to assist in spotting petential new sources. Yo threat infor- 
mation was surfaced during this quarter. On 5 March 1976 the PLO pro- 
| vided the Quarterly Briefing to LIC Farl Hain, Acting Depot Commander. 
LIC Eain was designated by COL Alden Cox, CDR, SAD, to receive the 
briefing during the absence of COL Cox 
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3. “wr CANTER RIDE: (OACSI Approval - 4 Mar 75) 
4 


a. Location: US Army Missiie Command (USAMICOM), Redstone 
Arsenal, AL 


b. Confidential Source Utilization: One 


c. Information Obtained or Reported on Non-Affiliated Civilians: 


d, Useful Information Obtained: None 
e, Operational Status: 


On 18 February 1976, COL Hassel Parker, CDR, 902d MI Group, with 
the Project Liaison Officer (PLO) in attendance, provided a special 
briefing on this operation to MG Turnmeyer, CDR, USAMICOM. COL Lange, 
USAMICOM Chief of Staff, was also present during the briefing. As a 
result of the briefing, it was agreed by the participants that since the 
operation had accomplished its objective it should be terminated and the 
insert source should be extracted to reduce the risk of compromise. MG 
Turnmeyer expressed his deep appreciation for the information provided 
by the operation and concurred with the suggested termínation. The 
source used in this operation has been reassigned and will be debriefed 
subsequent to his 8 April 1976 reporting date. The CDR, USAINTA, and 
the ACSI, DA indicated verbal approval of the termination on 20 February 
and 23 February 1976, respectively. The effective termination date for 
CANTER RIDE is 31 March 1976. 


1 M ODK inu . 


BEEN a Page 2210f 3957 


4. ( CANVAS TAX:  (OACSI Revalidation - 4 Feb 75) 
a. Location: Sierra Army Depot (SIAD), Herlong, CA 
b. Confidential Source Utilization: Two 


c. Information Obtained or Reported on Non-Affiliated Civilians: 


d. Useful Information Obtained: None 
e. Operational Status: 


(1) The two confidential sources are providing coverage cf the 
Priority I activities of SIAD which are Exclusion Areas I and II. Two 
conventional sources and one casual source cover the Priority II activi- 
ties which are the staff and security organizations of the Depot. One 
individual assigned to the Special Weapons Section, Exclusion Area II 
is under assessment as a potential source. 


(2) The Quarterly Progress Report for the 2d Quarter, FY 76, which 
had been postponed at the request of the CDR, SIAD, was presented by 
the PLO on 13 Feb 76 to the following SIAD officials: COL Robert Hawlk, 
CDR, SIAD; LTC Robert Render, Deputy CDR; MAJ Robert Folster, Security 
Officer; CPT Wayne Heringer, Intelligence Officer and Mr. Anthony 
Tornabene, Assistant Intelligence Officer. The following personnel from 
the 525th MÍ Group also attended the briefing: COL Donald Bradbury, CDR; 
LTC Arthur McQueen, Operations Officer, and MAJ Trevor Bissey, CDR, San 
Francisco Field Office. 


(3) ICIP Sources have been tasked to report any significant counter- 
intelligence EEI or indicators of hostile intelligence activitv impacting 
on Operation Rocking Force (U), a special weapons project presently in 
progress at SIAD. 


(4) The Quarterly Progress Briefing for the 3d Quarter, FY 76, will 
be presented by the PLO on or about 30 April 1976 to the SIAD officials 
listed in paragraph 5e(2), above. 
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5. (C) CENSUS TIME: (OACSI Revalidation - 4 Feb 75) 


a. Location: Pentagon Telecommunications Center (PTC), US Army 
! Communications Command (USACC), The Pentagon, Washington, DC 


b. Confidential Source Utilization: None 


c. Information Obtained or Reported on Non-Affiliated Civilians: 
None 


d. Useful Information Obtained: 


(1) The Limited Investigation reported in the last quarter on the 
PTC NCO who had attempted suicide and allegedly had involved himself in 
financial troubles, drugs, and homosexuality was completed and referred 
to PTC for adjudication. The decision was made not to revoke the NCO's 
security clearance since he left the service on 9 April 1976 and will 
not be allowed to re-enlist. 


(2) During the course of an investigation of an enlisted WAC membe 
of PTC with a SECRET security clearance who was Absent-Without-Leave, it 
was discovered that CID, Ft Meyer was also investigating her for theft 

and trafficking in drugs. The Project Liaison Officer (PLO) and CID 
agents coordinated their mutual investigations. Drug charges are pending 
the results of laboratory tests of substances purchased from the WAC by 
CID informants. PTC has suspended the WAC's access to classified material 
pending completion of the investigation. 


= 


(3) The PLO arranged with appropriate 902d MI Group elements to 
present formal SAEDA briefings to all PTC personnel, including the PTC 
elements in the Hoffman and Forrestal Buildings. This project is 
scheduled for completion in the next quarter. 


e. Operational Status: 


(1) The Hoffman Telecommunications Center has been brought under 
coverage of this ICIP, as requested by COL Donald E. Clark, PTC Commander, 


in the previous quarter. 


(2) On 24 March 1976, the PLO presented the Quarterly Progess 
Briefing to COL Clark, CDR, PTC. CW2 Leonard Gross, Alternate PLO, was 


also present at the briefing. 
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K CENTAVO KID: (OACSI Revalidation - 4 Feb 75) 
i a. Location: Harry Diamond Laboratories (HDL), Adelphi. MD 
b. Confidential Source Utilization: None 


c. Information Obtained or Reported on Non-Affiliated Civilians: 
None 


d. Useful Information Obtained: 


(1) As a follow-up implementation of "Lessons Learned" in the 
courtesy penetration test conducted at HDL's Adelphi Facility in the 
previous quarter, the Project Liaison Officer (PLO) and the HDL Security 
Officer prepared and delivered a series of lectures and classes to the 
HDL Guard Force on the penetration test. The Guard Force is operating 
under new instructions designed to thwart attempted penetrations. A 
new HDL Badge and Pass System, utilizing a magnetic coded badge and a 
computer control device, will be started in mid-1976. 


(2) The PLO delivered lectures on the penetration test conducted 
at HDL to the faculty and students of the Counterintelligence Dept, 
US Army Intelligence Corps School, Fort Huachuca, AZ, on 20 ard 21 
January 1976. 


i (3) The PLO, assisted by other 902d MI Group personnel conducted 
: several technical inspections at HDL. The PLO provided advice and 
assistance at several design meetings concerning new buildings at HDL. 


(4) Other security advice was provided by the PLO to the Woodbridge 
Research Facility (WRF), Woodbridge, VA, and the Gaithersburg Test Site 
(GTS), Gaithersburg, MD. The PLO assisted in devising Operational 
Security techniques at these sites, the only HDL facilities at which 
outdoor testing takes place. HDL requested to be placed on distribution 
for the SATRAN II system but had not received any output from the system 
as of the close of the reporting period. 


e. Operational Status: 


On 16 March 1976, the PLO presented the Quarterly Briefing to MAJ 
Kenneth F. Keller, Executive Officer, HDL, and Mr. James F. Yeick, 
Security Officer, HDL. 
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8. LENS HOLDER:  (OACSI Revalidation - 4 Feb 75) 
a. Location: White Sands Missile Range (WSMR), NM 
b. Confidential Source Utilization: Two 


c. Information Obtained or Reported on Non-Affiliated Civilians: 
None 


d. Useful Information Obtained: 


(1) A confidential source reported that unknown persons had attempted 
on 11 January 1976 to penetrate the TRADOC Systems Analysis Activity 
(TRASANA). On 12 January 1976, it was reported that an unidentified 
individual claiming to be a colonel had been permitted to enter the 
TRASANA Compound. These incidents were reported immediately to the 
Security Officer, TRASANA. An investigation by TRASANA security 
personnel disclosed that there was no substance to the 11 January report 
and the person in the second incident of 12 January was identified and 
found to be a legitimate entrant into the facility. The incidents did 
serve to illustrate the security awareness of the source and the 
personnel involved. 


(2) A source surfaced information on 4 February 1976 that two 
enlisted soldiers at TRASANA were engaged in drug trafficking, but in 
separate individual operations. Local on-post investigation resulted 
in apprehension of one of the individuals. All available information 
on the second individual was reported to the Sixth Region, US Army 
Criminal Investigation Division Command for appropriate action. 


(3) A confidential source reported in March 1976 in three reports 
that such devices as radios, tape recorders, and "pocket" digital calcu- 
lators were being brought into a TRASANA Exclusion Area by personnel 
having access to the area. These devices reportedly could affect the 
computers used in the area, some of which have classified data in storage, 
The Activity Security Officer has been briefed on these alleged practices 
and ICIP project personnel have been tasked to provide follow-up reports 
on action taken by the supported command. The information contained in 
the reports has been provided to the Counterintelligence Services and 
SAVE Team elements at USAINTA as a matter of interest. 


e. Operational Status: 


(1) The two confidential sources provide coverage of TRASANA and 
the US Army Electronics Command, Office of Missile Electronics Warfare 
(OMEW), WSMR. One individual assigned to the US Army Missile Test and 
Evaluation Directorate is under assessment as a potential source. 


(2) The Quarterly Progress Briefing, postponed at the request of 
MG O. L. Tobiason, CDR, WSMR, will be presented during the next quarter. 
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Any GONDOLA STAR: (OACSI Revalidation - 11 Jul 75) 


a. Location: Aberdeen Proving Ground (APG), and Edgewood 
Arsenal, Aberdeen, MD 


b. Confidential Source Utilization: Eight 


c. Information Obtained or Reported on Non-Affiliated Civilians: 
None 


d. Useful information Obtained: 


A confidential source identified an individual in the Biomedical 
Laboratory, Edgewood Arsenal, as an alien enlistee. Project personnel 
briefed the appropriate security personnel and a background investiga- 
tioa, to include a polygraph exavination, was initiated. Tie investi- 
gation had not been concluded at the close of the quarter. 


e. Operational Status: 


(1) On 23 March 1976, the PLO pres nated the Quarter 

Report to COL Alvin D. Ungerleider, CDR, APG, on those c 
aining to the Aberdeen area. Wr. Harry A. Mencke, T 
liizence Officer, APC, was present also. 
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LENS HOLDER:  (OACSI Revalidation - 4 Feb 75) 
a. Location: White Sands Missile Range (WSMR), NM 
b. Confidential Source Utilization: Two 


c. information Obtained or Reported on Non-Affiliated Civilians: 


d. Useful Information Obtained: 


(1) A confidential source reported that unknown persons had attempted 
on li January 1976 to penetrate the TRADÓC Svstems Analysis Activity 
(IRASANA). On 12 January 1976, it was reported that an unidentified 
individual claiming to be a colonel had been permitted to enter the 
TRASANA Compound. These incidents were reported immediately to the 
Security Officer, TRASANA. An investigation by TRASANA security 
personnel disclosed that there was no substance to the 11 January report 
and the person in the second incident of 12 January was identified and 
found to be a iesitimate entrant into the facility. The incidents did 
serve to illustrate the security awareness of the source and the 
personnel involved. 


(2) A source surfaced infcrmation on 4 February 1976 that two 
enlisted soldiers at TRASANA were engaged in drus trafficking, but in 
separate individual operations. Local on-post investisation resulted 
in apprenension of one of the individuals. All available information d 
on the second individual vas reported to the Sixti Region, US Army 
Criminai Investigation Division Command for appropriate action. 

(33 A confidential source reported in March 1976 in three reports 
that such devices as radios, rape recorders, and "pocket" digital calcu- 
lators vere being brought into a TRASANA Exclusion Area bw personnel 
having access to the area. These devices reportediv could affect the 
computers used in the area, some of which have classified data in storage. 
The Aztivity Security Officer has been briefed or these alleged practices 
and ICTP project personnel have been tasked to provide rollow-up reports 
an action taken by the supported comand. The inforsation contained in 


the reports has been previded to che Counterintellizesnce Services and 
SAVE Team elements at USAINTA as a matter of interest. 

@. Operational Status: 

(1) The two confidential sources provide coverage of TRASANA and 
the US Arz- Elecirenics Command, Office of Missile ZEloctronics Warfare 
(OVEN), WSMR. mo inzividual assigned to the US Army Missile Test and 
Evaluation Directorate is under assessment as a potential source. 


(2) The Quarterly Progress Briefing, postponed at the request of 
MG O. L. Tobiason, CDR, WSHR, will be presented during the next quarter. 
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LENTLL MONKEY: (OACSi Revalidation - 4 Feb 75) 


(oe Defense Langusge Institute (DLI), Presidio of 
Monte 


b(Ujcontidential Source Utilization: Fight 


ef nformation Obtained or Reneeeed on Non-Affiliated Civilians: 
None 


d. Useful Information Obtained: 


afne female instructor in the Czechoslovakian Language Depart- 
ment reported in the last quarter as Po ing to resign her pos on 
and return to Czechoslovakia now is reportedly navins scrious he 


roblems. 
Referred 
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afu Polish Language Department instructo 
mother and a brother in Varsav in mid-1976,. a can? 
learned. The instructor has submitted nc H 
trip yet. The instructor's activitiss are monite 
intelligence interest because of his anc his bro 
brother, a medical doctor has visited in the US and Canada frecutriivy 
over the last 20 years and was oncc detained by US Customs at tni 
Canadian border for attempting to szuggle Communist propaganda int: tne 
US. During a 1974 visit to the US, the instructor's brother visite; 
DLI, attended Polish Language Department functions, talked with oni 
photograhed the students. USAINTA is monitoring the instructor's cctivities. 
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(3 Uy. Czech language instructor is continuing his efforts to obtain 
the release of his children frem Czechoslovakia., A confidential source 
surfaced the most recent information that the Czech Government has in- 
formed the instructor he could get his children our of tli country if he 
pays the Czech Government $66,000. ($6,000 for the cost of his tine in a 
Czech prison and $60,000 as an educational tax on his and his wife's edu- 
cation.) Source did not have further information on this particular as- 
pect, but reported that in mid-February 1976 the instructor gave many of 
the DLI Czech students a list of newly published books in the Czech 
language. The books are distributed by a Canadian firm, "Sixty Eight 
Publishers," Box 695 Station A, Toronto, Ontario M5W 1G2 Canada. The 
instructor told his classes that the Czech military had officially changed 
their method of counting for example, using "21" instead of "l and 20." 
Insignificant in itself, this last item indicates that the instructor is 
maintaining ties with Czechoslovakian officials.  USAJN1A is monitoring 
the instructor's activities. ga p= f DS, fan erra 
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(4) Information developed from official sources during the 
period disclosed that an instructor of the Russian Language Depart- 
ment (RLD) apparently is suffering from mental problems. The instructor 
has written letters to a California senator, a nationally syndicated 
coluzrist, and the FBI, alleging that he is under surveillance of 
Soviet and US intelligence constantly and that his life is in danger. 
! The Comzander, USAINTA, provided a summary report on the instructor to 

the ACSI. The instructor later sent a telesram to the President of the 

i United States. Both the FBI and the Secret Service have made inguiries 
into the matter. On 23 March 1976, the Commandant, DLI, took administra- 
tive action directing the instructor to undergo gsvehtartie evaluation. 
: The instructor refused initiallv and was administratively suspended 
! from teaching. At the end of the quarter, the instructor agreed to 
the examination and final disposition of the matter is pending. 


"P 


2. Operational Status: 


(1) As a result of the RLD incident described in d(4), above, the 
DLI Cemmsendant has directed that the Civilian Personnel Office and 
Security Office screen records of faculty mbers for indications of 
mental problems. Once identified, action will be taken to obtain treat- 
ment for the individuals concerned. 
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T omr ee ho ed tim 


ICIP REPORT 
l April 1975 to 31 March 1976 


QD aus EFFORT: (OACSI Revalidation - 4 Feb 75) 


a. Location: Fort Ritchie, MD 


b. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


c. Significant Information Obtained During Period 1 Apr 75 - 
31 Mar 76: 


(1) Confidential and conventional sources employed in the operation 
surfaced information on adverse suitability pertaining to 86 employees 
at Fort Ritchie, all of whom had security clearances and access to one 
of the sensitive activities supported. The suitability information 
included the entire spectrum in this category - alcohol and drug abuse, 
moral improprieties and mental instability. In these instances investi- 
gative action was taken to refute or substantiate the allegations or the 
individuals were removed from access to classified information. About 
50% of the cases reported involved some degree of drug abuse; these were 
referred to the Criminal Investigation Division for action. 


(2) Two separate reports were received concerning suspected Soviet 
Intelligence presence and interest in the activities of the supported 
installation. Details of these reports were provided the FBI in May 1975 
In one instance an individual resembling a known KGB agent paid an unusual 
amount of attention to shipment of sensitive cargo to Fort Ritchie; in the 
Second instance an individual assigned to Fort Ritchie reported that a 
second person whom he bad met claimed to be in contact with the Soviets | 
in Hagerstown, MD. As of 31 Mar 76, the FBI investigations of the reports : | 
were inconciusive. 


(3) An ICIP source reported a possible compromise occurred when 
the Telecommunications Directorate, Site R, was tasked to prepare a 
Special test tape containing test messages which could be used for coding 
and to devise compatibility between two computer systems. The test tape, 
though it consisted only of innocuous, unciassified messages, also con- 
tained fragments of sensitive, highly classified messages which had been 
picked up from residual magnetism on the reels of the equipment when the 
messages were recorded. This latter condition was not discovered until 
processing to make the systems compatible took place, after the tape had 
lain unsecured, in open storage, for about six weeks. A command investi- 
gation of the incident followed and a determination was made that 
apparently a compromise had not occurred, but as a result cf the incident, 
changed security procedures were put into effect for the handling and 
storage of computer tapes, reels, and discs. 
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cipes possible SAEDA approaches to soldiers stationed et Fort 
Ritchie-in January 1976 are currently under investigation by USAINTA 
and the FBI. Reports of a Fort Ritchie NCO Club bartender professing 
to be employed by the "CIA" and "military intelligence" are currently 
being investigated by USAINTA. 


Éin March 1976, an Army NCO assigned sensitive duties at Fort 
Ritchie volunteered that he had contacted by letter an agency of the 
East German Government. The NCO desired to make the matter of the 
contact part of official records in the event he should be lazer con- 
tacted by any agency or person from East Germany. Though the NCO's 
action was part of his research of his family history and ostensibly 
is an overt, sincere effort on his part, the East German Intelligence 
Services (EGIS) often take such opportunities to make intelligence 
approaches, especially if the US soldier-target has special clearances 
and access to sensitive information. The NCO is under instructions to 
report any responses to his letter. 


a foperat ional Status: 


a canam EFFORT was first approved for implementation by OACSI, 
DA, on 11 June 1965. 


(2 [) 1n Feb 76, the 902d MI Group selected Operation CANARY EFFORT 
to be terminated and replaced by an overt, direct support counterintelli- 
gence program. Supported commanders were briefed on the termination 
action during the quarter ending 31 Mar 76, All confidential sources 
used in the ICIP have been terminated. The CDR, USAINTA, anc the ACSI 
verbally approved the termination on 20 and 23 Feb 76, respectively. 


‘During the reporting period ^ bi SS | 
$80.00 in TDY and travel, and 3,25 


manhours were expended. 


(4 (t)The Operation yielded 69 information reports and 116 other 
reports which were chiefly verbal reports provided to the supported 
commanders. 


ef omments: The ICIP at Fort Ritchie clearly has been a productive 
operatión at a critically sensitive installation. Information obtained 

as a result of the ICIP and acted upon by the commanders concerned has 
served to strengthen the security of the installation. The 302d MI 

Group believes that effective counterintelligence support to the installa- 
tion can be continued under an overt comprehensive counterintelligence 
support program, which replaced the present ICIP effective 31 Mar 76. 


U)secormentatton: None, 
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ICiP REPORT 


1 April 1975 to 31 March 1976 
(Jef CANINE PLATE: (OACSI Revalidation - 4 Feb 75) 
a(UStocation: Seneca Army Depot (SAD), Romulus, NY 


b (Uyntormation Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


c(t\significant Information Obtained During Period 1 Apr 75 to 31 
Mar 76: There was no significant information obtained during the period 
and there were no indications of any overt threat to the installation. 


Operational Status: CANINE PLATE was first approved by OACSI, 
DA, for implementation on 18 Sep 73. During the reporting period 400 
manhours were expended in the ICIP. However, there were no reports 
submitted, no funds expended, neither TDY nor[bi  j]There were no confi- 
dential sources utilized, only conventional sources. 


ef! omments: The installation's mission remains the same, a supply 
depot for missile and artillery weapons systems with a nuclear capability. 
The Depot is considered a critical and sensitive installation; therefore, 
remains as a potential target for HOIS. However, there was nc information 
reported to indicate the presence of any overt threat to the installation. 
The MI Group has been conducting a thorough review of the ICIP to determine 
the advisability of terminating the operation. 


f (Ü)Recoumendation: That the ICIP CANINE PLATE be terminated but that 
increased overt liaison with additional security support be provided the 
installation commander. 


Page 21310f 3957 


Page 2132 of 3957 


FETTE 


ICIP REPORT 


l April 1975 to 31 March 1976 


SO CANTER RIDE: (OACSI Approval - 4 Mar 75) 


a. Location: US Army Missile Command (USAMICOM), Redstone 
Arsenal, AL 


b. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


Cc. Significant Information Obtained During Period 1 Apr 75 to 
31 Mar 76: 


(1) An inserted covert confidential source was employed in this 
operation to attempt to learn the existing situation in the Optical 
Guidance Technology Office (0GTO), Advanced Sensors Directorate, 
USAMICOM, when reports received in 1974 alleged that lax security 
practices had led to loss and possible compromise of classified informa- 
tion and that several employees vere engaging in sex orgies in orifices 
during the day. In Sep 74, the CG, USA'IICOM, conducted a Command 
Investigation as a result of these reports uzder the provisicns of Army 
Regulation 15-6. As a result of that investigation, the CG, USAMICOM, 
requested that an ICIP operation be conducted in OCTO. The Source, 
ence in place, had to rely chiefly upon elicitation to cbrain his infor- 
mation because of his covert status, but during the period, did succeed 
in surfacing adverse suitability information on a civilian physicist 
with access to sensitive, SECRET information which indicated that he was 
probably the catalyst for the sexuallv-oriented activities of the OCTO 
ezplcyees. The empleree, apparently obsessed with sex, had numercus 
extra~marital relations during the last five years. The Commander, 
USAMICOM, was provided a summary or informstien on t employee for 
appropriate command action. The explovee transferred to another office 
in USAMICOM, which apparently broke up the clique and Source could uncover 


M o 
no new evidence of continuing activities among the remaining employees, 


ne 


(2) In addition to the above, the Source provided substantial 
information on security weaknesses in the supported command to include 
poor housekeeping practices, lack of control of reproduction facilities, 
lack of proper control of area access, lax security attitudes, and 
possible compromise of security badges through continued losses by indi- 
viduals. Source provided such security weakness and hazard details to 
the Project Case Officer who relayed it to overt MI project personuel 
at Redstone. The Project Liaison Officer provided these reports to the 
USAMICOM Commanding General and appropriate security pcrsonrel whe have 
taken actions to remedy the security weaknesses. 
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d. Operational Status: 


(1) CANTER RIDE was first approved by OACSI, DA, for implementation 
on 4 Mar 75. 


(2) i he period 1,315 in TDY and travel expenses were 
incurred b1 EM | 


total of 697 manhours were expended in the operation. 


(3) The operation yielded one Summary of Information and several 
oral reports on security weaknesses. 


(4) As the result of an 18 Feb 76 briefing presented to the 
USAMICOM Commanding General, the MI Group conducting the Operation, 
the project personnel, and the supported commander concurred in findings 
that the Operation had accomplished its original objective and should 
therefore be terminated. The CG, USAMICOM, declared that the operation 
was a success. The insert Source used in the operation has been with- 
drawn and reassigned. The CDR, USAINTA, and the ACSI verbally approved 
the termination of CANTER RIDE on 20 and 23 Feb 76, respectively. 


e. Comments: Counterintelligence support continues to be provided 
by elements of the MI Group stationed at USAMICOM. 


f. Recommendation: None. 
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ICIP REPORT 
1 April 1975 to 31 March 1976 
er CANVAS TAX: (OACSI Revalidation - 4 Feb 75) 


a. Location: Sierra Army Depot (SIAD), US Army Materiel Command, 
Herlong, CA 


b. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


c. Significant Information Obtained During the Period 1 April 1975 
to 31 March 1976: 


(1) Reports alleged the use of illegal drugs by military personnel 
at SIAD. However, no details were available. 


(2) Information was reported that an exclusion area personal identi- 
fication badge was missing and that an inquiry failed to find or determine 
how the badge was lost. As a result of the missing badge incident, new 
identification badges were issued. 


(3) An enlisted man assigned to SIAD was charged with malicious 
damage of a generator at SIAD and his security clearance was revoked by 
the Commander, SIAD. 


d. Operational Status: 


(1) During the reporting period 616 manhours were expended and 14 
Agent Reports were submitted. 


(2) TDY funds totalling $29.35 were expended; there were no[b1 ] 
expenses. 


(3) At the end of the reporting period two confidential sources were 
being used. 


e. Comments: 
(1) This ICIP vas administratively implemented in April 1974. 


(2) The mission of the Sierra Army Depot (SIAD) is the cperation of 
the Depot for the receipt, storage, issue, maintenance, and disposal of 
missile and artillery weapons with a nuclear capability. Included in the 
items handled by SIAD are ammunition, special weapons materials, propellants, 
explosive components of guided missiles, supplies, petroleum and chemical 
Supplies, fire control test and measuring equipment, and other special 
weapons with a nuclear capability.  SIAD also maintains a capability for 
systems modification in support of the joint AEC/DOD test firing programs. 
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(3) Sierra Army Depot is the major storage area for special weapons 
in the western part of the US. The special weapons that formerly were 
located at the Safeguard anti-Ballistic Missile Site and Savanna Army 
Depot are now at SIAD, which elevates it to one of the most important 
special weapons repositories in the US. The Depot is located in a re- 
mote area and its contents make it not only of interest to hostile 
intelligence, but also a target of terrorist groups who are involved 
in nuclear theft and blackmail. 


(4) The Department of Army Sensitive Installation and Unit List, 
January 1976, lists SIAD as "Critically Sensitive (CS)." 


(5) A large portion of the work force is in exclusion areas so access 
to them on a daily basis is severely restricted for project personnel. 
Coverage of these areas by confidential sources thus becomes necessary 
for effective CI coverage. A 20 Sep 75 report of the Nuclear Defense 
Agency entitled "Adversary View and Support - Nuclear Weapon Site 
Security; Adversary Capabilities," in assessing terrorist groups tac- 
tics employed to acquire a nuclear device and options available, cites 
the method most likely to succeed as one in which a member of the.regular 
work force has been approached, recruited and is on the terrorist groups 
payroll. The detection of this type of activity among members of a work 
force in an exclusion area is greatly enhanced by employing a confidential 
source program. At the close of the reporting period, two confidential 
sources were being utilized in the operation to cover the Priority I 
Exclusion Area. A third individual is under assessment as a potential 
confidential source. 


(6) Hostile intelligence services have high priority collection 
objectives pertaining to such activities as those conducted at SIAD. 


(7) The SIAD, as outlined briefly in subpara (5) and (6), above, 
appears highly vulnerable to a double threat, that posed by the in- 
creasingly active terrorist groups who operate on a global scale and the 
ever present threat of HoIS penetration. The ICIP is necessary as an 
additional means to provide “early warnings" to assist the Commander in 
formulating necessary plans and taking proper action to protect the sen- 
sitive and highly-destructive special weapons stored at this location, 


(8) At the most recent Quarterly Briefing on 13 Feb 76, the SIAD 
Commander indicated that he vas pleased with the type of support being 
provided and requested continuation of the ICIP. 


f. Recommendation: In view of the above, recommend that ICIP 
CANVAS TAX be continued. 
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ICIP REPORT 


l April 1975 to 31 March 1976 
) CENSUS TIME: (OACSI Revalidation - 4 Feb 75) 


a. Location: Pentagon Telecommunications Center (PTC), US Army 
Communications Command (USACC), The Pentagon, Washington, DC. 


b. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


c. Significant Information Obtained During the Period 1 April 1975 
to 31 March 1976: 


(1) An ICIP source reported that a PTC civilian employee was trans- 
ferred from the coding and decoding section because he had coded an 
obscene message that was to be sent to an overseas user. Additionally, 
the ICIP source provided information concerning possible security viola- 
tions involving the employee. Because of the emplovee's questionable 
suitability characteristics and conduct he was assigned to a job in PTC 
requiring minimum contact with classified information. Supervisors will 
continue to monitor his conduct and activities, 


(2) An Army NCO assigned to PTC attempted to commit suicide by 
slashing his wrists. As a result of the information gained concerning 
the suicide attempt a Limited investigation was initiated. The NCO was 
assisned to the Logistics Branch, PTC, pending results of the investiga- 
tion. The investigation revealed that the NCO has a large number of 
outstanding debts, has lied on loan applications, and had ordered a 
1976 automobile which cost ín excess of five thousand dollars.  Inter- 
views concerning the NCO revealed alleged drug usage and homosexuality. 
The Limited Investigation was completed and referred to PTC for adjudica- 
tion. The decision was made not to revcke the NCO's security clearance 
since he left the service on 9 iprii 1976 and will not be allowed to 


re-enlist. 


(3) Adverse suitability information was reported on two additional 
NCOs assigned to PIC. Based on medical reports and rebellious attitudes 
one NCO vas released from the Army by board action. The second NCO 
after a night of heavy drinking began hitting his wife when she tried 
to arouse him after he had "passed out." The wife filed assault charges 
with the Military Police but withdrew them later. The PTC commander 
counselled the NCO on his drinking and marital problems and assigned 
him duties where he has no access to classified information. 
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(4) During the course of an investigation of an enlisted WAC 
member of PTC who was away-without-leave (KAWOL Investigation), it was 
discovered that the CID vas also investigating her for theft and 
trafficking in drugs. The MI representative and CID agents coordinated 
their mutual investigations. PTC has suspended the WAC's access to 
classified material pending completion of the investigation. 


d. Operational Status: 


(1) CENSUS TIME was first approved by OACSI, DA, for implementation 
on 5 Feb 74. 


(2) During the period of 1 April 1975 to 31 March 1976, 726 
manhours were expended, no TDY nor|D1 (funds were used. The operation 
produced seven information reports. One confidential source was used 
during the period but was terminated during the latter part of the period. 


e. Comments: The PTC operations include an extremely high volume 
of multimedia ultra sensitive compartmented classified traffic processed 
at the highest level of the military establishment command group being 
served, and includes the cryptographic operation, maintenance and logis- 
tical mission and support rendered to the JCS, the NMCC, departments and 
executive agencies of the government allied embassies, and the United 
Nations Building in New York. The installation remains as a potential 
target for HOIS; however, there vas no information reported to indicate 
the presence of any overt threat to the installation. The MI Group has 
been conducting a thorough review of the ICIP to determine the advisability 
of terminating the operation and implementing an overt direct Support 
comprehensive counterintelligence program. In view of the above the 
continuation of an ICIP is not warranted at this time. 


f. Recommendation: That the ICIP CENSUS TIME be terminated and an 
increased overt liaison with additional direct security support be pro- 
vided the installation commander. 
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ICIP REPORT 


2 April 1975 to 31 March 1976 


Ww 


"2 CENTAVO KID: (OACSI Revalidation - 4 Feb 75) — , 
a. Location: Harry Diamond Laboratories, (HDL), Adelphia, MD 


b. Information Obtained Off-Post and/or Reported on Non-Affiliated 


Civilians: None 


c. Significant Information Obtained During Period 1 Apr 75 - 
31 Mar 76: 


(1) Information was received that a First Secretary at tne USSR 
Embassy, Washington, DC had visited HDL on two occasions. On one 
occasion he attended a meeting of the Institute of Electrical and Elce- 
tronics Engineers, INC., a professional society for engineers which 
was held in the auditorium of HDL. The subject matter presented curing 
the mecting was unclassified. At a second meeting of the society the 
Soviet Embassy official was denied entry. A report of the incidents 
were provided to the FBI and the Cormander, HDL, made a determination 
that the society could no longer hoid meetings at HoL in order to prem 
clude any potential security threat. 


(2) On two occasions an unidentified light aircraft flew over che 
test site, Woodbridge Research Facility (WRF), HDL, where a serics of 
tests on foreign equipment uncer the Range Emory program v 
In both instances the aircraft circleü over the Range Emory test cite 

ccorci- 


for cbout 5-7 minutes. The overflights are being investigated ir c 
nation with the FBI. 


(3) An employee, HDL, made allegations of immoral activities by 
members of the HDI. Security Ofrice and a group at the Van Sess Avenue 
Facility, HDL. The employee claimed that she was being followed by 
members of the HDL Security Office. After investigating the emplevee's 
story, the Commander, HDL, believed that she was suffering from psychiat 

1 


problems and would have her visit a psychiatrist for a complete evaluat 


(4) Suitability information concerning an enployee of the Veedbriige 
Research Facility (WRF) a branch of HDL located in Woodbridge, VA, involved 
a problem of alcohol abuse. After counseling, the emplovee participited 


in a rehabilitation program. 
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(5) A courtesy penetration test of HDL's Adelphi Facility was 
conducted and revealed several security weaknesses which were corrected 
by the supported command. As a result of the test a number of security 
guards were transferred and guard procedures were changed. In addition 
a new magnetic coded badge was approved for purchase in FY 77. As a 
follow-up implementation of "Lessons Learned" in the penetration test the 
ICIP Project Liaison Officer (PLO) and the HDL Security Officer prepared 
and delivered a series of lectures and ciasses to the HDL guard force on 
the penetration test. Additionally, the PLO delivered lectures on the 
penetration test to the faculty and students of the Counterintelligence 
Dept, US Army Intelligence Corps School, Fort Huachuca, AZ. ‘ 

pe 
d. Operational Status 


(1) During the reporting period 880 manhours were expended, 18 in- 
formation reports were submitted and 41 memorandums were prepared and 
provided to the supported commander. 


(2) No TOY or{b1 |funds were expended. 
e. Comments 


(1) ICIP CENTAVO KID was approved by OACSI, DA, 18 Oct 73 and the 
Supported commander was briefed on the implementation of the operation 
on 12 November 1973. 


(2) The mission of the HDL includes critical sensítive research and 
development activities in support of the US Army. Some of the more sensi- 
tive activities include research into the hardening of communications 
equipment against nuclear weapons radiation; tests of nuclear warhead 
and missile systems to determine their ability to withstand nuclear 
weapons radiation; develop fuses for use vith nuclear warheads and 
conducts development and testing of radiation hardened systems for 
Minutemen and Poseidon Missiles. 


(3) The installation remains a potential target for HOIS and the 
hostiie intelligence service have an interest in the research and 
development activities of the type conducted at HDL. However, the amount 
of significant information surfaced by the ICIP does not warrant the 
expenditure of manhours at this time to continue the ICIP. 


(4) The MI Group is reviewing the ICIP with a view of terminating 
the program and instead implementing an overt direct support counter- 
intelligence program. 


f. Recommendation: That the ICIP CENTAVO KID be terminated and 
an overt direct support counterintelligence program be implemented. 


ICIP REPORT 


as 1 April 1975 to 31 March 1976 
P d GONDOLA STAR:  (OACSI Revalidation - 16 Jan 76) 


a. Location: Aberdeen Proving Ground (APG) and Edgewood Arsenal 
(EA), Aberdeen, MD 


b. Information Obtained Off-Post and/or Reported ob Non-Affiliated 
Civilians: None . 


c. Significant Information Obtained During Period 1 Apr 75 to 
31 Mar 76: 


(1) Confidential and conventional sources employed in the operation 
Burfaced information on adverse suitability pertaining to 13 employees 
at Aberdeen Proving Ground/Edgewood Arsenal. The suitability information 
included alcohol and drug abuse, moral improprieties, fraudulent claim 
on a TDY voucher and mental instability. Action was taken to substantiate 
or refute the reported allegations. 


(2) Sources reported four instances of alien enlistees vho were 
assigned to the sensitive installations. The Installation Intelligence 
Officer (110) was aware of the status of the four, that they did not 
have security clearances and had no access to classified information. 


(3) Sources reported three instances of foreign travel during the 
period. One of these individuals who traveled to the USSR after attend- 
ing a scientific conference in Finland is being exploited as a DOMEX 
lead. In another instance, a civilian employee visited Poland and 
Czechoslovakia for about one month in June-July 1975. The employee and 
his spouse allegedly visited relatives in both countries. The employee 
has been debriefed by USAINTA. Source reported that the employee plans 
to travel to these countries again in 1976. In another instance, husband 
and vife DOD employees took a Smithsonian Institution-sponsored tour to 
Moscow and Leningrad. The husband has been debriefed by USAINTA and the 
wife will be debriefed at her convenience. Source reported that the 
couple planned to take another trip to Russia in 1976. 


(4) Sources reported several instances of foreign contact by military 
and DOD civilian personnel in the supported activity. In one instance 
a citizen of the Federal Republic of Germany was assigned on an exchange 
program to work until Sep 76. A report of a civilian DOD at Edgewood 
Arsenal with some unexplained periods of time in his background prompted 
a request for a Limited Investigation from the supported command. 
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(5) Sources reported two instances of Swedish citizens visiting 
the installations. It was determined that the one visit had been 
fully coordinated with the proper officials. In the second instance, 
it was determined that the visit had not been properly coordinated 
but that steps had been taken to insure the visitors would not be 
given access to classified information until guidance was provided 
by higher headquarters. 


(6) Sources reported numerous instances of security weaknesses 
or poor security practices. These included unattended offices in which 
Security containers were left open, a CONFIDENTIAL document left un- 
secured over a three day weekend, poorly controlled access to a 
classified scientific conference, movement of an office into a building 
in which no technical survey had been conducted prior to the move, 
typewriter ribbons and carbon papers not being disposed of as classified 
waste, and a high-ranking civilian employee bringing his eight year old 
son into a controlled access area where a classified test was being 
conducted and remaining overnight. 


d. Operational Status: 


(1) GONDOLA STAR was first approved by OACSI, DA for implementation 
on 21 May 1965. On 18 Feb 75, the ACSI directed the termination of 12 
ICIPS, including GONDOLA STAR, by 31 Mar 75. After reviewing corre- 
spondence initiated by the Commander, Aberdeen Proving Ground, which 
recommended that the ICIP GONDOLA STAR be continued, the ACSI reinstated 
the operation for a period of six months on 11 Jul 75, subject to a re- 
view after the six months elapsed. On 16 Jan 76, the ACSI approved con- 
tinuation of the ICIP as an ongoing operation. The following statistics 
are for the period 11 Jul 75 to 31 Mar 76: 


(2) During the reporting period 2,223 manhours were expended and 84 
written information reports and 16 oral reports were submitted. The 
operation cost $700 in ICF, no TDY funds were expended. 


(3) At the end of the reporting period eight confidential sources 
were being used in the operation. 


e. Comments: The ICIP has been a productive operation at a 
critically sensitive installation. Information obtained as a result of 
the ICIP and acted upon by the commanders concerned has served to 
strengthen the security of the installation. The 902d MI Group is con- 
ducting a comprehensive review of this operation for possible replace- 
ment of the operation by an overt counterintelligence support program. 


f. Recommendation: Recommend that ICIP GONDOLA STAR be continued 
pending completion of the 902d MI Group review. 
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ICIP REPORT 


l April 1975 to 31 March 1976 
LEXS HOLDER:  (OACSI Revalidation - 4 Feb 75) 
a. Location: White Sands Missile Range (WSMR), NM 


b. Information Obtained Off-Post and/or Reported on Non-Aftiliated 
Civiiians: None 


c. Significant Information Obtained During Period 1 Apr 75 to 
31 Mar 76: 


(1) Several reports from confidential sources during the period 
indicated that employees in the TRADOC Systems Analvsis Activity (TRASAXA) 
and the Army Missile Test and Evaluation Directorate (ARMTED) vere 
rollowiag poor security practices in ipd activities and not adhering 
to security regulations for safeguarding sensitive classified infocmation. 
These security hazards included leaving security containers open and 
unattended for periods during the day, failing to complete security 
forms affixed to classified material containers, leaving classified 

material in work boxes after duty hours, and laxity on the part of 
Sccurity guards ee night shifts. Securicry ite of both 
and ARMTED after being provided renorts on these vaalnes sses brieted all 
their employees on requirements oi WSR Reguiation 330- 5 (Security 
Regulation) and reoriented all guard sersonnel on their security 


ooligations. 
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(2) A confidential source reported that a US Arm: Officer assigned 
to the Office of Missile Electrenics Varlarc (ONE zas misapprepriating 
computer parts and electronic equipment which he was taking home to build 
nis ovn computer. A summary of available information was provided the 
US Arm Criminal Investigation Division Co.zaad for investigation by that 
The same confidential source reported on 5 Feb 76 that tvo en- 
sisted soldiers in sensitive positions in TRASANA were engaged in drug 
raifickine, but in separate operations. Local on-posr investigation by 
ne White Sands Missile Range Provost Marshal resulted in epprehension of 
one of the individuals. Information on the second soldier, allegedly 
involved in large-scale drug transactions and with crininal contacts, 
reported to the Sixth Region, US Army Criminal Investigation Division 


Command for appropriate investigstion. 


et FF 
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(3) A vonfidential source reported thet unknown persons haa attempted 
on 11 Jan 75 to penetrate TRASANA, which is an Exclusion Area. On 

12 Jan 75, the source reported an unidentiried individual claiming to be 

a colonel had been permitted to enter the TRASANA Compound without the 


required ideatification. Investigations by the TRASANA security personnel 
disclosed that there was no substance to the Ll January report: and the 
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person in the 12 January incident was identified and found t5 be a 
legitimate entrant into thc facility. The incident did serve to 
illustrate the securíty awareness of the source and the personnel 
involved. 


(4) A confidential source reported in March 1976 in three reports 
that devices, such as radios, tape recorders, and "pocket" digital 
calculators were being brought into a TRASANA Exclusion Area by 
personnel having access to the area. Many of the computers used in the 
area have classified information storage and the above-namec devices 
allegedly can affect the computers' operations. The appropriate 
Security Officer has been appraised of these practices. ICIP project 
personnel have been tasked to provide follow-up reports on actions 
taken by the supported command. The information has also been provided 
as a matter of interest to the Counterintelligence Services and SAVE 
Team elements at USAINTA. 


d. Operational Status: 


(1) LENS HOLDER vas first approved by the ACSI, DA, for implementa- 
tion on 16 Sep 74. 


(2) Two confidential sources provide coverage of the two principle 
Supported activities, TRASANA and OMEW. An additional individual in the 


ARNTED is being assessed as a potential source. 


(3) During the reporting period, 1,053 manhours were expended. The 


operation cost[ b1  ]there were no TDY outlays. The operation 
produced 36 written information reports and 24 memorandums and oral 
reports. 


e. Comments: 


(1) The mission of the White Sands Missile Range has remained un- 
changed since the inauguration of the ICIP and the previous OACSI revali- 
dation on 4 Feb 75. The mission of WSMR is to evaluate the Safeguard 
Missile System missile vulnerability studies, missile control systems, 
and perform pre-production tests and analyses of missile systems. The 
mission of WSR makes it a prime target of hostile intelligence. Activi- 
ties at WSMR which have Pricrity T reauirements for Support are TRASANA, 
OMEN, ARMTED, the National Range Operations Directorate, and the US Army 
Safeguard Systems Evaluation Agency. These elements develop electronic 
countermeasures techniques to nullify vulnerabilities discovered in 
missile systems, conduct pre-production tests of rocket and guided missile 
systems, opernte a nuclear effects facility and operate National Range 
Facilities for tests conducted at WSR. 
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(2) The operation to date has proven to have value as an adjunct 
to the installation security program. The isolation of the installa- 
tion, disperson of many of its facilities, and the extent and nature 
of its computer facilities and missile testing ranges present a lucra- 
tive target for hostile inteiligence service (HoIS) penetration.  USMR's 
proximity to the US-Mexican border renders it vulnerable to HoIS 
operations based in a foreign country.  Admittedly, the operation to 
date has not surfaced hard evidence of HoIS presence or penetration, 
but the scope of the threat must be recognized. Details of activities 
conducted at the site are of current interest to HoIS. The two-pronged 
capability of the ICIP, that is, extensive use of overt sources of all 
types, plus the covert effort exemplified by the confidential sources, 
appears to be a necessary coverage at this time with the best potential 
for detection and discovery of HolS activities. 


f. Recommendation: Based on the above, recommend that ICIP LENS 
HOLDER be continued. 
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ICIP REPORT 


1 April 1975 to 31 March 1976 


LENTIL MONKEY:  (OACSI Revalidation - 4 Feb 75) 


a. Location: Defense Language Institute (DLI), Presidio of 
Monterey, CA 


b. Information Obtained Off-Post and/or Reported on Non-Afífiliated 
Civilians: None 


c. Significant Information Obtained During Period 1 Apr 75 to 
31 Mar 76: 


(i) A source in the Chinese-Mandarin Language Department furnished 
information concerning a temporary instructor oí that department who 
closely questioned her students about their knowledge or their future 
duties and assignments. She frequently expressed her displeasure in 
the task of teaching Chinese to students which would erable then to 
"conduct spying activities" directed at the People's Republic of China 
(PRC). The instructor also displayed a rebellious and uncecperative 
attitude toward necessary DLI administrative requirements. Born in 
Canton, China, she was a British citizen aud ro evidence of a pre- 
employment investigation could be found. DLI refused to renew her con- 
tract when it expired in Sep 75 end she departed DLI in that month. 


(2) A Confidential Source reported information on an instructor of 
the German Language Department who travetled to East Gerrany in wid-1975 
without notification or permission from PLI authorities. Upon conpletion 
of the travel, the instructor was admonished officially and informed that 
anv future violation of the DL? regulations on foreign travel would re- 
sult in temporary suspension. 


rae 


(3) A visitor to the Russian Languigs Department in May 75 requested 
copies of training material used in the Russian Dept, claiming that he 
wanted it to use for language training in nis reserve unit. The visitor 


was given two unclassified training exercises. Subsequent investigation 
identified the visitor and established that he was a former graduate of 
Russian at DLI, and additionally, that he was a bona fide member of a- 
California-based Army Reserve unit. The incident, althoush not of a major 
significance as proven by the later investigation, did serve to underscore 
a need for better visitor control at DLE. The Director, DLI, placed 
special emphasis on this dnd the need for all personne? to be alert for 
unauthorized visitors and proper procedures for handling them. New visi- 
tor requirements and restrictions vere published and distributed through- 
out DLE 
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(4) An instructor in the Hungarian Language Department travelled 
to Hungary in Sep 75 with a stated purpose of visiting relativos. A 
review of the instructor's file revealed extensive foreign travel in 
Europe since 1971 and frequent contact with relatives and cther persons 
in Hungary. File checks and inquiries of other agencies failed to re- 
veal any substantial derogatory information concerning the instructor, 
but the potential hostage situation is evident in the continuing con- 
tacts. Monitoring of the instructor's activities continues. 


(5) An ICIP source reported that an instructor in the Russian 
Language Department allegedly is a former member of the Soviet Army's 
equivalent to the US Army Security Agency who while in the Soviet Army 
received special training in English. This instructor lef: the USSR 
in Apr 74 and was hired at DLI in Oct 74. A coworker of the instructor 
left the Soviet Union in Apr 75 and was also hired as an instructor at 
DLI in Jul 75. Both of the instructors taught together at the Leningrad 
Herzen Pedagogical Institute in Leningrad in the late 1960s and early 
1970s. The sequence of these events illustrate how quickly these indi- 
viduals are able to secure employment after leaving the USSR, exployment 
in which they are placed in extremely close contact with US intelligence 
personnel. Monitoring of the activities of these individuals continues. 


(6) Two instructors in the Bulgarian Language Department who are 
man and wife were accused by fellow faculty members at DLI of being 
communists because of the unexplained details of their emigration to 
the Vest and the manner in which they left Bulgaria. The allegations 
led to charges and countercharges; full details of the incident vere 
provided the FBI. The wife remains at DLI as an instructer, but as of 
the close of the reporting period on 31 Mar 75, the husband vas employed 
elsevüere and no longer DOD-affiliated. 
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(7) A DLI employee of the Hebrew Project at DLI also created 
considerable internal dissensicr and bickering within the Hebrew Depart- 
ment when he maintained close contact with the Israeli Consulate in San 
Francisco. This caused associates to become suspicious ol his motives 
and high level contacts. The employee, an alien with sa impressive 
background, including possible intelligence activities, later applied 
for employment with the National Security Agency (NSA), which has been 
provided all information available to USAINTA. 


. (8) A confidential source reported that a Czechoslovakian Language 

: Department (CLD) instructor was planning to withdraw her vetirement fund 
money and return to Czechoslovakia with her tvo sons, allegedly to live 
there. | 
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b1 . Referred E 


At the close of the reporting period possible health 
problems appeared as a deterrent to the wife's original plans, but 
definite decisions in this regard are unknown. 


er 


i (9) A second CLD instructor has disclosed to several sources over 
the last two years his continuing efforts to obtain the release of his 
i children from Czechoslovakia. The Czech Government recentiy informed 
f the instructor that he could obtain the release of his children if he 
pays the Czech Government $66,000 as reimbursement for the cost of the 
time the instructor spent in a Czech prison and an education tax on the 
education acquired in Czechoslovakia by the instructor and his wife, 
The instructor disclosed that the Czech military had changed its method 
of counting. The reports indicate that the instructor is maintaining 
close, continuing ties with Czech Government officials and that a hostage 
situation with his children exists. Monitoring of his activities 
continues. 


(10) Monitoring also continues on activities of a Polish Langvage 
Department (PLD) instructor who plans to visit his mother ard a brother 
in Warsaw in mid-1976. The instructor has not applied formally to DLI 
for approval for the leave and the trip. The instructor frequently 
has travelled in the past to Europe. His brother, a medical doctor also 
travels eztensively, and has been ín the US and Canada often during the 
last 20 years. During a 1974 visit to the US, the instructor's brother 
visited DLI, attended PLD functions at DII, talked with the US .irny 
students at length and photographed many of the students in attendance, 
US Customs once detained the instructor's brother at the Canadian border 
for attempting to smuggle Communist propaganda into the US; US Customs 
confiscated the propaganda. 


(11) An instructor in the Russian Language Departmen: appcrently is 
suffering from mental problems. The instructor has written to a 
California US Senator, a nationally syndicated columnist, and the FRI, 
alleging that he is constantly under surveillance by the Soviet KGh and 
US intelligence and further, that his life is in danger. The instructor 
also has sent a telegram to the President of the United States. Both 
the FBI and the Secret Service have made inquiries into the matter aud 
conducted local investigations of the instructor. On 23 Mar 76, the 
DLI Commandant directed the instructor to undergo psychiatric cvaiustion. 
Initially, the instructor refused and was suspended from his duties 
administratively. At the end of the reporting period the instructor 
agreed to the examination. The results and final disposition sre p nding. 
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d. Operational Status: 


: (1) LENTIL MONKEY was first approved by ACSI, DA, for implementation 
on il September 1967. 


(2) During the reporting period, 4,603 manhours were expended, 


: (3) Production consisted of 360 written information reports and 
| : 220 Memorandums and oral reports, 


(4) Eight confidential sources were active in the ICIP at the close 
of the period and additional coverage of language departments and 
administrative sections of DLI was obtained by 16 conventional sources. 


shee m aL ee 


e. Comments: 


(1) The mission of DLI is to train DOD intelligence and communica- 
tions security specialists in every major foreign po d Military 
attaches, employees of the CIA and FBI, as vell as other federal agencies, 
are also trained at DLI, making it an extremely enticing t 
hostile intelligence service operatives. The majority of th » 
of DLI have foreign backgrounds, some have only recently arrived fren 
Communist Bloc countries and rapidiy achieved employment in an instal. 
tion where most of the students are in intelligence or destined for 
intelligence assignments upon graduation, Many of these instructors 
are in hostage situations by virtue of close, living relatives in the 
ComBloc countries with whom they maintain written contact and cicsor, 
ir less frequent, personal contact.. In maintaining contact with rnise 
ComSioc countries for any reason whatsoever, intelligence agencies of 
those countries in all likelihood have identified the instructors' 
place of employment and may have contacted thes under one guise or 
another. 


a 


ZU & 


2) In addition to extensiv and frequent contacts with the pevern- 
or HolS, many instructors whe probabiv are compi lv indeed with 
[]erican way ot life and are now US citizens or who intend to be 
Biriscqe, nevertheless are vulnerable targets. The instructors acaáui 

nal acquaintances among many intelligence personnol and, in the 
course of teaching and associating with the military in year-long 
classes, learn of the students’ future assignments and do in some 
instances correspond with DLI alumnae after graduation. This unique 
characteristic of conditions at DLI serves to make the Institute an 
even more attractive target for HoIS approaches. 


ete 
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(3) As shown by statistics iu paragraph d(2), and d(3), above, 
ICIP LENTIL MONKEY is the most productive of all the presently active 
ICIPS with a total of 360 written reports. Though 4,603 manhours were 
expended in the project, the actual cash outlay of ICF was $372 for che 
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year, the lowest cost figure for any of the active ICIPS. Viewed from 
the cost-yield ratio alone, this operation is an extremely successful, 


economical effort. 


f. Recommendation: In view of the above recommend that ICIP 
LENTIL MONKEY be retained. 
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mination of three ICIP operations. 


oa obtain apan A approva Or 
manonancum ron conp. f Describe briefly the requirement, background end ection bahen or recommended. Must be sufficiantly dutailad te identify 
the aition without resserm te ether soareet ) 


Background: 


-- Contained in USAINTA's 3d Quarter, FY 1976, ICIP Operations Report, ll May 76, 
was recommendation to terminate three operations: CANINE PLATE (U) at Seneca Army 
Depot; CENSUS TIME (U) at Pentagon Telecommunications Center and CENTAVO KID (U) at 
Harry Diamond Laboratories. 


-- USAINTA recommendation based on 902d MI Group review of ICIP's to determine 
advisability to terminate these ICIP's and replace them by an overt direct support 
comprehensive CI program. 


2 e» Discussion: 


“e After a thorough review of the ICIP report on these operations, it is deter- 


mined EN they can Lua e with no adverse affect on the installations served, 
Ins nus = 2eudurred.. 


-- Increased overt liaison with additional security support will be provided the 
installations by the 902d MI Group. 902d MI Gp Pamphlet No. 381-3, dated 22 Apr 76, 
outlines the Direct Support Comprehensive Counterintelligence Program (DSCCP) (TAB C) 
outlines overt liaison procedures without employing confidential sources. 


-- ICIP Reports on CANINE PLATE (U), CENSUS TIME (U) and CENTAVO KID (U) are 
attached at IABB, 


-- With the termination of these ICIP's, there remaing four active CONUS ICIP 
operations. 


-- Ltr to USAINTA at.TAR A, furnishes formal termination of these ICIP's and |, 
‘instructs USAINTA to conduct review of the remaining four ICIP's to determine need | 
for continuance, and to forward results and recommendations to this office NLT 21 June 


1976, 
(Continue on plain bond. 
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DAMI -DOH 


SUBJECT: Internal Cownterintalligence Program (ICIP) (U) 


Counandet 

US Arwy Imtelligence Agency 
ATTR: MIIA-SO 

Port Meade, Maryland 20755 


l. (U) Reference, 3d Quarter, FY 1976, ICIP Operations Report, 
wherein you recommaendéd termination of three ICIP operations. 


2. ICIP operstions, CANINE PLATE (U), CENSUS TIME (U), anc 
CENTAVO KID (U) are formally terminated as recommended. 


2. (U) Request that s full review of the remaining four active CONUs 
ICIP operations be conducted to determine the nesd for their continuance 
or discontinuance, and the results, with your recommendatious, be forwarses 
to this office NLT 2f June ?o. 


Page 2154 of 3957 


ICIP REPORT 


l April 1975 to 31 March 1976 
€) CANINE PLATE: (OACSI Revalidation - 4 Feb 75) 
a. Location: Seneca Army Depot (SAD), Romulus, NY-. 


b. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


c. Significant Information Obtained During Period 1 Apr 75 to 31 
Mar 76: There was no significant information obtained during the period 
and there were no indications of any overt threat to the installation. 


d. Operational Status: CANINE PLATE was first approved by OACSI, 
DA, for implementation on 18 Sep 73. During the reporting period 400 
manhours were expended in the ICIP. However, there were no reports 
submitted, no funds expended, neither TDY nor[b1 ] There were no confi- 
dential sources utilized, only conventional sources. 


e. Comments: The installation's mission remains the same, a supply 
depot for missile and artillery weapons systems with a nuclear capability. 
The Depot is considered a critical and sensitive installation; therefore, 
remains as a potential target for HOIS. However, there was no information 
reported to indicate the presence of any overt threat to the installation. 
The MI Group has been conducting a thorough review of the ICIP to determine 
the advisability of terminating the operation. 


f. Recommendation: That the ICEP CANINE PLATE be terminated but that 
increased overt liaison with additional security support be provided the 
installation commander. 
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ICIP REPORT 
1 April 1975 to 3L March 1976 


) CENSUS TIME: (OACSI Revalidation - 4 Feb 75) 


EN 


a. Location: Pentagon Telecommunications Center (PTC), US Army 
Communications Command (USACC), The Pentagon, Washington, DC. 


b. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


c. Significant Information Obtained During the Period 1 April 1975 
to 31 March 1976: 


(1) An ICIP source reported that a PTC civilian employee was trans- 
ferred from the coding and decoding section because he had coded an 
obscene message that was to be sent to an overseas user. Additionally, 
the ICIP source provided information concerning possible security viola- 
tions involving the employee. Because of the employee's questionable 
suitability characteristics and conduct he was assigned to a job in PTC 
requiring minimum contact with classified information. Supervisors will 
continue to monitor his conduct and activities. 


(2) An Army NCO assigned to PTC attempted to commit suicide by 
slashing his wrists. As a result of the information gained concerning 
the suicide attempt a Limited Investigation was initiated. The NCO was 
assigned to the Logistics Branch, PTC, pending results of the investiga- 
tion, The investigation revealed that the NCO has a large number of 
outstanding debts, has lied on loan applications, and had ordered a 
1976 automobile which cost in excess of five thousand dollars.  Inter- 
views concerning the NCO revealed alleged drug usage and homosexuality. 
The Limited Investigation was completed and referred to PTC for adjudica- 
tion. The decision was made not to revoke the NCO's security clearance 
since he left the service on 9 April 1976 and vill not be allowed to 
re-enlist, 


(3) Adverse suitability information was reported on two additional 
NCOs assigned to PTC. Based on medical reports and rebellious attitudes 
one NCO was released from the Army by board action. The second NCO 
after a night of heavy drinking began hitting his wife when she tried 
to arouse him after he had "passed out." The wife filed assault charges 
with the Military Police but withdrew them later. The PTC commander 
counselled the NCO on his drinking, and marital problems and assigned 
him duties where he has no access to classified information. 
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4) | During the course of an investigation of an enlisted WAC 
member of PTC who was away-without-leave (KAWOL Investigation), it was 
discovered that the CID was also investigating her for theft and 
trafficking in drugs. The MI representative and CID agents coordinated 
heir mutual investigations. (PTC has suspended the WAC’s access to 
Pxtassified material pending completion of the investigation. 


d. Operational Status: 


(1) CENSUS TIME was first approved by OACSI, DA, for implementation 
on 5 Feb 74. 


(2) During the period of 1 April 1975 to 31 March 1976, 726 
manhours were expended, no TDY nor ere used. The operation 
produced seven information reports. Une confidential source was used 
during the period but was terminated during the latter part of the period, 


e. Comments: The PTC operations include an extremely high volume 
of multimedia ultra sensitive compartmented classified traffic processed 
at the highest level of the military establishment command group being 
served, and includes the cryptographic operation, maintenance and logis- 
tical mission and support rendered to the JCS, the NMCC, departments and 
executive agencies of the government allied embassies, and the United 
Nations Building in New York. The installation remains as a potential 
target for HOIS; however, there was no information reported to indicate. 
the presence of any overt threat to the installation. The MI Group has 
been conducting a thorough review of the ICIP to determine the advisability 
of terminating the operation and implementing an overt direct support 
comprehensive counterintelligence program. In view of the above the 
continuation of an ICIP is not warranted at this time. 


f. Recommendation: That the ICIP CENSUS TIME be terminated and an 


increased overt liaison with additional direct security support be pro- 
vided the installation commander. : 


: CONE i 
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ICIP REPORT 


1 April 1975 to 31 March 1976 


` 


a CENTAVO KID: (OACSI Revalidation - 4 Feb 75) 
a. Location: Harry Diamond Laboratories, (HDL), Adelphia, MD 


b. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


c. Significant Information Obtained During Period 1 Apr 75 - 
31 Mar 76: 


(1) Information was received that a First Secretary at the USSR 
Embassy, Washington, DC had visited HDL on two occasions. On one 
occasion he attended a meeting of the Institute of Electrical and Elec- 
tronics Engineers, INC., a professional society for engineers which 
was held in the auditorium of HDL. The subject matter presented during 
the meeting was unclassified. At a second meeting of the society the 
Soviet Embassy official was denied entry. A report of the incidents 
were provided to the FBI and the Commander, HDL, made a determination 
that the society could no longer hold meetings at HDL in order to pre- 
clude any potential security threat. 


(2) On two occasions an unidentified light aircraft flew over the 
test site, Woodbridge Research Facility (WRF), HDL, where a series of 
tests on foreign equipment under the Range Emory program was in progress, 
In both instances the aircraft circled over the Range Emory test cite 
for about 5-7 minutes. The overflights are being investigated in coordi- 
nation with the FBI. | 


(3) An employee, HDL, made allegations of immoral activities by 
members of the HDL Security Office and a group at the Van Ness Avenue 
Facility, HDL. The employee claimed that she was being followed by 
members of the HDL Security Office. After investigating the employee's 
story, the Commander, HDL, believed that she was suffering from »sychiatric 
problems and would have her visit a psychiatrist for a complete evaluation. 


(4) Suitability information concerning an employee of the Woodbridge 
Research Facility (WRF) a branch of HDL located in Woodbridge, VÀ, involved 
a problem of alcohol abuse. After counseling, the employee participated 
in a rehabilitation program. 
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(5) A courtesy penetration test of HDL's Adelphi Facility was 
conducted and revealed several security weaknesses which were corrected 
by the supported command. As a result of the test a number of security 
guards were transferred and guard procedures were changed. In addition 
a new magnetic coded badge was approved for purchase in FY 77. Asa 
follow-up implementation of "Lessons Learned" in the penetration test the 
ICIP Project Liaison Officer (PLO) and the HDL Security Officer prepared 
and delivered a series of lectures and classes to the HDL guard force on 
the penetration test. Additionally, the PLO delivered lectures on the 
penetration test to the faculty and students of the Counterintelligence 
Dept, US Army Intelligence Corps School, Fort Huachuca, AZ. 


i d. Operational Status 


f (1) During the reporting period 880 manhours were expended, 18 in- 
i formation reports were submitted and 41 memorandums were prepared and 
provided to the supported commander. 


(2) No TDY or were expended. 


e. Comments 


(1) ICIP CENTAVO KID was approved by OACSI, DA, 18 Oct 73 and the 
supported commander was briefed on the implementation of the operation 
on 12 November 1973. 


(2) The mission of the HDL includes critical sensitive research and 
development activities in support of the US Army. Some of the more sensi- 
tive activities include research into the hardening of communications 
equipment against nuclear weapons radiation; tests of nuclear warhead 
and missile systems to determine their ability to withstand nuclear 
weapons radiation; develop fuses for use with nuclear warheads and 
conducts development and testing of radiation hardened systems for 
Minutemen and Poseidon Missiles. 


(3) The installation remains a potential target for HOIS and the 
hostile intelligence service have an interest in the research and 
development activities of the type conducted at HDL. However, the amount 
of significant information surfaced by the ICIP does not warraat the 
expenditure of manhours at this time to continue the ICIP. 


(4) The MI Group is reviewing the ICIP with a view of terminating 
the program and instead implementing an overt direct support counter- 
intelligence program. . 


f. Recommendation: That the ICIP CENTAVO KID be terminated and 
an overt direct support counterintelligence program be implemented. 
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merat 
CORO. NUMBER 


OPPFICB $rMSOL . SUSPENSE 


DAMI-DOH 


DATE 


2 June 1976 


nteLo3 
ACTION MECQUMED 
zig js A approval for termination of three ICIP operations, 
wzwOnANMDUM POR RRCORD. — ( Describe briefly the requirement, background and ection bohan or recommended. hlust be snlficienily detaded to idoniils 
the action wibaut rooma de othar sources. ) 


1 (Wypy Background: 


| -- Contained in USAINTA's 3d Quarter, FY 1976, ICIP Operations Report, 1l May 76, 
i was recommendation to terminate three operations: CANINE PLATE (U) at Seneca Army 
Depot; CENSUS TIME (U) at Pentagon Telecommunications Center and CENTAVO KID (U) at 
Harry Diamond Laboratories. 


-- USAINTA recommendation based on 902d MI Group review of ICIP's to determine 
advisability to terminate these ICIP's and replace them by an overt direct support 
comprehgnsive CI program. 


Au Discussion: a 


-- After a thorough review of the ICIP report on these operations, it is deter~ 
mined that they can be terminated with no adverse affect on the installations served, 
installations Cencurrak. 

-- Increased overt liaison with additional security support will be provided the 
installation, by the 902d MI Group. 902d MI Gp Pamphlet No. 381-3, dated 22 Apr 76, 
outlines the Direct Support Comprehensive Counterintelligence Program (DSCCP) (TAB C) 
outlines overt liaison procedures without employing confidential sources. 


ee EN ee pe Á— M 
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-- ICIP Reports on CANINE PLATE (U), CENSUS TIME (U) and CENTAVO KID (U) are 
attached at TAB B, 


-- With the termination of these ICIP's, there remaing four active CONUS ICIP 
Operations. 
LJ 


==- Ltr to USAINTA at JAB A, furnishes formal termination of these ICIP's and 
instructs USAINTA to conduct review of the remaining four ICIP's to determine need 
for continuance, and to forward results and recommendations to this office NLT 21 June 
1976. l 
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DAMI-DOH 
SUBJECT: Internal Counterintelligence Program (ICIP) (U) 


j 3. (U) Recommendation: That ltr JABRA be approved by the ACSI and signed 
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DAMI-DOH 
SUBJECT: Internal Counterintelligence Program (ICIP) uj 


Commander l Ei 
US Army Intelligence Agency 

ATIN: MIIA-SO 

Fort Meade, Maryland 20755 


1 

i 

l. (U) Reference, 
1 


i 34 Quarter, FY 1976, ICI? Operations Report, 5 
` wherein you recoumenddd termination of three ICIP operations. a 
1 

E (Be, ICIP operations, CANINE PLATE (U), CENSUS TIKE (U), and 

E: CENTAVO KID (U) are formally teruínated as recommended. 


E 3. (U) Request that 4 full review of the remaining four active COUS 
E ICIP operations be conducted to determine the need for tüuelr contiuvence 
or discontinuance, end the results, with your reconsendations, be forwarded 


to this office Kit 28 June 75. 
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ICIP REPORT 


L April 1975 to 31 March 1976 


CANINE PLATE: (OACSI Revalidation - 4 Feb 75) 
a. Location: Seneca Army Depot (SAD), Romulus, NY-. 


b. Information Obtained Off-Post and/or Reported on Non-Affiliated 
ilians: None 


c. Significant Information Obtained During Period 1 Apr 75 to 31 
76: There was no significant information obtained during the period 
there were no indications of any overt threat to the installation. 


CANINE PLATE was first approved by OACSI, 
or iaplementation on 18 Sep 73. During the reporting period 400 
the ICIP. However, there were no reports 


neither TDY nor[b1 ] There vere no confi- 


sources. 


d. Operational Status: 
f 
hours were expended in 


tial sources utilized, only conventional 
'stallation's nis 
* 


s the same, 
illery up dns n 


a nuclear 


there vas no orcation 
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That the ICEP CAINE PLATE be terminated but that 
ta additional sectrity support be provited the 


ecemmendaticn: 
overt liaison vi 
on commander. 


the ICIP to determine 
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ICIP REPORT 


l April 1975 to 3i March 1976 
ENSUS TIME: (OACSI Revalidation - 4 Feb 75) 


a. Location: Pentagon Telecommunications Center (PTC), US Army 
Communications Command (USACC), The Pentagon, Washington, DC. 


b. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


c. Significant Information Obtained During the Period 1 April 1975 
to 31 March 1976: 


(1) An ICIP source reported that a PTC civilian emplovee vas trans- 
ferred from the coding and decoding section because he had coded an 
obscene message that was to be sent to an overseas user. Additionally, 
tne ICIP source provided information concerning Jess ble security viola- 
tions involving the employee. Because of the employee's questionable 
Suitability characteristics and conduct he vas assigned to a job in PTE 
requiring minimum contact with classified inforzeation. Supervisors will 
continue to monitor his conduct and activities. 


(2) An army NCO assigned to PIC attempted to commit suicide by 
slashing nis wrists, As a result of the inferzation gained concerning 
the suicide attempt a Limited Investigation was initiated. The NCO vas 
assigned to the Logistics Branch, PTC, pending resuits of the investiga- 
tion. The invescization revealed that the XCO has a large nuzber of 

outstanding debts, has lied on loan applicaticns, and had ordered a 
iS70 automobile which cost in excess of five thousand dollars. Inter- 
views concerning the SCO revealed alleged drug usage and homosexuality. 
The Li nit ed Investigation was corplete2 anc reforred to PIC ior acjudica- 
tion. The decision vas made not to revcke the “CO's security clearance 
» since he left the service on 9 April 1976 and vili not be allowed to 


re-enlist, 
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(3) Adverse suitability information was repcrted on two additional 
NCOs assigned to PTC. Based on medical reports end rebellious attitudes 
one "CO was released from the Army by board action, The second NCO 
after a night of heavy drinking began hitting his wife when she tried 
te arouse him after ne had "passed out." The wife filed assault charges 
with the Military Police but withdrew them later. The PTC commander 
counselled the NCO on his drinking and marital problems and assigned 
hin duties where he has no access to classified information. 
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uring the course of an investigation of an enlisted WAC 
mem of PTC who vas away-without-leave (KANOL Investigation), it was 
discovered that the CID was also investigating her for theft and 
trafficking in drugs. The ML representative and CID agents coordina 

ir mutual PTC has suspended the VAC's access to 
classified materia completion of the investigation. 


d. Operational Status: 


(1) CENSUS TIME was first approved by OACSI, DA, for implementation 
on 5 Feb 74. 


(2) During the period of 1 April 1975 to 31 March 1976, 726 
manhours were expended, no TDY nor [ii Aae used. The operation 
produced seven information reports. One con idential source was used 
during the period but was termineted during the latter part of the period. 


e. Comments: The PTC operations include an extremely high volume 
of multimedia ultra sensitive cozpartrented classified traffic processed’ 
at the highest level of the military establishment command grcup being 
served, and includes the cryptographic operation, maintenance and logis- 
tical mission and support rendered ro the JCS, the “CC, departments and 
executive agencies of the government allied embassies, and the United 
Nations Building in New York. The installation remains as & potential 
target for HOIS; however, there was nc information reported to indicate 
the presence of any overt threat to the installation. The MI Group has 
been conducting a thorough review of the ICIP to deternine tre advisability 
ef terminating the operation and implementing an overt direct support 
comprehensive counterintelligence progran. in view of the above the 


continuation of an ICIP is not warranted at this time. 


f. Recomnendation: That the ICIP CENSUS TIME be terminated and an 
» increased overt liaison with additional direct security support be pro- 
vided the installation commander. 
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ICIP REPORT 


1 April 1975 to 31 March 1976 


OW | 


Pa CENTAVO KID: (OACSI Revalidation ~ 4 Feb 75) 
a. Location: Harry Diamond Laboratories, (HIDL)y-Adelphia, MD 


b. Information Obtained Off-Post and/or Reported on Non-Affiliated 
Civilians: None 


c. Significant Information Obtained During Period 1 Apr 75 - 
31 Mar 76: 


(1) Information was received that a First Secretary at the USSR 
Embassy, Washington, DC had visited HDL on two occasions. On one 
occasion he attended a meeting of the Institute of Electrical and Elec- 
tronics Engineers, INC., a professional society for engineers which 
was held in the auditorium of HDL. The subject matter presented during 
the meeting was unclassified. At a second meeting of the society the «- 
Soviet Embassy official was denied entry. A report of the incidents 
were provided to the FBI and the Commander, HDL, made a determination 
that the society could no longer hold meetings at HDL in order to pre- 
clude any potential security threat. 


(2) On two occasions an unidentified light aircraft flaw over the 
test site, Woodbridge Research Facility (ERF), EDL, where a series of 
tests on foreign equipment uncer the Range Emory program Was in progress, 
In both instances the aircraft circled over tne Range Emory test cite 
for about 5-7 minutes. The overfiights are being investigated in coordi- 
nation with the FBI. 


(3) An enployee, HDL, made allegations cf imnoral activities by 
members of the HDL Security Office and a group at the Var Ness Avenue 
Facility, HDL. The employee claimed that she vas being followed by 
members of the HDL Security Office. After investigating the employee’s 
story, the Commander, UDL, believed that she was suffering fron psychiatric 
problems and would have her visit a psychiatrist for a corplete evaiuation, 


(4) Suitability information concerning an employee of tie Woodbridge 
Research Facility (WRF) a branch of HDL located in Woodbridge, VA, involved 
a problem of alcohol abuse. After counseling, the employee participated 
in a rehabilitation program. 
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conducted and revealed several security weaknesses which were corrected 
by the supported command. As a result of the test a number of security 
i guards were transferred and guard procedures were changed. In addition 
E a new magnetic coded badge was approved for purchase in FY 77. As a 
i tollov-up implementation of "Lessons Learned" in the penetration test the 
ICIP Project Liaison Officer (PLO) and the HDL Security Officer prepared 
and delivered a series of lectures and classes to the HDL guard force on 
the penetration test. Additionally, the PLO delivered lectures on the 
penetration test to the faculty and students of the Counterintelligence 
Dept, US Army Intelligence Corps School, Fort Huachuca, AZ. 


| (5) A courtesy penetration test of HDL's Adelphi Facility was 
, 
i 


d. Operational Status 


(1) During the reporting period 880 marhours were expended, 13 in- 
formation reports were submitted and 41 memorandums vere prepared and 
provided to the supported commander. 


(2) Xo ty or[ b1 eere expended. 2 


e. Comments 


254 dera d s aal der) Rate lt rena. 


E ICIP CENTAVO KID was approved bv OACSI, DA, 18 Oct 73 and the 
az ted commander was briefed on the inplementation of the operation 


) The mission of the HDL includes critical sensitive research and 
? activities in support of the US Army. Some of the mere sensi- 
ies include research into the hardening of communications 
mst nuclear weapons radiation; tests of nuclear warhead 
ystems to determine their ability to withstand nuclear 
on; develop fuses for use with nuclear warheads and 
i of radiation hardened systems for 
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(3) The installation remains a potential target for HOIS and the - 
hostile intelligence service have an interest in the research and 
elopment activities of the type conducted at HDL. However, the arount 
significant information surfaced by the ICIP does not warrant the 


penditure of maahours at this time to continue the ICIP. 
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(4) The MI Group is reviewing the ICIP with a view of terminating 
the program and instead implementing an overt direct support counter- 
inteliigence program. : 


f, Recommendation: That the ICIP CENTAVO KID be terminated and 
an overt direct support counterintelligence program be implemented. 
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peren 
ONTROL NUMBER 


OFFICE SYMBOL . 
DAMI-DOH i 


OATS 


, 21 May 7€ 
F à To obtain approval/disapproval to USAREUR ICIP OPLAN on USASA Field 


cae CD. Per e [edis MS oane ANS ICON MN I ere Mast be sufficiontly detailed to identity 
ae receures io other semrecs. ) 


1. € Background: 

-- Since 1970, Project FILMAN has provided support to USASA Field Station Berlin 
(USASAFSB). FILMAN was designed to use sources from the local work force and personnel 
located in establishments frequented by the work force. Problems encountered from 
peripheral nature of sources and their difficulty in becoming accepted into USASA 


circles, See TAB B. 


-- Cdr, 766th MID proposed an Bsztessive Defensive Source Acquisition Program 
(ADSAP) support arrangement for USASAFSB which would provide more direct source access 
'and control of source coverage. 


-- In August 1975, Cdr USASAFSB and DCSSEC, HQ USASA concurred in proposal. In 
September 1975, ACSI, DA and DCSI, USAREUR briefed and supported concept. In October 
1975, Cdr, USASA concurred in cancellation of FILMAN and initiation of ADSAP, See 
TAB.C) Subsequently, concept discarded in favor of subject ICIP. 


-- By ltr 28 April 1976, DCSI, USAREUR forwarded subject ICIP for ACSI approval. 
y . ' 
2. $ Discussion: 
eee 


-- Purpose of subject ICIP is to collect significant CI information through use of 
overt liaison contacts, casual sources and confidential recruited scurces assigned to 
USASAFSB, Sources will be specifically targeted against Hostile Intelligence Services 
(HOIS) activities directed toward USASA and against security vulnerebilities of USASA 
personnel. 


-- On 14 May 1976, DCSSEC, HQ USASA, reviewed subject ICIP and concurred in OPLAN. 
-The DCSSEC recommended deletion of coordination with Cdr, USASA Europe (Para 2b(4)(c}, ` 
"jn view of realignment of functions and need for,compartmentation, coordination 
reflected in para 4e(2) is sufficient." (TAB A) 
(Continue on plain bond. 
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DAMI-DOH 


SUBJECT: Internal Counterinteiligence Program (ICIP) (U) 


-- 3d Indorsement, TAB A 


the ACSI, DA informs DCSI, USAREUR that subject 
ICIP approved. 


3. (U) Recommendation: That 3d Indorsement (TAB A) be approved and signed, 
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SUBJECT: Project Filman (+) 


LÀ 


<= 


Commander 


USASAFSB 
ATTN: 3-2 m 
APO 09Th2 aed 
[m 
TS fw 


de (U) The purpose of this proposed action is to provide increased 
“and improved counterintelligence support to the US AES Security 


M 


Agency Field ain Berlin dup EE = 
tor 

{Ube In 1970, a CX operations plan vas submitted by Berlin Field mS 

Station, 66th MI Group, to correspond with the activation of the 

USASAFSB site known as "Teufelsberg". The operations plan vas ETT. 
ioteiléigence-support-to-the-prageck S ot 

tbroush the utliizetion.of-sources, vori [s 

Atici thread porsongel located .in.astablisbaents«raquemton 


"d 
A 
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i 

tiong, Initially through coordination with emi 

the 5-2; USASATSB, a List of establishments frequented by USASAPSB one 

personnel was prepsred and attempts were made to introduce sources qoM, 

into sone of the visit eoque rid We Lnd have — uv. 
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AZUMI-BCE 
SUBJECT: Project Filman (s) 


3. Ý I propose that the Siaman-profeet—be-eaneebied, that permission 
be granted to recruit ASA personnel within USASATOB, and 4hat-the-Axzrres- f 
SAPj-be-used-aes-the vehicle 
; c A brief 
description of ADSAP and general ADSAP EEI is attached as Inclosure. . 
This would enhance CI coverage of USASAFSB by providing more flexibility APR 
within the framework of one source program, access to the target areas 
and target personalities, a wider range of operations for sources, and 
rore streomlined administrative procedures for the management of sources. 
` Current Filman sources will be converted to the ADSAP program. Sources 
will be preferably recruited within the target activity to provide infore ` 
mation. on personzlities and activities. Additional sources wild be 
recruited on the periphery or outside of the target sites in order to 
enhance overall CI coverage. Once it has been deterzined where a 
possible shortfall of information occurs, a concerted effort will be 
“made to obtain sources who can provide that information.  Indiscrim- 
sht selection and recruitment of sources will be avoided and emphasis 
will be placed on a prospective source's ability to fulfill the require- 
ments levied on hin. 766th MID-will provide the 5-2, USASAFSB with the 
desired qualifications for personnel to be utilized in the program and 
he will be requested to screen present personnel assigned to his unit 
to determine those best qualified for recruitment. ADSAP vill not 
| supplant the 5-2, FSB program of internal inforrants, but will 
i aument his present activities. A target analysís will be prepared 
by this Detactzent in coordination with the 5-2, USASATSB. Iezormation 
D aalely-of-e—suitabllity nature, will bo reported direstiy to the 9-2, 
| XAEALAZSA. Ali other inforzation will be reported in accordance with 
: ,  Feporting requirenents, as outlined in LOI Ó-TD, 66th MI Group. 


kh, . Preliminary discussions, conducted in August 1975, with the 

Comancer, USASAFSB, the Deputy Chief of Staff, Security, USASA Head- 

Quarters, Arlington Hall, Virginia, and the Comzander, 66th MI Group, 
cated a favorable response to the above proposal. 


5; This Datachnent requests your coments, recozxzendati 
ons 
approval of the above proposal. , dao 
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AGGRESSIVE DEFENSIVE SOURCE ACQUISITION PROGRAM (ADSAP) 
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ADSAP concerns itself with two categories of huxan sources as defined 
by 66th MI Group LOI Number 6-TD. These two source categories are Conven- 
tional and Confidential. The ADSAP is a CI threat information collection 
prosrem and sources recruited under this program should not be recruited 

- for coverage of a specific CE target. Sources are recruited within and 
on the periphery of sensitive installations and activities by combining 
both active and passive measures to counter the information collection 
cepability of hostile intelligence services (HoIS) operating against US 
Forces. The passive messures are designed to protect defense information 
fron unauthorized disclosure or compronise, while the exzressive measures 
are designed to obtain information which will lead to the detection and 
neutralization of HolS efforts directed against US Forces. 


General ADSAP EET: 


a. Detection of suspicious activities, undue inquisitiveness or 
obvious lack of good security practices on the part of or involving US 
Forces personnel. 


b. Identification of US Forces personnel who closely and continually 
associete with foreign nationals having connections vith Soviet Bloc 
countries. . 


ce Identification of US forces personnel vho make — or 
frequent &uthorized travel to Soviet Bloc countries. " 


d. Identification of US Forces personnel who have « continued contact 
with decus national personnel. 


e. Detection of dísaffected personnel. 


: f. Identification of US Forces personnel whose activities and/or 
character weaknesses either individually or in a combination constitute 
& clear and significant threat to US Forces in that they have rendered i 
the US Forces connected personnel susceptible to exploitation by Bols. 
Susceptibility to HoIS exploitation because of adverse suitability face 
tors should be coupled vith at least one of the forezoinz indícators of 
possible HoIS interest. Specific suitability factors which could render 
US Forces personnel vulnerable to HoIS exploitation vould be excessive 

° indebtedness or recurring financial difficulties; unexplained affluence; 
conduct such as criminal, imaoral or homosexual acts which could render . - | 


' 
ï 
. 
e 
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the individual susceptible to pressure; current and pact mental ond emotional 
instability; unusual work habits that do not conform to the dsily pattern of 
fellov exployees, sudden unexplained cbanzes in working or social habits; 

] sexual misconduct; infidelity; marital problems; trading on the interzonal 

2 routes or otherwise utilizing linguistic capabilities with Soviet or other 
bloc personnel in unauthorized situations. 


Page 21/4 of 3957 


o. . Page 21/5 of 3957 


€— "7 oct 1975 


SUBJECT: Aggressive Defensive Source Acquisition Progres (aD3aP) (U) 


`~ 


Commander 

US Army Security Agency 
ATTN:  DCSSEC 

Arlington Hall Station 
Arlington, Virginia 22212 


im 


CAA . 

SC Attached is a copy of a letter received on 19 September 1975 
from Commander, 766th Rilitary Intelligence Detachnent, 66:h KI Group, 
entitled "Project FILMAN". fhe letter is solf explanatory but can be 
summariged as follows: Connterintelligence support to UBASATO Berlin 
has been conducted since 1970 under the provisions of FILKI.  Altbowgh 
TILAN was satisfectory in concept, it suffered froa a lac: of precise 
5 rt definition, particularly in source acquisition and reporting. 


rp pm 


SevasT9-—-— OF 


2. Car, 766th MID, proposes an ADSAP support arrangement which 
would provide more direct source access to USSSA personnel and direct 
contro! of source coverage of actual or potential expionere epozroachea. 
Cdr, USASAFS Berlin concurfo in the concept and desires to implement 
the program. COL Bolden was briefed on the progres during hie visit 
to Berlin in August 1975 and ccncurred in the proposal. [73 Aaron, 

DA ACSI, and NG Dillard, USAREUR DCSI, were also briefed in 5eptedber 


lg7b«Ard supported the concept. 

3 Request your concurrence in cancellation of Project FILMAN 
and adoption cf the ADSAP by USABAFS Berlin/766th HID. Appropriate 
tafeguarda will be maintained with regard to withdrawal of USASA 
sources should hostile intelligence interest focus on a USALA soldier. 


hoqueó6t a reply as soon as possible so ve can begin negotiating a 
new Kenorendum of Understanding with 66th MI Group. 


idea wit) wf, bars 


BUS UF 


FOR THE COF DER: zs 
OMMAN DER e 


SEP ooo 200 
as OM coa os 1.0 Mo. XI eel tede 
ex xa? Aset Adjutagt "^77 17777 : 
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M o TE DEPARTMENT OF THE ARP '* 

F By LEN E UNITED STATES ARMY SECURITY AGL «Y 
ARLINGTON HALL STATION 
ARLINGTON, VIRGINIA 22212 


20 OCT 1975 


Aggressive Defensive Source Acquisition Program (ADSAP) (U) 


Commander 
USASA Field Station, Berlin 
APO New York 09742 


the Aggressive Defensive Source Acquisition Program by the 766th MID, 
66th MI Group. A copy of the completed Memorandum of Understanding 
Will be provided to this HQ, ATTN:  DCSSEC. : i 


a 


-— Ce 
/ A ee 
WILLIAM ry ROLYA 


Brigadier General, USA 
Commanding 
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1. (U) Reference IAEB-I Letter, dated 7 October 1975, Subject: 
Aggressive Defensive Source Acquisition Program (ADSAP) (U). 
2. eS I concur in cancellation of Project FILMAN and initiation of 
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twORAMDUM poe mconn. — ( Destribe briefly the raquiremont, bockgronad and action taken or recommended. Must be efficiently detailed 1o identify 
tha action te ether soares, ) . 


l Background: 
^. ICIP CARELESS TOKEN approved by ACSI on 25 Feb 76: 


-- ICIP designed to detect and counter vulnerability to espionage by USASA person- 
. nel assig to Det N, USASA Field Station, Augsburg, (USASAFSA) FRG. 


2 Discussion: 


-- On 5 April 76, CDR 51lth MI Bn recommended that ICIP be terminated, Qn 9 Apr 76, 
ODCSI, USAREUR, and on 14 May 76 DCSSEC HQUSASA concurred in recommendation to 
terminate. 


-- Rationale for termination: 
o Drawdown of USASA Det. Only seven USASA personnel now assigned to station, 


o .Drawdown precludes further expenditure of CI assets and efforts required by 
CARELESS TOKEN. : 


o NCOIC Det N appears completely competent to accomplish duties and control 
subordinates. 


o Regular contact between PLO and NCOIC, and occasional casual contact between 
PLO and USASA Det N personnel on an opportunity basis can accomplish goals of this 
ICIP. Pertinent info derived from such contacts would be reported promptly to 5S2, 
USASAFS Augsburg. 


-- 3d Ind (Red TAB A) informs ODCSI, USAREUR that ACSI, DA approves termination of 
CARELESS TOKEN, l f 


(Continue on piain bond. 
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DAMI-DOH (2 Apr 76) 3d Ind 
SUBJECT: Internal Countcrintellígerce Program (ICIP) (U) 24 MAY 1076 


i HQDA, Office of the Assistant Chisf of Staff for Intcllígrenco, The Pentagon, 
| Washington, DC 20310 


TO: Commander-in-Chief, US Army Europe and Seventh Army, ATTN:  AFAGB-CI(SO), 
APO New York 09403 


Your recozmendatíon to terminate CARELESS TOKEN is approved. 


FOR THE ASSISTANT CHIEF OF STAFF FOR INTELLIGENCE: 


(sed) Merritt T. Kelly 


Y Inct MERRÍLL T. KELLY 
nc Acting Director of Latellisence 
Oprrations 


BY 
Anth Pera 4-102 DOD 520018 
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CORROEN a 


} 
DEPARTMENT OF THE ARMY 


HEADQUARTERS, UNITED STATES ARMY, EUROPE and SEVENTH ARMY 
APO, 05403 
; 


9 APR 1976 


i 


HQDA (DAMI-DOH) , 
WASH DC 20310 y 


a t hd * 
M Dame Mel Lakari o- suede ona C 
^x 


1. (U) References: : 


IM 


Yul ude Wi ae Ua 


vee ee PE Le ptem aae 
Yu 


a. Operations Plan, 66th MI Group, 5 May 1975, subject as : 
above, h 5th Indorsement, DAMI-DOH, OACSI, DA, 25 February 


1976 a’ 2 


b. p ncn USAREUR, 10 February 1976, sub- 


eer pit 


ject as above 


2. (U) Attached“fs the Quarterly Status Report pertaining to 
the ICIP CARELESS TOKEN for the period ending 1 April 1976. 


Qu This office concurs in| the recommendation by the 511th 
MI Battalion that this ICIP be terminated. The diminishing 
sensitivity of the target activity, and reduction in target per- 
sonnel would appear not to justify the futher expenditure of 
counterinteiligence assets and efforts required by this ICIP. 
Consequently this office is directing initiation of formal co- 
ordination with US Army Security Agency (USASA), Field Station 
Augsburg for the purpose of terminating CARELESS TOKEN, 


u. (U) Request HQ, USASA be advised of USAREUR plans to 
terminate this ICIP. Comments in this regard by your office 
and HQ USASA would be appreciated, 


5. (J) ODCSI, USAREUR, Action Officer is Mr David R., Smith, 
AEAGB-CI(SO), HM 7354 (AUTOSEVOCOM 6742). 


FOR THE DEPUTY CHIEF OF STAFF, INTELLIGENCE: 
"d 


l Inel " J. IADEROSA 


as Colonei, GS 
Chief, Counterintelligence 
CLASSIFIED BY gae DA » Division 
EXEMPT FRCL GENERAL DECLASSIFICATION 
SCeEDULE OF CXECUTIVE ORDER 11652 Ege 
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DAMI-DOH (9 Apr 76) Ist Ind : 
SUBJECT: Internal Counterintelligente Program (ICIP) (U) 


DA, OACofS for Intelligence, ATTN: DAMI-DOH, Washington, DC 20310 I5 NOS. 


m | 


tation, Arlington, VA 22212 


TO: Commander, US Army Security Ageücy, ATTN: DCSSEC, Arlington Hall 


2 


H This office concurs in the DCSI, USAREUR recommendation that the 
ICIP, CARELESS TOKEN, be terminated. 


2. (U) Request your comments or concurrence. f 7 


FOR THE DIRECTOR OF INTELLIGENCE OPERATIONS: 


l 2 ewa e 
Warning Notice, 5 " Classified hy ACST, DAL... LL LL. SU 
: . 5 atea, ensia g7 seeps PT I^ CEVERAL PRAN "em "^4 YAN 
i InteHizeince © WS and 37 eee Be Pee pese dats 
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IASEC-S (9 Apr 76) Zed Ind 
SUBJECT: Internal Counterintelligence Program (ICIP) (U) 


Headquarters, US Army Security Agency, ATTN: DCSSEC, Arlington Hal] 
Station, Arlington, Virginia 22212 


TO: HQDA, OACDfS for Intelligence, ATTN: DAMI-DOH, Washington, DC 20510 


USASA concurs in recommendation to terminate CARELESS TOKEN. 


l inel - WILLIAM B. HOLDEN 
nt COL, 6S 
t) iii 
a ASE 


REGRADED UNCLASS ES 
FROM CLASSIFED INCLOSURES RATED 


ESI 
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DEPARTMENT:OF THE ARMY i age 

SITH MILITARY INTELLIGENCE BATTALION F 
66TH. MILITARY 1BTELHGERCE GROUP 


APO [09696 

AEUMI-N-CE 5 April 1976 , — 

B03130- 328-76 t onu 
é 

SUBJECT: CARELESS TOKEN (U) à 


(Quarterly Status Report) 


Commander ! "e 
66th Military Intelligence Group E 


ATTN: AEUMI-T-CI (EXCLUSIVE FOR ICIP: CONTROL MUS 
APO 09108 » 


i — Ni gba tes ; 
’ vg N . A H i 


3 iyi 
2 yin 
B na : dE 
1. (U) References: i [E een Ls eee) 


a. OPLAN, 511th MI Battalion, AEUMI-N-CE, 1-75, 1 May 1975. 

b. AEAGB-CI(SO), DTG 1516407 Jul 75, ICIP. | | 
c. AEUNI-N-CE, B03130-061-76, 23 January 1976, CARELESS TOKEN (U). "7. 
d. AEAGB-CI(SO), DTG 0915102 Mar 76, CARELESS TOKEN (U). (oq 


2. (U) This Quarterly Status Report.is submitted in accordance with the +. 
above references and covers the period 16 January - 1 April 1976. A oné- 

time adjustment in reporting dates has been made to allow the reporting 

períod to coincide with each calendar quarter. 


3. General: ; 

a. Company B, Forward Operations Battalion, terminated its oper- 
ational mission at 2400 hours, 7 February 1976. During the period following, 
Company B personnel were engaged in transporting the classified operational 
files and equipment from the site to Augsburg. Alt Company B assigned or. 
attached personnel have departed the target area. Destruction of all but 
two of the former Company B operations buildings is underway and is being 
performed by Facilities Engineers (FE) personnel from Regensburg and Graf- 
enwoehr. Both of the two remaining buildings are to be removed under the 
Regensburg FE supervision under the same contract that wil) provide for 
landscaping the northern end of the compound, and removal of the rock at the . 
northwestern end that presently blocks a portion of the antenna scanning area. 
The dismounted communications vans KETE not sold at the site as previo ito, - 
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reported would be the case, but instead have been removed to the Property 
Disposal Facility at Nuernberg for disposition. 


b. Two members of Company B applied for European separations since 
November 1975, but it was not determined whether or not the applications 


ersonnel had been transferred to Augsburg. 
MOS: 98G2LRU, DPOB: m —Ó 
was scheduled for discharge on 20 May 1976. e had a US 


fee passport[ b6/— } issued 15 November 1973 in Boston, MA, and indicated 

her intent to remain in Europe for a 12 month period for travel purpose 

SP5| — b6 — | MOS: 98G2LRU, DPOB: 

inf bó [was scheduled for discharge on 9 January 1976, but 

extended his enlistment until 10 November 1976. He had a US fee passport 
issued 6 July 1973 at New Orleans, LA, and indicated his intent 

to remain in Germany for 12 months to study. REG. land 

were unmarried. 


c. On 10 February 1976, cw2[ b6 | USASAFS Augsburg (USASAFSA) 
arrived on TDY at the tie area accompanied by one or two other personne} 


from the same station. is the Communications Security Custodian for 
USASAFSA and he supervised the removal of cryptographic communications 
equipment and escorted it back to USASAFSA. He stayed at the Kolmerhof 

Hotel in Rimbach, opposite the Company B administrative area. On 12 Feb- 
ruary 1976 he departed Rimbach and returned to Augsburg. On 12 February, 

the manager of the Kolmerhof Hotel contacted Company B to advise that an 
American guest had entered a room at the hotel on the night of 11-12 February. 
The guest was apparently extremely intoxicated, had become i11, and had 
vomited in large amounts all over the room, causing damage to carpets, furnitur: 
and bedding; evidence also indicated that the guest had urinated on the floor 
of the room. The manager presented a bill for DM 100 (approximateiy $40.00) 
and asked that it be passed on to the guest. The guest was determined to 
have been[b6 — ]and he readily admitted having caused the damage and sub- 
sequently paid the bill. 


d. Additional information concerning the physical plant at the target 
was obtained as follows: 


(1) Sewage service is provided by the firm Franz Lederer, St Sebastian 
Platz 1, Brueck (UQ0458). Mater service is provided by the firm Hans Lober, . 
Rauschstrasse, Nuernberg vorm Wald (UQ1069). The water is delivered by truck. 
The Comptroller Office, Seventh Army Training Center (SATC), Grafenwoehr 
advised that funds had been allotted to connect the target to the sewer and 
water systems of the adjacent French/ Bundeswehr compound. The construction 
of those lines will be completed by July 1976 and will replace the septic and 
holding tanks now in use. Agency checks are being conducted on the above- 
mentioned firms. 

690 
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(2) OBAG (the Upper Bavaria Power Company) has declared the main 
power cable serving the target, the French/Bundeswehr compound and the 
nearby Bundespost (German postal system) TV.relay tower to be inadequate. 
OBAG intends to lay a new power cable parallel to the present one, and 
has asked each using agency to contribute to the costs, on a pro-rata 
basis. As the situation now stands, loss of outside power would auto- 
matically put the LfV generator into operation. That generator is capable 
of supplying full electric power to both the operational and living areas 
of the target for a maximum of 206 hours. After that time, the generator 
must be shut down for refueling, oil and maintenance. 


(3) The SATC Military Community Fire Marshal recently inspected 
the target and indicated that some water must be made available for 
emergency fire use. The Neukirchen-Heilig Blut (UQ5258) Volunteer Fire 
Department indicated it had a 40-minute reaction time. The projected 
hookup to the French/Bundeswehr compound water system should make sufficient 
water available. 


e. Due to the staggered schedules of target personnel, they had de- 
cided against hiring a cook and will prepare their own meals as a community 
effort. Inquiries at the local Labor Office revealed an estimated monthly 


salary for a cook would amount to about DM 1300 and this had a major impact 
on their decision. 


4, Operational Matters: 


a. Information provided in the previous Quarterly Status Report is 
corrected/clarified as follows: There will be no SI area at the target. 
The highest access/classification will be Secret/Crypto. A request for a 
technical inspection had been submitted through ASA channels several months 
previously, which was not known by target personnel. The entire area, 
including the common room, will be subjected to a technical inspection prior 
to 21 May 1976. 


b. Reference paragraph 4c of reference c: [ b6 ^ ]eiosed the 
Hoherbogen Restaurant in late February 1976 and moved to the Augsburg area. 
Since his departure, the restaurant has remained closed. The entire file 
concerning be wif be prepared for:;transfer to Special es Detach- 


ment, 66th Military Intelligence Group for monitoring of 
in the Augsburg area. 


activities 
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owner of "Tina's Bar" in Furth-im-Wald (UQ4364), also 
intepted to move to Augsburg. |b6 |reportedly was a girl friend of several 
of the Company 8 senior enlistéd personnel. pee Je) med to have enough 
1 


money to purchase Or lease any type of establishment in the Augsburg area 
that she chose. Agency checks will be conducted concerning PE the 
1 


information will be passed to Special Operations Detachment she moves 
to Augsburg. 


d. Target members have the following privately-owned vehicles: 


License Number Type Owner 
KS-8739 1975 Chev van 
JA-9692 1964 VW sedan 
KH-8553 1970 Opel 
! JT-8306 1967 Mercedes 


Additionally, SP5 Pack owns two motorcycles, neither of which is registered 
at the present time, He intends to régister one of them and to store the 


other for shipment to CONUS when he is discharged in August 1976. SP4 
[pe buying a car from one of the civilian contractors in Augsburg `. 
and wi 


pick it up soon. 


e. Target members have had contact with three Americans in the area, 
at least two of whom are former Company B members. Barbara LNU was dis- 
charged in early 1976, is living in Koetzting (UQ4349) and is engaged to a 


German en. —hR-check of recent Company B rosters identified Spal be ] ; 
[P OS: S8G2LRU and SPA  bG — — O OSC 
ohzLCX as two possible individuals involved. P| b6 — Jof the target unit 


has been in contact with the American owner of "Fulsome's Club" in Koetzting. |j 
A third American, possibly formerly stationed at the site, but not yet | 
identified, allegedly works in Cham (UQ3054). 


fur Source Activity: 


a. B58,/86 has departed the target area for reassignment. 


Td b. PLO liaison contacts have revealed the following information con- 
: cerning target personalities: 
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(1) src[b6 jis a dedicated NCO who appears to know his job. He 
attended nearly three months of specialized training in the LFV system 
and related activities and is very knowledgeable of the mechanics involved 
in operation of the system. His assessment of individual members of the 
team coincides with the observations of the PLO.[b6 — Jappears to enjoy a 
spirit of mutual cooperation with the PLO. [be [advised the PLO that he 
has had very little trouble with the six personnel under his supervision, 
but the personalities of the six are beginning to emerge and he wished 
he had more indications of leadership qualities (i.e., willingness to 
accept responsibilities) from them. 


(2) spf be | nominally assistant NCOIC, is a quiet follower. He 


does his job, keeps his room very neatly, but is very non-assertive. 


(3) SP5 Pack is probably the most responsible of the team, has an 
exceTent personality, gets along well with everyone, and appears satisfied 
with his job and his hobby of motorcycles. His easy-going responsibility is 
attributed to his background; he is married and has one child. Prior to 
entering the Army, he had a good job in civilian life, and he knows how to 
work and to get along with others. l 


(4) spa[ b6  ]is a divorcee whose former wife is assigned to an ASA 
unit in West Berlin. He is a good worker but likes to enjoy himself after 
work. He has earned the respect of other team members because of his ability 
to separate work from play. : 


(5) SP4 [b6 lis an unknown quantity, but he has not caused any 
problems and he works well with others. 


(6) sm[ b6 — is an extrovert who enjoys being the center of 
attention. He does not get along well with spa bs] 
(7) sp4l b6 — Jis an introvert and the complete opposite of[be |] 


has an acid personality and only tolerates having others 
around him. He does not like his present assignment and has submitted two 
requests to be returned to Augsburg. He appears to be able to sit in a 


room full! of people and no one will notice he is there. PLO assessment of 
m NNNM n ere that they are typical ASA "kids", 
intelligent, not particularly gregarious, and sarcastic as long as they 


can get away with it. 


h 
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? 

c. No probtems of a security nature have arisen during the reporting 
period. There have been no indications of Hostile Intelligence targetting 
against target personnel during the reporting period. A vehicle from the 
Soviet Military Liaison Mission-Frankfurt was active in the target area on 
6 March 1976. Four sightings were reported during a two hours period; 
three were non-PRA sightings and one was a shallow penetration of PRA $13 
near Hoherbogen. (ne of the sightings was reported by Company B personnel. 


6. Comments : 


a. In amplification of previous generalized comments concerning the 
continued viability of the operation at the target, it is recommended that 
this operation be terminated at its present location. Whether or not the 
operation should be moved to another location where more sensitive ASA 
operations are being conducted is beyond the purview of a recommendation 
by this Battalion. The recommendation to terminate the operation at its 
present location was discussed informally with the S2, USASAFSA on 18 
March 1976 and was received with no serious objection. Rationale for the 
recommendation is as follows: 


(1) With the departure of Company B personnel from the target area, 
a total of seven personnel remain. The operations now being performed 
are far less sensitive and involve activity that is essentially automatic. 
LFV team members are essentially mechanics. It is less likely that a 
hostile intelligence service will devote the same priority as they did 
previously to exploit target personnel. Any confidential source recruited 
to cover the target "from within" would result in one individual watching 
the other six. It is not believed that a confidential source relationship 
with SFC Helus would be desirable nor appropriate; an effective liaison 
relationship with the PLO should be able to achieve the same results. 
Recruitment of another member of the team and targetting him against team 
members would necessarily include that source reporting onl b6 | activities. 
With the close working relationship of ati team members, this type of acti- 
vity could well lead to a gradual breakdown in the team effort and adversely 
affect[b6 _| leadership effectiveness, as it would provide for an unofficial 
A complaint channel and altow team members to "gang up" on the NCOIC. rather 
: than fill the goals of the operation as indicated in reference a. Any 
compromise at the target of such confidential source activities would 
} probably lead to a complete breakdown in effective liaison between|b6  ]and 
QUA the PLO. 
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1 


(2) SFC [b6 | appears to be completely competent to do his job and . 
to control his subordinates. His apparent leadership and management tech- 
niques, his insights into the various personalities of team personnel and 
his indicated awareness of potential problem areas all indicate that the 
PLO should be able to accomplish the goals of the plan through regular 
liaison with| b6  jand occasional casual contact with other target personnel 
on an opportunity basis. f : a 

(3) The time and expense requiréd to conduct confidential source i 
operations to achieve the goals of the operation do not appear to be 
justified for the reasons stated above. It is believed the same results 
can be achieved through aggressive ànd effective liaison. 


x 


- (4) Termination of the OPLAN (réference a) presupposes that nothing ` 
would change outwardly regarding the PLO's relationship to the target; he .- 
would still visit as often as before, he would conduct himself in the same .'. 
manner and he would continue to submit detailed reports on the results of 
each liaison visit. Any information obtained as a result of liaison that 
indicated a threat to the target or its personnel, or character or person- : 
ality weaknesses of target personnel would be reported to the S2, USASAFSA - . 
without delay and coordination would be effected for appropriate investigative 
action. - 


LA 


1t 


she r 
PI 


b. As an alternate proposal, if the recommendation in paragraph 6a " 
is not favorably considered, recommend that the OPLAN remain in effect, isa 
but that it be changed to limit contact with target personnel to liaison, 7 
that further consideration to the recruitment of confidential sources be ^7 
dropped, and that Quarterly Status Reports continue to be submitted. wa 
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DAMI-DOH (9 Apr 76) lst Ind 
SUBJECT: Internal Counterintelligence Program (ICIP) (U) 


DA, OACofS for Intelligence, ATTN: DAMI-DOH, Washington, DC 2031C 


T0: Commander, US Army Security Agency, ATTN:  DCSSEC, Arlington Hall 
Station, Arlington, VA 22212 


h This office concurs in the DCSI, USAREUR recommendation that the 
, CARELESS TOKEN, be terminated. 


2. (U) Request your comments or concurrence. 


FOR THE DIRECTOR OF INTELLIGENCE OPERATIONS: 


KARL V. HAERDLE 


Colonel, Q5, VEX 
1 Incl “Jom L. HEISS Hl 
nc (C) Colonel, GS 


Chief, BUMINT Division 
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AEAGB-CI(SO) 
SUBJECT: Internal Counterintelligence Program (ICIP) (U) 


HQDA (DAMI-DOH) 
WASH DC 20310 


1. (U) References: 


a. Operationa:Plan, 66th MI Group, 5 May 1975, subject as 
above, with 5th Indorsement, DAMI-DOH, OACSI, DA, 25 February 


| 1976 7. 

| 

| b. Letter, AEAGB-CI(SO), USAREUR, 10 February 1976, sub- 
ject as above . 


2. (U) Attached is the Quarterly Status Report pertaining to 
the ICIP CARELESS TOKEN for the period ending 1 April 1976. 


Tr ———— ÁN "T" = 


| 3. This office concurs in the recommendation by the 511th 
i MI Battalion that this ICIP be terminated. The diminishing 
! sensitivity of the target activity, and reduction in target per- 
: sonnel would appear not to justify the futher expenditure of 
counterintelligence assets and efforts required by this ICIP. 
i ; Consequently this office is directing initiation of formal co- 
| : ordination with US Army Security Agency (USASA), Field Station 
Augsburg for the purpose of terminating CARELESS TOKEN. 


i. (U) Request HQ, USASA be advised of USAREUR plans to 
terminate this ICIP. Comments in this regard by your office 
and HQ USASA would be appreciated. 


5. (U) ODCSI, USAREUR, Action Officer is Mr David R. Smith, 
AEAGB=CI(SO), HM 7354 (AUTOSEVOCOM 6752). 


FOR THE DEPUTY CHIEF OF STAFF, INTELLIGENCE: 


| 1 Inel A. J. IADEROSA 
| as Colonel, GS 
Chief, Counterintelligence 


Clegtseuzn gv Wf, DA; ivision 


DUOTILASBSIFICATION : 697 
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m 
DEPARTMENT OF THE ARMY 


SITH MiLiTARY INTELLIGENCE BATIALION 


66TH MILITARY INTELLIGENCE. GROUP 
APG 09606 — 


5 April 1976. 
B03130- 328-76 l 


La S A 


SUBJECT: CARELESS TOKEN (U) NE 
(Quarterly Status Report) i 


Commander 
66th Military Intelligence Group 
boc .. ATTN: — AEUMI-T«CI (EXCLUSIVE FOR ICIP CONTROL OFFICER) 
! APO 09108 


1. (U) References: 
| a. OPLAN, 511th MI Battalion, AEUMI-N-CE , 1-75, 1 May 1975. 
b. AEAGB-CI(SO), DTG 151640Z aui 75, ICIP. 
= | Pe AEUMI-N-CE, B03130-061-76, 23 January 1976, CARELESS TOKEN (U). 
© dv AEAGB-CI(SO), DTG 0915107 Mar 76, CARELESS TOKEN (U). 


E -2. (U): This Quarterly Status Report is submitted in accordance with the 
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ALUMI-N-CE — — mE E & April 1976 
SUBJECT: CARELESS TOKEN (U) | S 


reported would be the case, but instead have been removed to the Property 
Disposal Facility at Nuernberg for disposition. 


b. Two members of. Company B applied for European separations since 
November 1975, but it was not determined whether or not the applications 


had approved, since both personnel had been transferred to Augsburg. 
SP5 b6 | MOS: 98G2LRU, DPOB: | b6 Jän 

| b6 was scheduled for discharge on 20 May 1976. She had a US 

fee passport| b6 | issued 15 November 1973 in Boston, HA, and indicated 
her intent to remain in Europe for a 12 month period for travel purposes. 
SP5 | b6 | MOS: 98G2LRU, DPOB: [ _b6 

in| b6 Jwas scheduled for discharge on 9 January 1976, but 


extended his enlistment until 10 November 1976. He had a US fee passport 
issued 6 July 1973 at New Orleans, LA, and indicated his intent 


: to remain in Germany for 12 months to study. Both b6 and 
were unmarried. 
c. On 10 February 1976, CW2| 6 USASAFS Augsburg (USASAFSA) 


E arrived on TDY at the target area accompanied by one or two other personnel 
boo from the same station. fbe Jis thé Communications Security Custodian for 
USASAFSA and he supervised the removal of cryptographic communications l 

equipment and escorted it back to USASAFSA. He stayed at the Kolmerhof 

Hotel in Rimbach, opposite the Company B administrative area. On 12 Feb- 

ruary 1976 he departed Rimbach and returned to Augsburg. On 12 February, 

the manager of the Kolmerhof Hotel contacted Company B to advise that an 

American guest had entered a room at the hotel on the night of 11-12 February. 

The guest was apparently extremely intoxicated, had become ill, and had 

vomited in large amounts all over the room, causing damage to carpets, furniture 
. and bedding; evidence also indicated that the guest had urinated on the floor 

of the room. The manager presented a bill for DM 100 (approximately $40.00) 

and asked that it be passed on to the guest. The guest was determined to 

have been[ b6 land he readily admitted having caused the damage and sub- 

sequently paid the bill. 


d. Additional information concerning the POEM plant at the target. 
was obtained as follows: 


(1) Sewage service is provided by the firm Franz Lederer, St Sebastian 
Platz 1, Brueck (UQ0458). Water service is provided by the firm Hans Lober, 
Rauschstrasse, Nuernberg vorm Wald (UQ1069). The water is delivered by truck. 
The Comptroller Office, Seventh Army Training Center (SATC), Grafenwoehr .. 
advised that funds had been allotted to connect the target to the sewer and 
water systems of the adjacent Frencly Bundeswehr compound. The construction 
of those lines will be completed by July 1976 and will replace the septic and 
holding tanks now in use. . Agency checks are being conducted on the above- 
mentioned firms. 
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AEUMI-N-CE 5 April 1976 


SUBJECT: CARELESS TOKEN (U) 


(2) OBAG (the Upper Bavaria Power Company) has declared the main 
power cable serving the target, the French/Bundeswehr compound and the 
nearby Bundespost (German postal sysiem) TV relay tower to be inadequate. 
OBAG intends to lay a new power cable:parallel to the present one, and 
has asked each using agency to contribute to the costs, on à pro-rate 
basis. As the situation now stands, loss of outside power would auto- i 
matically put the LfV generator into operation.. That generator is capable . 
of supplying full electric power to. both the operational and living areas 
of the target for a maximum of 206 hours. After that time, the generator 
must be shut down for refueling, oil and maintenance. 


(3) The SATC Military Community Fire Marshal recently inspected 
the target and indicated that some water must be made available for 
emergency fire use. The Neukirchen-Heilig Blut (UQ5258) Volunteer Fire 
Department indicated it had a 40-minute reaction time. The projected 
hookup to the ‘French/Bundeswehr compound water system should make sufficient 
water available. 


e. Due to the staggered schedules of target personnel, they had de- 
cided against hiring a cook and will.prepare their own meals as a community: 
effort. Inquiries at the local Labor Office revealed an estimated monthly ` 
i salary fer a cook would amount to about DM 1300 and this had a major par, 

: on. their decision. 


4. fo ‘Operational Matters: 


"Information provided in ihe previous Quarterly Status Report is 
darredor cd as follows: There wil] be no SI area at the target. 
The highest access/classification will be Secret/Crypto. A request for a 
technical inspection had been submitted through ASA channels several months 
previously, which was not known by target personnel. The entire area, 
including the common room, will be Subjected to a technical inspection prior 
to 21 May 1976. 


b. Reference paragraph 4c of reference c: [ b6 — eosed the  - 
l Hoherbogen Restaurant in late February 1976 and moved to the Augsburg area. 
Since his departure, the restaurant has remained closed. The entire file 
concerning[b8 will be prepared far transfer to Special m Detach- 


ment, 66th Military oL E ied for monitoring of! b6 activities © 
in the Augsburg area. 


NEM M REGARDED UNCLASSIFIED 
PP | ON SEP 09 jr] 
; BY CDR USAINSCOM FOI/PO 
x. Auth Para 1-603 DoD 5200.1R 


Page 2195 of 3957 


T ae P age 2196 of 3957 


AEUMI -N-CE 


s ; 5 April 1976 
SUBJECT: CARELESS TOKEN (U) 


c| b6 — | owner of "Tina's Bar" in Furth-im-Wala (UQ4364), also 
intended to move to Augsburg. [b6 | reportedly was a girl friend of severa] 
of the Company B senior enlisted personnel. claimed to have enough 
money to purchase or lease any type of establishment in the be [and area 


that she chose. Agency checks will be conducted concerning and the 
information will be passed to Special Operations Detachment if she moves 
to Augsburg. : 


d. aet members have the folowing petuatelysmiüed vehicles: 


“License Number Type Owner 
KS-8739 1975 Chev van ` 
JA-9692 1964 VW sedan 
KH-8553 1970 Opel 
JT-8306 1967 Mercedes 


NL Additionally, SP5 Pack owns two motorcycles, neither of which is registered: 
: at the present time. He intends to register one of them and to store the 
. other for shipment to CONUS when he is.discharged in August 1976. SP4 
is buying a car from one of the civilian contractors in Augsburg 
and will pick it up soon. 


e. Target members have had contact with three Americans in the area, 
at least two of whom are former Company B members. Barbara LNU was dis- 
charged in early 1976, is living in -Koetzting (UQ4349) and is engaged to a . 
German citizen.: eck of recent Company B rosters identified SP4 E 
MOS: 98G2LRU and SP4 | b6 D 
Xas two possible individuals involved. SP4| b6 — Jof the target unit 
has been in contact with the American owner of "Fulsome's Club" in Koetz ting. 
A third American, possibly formerly stationed at the site, but not yet 
identified, allegedly works in Cham (ug3054) 


5. p Suis Activity: 


a. 658, 786 has departed the target area for reassignment. 


b. PLO liaison contacts hàve revealed the fóllowing information con- i 
cerning target personalities: : 
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AEUMI-N-CE | NO l 5 April 1976 
| SUBJECT: CARELESS TOKEN (U) 


l (1) S DG | is a dedicated NCO who appears to know his job. He 
attended nearly three months of specialized training in the LFV system 
and related activities and is very knowledgeable of the mechanics involved 
‘in operation of the system. . His assessment of individual members of the 
team coincides with the observations of the PLO. appears to enjoy a 
„Spirit of mutual cooperation with the PLO. EE the PLO that he 

. has had very little trouble with the'six personnel under his supervision, 
but the personalities of the six are beginning to emerge and he wished 
he had more indications of leadership qualities (i.e., willingness to 
accept responsibilities) from them. - 


(2) SP5[b6 | nominally assistant NCOIC, is a quiet follower. He 
does his job, keeps his room very neatly, but is very non-assertive. 


(3) SP5 Pack is probably the most responsible of the team, has an 
excellent personality, gets along well with everyone, and appears satisfied 
with his job and his hobby of motorcycles. His easy-going responsibility is 
attributed to his background; he is married and has one child. Prior to 
entering the Army, he had a good job in civilian life, and he knows how to 
work and to get along with others. .  - 


.(4). SP4| b6 | is a divorcee whose former wife is assigned to an ASA 
unit in West Berlin. He is.a good worker but likes to enjoy himself after 
work. He has earned the respect of other team members because of his ability 
to separate work from play. He 


. (5) | SP4 b6 lis an unknown quantity, but he has not caused any 
problems and he works well with others. 5. 75 


.. (6) SP4 [b6 — ]is an extrovert who enjoys heina the center of 
attention. He does not get along well with SPA| b6 


- - (7) - SPA [. b6 is an introvert and the complete opposite of | b6 
b6 has an acid personality and only tolerates having others 


around him. He does not like his present assignment and has submitted two - 
requests to be returned to Augsburg.: He appears to be able to sit in a 
room full of people and no one will notice he is there. PLO assessment of 

b6 and| b6 are that they are typical ASA "kids", £ 
intelligent, not particularly gregarious, and sarcastic as long as they ` 
can get away with it. : 
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AEUMI-N-CE | ae d 2 /5 April 1976 
SUBJECT: CARELESS TOKEN (U) | 


c. No problems of a security nature have arisen during the reporting 
period. ` There have been no indications of Hostile Intelligence targetting 
against target personnel during the reporting period. A vehicle from the 
Soviet Military Liaison Mission-Frankfurt was active in the target area on 
6 March 1976. Four sightings were reported during a two hours period; 
three were non-PRA sightings and one was a shallow penetration of PRA #13 
near Hoherbogen. One of the sightings was reported by Company B personnel. 


e. Key Comments : 


a. -In amplification of previous generalized comments concerning the 
continued viability of the operation. at the target, it is recommended that 
this operation be terminated at its present location. Whether or not the 
operation should be moved to another location where more sensitive ASA 
operations are being conducted is beyond the purview of a recommendation 
by this Battalion. The recommendation to terminate the operation at its 

. present location was discussed informally with the S2, USASAFSA on 18 
March 1976 and was received with no serious objection. Rationale for the 
recommendation is as follows: B 


(1) With the departure of conpany B personnel from the. target area, 
a total of seven personnel remain. The operations now being performed 
are far less sensitive and involve activity that is essentially automatic. 
LFV team members are essentially mechanics. It is less likely that a 
hostile intelligence service will devote the same priority as they did 
previously to.exploit target personnel. Any confidential source recruited - 
to cover the target "from within" would result in one individual watching 
the other six. It is not believed that a confidential source relationship 
uu with SFC Helus would be desirable nór appropriate; an effective liaison 
relationship with the PLO should be:able to achieve the same results. 
Recruitment of another member of the team and targetting him against team 
members would necessarily include that source reporting on be activities: 
With the close working relationship ‘of all team members, this type of acti-. 
vity could well lead to a gradual breakdown in the team effort and adversely 
affect! b6 leadership effectiveness, as it would provide for an unofficial 
complaint channel and allow. team members to "gang: up" on the NCOIC. rather 
than fill the goals of the operation as indicated. in reference a. Any 
compromise at the target of such confidential source activities would 
probably lead to a complete breakdown in effective liaison between b6 and 
the PLO. 
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AEUMI-N-CE ` uS TES 5 April 1976 
. SUBJECT: CARELESS TOKEN (U) » 


(2) sFC[b6 | appears to be completely competent to do.his job and 
to control his subordinates. His apparent leadership and management tech- 
niques, his insights into the various personalities of team personne] and 
his indicated awareness of potential prohlem areas all indicate that the 
‘PLO should be able to accomplish the goals of the plan through regular 
. liaison with| b6 Jand occasional casual contact with other target personnel 
ón an opportunity basis. 


(3) The time and expense required to conduct confidential source 
operations to achieve thé goals of the operation do not appear to be 
justified. for the reasons stated above. It is believed the same results 
can be achieved through aggressive and effective liaison. 


(4) Termination of the OPLAN (reference a) presupposes that nothing 

: would change outwardly regarding the PLO's relationship to the target; he 
would still visit as often as before, he would conduct himself in the same 
manner and he:would continue to submit detailed reports on the results of 
each liaison visit. Any information obtained as a result of liaison that 
indicated a threat to the target or its personnel, or character or person- 

ality weaknesses’ of target personnel would be reported to the S2, USASAFSA' 

- without delay and coordination would be effected for appropriate investigative 
i action. 


b. As an alternate proposal, if the recommendation in paragraph 6a 
is not favorably considered, recommend that the OPLAN remain in effect, 
but that it be changed to limit contact with target personnel to liaison, 
that further consideration to the recruitment of confidential sources be 
dropped, and that Quarterly Status Reports continue to be submitted. 
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DAMI-DOH (28 Apr 76) ist Ind 
SUBJECT: Internal Counterintelligence Program (ICIP) (U) 


DÀ, OACofS for Intelligence, ATTN: DAMI-DOH, Washington, DC 20310 .. "^ $% 


YO: Commander, US Army Security Agency, ATTH: DCSSEC, Arlington Hall 
Station, Arlington, VÀ 22212 


w l 
1. The attached Operations Plan for an Internal Counterintelligence 
Progtes (ICIP) in support of the US Army Security Agency Field Station 
Berlin is forwarded for review by the Commander, US Army Security Agency. 


2. (U) Request correspondence be returned to this office after approval 
or comment by your commender. 


FOR TEE DIRECTOR Of INTELLIGENCE OPERATIONS: 


aes V. HAENDLE i 
onel, GS, USA 
l Incl JOHN L. HEISS TIL 
ne (C) Colonel, GS 
Chief, HUMINT Division 
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AEAGB-CI(SO) 
SUBJECT: Internal Counterintelligence Program (ICIP) (U) 


ÓÉÓM 


. HQDA (DAMI-DOH) 
i WASH DC 20310 


: 1. (U) References: 


a. Message, DAMI-DOH, DA, 0321152 December 1975, subject 
; as above (D 


b. Message, AEAGB-CI(SO), USAREUR, 0617552 January 1976, 
subject as above (S) (BOM). 


! c. Message, DAMI-DOH, DA, 0921172 April 1976, subject as 
' above (C) (BOM). 


2. The attached Operations Plan for an Internal Counter- 
inte#ligence Program (ICIP), in support of the US Army Security 
Agency Field Station Berlin (USASAFSB) is furnished for ACSI 
review and approval. The ICIP is designed to supplant Project 
FILMAN, and external CI support program, and to provide the Cdr, 
USASAFSB a more complete CI program for identifying and 
neutralizing the hostile intelligence threat to his activities 
and personnel. 


3 Cdr, USASA, Arlington Hall, concurred in the proposed 
cancéllation of Project FILMAN and initiation of an Aggressive 
i Deféns&ve Source Acquisition Program (ADSAP) (see inclosure 3 
! to basic OPLAN). However, the ADSAP concept was subsequently 
i discarded in favor of an ICIP. Consequently, recommend the 
- attached OPLAN be coordinated with Cdr, USASA, Arlington Hall. 


; 4, (U) .Recommend approval. 
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AEAGB-CI(SO) 
SUBJECT: Internal Counterintelligence Program (ICIP) (U) 


AEAGB-CI(SO), HM 7354 (AUTOSEVOCOM 6742). 


t. A : 
i Incl OLIVER W. DILLARD 
Major Generali, GS 
Deputy Chief of Staff, 
Intelligence 


5. (U). ODCSI, USAREUR, Action Officer 18 Mr David R, Smith, 
RB 
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: OPERATIONS PLAN 

3 

! SUBJECT: Internal Counterintellizence DATE: 13 February 1976 

: Program (ICIP) (U) i 

i 

i REFERENCES: a. Letter, AEACB-CI(SO), OPLAN NO: 01-76(BCE)BLN 
dete3 27 December cea Subject: Internal 
Cosnterinte:lice yom (TOTP sith PROJEOT HO: gadis 


Iet SENE i 
Pa. eg riş Pop ae ai 


+5 January 1975 


b. Group Resulation 381-10. 
Defensive Counterinteiligence Sources, 
dated 4 February 1976. 


c. FY 30-14 ff. Counter- 
intelligence Special Operations, February 


1973. 


d. AR 381-12, Subversion end 
Espionage Directed Azainsi the US Army and 
Deliberate Security Violations, 18 October 
1974. l 


e. Letter, IACG, dated 20 
October 1975, Subject:  Azzressive Defer- 
sive Source Acquisition Program (ADSAP)(U). 


-— o mE I ILILJ 


1. MISSION. 


a. Requirement: To ccllect significant counterintelligence informa- 
tion throuzh the utilization of overt liaison contacts (OLC). Casual 
Sources (cs) and Confidential Recruited Sources (CES) assigned to the US 
Army Security Agency Field Station Berlin (USASAPS3), hereafter referred i 
to as ASA. The Sources will be specifically targetted agsinst Hostile 
Intelligence Services (HoIS) ectivities 4irentel tovari ATi and arsins: 


tho security vuineru;ilivies of £54 personnei. 


b. Objective: To provide responsible commanders end supervisors in 
ASA with a concentrated program desizned to detect, eliminate or neutralize: 


CLASSIFIED BY: _ACS7, DA ht. 
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(1) espionage, sabotage, subversion or deliberate security viola- i 
tions against ASA or ASA personnel; 

(2) disloyalty, disaffection, and security weaknesses prevalent 
! among personnel assigned. to ASA; 


(3) individuals in sensitive nositions who, by charscter weaknesses 
or personal conduct, render themselves vulnerable to coercion or black- 
mail by HolS, either while the individuals are in their present positions 
or when they are assigned later to another unit. 


c. Base of Operations: Berlin Field Office, 766th MI Detachment, 
West Berlin. . - 


202: PERSONNEL. 


a. Source Personnel: Not yet selected. Spotting has started with 
the assistance of $-2, ASA, but no vetting or recruitment of Sources will 
be made prior to the approval of this OPLAN. To give adequate coverage of 
ASA, a minimum of 12 CS/CRS's will be required within ASA. The Sources 
must meet the following criteria: 


€—— À 


(1) Reasonable amount of intelligence and high degree of common sense. 


(2) Above-average sense of loyalty to duty and country, and a strong 
dedication to duty assignment. 


(3) Trustworthy, reliable and discreet. 
(4) Ability to take directions. 


(5) Clean record, to include no character deficiencies. 


pnt me ee et ee ee ee ees 


(6) DEROS not later than one year from recruitment. 


b. US Army Intelligence Personnel: 


(1) Project Liaison Officer (PLO): The PLO will be responsible for 
OLCs and the spotting, assessing and recruitment of Sources at ASA. The 


OIC, CE/SAR Team, will be the PLO. 


i l (2) Project Control Officer (PCO}: The PCO will be responsible for 
: the management and control of Sources in this operation. The OIC, CE 


Programs, will be the PCO. 
(3) Case Officers (CO): Only Special Agents {S/A) assigned to the 
Berlin Field Office will initially be tasked to act as CO's. 
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T (4) Other Supervision: 
E E IDE EUN C RE 
: (a) Supervision for the conduc: and operating control of this opera- 
"a tlon will be vested in the OIC, CE Sosction. 
i (b) Zroac opercticnal czcite Shio contro! and policy guidance aiv 
q vested in the Beriin Field Office Cuumander and Operations Officer. 
(c) The Divector of Operations, Headquarters, 66th MI Group, will 
2 be responsible for the operational control] of this ICIP, will coordinate 
H all ICtP activities with the CIP Control Officer, ODCSI, USAREUR, and 
! : with the Commander, USASA Europe, and will levy requirements on other 
1 subordinate counterintelligence (Ci) elements of the 66th MI Group as 
d l 
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i (wes EXECUTION. 


a. Background: The location and highly sensitive mission of ASA make 
it of logical interest to HolS, particularly in this area to Soviet 
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Intelligence Services (SIS) and Intelligence Services of the German 
Democratic Republic, whose technical and personal access to ASA areas 
are facilitated by the geographical location of ASA which is completely 
surrounded by a Communist country. HolS can use some uncontrolled means 
of transportation to enter and leave the vicinities of ASA installations. 
and can use any of several official East Bloc representations in the area 
as cover for their activities. Past investigations and CI special opera- 
tions have confirmed HolS interest in ASA and in HolS' collection of data 
on ASA personnel, to include personalia, character traits and weaknesses, 
and possible motivating points. Headquarters, USASA, Arlington Hall, 
Virginia, has approved the use of ASA personne! in ICIP. 


b. Concept: 


(1) The cultivation and use of OLC's, and the spotting, assessing and 
recruitment of non-ASA personnel in the area will continue in effect and 
be expanded as necessary, without requiring prior approval under this 
OPLAN. 


(2) Upon approval of this OPLAN, coordination will be effected with 
$-2, ASA, for purposes of obtaining Leads and for facilitating screening : i 
of ASA personnel records. tn addition, the PLO will develop other means 
of spotting and assessing Leads as described in paragraph 3a(2) above. 
PLO will also be the initial point of contact for those ICIP assets who 
have been transferred from another area to this area. 
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L— c. Source Activities in the Target Area: Sources will perform their 
Ormal milttary duties whtle covertly and discreetly attempting to answer 

| the following EEI, both from on-duty and off-duty contacts and experiences: 

i 

| 

t 

| 


(1) Identification of ASA personnel who closely and continuously 
associate with foreign nationals having connections with Communist countries; 


(2) Identification of ASA personnel uno perform authorized or un- 
authorized travel to Communist countries; 


(3) Detection of disaffected ASA personnel; 


(4) Detection of ASA personnel whose activities and/or character 
weaknesses render them vulnerable tc blackmail or HoiS exploitation; 


(5) Detection of ASA personnel whose activities are indicative of 
potential defection or desertion; 


(6) Detection of ASA personne} who have memberships in or associate 


with members of organizations, clubs, groups or other activities which 
pose actual or potential threats to the security of ASA, 
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Opérations Plan, 

d. Security Considerations: 

(1) Individuals who are approached for recruitment who decline to 
function as Sources will be asked to sign security statements which 


clearly state that iz fe entesful to make any unauthorized disclosure 
concerning the recruitment approach or the activities under this OPLAN. 


aE sails en pe a BS aidian be metal o 


(2) Individuals who are approached for recruitment prior to their 
arrival at the ASA target area, and who decline to function as Sources, 
will be considered for assignment to some location other than the target 
area, if circumstances and military priorities permit. 


de awe", 


(3) No actual or potential Source will be made aware of the source 
relationship with any other individual in this program. 


CoU All CRS's will be met under covert conditions, away from the 
tarcet area; under conditions that will provide maximum security against 


ivertent disclosure of the source relationship. 


sem Me dus 


(5) Separate and plausible cover stories for status and for action 
will be arranged with each CRS to provide a logical reason for regular 
meetings between ERS and CO. 


Aw — wea meo 4. 9 dede A 


(6) Each CRS will be provided sufficient training in security and | 


meeting arrangements so as to minimize possibilities of compromise of 
the source relationship. 


i (7) In the event of compromise of a CRS and/or the nature of this 
operation, termination of the source will follow under such conditions 
as are warranted by the circumstances of the compromise. in the event 
of a compromise, denial of US Army Inter igancé involvement witi be 
achieved where plausible. 


(9) Non-U5 Local Wage Rate Investigators employed by the 66th MI 
Group will not be made aware of the existence of this OPLAN or of the 
Source relationship with any CRS. 


(9) Knowledzeability of this OPLAN, to include the identity € of 
the target, will be kept to a strict mirnic ^. - Le $e prisa 
duais viih a strict "need to know" will 


sa Melt Ge cert. 


(10) Upon the termination of a Scurce in ue area, proper debrief- 
ing action will be taken in accordance with 66th NI Greup Remulation 321-10. 
end consideration will be given to the trensfer SONS: to the appropriate 
CI element in the Source’s new 2ssizrrer? arez. 
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e. Production: 


y (1) Operational information «i;: be forwarded by Agent Report and/ 
NE or other appropriate reporting mear. to Headquarters, 66th MI Group, 
i ATTN: ASuMI-T-CE. 
P (2) Suitabilicy information oc security information having an | 


immediate, significant impact on :^- command will be brought to the 
attention of the Commander, USASArs:, through his S-2. 


re ' 


(3) Information pertaining to or identifying overt or covert 
“sources will not normally be passed as individual items to ASA without 


q the specific approval of DCSI USAREUR, through Headquarters, 66th MI Group. 


(4) Once this OPLAN has been approved and placed into operation, 
progress reports will be submitted every 60 days. 


(5) Periodic briefings to ASA can be accomplished through OLC's 
by the PLO. 


e eo see Fs aues mmm sss 


| 5. ACY COMMUNICATIONS: 
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7. (ef FINANCE AND LOGISTICS: 


a. Finance: 


9s» Wada SEE Kai d dere ROME tee an 


| .(2) l | 


3) 


(4) 


(5) " 


b. logistics: No special logistics or equipment requirements are 
foreseen at this time, which would require procurement of equipment not 
presently on hand. If such equipment requirements arise, appropriate 
requests wijl be submitted for approval and funding. 


"unb 
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c. Estimates: See attached Financial Annex for en estimate of over- 
all expenses to be incurred by PLO, CO's end Sources. throuch the remainter 
of FY TÉ. und FY TT. 


| | 8. m z SRMINATION: 


&. The duration of this PLAN will be for an iniefinite period, or 
until such time that it is determined that the sensitivity of the target 
and/or the drawdown of assigned personnel at ihe tarzet. no lonzer war 
rant continuation of the operation. 


Moi aeter iam oue pe q PI TIPP Ra] PUT 


b. Termination of Sources will be in aocordance with 66th MI Group 
Regulation 381-10, or other appropriate source directives. 


C% COORDINATION: 


| a. The purpose and objective of this OPLAN as outlined in Mission 
above has been coordinated with the Commander, USASAvSB. 


b. Preliminary coordination of the action whick this OPLAN is to 
accomplish wes initiated zs indicated in ANNEX 3 (coordination backzround). 


c. EEI developed in and derived from this operation will be reviewed ; 
at all levels for acquisition and retention criteria contained in AR 380- j 
| 13. : . 
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Freedom of Information Act/Privacy Act 
Deleted Page(s) Information Sheet 


Indicated below are one or more statements which provide a brief 
rationale for the deletion of this page. 


x Information has been withheld in its entirety in 
accordance with the following exemption (s): 


5 USC 552 (b)(1) 


It is not reasonable to segregate meaningful portions of the 
record for release. 


Information pertains solely to another indiviđual with no 
[| reference to you and/or the subject of your request. 


Information originated with another government agency. It has 
been referred to them for review and direct response to you. 


E 


Information originated with one or more government agencies. 
We are coordinating to determine the releasability of the 
information under their purview. Upon completion of our 
coordination, we will advise you of their decision. 


[ 
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NO DUPLICATION FEE 
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ANNEX B- COORDINATION BACKGROUND 

1. CI support provided by the 766th MI Detachment to the US Army 

Security Agency Field Station, Berlin (USASAFSS) is in accordance with 

the provisions reflected in OPLAN titled project Filman. The proposal 

to improve CI support provided? io USASAPSD by cancellin= projeci Pinen 


ang replacing ii with en existing Asxressive DofÓoniive Tourre Accuisiticn 
Prozrer (ADSAP) was presented to USASAFSS in = letter tated 19 Septemser 


1975, cepy of waich is eiz&caed to this Annex as Inclosure 1. 


SO isis: forwarded to Headquarters, US Army Security Agency, 
liffgton Hall Station, ihe above referenced letter (Inclosure 1) with 
a recommendation that project Filmen be replaced with the 766th Ki De- 
tachment's ADSAP. Copy of the USASAPSE letter is attached to this 
fmnex as Inclosure 2. 


3. In a letter dated 20 October 1975, the Commander of the US Army 

Security Agency concurred in the cancellation of project Filmen end ini- 

tiation of the 766th MI Dete-hment's ADSAP program. A copy of the letter 
is attached to this Annex as Inclosure 3. 
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3 Cormander - 
i USASAFSB mE e 
: ATTN: 8-2 i i 2 <a 
APO 09742 E | , pc 
: í u & 
! .1. (U) ‘he purpose of this proposed action is to provide increased 5 o 
i “and improved counteríntelligence support to the U3 ay: Security £ : 3 
i -Agency Field Station, Berlin (USASAFSB). ee 
| 2 ter In 1970, a CI operations plan was submitted by Berlin Field me 
i Station, 66th MI Group, to correspond with the activation of the 
USASAFSB site known as "Teufelsberg". The operations plan wes m 
designed to provide counterintellízence support to the project > È 
throuzh the utilization of sources, either anong the local work : Pe E 
force or through personnel located in establishnents frequented 
by the work force. Because the local work force was too transient f 
in nature to effectively insert 4 source before they completed work (a 
on site, source recruitment efforts were concentrated on individuals u 8 d 
who associated with ASA personnel at local entertaiment establish- e y 
ments and at social functions. Initially through coordination vith t4 
the S-2; USASAFSB, a list of establinhments frezguente? ws UILSAPSS mmc 
perzouucl eng pTODLTOl ond LBl.ompl3 wert L2is t2 introduce sources os 
into sone of the establishments. We presently have six sources az. 
n 


under the Filman project who have provided limited information. 
However, to date these sources have provided routine information of 
low level CI significance, priuarily of interest to US Arzy Berlin 
Brigade and not to USASAYSB. In enoroxizzstoly 1973, USASA withdrew 
Tinancial suvcstTs of Tilma ant liscal responsibility reverted to 
the 66th MI Group. The primary difficulty with the Filman project 
has been the peripherial nature of the sources and their difficulty 
in becoming accepted into ASA circles, since ASA personnel appear 
to associate in fairly close knit ASA circles. In short, peripheral - - 
sources have provided only peripheral leads. 


i 
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Cee ee en IS HB cU AC NC: E DELLI 


1 9 SEP 878 
AEUMI-BCZ 
SUBJECT: Project Filman (9) 


3. prosose that the Filman project be cancelled, that permisecon 
be granted to recruit ASA personnel within UZASATSB, and that the Agcris- 
Sive Dafensive Source Accuisition Progren (ADGAP) co used 23 the vehici^ 
to provide loTousivs ususveresplonsge support to J2ADAFOJ. A brief 
deceriztion of ADEA? ani general ADSAr Li is attached ag Inclosure. 
“This would enhence CI coverage of USASAFSB by providing rore flexibility 
within the francvork of one source program, access to the target areas 
and target personalities, a wider range of operations for sources, and 
more streonlined administrative procedures for the management of sources. 
Current Fliran.sources will be converted to the ADSAP progran, Sources 
will be preferably recruited within the target activity to provide infor- : 
mation on personalities and activities. Additional sources vill be 
recruited on the periphery or outside of tha target sites in ordor to 
enhance overall CI coveraze. Once it has been deterzined where a 
possible shortfall of information occurs, a concerted effort will be 
‘made to obtain sources who can provide that information.  Indiscrin- 
' dpnant selection and recruitment of sources vill be avoided and emphasis 
will be placed on a prospective source's ability to fulfill the require- 
- ments levied on him. 766th MID.will provide the 5-2, USASAFSB with the 
. desired qualifications for personnel to be utilized in the program and 
he will be requested to screen present personnel &ssizned to his unit 


L5 to determine those best qualified for recruitment. ADSAP will not 
 Supplant the 8-2, USASAFSB program of internal informants, but will 
. auguent his present activities. A target analysis vill be prepared 
, by this Detachment in coordination with the S-2, USASAFSB. Information 
oes solely of a suitability nature, will be reported directly to the o-2, 


USASAFSB, All other information will be reported ín accordance with 
re ing r ements, as outlined in LOI 6-TD, 66th MI Group. 


Prelininary discussions, conducted in August 1975, with the 
dex, USASAFSB, the Deputy Chief of Staff, Security, USASA Ecade 


Quarters, Arlincton 3211, “ar linia, and tio Comander, occa MI Group, 
indicated & favorable response w the above proposal. 


This Detachnent Hequaste your comments recoxnendations, 
* val of "e above FFOpotsie . . i ; ' "x 


os .ALLYN C. ROULTRY 
j LIC, MI 
RE + 
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AGGRESSIVE DEFENSIVE SOURCE ACQUISITION PROGRAM (ADSAP) 


i 
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ADSAP concerns itself with two categories cf human sources n3 defined 
by 24% MX Group LOI Hvaber 6-TD. These two source categories are Conven= 
tlonazi and Confidential, duc ADGAP is a CI threat information collection 
progran and sources recruited under this program should not be recruited 
'for coverage of a specific CE target. Sources are recruited within and 
on the periphery of sensitive installations and activities by combining 
toth active end passive measures to counter the information collection 
cepsbility of hostile intelligence services (HoIS) operating against US 
ee. fhe passive measures are designed to protect defense information 
fron unauthorized disclosure or compromise, while the aggressive measures 
are cesigned to obtain information which will lead to the detection and 
Reutralization of EoIS efforts directed egainst US Forces. 

General ADSAP EEI? 

a. Detection of suspicious activities, undüe Ínquísitiveness or 
obvious lack of good security imd Ru on thé part of or involving US 
Forces parepasen. 


b. Identification of US Forces personnel vho closely and continually 
` associate with foreign nationals having connections with Soviet Bloc 
countries. 


——————————— ey ene ~s- 
. 
» "n 


c. Identification of US forces personnel who make unauthorized or 
frequent authorized travel to Soviet Bloc countries. ; E 


ILI e 


a. Identification of US Porces personnel x who have continue? contact 
with iiam national personnel. . 


e. Detaction oF aisotiectea personsa . 


: f. Identification of US Forces personnel whose activities and/or 
character weaknesses either individually or in a cozbination constitute 

& clear and significant threat to US Forces in that they have rendered 

the US Forces connected personnel susceptible to exploitation by Eo13, 
Duocoplluilily to EOIS exploitation voc-zue of adverse guit2cility fzc- 

tors should ba coupled with at least one of the foregoing incicators of 
possitie HoIS interest. Specifie suitebility factors which could render 

US Forces personnel vulnerable to HoIS exploitation would be excessive 
indeoteadness or recurring financial difficulties; urexplained affluence; 
conduct such as criminal, inzoral or homogexual acts which could render - 
- 2 sm t 
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the individual susceptible to pressure; current and past mental and emotional 
instability; unusual work habits that do not conform to the daily pattern of 
fellow euployees, sudden unexplained changes in working or social hatits; 
sexusl misconduct; in seideMbtrs marital problems; tracing on the imterzorsi 
routed cr Oth rvis. LOIiLIlnz; Linguistic capabiliti:3 with Soviet or ot 
bloc z2r22zzol in unauthorised situations. 
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US Army Security Ageucy 
ATIN: D52 

Arlington Hell Station 
Arlington, Virginia 22212 


A 
l. Attacked ía'a copy of a letter waceired os 19 Sonteabor 1975 4 
from Commander, 766th Hilitzsrg I: a: > Eutachaent, 65th HI Groap, 
entitled "Project FIL i". fne lottar $c oi? explanatory but cea be 
sursariged as followa: Countezistolligz^.y support to U2a3Àr6 tes J 
bas been conducted sinso 1970 ui£2.or the peovisicns of FILXHAN, though D 
FILHAN was sotiefactory in concco,:, tt Onif-czd fro3 a lack of ient. 
support definition, particularly ia source acquisition nad reporting. 2 
A 
Í 


2> Cdr, 766th MID, proposes sn ALSAP eurmcpt errenramest which 
would provide sore direct source access to CZAJA porsssral and direct 
control of source coverage of actusi or L5 iatini eulorz2se EI Toa Mn 
Cdr, USASAFS Berlin concurfo ín ths conec>t aud éssiírcs to czeat S 
the program. COL Holden vas briciod on t^e nro'ra& eic his vicit 

-to Berlin in August 1975 sad ccacorved is the rtrOpeztol. (US Aeron. 


DA Poole set Li LLLI uu FR oe ag ER Qe A eat Seeds. iz pov A TA 
1975 and supported the coacept. X P 
32 Request your cczcur-zrenco 1a ceneollsiics of Project PILAN 

and adeption of the ALGAP by US/GA73 TBerliua/5-2th HIR. ^rzpropriata x 
safeguards vill be maintained vith laico aid Seen of TARASA 7 
sources should hostile istol*| iss oc ilii pue D p TAA godadere a 
Pequcst & feply G5 6604 us posdiloló oo we can tin “regetlatiog o : 
hex Reaorandum of Ünderatanding with Góth ET chee : 


YOR THE COMMANDER: 
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! DEPARTMENT OF THE ARMY 

ii UNITED STATES ARAD? SECURITY AGENCY 

1 ARLINGTON “ALL STATION 

E E ARLINGTON, ~ GPNJA 22212 

à | = 

a 

: 20 OCT 1975 
SUBJECT; Aggressiva Defensive Scire; Áccuizition Program (425^ BID 
- 

ü * 

4 

T Commander 

a USASA Field Station, Berlin 

: APO New York 09742 

d 

H va 
à * 

, 

E 1. (U) Reference IAEB-I Letter, dated 7 October 1975, Subject: 

1 Aggressive Defensive Source Acquisition Program (ADSAP) (U). 

k 2. I concur in cancellation of Project FILMAN and initiation of 
i the Aggressive Defensive Source Acquisition Program by the 766th MID, 
; 66th MI Group. A copy of the completed Memorandum of Understanding 

4 will be provided to this HQ, ATTN:  DCSSEC. 

; . 
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i, | a 
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| e WILLIAM I ROLYA 

3 Brigadier General, USA 


4 Commanding | 
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DATE — 
To obtain formal ACSI approval for termination of subject ICIP. 
MEMORANDUM POR RECORD. Torin Us craters emcee a Mag at en Tee Serene err 
the astian romarse i» other seeress. ) . 
1. Background: 

A l AEN 
. By ltr, 25 Feb 75, subject: CANTER RIDE (U), CDR, USAINTA requested approval 
for ICIP OPLAN CANTER RIDE (U). The OPLAN provided for the insertion of an MI Warrant 
Officer in cover status into the Advance Sensors Directorate of the US Army Missile 
Command (USAMICOM), Redstone Arsenal, Alabama, This specialized CI support was 
requested by CC, USAMICOM, to enhance the security of the Directorate and determine 
the extent, if any, of hostile intelligence penetration of Redstone Arsenal. The OPLAN 
was approved by the ACSI on 4 Mar 75. 


b. By lst Ind, 8 Apr 76, subject as above, CDR, USAINTA advised that on 23 Feb 
76, the ACSI gave verbal approval for termination of subject ICIP. The CDR, USAINTA 


"i nded formal termination approval. 
KOY Discussion: 


a. After a thorough review, it has been determined that subject ICIP has success- 
fully accomplished its objective. 


"b. CI security support is being provided the USAMICOM by the 989?ud—1t-Gp-by-tte 
902d MI Gp Redstone Resident Office, under the provisions of its Direct Support Compre- 
hensive Counterintelligence Program (DSCCR). 


c. This action furnishes formal approval to CDR, USAINTA to terminate ICIP CANTER 
RIDE (U) 


3. (Uv Recommendation: That the 2d Ind, (TAB A) be approved and signed by the ACSI. 


(Continue os plain bond. 
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BAMI-DOH (2 Apr 76} 2d Ind 
SUBJECT: Request for Termiustion of ICIP Operation CANTER RIDE (V) 


DA, GACofS for Intelligence, ATTN: BAMI-DOH, Washington, DC 20310: 1 R= 76 
TO: Commander, US Army Intelligence Agency, Fort Meade, Maryland 20755 

ICIP CANTER RIDE is formally terminated as recouusanded. 

FOR THE DIRECTOR OF INTELLIGENCE OPERATIONS: 


(fed: detn Lo Heiss M 
JOHN L, HEISS III 
Colonel, GS 

Chief, HUMINT Division 


— re 
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MIIA-GPB-AC (SP) 2 April 1976 
SUBJECT: Request for Termination of ICIP Operation CANTER RIDE (U) 


C 3 M 
U. S. Army Intelligence Agency 
ATIN: MIIA-SO 

Fart Meade, Maryland 20755 


spa qw 


l After a thorough review, it has been determined that ICIP 
tion CANTER RIDE has successfully accomplished its objective. 

To continue the operation utilizing SCOPI Source IC-B-083 would be an 

improper utilization of an MI warrant offioer, and would increase the 

potential for cumpromise as long as the insert Source remains in the 


target area. 


Ze OR as 18 February 1976, I visited Major General Turmmeyer, Comander, 
U. S. Army Missile Cammand, Redstone Arsenal, Alabama. During the visit, 
Major General Turnmeyer requested a recommendation concerning the continu- 
ation of the operation. I indicated that there was no known indication 

of cumpranise, but in view of the above, recommended that the operation 

be terminated and Source extracted as soon as the personnel system would 
permit. Major General Turnmeyer expressed his deep appreciation for the 
information previously provided through the operation, and while expressing 
his complete concurrence that the operation had successfully met its 
Objective, readily agreed that it should be terminated at once and the 
Source be extracted. 


3 = ti abo tabo tiet vus pulsed VE do ders c Me 
Support Detachment, USAINTA, and WIC Grimes, Commander, Special Operations 
Detachment, USAINTA, on 19 February 1976. Brigadier General Thompson, 
Commander, UBAINTA, was informed of the above on 20 Feburary 1976 and 
Aaron, ACSI, DA, on 23 February 1976. 


On 23 and 27 February 1976, the 902d MI Group requested USAINTA 
in the reassignment of Source IC-B-083. As a result of actions 
campleted by the Support Detachment, USAINTA, Source is in receipt of 
reassignment orders with an expected PCS date of 8 April 1976. 


| £0 oco GL bE MM 

| REGRADER UNCLASSIFIED s FICATION 
bi -~-A 11652 

| o E 

| Qi conusaiNSCOM FOIRO, g mE 

| — RUTH PARA 1-603 DoD SP?" 


P&rge-222 3-983953 —— — ——— ————————————————— 


[onc re -Page 2224 of 3957 


i 


Pd 


MIIA-GPBP-AC (SP) 2 April 1976 
SUBJECT: Request for Termination of ICIP Operation CANTER RIDE (U) 


| 
| © ; 
5. comprehensive counterintelligence security ty apport is also 
being to the U. S. Army Missile Command by the Redstone 
Resident Office, 902d MI Group, under the provisions of 902d MI Group 
Pamphlet 381-3, subject: Direct Support Comprehensive Counterintelligence 
: Program (USOCP) (U), to be published. The DSOCP, an all-source, multi- 
Hi discipline threat concept which is being developed for use throughout 
3 the 902d.MI Group, will continue in support of the U. S. Amy Missile 
Command concurrent with the termination of the ICIP Operation. 
| 


In view of the above, request formal approval of the termination 
of I Operation CANTER RIDE. 


ENDEN 


MIIA-SO-SA (2 Apr 76) lat Ind (C) 
SUBJECT: Request for Termination of ICIP Operation CANTER RIDE (U) 


HEADQUARTERS, U. S. ARMY INTELLIGENCE AGENCY, Fort Meade, Maryland 
20755 


HQDA (DAMI-DOH/LTC HAENDLE), WASH DC 20310 


| 
i 
| 
1 As indicated by paragraph 2 of the basic letter, the 902d 
Military Intelligence Group and the Commanding General of the US Army 
Missile Command determined in February 1976 that the primary objective 
of ICIP CANTER RIDE had bean acconplished and the operation should be 
| terminated. On 20 February 1976 verbal approval of termination was 
given by the CDR, USAINTA~ and by the ACSI on 23 February 1976. 


2. Counterintelligence security support is being provided to the 
US Missile Command by the 902d MI Group under íts Direct Support 
Comprehensive Counterintelligence Program (DSCCP) as described in 
paragraph 5 of the basic letter. Arrangements have been made for the 
extraction and reassignment of the insert source used in this operation. 
Source will be debriefed and terminated subsequent to hia 3 April 1976 
reporting date by the 902d MI Group, which is also his new unit of 


assignment. 


3. (U) Recommend formal approval of the termination of ICIP CANTER 
RIDE. 


Page 2225 of 3957 


: WILLIAM I. JENNINGS 
i n Special Assistant (OPS) 
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OFFICE S&$YMECOL . 

DAMI-DOH ! 
! DATE 

Operation CANARY EFFORT (U 6 May 1976 

o obtain formal ACSI approval for Termination of subject ICIP, 


rom mgCcOnD, — ( Destribe brisfty the requirement, background and action taken or recommended. Mart be suficiontly detailed to identify 
Mot sotien receurar te other sourees. ) . 


» a Background: 


a. Subject ICIP was established several years ago to support Arny organizations at 
Fort Ritchie, MD. 


b. In Sep 75, the reorganization and redesignation of the US Army Communications 
Command (USACC) - CONUS as the 7th Signal Command resulted. in a realignment of target 
areas of ICIP CANARY EFFORT (U), and increased coverage to the Telecommunications 
Directorate, the Alternate Joint Command Center (AJCC) the Alternate National Milítary 
Command Center (ANMCC), the Alternate National Command Center Support Directorate 
(ANMCCSD) and the East Coast Telecommunications Center (ECTC). Three sources and 
a Project Case Officer were used in this ICIP. 


c. By ist Ind, 8 Apr 76, subject as above, CDR USAINTA advised that on 23 Feb 76, 
the ACSI gave verbal approval for termination of subject ICIP and recommended that 
Subject ICIP be given formal termination approval. 


2 Discussion: 


`a.. ICIP CANARY EFFORT (U) was chosen by the CDR, 902d MI Group to be replaced by 
an overt comprehensive all-source, multi-discipline security support concept as defined 
in 902d MI Group Pamphlet 381-3, subject: Direct Support Comprehensive Counterintelli- 
gence Program, to be published, 


b. The ICIP sources previously supporting the operatíon were terminated without 
prejudice during Feb 76. The Great Skills Project Case Officer was released from 
duties on 1 Mar 76. 


c. Supported commanders were briefed on CANARY EFFORT termination during Mar 76, 
and assured that this action in no way relieved the 902d MI Group of the responsi- 


bility for continued overt, all-source, multi-discipline support subsequent to 31 Mar76 
` ^ (Continue on piain bond. 
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DAMI-DOH 
SUBJECT: Request for Termination of ICIP Operation CANARY EFFORE (U) 


d. This action provides formal approval to CDR, USAINTA to terminate ICIP 
CANARY EFFORT (U). 


3. (U) Recommendation: That the 2d Ind, (TAB A) be approved and signed by the ACSI, 
DA. 
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DAMI-DOH (2 Apr 76) 24d Ind 
SUBJECT: Request for Termination of ICIP Operation CANARY EFFORT (v 


DA, OACofS for Intelligance, ATTN: DAMI-DOH, Washington, DC 20310 l 
T0: Commander, US Army Intelligence Agency, Fort Mende, Maryland 20755 
ICIP CANARY EFFORT is formally terminated as recommended. 


. FOR THE DIRECTOR OF INTELLIGENCE OPERATIONS: 


2 Incl JOHN L. HEISS III 
nc Colonel, GS 


Chief, HUMINT Division 


ze-saded Unclassifiod 
4 When Seperated from 


Classified Inclosures 
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MIIA-GPB-AC (SP) é Aprii 1976 


SUBJECT: Request for Termination of ICIP Operation CANARY EFFORT  (U) 


U. S. Army Intelligence Agency 
ATIN: MIIA-SO 
Fort Meade, Maryland 20755 |j 


i. (U) References: 


^M 


: e$, USAINTA Letter, MIIA-SO-SA, subject: Chance in ICIP CVARY 
i LFTORE Support (U), dated 27 Jan 76, with 902à PI froun ist Ing, 
i MITA-GRL-AC (SP), dated 29 Jan 76. 


b. S020 7% Group Letter, Pw dbi , Subject: Pervination of 
ICIP Operation CAHARY EFFORT (U), dated 3 March 1976. 


' z CAA outlined in the above references, comles of which have been 
f provided under separate cover, I have chosen ICIP Operation CANARY LFTOWRC 


! to Le replaced by an overt cacorenensive all-source, milti-discivline 
security support concept as defined in 9024 HI Group Parphiet 381-3, 
subject: Direct Support Carprehensive Counterintelligence Progran, to lo 
published. ‘Toward this end, confidential ICIP sources previously 
supporting the operation were terminated without prejudice curing the 
Taonti of February 1976. The Great Skilis Project Case Officer was 

à released from duties in support of the operation on 1 March 1976. 


3.V & The termination of the ICIP Operation was coordinated by ry 

staff witn LIC Grimes, Comander, Special Operations Detachment, USATNTA, 
on 19 February 1976. The oral approval of the termination was gained fror. 
Brigadier General Tnaupson, Comander, USAINTA, and Major General Aaron, 
ACSI, DA, on 20 and 23 February 1976 respectively.  Supovorted commanders 
were briefed on the termination of the operation during March 1976 in 
conjunction with the rejularly scheduled quarterly ICIP briefings, and 
assured that this action ir: no way relieved the 902d MI Group of the 
responsibility for continuing overt, all-source, multi-discinline support 
subsequent to 31 March 1976. 
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2 April 1976 
MIIA-GPB-AC (SP) . 
SUBJECT: Request for Termination of ICIP Operation CANARY EFFORT (U) 


4. (U) In view of the above, request formal approval of the termination 
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i 1 
j MIIA-SO-SA (2 Apr 76) lst "^ i 
SUBJECT: Request for Termination of ICIP Operation CANARY EFFORT (u) 


HEADQUARTERS, U. S. ARMY INTELLIGENCE AGENCY, Fort Meade, Maryland 
20755 


TO: HQ (DAMI-DOH/LTC HAESDLE), WASH DC 20310 


i 1. (0 References la and lb of basic letter are attached as Yneloeures 
1 and 2, respectively. 


"t ^ AS moted in paragraph 2 and 3 of basic letter, although ICIP 

tion CANARY EFFORT was terminated effective 31 March 1976, comter- 
intelligence support will eontinue to be provided under the concepts of 
the 902d Military Intelligence Group Direct Support Comprehensive 
Counterintelligence Program, to be published. Verbal approval of this 
termination was given by the CDR, USAINTA, on 20 February 1976, and the 
ACSY on 23 February 1976. 


M Confidential sources utilized in this ICIP have been terminated. 


4. (U) Recommend formal approval of the termination of ICIP CANARY 
EFFORT. 
2 Incl — 
as Special Assistant (OPS) 
} 
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OFFICE SYMBOL 
DAMI-DOH 
DATE 


SaSRECT 


Internal Counterintelligence Program (ICIP) (U) : 
i - 26 Mar 76 


‘ACTION MHANDO 


To obtain approval of the quarterly ICIP report 


S POR RECORD. { Describe briefly the requirement, background end action taken or recommended. Mast be sufficiently detasied ta identify 
the action without romursa iv other sources. ) . . . 
© 1. (U) BACKGROUND: On 8 Feb 72, the Under Secretary of the Army requested that 


the VCSA provide a quarterly report on all ICIP operations. 
2. (U) DISCUSSION: 

a. During the past quarter there were no significant changes in number of 
operations or activities within operations. Reports of questionable suitability 


and security hazards were passed to the supported commands. 


b. Memorandum at TAR A transmits summaries of ICIP operations through the VCSA 
- to the Under Secretary of the Army for second quarter FY 76. 


3. (U) RECOMMENDATION: That the Memorandum at TAB_A be approved and signed by 
the ACSI. 


(Continue on pl ain bond). 
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MEMORANDUM THRU: VICE CHIEF OF STAFF, UNITED STATES RMY 
FOR: UNDER SECRETARY OF THE “EY 


SUBJECT: Isternal Counterintelligence Program (ICIP) (U)-- 
IRFORMATION MEMORANDUM l 


l. During the past ,uerter, six of the currently active Internal 
Copfterintelligence Progrem (ICIP) operstions provided informestion on 
incidents involving personnel suitsbility sed conditions reflecting 
poor security practices or wasknesses. Reports of these relztively 
minor conditions were furnished the commanders of the supported commends 
who took imediate corrective ^ction. 


2, (U) Tbe total nucber of ective ICIP operations remsing at nine, 
Summaries of activity in these operations during the last :,uarter are 
inclosedc. 


9 incl 
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DEPARTMENT OF THE ARMY 
OFFICE OF THE ASSISTANT CHIEF OF STAFF FOR INTELLIGENCE 
WASHINGTON, D.C. 20310 


2 


MEMORANDUM THRU: ¥EGE-GHEEP—OF -SEAPE,—-UNETED-SEATE ee wee, 
NOTED USA in, ^... 
FOR: Date... PE PR og 
COL Joh. Tedd, Exec, SAUS 


l 
| SUBJECT: Internal Counterintelligence Program (ICIP) (U)-- 
: INFORMATION MEMORANDUM 


1l. During the past quarter* six of the currently active Internal 
Cofnterintelligence Program (ICIP) operations provided information on 
i incidents involving personnel suitability and conditions reflecting 
i poor security practices or weaknesses. Reports of these relatively 
' minor conditions were furnished the commanders of the supported commands 
i who took immediate corrective action. 


Summaries of activity in these operations during the last quarter are 


| 

i 2. (U) The total number of active ICIP operations remains at nine. 
| 

| inclosed. 


| 9 Inci,, 
l as fefto, = ~ E 
| HAROLD R, ASTON 


Major Gaor I3 


p g ACois tor Inioiacence 
SIFIED 
REGRADER! UNGS) 


OVPO 
BY CDR USAINSCOM F 
AUTH PARA 1-603 DoD 6200.1-R 


Noted by the Under Secretary of the Army 

with comment: "On next quarter's review, 

X oeT- DEC 75" . please provide an analysis (of each ICIP 

| utr for the past year) to include statisptfs ." 
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MEMORANDUM THRU: VICE CHIEF OF STAFF, UNITED STATES ARMY 
FOR: UNDER SECRETARY OF THE ARMY 


SUBJECT: Internal Counterintelligence Program (ICIP) (U)-- 
THFOSMATION MEMORANDUM 


ES During the past quarter, six of the currently active Internal 
Counterintelligence Program (ICIP) operations provided information on 
incidents involving personnel suitability and conditions reflecting 
poor security practices or weaknesses, Reports of these relatively 
minor conditions were furnished the commanders of the supported commands 
who took immediste corrective action. 


2. (U) The totel number of active ICIP operations remains at nine. 
Sugmaries of activity in thase operations during the last quarter ere 
inclosed. 
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CANARY EFFORT: (QACSI Revalidation - 4 Feb 75) 

a. Location: Fort Ritchie, MD. 

b. Confidential Source Utilization: Three confidential sources. 

c. Information Obtained or Reported on Non-Affiliated Civilians: None. 

d. Useful Information Obtained: 

(1) During the reporting period, adverse suitability information 
(indebtedness, drug or alcohol abuse, moral improprieties and mental insta- 
bility) was reported concerning 17 individuais assigned sensitive duties. 


Monitoring continues; a limited investigation has beeu requested on one of 
the individuals. 


(2) This ICIP had previously identified alleged users of narcotics. 
As a result of an investigation conducted by USACIDC, 13 of these individuals 
were apprehended and charged with drug violations. Eleven of these 13 had 
security clearances and had access to the Alternate Joint Command Center. 


e. Operational Status: 


(1) On 18 December, the Project Liaison Officer (PLO) presented a 
Quarterly Progress Report to the Commander, US Army Communications Command 
(USACC). On 30 December 1975, the PLO presented the Quarterly Progress 
Report to the Commander, Fort Ritchie; Commander, USACC Site R Telecommuni- 
cations Center; and the Deputy ACSI&S, 7th Signal Command. All expressed 
appreciation and continued support for the ICIP. 


(2) At the request of the Director, Administrative Services, JCS, the 
portion of this operation in support of the Alternate National Military 
Command Center was terminated. 


D 
NU is 
eh ; el r 
ace e -5 SOM go 
oN SNNT S DO 
Bx CD SARA ad 
NUT 


Page 2238 of 3957 


25 CANINE PLATE: (OACSI Revalidation - 4 Feb 75) 
a. Location: Seneca Army Depot (SAD), Romulus, NY. 
b. Confidential Source Utilization: None, 


c. Information Obtained or Reported on Non-Affiliated Civilians: 


d. Useful Information Obtained: None, 


e. Operational Status: 


During the period, one conventional source was terminated due to his 
transfer from the area. One source is under consideration for recruitment. 
He is in the Maintenance Division, Directorate for Special Weapons (DSW). 

DSW is the primary SAD activity being supported by this ICIP, On 21 December 
1975, the PLO provided the Quarterly Briefing Report to COL Alden L. Cox, 
CDR, Seneca Army Depot. 
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A CANTER RIDE:  (O0ACSI Approval - 4 Mar 75) 
a. Location: US Army Missile Command (USAMICOM), Redstone Arsenal, AL. 
b. Confidential Source Utilization: One. 
c. Information Obtained or Reported on Non-Affiliated Civilians: None, 
d. Useful Information Obtained: 


(1) Adverse suitability information pertaining to a GS-12 civilian 
physicist with access tb Secret information who was assigned to the Optical 
Guidance Technology Office (OGTO), indicated that he probably was the 
catalyst for the sexually-oriented gatherings of OGTO employees which 
prompted a Sep 74 AR 15-6 investigation of OGTO personnel ordered by the 
CG, USAMICOM. As a result of that investigation, the present ICIP operation 
was initiated. The employee, who is apparently obsessed with sex has had 
numerous extra-marital liaisons during the last five years. He transferred 
to the Infrared Technology Office, Advanced Sensors Directorate, a highly 
sensitive office, in Aug 74. The Source, who obtained information by 
elicitation, was successful in identifying him only in recent weeks, The 
employee's departure from OGTO apparently broke up the clique and Source 
could uncover no new evidence of such activities among remaining OGTO 
employees. Near thé close of the reporting period, the employee applied 
for a position in Japan. The Commander, USAMICOM, was provided a summary 
of the information on the employee for appropriate command action. 


(2) Source identified an Army 1LT who was attempting to civilianize 
his duty position. The individual is.a naturalized citizen who was born 
in Shanghai, China, His security clearance was based on a favorable 
NAC only. 


e. Operational Status: On 10 October 1975, the Commander, 902d MI 
Group and the Project Liaison Officer briefed MG George E. Turnmeyer, the 
newly assigned Commander, USAMICOM. MG Turnmeyer affirmed his approval of 
the operation. In a subsequent briefing on 10 November 1975, MG Turnmeyer 
was apprised of the information reported in sub-paragraph d(1) above. It 
was concluded that since the operation had provided the information initially 
sought, it is now necessary to refocus the effort to emphasize security 
matters rather than suitability problems. 
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OP as TAX: (OACSI Revalidation = 4 Feb 75) 


a. Location: Sierra Army Depot (STAD), US Army Materiel Command, 
Herlong, CA. 


b. Confidential Source Utilization: One. 


c. Information Obtained or Reported on Non-Affiliated Civilians; 


d. Useful Information Obtained: None. 
e. Operational Status: 


One individual is under assessment for use as a confidential source. The 


quarterly progress report to SIAD officials was delayed until after the Christmas 


holidays. It is expected that the report will be presented sometime in January 
1976." The Commander and staff officers knowledgeable of the ICIP continue 
to provide their support. 
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Dis CENSUS TIME: (OACSI Revalidation - 4 Feb 75) 


a. Location: Pentagon Telecommunications Center (PTC), US Army 
Communications Command (USACC), The Pentagon, Washington, DC. 


b. Confidential Source Utilization: None. 


c. Information Obtained or Reported on Non-Affiliated Civilians: i 
None. 


d. Useful Information Obtained: 


(1) As a result of information gained concerning a suicide attempt 
by an Army NCO assigned to PTC a Limited Investigation was initiated. 
The investigation revealed that the NCO has a large number of outstanding 
debts, has lied on loan applications, and recently ordered a 1976 automobile 
which wili cost in excess of five thousand dollars. interviews concerning 
the NCO revealed alleged drug usage and homosexuality.  USAINTA directed 
that the NCO be interviewed concerning the allegations against him. The  . 
NCO has been assigned to the Logistics Branch, PTC, pending results of the 
Limited Investigation. 


(2) Adverse suitability information was reported on two additional 
NCOs assigned to PTC. Based on medical reports and rebellious attitudes 
one NCO was released from the Army by board action. The second NCO was 
reassigned to another Branch within the command and his access to classi- 
fied information was suspended for 90 days pending resolution of adverse 
suitability information. The NCO after a night of heavy drinking at the 
Ft Meyer NCO Club, began hitting his wife when she tried to arouse him 
after he had "passed out." The wife filed assault charges with the Military 
Police and withdrew them later. The PTC Commander counselled the NCO on his 
drinking and marital problems and assigned him duties where he has no access 
to classified information. 


e. Operational Status: 


On 18 Dec 1975, the Project Liaison Officer (PLO), CENSUS TIME, presented 
the Quarterly Progress Briefing to COL Donald E. Clark, CDR, PTC. The PIO, 
CANARY EFFORT, was also present at the briefing. In a re-evaluation of the 
target priorities within PTC, COL Clark requested that the PTC element of 
the Army Operations Center and the Hoffman Telecommunications Center be 
| covered by ICIP sources. Accordingly, the OPLAN for CENSUS TIME will be 
changed to include these targets. 
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| Q CENTAVO KID: (OACSI Revalidation - 4 Feb 75) 


| a. Location: Harry Diamond Laboratories (HDL), Adelphi, MD. 


b. Confidential Source Utilization: None. 
c. Information Obtained or Reported on Non-Affiliated Civilians: None. 
d. Useful Information Obtained: 


: (1) Suitability information concerning an employee of the Woodbridge 
Research Facility (WRF), a branch of HDL located in Woodbridge, VA, involved 
a problem of alcohol abuse. After counseling, the employee is ündegcoiuc a 
rehabilitation program. 


(2) From 7 October to 6 November 1975, a courtesy penetration test of 
HDL's Adelphi Facility was conducted. The penetrations succeeded in . 
revealing several security weaknesses and the supported command nas taken j 
corrective actions to remedy them. A number of the Security Guards were | 
transferred and guard procedures were changed. A new magnetic coded badge 
has been approved for purchase in FY 77. The PLO will also give a lecture 
to the HDL Guard Force on the penetration test and ways to foil attempted 
penetrations. 


e. Operational Status: 


. On 3 December 1975, the PLO presented the Quarterly Progress Report to 
COL Thomas McGregor, CDR, HDL. Also present at the briefing were MAJ Kenneth F. 
Keller and Mr. James F. Yeick, Security Officer, HDL. 


7. GONDOLA STAR:  (OACSI Revalidation - 11 Jul 75) 
a. Location: Aberdeen Proving Ground (APG), Aberdeen, MD. 
| b. Confidential Source Utilization: Eight. 
c. Information Obtained or Reported on Non-Affiliated Civilians: None. 
d. Useful Information Obtained, 


(1) Sources reported several instances of foreign contact by military 
and DOD civilian personnel in the supported activity. In one instance a 
citizen of the Federal Republic of Germany was assigned on an exchange 
program to work in the US Army Human Engineering Laboratory (HEL) until 
Sep 76. The source, who provided information on an employee's travel to 
Poland and Czechoslovakia in 1975, provided additional information on the 
employee's plans to travel to those countries again in 1976. A report 
of a civilian DOD employee at Edgewood Arsenal with some unexplained 
periods of time in his background prompted a request for a Limited Investi- 
| gation from the supported command, 


: (2) The source who reported on travel to the USSR in 1975 of a man and 
i wife DOD employees of the supported activities at HEL and the US Army 

i : Materiel Systems Analysis Activity  (USAMSAA) provided information on plans 
of the couple to take another tour to Russia in 1976, 


! . (3) Sources reported allegations of questionable suitability factors 
involving eight employees assigned to the supported command. These unsub- 
stantiated allegations consisted of five incidents of extramarital relations, 
one suggestion of other immoral conduct, one case of mental instability and 
one aliegation of a fraudulent claim on a TDY voucher. Efforts are underway 
to substantiate or refute the reported allegations. 


(4) Sources reported five instances of security weaknesses or poor 
security practices. These five instances consisted of two unattended offices 
in which security containers were left open, a CONFIDENTIAL document left 
unsecured over a three day weekend, poorly controlled access to a classified 
| scientific conference at USAMSAA, and movement of the Ground Warfare Division 
of USAMSAA into a building in which no technical survey had been conducted 
prior to the move. These were brought to the attention of the appropriate 
security officials in the supported activities and corrective actions were 
taken. 


e, Operational Status: 
(1) On 1 Dec 75, the PLO presented the initial ICIP briefing to MG 


| ; Patrick W. Powers, CDR, US Army Test and Evaluation Command (TECOM), and 
| COL William H. Tucker, Jr., Chief of Staff, TECOM. 
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(2) On 18 Dec 75, the PLO gave the Quarterly Progress Briefing to 
COL Kenneth L. Stahl, CDR, Edgewood Arsenal, on those activities pertaining 
to the Edgewood Arsenal portion of the ICIP GONDOLA STAR, 


(3) On 19 Dec 75, the PLO presented a Quarterly Progress Report on those 
activities of the Aberdeen Proving Ground which are supported by the ICIP to 
COL Alvin D. Ungerleider, CDR, APG. Mr. Harry A. Mencke, Installation 
Intelligence Officer, APG, was also present at the briefing. 
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8. LENS HOLDER:  (OACSI Revalidation - 4 Feb 75) 
a. Location: White Sauds Missile Range (WSMR), NM. 


b. Confidential Source Utilization: Two confidential sources were 
utilized during the reporting period. 


c. Information Obtained or Reported on Non-Affiliated Civilians: 
None. 


d. Useful Information Obtained: None. 
e. Operational Status: 


One individual is under assessment as a confidentia] source in USA Missile 
Test and Evaluation Directorate, WSMR. On 2 December 1975 the Project 
Liaison Officer presented the Quarterly Progress Report to MG O. L. Tobiason, 
CG, WSMR. The following personnel were also present at the briefing: LTC Charles 
I. Davis, Chief, Security Office, WSMR; CPT Marcel Hull, SAIC, Ft Bliss Resident 
Office, 525th MI Gp; GS 13 William F, Arket, Chief, Intelligence Division, 
WSMR; and GS 13 Shigeru Tsubota, Deputy Operations Officer, 525th MI Gp, 
Presidio of Monterey, California. 
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dation - 4 Feb 75) 


9 LENTIL MONKEY:  (OACSI Reva 


"BR. 


a. Location: Defense Language Institute (DLI), Presidio of Monterey, CA, 
b. Confidential Source Utilization: Five confidential sources. 

c. Information Obtained or Reported on Non-Affiliated Civilians: None. 
d. Useful Information Obtained: 


(1) Two instructors of the Bulgarian Language Department who are man 
and wife, and who previously had been accused by other members of the 
Bulgarian Department of having contacts with the Bulgarian Intelligence 
Service have changed their status during the quarter. Details of their 
histories have been provided the Federal Bureau of Investigation. The 
husband has accepted a teaching position with the State Department and 
left DLI. The wife remained in DLI as an instructor. 


(2) An instructor of the Czechoslovakian Language Department reportedly ' 
is planning to resign from DLI in 1976, take her retirement pay in a lump : 
sum and return to Czechoslovakia with her two sons. 


b1 Per FBI 


no indications that he intends to return to Czechoslovakia. This information 
has been passed to the FBI. 


(3} A DLI employee, presently involved with the Hebrew Project, is 
reported to be maintaining close contact with the Israeli Consulate in 
San Francisco. The employee, an alien with an impressive background, 
including possible intelligence activities, has also applied for employ- 
ment with the National Security Agency (NSA). Information presently known 
to Army Intelligence has been made available to NSA, 7 


e. Operational Status: 


(1) Five confidential sources were utilized during the quarter; one 
source was terminated due to graduation. A total of 12 individuals are 
under assessment as possible new sources, including two Technical Language 
Assistants. In addition to the five confidential sources, there are 23 
confidential sources providing coverage of nine language departments and the. 


DLI staff. 
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(2) The PLO presented the Quarterly Progress Report on 16 Dec 75 to 
COL Samuel L. Stapleton, Commandant, DLI. Also attending the briefing 
were COL William F. Strobridge, CDR, 525th MI Group; CPT Brendon A. Xiques, 
SAIC, Ft Ord Resident Office, 525th MI Group; and Mr. James Green, Acting 
Security Officer, DLI. 
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DEPARTMENT OF THE ARMY 
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WASHINGTON, D.C. 20310 
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SUBJECT: Internal exceed ace. nee (ICLP) (U}-- 
INFORMATION MEMORANDUM 


ule During the past quarter” six of the currently sctive Internal 
Comtcrintelligence Program (ICIP) operations provided joforxstion on 
incidents involving perscnnel suitability and conditions reflecting 
poor sccurity practices or we aknesses. Reports of these relatively 
minor conditions were furnished the commanders of the supported cocmends 
who took immediate corrective action. 


2. (U) The total number of active ICIP operations remains at nine. 
Summaries of activity in these operations during the lest quarter are 
inclosed. 
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Noted by the Under Secretary of the Army 
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DEPARTMENT OF THE ARY i 
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5 Mar 76 


Internal Counterintelligénce Program (ICIP) (U) 


Acron namuno 
` To obtain appproval of the quarterly ICIP report 
MuxOhANDUM POR mcomD. — ( Desevibe brially the requirement, buch groand and oction tahen oc vecomemendid. Mast ba valficiontly deteded so identify 
the action milbeat restare io other saurees. ) 
1, (U) Background: On 8 February 1972, the Under Secretary of the Army requested 
that the VCSA provide a quarterly report on all ICIP operations. 


2. (U) Discussion: 


a, During the past quarter there were no significant changes ín number of opera- 
tions or activities within operations. Reports of questionable suitability and 
security hazards were passed to the supported commands. 


. b. Memorandum at TAB A transmits summaries of ICIP operations through the VCSA 
to the Under Secretary of the Army. 


3. (U) Recommendation: That the Memorandum at TAB A be approved and signed by 
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E CANINE PLATE: (OACSI Revalidation - b Feb 75) 
a. Location: Seneca Army Depot (SAD), Romulus, NY 


b. Confidential Source Utilization: None. 


c. Information Obtained or Reported on Non-Affiliated Civilians: 
None, 


d. Useful information Obtained: None. 


e. Operational Status: During the period, one conventional source 
was terminated due to his transfer from the area, One source is under 
consideration for recruitment. He is in the Maintenance Division, 
Directorate for Special Weapons (DSW), DSW is the primary SAD astivity 
being supported by this ICIP. On 21 December 1975, the PIO provided the 
Quarterly Briefing Report to COL Alden L. Cox, CDR, Seneca Army Depot. 
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3. CANTER RIDE: (QACSI Approval - 4 Mar 75) 

a. Location: US Army Missile Command (USAMICOM), Redstone Arsenal, AL. 
' b. Confidential Source Utilization: One. 
c. Information Obtained or Reported on Non-Affiliated Civilians: None. 
| d. Useful Information Obtained: 


gogo Adverse suitability information pertaining to a civilian employee ye 
^4 "indicates that the employee is possibly the central figure who was the o 

| catalyst for events and allegations which led to the AR 15-6 investigation FEY 
and initiation of this ICIP operation. 


i (2) Source continues his Óbservations of employee who ig a Jordanian- 
by birth and concerning who information was furnished last quarter, but no SX. 
new information Of significance was developed. 


- QM Source identified an Army ILT who was attempting to civilianize 
his duty position. The individual is a naturalized citizen who was born 
in Shanghai, China. His security clearance was based on a favorable NAC 
only. 


e. Operational Status: On 10 October 1975, the Commander, 902d MI 
Group and the Project Liaison Officer briefed MG George E. Turnmeyer, the 
newly assigned Commander, USAMICOM, MG Turnmeyer affirmed his approval of 
the operation, In a subsequent briefing on 10 November 1975, MG Turnmeyer 
was apprised of the information reported in sub-paragraph d(l) above. It 
was concluded that since the operation had provided the information initially 
sought, it is now necessary to refocus the effort to emphasize security 
matters rather than suitability problems. 
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CANTER RIDE (U) 


3. d. 


GS-hv H " 
$5 : š O fers S10 15 OO 
a KeA t tion pertgining to a civilian f 
ampioyec pm y Ie bier ec nce TeChnology Office 
(0GTO), indicated ee hg probably was the catalyst for the rus ee 
ented gatherings H OGTO, teh prompted a Sep 74 AR 15-6 investigation of 


OGTO personnel ordered by the CG, USAMICOM. As a result of that jnyesti- 
gation, the present ICIP operation was initiated. The employee, apparently 


obsessed with,gex,has had numerous extra-marital Liaisons during the last 
five years. | b6 (transfevyed to the Infrared Technology Office, Advanced 
Sensors Directorate in Aug /4,^mmt-Khe Source, who obtained information 

by, elicitation, was ‘Successful in identifying him-only in recent weeks. 
ree from OGTO apparently broke up the clique and Source could 
uncover no new evidence of such activiti 5 maining OGTO employees. 
Near the close of the reporting period, applied for 2 position in 


Japan. The Commander, USAMICOM, was provided a Summary of fhformation on 
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CANVAS TAX: (OACSI Revalidation - 4 Feb 75) 


a, Location: Sierra Army Depot (SIAD), US Army Materiel Command, 
Herlong, CA. 


b. Confidential Source Utilization: One. 


c. Information Obtained or Reported on Non-Affiliated Civilians: 
None. 


d, Useful Information Obtained: None. 


e. Operational Status: One individual is under assessment for use 
as a confidential source. The quarterly progress report to SIAD 
officials was delayed until after the Christmas holidays. It is expected 
that the report will be presented sometime in January 1976. The Commander 
and staff officers knowledgeable of the ICIP continue to provide their 
suppert, ; 
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5. CENSUS TIME: (OACSI Revalidation - h Feb 75) 


Location: Pentagon Telecommunications Center (PIC), US Army | 
Communications Command (USACC), The Pentagon, Washington, DC. 


b. Confidential Source Utilization: None. 


es Information Obtained or Reported on Non-Affiliated Civilians: 
None. / 


d. Useful information Obtained: 


(1) As & result of information gained concerning & suicide attempt 
by an Army NCO. assigned to PIC a Limited Investigation was iniviated, 
The investigation revealed that the NCO has a large number of outstanding 
debts, has lied on loan applications, and recently ordered a 1976 automo- 
bile which will cost in excess of five thousand dollars. Interviews 
concerning the NCO revealed alleged drug usage and homosexuality. 
USAINTA directed that the NCO be interviewed concerning the allegations 
against. him. _ The NCO has been assigned to thé Logistics Branch, PTC, 
| pending results of the limited Investigation. 


' (2) Adverse suitability information was reported on two additional 

i NCOs assigned to PIC, Based on medical reports and rebellious attitudes 

i one NCO was released from the Army by board action, The second NCO was 
reassigned to another Branch within the command and his access to classi- 
fied information was suspended for 90 days pending resolution of adverse 
suitability M ala 


e. Operational Status: 


On 18 December 1975, the Project Liaison Officer (PLO), CENSUS TIME, 
presented the Quarterly Progress Briefing to COL Doneld E, Clark, CDR, 
| PIC, The PLO, CANARY EFFORT, was also present at the briefing, In a 
re-evaluation of the target priorities within PTC, COL Clark requested 
that the PIC element of the Army Operations Center and the Hoffman Tele- 
communications Center be covered by ICIP sources. Accordingly, the OPLAN 
for CENSUS TIME will be changed to include these targets. 
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CENSUS TIME (U) 


5. d. rahme 


'(2) p^ om after a night of heavy drinking at the Ft Meyer NCO 
Club, began BEEDINE his wife when she tried to arouse him after he had 
"passed out. The wife filed assault charges with the Military Police 
and withdrew them later. The PTC Commander counselled the NCO on his 
drinking and marital problems and assigned him duties where he has no 
access to classified information. 
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6. CENTAVO KID: (QACSI Revalidation - 4 Feb 75) 
a. Location: Harry Diamond Laboratories (HDL), Adelphi, MD. 
b. Confidential Source Utilization: None. 
c. Information Obtained or Reported on Non-Affiliated Civilians: None, 


d. Useful Information Obtained: 7 
P 
of (1) Suitability information surfaced on a{WRF) employee's problem with 
alcohol abuse; After counseling the employee is uadergoing a rehabilitation 
program; ps 


(2) From.7 October to 6 November 1975, a courtesy penetration test of 
HDL's Adelphi Facility was conducted. The penetrations succeeded in 
revealing several security weaknesses and the supported command has taken 
corrective actions to remedy them. A number of the Security Guards were 
transferred and guard procedures were changed. A new magnetic coded badge 
has been approved for purchase in FY 77. The PLO will also give a lecture 
to the HDL Guard Force on the penetration test and ways to foil attempted 
penetrations. 


e. Operational Status: On 3 December 1975, the PLO presented the 
Quarterly Progress Report to COL Thomas McGregor, CDR, HDL. Also present 
at the briefing were MAJ Kenneth F. Keller and Mr. James F. Yeick, 
Security Officer, HDL. 
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CENTAVO KID (U) 


6. d. | 
(1) Woodbridge Research FectTity (WRF), a branch of HDL located in 
Woodbridge, VAs- AS | 
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Xo STAR: (ACSI Revalidation - 11 Jul 75) 


Location: Aberdeen Proving Ground (APG), Aberdeen, MD. 
b. Confidential Source Utilization: Eight. 
c. Information Obtained or Reported on Non-Affiliated Civilians: None. 
d. Useful Information Obtained: 


(1) Sources reported several instances of foreign contact by military 
and DOD civilian personnel in the supported activity. In one instance a 
citizen of the Federal Republic of Germany was assigned on an exchange 
program to work in the US Army Human Engineering Laboratory (HEL) until 
Sep 76. The source, who provided information on an employee's travel to 
Poland and Czechoslovakia in 1975, provided additional information on the 
employee's plans to travel to those countries again in 1976. A report 
of a civilian DOD employee at Edgewood Arsenal with some unexplained 
periods of time in his background prompted a request for a Limited Investi- 
gation from the supported command, 


(2) The source who reported on travel to the USSR in 1975 of a man 
and wife DOD employees of the supported activities at HEL and :he US Army 
Materiel Systems Analysis Activity (USAMSAA) provided information on 
plans of the couple to take another tour to Russia in 1976. "P 


(3) Sources reported eight allegations of questionable sultabitity 
factors involving employees assigned to the supported activity, Due to 
the lack of substantíve information, the behavior of the individuals will. 


be monitored. ? 
a 


(4) Sources efoorted five instances of security weaknesses or poor 
security practicé These were brought to the attention of the appropriate 
security officials in the supported activities for corrective action. 

Corpses t gehe Ege s ulus 

e. Operational Status: 


(1) On 1 Dee 75, the PLO presented the initial ICIP briefing to MC 
Patrick W. Powers, CDR, US Army Test and Evaluation Command (TECOM), and 
COL William H. Tucker, Jr., Chief of Staff, TECOM. 


(2) On 18 Dec 75, the PLO gave the Quarterly Progress Briefing to 
COL Kenneth L. Stahl, CDR, Edgewood Arsenal, on those activities pertaining 
to the Edgewood Arsenal portion of the ICIP GONDOLA STAR. 


(3) On 19 Dec 75, the PLO presented a Quarterly Progress Report on those 
activities of the Aberdeen Proving Ground which are supported by the ICIP to 
COL Alvin D. Ungerleider, CDR, APG. Mr. Harry A. Mencke, Installation 
Intelligence Officer, APG, was also present at the briefing. 
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GONDOLA STAR (U) 
7. d. 


(3) bsodsiau. US Army Materiel Systems Analysis Activity 


` (USAMSAA) and Edgewood Arsenal. 


(4) These five instances consisted of two unattended offices in 
which security containers were left open, a CONFIDENTIAL document left 
unsecured over a three day weekend, poorly controlled access to a 
classified scientific conference at USAMSAA, and movement of the 
Ground Warfare Division of USAMSAA into a building in which no technical 
survey had been conducted prior to the move. These were brought to the 
attention of the appropriate security officials in the supported activi- 
ties and corrective actions were taken. `’ 
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8. “ie LENS HOLDER: (OACSI Revalidation - 4 Feb 75) 
a. Location: White Sands Missile Range (WSMR), NM 


b. Confidential Source Utilizatien: Two confidential sources were 
utilized during the reporting period. 


c. Information Obtained or Reported on Non-Affiliated Civilians: 
None. 


d. Useful information Obtained: None. 


e, Operational Status: One individual is under assessment as a 
confidential source in USA Missile Test and Evaluation Directorate, WSMR, 
On 2 December 1975 the Project Liaison Officer presented the Quarterly 
Progress Report to MG O. L. Tobiason, CG, WSMR. The following personnel 
were also present at the briefing: LTC Charles I. Davis, Chief, Security 
Office, WSMR; CPT Marcel Hull, SAIC, Ft Bliss Resident Office, 525th MI 
“Gp; GS 13 William F. Arket, Chief, Intelligence Division, WSMR; and GS 15 
Shigeru Tsubota, Deputy Operations Officer, 525th MI Gp, Presidio of 
Monterey, California, 
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0 (Bier LENTIL MONKEY: (QACSI Revalidation - 4 Feb 75) 


a. Location: Defense Language Institute (DLI), Presidio of Monterey, 
CA. 


b. Confidential Source Utilization: Five confidential sources. 
c. Information Obtained or Reported on Non-Affiliated Civilians: None. 
d. Useful Information Obtained: 


(1) Two instructors of the Bulgarian Language Department who are man 
and wife, and who previously had been accused by other members of the 
Bulgarian Department of having contacts with the Bulgarian Intelligence 
Service have changed their status during the quarter. Details of their 
histories have been provided the Federal Bureau of Investigation. The 
husband has accepted a teaching position with the State Department and 
left DLI. The wife remained in DLI as an instructorsde@ere=eeereres=erers 


(2) An instructor of the Czechoslovakian Language Department reportedly 
is planning to resign from DLI in 1976, take her retirement pay in a lump : 
sum and return to Czechoslovakia with her two sons. 


b1 Per FBI 


| 

H 

——À | 
no indications that he intends to return to Czechoslovakia. This information | 
has been passed to the FBI. | 
I 


(3) A DLI employee, presently involved with the Hebrew Project, is . 
reported to be maintaining close contact with the Israeli Consulate in i 
San Francisco. The employee, an alien with an impressive background, 
including possible intelligence activities, has also applied for employ- 
ment with the National Security Agency (NSA). Information presently known i 
_to Army Intelligence has been made available to NSA. : 


e. Operational Status: 


(1) Five confidential sources were utilized during the quarter; one 
source was terminated due to graduation. A total of 12 individuals are under 
assessment as possible new sources, including two Technical Language Assistants. 
Ín addition to the five confidential sources, there are 23 confidential sources 
providing coverage of nine language departments and the DLI staff. 
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(2) The PLO presented the Quarterly Progress Report on 16 Dec 75 
to COL Samuel L. Stapleton, Commandant, DLE. Also attending the briefing 
were COL William F. Strobridge, CDR, 525th MI Group; CPT Brendon A. 
Xiques, SAIC, Ft Ord Resident Office, 525th MI Group; and Mr. James Green, 


Acting Security Officer, DLI. 
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DEPARTMENT OF THE ARMY | 
HEADQUARTERS 
U. S. ARMY INTELLIGENCE AGENCY 
FORT MEADE, MARYLAND 20755 


JAN 13 1976 


MITA-SO-SA 


SUBJECT: Quarterly Reporting of Internal Counterintelligence 
Program (ICIP) Operations (U) 


HQDA (DAMI-DOH/LTC HAENDIE) 
WASH DO 20310 


Lis (D During the 2d Quarter, FY 1976, six of the currently active 
Internal Counterintelligence Program (ICIP) operations provided informa- 
tion on incidents involving suitability and conditions reflecting poor 
security practices, hazards, or weaknesses. These reports, thaeugh they 
involved individual items of a relatively minor nature, were passed 
immediately te the supported commanders who have taken corrective action. 
The discovery of these conditions and actions taken have served to enhance 
the security of the supported facilities. The total number of active 
ICIP operations at the close of the period was nine, 


2. (U) Summaries reflecting the details of the information reported 
and the status of each of the nine operations are inclosed. 


t 


A g 


9 Incl | WILLIAM 1, JENNINGS 

as Special Af£sistant (OPS) 
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Dee CANARY EFFORT: (OACSI Revalidation - b Feb 75) 


a. Location: Fort Ritchie, MD 


be Confidential Source Utilization: Three confidential sources. 


c. Information Obtained or Reported on Non-Affiliated Civilians: 


None. 
a. Useful Information Obtained: 


(1) During the reporting period adverse suitability information 
concerning 17 individuals assigned sensitive duties within the target 
areas was reported. The adverse information which involved indebted- 
ness, alcohol abuse, drug abuse, moral improprieties, and mental insta- 
bility, was brought to the attention of the ICIP Coordinator for CANARY 
EFFORT. Activities of all the individuals are being monitored, and the 
7th Signal Command has requested a limited investigation of one of the 


individuals. 
During the period 13 military personnel assigned to Fort Ritchie | 


ere apprehended and charged with drug violations as a result of a drug 
investigation conducted b the US Army Criminal Investigation Division 

d (USACIDC) 6 13 individuals apprehended, 11 possessed 
security ¢ and had access to the Alternate Joint Command Center 
(AJCC), Six of those apprehended were members of the 572a Military 
Police Company (Security) and performed sensitive duties at the AJCC. 
The Project Liaison Officer (PLO), CANARY EFFORT, had previously identi- 
fied those individuals apprehended as alleged users of narcotics. 


(3) The supported Command took action to suspend access to classi-' 
fied information of eight individuals based on information originally 
surfaced by the ICIP, ‘These were all involved in suitability situa- 


tions as outlined in a(1), above. 
e. Operational Status: 


(1) On 17 November 1975, a newly assigned Project Case Officer (PCO), 
a member of the GREAT SKILLS Program, began his duties in conjunction 
with CANARY EFFORT. 


(2) On 9 December 1975, the PLO established a 902d MI Group Liaison 
Office at Fort Detrick, MD. This office will provide greater flexibility 
for the PLO in carrying out his duties in connection with the East Coast 
Telecommunications Directorate (ECIC), which is at Fort Detrick and is one 
of the activities supported by the ICIP. 
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(3) On 18 December 1975, the PLO of CANARY EFFORT presented the 
Quarterly Progress Report to COL Donald E. Clark, Commander, US Army 
Communications Command (USACC) Operations Command at the USACC Pentagon 
Telecommunications Center. The PIO for ICIP CENSUS TIME was also 
present at the briefing. 


(4) On 19 December 1975, the PLO presented a SAEDA/Threat/Security 
Awareness briefing to personnel assigned to the Alternate Joint Communi- 
cations Center (AJCC), Site R. 


(5) On 30 December 1975, the PLO presented the Quarterly Progress 
Report to the supported commands with the following in attendance: COL 
Harold G. deMoya, CDR, Ft Ritchie; COL John S. Eberle, CDR, USACC Site R 
Telecommunications Center; and Mr. Joseph J. Carroll, Deputy ACSI&S, 
7th Signal Command and Ft Ritchie. Colonels Clark, deMoya, Eberle and 
Mr. Carroll expressed their appreciation and continued support for the 
ICIP, 
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a. Location: US Army Missile Command (USAMICOM), Redstone , 
Arsenal, AL 


b. Confidential Source Utilization: One 


c. Information Obtained or Reported on Non-Affiliated Civilians: 
None, 


d. Useful Information Obtained: 


(1) The source utilized in this operation has provided information 
of an adverse suitability nature on a civilian employee of the Optical 
Guidance Technology Office (OGTO), Advance Sensors Directorate (ASD), 
which indicate the employee is possibly the central figure who was the 
catalyst for the events and allegations during the Sep 7h AR 15-6 inves- 
tigation which led to the initiation of the operation. This information 
has been provided the Commander, USAMICOM, in & Summary of Information. 
The CDR, USAMICOM, is considering what future action will be taken on 
the employee, if any. Evaluation of information provided on eight of 
the co-workers of the above employee indicates no further investigation 
with regards to their suitability is required at this time. 


(2) The source is continuing his observation of the ASD employee 
who is a Jordanian by birth but learned no new information of signifi- 
cance during the period. Information on this individual was reported 
previously in the Ist Qtr, FY 76. 


(3) Source identified an Army LLT who was attempting to civilianize 
his duty position. The individual became of CI interest when it was 
learned that he is a naturalized citizen, born in Shanghai, China, with 
a security clearancé granted on the basis of a favorable NAC only. 


e. Operational Status: 


(1) On 10 Oct 75, COL Stubblebine, CDR, 902d MI Group, accompanied 
by the PLO, MAJ Gipson, briefed the newly assigned CDR, USAMICOM, MG 
George E, Turnmeyer, on the operation with the USAMICOM Chief of Staff, 
COL Arthur G, Lange, Jr., in attendance. The USAMICOM officials were 
provided a copy of the EEI used in the operation and an update of the 
information provided by Source. MG Turnmeyer affirmed his approval of 
the operation. 


(2) In a separate session on 10 Oct 75, COL Stubblebine briefed 
COL William P. Gojsza, Deputy Director, US Army Missile Research, Develop- 
ment and Experimental Laboratory (USAMRDEL), on Source's role in the 
operation since COL Gojsz& is Source's immediate supervisor in Source's 
"part-time" cover duty as the USAMRDEL Administrative Officer. 
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(3) On 10 Nov 75, COL Stubblebine and the PLO briefed MG Turnmeyer 
and Dr, MeDaniel, Director, USAMRDEL, on an operational update and the 
9024 MI Group recommendations for continuation of the operation. After 
presenting the information contained in sub-paragraph d, above, coneiu- 
sions were reached to the effect that since the operation had provided 
the information initially sought, it is now necessary to refocus the 
EEI, emphasizing security aspects rather than suitability matters, New 
| EEI will be formulated with the supported command and the 902d Mi Group. 
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6. ^ CENTAVO KID: (OACSI Revalidation - 4 Feb 75) 
a. Location: Harry Diamond Leboratories (HDL), Adelphi, MD 


b, Confidential Source Utilization: None. 


c. Information Obtained or Reported on Non-Affiliated Civilians: 
None, 


d. Useful Information Obtained: 


(1) The Technical Director, HDL, received a postcard request from 
a person unknown to him which asked for information on "Dirty Work," 
by the CIA. The card, with pertinent explanatory remarks, was provided 
to the Central Intelligence Agency. 


(2) No new incidents of aircraft overflights were reported at any 
HDL facilities during the reporting period. Two overflight incidents 
were reported at the Woodbridge Research Facility (WRF), Woodbridge, VA, 


during the lst Quarter, FY 76. 
b1 Per FBI | 
d J 


(3) Suitability information surfaced on a WRF employee's problem 
with alcohol abuse. After counseling the employee is undergoing a 
rehabilitation program, 


(4) From 7 October to 6 November 1975, a courtesy penetration test 
of HDL's Adelphi Facility was conducted. The penetrations succeeded 
in revealing several security weaknesses and the supported command has 
taken corrective actions to remedy them. “A number of the Security Guards 
were transferred and guard procedures were changed. A new magnetic coded 
badge has been approved for purchase in FY 77. The PIO will also give a 
lecture to the HDL Guard Force on the penetration test and ways to foil 
attempted penetrations, 


e. Operational Status: 


On 3 December 1975, the PLO presented the Quarterly Progress Report to 
COL Thomas McGregor, CDR, HDL. Also present at the briefing were MAJ 
Kenneth F. Keller and Mr. James F. Yeick, Security Officer, HEL. 
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7. GONDOLA STAR: (OACSI Revalidation - 11 Jul 75) 
a, Location: Aberdeen Proving Ground (APG), Aberdeen, MD. 
b. Confidential Source Utilization: Eight. 


c. Information Obtained or Reported on Non-Affiliated Civilians: 


d. Useful Information Obteined: 


(1) Sources reported several instances of foreign contact by mili- 
tary and DOD civilian personnel in the supported activity. In one 
instance a citizen of the Federal Republic of Germany was assigned on 
an exchange program to work in the US Army Human Engineering Laboratory 
(HEL) until Sep 76. The source who provided information on ar. employee's 
travel to Poland and Czechoslovakia in 1975 provided additionel informa- 
tion on the employee's plans to travel to those countries again in 1976. 
USAINTA is debriefing the employee. A report of a visit by one British 
and three Canadians to Edgewood Arsenal in early Dec 75 was checked and 
it was determined that the visit had been properly cleared and coordinated. 
A report of a civilian DOD employee at Edgewood Arsenal with some unex- 
plained periods of time in his background prompted a request for a limited 
Investigation from the supported command, 


(2) The source who reported on travel to the USSR in 1975 of a man 
and wife DOD employees of the supported activities at HEL and the US Army 
Materiel Systems Analysis Activity (USAMSAA) provided information on 
plans of the couple to take another tour to Russia in 1976. 


(3) A source reported one instance in which the HEL received a re- 
quest for bibliographies of HEL publications from the Institute of Experi- 
mental Psychology, Slovak Academy of Sciences, Bratislava, Czechoslovakia, 
The Director, HEL, advised the requester that copies of the bibliographies 
were no longer available for distribution to the public. HEL suggested 
that future requests be submitted through the Czechoslovakian Embassy 
to the National Technical Information Services, Springfield, VA. 


(4) Sources reported eight allegations of questionable suitability 
factors involving employees assigned to the supported activity. Due to 
the lack of substantive information to substantiate the reports, the 
behavior of the individuals will be monitored. 


{5) Sources reported five instances of security weaknesses or poor 
security practices. These were brought to the attention of the appropriate 
security officials in the supported activities for corrective action. 
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e. Operational Status: 


(1) On 1 Dee 75, the PLO presented the initial ICIP briefing to MG 
Patrick W. Powers, CDR, US Army Test and Evaluation Command (TE2OM), 
and COL William H, Tucker, Jr., Chief of Staff, TECOM. 


(2) On 18 Dec 75, the PLO gave the Quarterly Progress Briefing to 
COL Kenneth L, Stahl, CDR, Edgewood Arsenal, on. those activities per- 
taining to the Edgewood Arsenal portion of the ICIP GONDOLA STAR. 


(3) On 19 Dec 75, the PLO presented a Quarterly Progress Report on 
those activities of the Aberdeen Proving Ground which are suppcrted by 
the ICIP to COL Alvin D. Ungerleider, CDR, APG. Mr. Harry A. Mencke, 

Installation Intelligence Officer, APG, was also present at the briefing. 
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fo IENTIL MONKEY: (OACSI Revalidation - 4 Feb 75) 


a. Location: Defense Language Institute (DLI), Presidio of 
Monterey, CA. 


b. Confidential Source Utilization: Five confidential sources. 


c. Information Obtained or Reported on Non-Affiliated Civilians: 


d. Useful Information Obtained: 


(1) Two instructors of the Bulgarian Language Department who are 
man and wife, and who previously had been accused by other members of 
the Bulgarian Department of having contacts with the Bulgarian Intelli- 
gence Service have changed their status during the quarter, Details of 
their histories have been provided the Federal Bureau of Investigation, 
The husband has accepted a teaching position with the State Department 
and left DLI. The wife remained in DLI as an instructor but her con- 
tract was to expire on 31 Dec 75. 


(2) An instructor of the Czechoslovakian Language Department re- 


portedly is planning to resign from DLI in 1976, take her retirement pa 
in & lump sum &nd return to Czechoslovakia with her two sons. 


There are no indications that he intends to return 
to Czechoslovakia. 


This information has been passed to the FEI, 


(3) A DLI employee, presently involved with the Hebrew Project, is 
reported to be maintaining close contact with the Israeli Consulate in 
San Francisco. The employee, an alien with an impressive background, 
ineluding possible intelligence activities, has also applied for employ- 
ment with the National Security Agency (NSA). Information presently 
known to Army Intelligence has been made available to NSA. 


e. Operational Status: 


(1) Five confidential sources were utilized during the quarter; one 
source was terminated due to graduation. No new sources have been re- 
cruited due to the Feb 76 departure of the PCO for an overseas assignment. 
No new PCO has been designated. A total of 12 individuals are under 
assessment as possible new sources, including two Technical Language 
Assistants, Formal recruitment is being delayed pending assignment of 
anew PCO, In addition to the five confidential sources, there are 23 
conventional sources providing coverage of nine language departments and 
the DLI staff. 
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(2) The Commandant, Did, has established a security briefing pro- 
gram for all incoming students as part of their initial orientation. 
The PLO participates in this briefing, giving a lecture which empha- 
sizes the lack of security clearances and the need-to-know of the in- 
structors, previous cases of security incidents at DLI, and exemples 
of revortable security situations. Navy, Marine, Air Force, and 
civilian students attend these briefings as well as Army personnel. 
Two such briefings were given during the reporting period. 

(3) On 5 Dec 75, MAJ Richard Erickson, DLI Security Officer, de- 
parted DLI for a new assignment. His replacement will arrive in mid-Feb 
76, Mr. James Green, DLI Personnel Securi ty Specialist, is acting 
Security Officer pending arrival of the designated Security Officer. 


(4) The PLO presented the Quarterly Progress Report on 16 Dee 75 to 
COL Samuel L. Stapleton, Commandant, DLI, Also attending the oriefing 
were COL William F. Strobridge, CDR, 525th MI Group; CPT Brendon A. 
Xiques, SAIC, Ft Ord Resident Office, 525th MI Group; and Mr, James 
Green, Acting Security Officer, DEI. 
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i on i OFFICE SYMBOL SUSPENSE 
| ex | DAMI-DOH 
P 20 February 1976 


ACTION REQUIRED TO acquire A approval of OPLAN for P CARE TOKEN (U) by 
signature on approving correspondence. 
MEMORANDUM FOR RECORD. (Describe briefly the requirement, background and action taken or recommended. Must be vafficiently detailed to identify 


the action without? recourse fo ethar sources. ) 
1 BACKGROUND: (U) 


afi 3)- From correspondence between USAINTA and DCSI, USAREUR, it was learned 
that the 66th MI Group was providing ICIP support to Detachment N, US Army Security 
Agency Field Station, Augsburg, FRG. The support had been requested by the Commander, 
USASA Field Station, Augsburg and approved by DCSI, USAREUR and the Commander, USASA, 
Arlington Hall, VA. 


b. (U) In an exchange of messages with DCSI, USAREUR, DAMI-DOH advised the DCSI 
| of the existing policy pertaining to ICIP's in CONUS and the requirement to furnish 
| quarterly reports to the Under Secretary of the Army. In light of the ACSI's policy 
: to personally review all new ICIP's, DCSI, USAREUR decided to forward the OPLAN for 
ICIP CARELESS TOKEN (U) for ACSI review. The operation is already ongoing and 
approved by appropriate USAREUR and USASA officials. 


i 2, DISCUSSION: (U) 


aluke The OPLAN for ICIP CARELESS TOKEN (U) is designed to detect and counter 

| vulnerability to espionage by USASA personnel assigned to an isolated USASA detachment 
in the vicinity of the FRG/CSSR border, Standard ICIP procedures have been employed 
using recruited sources, a Project Liaison Officer and a Project Control Officer. 


b. (U) By separate action, a policy letter to all Army Intelligence commands 
wili be prepared to assure that ICIP policy is established and reporting requirements 


to the Under Secretary are met. ' á Pri p 
USAR EAR. cenin oe tom, a 

3. (U) RECOMMENDATION: That the 5th Indorsement ePRPON SHE A DE OPLAN at TAB A Ici P 

signed by the ACSI. A 


(Continus on plein bond) 
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l DAMI-DOH (30 Jun 75) Sth Ind ! | 
SUBJECT: Internal Counterintelligence Program (ICIP) (U) i 


HQNA, Office of the Assistant Chief of Staff for Intelligence, The Pentagon, 
Washington, DC 20310 


; TO: Commander, US Army Europe and Seventh Army, ATTN:  DCSI, APO New York 
! : Diod ) 

| 1. : Continuation of your ICIP CARELESS TOKEN (U) under the May 1975 
Operations Plan earlier approved st your Headquarters in support of US Army 
r 


Security Agency, Field Station, Augsburg, is approved. 


i 2. (U) As indicated in earlier correspondence, a Memorandum to the Under 
i Secretary of the Army is prepared quarterly by the Office of the Assistant 
i Chief of Staff for Intelligence, DA Staff which includes a brief summary of 
developments aad status of each ongoing ICIP. Field input is requested by 
the 15th of the month following the end of each calendar year quarter. 
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DEPARTMENT OF THE ARMY 
UNITED STATES ARMY SECURITY AGENCY 
ARLINGTON HALL STATION 
ARLINGTON, VIRGINIA 22212 


3 0 JUN 1975 


SUBJECT: Internal Counterintelligence rogram (ICIP) (U) 


Commander 

US Army Security Apency 
Field Station, Augsburg 
APO New York 09458 


1. (U) Reference JTAEASC Letter dated 10 June 1975, Subject: Internal 
Counterinteilizence Program (ICIP) (C). 

RS I have reviewed the proposal to initiate an Internal Counter- 
intefligence Plan within Detachment N by the 66th MI Group and approve. 
It is essential that this Headquarters and Deputy Commander USASA Europe 
bc kept apprised of significant events which develop from this operation. 


Quo ame 


1 Incl] — GEORGE A. GODDING i 
1. Operations Plan (dup) Major General, USA " 
: Commanding ü 
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IAEASC (30 Jun 75) 1st Ind 
SUBJECT: Internal Counterintelligence Program (ICIP) (U) 


Headquarters, US Army Security Agency Field Station, Augsburg, APO New 
York 09458 


TO: Chief, lleadquarters Det - CI, 66th Mi Group, ATIN: Chief SOD, 
APO New York 09108 f 


1. This command concurs with comments outlined in paragraph 2 of basic 
letter and recommends implementation of attached plan. 


2. Per previous agreement, all major actions concerning the proposed 
plan will be discussed with the Field Station point of contact, LTC 


p. C. Schofield, $2. 
o uil 
x £ i 
` hal Site 


1 Incl DONALD M. MOREAU 
ne COLONEL, MI 
COMMANDING 


REGRADED 
ON shh Shi A 


yus 
PT y Para 4-102 DOD 520018 
REGRADED ZZ € LASS EED _ 
wo WHEN SEPERATED FROM CLASSIFIED — 


INCLOSURES 


Page 2280 of 3957 


* 


i E 
= so 2 
> AEUMI-M-SOD (30 Jun 1975) 24 Ind EM 
l SUBJECT; Iaternal Counterintelligence rogram (1CTP) (V) st 
DA, Special Operations Detachment, 66el Military Intelligence Groun, se 
. APO Kew York 09105 11 Jule 1975 tA 
DIBOEED : FL 
TO: Commander, 66th Military Intelligence Group, ATTN: AEUMT -'l- CE , : : 
APO New York 09108 j "fom 
s . SUBJECT Operations Plan hos been coordinated with and approved i 
“py US ASA, Arlington Hall Station and USASA Field Scation Augsburg. 
T Attention_is invited to paragraph 2 of Ist indorsement designating 


z LTD. G. Schofield, *$2, USASA Field Station Augsburg as the ASA point 
. of contact. -`> 


Philip D. Vimsatt, Major, 19 May 1975 


t. Ben Davis, GS-12, 20 tiay 1975 


d. Ted R. Snedikler, GS-12, 21 ray 1975 


1 inc! : HliaROLD L. ROBERTS 
nc .o05-123 ESP 
netachmrent Chief 
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AEUMI-T-CE (30 Jun 1975) 3rd Ind | iT 
SUBJECT: Internal Counterintelligence Program (ICIP) (U) 
Headquarters, 66th Military Intelligence Group, APO 09108 
T0: Deputy Chief of Staff, Intelligence, USAREUR and Seventh Army, 
ATTN: AEAGB-CI(90) (Mx. Roseto), APO 09403 / 


1. (U) References: 


B, Message, ARAGB-CI(SO), DCSI, USAREUR, DTG 1516402 Jul 75 {U}, Subject 
as above. 


b. Message, SSO Intelligence Agency, DTG 0115402 Jul 15 gef, Subject as 
above, retransmitted. 


c. FORKCON, Mr. Roseto (DCSI USAREUR) and Mr. Kirk (this headquarters), 
15 July 1975, concerning Subject. 


d. Message, ARUMI-T-CE, this headquarters, DTG 0716222 Feb 75 d, 
Subject as above. 


2. In accordance with references 1a and b, above, and provisions of the 
attached approved Operations Plan (OPLAN), coverage of the target facility 

will be implemented immediately. Routine liaison visits to the target facility 
have revealed that the expected drawdown of personnel for reasons stated in 
reference ld, above, ig already underway and personnel strength ig expected 

to be reduced by 50% by October 1975; therefore, as discussed in reference lc, 
above, prompt implementation of the ICIP OPLAN is considered assentíal in re- 
ducing possible adverse effects of the above and resulting personnel turbulence, 


3. (U) A copy of the Quarterly Status Report will be provided to your head- 
quarters in accordance with paragraph 2 of reference la, above. 


POR THE COMMANDER: 
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nc COL, MI 
Director of Operations 
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CDR, Slith MI Bn, ATTN: AEUMI-N-CE (Mr. Foss) (w/incls less OPLAN) 
: Chief, SOD (w/o incls) 
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PAFAGB-CI (so) (30 Jun 75) 4th Ind 
SUBJECT: Internal Counterintelligence Program (ICIP) (U) 


Headquarters, United States Army, Europe and Seventh Army, 

Office of the Deputy Chief of Staff, Intelligence, 

APO Now York 09403 . 
PESES 2 


TO: HODA (DAMI-DOH), WASH DC 20310 


l. (U) References: 


a. Message, AEAGB-CI(SO), USAREUR, 1712312 September 1974, 
subject; Former ASA Personnel (C) (BOM). 


b. Message, USAINTA, 1821382 September 1974, subject: 
Former ASA Personnel (Q9* (BOM). 


zr 
c. Message, AEAGB-CI(SO), USAREUR, 1917552 June 1975, sub- 
ject as above (gf (BOM). 


w 
d. Message, USAINTA, 0115402 July 1975, subject as above 
(C) (BOM). 


e. Massage, DAMI-DOH, DA, 0321152 December 1975, subject 
as above ). 
ko 


f. Message, AEAGB-CI(SO), USAREUR, 0617552 January 1975, 


subject as above YY 

2. In accordance with your request in reference le, the 
attached Operations Plan for the Internal Counterintelligence 
Program (ICIP), CARELESS TOKEN, in support of Detachment N, US 
Army Security Agency, Field Station Augsburg, is furnished for : 
ACSI review and approval. This plan was approved for implemen- 
tation by ODCSI, USAREUR on 15 July 1975, prior to receipt of 
the new DA policy for ICIP reflected in reference le. 


3. (U) Quarterly status reports pertaining to CARELESS TOKEN 
will be forwarded under separate cover, 


4. (U) ODCSI, USAREUR, Action Officer is Mr David R. Smith, 
AEAGR-CI(SO), HM 7354 (AUTOSEVOCOM 6742). 


FOR THE DEPUTY CHIEF OF STAFF, INTELLIGENCE: 


79 AA 


1 Incl J. IADEROSA 
ne Colonel, GS 
SOP BR I> FIse Chief, Counterintelligence 
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& » * 3 DEPARTMENT OF THE ARMY 


UNITED STATES ARMY SICURITY AGENCY FIEID STATION, AUGSBURG 
APO NEW YORK 09438 


' JAEASC 


SUBJECT: Internal Counterintelligence Program (ICIP) (U) 


Commander 

US Army Security Agency 
ATTN:  DCSSEC 

Arlington Hall Station 
Arlington, Virginia 22212 


1. (U) Reference IASEC Letter PE March 1975 w/control 475 IASEC 00123. 


2. (U) Inclosure ] contains introductory letter and plan for ICIP within 
d... and is forwarded per paragraph 4, reference above. 


3. This comand acknowledges the requirement for a program such as is 
out ifed in the plan attached and recommends approval by CG, USASA. It has 
long been a recognized fact that US forces in Europe operate within a hos- 
tile intelligence environment, this being particularly true for USASA with 
its sensitive product. Initiation of the attached ICIP would provide a 
valuable asset in upgrading this command's internal security posture. On 
the negative side, the short period of continued operations at Detachment 
N, where the plan is to be utilized, raises the question that the effort 
could be better expended at another detachment or at FSA. 


4. (U) Request an expeditious reply in order to inforfi the 66th MI Group. 
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e : TIMENS 
DATE: b NPY qe. 


REPORT NO:  R02130-079-75^ 
- 5; 
PROJECT 50:  B04142 


^ . OPLAN NO: 1=75 
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E tis 


ERG 


EE uM o a e. 5 


QD ‘Reagonab! e Pp od al 2 high degree of 
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ersonnel: | 
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The PLO will be responsible for Üveit Liaison Contacts and the 
SN 


‘ting and asseseinz of potential CRS at the target. 4 Special Agent? 
tn Resident Office Resersbure (ROS), Stith MI Battalion, will: 
as PLO consistent with ROR having area responsibility lor the . 
ea and liaison responsibility to the target. uu it 


Dom 


(h) Designee: SAA Ronald Crawford, who has ekpertencs in both taii 
counterintelligence and collection activities, to inelude,, source handling; Aa 


his DEPOS in 1975. f 


(2) Project Control Officer (PCO): 
Hu ue y 
; : (a) The POO vill be-resnonsihle for the recruitment and controlling o 
— wee ee o - of GRE engaged in this operation, The PCO will be.assisted by an Ass 


.PCO as required, 


i " t x s 
= - r 


0) Des sinnee: POCO = Pls 35m V.C pe deeds. CE Section, Sllth MI. 


: 2 source ne dukes: ilis DEROS is October 1975. 

l ment;as PCO will be selected vel] iu advance. oe 
p (3) Additional Special Agents assipned to the 51lth HI-Bartal ion: v 
: „or other elements of the Goth Ll Group, may from time to time be required 


reerui tent $ 


“during, the tenure of this operation for thc assessment and/or 
ye OË. selected, ERS. : i 
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E ^e (5) Supervision for the conduct and operating control of this 

^ "opération within the 51llth HI Battalion will be vested in the Chief, 
Counterespionage (CE) Section. Desicnee: S/A Donald A. Foss, Chief, 
CE Section, will also be the 511th MI Dattalion's designated representa- 
` tive fot any coordination with Commander, USASAFSA, Augsburg (PCA060) , 
"FRG, as may be needed, 


(5) Broad Battalion operational monitorship control and policy 
. guidance are vested in the Battalion Operations Officer/Assistant Opera- 
tions Officer. : 


>. (6) The Director of Operations, Headquarters, 66th MI Group, will 

“be responsible for the operational control of this ICIP, will coordinate 
z, *a11 ICIP activities with the ICIP Control Officer, ODCSI, USAREUR, and ; 
a with the Commander, USASAFSA, and will levy requirements on other subordinate 
Sounterintel ligence (C1) elements of the 66th MI Group regarding this opera- 
"ibn as may bé appropriate. The ICIP Control Officer, Headquarters, 66th 
- HI Group, will be Mr. Earl L, Kirk, Section Chicf, cE Branch, Director of 

Operations. 


3. $2) COVER AND DOCUMENTATION: 


a. [| 


(1) 


QA oy Pee om X E 
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» Li 


EI 
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(i): The geographic location, isolation and highly sensitive mission 
of thc target make it of logical interest to Hots, particularly the CSIR 
,i.intelligeace Service (215). Some mz5aitude of this threat is revecled 
in recent activities involving former ASA personne! travelling to the 
SSR shortly after release from active duty, the association of target 
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(6) Each CRS will be provided sufficient training in security and 
meeting arrangements so as to minimize possibilities of compromise of 
the source relationship. 


(7) In the event of compromise of a CRS and/or the nature of thig 
operation, termination of the source will follow under such conditions 
ns are varranted by the circumstances of the compromise. In the event 
of a compromise, denial of USAI involvement will be achieved where 
plausible, . 


:(8) Under no circumstances will the command element at the target 
es activity be made, aware of the existence of this operation or of the source 
ME Peietsoncute between any CRS and the PCO. 


(9). boca] National Investigators (INI) employed by the 66th MI Group - 
will not be made avare oí the existence of this Plan, nor of the source .. 
relationship with any CRS, u 


(10) Knovledgeability of this Plan, to include the identity of the 
target, vill be kept toa strict minimum, and only those individuals with ` 
a strict "need to know" will be made cognizant. A knowledgeability roster xu 
of all persons with knowledge of this operation vill be maintained. i 


(11) Under no circumstances will the PLO reveal USAI recruitment 
intercst to any target personnel, nor will he offer any recruitment 
assistance to any prospective CRS, 


e, Production: 


(1) The Commander, USASAFS Augsburg will be informed of all credible 
informatiun developed within the target, except as indicated in (2) and’ a 
below, eL 


(2) Suitability information will be evaluated in light of the tenor: 
of information and the status of the individual to whom it pertains, and d ev 
if considered of major importance or of sipnificance to this operation, 
will be forwarded by Agent Report to the Commander, 66th HI Group, ATIN; 
AEUMI-T-CE, 


(3) Information pertaining to or identifying overt or covert sources 
will not normally be passed as individual items to the supported command 
without specific DCS1 USAREUR approval, f 


(4) Commander, 511th MI Battalion will submit to the Commander, 66th. E 
Mi Group, ATIN; AEUMI-T-CE, a Quarterly Status Report containing a summarys 
of the operational progress and source activity covered ín thís Plan. 
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(5) Periodic briefings of the Commender, USASAPS Augsburg cons 
_eerning the operational hightights and progress of the pregram will 
"be conducted hy designated personnel from Headquarters, 66th KI Group. 


t 


i she 0. 


-CONMIMICATIONS : 
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and/or the drawdown of assigned personnel at the target no longer 
‘warrants continuation of the operation. 


i 


i be Termination of CRS will be in accordance with current source 


-"regulation8.., ^ 22) : 


COORDINATION: 


bed . 


b^ This Plan vill be coordinated with Chief, Special Operations 
with Commander, USASAFS 


Detachment, .66th MI Group prior to coordination 
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. eet 


- ro 


- ta E ^ YA 
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4 dem 


an will be coordinated with Commander, USASAFS Augsburg ` 
1, USAREUR and Headquarters, USASA for con- 


2ctf y a 


Thís Pl 


YD E MARG pet io i l = 
UEM. Goordination of this Plan with Headquarters, USASA vill be accomp-^ 
fished by the US Army Intelligence Agency, Fort Meade, Maryland prior to` # 


final approval for implementation of this Plan by DCS1, USAREUR, 
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E i 


DAMI -DOH 
77-77 20 February 1976 si 


ponéénos betwess WRAINTA aad BCSI, DAREN, it was learned 1 
| p wss preri4iog ICTY swppert te Detachment M, US Army Security 
; dure, FRG. =. The:dvgpoert ud beer requested by the Commenter, = 

c g | Field. Station, "Augsburg ‘and approved by Dest, USAREUR and the Comander, UMBA, 4 
"i:yltigton Mill, WA. à 

` b. (UD) In an exchange of masságes with DCSI, USARRUR, DAMI-DOH advised the DESI « * 

ef ‘the existing policy pertaining to 2CIP's in CONUS and the requirement to furnish | 


eth 


quarterly reports to the Under Secretary of the Army. In light of the ACSI'a policy 
t9 persooally review all new ICIP's, DCSI, UMAREUR decided to forward the OPLAN for 
ICIP CARELESS TORDE (V) for ACSI review. The operstioo is already ongoing and 
“approved by appropriate USAREUR and URASA officials. 


RI9CUSSION: (VU) u 


a. (C) The OPLAH for ICIP CARELESS TOLI! (U) is designed to detect and counter E: 
wploerability to espionage by USASA personnel assigned to an isolated UBASA detachment i 
in the viciaity of the FRG/CSSR border. Standard ICIP procedures have been employed ~ 
using recruited seurces, a Project Lisison Officer and a Project Contro) Officer. Ded 


25 
A Ast Y 


E! 


x 
n 


b. (€ By separate action, @ policy letter to all Army Intelligence comands +i 


| will be prepared to assure that ICIP policy is established and reporting requirements ` 
! to the Under Sgeretary are met. nA 
: 3. (U) RECOMMENDATION: That the Sth Indorsement approving the OPLAN at TAB A be 5 
Signed by the ACSI. : 
a 3T bd Rr 2 Pers udi 5 73 
d i = aon e er ue x 
| = m EE 4 
| ae. = BEES se xo dem tee T a xx. > m 
Eos Gs Pea fi Ee e - T n 
gr pe e RN NCLASSIFIE n i 
| n = ADED uU 97 r Ac! 
| d. i 7, BEGRAYU "X 9 ET p " po 
04 O * i S ` a 5 
| CDR USAT cog DoD 5200-1 
| 
— BOTs DA M 
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EXEMPTION sy uc S006 2 1 
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'DAMI-DOH (30 Jun 75) Sth Ind en FE 
SUBJECT: Internal Counterintelligence Program (ICIP) (0) 


p ire 


BHQDA, Office of the Assistant Chief of Staff for Intelligence, The Pentagon, 
Washington, DC 20310 


TO: r d a a ear ATTN: DESI, APO New York 


Shree eee es 
E "Operations Plan earlier approved st your Nesdquarters im support of US Army 
f 
| 
| 
{ 
| 


éevelopments and status of each ongoing ICIP. Field ínput is requested by 
lowing the end of each calendar year quarter. 


pe 


the LSth of tbe month fo 
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DEPARTMENT OF THE ARMY 
HEADQUARTERS, UMITED STATES ARMY, EUROPE and SEVENTH ARMT 
OFFICE OF THE DEPUTY CHIEF OF STAFF, INTELLIGENCE 
APO 09403 


AEAGB-CI (SO) 


SUBJECT: Internal Counterinteliigence Program (ICIP) (U) 


HQDA (DAMI-DOH) 
WASH DC 20310 


1. (U) References: 


a. Operations Plan, 66th MI Group, 5 May 1975, subject 
as above — . * 
w 
b. Message, DAMI-DOH, DA, 032115Z December 1975, subject 
as above qu. 
w 


C. Message, AEAGB-CI (SO), USAREUR, 06175527 January 1976, 
subject as above ($9). 


2 Attached are two Quarterly Status Reports pertaining 
to tHe Internal Counterintelligence Program (ICIP) CARELESS 
TOKEN in support of Detachment N, US Army Security Agency, 
Field Station Augsburg. Copies have been provided the S2 of 
the support unit. 


3. (U) ODCSI, USAREUR, Action Officer is Mr David R. Smith, 
AEAGB-CI(SO), HM 7354 (AUTOSEVOCOM 6742). 


FOR THE DEPUTY CHIEF OF STAFF, INTELLIGENCE: 


A: 


2 Incl Af J. IADEROSA 
as Colonel, GS 
Chief, Counterintelligence 
Division 


cuc 


frp A 
LECLASSIFY D 
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| AEAGB-CI (SO) 


SUBJECT: Internal Counterintelligence Program {ICIP) (U) 


HQDA (DAMI-DOH) 
WASH DC 20310 


a. Operations Plan, 66th MI Group, 5 May 1975, subject 
as above (ey. 


b. Message, DAMI-DOH, DA, 0321152 December 1975, subject 
as above (CT. 


subject as above 


c. Message, | n USAREUR, 0617552 January 1976, 


2; Attached are two Quarterly Status Reports pertaining 
to the Internal Counterintelligence Program (ICIP) CARELESS 
TOKEN in support of Detachment N, US Army Securíty Agency, 
Field Station Augsburg. Copies have been provided the 5S2 of 
the support unit.. . 


| 
| | 1. (U) References: 
t 
| 
I 
i 
i 
i 
i 


i 3. (U) ODCSI, USAREUR, Action Officer is Mr David R. Smith, 
: AEAGB-CI(SO), HM 7354 (AUTOSEVOCOM 6742). 


FOR THE DEPUTY CHIEF OF STAFF, INTELLIGENCE: 


i 2 Incl — “A. J. IADEROSA 
| as : Colonel, GS 

Chief, Counterintelligence 
Division 
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DEPARTMENT OF THE ARMY 
5]1TH MILITARY INTELLIGENCE BATTALION 


66TH MILITARY INTELLIGENCE GROUP 
APO 09696 


AEUMI-N-CE 24 October 1975 
803130-518-75 


SUBJECT: Internal Counterintelligence Program (ICIP) 
(QUARTERLY STATUS REPORT) (QSR) 


Commander 

66th Military Intelligence Group 

ATIN: AEUMI-T-CI (EXCLUSIVE FOR ICIP CONTROL OFFICER) 
APO 09108 


1. (U) References: 
a. OPLAN, 511th MI Battalion, AEUMI-N-CE, 1-75, 1 May 1975 
b. AEAGB-CI(SO), DTG 1516402 July 1975, ICIP 
2. (U) This is the first ICIP Quarterly Status Report, in accordance with 


"o es, covering the period ending 15 October 1975. 
3. oA General : l 


a.' Activity at the target is in the drawdown stage, pending auto- 
mation in early 1976 under the LA FAIRE VITE Program. Since 1 July 1975, 
personnel manning has been reduced to about 50 percent of previous target 
strength; most personnel have been reassigned to USASAFS Augsburg. In 
June 1975, an official release was made by letter to the Buergermeister 
(mayor) of Rimbach, which provided details of the withdrawal. Portions of 
the letter were reportedly published in area newspapers. A copy of the 
English translation of the letter to the mayor's office is attached as 
Inclosure 1l. 


b. Contrary to the letter inclosure, it appears that some target 
personnel in excess of the programmed approximately seven (7) individuals 
who will maintain and guard the automated site, may remain in the area 
for varying periods up to 1 July 1976. These include all personnel who 
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are scheduled for DEROS or ETS in FY76 as funding is not available for two 
PCS moves in a single fiscal year. No figures were available at the time 
of the QSR preparation as to how many personnel would be affected, nor had 
it been determined what would be their duties during the approximate period 
] March-30 June 1976. 


c. The USAF communications site (6913th USAF Security Squadron) 
located in the same area is scheduled to close at about the same time the 
target is automated; no USAF personnel will remain in the area. As far 
as can be determined, the French and Bundeswehr sites will continue to 
operate. 


d. The seven or eight personnel scheduled to remain at the target 
permanently will be billeted at the top of Mount Hoherbogen, in a newly 
constructed building, adjacent to the present operational area. The senior | 
individual will be an NCO, grade E6 or E7, who will probably have one of i ! 
the supervisory communications equipment maintenance MOS's. Other personnel 
stationed there will be equipment and antenna array repair and maintenance | 
specialists and guards. Al} personnel will be single or unaccompanied. i 
At the writing of this report, none of the permanent party had been selected. 


4. ya Operational Matters: 


a. SMLM-F makes a reconnaissance of the Rimbach area approximately 
once a month. The sightings usually involve travel along the PRA perimeter 
roading leading north and south out of Rimbach. Perimeter roads of PRAs, 
excluding Autobahnen, are off limits to SMLM-F vehicles. On 3 June 1974, 

a SMLM-F vehicle was disabled on the access road leading to the target 
operational site, well within a PRA, and was assisted by a Chief Warrant 
Officer assigned to the target, who was not aware of the correct PRA 
boundary. There have been no SMLM-F detentions in the area, and none are 
likely, since the closest Military Police are located at Hohenfels Training 
Area (HTA), 80 kilometers away. 


b. In March 1975, during a liaison visit with MAJ Richard Douma 


the target commander, the PLO was advised [a e 
a been transferred to Ramstein, FRG after appearing 


before a board to face charges of homosexuality. 


c. In April 1975, SP4 E NEUEM irs a possible SAEDA ` 
incident (Group Case 75-061P); during the subsequent investigation it was 


determined she had reported to Field Office Augsburg a similar approach 
by the same individual à year earlier. Target personnel were dubious as 
to the veracity of statements made by be | who was transferred to 
USASAFS, Augsburg on 1 August 1975, 
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d. In May 1975, MAJ Douma advised the PLO that some of the target 
personnel had a tendency to talk too openly about their jobs in public, . i 
| ' and that his solution had been constant reiteration to unit personne] 
| on the dangers of loose talk. No specifics were provided on individuals i 
| concerned. The PLO did not press for details as he considered it a 
| command matter. MAJ Douma believed the security posture of the target ! 
, was steadily improving. f 


e. The preliminary investigation of[ b6 ^ ^  ]continued, however, 
in low key.due to the lack of credible specific allegations. 
operates the Hoherbogen Restaurant, situated near the target administrative 
area. He allegedly travels regularly to CSSR to visit relatives and to 
attend dog shows. Target personnel patronize the restaurant regularly, 
: primarily because of its convenient location. [b6 ]was never reliably 
reported to have shown undue curiosity about target operations and per- | 
sonalities, but remains, nevertheless, well-informed because of overheard i 
i 
| 


| . conversations of target personnel-customers. In June 1975,|b6 | told 
the PLO he was not looking forward to the departure of the Americans be- 
cause he would have to "put up" with local German customers, who were much 
more troublesome than target personnel. In October 1975,[b6  ]remarked 
to MAJ Douma that he had made several] trips to Augsburg to negotiate the 
purchase of a tavern there. [b6  ]said he intended to sell the Hoherbogen 
Restaurant and move to Augsburg, where he will open a tavern/restaurant 
two kilometers from the "ASA kaserne." Activity of|b6  lwill continue 
to be monitored in the Rimbach area, and if he moves to Augsburg, he 
should be made a target of continuing interest by Field Office Augsburg. 


f. In July 1975, CPT (chapi ae Protestant Chaplain at 


HTA, advised that an individual assigned to the target had sought his 
spiritual guidance as a result of extreme emotional anxiety, due to his/ 
her involvement with a group of USASA personnel who were engaged in satanic 
religious practices at the target. [i5 yevesiel no details nor identi- 
ties, due to the sensitivity of communications to a chaplain, however, the 
identity of the individual involved is believed to have been established 
(see para 4j, below). 


g. In July 1975, two target personne] applied for Military Intelli- 
gence duties in ACGP-97. One (SPs. e — 2 107] was assisted in 
completion of required forms and processing/interview is in progress. 

The other individual (sPÁ[ 58 9 — —] will not be able to apply unti! 
December 1975, when he has 12 months remaining to DEROS. He expects to be 


transferred to USASAFS, Augsburg prior to that time and has been advised 
to initiate his processing at Field Office Augsburg. 
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h. In July 1975, USASAFS, Augsburg requested agency checks on the 
German national intended spouse and relatives of SPd[| bó sd 
Subsequently, during a subject interview, b6 ^  lstated that his fiancee 
had contact, through an acquaintance, with| 56 ^ ^ Ja phatoarapher/ 
reporter for a Furth-im-Wald newspaper and that he suspected was 
receiving money from the CSSR for photographs of facilities in the Rimbach 
area. [o6 had no specific reason to back up hi picion and said 
it was common knowledge among target personnel. [08 fras the subject 
of a bilateral MI/MAD investigation in 1973 and 1974, during which none 
of the allegations of possible intelligence activity were substantiated.) 
[te alo said he personally was suspicious of fnul_b6 — ] a former 
member of the target unit, who operates [ bó —  ]Club" in Koetzting. 

is curious as to the status of US installations at Rimbach and 
uses his US citizenship and former Army service as a method of gaining 
access to information from US Forces members who patronize his establishment. 
(b6 and his activity was previously known to MI/MAD during the[bG6 | 
investigation and not determined to warrant further investigation. | b6 | 
is a non-DoD affiliated US citizen.) 


i. In July 1975, USASAE, Augsburg requested agency checks in 
Koetzting onf be * fanal be who were friendly with target 
personne] and who had become knowledgeable of classified defense informa- 
tion as a result of this relationship. There was no indication any of 
the [b6__]had attempted to elicit defense information. Agency checks 
failed to reveal any derogatory information concerning the|b6  jJfamily; 

as a practicing dentist in Koetzting. In early August 1975, 


"AJ Douma advised the PLO that in early 1975, ss NNNM. her 
dependent husband,[ bó ^ ^  ]a US citizen, had attempted to establish 


a German-American Club between target personnel and the local communities. 
In this connection, the[b6 ^ jmentioned being acquainted with a dentist 
in Koetzting, nfi. Nothing of consequence ever came of the attempt to 
form an organization. Later, date unknown, Douma was advised by Commander, 
Forward Operations Battalion, Augsburg (his supervisor) of a report that 
E GNE. discussed classified information with German acquaintances. 
n an interview of] b6 —  |by Douma,. she admitted having discussed 
details of LA FAIRE V wi er husband, in early 1975, and to have 
mentioned the project in the presence of one b6 — ^ | a German 
national acquaintance residing in Munich. |b6 |was subsequently given 
à written reprimand in connection with the compromise. be [mentioned 
nothing about any other German acquaintances, and denied compromising any 
classified information to any other foreign nationals. No information 
was made available to Douma when he was tasked by his higher headquarters 
to investigate the incident, as to the identity of the German acquaintances 
who were Supposed to have received the classified defense information. 
m C the target on 19 July 1975 for CONUS and separation 
from active duty. 
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j. In August 1975, MAJ Douma advised the PLO that SPa4[ bG | 
attached to the target from the 502d ASA Group as a Czech linguist Voice 
Intercept Specialist (98G2LCX), had exhibited severe mental trauma imme- 
diately following the departure of a close female acquaintance from the 
target on 30 June 1975, and had been placed on extended leave status. 

fre consulted CPT (Chap) [_b6 Jat HTA and the USASAFS Augsburg 
staff chaplain, but had allegedly declined psychiatric counselling. On 
her return from leave, her access to classified material was to be sus- 
pended and Douma could pies cag receive counselling, as he was 
very concerned about her emotional stability. [b6 ^ ]had a DEROS of 
September 1975. 


k. In August 1975, the PLO advised MAJ Douma that a German agency 
had reported a US soldier Due us e trafficking in drugs in 
Koetzting. After the PLO provided descriptive data obtained from a FRG 


agency, Douma identified as SP4| bó — a Russian- 


linguist Voice Intercept Specialist, attached from the 502d ASA Group. 
Douma was requested to watch| bó X jactivities closely and pass any 
information to CID at HTA.[ b6 —  [DEROS is June 1976, putting him 

in the category of those mentioned in paragraph 3b, above, who may remain 
at the target without any specific duties. 


1. In September 1975, B58,786 (who is undergoing preliminary source 
assessment) advised that in approximately April 1975, a female soldier 
traffic analyst assigned to the target, whose name he could not recall, 
had compromised a TOP SECRET/CRITIC/CODEMORD message toj b6 |a 
dependent and GS-2 clerk typist in the unit administrative office. 
had only a Confidential clearance. The compromise although known by the 
target commander,was not reported to USASAFS, Augsburg. 


m. No specific information has been reported to indicate that 
Hostile Intelligence agencies are in contact with any target personnel. 


5. KÍ, Source Activity: 


a. One potential source (B58,786), has been spotted at the target 
and is being assessed. Name traces are not yet complete. He is scheduled 
for reassignment to USASAFS, Augsburg on approximately 15 December 1975. 
In accordance with paragraph 3b of reference a, a Lead Development Report 
is being prepared and will be forwarded separately, recommending his possible 
' utilization as a defensive installation source in Augsburg. 


b. The tack of identification of any personnel who will make up the 
permanent party at the target has inhibited any meaningful spotting/ 
assessing activity to date. 


a up =e pee 
Parr oe fa TESST 


Vixi bead ER 


Page 2306 of 3957 


AEUMI-N-CE 24 October 1975 
SUBJECT: Internal Counterintelligence Program (ICIP) 


6. Comments : 


a. The PLO was indoctrinated for SI on 9 October 1975. Request 
Special Operations Detachment determine if any more Quarterly Security 
Inspections are scheduled for target, and arrange for prior notification 
and coordination so that the PLO may accompany the inspecting team. Any 
insight gained into security problem areas not evident from routine 
liaison contacts would be of great value to the PLO in accomplishment of 
his mission. 


b. The PLO has reported that he is unable to pursue a more 
aggressive approach with the target commander concerning identities 
of personnel who will remain at the target, without arousing suspicion 
as to his true motives. Request Special Operations Detachment attempt 
to identify those individuals as soon as the determination is made. 


c. The short period remaining of continued operations at the target 
raises the question as to whether the project would be justified at that 
location in the long term. As presently visualized, according to avail- 
able information, any source recruited at the target would be primarily 
reporting on six or seven other personnel, with whom he is living in a 
very close, restrictive environment. It can be expected the majority of 

the information reported will be of an adverse suitability nature. 

| Further, it can be expected that with target automation, Hostile Intelli- 
gence efforts at the target will take a Tower priority inasmuch as product 
expolitation through the human exploitable factor wil] no longer be 

| present. The Commander, USASAFS, Augsburg raised some of these points 
when reference a was staffed through his office. 
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DEPARTMENT OF THE ARMY - 
511TH MILITARY INTELLIGENCE BATTALION 
66TH MILITARY INTELLIGENCE GROUP 

APO 09696 


AEUMI-N-CE 23 January 1976 
803130-061-76 


SUBJECT: CARELESS TOKEN (U) 
(Quarterly Status Report) 


WARNING NOTICE, 
seth MT ary Intelligence Group iy INVOLVED (WSINTEL) 


ATTN: AEUMI-T-CI (EXCLUSIVE FOR ICIP CONTROL OFFICER) 
APO 09108 


1. (U) References: 
a. OPLAN, 511th MI Battalion, AEUMI-N-CE, 1-75, 1 May 1975. 
b. AEAGB-CI(SO), DTG 1516407 Jul 75, ICIP. 
c. AEUMI-N-CE, 803130-518-75, 24 October 1975, ICIP. 


2. (U) This Quarterly Status Report is submitted in accordance with 
references a and b and covers the period ending 15 January 1976. 


3(uxei General: 


a. Operational activity continues jn the drawdown stage, on schedule. 
The transfer of the first increment of Company B and attached operational 
personnel to USASAFS Augsburg (USASAFSA) has been completed, reducing the 
strength on 15 January 1976 to 63 assigned, 22 attached, 3 TDY and 20 
dependent Wives and children. In addition, 22 personnel will depart the 
target during January and an additional 34 will depart by mid-February. 
AM Company B personnel will have departed by 31 March. During the latter 
part of February and March: 1976, Company B personnel will shut down the 
present operations, service and prepare equipment for shipment and perform 
general repair and utility duties relating to present operations. Action 
by USASAFSA to move all Company B personnel when essential duties arc com- 
pleted has alleviated a potential problem of having sensitive personnel 
remaining in the area with much free time, The final day of operation of 
the snack bar was to be 17 January, and the small PX and commissary annexes 
are to close by mid-February. With these closures, the closest shopping 
facilities are in Regensburg, Hohenfels and Grafenwoehr.' 
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b. Due to the shortage of PCS funcs and DA reassignment. restrictions, 
USASAFSA offered curtailment or extension options to those personnel sched- 
uled for discharge or separation prior to 31 March 1976. Many chose curtail- | 
ment, and some of those requested European separations. Identities of those 
to be separated in USAREUR have not been determined, pending approval of the 
requests. 


c. Eight dismounted vans remain at the target and the Seventh Army 
Training Center (SATC) Engineer Office, Grafenwoehr (QA0911) has announced 
bids for their removal or destruction. The vans represent a total present 
value of $40,000: to the US Government and Property Disposal officials are 
reluctant to destroy the vans as they have a high resale value in Europe. 
It is expected that in the near future a contractor will have personnel at 
the target, either removing or dismantling the vans, 


d. All of the LA FAIR V) personnel have arrived at the target. 
The NCOIC is srel |. bG6.——  — JATI team members are assigned 
Supply and Maintenance Company SMC), Support Battalion, USASAFSA. . 


is a Cryptographic Equipment Repair Supervisor (MOS 326), has over 13 
ears service with USASA, is married (no children) and resides with his wife, 
nee:[ b6 | US citizen, at 


| b6  «— fis years old, a native of Colorado and expects to rema in. 
at the target until his normal DEROS in November 1978 
mother is a naturalized US citizen, born in Germany her ather is employed 


as a Systems Engineer at American Forces Network (AFN), Frankfurt (MA/749). 
[b6  Jappears to be highly proficient anc has exhibited a positive attitude 
toward his assignment. PLO contacts to date have indicated Helus will be 
cooperative and receptive to MI support and contact. On the most recent 
visit to the target (15 January 19/76),[b6 — |was reportedly on TDY attending 
an unidentified training course at USASAFSA. He is scheduled to return to 
the target by mid-February 1976. 


e. Other members of the LFV team are identified as follows: 


(1) SP5 Terry P. Pack,[ b6 | DEROS February 1978 
(2). a -—[ 7 Apri 1978 


(3) spa DERCS/ETS February 1977 
() sm[- BB  — —  ]9ERS/EIs April 197 
() s[ be — ]XNS/EIS April 1978 
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f. The team began on-site training on 13 December 1975, All of the 
personnel in paragraph 3e above, are Intercept Receiving System Repairmen 
(MOS 33C) or Intercept Recording System Repairmen (MOS 33D). All are 
single or unaccompanied; none admitted to having any girl friends living 
in the target area, or any that they intended to have move into the area. 
In general, the LFY team members appear to be security conscious. They 
have been at the target long enough to become familiar with some of the 
USASA "haunts" (Hoherbogen Restaurant in Rimbach (UQ4553) and the Ratskeller 
and Ambergerhof Restaurants in Furth-im-Wald (UQ4364)), and have been eager 
to acquire information on places of intelligence interest or with a bad 
reputation. 


g. The target has a German shepard dog, "Sam" which is partially 
attack-trained and does not react well to strangers, females and blond 
males (SP5 Pack has particular difficulty in getting close to the dog). 
"Sam" reportedly was beaten and generally mistreated by previous owners, 
and his attack training has given him just enough knowledge to be dangerous. 


h. Electrical power at the target will continue to be provided by the 
Pilsen Power Grid. Once activated, the site will have a 22 Kilovolt self- 
regulating generator with a 14-day gasoline supply for backup/emergency use. 
Water must be trucked to the site and sewage removed from a holding tank. 
Both water and sewage tanks are planned for 14-day capacity, A German 
firm, as yet unidentified, from Brueck (UQ0458) has contracted to service 
the hoiding tank and to truck in water from the Rimbach public water works. 
Emergency fire service will be provided by the Neukirchen-Heilig Blut 
(UQ5258) Volunteer Fire Department, 15 kilometers away, with an unknown 
reaction time. Medical assistance will be provided by the German civilian 
hospital in Koetzting (UQ4349); air evacuation by helicopter is possible 
through the MEDIVAC capability at SATC, Grafenwoehr. APO mail will be 
addressed to Post Office boxes at USASAFSA, will be re-packaged and sent 
through German mail channels to: Remote Site LFV, SFC E: —— 846] 
Rimbach. [be jen pick up mail daily from the Rimbach post office. 


i. The site will have three communications channels: 
(1) Direct AUTOSEVOCOM to USASAFSA Control Center 
(2) Non-Secure "order wire" to USASAFSA Control Center 


(3) German commercial phone (Class B) (09947-302) through the 
Neukirchen-Heilig Blut exchange. 
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j. Target personnel will live in the "Chateau" located adjacent to 
the Operations Building. The newly constructed "Chateau" consists of a 
common area: living room, kitchen and recreation facilities, with couches, 
television, stereo and a pool table; and adjacent sleeping quarters. 
Personnel will be allowed guests in the common area. The Commander, SMC 
has advised| b6 — | he may hire a local cook if the team members agree. 

would Tike to hire his wife for this activity, as she will otherwise 
be unemployed. This solution appears to have a distinct advantage over 
hiring a local area national. 


k. Two team members will be on duty at the site, 24 hours a day. 
Present plans call for the issue of .45 caliber pistols and ammunition, 
but it has not yet been determined where the weapons and ammunition will 
be stored. In the event of attempted penetrations of the area, personnel 
have been instructed to lock all entrances and remain inside the building. 
[b6 ]has been advised that elements of the 3d Squadron, 2d Armored Cavalry 
Regiment (2ACR) at Camp May, Regen (UQ6326), 43 kilometers, may have a 
reaction capability, reaction time unknown. 2ACR elements patrol the CSSR 
border area near the site and may be capable of a short reaction time. 
Joint defense plans have been discussed with two other military units in 
the same immediate area, Fernmeldesektor F of the FRG Armed Forces and 
Detachment D of the French Forces, Both counterparts appeared eager to form 
joint defense plans, but the non-NATO status of the French precluded USASA 
from negotiating at the local level. The problem reportedly was identified to 
USASAFSA. Each member of the team will have one key to the entrance gate 
which will be kept locked at all times after the German contractor personnel 
have departed the site. The operations building, a SI-area, is equipped 
with heat and sound-sensitive alarm systems and alarms also sound in the 
event of power loss or equipment malfunction. The German contractor engaged 
in construction work at the site will remove approximately 1.5 meters of 
rock from the end of the ridge near the tower to enlarge the antenna scanning 
area. This work cannot be completed during the winter months and is expected 
to be finished by May 1976. Explosives cannot be used due to the sensitivity 
of installed equipment in the immediate area. 


1. On 15 January 1976, the PLO met the LFY Project Officer from the 
USASA Systems Agency, Vint Hill Farms, Warrenton, Virginia, who was visiting 
the target. He explained that the following relay towers in the LFV system 
are unmanned by USASA personnel: 


Seibersdorf '  TQ97624600 
Landshut TP94688240 
Bonstetten PU26906739 
Dachau PU8 0735466 
Wasserkuppe* NA6648 9456 
Wildflecken* NA56258478 
Brandhof** ` PV26258873 
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Heidenheim** PV28953095 
Schwanberg** NA91890879 


*Army location occupied by non-USASA personnel 
** USAF installation 


The present SOP gives little information on the remote towers as far as 
security is concerned. In general, the remote towers are tall antennas 

with small buildings at the base. Each building has a door that is supposed 
to be kept locked. If someone enters one of the buildings an alarm light 
goes on in the central control area at USASAFSA. Telephoneswith open speakers 
are located in each building, so that if the alarm lights go on in the central 
area, duty personnel can pick up a phone and ask who is there. Arrangements 
have reportedly been made with local police, details unknown, to keep a close 
watch on all the remote towers, but the Project Officer was uncware what 
action the police were to take concerning trespassers, Anyone gaining access 
to the building at a remote tower could, with the proper equipment, tap 

the open service line and the scrambled traffic lines, While tapping the 
traffic lines would yield nothing but meaningless letter/number groups, 

they might have some value to a Hostile Intelligence Service. The isolation 
of several of the remote towers makes them susceptible to sabotage as the 
loss of a tower in the relay system renders that segment of the system use- 

| less. 


4, Operational Matters: 


a. Reference paragraph 3j, above: USASA has not planned any electronic 
sweep of: the SI area or the common room_now that the German contractor has 
completed installation of the wiring. | b6 [asked if the PLO could arrange for 
an electronic sweep of the entire area as Future visitors may want to use the 
common area for conferences. The PLO was non-committal and no action will be 
taken unless a formal request is received, 


b. Reference paragraph 4g of reference c: On 8 Decerber 1975, the 
First Sergeant of Company B advised that SP5S[ b6 ^ ^  jJwas no longer 
interested in ACGP-97 duties and that his application papers should be 
destroyed. SP4[ r6 — |] the other individual interested in ACGP-97 
will remain at the target until February 1976 and his application is being 
processed with PLO assistance. 


c. Reference paragraph 4e, reference c: is moving: to 
Augsburg on about 1 February 1976 and will be operating the Cafe-Restaurant 
"Sonne", 9 Hauptstrasse, Augsburg-Bergheim (PU3554), telephone: 97524. 

[b6 ]has passed out the name and address of his new establishment to target 
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personnel who are moving to Augsburg, and he has been actively soliciting 
their future patronage, There have been no indications that| b6  |has 
attempted to elicit information from target personnel, however his proxi- 
mity to the target and the regular customers from the target at his estab- 
lishment, the Hoherbogen Restaurant, have resulted in him being well- 
informed about ongoing transfers, the drawdown and future operations in 
the target area. All members of the LFV team are aware of MI interest 

inf bó A] It is expected that the Hoherbogen Restaurant will be leased 
by another party and remain open. No information is presently available 
on the new lessee. 


d. Reference paragraphs 4f and 4j, reference c, the information pro- 
vided is clarified as follows: SP4| bo X  |formerly attached to the 
target from the 502d ASA Group, contacted the Army Chaplain at the Hohenfels 
Training Area (HTA) for spiritual guidance when she became depressed after 
developing a strong emotional attachment to another female soldier who had 
departed the target. [b6 . lwas counselled and subsequently reassigned to 
USASAFSA. [sad nothing to do with the “satanic religious practices" 
referenced 1n paragraph 4f, reference c, That matter was not known to 
involve any target personnel and all personnel known to be involved with 
alleged "satanic religious practices" are assigned or attached to the 207th 
ASA Company, HTA and discussion of the incident is not germane to this 
report. 


e. Reference paragraph 4k, reference c: sal b6 ^ |] due 
to be transferred to USASAFSA is considered by hís supervisors to be a 
potential troublemaker in the organization. He has been behaving strangely, | 
which may be attributable to injuries he received in a 1974 motorcycle 
accident. | bẹ  j|was reprimanded by the Company B Commander for signing | 
a guard property receipt with the name "Mickey F--King Mouse." He has also | 
been involved in a questionable transaction with a German national involving 
a motorcycle. 


f. Target personnel reported no SMLM activity in the area since 
approximately September 1975. The PLO will recommend that the nearby German 
Army unit advise target personnel whenever a SMLM vehicle is reported in the 
area. It is known that German Military Counterintelligence (MAD) advises 
Fernmeldesektor F whenever a SMLM vehicle is reported in the area, The PLO 
will provide assistance to the LFV team in formulating a SMLM SOP. One team 
member had no SMLM card and none of the team members contacted on 15 January 
1976 were certain of what action to take if a sMLM vehicle was sighted in 
the target area. None of those individuals could recall having received a 
meaningful SMLM briefing since arriving in USAREUR, 
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q. The PLO gave a short SAEDA briefing to LFY team members (less 
on 15 January 1976 and requested their cooperation in identifying 
risk spots, suspicious incidents, undue curiosity and other SAEDA-related 
matters. 


h. In October or November 1975, date unknown, an individual was 
sighted measuring the perimeter fence of the target from the outside. He 
was challenged and he rapidly retreated into the wooded area and could not 
be located. The incident was allegedly reported to USASAFSA and it was 
later concluded that the individual probably was a Bundespost (German Post 
Office) employee, since a Bundespost truck had been seen near the site that 
day, and the matter was considered settled. The incident was not reported 
to MI when it occurred, and only became known on 15 January 1976 during 
casual conversation. It was emphasized to LFY team members that available 
MI support can only be effective if all incidents, however minor, are 
reported in a timely manner. In the above instance, it was not determined 
how the unidentified individual was concluded to be a Post Office employee, 
but in any event, it appeared from information available that the activities 
as described were suspicious and warranted further investigation. 


i. On 16 November 1975, two ranking representatives of the CSSR 
firm SEMEX, a subsidiary of the state-owned auto manufacturing firm SKODA 
visited the SEMEX offices in Furth-im-Wald concerning a planned program to 
import CSSR tractors into the FRG via SEMEX. Despite the fact that their 
business was in Furth-im-Wald and there was an abundance of hotel rooms in 
that town, the two individuals made reservations at the Hotel Kolmerhof in 
Rimbach for the night of 16-17 November. They departed for Munich (PU9135), 
FRG the following day. . Nothing of a suspicious nature was noted during the 
visit, but represertatives from SEMEX have been identified in the past 
engaged in low-level intelligence activity on behalf of the CSSR Intelli- 
gence Service. On 25 November 1975, inquiries at the target revealed that 
no unit personnel regularly patronized the Kolmerhof Hotel, although it was 
located directly across the street from the Company B administrative area, 
because of its higher prices and it catered to a clientele able to spend 
more money than most target members. On occasion, the hotel did hold 
dances and some target personnel had been known to attend, 


j. On 13 December 1975, SS se CNEHLDIUIEHLDG Company B, 
was reported as missing after spending an evening drinking at a tavern in 


Voggendorf (UQ4453). Unit personnel, assisted by local police, searched 

the area thoroughly and he was finally found the following day after having 
reportedly spend the night in the quarters of a female member of the unit. 
The incident was reported to MI by the target in a timely manner and close 
coordination was maintained with unit supervisory personnel, Military Police, 
and the local police during the search action, 


REGRADED UNCLASSIFIED ze 


SEF SAINSCOM FOUPO 


BY R USA 
cD 
AI PARA 1-603 DoD 5200 


Page-23M-e£3957——————— o 


Page 235 of 3957 


AEUMI -N-CE 23 January 1976 
SUBJECT: CARELESS TOKEN (U) 


YU 


5. yf Source Activity: 
a. B58,786 advised that the behayior of | BS ___| (paragraph 4e, 
above) had deterioreted, possibly due to physica um ems arjsing from 


his 1974 motorcycle accident. In the accident, was gored 
by a wire fence and his neck was heavily scarred despite severa] plastic i 
surgery operations. Some spinal damage also occurred and pn s 

on medication and frequently complained of headaches, He could not 


concertrate, argued with supervisors and had developed a short attention 
span. Lead questioned suitability for continued assignment to 


sensitive duties, 


b. B58,786 was encouraged to patronize the Hoberbogen Restaurant 
more often, in order to maintain continuity to the Timited investigation, 
pending[ b6  ] intended move to Augsburg. Lead was to determine if[b6 | 
acted in a suspicious manner. This activity was designed to assist Tn the 
assessment of the Lead's potential, This action was not out of character 
as Lead patronized the restaurant occasionally and knows[b6 | Lead was 
not targetted against[b6 ^ ]nor was MI committed to reimburse Lead for any 
expenses incurred, 


C. Local agency and 201 file checks on LFV team members are being 
submitted as a separate action, Name traces will be conducted on all team 
members. 


D Comments: 


a. No support is required from Special Operations Detachment, except 
for a portion of the actions outlined in paragraph 5c, above (to be sub- 
nitted). 


b. Reference paragraph 3b, above, if members of Company B obtain 
European separations, whether or not they remain in the target area, they 
could pose a similar situation to that which occurred in July 1974 when à 
former member of Company B, who had a post-separation travel restriction, 
travelled to CSSR within a few days after his European separation, The 
PLO will arrange with Commander, Company B for SAEDA briefings and appro- 
priate warnings on travel restrictions to all target personnel receiving 
European separations. 


c. Reference paragraph 3 1 above, local police having jurisdiction 
over the areas of the LFV remote towers within the 511th MI Battalion area 
will be contacted to determine what they have been told about the towers 
and what measures they are taking pertaining to tower security, 
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d. That portion of the comments in paragraph 6c, reference C that per- 
tain to the possible limited results of this operation after target auto- 
mation, remain valid. Considering these limitations, the thrust of the 
operation will be directed at developing threat information directed. against 


the target and target personnel. 
a x m 
x t 


„ie  FADLO M. SABNI 
i LTC, MI 
Commanding 
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DAMI-DOH ICIP GONDOLA STAR (U) i 
Cdr, USAINTA DAMI-DOR 
ATTN: MIIA-SO0 LTC Haendle/gr/55159 


1. Reference If, this office, subject: Quarter ICIP Reports, dated 17 Dec 75. 

2. Attachad fer your information and appropriate action is a copy of ACSI Form 28 
(less tabbed inclosures), dated 14 Jan 76, which reflects ACSI, DA approvai for the 
continuation of ICIP GONDOLA STAR (U) as an ongoing operation. 


3. Request the Commander, 902d MI Group infore interested parties at the installation 
supported by the ICIP of the ACSI's decision to continue the operation. 


FOR THE DIRECTOR OF INTELLIGENCE OPERATIONS: 


å PEE] 
WF 35" f Y 
xe 


1 Incl L. A. SPIRITO 
as (CONF IAL) Colonel, GS 
Chief, HUMINT Division 


E 
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SURJSCT OFF)CE SYMBOL SUSPENSE 
" "eese o | 
Review of Internal Counterintelligence Program (ICIP) DATE 
GONDOLA STAR (U) 14 Jan 76 
ACTION REQUIRED 
To obtain ACSI decision for continuation or termination of subject ICIP. 


MEMORANDUM FOR RECORD.  ( Deacribs briefly the requirement, bachgromad end action taken or recommended. Must be sufficiently detailed to identify 
the action withoat recourse to other sources, ) 


l. BACKGROUND: (U) 


a. uring the last quarter of calendar year 1974, the ACSI directed the termina- 
tion ofal9 ongoing ICIP operations. The operations terminated were those which were 
less productive or conducted at installations of lesser sensitivity. Among those 
terminated was the ICIP GONDOLA STAR at Aberdeen Proving Ground/Edgewood Arsenal, MD. 
(A subsequent new operation increased the total ongoing ICIPs to eight.) 


b. After reviewing correspondence initiated by the Commander, APG and indorsed 
by the Commander, Test and Evaluation Command and the Commander, Army Materiel Command, 
which recommended the ICIP GONDOLA STAR be continued, the ACSI reinstated the operatio 
for a period of six months on 11 Jul 75 (TAB B). 


c. In a memorandum for the Under Secretary of the Army dated 16 Sep 75, which 
provided the quarterly ICIP report for the second quarter calendar year 1975 (TAR C), 
the ACSI reinstated the operation for a period of six months and indicated a final 
determination would be made in January 1976 as to whether or not the operation should 
continue. 


2. EY DISCUSSION: (U) 


a. (U) At TABLA the Special Assistant to the Commander, USAINTA, provided an 
analysis of the ICIP GONDOLA STAR covering the period July thru December 1975. He 
recommended that the operation be retained as a meaningful adjunct to the security 
program at Aberdeen Proving Ground/Edgewood Arsenal, MD. 


i are Three of the activities targeted by the ICIP are designated Critical 
Sensiftve by USAINTA: Edgewood Arsenal, US Army Ballistics Laboratory and the US Army 
Materiel Systems Analysis Activity. During the six month period under review, two 


new confidential sources were recruited within these activities. Additional casual. 
© e and E "Iz identi tinue on plain bond) 
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SUBJECT: Review of Internal Counterintelligence Program (ICIP) GONDOLA! STAR (U) 


C. Much of the information reported in this operation continues to be 
related to personnel security activities with emphasis on personnel character 
weaknesses. However, although the ICIP did not uncover meaningful counterespionage 
information during the period under review, overall, GONDOLA STAR compares favorably 
to the other eight ongoing operations in scope and coverage of the Critical Sensitive 
activities at the installation. 


3. (U) Recommendation: That the ACSI approve the continuation of ICIP GONDOLA STAR 
as an ongoing operation. 
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MIIA-SO-SA (17 Dec 75) os 
SUBJECT: ICIP GONDOLA STAR (U) 


TO HQDA (DAMI-DOH/ FROM CDR, USAINTA DATE v's" ome 2 (C) 
LTC HAENDIE) Special Operations Mr Hine/2l0l/id 
WASH DC 20310 Detachment 


Ft Meade, MD 20755 
1. (U) References: 


a, ACSI DA Letter, DAMI-DOH, subject: Retention of Internal Counter- 
intelligence Program (ICIP) (U), 11 July 1975. ; 


b. Draft ACSI letter, DAMI-DOH, subject same as ref la, submitted 
with 902d MI Group request for reinstatement of GONDOLA STAR in June 1975. 


2, In compliance with paragraph 4, CMT 1, comments and recommenda- 

tions concerning ICIP GONDOLA STAR are submitted herewith. Subsequent to 
the ACSI revalidation of ICIP Operation GONDOLA STAR (U), as provided by 

reference la above, the following actions have been taken: 


a, <A thorough study and review of the operation was conducted. As 
a result of that study, it was determined that Edgewood Arsenal (EA), 
the US Army Ballistics Research Laboratory (BRL), and the US Army Materiel 
| Systems Analysis Activity (AMSAA) were Critical Sensitive (CS) activities 
in that order of priority; with the US Army Test and Evaluation Command 
(TECOM), US Army Human Engineering Laboratory (HEL) and the Materiel Test- 
ing Directorate (MTD), Aberdeen Proving Ground (APG), having a sensitivity 
of Highly Sensitive (HS), and so designated in that priority of support. 
It was the goal of the operation during the last six months to provide 
confidential source personnel support to the three CS target areas. With 
the recruitment of two additional confidential sources in AMSAA during 
the last six months, this short-range objective was met. 


b. Additionally, ten casual sources and five counterintelligence 
recruitment leads have been identified. Although it is the long-range 
objective of the operation to provide confidential source coverage to ail 
of tbe targets presently identified, it is the short-range goal to recruit 
additional confidential sources within the Critical Sensitive targets 
while concurrently spotting for additional leads during the next six 
months. The 902d MI Group has manpower resources, to include an experi- 
enced "Great Skills" Agent Handler, to support this operation, 


c, Items of counterintelligence interest reported to the supported 
activities in response to established EEI by source personnel have in- 
I cluded seven incidents of foreign contact of military and DOD civilian 
i personnel, six incidents of foreign travel by military and DOD civilian 
personnel, one report of solicitation by a foreign organization, three 
reports of identification of alien enlistees, fourteen reports of possi- 
ble unsuitability of personnel in positions with access to classified 
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MIIA-SO-SA 
SUBJECT: ICIP GONDOLA STAR (U) 


material, and eighteen reports of possible security weaknesses, viola» 
tions or hazards. The above information has provided five leads for 
the CE Branch, Special Operations Detachment, USAINTA; has led to the 
request for two limited investigations by the supported commands; has 
caused one DOD civilian to undergo a "fitness for duty" examination to 
include a psychiatric evaluation; and has caused reviews of security 
procedures and the issuance of security warnings by security officials 
at APG/EA. Details of the above reports are contained in Quarterly 
Progress Reports (attached as Inclosures 1 and 2). i 


3. COL Ungerleider, CDR, APG; COL Stahl, CDR, Edgewood Arsenal, 
an Powers, CDR, US Army Test and Evaluation Command, APG, have 
received separate briefings on the status of ICIP Operation GONDOLA 
STAR. All have indicated their complete satisfaction with the support 
provided by the operation, and have enthusiastically indicated their 
desire that the operation be continued. 


L. The previously reported threat to APG/EA as contained in the 
report of the 1974 SAVE conducted at BRL and the threat to CBR informa- 
tion, equipment and weapons as outlined in reference lb above remain 


valid 

5. The operational objectives are being met. The operation is 
providing the information required and desired. 

6. wy Recommendation: Retain ICIP Operation GONDOLA STAR as a 


meaningful adjunct to the security program at Aberdeen Proving Ground/ 


Edgewood Arsenal, MD, 


2 Incl deti I. eS 
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i DAMI-DOH : Quarterly ICIP Reports (U) 


: TO CDR, USAINTA FROM  pAMI-DOH DATE 47 Den 10975 — CMT 
ATIN: MIIA-SO LTC Haendle/mjb/56159_ 
FI MEADE MD 20755 - i P - 


(U) Reference, message, DAMI-DOH, 032115Z Dec 75. 


2. by Attached for your files is a copy of the INFORMATION MEMORANDUM to the Under 
f Secrétary of the Army (less inclosures) which forwarded summaries of the nine on- 

| going CONUS ICIP operations as submitted by your headquarters. The summary pertaining 
E to a proposed ICIP by the 66th MI Group in support of USASA was not included in this 
4j | submission. Upon receipt of a response to the above referenced message, a decision. 
will be made whether to include that operation in the next quarterly report. 


V In staffing the Quarterly ICIP Report within QACSI, the Acting Director of 
Intelligence Operations noted that many of thé summarié® of on-going actions contained 
too many details of individual character/behavior issues. In future quarterly reports 
suitability-type information pertaining to individuals covered by the ICIP project 
should be either eliminated or summarized in general comments, 


4. On a separate matter, when the ACSI reinstated the ICIP CONDOLA STAR in 
July 1975, he indicated he would review the ICIP in six months to: determine if 
significant information had been developed to warrant continuation of the project. 
It is requested that-your headquarters conduct a review of this ICIP and furnish 
your comments and recommendations to this office by 9 January 1975. 


FOR THE DIRECTOR OF INTELLIGENCE OPERATIONS: 


cz D 


L. A. SPIRITO 
Colonel, GS 
Chief, HUMINT Division 
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DEPARTMENT OF THE ARMY = 
HEADQUARTERS, 902D MILITARY INTELLIGENCE GROUP: 
FORT MEADE. MARYLAND 20755 ; - 


i ee 
| | | : | 
i ICIP QUARTERLY PROGRESS REPORT NUMBER 4 — ! - 
| e dn n 
| Period: 1 July 1975 to 30 September 1975 nun 
j TABNING NOTICE: SENSITIVE SOURCES AND METHODS INVOLVED : 
1. (U) Identity: GONDOLA STAR (U), 
| ; ' 2 : 
vod "s 2. Supported Command: HQ, Aberdeen Proving Ground (APG), MD, and 
sod critical sensitive (CS) and highly. sensitive (HS) tenant activities at 
i | APG subordinate to the major command, US Army Materiel Command, Alexandria, 
VA. ` . ; 


= i 3. WE Targets: d S. i mE un 
a. Edgewood Arsenal, Edgewood Area, APG, 


b, US Army Ballistic Research Laboratories, Aberdeen Area, APG. 


[| 
| c, . US Army Materiel Systems Analysis Activity, Aberdeen Area, APG, - 
| my y y; ^. 2 
| d. HQ, US Army Test and Evaluation Command, Aberdeen Area, APG. ` 
| e. US Army Human Engineering Laboratory, Aberdeen Area, APG, 
| 5 i 
f. Materiel Testing Directorate of APG, Aberdeen Area, APG, 
| a’ 
| ke (D Coverage: l 
i .  Kunber/Type of 
| 8. Source ' Target Covered Contacts Reports Produced 
l (1) Confidential Sources i 
) š " 
i .(a) IC-B-005 3c 3 2 Contact. reports 
| | E 
i (b) IC-B-010 3a 5 4, Contact reports 
| A l Agent Report.— 
| a E 
| (e) IC-B-030 3e 4 ` 3 Contact reports 
| E 6 Agent reports 
| ; 


(a) IC-B-032 3a 9  . 6 Contact reports 
; l .7 Agent reports - 


bined y ADDE Rog 361-100-1 Seg PERDER Uy Asse 
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| (e) IC-B-053 3a — 4 3 Contact reports ` 


(f) IC-B-O64 l |. 3b h .3 Contact reports. 
: l ^. 2 Agent reports = 


` (g) IC-B-O79 3a n 3 Contact reports — 
2 Agent reports 


(h) IC-B-O80 3c ? 4 Contact reports. 
- 3 Agent reports 


(2) . Conventional Sources: Conventional sources utilized during the 
reporting period consisted of those casual and official contacts made. by 
the Project Liaison Officer in the furtherance of his ICIP duties, These 
contacts consisted of, but were not limited to, those reported in paragraphs. - 
4a(3), 4b and Ac belowe The Project Liaison Officer also had limited or 
one-time contact with other individuals of the supported activity!s work- _ 
force, These contacts did not significantly contribute to the counterintel- 
ligence coverage of the süpported activities, but did serve to project the 
presence of Military Intelligence in the area. These contacts also contributed 
significantly to the establishment of & pool fron which conventional and . 
confidential sources can be developed. No conventional sources have been 
tasked to gather specific essential elements of information, However, all. 
conventional sources are made aware of the Project Liaison Officer's overt 
("Military Intelligence Special Agent") duties and the type of information 
of interest to all security officials, No conventional sources have been 
key-sheeted, Those individuals who provide reportable information and _ 
express a desire to remain anonymous will be key-sheeted at the time they 
| make their desire known, 


(3) Casual Sources: 


E (a) [ b7(d) mE ar 3 
pu (b) [b7(d) | 3b 3 
1 


0 
0 
© [uid — — —] 3a 0 
«bz  j 3a ee 
b. liaison Contacts. Agency . Contacts Reports Produced. 


(1) Aberdeen RO > FBI & 0 
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| (2) Barracks D MD State Police Il MEE 
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| ICIP QUARTERLY PROGRESS REPORT NUMBER 4 
i Period: 1 July 1975 to 30 September 1975 5 » 
! (3) Sheriff's Ofc Harford County 5 2 Agent reports .- 
i | (4) Sheriff's Ofe Cecil County 1 0 ~ 
! ss (5) Police Dept Aberdeen, MD L 2 Agent reports _ 
v] (6) Police Dept Bei Air, MD 2 "2 Agent reports. 
à (7) Police Dept Havre de Grace, MD 3 2 Agent reports 
MEE (8) Provost Marshal PMO, APG 12 0 
| e | (9) cm . ` APG 39 o 
| | (10) Intel Office . APG i 57 2 Agent reports ] 
| | Qi) MPL PMO, APG. (2 0 
| (12) Security Ofc EA, APG 1A 6 | 
| (13) Security Ofc BRL, APG | 7 1 Agent report 
(14) Security Ofe AMSAA, APG 6 1 Agent report í 
| (15) Security Ofe  ‘TECOM, APG 3 0 
(16) Security Ofc HEL, APG a 0 
(17) Security Ofe MTD, APG 9 0 
(18) CPO HQ, APG 13 2 Agent report 
TE CIRIS eod -— 
| Name Phase of Development Placement/Aosens 


5. (FOUO) Statistics: 
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iCIP Reports: 


(1) Spot Reports: 
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ICIP QUARTERLY PROGRESS REPORT NUMBER 4 E . p 
Period: 2 July 1975 to 30 September 1975 ME f i 
(2) Sol 0 | 0 o` 0. - 
(3) IIR: 0 0 0 o. 
(4) Agent Reports: 35 E N/A 5007 85. 35 
(5) Lead Development 7 l n | 
Reports: l N/A 1 i l. 
(6). Contact Reports: 28 N/A 28 >: 28 -- 
(7) Basic Source Data g ^ 
Reporta: 2 N/A ^ 2 © 2 
(8) Other: u "e o 
MFR: 8 N/A Bo: 8 
Various items of information passed by. word of mouth to the 
supported command/activities, . 73 
b. PCO PLO * Other Subtotal’ FY Total. 
| 
c. TDY Funds: 0 -0 0 0 Q0 C 
d. Manhours: 
(1) ICIP (GASR): 49% 27 ^0 761 761 
(2) Other ICIP: 14 Q 0 Uh 0. Uh 
(3). Non-ICIP: 16 35h 0 (030 2030 
é. (C) Remarks: No information was reported concerning non-affiliated 
civilians or organizations. . 
7. (C) Quarterly Briefing of Supported Command: B uf ut 


a, Circumstances: 


(1) On 22 August 1975 COL Kenneth L, Stahl, Commander, Edgewood 
Arsenal (EA), Aberdeen Proving Ground (APG), MD, was brought up to date 

- on the status of the ICIP at EA. He was informed that GONDOLA STAR had 

. been reviewed by the Assistant Chief of Staff for Intelligence, Department 


sensitive. activity at APG, 


ve P.age232/ : 91.3957 


ICIP QUARTERLY PROGRESS REPORT NUMBER 4 "ES l 
Period: 1 July 1975 to 30 September 1975 l | x 


of the Army and revalidated for another six months, At the end of the 

six month period, January 1976, the operation would again be reviewed, 

COL Stahl was reminded that MAJ Walter W, Stansberry, Former Security a 
Officer, EA had been the ICIP Coordinator for EA and now that he had >> >: 
departed for reassigument a new ICIP Coordinator had to be selected and 

given an ICIP briefing. COL Stahl advised that he desired MAJ Stansberry! g 
replacement, CPT Vincent J. Falconio, Security Officer, EA, be the ICIP 
Coordinator, COL Stahl also advised that a new deputy commander, COL . 

Burt NMN Dall, had been assigned and he desired that COL Dall be Beaetee 

on the ICIP’ at EA. 


(2) On 22 August 1975 CPT Vincent J. Falconio was given the initial 
ICIP briefing and a current status report concerning operation GONDOLA 
STAR (U). Falconio acknowledged his understanding of the source program 
and readily grasped the overail concept of ICIP, He indicated a desire 
to establish the best possible working relationship With the PLO. At -7 
the conclusion of the briefing Falconio executed a Security Certificates 


(3) On 17 September 1975 COL Burt NMN Dall, Deputy Comander; Edge- 
wood Arsenal, Edgewood Area, Aberdeen Proving Ground, MD, was given the 
initial Internal Counterintelligence Program (ICIP) briefing. CPT Vincent 
J, Falconio, ICIP Coordinator, was also present during the briefing. 
Because COL Stahl, Commander, Edgewood Arsenal, was on annual leave, COL 
Dall and CPT Falconio were (aoo given the Quarterly Progress Briefing at - 
this time. 


{4) On 24 September 1975 a Quarterly Progress Briefing was given 
to COL Alvin D, Ungerleider, Commander, APG, and. to Mr, Harry A. Mencke, - 
Installation Intelligence Officer, APG, the ICIP Coordinator for the Aber— 
deen Area, Aberdeen Proving Ground, MD, 


b. Recapitulat ion of Operational Progress During the Period: 


(1) During the first quarter of FY 1976, considerable effort wes 
expended to reactivate and expand ICIP coverage at APG following the ter- 
mination of Project. GONDOLA STAR on 31 March 1975 and subsequent revalidation 
of the Project by: the ACSI on 11 July 1975. During the latter half of July 
1975, the six confidential sources which were being utilized prior to 31 
March 1975 were recontacted and reactivated; one confidential source, whose 
recruitment had been postponed because of the termination of the project, 
was recruited on 5 August 1975; a Lead Development Report ob an additional 
confidential source was submitted and approved, and this source was re- 
cruited on 4 September 1975. These two confidential sources were the first 
recruited in the US Army Materiel Systems Analysis. Activity, a critical 
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(2) The Project Liaison Officer (PLO) re-established liaison contacts 
in local, state and federal agencies in addition to maintenance of his 
contacts with the ICIP coordinators and security officers of those activities. 
receiving ICIP support at APG, The PIO also established new casual sources ` 
in critical areas of the ICIP-supported activities at APG and vetted two 
new CIRLs to the point of submission of NAC requests, Sone progress was . 
made in improving the ratio of ICIP to non-ICIP duties of the PLO, who is _ 
also-—during this reporting period—the only special agent of the Aberdeen 
RO; this ICIP to non-ICIP ratio has been a weak area of Project GONDOLA 
STAR since its reactivation in 1972. A favorable trend was established too 
as the quarter progressed, as reflected by the fact that during July 1975 . . 
the PLO's duty hours were 45 ICIP and 172 non-ICIP, during August 1975 they --- 
were 9l ICIP and 115 non-ICIP, and during Septembor 1975, 122 ICIP | and 67 
non-ICIP, 


c. Significent Counterintelligence Information Developed: 


(1) Under the EEI, "Identification and extent of foreign contacts -+ - 
of military and DoD civilian personnel, with particular emphasis on Sino- 
| Soviet bloc countries" (paragraph 1, Appendix 1 to Annex J to OP-O01—7h— . 
109), the following information was developed: 


i 
1 
pal 
Pup 
J 
| 
! 


(a) Source IC—-B-064 reported that an unknown number of Swedish citi- - 
zens would visit the US Army Ballistic Research Laboratories (BRL), APG, ` 
on 13 August 1975. Follow-up by the PLO determined that the visit had 
been properly coordinated. 


(b) Source IC-B-080 reported that seven Swedish citizens would 
visit the US Army Materiel Systems Analysis Activity (AMSAA), APG, on 
26 September 1975. Follow-up by the PLO determined that the visit had 
not been properly coordinated, but that AMSAA had taken action to insure 
e that the Swedish visitors would not be given access to classified infor- 
"d mation until defini tive guidance was received from HQ, US Aray Materiel x 
Command. 


LEES (2) Under the EBI, "Foreign travel of military and civilian personnel, 

| either intended or completed, to Communist controlled countries, or attend- 

i ance at social and official functions at which Communist country. personnel 

. o are present" (paragraph 2, Appendix l to Annex J to POEs the teks 
| following informati ion was developed: . . 


| (a) Source IC-B-O10 reported that ca] b6 a 
E pharmocologist employed in the Biomedical Laboratory, Edgewood Arsenal, 


APG, had, at HER own expense, attended the Sixth Congress of the Inter- 
bs national Union of Pharmocologists (IUPHAR) which was held in Helsinki, 
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Finland, 20 through 25 July 1975. During the Congress, b6 _| attended 
a luncheon hosted by 'a representative of the Union of Soviet Socialist 
Republics (USSR), who was also an official of the IUPHAR, Following the > — 
Congress, took part in a five-day, IUPHAR-sponsored tour to M 
Leningrad, Follow-up by the PLO is.in progress. 


(b) Source IC-B-030 reported that c| b6 rcd an " 
employee of Human Engineering Laboratory, APG, intended to pa lcipate . $ 
in a two-week tour of the Union of Soviet Socialist Republics scheduled 
to begin.on 2 October 1975, Follow-up by the PLO determined that[b6 — ] ^| - 


was participating in a National Geographic Society tour and that HE had 
coordinated the tour with appropriate security officials. 


(c) Source IC-3-032 reported that GS-12 an employee 
of Development and Engineering Directorate, Edgewood Arsenal, APG, had 
visited Poland and Czechoslovakia for approximately t one month in Jue 1975. ` 
During this visit, [66 Jand HIS spouse had allegedly visited relatives — 
in Poland and Czechoslovakia, No follow-up was conducted per instructions ` 
from HQ, USAINTA, i 


(3) Under the EEI, "Identification of Alien Enlistees" (paragraph 6, 
Appendix 1 to Annex J to OP-001-74-109), the following information was > 
Reverepes: 


Source I0-B-030 reported that yee} born in 
b6 assigned to Human Engineering Laboratory, APG, was 
not a citizen of the US and did not have a security clearance, Follow-up © 


‘by the PLO confirmed the information and determined that the Tista l lation 
Intelligence Officer (110), APG, was aware of 


b) Source IC-B-030 reported that SP4 [S E in 
b6 assigned to Human Engineering Laboratory, 3 was 


Spese 


not a US citizen, did not have a security clearance, and aa suffered — 
from periods of amnesia, Follow-up by the PLO confirmed the information 
and determined that the 110 was aware of| b6 . |stetus. 


(c) Source I¢-P-030 reported that FFG[ b6 ^ |} believed 


to have been born in  ] assigned to Human Engineering Laboratory, APG, 
was not.a US citizen and did not have & security clearance, rc by -— 
the PLO is in progress, $ 


(4) Under the EEI, "Early detection of persons whose activities and ; 
character weaknesses render them vulnerable to hostile intelligence ex- 


ploitation" (paragraph 8, Appendix 1 to Annex J to St: the - 
following information was developed: . 
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(a) Source IC-B-032 reported that M c com married; ^ .- 


| 

| l 

| a secretary in Technical Support Directorate, Edgewood Arsenal, APG, was 
| 

i 


allegedly involved in an extramarital relationship with WS-7 — . 
married, an employee of Technical. apport Directorate. The `> 
situation is being monitored, : 


(b) Source IC-B-032 reported that a) NTC RANA married, . 
employed in Development and Engineering Directorate, Edgewood Arsenal, APG, 


j was allegedly involved in an extramarital relationship with GS-9 
| . a widow, also employed in Development and Engineering Direcc- f. SN 
i torate, The situation is being monitored, 


veu (c) Source I¢~B-032 reported that G9-6[ b6 | married, 
0d a secretary in Technical Support Directorate, Edgewood Arsenal, APG, was. 
TN allegedly involved in an extramarital relationship with GS-9[b6 — ] 


| b6 — | separated from his wife, employed in US Army Materiel [ Systems 
iNalysis Activity, APG, The situation is being monitored. 


| 

i (d) An official source of the PLO who did not want to be identified 

i because of fear that he would lose his job, reported that LTO[*6 ^ ] . 
éd] formerly àssigned to US Army Materiel Systems Analysis 
| Kctivity (AYSAA), now assigned to Concepts Analysis Activity (CAA), Bethesda, 
j [b6 — ]- 
| 
, 
j 


MD, was allegedly an alcoholic, was allegedly cohabiting with GS-8 
an employee of AMSAA, and allegedly had had sexual intercourse 
with a female Captain in the Isreali Defense Forces who had been assigned 


as[ bẹ ]interpreter when[ bó — ]was on TDY to Israel in October 1974. _ 
No follow-up action has been taken because of transfer from AMSAA, 


(e) Source 1C-BE-061 reported that arel bo e an employee 


E of AMSAA, APG, had allegedly been involved in an extramarital relationship 

i with PL 313 federal employee,| b6 | Director, AMSAA, at 
approximately the time of the accidental death of | b6  bhüfe. The 
Situation is being monitored, i -— 


BER ; cA Source I¢-B-079 reported that an individual, later identified 

=] i b6 ] a physical scientist employed in the Chemical Laboratory, 
| kd Arsenal, APG, had allegedly exhibited mental or emotional instability, 
Follow-up by the PLO determined that[b6 ]|had been directed to undergo a 


"fitness for duty" physical examination which would include & psychiatric —— 
evaluation, : 


(5) —" EEI, "Security violations or hazards" (paragraph 9; 
Appendix 1 to Annex J to OP-O01-74-109), the following information was 


developed: 
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! 

| (a) Source IC+B-030 reported that GS-14[  b6 ———  ]an 

i employee of Human Engineering laboratory, APG, had brought HIS eight-year- 

1 old son into a controlled access area where a classified test was being — 
conducted and remained overnight, Follow-up by the PLO determined that ^ __. 

[56 ^ ]had been counselled by HIS supervisor. 


(b) Source IC-D-030 reported that carbon paper and one-time typewriter. 
ribbon used to type classified reports in Human Engineering Laboratory, APG, 
had not been treated as classified waste. Follow-up by the PLO brought 
the situation to the attention of the security officer, HEL, who promised 
to take care of the situation; monitoring through "rura has not deter- 
mined that any such action was taken, 


(c) Source IC-8-080. reported ten(10) separate situations iion con- 
stituted security violations or hazards at AMAA., These were brought ios 
the attention of the Security Officer, AMSAA, br the PLO. 


fiat m n s rd ate =, 


(6) In response to the EEI, "Conduct rendering the individual vul- - 

' nerable to pressure, such as homosexual, criminal, or immoral acts" (para~ 
graph 8c, Appendix 1 to Annex J to OP-001- 71-109), , and "Sudden, unexplained 
or inadequately explained absence from work by personnel in excess of 2} 
hours" (paragraph 9, Appendix 2 to Anñex J to OP-001-74-109), the fol-' 
lowing information was developed: Tue PLO was advised by an official  .  - 
Source at the US Army Ballistics 3 Laboratories, APG, of unconfirmed 
runors to the effect that an employee of BRL, had 
been involved in trouble with the police. Follow-up by the PLO determined ` 
that seven charges ranging from possession of marijuana to grand larceny - 
and assault and battery were on file at the Havre de Grace Police Depart- | 
ment, Havre de Grace, MD, concerning bë | and that | b6 | [bo was absent — 
without leave, 


8. (C) Actions imp plemented or taken by the supported command based 


————————————— —PRERRRRN 
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upon the information submitted: m 

Subject Iype information Developed Action Taken Date of Action 
Foreign travel None. 
Foreign travel Tone. 
Foreign travel None. Is 
Enlisted alien None. j i 
Enlisted alien/ Denied clearance | Unknown 
amnesia 
Enlisted alien Nous, 

b6 Suitability Monitor 


Suitability Monitor 
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Suitability |. Monitor 
Suitability : Monitor 

b6 Suitability Unknown = 
Suitability "Monitor i 
Suitability . "Fitness for ll Aug 75 


duty" physical 


(0 Seeurity weakness Counseled — Unknown, 


Security weaknesses, HEL, various Correct 2 Sep 75 
Security weaknesses, AMSAA, various - Correct ` 9 Sep 75 
be ; Suitability Investigate 16 Sep 75 -> 


gerleider expressed their pleasure that ICIP Project CONDOLA STAR had been 
reinstated by the ACSI for an additional six months, Both Commanders and 
their designated ICIP Coordinators continue to coopgrate fully with the " 
Project Liaison Officer and his Military Intelligence chain of command, B 
The progress of ICIP Project GONDOLA STAR, as reflected above, is directly 
proportional to the amount of time the PLO! s other duties permit him to `~ - 


devote to the ICIP. 
. 4 S l . 
Du BN m Edd 
b E 


WILLIAM B. HALL 
Project Case Officer 


IU CF Conments, Remarks and Recommendations: Both COL Stahl and COL Un- ~- 
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agent Reports 


quarters the conventional 
eg of those casual and 


official con ntacts made Cy “the a Liaison Gificer in the furtherance of his 
ICIP duties. These contacts consisted cf, but vere not liriteó to, those 
reported in paragraphs ua(3), hb and he below. The Project Liaison C?ficer 
also had "ag is cr ono-tire contact with ctuer indivicuals cf the suprorted 
activitie These contacts did not significantly contrioute to the counter- 
eee icone cove? "aue ef tue swworted activities, but did serve to pee ur 
presence cif iilitary Intelligence in the area. These contacts 

significantly te tie esteblishuent of a pool fror which ce 

confidential sources can be caveloned. (Oo conveniiona 

tasked te gather specific essential clur nts of eds 

convent: 5 re c2 c Tiais 

(i ilitary 0563 „en ties the tyre of inforvation 

of interest to ell security officials; information which Zenotos a security 
Veulatss ur vVuluerability. No conventional sources have teen key-shectad. 
These individuals ho i.rsviae renortcble information and express a desire to 
roncin anonymouse vill be bey-shestad at the time they rahe tivir desiro Coon. 
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(1) 
(2) 
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(4) 


(£) 


Aberdeen KO 
Sarracks D 
Sheriff's ife 
Sheriff's Urc 
Police Dept 
Police Dept 
Yolice Dept 
rrovest larshal 
CIL 


2untel Cfc 


NET. ~p 
Security Ofc 
Security Cre 


re State Police 
;avrforc County 
Cecil Ccunty 
Aberdeen, “Md. 


Del Air, Ed. 
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| l (2| b1 | Half Vetted 3a 
(3) | b1 | LDR Started ` 23a uns 
| a) [ bi | Vetting Started 3a 
(5) | b1 Spotted 2/38 ZEE 
5. {FoP} Statistics: ye 
a. ICIP ^erorts: furnished Furnished É 
Group HAs Sptå Oma Subtctal TY Total 
"T ae (1) Spot Reports? 0 0 6 — " 6 
i (2) SOL: 0 0 0 0 
(3) TTR: 0 G 0 0 
- m E 
4 . 
(h4) Agent Reports ht H/A L5 © BO 
(5) Lead Development 
Reports: 1 k/A 1 2 
(5). Contact Reports: zo * n3 28 cE. 


(7) Basic S6urce Data f a aoe 
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ETT 


6. (U0). Remarks: Uo information was reported concerning non-affiliated i 
d or organizations. i 
1. T6 Quarterly Briefing of Supported Command: c BE 


a. Circumstances: 


(1) Cn 1 Decerber 1975 the init CIP briefing was given to 
S 


2 Patrick V. Power T$, Gornrander, end Evaluation Cemmanc (TECOM) 
eng CCL william K. Tucker dr., € f, T2205. The status of [mC i 


in relation to receiving ICIP support was also included in ihe orieiing. i 
was pointed out that due to the lindtat: ion of resources GOMLOLA STAR (U) 
concentrating on three higner priority activities at AFG. This was due to 
thé three activities having a greater degree of sensitivity. Should the 
resource problem improve. to the point where TRC! comla be covered bayong, 
routine liaison then 15207 vovld be imrediately notified. 1G Powers acknowl = 


edyed bis understanding cf the current status of GCUDOLA STAR (U). 


17 December 1975 COL Yenneth L. OcnisnÜer, Ldgeuood 
"as in a ^uarterly Progress He vriefing as psrtejns.to 


T 
Aneena portion of operation GONDOLA STAR (U). 


e (3) Cn 19 Decent er 1975 SOL Alvin D. Uugerleider, Corrander, &FO was’ ^ n: 
given a Cuarterly Frogress Retort briefings as pertains to those Rec BS * g* 
located in the Aberdeen Area, A> re supported GONDOLA STAR (U). 
ir, Harry å. agen instel CZ py, AFG, the ICIP Coord 
inator for the Aberdeen år 8 ior this seating. 


if 
QA Dubuih saa ld vos 
E 3 z anc US Army 
.Uateriel Systems Analisis ificant progress was 
mace. Training anc develo: ea coniidontia 
sources (JC-H-O°% and 3C-. e oduction increased 
accordingly. Again Gurin5 SH. ha -Citieonal time avail- 
able ta Gevote to idiP duties, This cates the PU to nore than doucle. ud 
the time cf his presence in. the sunr;orted activities, as compared to trevious 
guarters. Consequently, there was an increase in CiS, casus! sources and 
the activity cited in paragraph hal?) above. b cen? 


ence information Develoned: 


Cc. Significant Counterintelli; 
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(1) Under the 38I, "Identification and extent of foreign contacts of 
military end DOD Civilian personnel, with particular emphasis on Sino- 
Soviet bloc countries" (paragraph 1, Appendix 1 to Annex J to OP-O01- T= 
109), the follow ring information was developed: 


(a) Source 1C-D-030 reported wm. be si a citizen of the 

Tederal Republic of Germany was assigned on en exchange program to work 

‘an the US Army Eunan Cngineerinz Laboratory until Septerber 1976. The ICIP 
Soorcinator was briefed, no adcitional action is expected. : "T 


: (b) Source 24,-:-005 reported SGT essizned to the US  - :.— 
l Army Materiel Systems Analysis Activity, had a former wife and two children 
‘residing in the Tederal “enublic of Germany. The ICIP Cocräinator was 
briefed end local files were checked. ; 


etr oo -e "5 vc 


(c) Source 1C0-£-032 reported additional information eencerninn travel 


uy 58-12 | b6 Ito Czechostcvakia and Poland curing the summer of. .. 
1975. Acditional information was also provided ccneerning[_b6  — — ]rians 
for > 


another trip to those countries. 1CIF Ccordinator was briefed ano the 
information was also brought to the attention of another USATZTA element. : 
nn 


"he ICIP Cocrdinator expects ICIP to continue to zonitor[ bó ^ Jactivities. 


(d) Scurce i€-£-010 reported one british and three Conadian personnel 7 
yisived Züzewocd Arsenal during the period 1-5.Lecember 1975. 4 chech with 
the jCYIP Coordinator determined the visit hed been properly cleared. 
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wyice with the German Army eee tne zar. The POIF “corainavor 
» 


S mdp mr, are E r Te a P x 
e189 : 1 ne + Mai Gcot Tul nator ask i ha i [ 566 — fk ATR 
PN 7 
i 


joSzier revieved in order to attempt to answer the questien, his action" 
is vendin... | b6 Cu-21, EE dutan KL d i zked Cu AEG D l 
[viu Secr 


(2) Under the x, "intend ed foreign travel of ra liter ry and DOU 
civilian epi to Si iüo-Sodiót Uloc countries cr attendance-at ‘social 
and official functions at which Zino-Soviet bloc rersommel are present" 
(paragraph 2, ps S 
anformation vas developed: 
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Mx l to Annex J to CP-CO1-74-309), the folloving | 
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sonisn institution in Uashington, LC. ‘Since the TUC was already aware of 

he| b6 — giving notification of the trip.through their chain of ccr: and 
ane ine information having already come to the attention of another element 

of USAINTA, no action was taken. TLC did make mention to the ICID-! Coordinator, 
hat the information had also been Geveloped Seau _ICUREGARDED UNCLASSIFIED - 
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YOIP QUARTERLY PROGRESS REPOTT (ULER 2 po s p 
i Period: 1 October 1975 to 31 December 1975 i i 


(v) In a separate_report scurce 1C-2-230 reported we[b6 ] pu 


; intend to take another tour to ‘ussia during the summer of 1976. ‘This 
information was passed to the ICIP Coordinator. 


(3) Under the BEI, "Solicitation by foreign nationals or organizations . 
of personal and/or official information through official or non-cfficial i 
canrels"(psragraph h, Aprendix 1 to Annex J to CP-OCl-Th-109), the s. 
followinz information was developed: : 


] (a) Source I0---0O30 renorted the Furen Zngin.cring Laboratory received ` 
s a written request for Djolicg rap ies of 155 pullicetions tron[ b6 ——— ] ee. 
institute o? Gxperimental Psychology, Slovak Academy of Sciences, ik 
Zoceiova l7, Bratislava, Ozechoslovakia. The Lirector, HEL, sent a letter 
to [be ^ ]aev sing HL no lonser had copies of the bibliographies available 
Tor cistribution to the public. The irector of HSL, suggested[ be č ] initiate, 


contact through the Czechoslovak Embassy with the ilational Technical Inforr- 
ation Services, 5285 Fort icyal Read, Springfield, VA 20151, The IC ir 
Soordinater was briefed, no action is pending. s 7 
«u) Under the EST, "arly detection of persons whose activities and 
character wealmesses render them vulnerable to ‘teeta intelligence exploit- 
te GP-001-75-109), the following - 
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tien! (raracrapn 8, Avrendix 1 to Annex J 
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“in exchance fer moneta visitors to 
f 2Ggewood Arsenal. Loc the go-go dancer a: 
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(du) -Source j£5-:-010 reported informction which could tend to indicate 
ad-15 b6 was mentally unstable. The ICLP Cecrdinator 


was briefed and & Limited jnvestig ation was re pesuede 
> a n Vue 
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(e) Source 3C-B-053 reported GS-12 Edgewood E 
E Arsenal, took a woran (FI) who was not his wife to lunch almost every . y 
; day since 1 November 1975. The ICIP Coordinator was briefed; no action | ^ — 
i is pending. ù l a ae 
J 


TÉ (£) Source IC-5-093 reported O$-1l Edgewood — 7 
Arsenal, was observed on oximately a dozen occasions taking a Woman; 7 


an 
not his wife, to lunch. Lo dus observed taking three or four aifferent 
voren to lunch since 1 September 1975. The IOIF Coordinator was briefed; 
no action is rencoins. ; 


(g) Seurce 1C-2-032 reported 22-13 | b6 | | Zagevood Arsenal, DU 
had a reputation cf a "mad scientist". Also tnüat|bo | ]háG bragz;ed about 


having intércourse with an allesed prosti tute. "n a date [b6 [took source 
to his home and offerred to take care of ter financa ig 7 Lf spe would take 
care of his sexual needs; source declined. The J CIF Coordinator was br iefed. 
The 1CiF Ccordinator is making a local dnouiry in advance of requesting a 
Limited investirtation. ^ ' . MEMO ae T vL 


i 

i 

1 

] 

| 

| 

| 

| 

| ratens Analysis Ac tivity, EP ed 3 
| cn his TLY voucher when he did not 
t 

| 

i 

i 

i 

! 

i 

| 

1 

! 


* 
vas briefed, follow up.action, is yer = ve Geterpined, "o 
Z) Jndsr the 221, "Security violations or hazards“ {paragraph 9, 

s T 

Li M 


ix Y tc Annex to CP-001-7. 4-109), the following information was 


(aj Source. IC-3-O0C reported a VONFIDUNTIAL decument had been. 1 
secured over a-three day wee'vend. P TOIP Ocordinater vas briefed 
follow up action is pendinz. (AMNSAA Security Officer evay TLY until 


Y 


(o) Source 1C. -$-080 : serorted a security container aad besn left.open =- 


caring ċuty hours in ahb unattenċced office at the US Army I fateriel Systems. 


Aualysis Activity. The ICIP Ceorcinator was briefed, fo ilo ow un action is: 


| Systems Analysis activity left her 
iner open. for periods of five to tan ri 


"T 


s from her office. .The iCiFP Coordinator va 


) Source {0-2-0680 ruo E AMD A. secre aiy in ae US. army 
1 - 


perforking chores 
, follow up action 


(d), Source iC-5-070 rarorted attending a scientific conference at 

the US Army Materiel Systems A alysis Activity which bac been anounced 

as classified. Access to the conference had not been properly. controlled; 

however, the porticn of the conference attended by source uas believed to` 

| have been-unclassified. The ICIP Coordinator was briefed, follow up: 
action is pending. ! uM 


(e)' Source IC-B-080 reported the Ground Warfare Division of the US . — ^ 7. 
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ICiF WARTLRLY PROGRESS REPORT WUMBER 2 l i^ 
| Period: 1 October 1975 to 31 December 1975 - 


LHateriel Systems Analysis Activity had moved to.aifferent office space. 

Prior to the move no technical survey was conducted to determine if there = 
were electronic surveillance devices in the new office space. The ICIP ^ o7 
Coordinator was briefed, follow up action is pending. 


(f) Source TC-E-010 reported information relative to an adverse " 
i tian situation in the Fio-Medical Laboratory of Edgewood Arsenal. The, . | 
uation vas alleced to have been created by [A-level officials unjustly ZEE 
ins[ b6  Jteke the blame publicly fcr DA-Cirected research in di 
lueinogenic drugs, ond that LA was in Pact offering[ b6 č ] asa ` MES 
erificial lamb". This information was irrediately passed to the icip ick 
Cooródinator and the Corz.ancer of 5ó6gewooG Arsenal. The commender raised 
several guestiors ccncerning the personalities involved and the cause of 
adverse morale situaticn. These Questions were i da at the next meeting 
Vita this source end iun answers were provi ded to the com-ancer. The x os 
corrender asked that ICZI ntinue to monitor thc ien. dana d m Que 
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aS unclas sified. ut provided the information: "» 
quest, but did not have the information to satisfy — 
ia] investigation failed to confirm the existence 
in the recuest. The ICIP Cocrdinator was Ee 
further requests from tùis company until all 
rpleted. | 
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| ICIP QUARTERLY PROGRESS REPORT HULHDLER 
i Period: .1 Getober 1975 to 31 December " "S 
| 74 I E 
| 9, Á L Comments, Remarks and Recommendaticns: Both commanders and their 
i ICIP Cocrdinators continue to consider GOT STAN (U) a significant 
i adjunct to their security program. This Froject Liaison Officer continues 
to receive the complete cooperation of all ancuei atan, personnel of the 
supported activities. a 
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i Project Liaison CfZicer =i 
~ — "E 


B Me Wave Wa te 
we ne ne ie ne eg demnm em md meme 


hi EG " i 

s “ARDED UNCLASSIFIED = 
DN 5 19 

| t p. S; NSC FEID 

| "663 009 5209 

| ae 


age 2343 of 3957, ^ _ ANN 


L9 ie o Page 2344 of 3957 


| THIS MUST REMAIN TOP DOCUMENT 


| DOSSIER NO. zron dp WA —— 


Vol 7 of 7 Vols 


As of 18 Sep 85 all material included 


(Date) | | 


i ; in this file conforms with DA policies currently 


in effect. ` i 


Signature Date Signed 


Printed Name 


Criteria C UNE P yh eTa 


| , Reviewer Date Hagn /3 


THIS MUST REMAIN TOP DOCUMENT 


YA (HQ) Form 2216 Replaces MIIA Fm 315, 1 Jun 75, which may be 
(1 Sep 78) used until supplies are exhausted. 


Pagézz344 of 3957—— cene 


Page 2345 of 3957 


Ai: 


"d 
———-— ——— 
. " LJ 


CONTROL NUMBER 


ON SEP | H AC ON SHEET 
BY|CDF'USAINSCOM FOUPO REC SUSPENSE . 
A IH JSARA 11-803 DoD 8200: lo B ce1ligence Program (ICIP) DATE 


Operation 7 March 1979 


ACTION REQUIRED 


To obtain ACSI approval for termination of ICIP. 


MEMORANDUM FOR RECORD. (Describe briefly the requirement, background and action taken or recommended. Must be sufficiently detailed to identify 
the action without recourse to other sources. } 


C9 BACKGROUND:  INSCOM-SOD on 9 Feb 79, requested authority to terminate ICIP - 
ENÍIL MONKEY (U) located at the Defense Language Institute (DLI), Presidio of 
vnd CA. The ICIP is an OACSI, DA program. : 


AY DISCUSSION: 


a. The ICIP is a special operational security service employing :imely, effective 
and coordinated use of overt and covert CI sources and techniques to detect elements 
or factors which are detrimental to security. The primary factor which distinguishes 
the ICIP operation from CI support normally provided to an installation or unit by MI 
groups is the use of confidential sources as covert assets in the conduct of the 
operation, 


b. Command security threats covered by the ICIP include acts of espionage, 
sabotage, subversion, and the activities of hostile foreign intelligence directed 
against Che supported command. 

c. INSCOM-SOD's status report, lst Quarter, FY 79, for ICIP Operation LENTIL 
MONKEY (U) reveals that the operation utilized 16 confidential sources, produced two 
Summaries of Information, one Source Lead Development Report, 35 Contact Reports and 
40 Agent Reports. Further, a total of 1148 manhours were expended on the operation 
(TAB B). 


d. INSCOM-SOD has suggested that a different type program would be better suited 
to provide the required security assistance for the DLI, i.e., a Dedicated Operations 
Security Support Program (DOSSP), which does not use confidential sources and which 
can be readily implemented by the 902d MI Group with existing personnel assets. A 
DOSSP is described at TAB C. The DOSSP for DLI would be tailored to satisfy local 
security requirements unique to DLI. CLASSIFIED BY: — :.t, oe uu 
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DAMI-CIC : 
SUBJECT; Report of Internal Counterintelligence Program (ICIP) Operation 


Operation {U} 


e. The general concept and recommendation to replace LENTIL MONKEY (U) with a 
DOSSP have been discussed and concurred in by Cdr, SOD, INSCOM, the Commandant and 
Security Officer at DLI, and 902d MI Group. 


f. Basis for termination of subject ICIP and replacement by DOSSP is that 
information obtained from LENTIL MONKEY (U) is general in nature and can be obtained 
through normal security assistance to installationg MigGeMes0?*s~euscausinyest i- 
gate wand xeparming-aunhoritind.msieedmwpeetent trm eiie Cradle icLpdteem of 


pues sed those working the i eh copcern 
cqui 


| g. By lst Ind (TAB A) authority granted INSCOM-SOD for termination of LENTIL 
MONKEY (U). 


3. (U) RECOMMENDATION: That Ist Ind (TAB A) be approved and signed. 
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G3 LENTIL MONKEY: (QSR, lst QTR FY 79) 


a. Location: Defense Language Institute (DLI), Presidio of Monterey, 
CA. 


b. Confidential Source Utilization: Sixteen 


c. Information Obtained or Reported on Non-affiliated Civilians: 
None 


d. Useful Information Obtained: 


(1) An instructor of the German Language Department (GLD) who visited 
East Berlin while on a trip to Europe, failed to comply with DLI reguia- 
tions directing prior reporting of such visits. Two other GLD instructors 
may have also visited East Germany during the quarter without reporting 
the event. 


(2) Instructors of the Polish Language Department encouraged students 
to attend a dance sponsored by a Polish ethnic organization in Oakland, 
CA in January 1979. 1t was stipulated, however, that the students must 
attend the dance in uniform. 


(3) According to a report from another government investigative 
agency, a recently hired Russian Language Department (RLD) instructor 
had previously been of interest to a Yugoslavian intelligence agent work- 
ing out of the Yugosiavian Consulate in San Francisco while the instructor 
was attending DLI as part of an exchange program in the late 1960's, 


(4) Several instructors in the Chinese Mandarin Language Department 
(CMLD) are opposing the new Interagency Course Curriculum. Instructors 
have been reported to be inflating exam grades in order to present a false 
impression of student abilities. The students lack of ianguage capability 
will be manifested once they reach field assignments and thus discredit 
the new course, 


e. Operational Status: 


(1) Sixteen confidential sources were active during the quarter. 
Four sources were terminated and one new source recruited. Ten conven- 
tional sources also provided information during the quarter. 


(2) During the reporting period, information obtained from all 
Sources, including that acquired from overt liaison activities, resulted 
in production of two Summaries of Information, 35 Contact Reports, 65 
oral reports to the DLI Commandant and/or designated representatives, one 
Source Lead Development Report, and 40 Agent Reports. A total of 1148 
manhours were expended on the ICIP during the ist quarter. 
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63) On 18 December 1978, the required quarterly briefing was presented 
to COL Thomas G, Foster Ill, Commandant, DLI. COL John Gargus (USAF), 
DLI Deputy Commandant, LTC Richard P. Kelly, DLI Executive Officer, LTC 
Waldo R. Webb, DLI Security Officer, and MAJ Michael A. Parkes, Commander, 
Fort Ord Field Office, 902d MI Group, also attended the briefing. 


(4) As a result of the quarterly briefing and based on information 
reported during the quarter, the DLI Commandant directed the Security 
Officer to prepare a letter to be sent through channels to the GUD in- 
structor who visited East Berlin (para d(1)) requesting an explanation 
for his failure to comply with DLI policy. Additionally, the Security 
Officer will intensify efforts to develop policy concerning appropriate 
instructor-student relationships/behavior. The Commandant also directed 
the DLI Information Officer to publish a notice emphasizing restrictions 
on militarv personnel participating in political and certain other events 
while in uniform, and the Security Officer will insure DII unit commanders 
emphasize military regulations governing participation in such tunctions 
to their units. 
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DAMI-CIC 
ia ort of Internal Couisterintelligence -ro;:.5 (ICIP) 
C poration 7 March 1979 ' 
Jo obtain ..C31 approval for termination of icIP. | 
1. BACKGROUND: INSCOM-SO> on 9 Feb 79, requested authority to terminate “CIP - 


L L MONKEY (U) located at the “cfensc Language Institute (DLI), Presidio of 
uk CA. The ICIP is an OACSI, D^. program. i 


DISCUSSION: 


a. The ICIP ís a special operational security service employing timely, effective 
and coordinated use of overt and covert CI sources and techniques to detect elements 
or factors wiich are detrimental to sccurity. The primary factor which distinguishes 

the ICIP operation from CI si ort normally provided to an installation or unit uy MI 
groups is the use of confidential sources as covert assets in the conduct of the 


| 2 


operation. 


b. Command security t'reats covered by the ICIP include acts of espionage, 
sulota:c, subversion, and the activities of hostile foreign intelligence directed 


against om-éecaewtetis: the supported command. 


c. INSCOM-SOD's status report, lst Quarter, FY 79, for ICIP Operation LENTIL 
MONKEY (U) reveals that the operation utilized 12 confidential sources, produced two 
Summaries of Information, one Source Lead Development Report, 35 Contact Reports and 
40 Agent Reports. Further, 4 total of 1148 manhours were expended on the operation 


(TAB B). 


d.. INSCOM-SOD has suggested that a different type program would be better suited 
to provide the required security assistance for the DLI, i.e., a Dedicated Operations 
Security Support Program (^C025:?, which does not use confidential sources and which 


can be readily implemented by the 902d MI Group with existing personnel assets. A 


DOSSP is described at TAB C. The DOSSP for DLI would be tailored to satisfy local 
1 : uM a Tr MUER, 
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DAMI- IC ; 
SUBJECT: Report of Internal Counterintelligence Program (7!CI^? Operation 
Operation (U) 


€. The general concept and recommendation to replace LENTIL MONKEY (U) with a 
DOSSP have been discussed and concurred in by Cdr, SOD, INSCOM, the Commandant 2: 
Security Officer at DLI and 902d MI Group. 


f. Basis for termination of subject ICIP and replacement by DOSS? is that 
information obtained from LENTIL MONKEY (U) is general in nature and can be obtained ` 
through normal security assistance to installation; INSCOM-SOD's current investi- 
gative and reporting authority and most important the lack of a clear definition of 
physical surveillance which has caused those working the operation much concern 
(TAB D). 


£. By lst Ind (TAB A) authority granted INSCOM-SOD for termination of LENTIL 
MONKEY (U). 


3. (U) RECOMMENDATION: That ist Ind (TAB A) be approved and signed. 
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D^AMI-CIC (9 Feb 79) Ist Ind 

SUBJECT: Report of Internal Counterintelligence Program (ICIP) 
Operation (U) 

HQDA, ACSI, Washington, DC 20310 


TO: Commander, US Army Intelligence and Security Command, 
ATTN: lASO-SA, Fort George G. Meade, MD 20755 


Authority to terminate ICIP, LENTIL MONKEY (U) is granted. 


wd all incl 
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DEPARTMENT OF THE ARMY 
US ARMY INTELLIGENCE AND SECURITY COMMAND 
FORT GEORGE G. MEADE, MARYLAND 20755 


FEB 9 1973 
IASO-SA 


SUBJECT; Report of Internal Counterintelligence Program (ICIP) 
Operation  (U) i 


HQDA (DAMI-CIC/Ms Brannan) 
WASH DC 20310 


^) 


l. Submitted herewith is the status report, Ist Quarter, FY 79, for 
ICIP Operation LENTIL MONKEY (U). During the reporting period the opera- 
tion produced two Summaries of Information, one Source Lead Development 
Report, 35 Contact Reports and 40 Agent Reports. 


2. LENTIL MONKEY (U), supporting the Defense Language Institute, 
Foreign Language Center (DLIFLC), Presidio of Monterey, CA, is the only 
CONUS ICIP being conducted, However, the type information generally 
developed from the project, and this Command's current investigative and 
reporting authority, suggest that a different type program would be better 
suited to provide the required security assistance for DLIFLC. A Dedicated 
Operations Security Support Program (DOSSP) could effectively replace the 
ICIP without employing confidential sources and be readily implemented by 
the 902d Military Intelligence Group with existing personnel assets, At 
inclosure two is an extract from the USAINSCOM OPSEC Support Procedures 
Manuai which describes the DOSSP. 


NUM The general concept and recommendations to replace ICI? LENTIL 

i MONKEY (U) with a DOSSP have been discussed and concurred in by the , 

^ Commandant and Security Officer at DLIFLC. The operational concept would 
be tailored to satisfy local security requirements unique to DLIFLC. 


4, In view of the above, request authority to terminate ICIP LENTIL 
MONKEY (U). Concurrent with termination of the ICIP, a DOSSP for DLIFLC will’ 
be implemented. 
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III. TYPES OF SUPPORT 


1. GENERAL: This section discusses the various types of OPSEC support 
that are available within USAINSCOM. It should be noted that operations 
security is a command responsibility. Therefore, any improvements in 

the supported commands' OPSEC posture must be accomplished by the supported 
commander. USAINSCOM is unique in that the present organization integrates 
many of the counterintelligence/security skills that formerly were 

assigned to separate Army commands. As such, the Commander, USAINSCOM, 

has the capability to conduct a multidisciplined security evaluation of 

a project, activity or facility. With the divergence of skills integral 

to the USAINSCOM organization, the majority of problem areas that have 

been historically associated with OPSEC can be addressed, and with the 
multidisciplined approach, USAINSCOM units are able to assist supported 
commanders by evaluating their OPSEC posture and recommending means of 
improvement. This should enable the achievement of a much better security 
posture. The following paragraphs describe the types of support which 
USAINSCOM units provide. 


2. SNC OPERAT 1045: se PROGRAM (DOSSP)! 


2-1. The DOSSP Concept: The DOSSP is a systematic, ongoing, dynamic 
approach to providing the local commander, operations security officials, 
project managers and security managers of US Army installations/units/ 
activities/projects with meaningful operations security support in the 
form of timely, accurate, all source intelligence information pertaining 
to the real-time, multidisciplined threat posed by hostile intelligence; 
observed vulnerabilities of the supported element to that threat; 

and recommendations for appropriate corrective action to enhance operations 
security. This program is based on a Covering Agent (CA) in an overt 
continuous role of acquiring information about the supported activity 
and the threat thereto and providing it to the supported activity in a 
timely manner, while concurrently recommending practical "fixes" to 
reduce observed vulnerabilities. 


MAIN 


2-2. Responsibilities: Implementation of the Dedicated Operations 

Security Support Program is the responsibility of each individual field 
element (RO/FO/Detachment) within the policies provided by the HQ, 
USAINSCOM. Responsibility for supervision, guidance, and comprehensiveness, 
rests with the Field Offices, Detachments, and Battalions within their 
respective areas of responsibility. Group Headquarters will provide 
guidance, as appropriate, monitor the overall program, acquire and 
disseminate threat data, and, in the case of certain key projects/activities 
which stretch beyond Joca] boundaries, will provide centralized management ` 
of the overall DOSSP effort. 


2-3. Target/Project Selection: Determination of who should be a recipient 
of DOSSP support is a continuous process of initiative, investigation, 
and evaluation. Such documents as the ACSI Sensitive Installation and 


2 45 
A 


: E d 
| e a aaa a T AR emm OP E vec te HUP ge E RR = UO APR BT 6.0 ee ees oo y ttd oc oy TAMEO ee CIS D 
2 oe EUER . exe CF parea Row WC B mu uS E EM d ` * e e. = NEL 


a oo redeerdieseccuiaee 


Page 2354 of 3957 


fe 


Unit List and other sensitive activities listings are helpful, but not 
comprehensive. Each field element must do all within its capabilities 
to insure they are aware of all significant Army activities in their 
AOR. Once this grasp of the local environment is obtained, prioritization 
based on available manpower, desires of supported activities, information 
from intelligence channels, and perceived security sensitivity of the 
supported activity is made to determine if DOSSP support is appropriate. 
Security sensitivity is the most important aspect in determining if an 
activity requires support. Determination of security sensitivity must 
be based on the importance of the activity to US national security as 
weli as the potential benefit to be derived by a hostile elemert if they 
were to obtain details about the activity. 


2-4. Covering Agent Functions: 


a. Threat: The Covering Agent must be an expert in the threat to 
‘the activity he has been detailed to support. This can be accomplished 
only by thorough study of national threat data, review of periodic 
intelligence updates, and liaison with local, state, and federal agencies, 
as well as their foreign equivalents, where appropriate, in order to 
develop local threat. Refinement of this threat to manageable size is 
based on a thorough knowledge of the supported command. 


b. Knowledge: OPSEC support to an activity is predicated upon a 
thorough knowledge of that activity. There is no easy way to obtain 
this knowledge other than extensive research into the organization's 
mission, functions, and organization. An initial step in this direction 
is the reading of Army Regulations and Field Manuals pertainirg to the 
activity. Briefings from activity personnel, study of organization and 
functions manuals, test plans, contingency and operations plans, and 
related documents are the means for building a comprehensive data base. 

"Even after building this initial base, a systematic plan for obtaining 
data on an on going basis should be instituted, i.e., daily bulletins, 
test schedules, briefings, and test plan changes. While expertise in 
'SIGSEC and IMAGERY Security by CI Agents is not required, familiarity 
with basic concepts is. A primary goal of the USAINSCOM OPSEC Support 
Program is to provide Army elements a single point of contact for ob- 
taining MI support, be it SIGSEC, IMAGERY Security, or Counterintelligence. 


c. Execution: Success in the OPSEC support area is based on the 
willingness of the covering agent to cast himself in the role of an al} 
source agent and his innovative application of investigative skills in 
developing threat and vulnerability data, use of deductive reasoning, 
‘common sense, and gaining the confidence and respect of the personnel of 
the supported command. If the confidence of workers at all echelons of 
the supported command can be gained, their willingness to provide candid 
assessments of vulnerabilities within the activity wil} become the 
Covering Agent's best asset. The CA may know a lot about an activity, 
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but the actual workers know a great deal more. Their experience makes 
them much more able to relate security weaknesses if they appreciate the 


threat. 


d. Recording: Methodical recording of threat, vulnerabilities, 
unusual incidents, ideas, and recommendations is essential in building a 
successful DOSSP. This allows the CA to evaluate comprehensiveness of 


e. Reporting: Other than the maintenance of workbooks, no formal 

. reporting requirements are imposed on covering agents except in extenuating 
circumstance of intense, critical stages of support. CA’s will keep the 
chain of command informed of significant activities. 


e 
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SUBJECT: Report of Internal Counteríntelligance Program (ICIP) 
Operation  (U) 


BQDA (DAMI-CIC/Ms Brannan) 
WASH DC 20310 


i GA Submitted herewith is the status report, lst Quarter, FY 79, for 
ICIP ‘Operation LENTIL MONKEY (U), During the reporting period the opera- 
i tion produced two Summaries of Information, one Source Lead Development 
Report, 35 Contact Reports and 40 Agent Reports. 


2. LENTIL MONKEY (U), supporting the Defense Language Institute, 
Foreign Language Center (DLIFLC), Presidio of Monterey, CA, is the only 
CONUS ICIP being conducted. However, the type information generally 
developed from the project, and this Command's current investigative and 
reporting authority, suggest that a different type program would be better 
suited to provide the required security assistance for DLIFLC. A Dedicated 
Operations Security Support Program (DOSSP) would effectively replace the 
ICIP without employing confidential sources and be readily implemented by 
the 902d Military Intelligence Group with existing personnel assets. At 
inclosure two is an extract from the USAINSCOM OPSEC Support Procedures 
Manual which describes the DOSSP. 


3. The general concept and recommendations to replace ICIP LENTIL 
MO {U) with a DOSSP have been discussed and concurred in by the 
Commandant and Security Officer at DLIFLC. The operational concept would 
be tailored to satiafy local security requirements unique to DLIFLC, 


4 In view of the above, request authority to terminate ICIP LENTIL 
(U). Concurrent with termination of the ICIP, a DOSSP for DLIFLC will 
i be implemented. 


: 2 Incl WILLIAM I. JENNINGS 
a6 Special AsSistant (OPS) 


CLASSIFIED BY CDR INSCOM 


REVIEW 8 FEB 99 " 
EXTENDED BY CDR INSCOM $63. ON Ep UNCLASSIFIED 


REASON Para 2-301.3.c. E 
| BY CDR USAINSCOM FOl/PO 


——MÀ—7 AUTH PARA 1-603 DoD §200.1-R 


vum —— Page 2354 or 3957 


9024 MI Group Pamphlet 381-3 


DEPARTMENT OF THE ARMY 
Headquarters, 902d Military Intelligence Group 
Fort George G. Meade, Maryland 20755 


902d MI Group Pamphlet 


No. 381-3 
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Military Intelligence 


DIRECT SUPPORT COMPREHENSIVE COUNTERINTELLIGENCE PROGRAM (DSCCP) (U) 


'1. (U) REFERENCES: See APPENDIX A. 


when: 


(1) 


(2) 


.() 


2. (U) PURPOSE: This pamphlet establishes policy, guidance, and standard- 
xz ized procedures for the conduct of all-source, multi-discipline ccunterintel- 
S ligence support within the 902d MI Group's area of operation. 


3. (U) GENERAL: 


Any situation or condition exists that poses a threat to the 
internal security of that Army element. 


Any situation exists that might adversely affect the cormander's 
capability to perform his mission. dd 


a. The Commander, 902d MI Group, has the responsibility to notify 
commanders of Army installations and units in the group's area of operation 


E 


Information indicates a probable employement of military resources 


to counter a threat to the installation. 


In order to acquire information of situations or conditions that may pose a 


threat to the supported commander, field elements must aggressively seek it 

and not wait for it to be reported through normal sequence of events. This 

is particularly essential for those units/installations- declared to be crit- at 
ical sensitive. 


b. The DSCCP is one of a series of graduated intensity counterintelli- 
gence programs designed to provide the proper coverage based on the security 
vulnerability of a particular installation. In xelationship to other gradu- 
ated counterintelligence programs listed in USAINTA Regulation 381-100, the 
DSCCP would, in certain instances, serve as a means of identifying the need 
for programs of greater intensity such as SVAs, or SAVES, or, in other in- 
Stances, may serve as follow-up support subsequent to such intensified 


5ervices. 


It provides the broad spectrum of coverage to include a multi- 


discipline approach with provisions that the information gathered be report- 
ed expeditiously to the responsible commander. The program systematically 
focuses on providing threat information on the most critical area within 
the target installation in order to provide the required information to the 
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c. This program is not synonymous with, nor is it identifiable 
with, the Ipternal Counterintelligence Program, Special Operations as 
defined in FM 30-17A, or the Special Covert Operational Personnel Insertion 
bep ss as defined in aren Reguiation 381-100. 


4. 2 "mcr: * Pest 


a. She Direct en AB E A E Counterintelligence Program 


l , AD6CCP) ,an overt, dadicated countegintelligence Secnrity Support 


_ program “with the objective of detectimg or anticipating situations and 
fütors Brom any source UBUMINT/EIGDNT/PHOTINT) hich are or may become 
detrimental to the security posture. pF the supported installation. It 


of aócqoiring "information amd providing it to the commander in a 
(ly manner, while concurrently providing sound recommendations for 


E reduction and/or elimination of security hazards, vulnerabilities on zo 


threats posed by hostile factors. p 


. b. ZXhe DSSA obtains the required information from overt investi- 
gative activities and from a number and variety of sources and contacts 
within and in the vicinity of the supported installation. Confidential 
sources are not utilized. He is fully supported in this task by the Se 
intervening echelons at Field Offices, Group, and USAINTA. A E 


c. The DSCCP is a complementary service provided to the supported 
commander to assist him in improving the security posture of his instal- 
lation. It is not intended.to duplicate nor to usurp the functions and 
responsibilities of the G-2 or of the Security Manager. 


5. (U) RESPONSIBILITIES: 


a. The Commander, 902d MI Group, is the approving authority for all 
DSCCP operations conducted within the group's area of operation. 


b. The S3, 902d MI Group is responsible for the following: 


{1) Coordinating the selection of units/installations as candi- 
dates for DSCCP with the appropriate USAINTA staff elements. 


(2) Monitoring DSCCP operations on a continuing basis and periodic- : 
ally informing See "USAINTA staff atotonts of their progress. ie 


m. EST E M 


.Í3) -Conducting an annual review of each DSCCP operation to deter- 
mine if it is still Racóssacy and if so, to asure that it remains viable. 


E! Pield Office Commanders are xusponsibie for the following: 


(1) Initiating — P DSCCP operations for installations located 
within their areas of operation. . 
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(2) Conducting DSCCP operations within their area after approval by 
the Group Commander and coordination with the supported commanders. 


i (3) Designating the DSSA for each DSCCP operation, providing follow- 
+ up support, and arranging for DSSA clearance and access to compartmented 
, information as gue 


x. 


(4) EH of the supported commanders on the results of DSCCP | 
` operation at regular intervals per mutual agreements. 


diss, (5) Establish procedures to maintain oontinuity of the program | 
* ies “auring absences of the DSSA. When possible, an alternate DSSA will be | 


qu i i. p s , ay 
p] 
~l PROCEDURES AND SCOPE: €: 


E 
ix. ‘=. o a. (U) The designation of installations or Army elements as can- 
X didates for the DSCCP will be a coordinated action between the rield 
Office Commander and the supported commander. In some cases,.the action 
may be directed by the Group Commander or USAINTA following a request for 


special counterintelligence support from a major commander. Regardless E 
of the origin of the request, DSCCP operations will always be conducted B 


with the full consent and knowledge of the supported commander. 


b. The selection of installations to be considered for the 
= DSCCP must be discriminatory and based on a genuine need for this man- 
power intensive service in order to avoid over-commitment of assets. E: 
The target installation must be one that is on the ACSI Sensitive xS 
Installation and Unit List (SIUL) and one that is a potential or actual AA 
target of hostile intelligence services. It is recognized that some f 
fieid offices and resident offices have numerous sensitive installa- 
tions in their area, many of which may be categorized as critical. 
Therefore, it is essential that each FO/RO maintain a listing of these 


installations in order of priority. In determining the order of prior- . CER 
ity, factors such as mission sensitivity, and impact of compromise on EC 
MET 


the security of the United States, etc., will all have to be analyzed 

and a value judgement must be made based upon actual knowledge of the 
local conditions, as to which installation has a greater need for special 

| support. The installations heading the list will get first consideration. 


F .Q Proposed concept will be submitted to the Group Commander E 
! by letter for approval. The letter will indicate the installation com- LA 
mander's concurrence in the program. The concept will contain a listing E. 
vs of missions, sensitivities, and those internal and external factors which ux 
May pose a threat to the installation. Vulnerabilities to human sources, 
| 
i 
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Communications intercept, overhead and ground photography, and other appro- 
priate technical/scientific factors will be included if known. This infor- 
mation will be extracted from the target analysis (Para 7a) or from the 
SVA if one has been completed. The concept must address actions to be 
taken to detect and counter these threats. 
k d. “() occasional —— —— of ICF in support of this program is 
: : authorized and will be processed in compliance with the provisions of AR 
: f 381-141 and GSAINTA Regulation 381-1. Recurring expenditures will be sup- 
: E sported by a formal request for authority if such expenditures are antici- 
bc : pated. 


1 E 


b $19) “dhe conduct of investigations of and storage of information 
concerning persons and organizations not affilidted with the Department E 
"of Defense are MEGA EMO unless authorized under the provisiors of AR 
380-13. 


: YL, GUIDELINES- a 


The actions listed below are considered to be minimum essential for the 
implementation of this program and are not to be considered as all-encom- 

passing. They should be modified as appropriate to meet situations and 

needs peculiar to the supported installation. Common sense and experience pE 
will likely dictate additional or supplementary means to be employed in 


order to successfully attain the objective. $8 

a.  (U) Conduct a target analysis of the unit/installation to iden- E 
tify, in order of priority, the most critical and vulnerable areas and the cE 
multi-discipline threats to which they are exposed. Reference will be E 


made to the following: USAINTA Security Support Bulletins, "THREAT" Man- 
uals, completed SVA/SAVE Reports, CI Survey and Inspection Reports, PM/MP 
Crime Statistics and Incident Reports, and Communications Security Reports, M 
when available and applicable. The original copy of the analysis will be : 
maintained at the FO/RO level. Appropriate data will be extracted and 

included in the initial Quarterly Progress Report. The analysis should . m 
be reviewed and updated periodically in subsequent Quarterly Progress d 
Reports. PE 


b. (U) Assign a mature, experienced MI Special Agent as a Direct 
Support Special Agent (DSSA) to provide all-source direct support to the 
| supported commander or his designated representative. The DSSA must be- 
| come intimately knowledgeable of the supported command's mission, func- 
tions, security status and vulnerabilities. As the program will be 
overt in nature, tbe DSSA will be known as the primary USAINTA point of r 
contact to all within the supported units/installations, The DSSA will 
require a TOP SECRET clearance and an SI/SAO special access. 
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c? The task of the DSSA is to develop a sufficient number 
of source$ of information to provide the best possible coverage to the 
unit/installation and personnel of the element to detect security vul- 
nerabilities, and make sound recommendations for their reduction and/or 
elimination. The DSSA should work closely with the security manager to 
coordinate appropriate matters and to avoid duplication of effort.  How- 
ever, care should be taken not to duplicate or usurp functions and re- 
sponsibilities rightfully assigned to the security manager. ` 


(1) Human sources of information will include Conventional Sources 
(incidental, Casual, and Official) and Liaison Contacts as described in 
Chapter 6, FM 30-17. Confidential Human Sources will not be utilized. 
Anonymity may be provided through the provisions of the Privacy Act of 
1974 when the source so requests. The association between the DSSA and mo 


. Conventional Sources or Liaison Contacts will not normally be Classified, ee 


(2) Maximum use will also be made of Documentary and Technical/ 
Materiel Sources to include, but not be limited to, SATRAN Messages, 
Department of the Army intelligence publications and/or bulletins; -— 


ports; Military Police Reports, and Serious Incident Reports. Special 

attention should be paid to message traffic concerning alerts, advisor- 

ies or warnings concerning events or situations affecting the supported 

command. ` i pe 


d. A contact card file will be maintained at the supporting 
office to'identify conventional sources and liaison contacts. This file a 
will be integrated into the existing contact card file already established 
for use in the routine mission of the FO/RO. It must be readily available 
for DSSA personnel at all times. Individual cards will be annotated Ue 
when the contact is in support of a specific DSCCP operation. LACs will 
be conducted on casual sources with the results reflected in the contact 
card file. 


) Consideration should be given to conducting a system- 
atic review of the dossiers of personnel occupying key and sensitive 
positions to insure that all such personnel have been properly cleared 
and to determine if unresolved security matters exist. This issue will 
be discussed with the supported commander if such a review is deemed 
necessary, the DSSA should recommend that the commander undertake the 
action. If the commander requests that the review be conducted by the 
DSSA, then the matter will be referred to group headquarters where re- 
solution will be made in conjunction with the appropriate USAINTA staff 
elements. The DSSA may assist the supported command in the review of 
dossiers but may not take any investigative action to resolve issues. 
He will advise the supported command to submit requests to USAINTA when- 
ever investigative action is indicated. 
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C2 Reporting of information: 
(1) (Uu) To the local commander: Information of counterintelligence 


interest affecting the security posture of the unit/installation will be 
reported to the supported commander or his designated representative in 
a timely and complete manner. The information may be reported orally, 
by Agent Report format, or by Summary of information (SOI) format, as 
appropriate. While most items of information will be passed on an 
oral basis only, there may be certain instances when the commander will 
desire written reports from the DSSA to be later attached as backup 
information to his Request for Investigation. In these instances, ARS 
containing the adverse allegation may be passed when the full consent of 
the sources of the information has been obtained. However, when a 
Source of information desires confidentiality, to protect the source, 

. the DSSA can then pass in the information only on an oral basis or by 

- SOI format. Regardless of the manner in which the information was 
passed to the supported command, a report of the information provided to 
the supported command will be summarized in the Quarterly Progress 
Report to this headquarters with an indication of the actions taken by 
the supported command (see Para 7h below). 


(2) (U) Otner: Information of counterintelligence interest to 
the intelligence community or other agencies will be reported in accor- 
dance with established procedures utilizing normal reporting vehicles 
such as oral reports, Agent Reports, Spot Reports or Summaries of 
Information a5 appropriate. Information reports will be classified "- 
according to their content. Such reports will indicate when and to whom * 
the information was passed and what action the command has taken or =i 
plans to take. Subject blocks, special warning notices and Privacy Act ` 
caveats, etc., will be those utilized in established investigative 
activity procedures. (AR 381-20 and USAINTA Reg 381-100). 


(3) (U) When fragmentary information of counterintelligence in- 
terest is initially surfaced, the DSSA will attempt to determine whether 
or not the information is credible prior to reporting it to the supported 
Commander. Preliminary checks may be made only to the extent authorized 
in para 3-6, USAINTA Reg 380-100. Should this prove to be insufficient 
to establish the credibility of the information, the DSSA will then 
refer the matter to group headquarters for coordination with USAINTA. 
Credible information concerning a member of the supported command should 
be used to support a formal Request for Investigation to USAINTA. 


(4) The supported commander or his designated representative 
will be.orally briefed on all items of threat information concerning his 
command, or be provided written reports as appropriate. Examples of the 
types of threat information include satellite overflights, Soviet bloc 
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country commercial overflights, communications intercept capabilities/ 
vulnerabilities from air, ground or water, personnel security vulner- 
abilities and others as listed below. Depending upon the source of the 
information and its previous distribution within the intelligence com- 
munity, the information may be passed laterally or to higher echelons in 
accordance with established reporting requirements. All information 
gleaned from the operation will be briefly summarized in the Quarterly 
Progress Report. 


g. (U) A list of EEI will be developed by the DSSA in order to 
focus specialized coverage on the specific requirements of the local 
situation and the supported commander. Examples of EEI are attached at 
a _APPENDIX B. It should be noted that the EEI contain items of specific 

interest to the supperted commander and other items that pertain to lead 
_ material for use by the US Army intelligence community. A copy of the 
developed FEI list will be attached to the initial Quarterly Progress 
- Report. 


h. (U) A Quarterly Status Report in the format contained at 
APPENDIX C will be submitted to Group Headquarters no later than 10 
working days following each calendar quarter. The first report will be 
due after the completion of the first full quarter of operation after : 
initiation. The report should reflect the developments and progress of : 
the operation, problems encountered, information obtained during the 
reporting period, future actions contemplated and lessons learned or = 
recommendations as appropriate. 


8. (U) Reducing Vulnerabilities: Once a security weakness or hazard 
has been identified, the DSSA then has the responsibility to make sound 
recommendations for corrective actions to be taken by the supported 
commander to reduce or eliminate them. In making these recommendations, 
the DSSA must use good judgement based upon his background and experi- 
ence, cost verses absolute security, knowledge of similar instances, 
common sense, and an intimate knowledge of those technical and/or 
specialized security services and/or investigations available to the ta. | 
supported commander from other USAINTA elements. Each corrective action 
must be viable, made on its own merit, be practical and be within the 
capability of the supported command.  USAINTA Security Support Bulletins 
contain excellent examples of "quick-fix" solutions. In those rare 
instances when corrective actions cannot be accomplished due to cost 
restrictions or limited resources available to the command, the comman- 
der must be made aware of, and accept the possible security risk(s) 
involved. 


9. It is visualized that situations, incidents or conditions may 
be uncovered which could have serious deleterious effect on the security 
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posture of the installation and could not be resolved through the tech- 
niques of the DSCCP, In these cases, the matter should be expeditiously 
referred to Group Headquarters where it will be brought to USAINTA's 
attention for resolution, considering ICIPs, SCOPIs, Special Operations, 
or other more sophisticated methods. 


iO. (U} The application of the DSCCP to a supported installation is a 
special effort and will probably require the services of the DSSA on a 
near full time basis with additional manhours of support furnished by FO 
and Group Headquarters. Consequently, FO Commanders and RO SAICs should 
proceed with caution in offering this service to commanders to prevent 
q over-extending their resources. Nevertheless, the DSSA approach of the 
© g DSCCP is sound and could well be applied to other installations in the 
l area of operations but to a much lesser degree than in the DSCCP. This 
. Bhould be done as a routine matter and no formal approval is required. 
TN Thus, one MI Special Agent could become the DSSA to several instella- 
e tions of lower priority. 


PIE SR 


‘| 11. (U) This pamphlet provides policy and guidance for 902d MJ Group 

l personnel in the conduct of all-source, multi-discipline counterintel- 
ligence support within the area of responsibility of the 902d MI Group. 
It complements existing US Army Regulations, USAINTA Regulations and 
USAINTA policy and guidance. Nothing in this pamphlet shall be con- 
strued to contravene or to be in conflict with existing US Army or 
USAINTA policy. In the event that possible conflicts may arise, the 
provisions of existing US Army and/or  USAINTA policy will apply. Any 
questions pertaining to possible conflict of the provisions of this 
pamphlet with existing policy will be addressed to this headquarters, 
ATTN:  MIIA-GPB-AC, for further staffing with appropriate USAINTA staff 
elements. Comments and recommendations are encouraged and should be 
submitted on DA Form 2028 (Recommended Changes to Publications) to this 
headquarters for consideration and staffing. 


A uL 
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APPENDIX A TO 902D MI GROUP PAMPHLET 381-3 


REFERENCES 


1 1. Army Regulations: 


z : a. AR 18-7, Army Information and Data Systems, Data Processing 
Installation Management, Procedures, and Standards. 


b. AR 190-13, the Army Physical Security Program " 

| 

i c. AR 340-21, Office Management, The Army Privacy Program. | 
| 

l 

| 


-A - AR 380-5, Security, Department of the Army Supplement to DOD a. 
5200. 1-R (DODISPR). 


VW 
e. (£g) AR 380-10, Department of the Army Policy for Disclosure of . 
Military Information to Foreign Governments (0. È Poe 


f. AR 360-13, Security, Acquisition and Storage of Information 
Concerning Non-Affiliated Persons and Organizations. 


g- AR 380-150, Access to and Dissemination of Restricted Data. 
h. y AR 381-3, Signals Intelligence (SIGINT) (U). Pel 


i. AR 381-11, Military Intelligence, Threat Analysis. GA 


j. AR 381-12, Subversion and Espionage Directed Against US Army 
and Deliberate Security Violations (Short Title: SAEDA). 


Ye 
k. AR 381-12-1, Processing of SAEDA Incidents (U). 


1. ) AR 381-14, Counterintelligence - Technical Surveillance ons 
Countermeasures (U). 


m. AR 381-15, Military Intelligence, Domestic Exploitation 
Program (U) 


n. AR 381-20, Military Intelligence, US Army Counterintelligence 
, (CI) Activities. 


o. AR 381-141, Military Intelligence, Provisions for Admin- 
istration/ Supervision, Control and use of Intelligence Contingency Funds ` 
(XcF)* (U) 


UC EH is e ann ae ee 
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p- ( AR 530-1, Operational Security (uj. 


gq- A AR 530-2, Communications Security (U) - 


x. “hug AR 530-3, Electronics Security (U). 


Rei AR 530-4, Control of Compromising Emanations (U). 


t. AR 604-5, Clearance of Personnel for Access to Classified Defense 


Information and Material. 


u. AR 604-10, Military Personnel Security Program. 


2. DOD Publications: 


DOD 5200.1-R, Information Security Program Regulation. 
p. (SI) DOD 5200.1F (M-2) Special Security Manual 


c. DOD 5200.28-M, ADP Security Manual 


d. DOD 5220-22-M, Industrial Security Manual for Safeguarding Classified 


Information. 


e. DIAM 50-3, Physical Security Standards for Sensitive Compartimented 


Information Facilities. 


3. Field Manuals: 
a. FM 19-30, Physical Security. 


b. FM 30-17, Counterintelligence Operations. 


4. ACSI, DA Publications. 


a. OACSI Sensitive Installation and Unit List (SIUL). 


b. AARGRAMs (as applicable). 


5. USAINTA Publications. 


a. USAINTA Reg 10-2, Organization and Functions Manual. 


ci d USAINTA Reg 381-1, ICF (U) 


: c. USAINTA Reg 381-100, Counterintelligence Activities and Procedures. 


da. L4 USAINTA Security Support Bulletins (U). 
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dc. 


e. oh USAINTA Security Support Program Manual “THREAT” (U) 


H t. la USAINTA Security Support Program Manual "Ope.ations" (U) 
g. USAINTA Security Support Program Computer Security Marual. 


h. USAINTA Daily Operational Reports (as applicable). 


onum em 


i. USAINTA Supplement to AR 380-5. 


6. 902d MI Group Publications: 


ae a Ney 902d MI Group Pamphlet 380-2, Security, SATRAN 
Reports (U). 


b. 9028 MI Group Daily Operational Reports (as applicable). 


nmn 
RM (m^ 
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APPENDIX B TO 902D MI GROUP PAMPHLET 381-3 
ESSENTIAL ELEMENTS OF INFORMATION (EEI) 


1. GENERAL: In devising EEI applicable to the supported instal- 
latién, each one of the multi-discipline threats must be examined in 
conjunction with the mission and situation of the particular target. 
The actual or potential vulnerabilities thereby conceived become EEI 
affecting the supported installation. Since each installation has its 
own specific situation, it is imperative that the DSSA work very closely 
with a representative of the supported installation in order to arrive 
at an EEI listing tailored to the specific needs of the command. The 
references listed at APPENDIX A provide background information and 
us guidance in devising EEI. Many of the areas covered by these references, 
. which heretofore have been of little concern to the Special Agent, are -c 
now essential elements of knowledge to the DSSA if he is to successfully 
accomplish his mission under the DSCCP concept. This is particularly 
necessary in the areas of SIGINT, PHOTINT, OPSEC and Computer Security, 
Listed below are sample EEI for each category. These EEI are basic and 
are only a partial listing provided as an aid in developing a list 
peculiar to the supported command. Some of the items may not be germane 
to every DSSA but are included as nuclei for possible development of new 
or related ideas. The final EEI list prepared by the DSSA should include 
the source or sources tbat can provide the required information. 


t — ÀÓÀ — À MÀ > 
1 


2: HUMINT: The following elements are those normally attributed to 
collection or exploitation by human intelligence sources. The information 
will usually be obtained by various HUMINT sources, personal observation 
by the DSSA ang liaison contacts: 


a. HOIS subscriptions or regular acquisition of local and post 
: newspapers and periodicals. Sources: LNO contacts and USAINTA. 


b. Deliberate compromise of classified information or unauthor- 
ized release of military information to representatives of foreign 
governments (ARs 380-5, 380-10, 381-12 and 381-12-1) ` 


c. Public information releases and local newspaper articles 
revealing unclassified but useful (to HOIS) information regarding 
the command. 


d. Theft, suspected theft, or unauthorized reproduction of 
classified documents and or material. 


e. Reported or suspected blackmail or coercion of individuais 
employed within the supported command. 
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f. Actual or attempted physical breaches of restricted area 
perimeter security, external or internal. 


g. Barly detection of persons whose activities and/or character 
weaknesses may render them vulnerable to hostile intelligence exploit- 
` ation. Suitability factors may include: 


l ij Excessive indebtedness or recurring financial difficulties. 
see S zem 


NN  Unexplained affluence. 


A3 p—À — the individual vulnerable to pressure, such 
&s homosexual, criminal or immoral acts. 


" ed 


(4) Rxcessive use of alcoholic beverages or improper use of drugs 
or narcotics. 


(5) Mental or emotional instability or history thereof. 
(6) Those who attempt to commit suicide. 


(7) Drastic changes in behavior to indicate possible unexplained 
pressures being brought to bear. 


>. 
f h. Personnel who regularly and voluntarily work during nən-duty : 

* hours when unobserved access to classified data is possible. .cid 

i. Sudden unexplained or inadequately explained absences from ES 

work. fog 

H 

j. Membership in, or association with members of organizations M 

constituting a local threat against the US Army as defined in AR 380-13. Pc 


k. Unsolicited correspondence from individuals, organizations or 
addressees known to be a threat to the US Army. > 


l. Allegations or denunciations of espionage or sabotage on the 
part, of sensitive installation personnel. 


H 

i 3. PHOTINT: This pertains to intelligence obtained by means of 

t photography, mainly through HOIS satellites or HOIS commercial aircraft. 

i Also included must be threats posed by hand-held cameras operated from 
low-flying private aircraft and ground-level photography conducted from 

| areas outside the perimeter of the installation. Photography from sea- 

f borne platforms should be considered at installations located near 

i international waters. Sources of information for this type of data are 

t documentary sources such as SATRAN messages, schedules of tests, opera- 
tions and troop movements, as well as results of liaison contacts and 

} personal observations. ‘Some sample EEI are as follows: 
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a. Following activities during periods of scheduled overflights by 
HOIS satellites and commercia] aircraft; 


(1) Large and significant training exercises. 


(2) Testing of equipment and/or techniques in the open. 


— D] ttp 


(3) Uncamouflaged new or sensitive equipment. 
(4) Other significant movements and activities. 


(5) Concentration of transportation equipment, i.e., transports, 
i ;, etc. 


b. Build up of major item stockpiles in the open. 


C. Gradual build up of facilities at a test site. 


d. Repeated violation of air restricted zones by commercial/private 
planes. 


e. Appearance of private aircraft during classified, or significent 
tests/demonstrations. 


f. Placing, operating or testing of new, significant or classified 
equipment in areas exposed to the public. : 


g. Sudden appearance of camera-carrying "tourists" in the vicinity, 
coinciding with the scheduling of new, unusual and/or classified activity. 


————M dae 


h. Unobstructed windows and apertuxes in areas where classified 
matters are handled, permitting observation and photography from uncontrolled 
areas. 


i. Foreign vessels, particulariy from East Bloc Countries, appear- 
ing, off-coast of installations near international waters. 


4. SIGINT: Signal intelligence is derived from the intercept and 
analysis of communications, COMINT, and from communications electromagnetic 
radiations, ELINT.  HOIS SIGINT collection against US facilities is 
accomplished from air-borne, sea-borne, and land-based platforms.  HOIS 
capabilities in this field are described in the USAINTA Threat Manual and 
additional information as to specific threat to the supported installation 
may be found in reports of SVAs and SAVEs and/or requested frcm USAINTA. 
The field of SIGINT is a very complex and specialized one.  Acequate 
protection of a command/installation from HOIS SIGINT collection requires. 
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the application of Signal Security (SIGSEC}) which includes Communications 
Security (COMSEC), and Electronic Security (ELSEC).  COMSEC measures are 
applied to telecommunications systems and has four components; crypto 
security, physical security, transmission security and emmission security. 
ELSEC pertains to protective measures applied to electromagnetic radiation 
of non-communications equipment and systems to prevent the interception, 
analysis or exploitation of those radiations by foreign intelligence. The 
DSSA must become sufficiently familiar with the above subjects in order to 
recognize vulnerabilities, and know when to recommend a request for technical 
assistance. References lh, 1, p, q, r, s, and 5d and e in APPENDIX A will 
provide additional information. Furthermore, the DSSA must work closely 
E with the staff element having responsiblity for SIGSEC of the supporte? 

1 installation. The EEI selected will be the type that can be ^ulfillec 

cR by human sources, preferably located in communication/electronics work 
areas. Some EEI copmon to SIGINT are located in para ic, Appendix to 

AR 530-1. Other sample EEI follow: 


a. Conducting tests on new or sensitive radars and other non- 
communication emmitters within range of land based, air-borne or sea-borne 
HOIS ELINT platforms. 


b. Installing and operating electrically operated, information- 
: processing equipment which handles classified information without the 
; ' application of compromising emanations control measures. 


C. Poor telephone security to include: 


(1) Discussion of classified matters over Autovon and commercial 
telephone systems. 


(2) Discussions of upcoming events which can provide tipoffs to 
classified activities. 


(3) Use of double talk in reference to classified messages. 
(4) Reading/quoting verbatim portions of classified matters. 


5. OTHER EEI: The foliowing items are of interest to the US Army 
intelligence community and will be forwarded to this headquarters by 
Agent Report format for appropriate action. A statement in Agents Notes 
will indicate if and how the information has been reported through other 
appropriate channels. As the information will be passed to USAINTA for 
possible exploitation bt the Special Operations Detachment or the Director 
of Operations as appropriate, the Agent Reports will be classified 
d CONFIDENTIAL-NO FOREIGN DISSEM. Normally this information is not passed 

i to the local commander other than to insure that other proper reporting 
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procedures are being followed by the command. 


a. Identification and extent of foreign contacts of military and 
| i DOD civilian personnel, with emphasis on Soviet bloc countries. 


b. Intended foreign travel of military or DOD civilian personnel 
to Soviet bloc countries or attendance at social or official functions 
at which Soviet bloc countries are present. 


PET aa” 


c. Foreign business or professional connections and the extent 
thereof of military and DOD civilian personnel and their families, with 
emphasis on Soviet bloc countries. 


d. Solicitation by foreign national or organizations of personal 
or official information through official or unofficial channels. 


e. Invitations by non-US Government organizations or individuals 
to members of the supported command to Participate in conferences or 
symposia or to submit papers for publications in professional journals 
on activities related to their government employment. 


i.m 
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APPENDIX C TO 902D MI GROUP PAMPHLET 381-3 ; 
DSCCP QUARTERLY PROGRESS REPORT 
: 1. (U) IDENTIFY: (Name of 902d MI Group Field Element providing support). 


l 2. (U) SUPPORTED COMMAND: (The activity(ies) receiving the support and the 
major command(s) involved.) 


- ; i 3. () TARGET ANALYSIS: [In the initial report sümmarize the results 
of target analyses conducted for all activities, installations, or 
separate elements designated and included in the program, by order of 
priority of support. Subordinate elements large enough to be designated 
sub-targets will be listed in subparagraphs. In subsequent reports, 
indicate only changes as they occur.) 


4. () QUARTERLY BRIEFING OF SUPPORTED COMMAND 


a. Circumstances: In brief narrative form, cite date(s), identities 
nd of all persons present, and subjects discussed and results of the briefing(s). 


b. Recapitulation of Operational Progress During the Period: In 


as many subparagraphs as may be required, cite significant developments 

as pertain to development of the program, improvements in tarcet coverage, 

and any operational readjustments made during the period. In citing 

Specific items of interest, identify each by making reference to the PN 
appropriate reports made during the reporting period which contained 5% 
details of the topic discussed with the commanders, if applicable. 


* 
R c. Significant Counterintelligence Information Developed: In as 


many subparagraphs as may be required, cite identities of personalities, 
incidents, or groups discussed with reference to the report p-eviously 
submitted. i 


E 5. () INFORMATION SUBMITTED: 


a. To the local commander and actions implemented or taken as a 


result 

Subject Type Information Developed Action Taken Date of Action 
b. To the intelligence community; 

Subject Type Information Developed To whom reported 


COMMENTS, REMARKS AND RECOMMENDATIONS: 


In this paragraph, indicate any general remarks or indications of special 
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interest shown by the supported command that are not covered in above 
paragraphs. These remarks should reflect the commander's assessment of 
the viability of the program, whether it is meeting the objectives and 
achievements as he sees them, and any problems and/or recommendations. 
Also indicated the extent with which the commander or his representative 
has cooperated with the PO/RO and/or this group and any pertinent remarks 
which could serve to improve the DSCCP support to the command. Where 
problem areas have been encountered, findings and recommended solutions 
will be provided. Lessons learned should be included to assist in the 
planning and implementation of other operations. A statement will be 
entered as to whether any information concerning non-affiliated DOD 
civilians or organizations was reported (AR 380-13). If affirmative, 

-Í ` reference &pecific report or attach copy. Utilize subparagraphs to 
explain or mmplify information or data reported. 


NOTE: Classify each paragraph according to its content. Because of the 
distribution of this report, care must be taken to insure that the 
contents of the report do not reveal SI/SAO access material. An example 
of this would be to include the Statement "three items of PHOTINT 
information, reference messages ' , and , were received 
i and passed to the supported command. Appropriate actions were taken", 
i without revealing the SI/SAO information contained within the reference 
messages. i 
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2 Jammary 1979 


MEPORANDUM FOR DIRECTOR, OOUNTERINTELLIGENCE 


SIEN “tent 11 Monkey (U) ICIP (v) 
s a; 
^x. Attached at 4s ere Plan for ICIP, Lentil Monkey (U), 
located at the Defense language Institute (DLI), "Presidio of Korterey, 


2. Attached at TAB B are the Quarterly Summaries on Lentil Monkey (U) 
for FY 78. 


3. Attached at Fr oe an FBI report on an individual who zm» in 
1977 be ing conside for employment at DLI. 


hl. In December 1978, discussion with SOD personnel concerning this 

ICIP revealed that subject ICIP would be terminated in early 1979, 

As you know, Bob Wright has an action before "higher authority" regard- - 
ing a change in the definition of surveillegeance,. My conoern has been sb 
; Whether or not ICIP violates the definition used in the E.0, The DOD A 
“IG appears to be satisfied that it does not. With the termination of s 
Lentil Monkey the question from my concern becomes academic, Accord- 

ing to SOD, Lentil Menkey (U) will be replaced with another plan that 

will be administered by the 9028 MIG end will eliminate the area of 
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i <. OPERATIOE PLAN LENTIL MONKEY (U) l 25 January 1978 

2 r i t i i i 

E : INTERNAL COUNTERINTELLISENCE PROGRAM (ICIP) ` te 
E. 1. qu M{seion, Background, Objectives, & Base oi Operations i 4 


t. Mission. To provide covcrterintelligence suppo-t, security support 
and cperations security support to the Defense Language Institute (DLI), 
loceted at the Presidio of Monterey, CA, Z 


Ii dcs b. Background. Ref b designated the Secretary of the A-my as 
Executive Agent for the Defense Language Program and :asked <te Department 


d? 


ye. €f the Army to control the program. Military Intelligence received the 
,  &bove stated mission. The Commandant, DLI requested by ref j, the, \ 
_ fmplesentation of an Aggressive Counterint:lligence Program. This program T 
. 18 now knows as az Internal Counterintelli,ence Program (ICI?). A target a 
walncrability analysis, conducted by the 115th M: Group in Merch 1968, a 
indicated the request was fully justified. Additicnally, inforaation 
:ontained in ref h continues to support Ithis detern^uation. eH 
€. Objectives, l i re 
| » T 
C) To attempt to icentify as early as ;ossibl: specific hostile 
N intelligence collection operations or threats to th DLI to allow neu- E 
tralization or exploitation of offensive counterintelligence operations Ark 
of such hosiile threats and/or ozerations. 
EE : | i X5 
—— (2) To identify those activitics, practices aud/or personnel within "i 
. DLI that pose potential or cxistent s?curity threats and to neutralize E 
i threats so idenvified. Specific target areas are ideatified by priority E 
: in annex B. 
T d. Base of DLI Operations. E 
f , (1) Project Case Officer (PCC): A day office ig located at the US i 
; X Navy Post Graduate fchool in proximity to, but, physicaliy separated from egy 
: the Presicio of Monterey. : 5 
s 
| (2) Project Liairon Officer (PLO): j Presidio of Monte-ey. xm 
bx ; Uko Personael: To 
| &. Froject Case Officer. : . 
bc ED NCLASSIFIED i 
| k b. Prhject Liaison Officer. REGRAD à pO E 
; : | | ON tep ASCON 000.1 "al 
i Clesatficd By CDR, USAINSCOM nnn | — BY CDR h 1-603 DoD i. 
: rene peaga HET o, eoe ON } TH PAR i ; 
: , URRCE DS PAI t. t5 oo o eee AU i ub 
: SUEDE cu d ur recs 62 = * 
"Yeux CS IE LOT E i a 
eect sry Ou 3l December 2008... í 
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2:7 OPERATION PLAN LENTIL MONKEY (U) | : 


€. Sources: To be recruited as availab:e from members of the 
student body, staff and faculty of DLI. ' 


d. Control Personnel: See Annex C, (Knowledgeability List). 


(e Cover and Documentation: 


m Í 
S E S 
(ie Execution: " | : 
1 


a. Concept of Operations: 


ae = ee 
orcas 
B * S2 * 

Y 


1 
L i ; 


(1) The ICIP operation will be implemented by the cpordinatrd 
utílization of overt liaison contacts, conventional sources and confi- 
dential sources. Priority of source recruitment vill be in accordance ; ` 
with the target priorities estab lished in Annex B and based on expressed 
or demonstrated needs of the DLI Commandant. The PLO wifi constantly 
Spot, assess and recruit potential Confidential Sources for utiligation 
in priority target areas. 


(2) Each individual end source involved in the conduct or coat:ol 
of this ICIP will be briefed on anc comply with current policies and 
` constraints pertaining to counterin:eliigence operations and other 
activi:ies as they cencern persons and orgarizations not affiliated 
with Department of Defense (references a, c, i). Upon recruituent (or 
earlier if deemed appropriate), each Confidential Source will be briefed 
on these conscraints arà will sign a certificate to this effec: A copy 
: . of the certífíca-e will be includee in the source data forward. d to 
i h’gher Headquarters. 


epea ey OD — Wwe ^ ar Anil 
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OPERATION PLAN LENTIL MONKEY (U) | 
pe | i . ciie 
"Mis (3) The scope of thie operation will not te expanded to cover off- b 
| LE post targets not affiliated with the Department of Defense without prior EM 
approval ín compliance with reference » E. 
| d i E 
a) tivities and duties of the PCO: and PLO ace contained in refer- Mr 
ce f. » PLO, in exceptional cases, [based on the ndture of rhe DLI, Tm 
= nnus d | wüy serve as a PCO for selected Confidential Sources. X: 
d , ` wos” i 
b. Essential Elements of Infcrmat (EEI): Annexy D. : 


. €. Target Area: Annex B. ` 


. Vergi ET "ES 
5 


fd oa DX 
e o 
Ei 22r. 


, Implementation by Phases: 


xus (1) Overt phase is on-going as appr ved and validated by DA ACSI 
“tether dated 14 July 1976, subject: Internal Counterintelligeace 

` Prop an (ICIP) (U). The overt phase is h primary respcnsibil’ty of 
the PLO. i 


| 


(2) The objectives of the overt phase are: 
(a) Spottirg and assessing potential Confidential Sources. 


(b) Establisumrent ard maintenance of a professional and cooperative 
relationshíp with the DLI Commandant andi his staff, with emphasis on the 
DLI Security Officer and other personnel! in key pos'tions involving 
priority targets. 3 


(c) Further apprising the DLI Commandant of tha ICIP, its pase tives: 
capabilities and limitations. 


H (d) Fstablishment end maintenance of a Maison iink througn the DLI 
i Securíty Officer with the DLI Commandanpt,to facilitate the passage of ' 
perishable and critical information, 


(e) beco ahe of selected local investi,ative requirements 
! relative to both overt and other sources 


M (f) Development and maintenance of liaison contracts with local 
| 2 5 and Federal law enforcement, security, T investigitive personnel. 
| FT (3) Covert Phase. ^ 
Ew (a) The covert phase is initiated upon the recruitment of a 
de Confidential Source and will continue for the duration of tae utilizetion 


35 of such source, or until the operation id terminated. 


: ^ REGRADED UNCLASSIFIED 
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(b) The objectives of the covert phase, which are the responsi- 
Sey of the ?CO'g are: i ' og 


H . 
QD Development and timely reportíng of credible information 
"relating to the detection, neutralization or exploitation of factors 
or individuals who pose a direct threat to the security of. DLI and 


the United ‘States. 


ic (2) Trafaing and explottatton of in-place Confidential Sources who 

| DAVE placement and access within the selected priority target areas, f - 
“and vho are capable of developing and reporting information not avail- n 
@ble through overt means. j 


SES 


Me. 

i 24. €. ary Considerations: | All personnel will compl with the 
“siniaistrative and operational security procedures set forth in : uod 
feference $. ; l 
: x | ET ! T 
f. tebhnical Requirements: Utilization of technical equipment is m 
mot anticipated. If, during the.course of the operation, such a requirg- n 
ment develdps, supplementary correspondence will be initiated. : ui 
3 ES 


5. Af) Communications: 


ou $ 
a b1 e DER 
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a(t Termination: | : 


a. Termination With and Without Prejucice:  Sou:css recruited icr 
these operations will be terminated when ‘thei: use to thc operation 
ceases, they show indications of insecure practices which could compro- 
tise the operation, they are no longer amenable to control, or the 
operation is terminated. Circumstances under which termination is 
effected wili determine whether termination is with or without preju- 

Security debriefing and severance ‘statements vil be obtained : 

at the time of termination when practicable. 


b. Commitments: The only commitments to be made to Sources wiil be 
assurance of protection of their identity and of reimbursement of ex- . 
penses incurred at the directicn of the PCO or PLO. 


c. Knoviedgeability: Knowledgeability of Confidential Sources will 
be limited. to names of the PCO and PLO; vehicles and license plates; 
meeting sites; training, EFI and other modus operandi acquired by a 
Source in the course of his utilization in an operation. Knowledge- 
ability of Corventional Sources, witting, or unwitting, will! generally 
be less than that of Confidential Sources; however, they will. be met 
and debriefed whenever practical, with the same operational techniques 
and procedures utilized with Confidential, Sources. 


e « Coordination and Liaison; mE 


, | 
Coordinatioà of thís operation has been UT with the Commandant, DII, 
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"S . i SS i ` 
i E s : 
and appropriate staff officers. Liaison will continue to be conducted " 
“with these officials.. Liaison has also been established and meintaíned Ld 
with appropriate je. and Federal law enforcement and investigative - Wh. 
Edu agencies, E a^ 
uo 3. Q -spocté: uz ' 3 ES 
|. '" gs. Source administration and operational reports will be eabmitted "ur 
? $n accordance with USAINTA Regulation 1-100 & 1 and FM 30-174. The pU 
g following reports are required. Wa 
7 G) Quarterly vo Report (See mple in USAINTA Regulation PU | 
; 1-100931, Appendix À) Mox: 
(2) Lead Development Report (See example in PM 36-174, Appendíx D) ES 
(3) Contact Report (See example in FM 3C-17A, Appendix D) í E 
' d E 
(4) Agent Report (See example in USAINTA Regu.stion 381-150, ET 
Appendix A) | ij Ae 
| CES 
b. Quarterly status reports will be submitted so as to arrive at- x» 
Speciai Operations Detachment, HQ, USAZINSCOM, NLT three working days a 
after the end of the reporting period. - p 
i (oM Es 
i ANNEX: A - References Uu 
i 
j B - Target list and Priorities 
i C - Rnowledgeability List 
QD - Essential Elements of Information 
N E - Finance and Logistics : 
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ANNEX A: References 


a. Executive Order 11905, United States Foreign Intelligence 
Activities (U), 18 Feb 76. 


mear arr 
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v. DOD Directive 5160-41, dated 5 Oct t3, Subject: 
dengeage Program. 5 


se. ER 380-13, Acquisition and Storage of Information Concerning 
~Affiliaged Persons and Organizations |(U), 30 Sep 74. 


Defense 


on is | 
, 4. M 3817141, Provisions for Administration, Supervision, Control 
d Use pf Intelligence Contingency Funds (U), 7 Jul 76. 
UT ee 


. RR i 


a. DÀ Letter, ACSI-CIPR, dated 8 Oct 69, Subject: 
Support of Defense Language Instityte (U). " 


Count&rintelli- 


3 f. USANIC Regulation 381-100-1, Counterintelligence Special 

Operations (U), dated 8 Jun 74. l 

| £- USAINTC Regulation 381-1, Provisions for Administration, 

*' Supervision, Control and Use of Intelligence Contingency Funds (U), 
-24 Aug 74. | 


h. USAINTA Report, A Security Incident Review, Defense Language 
Institute (U), dated Jan 1977. : f 
4. Letter, ICDO-OP, dated 12 Apr 1d, Subject: Umbrella OPLAN (U). 


. g 
j. Letter, COT, DLIWC, dated 11 Sep 67, Subject: Request for 
Aggressive Counterintelligence Support (U), with Ist Indorsement, 
DLI, dated 14 Sep 67. i 
i ] 


k. Letter, MlIA-GPA-CO, dated 6 Jan 77, Subject: Administration UB 


of InterngM Counterintelligence Program (U). 
T2 Í i - : 
e 7 i : r 
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i ANNEX B: Target Areas (U) | l l P 
(uo Priority I targets linclude thé following DLI Language Departments: gd 


: a. Russian 


4. Bungerian . Em E 


f. Bulgarian e : 
£- Serbo-Croatiay : | ; i 
"Rh. Chinese ~ Cantonese | 


5. Chinese - Mandarin 


i f | 4. Albanian " 

: (4e Priority II targets include the following DLI Language — 
a. Arabic 
b. French 


i €. German 


d. Italian 
i REGRADED UNCLASSIFIED 


ON P 
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g- Persian 


e. Indonesian 


ER h. Portugese 
1. Spanish 


Los l j- Thai 


= k. Turkish l 

3 1. Vietnamese f , 

E Vierna 99 

839° 
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ANNEX B: Target Areas (U) 


;. Be e Priority IU „targets inélude the following Non-Academic 
PATO da s: . 
T" ; k i . " 4 


ary 


» s Bactorate of, Training 


4; 
"Directorate of Evaluation 


ANNEX C: Xnovledgesbility List (U) | à 
SPECIFIC KNOWLEDGEABILTTY RDSTER (26 August 1977)* l $ 
| ICIP LENTIL MONKEY (U) DATE OF ACCESS E. 

co ME "POSITION in 
coo LTS Russell r. Cooley Commander Jul 1977 ; 
© — LC Joseph E. Bavkins Executive Officer ` Nov 1976 
MAS Leonard A. Kostelnik 52/3 Sul 1977 
Ls 2o MU Gil p. Bentler l Chief op taranna Branch l Aug 1977 . 
* n. Richard L. McCauley Operatiohs Branch Feb 1977 
: a Jeremy u. Hughes no | Apr 1974 
Ronald M. Olson ro. ` Fet 1976 
Jchn Caretens - Poco! Aug 1974 
TC bcd p. McQueen Special E | 


Li 


* All Perdonnel Listed Are Assigned to jthe 93D MI BN (Prov) 


i j n 
| p IS oo. 
ex Bs 603 V 


ow fro 


co hd 
AL “DS 
— N 


GENZRAL KNOWLEDGEABILITY ROSTZR (1 AUG 7.) 


NAME 


COL Samuel L. Stapleton 


COL R. Jaanson 

LTS R. P. Kelly 

LTC P. R. aren Jr. 
LTC Waldo Webb 

James R. Green 


MAJ Williem A. Sensenderfer 


CPT Van B. Lowry, Jr. 
CPT Brendon A. Xiques 
Jesse Eoone | 


Max Do} an 


b1 P 


ICIP LEN"IL MONKEY (U) 


POSITION 


Conn :ndant, Defense 
Language Insticute (DLT) 


. Deputy Commandant, DPLI 
> XO, DLI 
bisce Support, DLI 
Security Officer, DLI 
— Officer, DLI 


Chief, OPSEC Team, 
93d MI Bn (Prev) 


Adjutant, 33d MI Bn (Prov? 
CDR, F: Ord Field’ Office 
S/A Ft Ord FO 


ui^ t Ord FO i 


b1 Per FBI 


HGH. R. Aaron 

MAJ (FNU) Mors,an 
CPT Ecward F. Alves 
C. T Ashton rnes 


CPT Joan F. Roe 


CPT Fred A. Ziiuinan 


_-- ON 
— TY USAINSCOM FOUPA 
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ACSI, DA -taff Officer 
S-4, 93d MI Bn (Prov) 


COR, TSCM Team 


Action: Officer, 87-3 
93d MI Bn (Prov) 


TEMPEST Officer, 
93d MI: Bn (Prov) 
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DATE OY ACCESS 


Sip 


Jul 


1975 


1977 


1977 
1975 
1977 
1974 


1977 
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" ANNEX D: Essential Elements of Information " 
: { : Ls : 
Consistent with the stated mission and objectives cf ICIP LENTIL. - 
NKEY, the following Essential Elements o: Information (EFI) are 
estat lished. These EEI apply tc 211 military and DOD civilian personnel 
Assigned to or associated with DLI activities to include ide. 
“permanent petzy, statt and HBEH EET end ivisitors: 


ur 
Él 


1. idestification and extent of foteign contacts and business or 
professional gennectiona, particularly those with communist blo- 
countries. is" 


= 


S 7 “Foreign travel, intended or completed, to communist bloc 


3. Atiéddagce at social and official functions at which communist 
= Alot cóuntry personnel are present. | 


l “4. Solicitation by foreign nationale or organizations of offic: al 
or personal information through either official or aon-rfficial channels. 


5. Identification of perscnnel corresponding cr associating with 
communist bloc embassies or receiving unsolicited correspondence from 
individuals, organizations or addresses: known to be a threat to the . 
US Arny. ! 

6. Identification of personnel whose ac-ivities and character 
weaknesses render them potentially vulnerable to pressure, blackmail, 
coercion, and exploitation by foreign intelligence. Such information 
includes: 


a. Excessive indebtedness or recurring financial difficulties. 
! b. Unexplained affluence inconsistent with income. 

c. Commitment or solícitation to commit immoral or illegal acts 
in CONUS or in foreign countries where puch acts could be considered 


illegal. 


d. Drastic changes in or acta of personal behavior to indicate 
TG possible unexplained pressures being trbught to bear. 
e. ! 


of drugs yr narcotics. 
À . 

f. Mantal or emotional ETE a illness of en i 
dividual's duty performance. 


seriousness to affectimaterially the i 
i E 


' 
! . 


^ 
| f ^" e. Ełcessive use of alcoholic iui ai or improper use or abuse 
PO 
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J. Identification of violations of established installaticn and/or 
personnel security polícy and procedures. . 


8. Ideetification:of individuals dí:piaying unysual interest in 
anothers oefsonal and military backgrounc and future assignment; 
attempting to identify individuals on orders to classified and foreign 
command and general staff assignments; photographing apparertly 
selectad individuals. 


* - 


. 9. Allegations or denunciatior8 of aspionage or sxbotagé activities. 


[LM 3 


; 10. Sudden unexplained or inadequate explained absences from work. 


A ave WO 


a of unofficial vo to DLI. 


em | 


1 
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va LENTIL MONKEY: (QSR, Ist QTR FY 78) i 
Menanam. e a ine ] 


a. Location: Defense Language Institute (DLI), Presidio of 
Monterey, CA. 


b. Confidential Source Utilization: Seventeen. 


c. Information Obtained or Reported on Non-affiliated Civilians: 
None. 


d. Useful Information Obtained: 


(1) During the quarter, sources continued to report contac:s between 
Russian Language Department (RLD) instructors and friends and relatives 
in the USSR. In addition to written correspondence, packages containin- 
clothing, books and other articles have been sent to individuals in the 
USSR: sometimes through third parties. One RLD instructor has receiver 
both standard and military dictionaries fron a friend in the USSR. to 
include a copy of the Warsaw Pact Military Terminolozy. An RLP instructor 
has sent over $4,909, in increments over a period of several vears, to 
friends and relatives in the USSR. The instructor refused to reveal the 
method/svSter used to transmit the money that he had borrowed while in tm 
USSR in order to emigrate to the US. An RLD instructor who visited t) 
USSR during the quarter vas questioned while there bv an individual whe 
identified himself as a Soviet Army officer. Tne instructor was askc 

for the names of DLI personnel, students' branches of service, and th 
purpose of their language studies. The instructor reported that she has 
refused to answer the questions. 


(3) A Polish Language Department (PLM) instructor obtained a viss 
from the Polish Embassy in London while on leave in July 1977 and pro- 
ceeded to visit Poland. The instructor failed to comply with DLI regula- 
tions in that he did not report his intent to visit a Communist Bloc 
country and receive the required briefing from the DLI Security Officer. 
This instructor has taken past trips to Poland, but had alwavs complied 
with DLI regulations. A PLD instructor who has been emploved at DLi 
since 1955 is reportedly planning to retire in the near future and move 
to Poland. He stated he would be able to live better in Poland because 
of lower living costs. This same instructor had visited Poland last Mav, 
and had photographed DLI students from the Polish and Serbo-Croatin 
Language Departments during a class picnic in November 1977. A PLD in- 
structor who last visited Poland in June 1977, was visited by friends, 

a man and woman, from Poland during late September, early October. The 
instructor took his guests to the Ft Ord Officers’ Club on 1 October 1977. 
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(3) A female instructor of the Serbo-Croatin Language Department (SCLD) 
has developed a close association with a US Army Captain, and former DLI 
student, now attending the Yugoslavian Staff College. Since his departure 
from DLI in June 1977, the instructor has corresponded with the Captain and 
has sent packages to him for delivery to her relatives in Yugoslavia. 
She plans to visit the captain during her programmed visit/TDY to Yugoslavia 
in April 1978. The captain is allegedly gathering data for her that can 
be used by the SCLD. The instructor, a former Yugoslav citizen, is now a 
permanent resident of the US, and her husband is a US Army enlisted man 
stationed at Ft Ord. 


(4) An instructor of the Hungarian Language Department (HLD) required 
his students to complete, in English, a Hungarian visa application as 
homework assignment. When filled in, the application provides considerable 
biographic data. The application vas printed in four languages, Hungarian, 
German, French and English. 


e. Operationaí Status: 


(1) Seventeen confidential sources were active during the quarter. 
Four sources were terminated, three due to graduation and one due to un- 
expected reassignment, and three new sources were recruited. Four other 
individuals, including one instructor, are currently under assessment as 
potential confidential sources. In addition to the confidential source 
coverage, twelve conventional sources also provided coverage at DLI. 


(2) During the reporting period, information obtained from all sources, 
including that acquired from overt liaison activities with other services, 
resulted in the production of two Summaries of Information, 32 Contact 
Reports, 48 oral reports to the DLI Commandant, eight Source Lead Develop- 
ment Reports (SLDR), and 109 Agent Reports. A total of 1,320 manhours 
were expended during the lst Quarter. 


(3) On 20 December 1977, the Project Liaison Officer (PLO) provided 
the Quarterly Progress Briefing to COL Samuel L. Stapleton, Commandant, 
DLI, with LTC Richard P. Kelly, XO, DLI and LTC Waldo R. Webb, Security 
Officer, DLI, also present. COL Stapleton directed that significant 
information in the briefing also be furnished the Deputy DLI Commandant, 
COL R. Jansson, USAF. This was accomplished on 21 December 1977. 


(4) As a result of the Quarterly Briefing and items presented to 
the Commandant and his staff as developed by the ICIP during the quarter, 
the DLI Security'Officer denied permission for an ASA enlisted student to 
reside in the home of an RLD instructor. The instructor has had extensive 
contacts with individuals in the USSR, reportedly attempted to obtain the i 
release of family members from the USSR, and has had alleged contacts with | 
the Soviet Consulate. The DLI Commandant has tasked the Security Officer 
to determine what restrictions could be placed on foreign visitors to DLI, 
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and what actions can be taken against the PLD instructor who visited 
Poland without conplying with DLI regulations. Further, the Security 
Officer was tasked to follow-up on the visa application homework 
assigned by an instructor of the HLD, Such assignments appear out-of- 
line and without academic basis. 


(5) Special Operations Detachment, USAINSCOM, is closely monitoring 
the reports concerning the relationship between the SCLD instructor and 
US Army Captain. Should substantive information develop as a result of 
this relationship, necessary investigative or other appropriate action 
will be initiated. 
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(^ LENTIL MONKEY: (QSR, 2d QTR FY 78) 


a. Location: Defense Language Institute (DLI), Presidio of 
Monterey, CA. 


b. Confidential Source Utilization: Seventeen 


c. Information Obtained or Reported on Non-affiliated Civilians: 
None. 


d. Useful Information Obtained: 


(1) A Russian Language Department (RLD) instructor revealed that 
her mother, who resides in the USSR, had been recently questioned by | 
KGB officials when she unsuccessfully attempted to have a manuscript 
smuggled out of the USSR by an American tourist for delivery to her 
daughter, The manuscript was allegedly the instructor's translation 
of some of the works of an ancient Greek philosopher. The tourist, i 
a male student (not further identified), was apprehended and the pack- | 
age confiscated by airport officials. An RLD instructor revealed that 
while a resident of the USSR he had been approached by the KGB to be 
an informer. At the time, 1974, the instructor was teaching English 
language to Soviet Jews. Through the advice of an acquaintance, he 
allegedly told everyone he knew about the KGB approach and was never 
bothered by them again. The acquaintance was| bẹ  ]a former 
NSA employee who defected to the Soviet Union in 1960. The RLD in- 

Structor has been attempting for some time to foster a language teach- 
ing method at DLI that he developed while in the USSR at the Pavlov 
Institute on Physiology. The method has a physiological-psychological 
basis. Three RLD instructors received unsolicited offers to purchase 
Soviet publications from an alleged Communist controlled bookstore in 
New York City. 


(2) During a visit to Czechoslovakia this past Christmas season, 
a Czech Language Department (CLD) instructor mentioned to students that 
while there she was surveilled by unidentified person(s) on two separate 
Occasions. The instructor had not reported this fact to the DLI Security 
Officer upon her return as required by DLI regulations. During a DLI 
sponsored trip to the Stanford University Library, students were 
approached by an unidentified man and invited to attend a Czech sponsored 
social function in the local area. An official invitation was later re- 
ceived by the CLD chairman. 


(3) A Chinese Mandarin Language Department (CMLD) instructor 
visited the Peoples Republic of China (PRC) during January 1978, without 
complying with DLI regulations concerning reporting of such trips. This 
is the instructor's second visit to the PRC; she had complied vith 
appropriate regulations prior to her first visit. 
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(4) According to an unsubstantiated statement of a former 
Egyptian citizen, an instructor in the Arabic Language Department was 
reportedly a fund raiser for "El Fatah" and avid supporter of the 
Palestine Liberation Organization when he resided in Egypt. 


(5) Through several instructors in the Hungarian Language 
Department (HLD), the president of a local Hungarian club requested 
a student volunteer to present a speech in Hungarian at a forthcoming 
club ceremony. A USAF enlisted student expressed willingness to 
present the requested speech. 


e. Operational Status: 


(1) Seventeen confidential sources were active during the quarter. 
Four sources were terminated and four new sources recruited. Five in- 
dividuals are currently under assessment as potential confidential 
sources. In addition to confidential source coverage, ten conventional 
Sources provided coverage at DLI. 


(2) During the reporting period, information obtained fron all 
sources, including that acquired from overt liaison activities, re- 
sulted in production of five Summaries of information, 41 Contact Reports, 
49 oral reports to the DLI Commandant and or designated representatives, 
five Source Lead Development Reports, and 112 Agent Reports. A total of 
1448 manhours were expended on the ICIP during the 2d Quarter. 


(3) On 13 March 1978, the required quarterly briefing was presented 
to COL Samuel L. Stapleton, Commandant, DLI. LTC Waldo R. Webb, DLI 
Security Officer, also attended the briefing. At the Commandant's re- 
quest, on 20 March 1978, the Deputy Commandant and Executive Officer 
were also briefed on the progress of the ICIP. 


(4) As a result of the quarterly briefing and items reported to 
the DLI Commandant and his staff as developed by the ICIP during the 
quarter, the Commandant directed that letters, requiring written replys 
of explanation, be sent to the DLI instructors who travelled to 
Communist bloc countries and did not comply with established DLI policy. 
He further directed the DLI Information Officer to contact the student 
discussed in para d(5) above, and advise him of applicable DOD, USAF 
and DLI regulations regarding military personnel participation in off 
post political rallies and activities. Such appearances, speeches or 
other participation by DLI staff, faculty and student personnel must 
be cleared through the Public Affairs Office. The DLI Security Officer 
was directed to determine what action can be taken concerning instructors 
whose actions or backgrounds indicate they may be possible security risks 
(reference para d(1) wherein an RLD instructor revealed contacts with the 
KGB and a known US defector while residing in the USSR. SOD, USAINSCOM, 
has been and will continue to closely monitor the instructor's teaching 
methods and activities.), 
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(f wm MONKEY: (QSR, 3d QTR FY 78) 


a. Location: Defense Language Institute (DLI), Presidio of Monterey, 
CA. 


b. Confidential Source Utilization: Fifteen 


c. Information Obtained or Reported on Non-affiliated Civilians: 


d. Useful Information Obtained: 


(1) A Russian Language Department {RLD) supervisor entertained a 
Soviet citizen as his house guest for a period of over a month. The 
Soviet citizen, an engineer, was in Monterey awaiting settlement of his 
uncle's will. He returned to Moscow in mid-April following partial settle- 
ment, and has arranged with the RLD supervisor to have remaining funds 
sent to him through banks in the USSR and Western Europe. An RLD instructor 
has been selected by the US Coast Guard in Monterey to serve as a Russian 
Language interpreter when needed in cases involving Russian ships or 
personnel. 


(2) An instructor in the Arabic Language Department (ALD) is reportedly 
subjecting his students to Palestinian Liberation Organization propaganda. 


(3) An instructor in the Polish Language Department (PLD) required 
students to fill out a questionnaire covering such subjects as the 
students’ military specialty; prior language training; life goals, leisure 
time activities; and how he/she plans to take advantage of language pro- 
ficiency in future personal career. 


(4) An instructor in the German Language Department (GLD) presented 
lectures to various GLD classes concerning his recently completed trip to 
East Berlin and East Germany. The instructor failed to comply with DLI 
regulations concerning prior reporting of trips to Communist bloc countries. 


e. Operational Status: 


(1) Fifteen confidential sources were active during the quarter. 
Five sources were terminated and three new sources recruited, Seven indi- 
viduals are currently under assessment as potential confidential sources. 
In addition to confidential source coverage, ten conventional sources 
provided coverage at DLI. 


(2) During the reporting period, information obtained from all 
sources, including that acquired from overt liaison activities, resulted 
in production of seven Summaries of Information, 34 Contact Reports, 42 
oral reports to the DLI Commandant and/or designated representatives, 
eight Source Lead Development Reports, and 118 Agent Reports. A total of 

' 1301 manhours were expended on the ICIP during the 3d quarter. 
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(3) On 22 June 1978, the required quarterly briefing was presented 
to COL Samuel L. Stapleton, Commandant, DLI. LTC Richard P. Kelly, DLI 
Executive Officer, and LTC Waldo R. Webb, DLI Security Officer, also 
attended the briefing. 


(4) As a result of the quarterly briefing and items reported to the 
DLI Commandant and staff as developed by the ICIP during the quarter, the 
Commandant directed that DLI visitor control procedures be strengthened 
through greater coordination between the Security and Information Offices. 
Procedures for the direct, expeditious reporting of the arrival of visitors 
and monitoring of their activities at DLI are being established. The 
Commandant directed that a letter of reprimand be sent to the GLD instructor 
who visited East Berlin and East Germany without complying with appropriate 
DLI regulations. The Commandant directed the Security Officer to ascertain 
the details concerning the PLD instructor's requirement for students to 
complete a questionnaire soliciting biographic, professional and personal 
information on the students. The Commandant commented that appropriate 
attention must be paid to the ALD since any attempts to sabotage Arabic 
language teaching efforts would have serious effect on various JS Aid E 
Agreements with Arabic speaking countries. He does not wish to see the 
improvement in morale and efficiency of the ALD that has occurred over 
the past fev years negated by outside interference by either pro or anti- 
Arab elements. 
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y6 LENTIL MONKEY:  (QSR, 4th QTR FY 78) 
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a. Location: Defense Language Institute (DLI), Presidio of Monterey, 
CA. 


b. Confidential Source Utilization: Eighteen 


c. information Obtained or Reported on Non-affiliated Civilians: 
None. — 


d. Useful Informatíon Obtained: 


(1) Unauthorized visitors to the Polish, Serbo-Croatian anc Arabic 
Language Departments were reported during the quarter. The visitor to 
the Arabic Language Department (ALD), a newspaperman of unknown citizen- 
ship, allegedly plans to write an article about DLI and solicited infor- 
mation from the Public Affairs/Visitor Support Division (PAVSD) after he 
had already visited ALD. . ' 


(2) A student in the German Language Department (GLD) attending DLI 
in civilian cover status was questioned by a substitute instructor regard- 
ing his status, type job, assignment upon graduation, and whether he knev, 
and/or would be working with a former civilian GLD student now in Germany. 

To determine if a trend exists or is developing, attempts vill 5e made to 
ascertain if any special attention or undue curiosity is shown to "civilian" 
personnel attending language training by. the DLI instructors. 


e. Operational Status: 


(1) Eighteen confidential sources were active during the quarter. 
Two sources were terminated and eight new sources recruited. Four indi- 
viduals are currently under assessment as potential confidential sources. 
In addition to confidential source coverage, ten conventional sources pro- 
vided coverage at DLI. 


(2) During the reporting period, information obtained from all 
sources, including that acquired from overt liaison activities, resulted 
in production of three Summaries of Information, 43 Contact Reports, 55 
oral reports to the DLI Commandant and/or designated, representatives, six 
Source Lead Development Reports, and 65 Agent Reports. A total of 1142 
manhours were expended on the ICIP during the 4th quarter. 


(3) On 20 September 1978, the required quarterly briefing was pre- 
sented to LTC Waldo R. Webb, Security Officer, DLI. A comprehensive 
briefing on the operation will be presented to the newiy assigned 
(22 Sep 78) DLI Commandant in the near future. 
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(4} Based on information reported to the DLI Commandant anc staff 
during the quarter the following actions were initiated: 


(a) During their initial security briefing, it is emphasized to 
all incoming student personnel that neither DLI language instructors nor 
their relatives have security clearances. This action was based on in- 
formation that relatives of insturctors, citizens of Communist bloc 
countries, have attended social functions sponsored by language depart- 
ments and met and conversed with students. 


(b) The Security Officer and Chief, PAVSD are working together to 
implement and enforce effective visitor control procedures, Personnel of 
the ALD, see para d(1), were admonished for permitting a visitor: access 
to that department without first coordinating witb the PAVSD. 
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SUBJECT: Report of Internal Counterintelligence Program (ICIP) 
Operations (U) 


HQDA (DAMI-DOS/Miss Brannan) 
WASH DC 20310 


1. 22 Submitted herewith is the status report for the lst Quarter, 
FY 78, for ICIP Operation LENTIL MONKEY (U). During the reporting 
period, the operation produced two Summaries of Information, eight 
Source Lead Development Reports, 32 Contact Reports, and 109 Agent 
Re 


(5 
2. LENTIL MONKEY (U), supporting the Defense Language Institute, 
Foreign Language Center, Presidio of Monterey, CA, is the only CONUS 


d ing conducted 

» At Inclosure 2 is an updated OPLAN for LENTIL MONKEY (U). 
There are no significant changes to the operational concept and 

objectives reflected in the original OPLAN, dated 22 September 1971. 

The primary intent of the revision is to update terminology and 

references, refine Essential Elements of Information, and incorporate 

appropriate provisions of AR 380-13, EO 11905 and EO 12036. 


2 Incl f WILLIAM I. JENNINGS 
as Special Assistant (OPS) 
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DEPARTMENT OF THE ARMY 

: HEADQUARTERS 

P UNITED STATES ARMY INTELLIGENCE AND SECURITY COMMAND 
FORT GEORGE G. MEADE, MARYLAND 20755 


TASO~SA 


SUBJECT: Report of Internal Counterintelligence Program (ICIP) 
Operations (U) 


HQDA (DAMI-DOS/Miss Brannan) 
WASH DC 20310 


1. Submitted herewith is the status report, 2d Quarter, FY 78, 
for/ ICIP Operation LENTIL MONKEY (U). During the reporting period, 
the operation produced five Summaries of Information, five Source Lead 
Development Reports, 41 Contact Reports, and 112 Agent Reports. 


2. LENTIL MONKEY (U), supporting the Defense Language Institute, 
Foreign Language Center, Presidio of Monterey, CA, is the only CONUS 
ICIP being conducted. 
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l Incl WILLIAM I. JENNINGS  / 
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HEADQUARTERS 


OCT a 3 1978 
Report of Interna] Counterintelligence Program (ICIP) 
Operations (U) 


HQDA (DAMI-CIC/Miss Brannan) 
WASH DC 20310 


» 4th Quarter, FY 78 
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SUBJECT: Report of Internal Counterintelligence Program (ICIP) 
Operations (U) 


et 
HQDA (DAMI-Be8/Miss Brannan) 
WASH DC 20310 


Oo herewith is the status report, 3d Quarter, FY 78, 


for ICIP Operation LENTIL MONKEY (U). During the reporting períod, the 
operation produced seven Summaries of Information, eight Source Lead 
Development Reports, 34 Contact Reports and 118 Agent Reports. 


2. LENTIL MONKEY (U), supporting the Defense Language Institute, 


Foreign Language Center, Presidio of Monterey, CA, is the only CONUS 
ICIP being conducted. 
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OFFICE of INTELLIGENCE ad ANALYSIS 
INTELLIGENCE IN FOCUS 
3 MARCH 2021 IA-45978-21 


FOREIGN INFLUENCE 


(U) Iranian Influence Efforts Primarily use Online Tools to Target US Audiences, 
Remain Easily Detectable for Now 


(U/FOUO) Scope: This Intelligence In Focus (IIF) is a companion piece to the I&A IIF, "Iranian Efforts to 
Manipulate US Media Narratives,” released on 24 February 2021, providing baseline assessments of 
Iran's attempts to conduct malign influence operations against US audiences. 


(U//FOUO) We assess that Iran likely will continue to rely primarily on proxy news websites 
and affiliated social media accounts to attempt sustained influence against US audiences, 
while we expect intermittent, issue-specific influence attempts via other means (e.g., e-mails). 
We base this assessment on Iran's actions since at least 2008 to build and maintain vast malign 
influence networks anchored by proxy websites, as well as Iran's attempts to find new avenues 
to re-launch established malign influence networks after suspension. Tehran employs a network 
of proxy social media accounts and news websites that typically launder Iranian state media 
stories (stripped of attribution), plagiarize articles from Western wire services, and occasionally 
pay US persons to write articles to appear more legitimate to US audiences. 


e (u) The American Herald Tribune (AHT) —an Iranian Government proxy website 
established in 2015 that purported to be a genuine media outlet — was seized by the 
US Government on 4 November 2020 for attempting to covertly influence United States 
policy and public opinion, according to a DOJ press release. However, AHT by at least 16 
November 2020 resurfaced on a Canada-based domain, according to AHT's website. 
AHT is also known to pay unwitting US persons to contribute to its disinformation 
campaigns, according to the same website. 


e (u) The International Union of Virtual Media (IUVM) since at least August 2018 has 
maintained a network of proxy accounts and websites posing as news sources that 
attempted to insert Iranian Government narratives into Western target audiences and to 
denigrate the United States, Western governments, and other regional adversaries, 
according to reports from a research institute and a social media analysis firm. Since 
IUVM started, US social media outlets have repeatedly removed its accounts from their 
platforms for being engaged in pro-Iran information operations and deceiving users; 
most recently, the FBI in October 2020 seized IUVM's domains, according to the same 
reports and a DOJ press release. Despite these setbacks, however, IUVM created new 
accounts and returned to operations, according to these same reports. 


(U) Prepared by the Cyber Mission Center. Coordinated with the DHS Intelligence Enterprise (CETC, CIMC, FOD, and ICE). 
For questions, contact DHS-SPS-RFI@hq.dhs.gov. 
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e (u) Iranian state media-linked Liberty Front Press, created in 2013, claimed to be an 
independent media organization that published US political news, including content 
from other proxies such as IUVM and US-based media sites, according to reports from a 
media outlet, a cy bersecurity firm, and a research institute. Liberty Front Press and its 
network of affiliated proxy news websites published content directly from other sources, 
and any original content contained poorly written English, according to the same 
cybersecurity firm report. In August 2018, US social media platforms deactivated 
accounts associated with Liberty Front Press because of its connection to Iranian state 
media, according to media reporting. The Liberty Front Press website was officially 
seized by the FBI in October 2020, according to a DOJ affidavit. The FBI identified over 
1,000 domains, e-mail accounts, and social media accounts associated with Liberty Front 
Press as part of its investigation, according to the same affidavit. 


(U//FOUO) For at least the next year, we assess that these Iranian-run news websites and 
affiliated social media accounts targeting US audiences likely will remain easily detectable by 
the US Government and US social media companies due to Iran's use of thinly masked and 
often unsubtle promotion of pro-Iranian content. We base this assessment on Iran's promotion 
of pro-Iranian messaging behind a veneer of supposedly otherwise focused pages and the ease 
at which these pages have previously been identified and removed from US social media 
platforms and registered domains. While Iranian websites have remained easily detectable to 
date, if these deceptive outlets improved their obfuscation techniques and replaced obvious 
pro-Iranian content with divisive anti-US content, these outlets could blend into the information 
environment and be more difficult to attribute. Thus, it is important for the US Government and 
social media companies to maintain a close working relationship to continue to detect and 
uncover Iranian covert influence efforts as they develop and grow in complexity. 


e (u) In August 2018, a cybersecurity firm made the first major attribution of Iranian proxy 
accounts attempting to promote political narratives in line with Iranian interests, which 
directly led to the suspension and removal of over 900 accounts, pages, and groups from 
US social media platforms, some accounts dating back as early as 2015, according to 
reports from a cybersecurity firm and social media companies. 


e (u) In October 2019, a social media company removed several Iran-based pages 
attempting to hide behind a facade of otherwise focused pages, while pushing 
pro-Iranian messaging, including a page supposedly supporting Black Lives MatterUSPFR, 
according to a research institute. 


e (u) In October 2020, a US social media company removed an Iran-based page attempting 
to conceal its identity and activity, while pushing false claims and unsubstantiated 
US election-related threats as part of an influence operation, according to a report from 
the same social media company. 


e (u) In October 2020, a social media company acted on information provided by the FBI to 
take down over a hundred accounts appearing to originate from Iran and attempting 
unsuccessfully to disrupt the public conversation of the first 2020 US presidential debate, 
according to a report from the same social media company. 
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(u/FOUO) This product is based on reports from two research institutes, a cybersecurity 
firm, a social media analysis firm, US social media companies, and press releases from 
US Government agencies. 


(U//FOUO) We assess that Iran likely will continue to primarily rely on proxy news 
websites and affiliated social media accounts to attempt sustained influence against 

US audiences, while we expect intermittent, issue-specific influence attempts via other 
means (e.g., e-mails). We have moderate confidence in our assessment based on 
reports from sources with a history of credible reporting and corroboration of reporting 
among a wide range of sources including the US Government and the social media 
platforms themselves. Our confidence would increase if we saw continued evidence of 
US detection and disruption of Iranian information operations, and we would 
re-evaluate this assessment if we discovered Iranian online influence that had 
previously been undetected for a prolonged period. 


(U/FOUO) For at least the next year, we assess that these Iranian-run news websites and 
affiliated social media accounts targeting US audiences likely will remain easily 
detectable by the US Government and US social media companies due to Iran's use of 
thinly masked and often unsubtle promotion of pro-Iranian content. We have moderate 
confidence in our assessment based on reports from sources with a history of credible 
reporting and the corroboration of reporting among a wide range of sources. Our 
confidence would increase if we saw further evidence of attempts of Iranian 
obfuscation across multiple platforms and resonating in the US information 
environment. 


(u/FOUO) Disinformation: A foreign government's deliberate use of false or misleading 
information intentionally directed at another government's decisionmakers and 
decision-making processes to mislead the target, force it to waste resources, or 
influence a decision in favor of a foreign government's interests. Disinformation always 
depends on falsehoods and is sometimes relayed clandestinely for the target to 
"discover." 


(U/FOUO) Influence Activities: The use of covert and overt tools to achieve a foreign 
government's objectives, sometimes in support of broader influence operations. 
Activities may be carried out by an array of actors, independently or in coordination. 


(u/FOUO) Influence Operations: Broad use of influence activities conducted by various 
state and nonstate actors, sometimes to achieve specific goals under a larger influence 
campaign objective. 


(u) Senior DHS leadership, federal officials, governors, lieutenant governors, secretaries 
of state, homeland security advisors, fusion center directors and their staff. 


(U//FOUO) US persons linking, citing, quoting, or voicing the same arguments raised by 
these influence activities likely are engaging in First Amendment-protected activity, 
unless they are acting at the discretion or control of a foreign threat actor. Furthermore, 
variants of the topics covered in this product, even those that include divisive terms, 
should not be assumed to reflect foreign influence or malign activity absent 
information specifically attributing the content to malign foreign actors. This 
information should be considered in the context of all applicable legal and policy 
authorities to use open source information while protecting privacy, civil rights, and 
civil liberties. 


a 
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(u) CISA defines foreign influence as malign actions taken by foreign governments to 
spread disinformation designed to manipulate the public, sow discord and ill will, 
discredit the electoral process, disrupt markets, and undermine the interests of the 
American people. Recognize the risk: understand how foreign actors try to affect 
behavior. Question the source: check who produced the content and question their 
intent. Investigate the issue: search for other reliable sources before sharing. Think 
before you link: ask yourself why you're sharing, and let your emotions cool. Talk to 
your circle: talk to your social circle about the risks of spreading disinformation. 


(u) Warning: This document is UNCLASSIFIED/ / FOR OFFICIAL USE ONLY 

(U/ / FOUO). It contains information that may be exempt from public release under the 
Freedom of Information Act (5 U.S.C. 552). It is to be controlled, stored, handled, 
transmitted, distributed, and disposed of in accordance with DHS policy relating to 
FOUO information and is not to be released to the public, the media, or other personnel 
who do not have a valid need to know without prior approval of an authorized DHS 
official. State and local homeland security officials may share this document with 
authorized critical infrastructure and key resource personnel and private sector 
security officials without further approval from DHS. 


(u) This product contains US person information that has been deemed necessary for 
the intended recipient to understand, assess, or act on the information provided. It has 
been highlighted in this document with the label USPER and should be handled in 
accordance with the recipient's intelligence oversight and/or information handling 
procedures. Other US person information has been minimized. Should you require the 
minimized US person information on weekends or after normal weekday hours during 
exigent and time sensitive circumstances, contact the Current and Emerging Threat 
Watch Office at 202-447-3688, CETC.OSCO@hq.dhs.gov. For all other inquiries, please 
contact the Homeland Security Single Point of Service, Request for Information Office 
at DHS-SPS-RFI@hq.dhs.gov, DHS-SPS-RFIGdhs.sgov.gov, DHS-SPS-RFI@dhs.ic.gov. 
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SUMMARY 


The Cybersecurity and Infrastructure Security Actions to take today to mitigate Volt 
Agency (CISA), National Security Agency (NSA), Typhoon activity: 

and Federal Bureau of Investigation (FBI) assess 
that People's Republic of China (PRC) state- 
sponsored cyber actors are seeking to pre- 
position themselves on IT networks for disruptive 
or destructive cyberattacks against U.S. critical 
infrastructure in the event of a major crisis or 
conflict with the United States. 


e Apply patches for internet-facing 
systems. Prioritize patching critical 
vulnerabilities in appliances known to be 
frequently exploited by Volt Typhoon. 
Implement phishing-resistant MFA. 
Ensure logging is turned on for 
application, access, and security logs 

CISA, NSA, FBI and the following partners are and store logs in a central system. 

releasing this advisory to warn critical 

infrastructure organizations about this 
assessment, which is based on observations from the U.S. authoring agencies' incident response 
activities at critical infrastructure organizations compromised by the PRC state-sponsored cyber 
group known as Volt Typhoon (also known as Vanguard Panda, BRONZE SILHOUETTE, Dev-0391, 

UNC3236, Voltzite, and Insidious Taurus): 


e U.S. Department of Energy (DOE) 

e U.S. Environmental Protection Agency (EPA) 

e U.S. Transportation Security Administration (TSA) 

e Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC) 

e Canadian Centre for Cyber Security (CCCS), a part of the Communications Security 
Establishment (CSE) 

e United Kingdom National Cyber Security Centre (NCSC-UK) 

e New Zealand National Cyber Security Centre (NCSC-NZ) 


The U.S. authoring agencies have confirmed that Volt Typhoon has compromised the IT 
environments of multiple critical infrastructure organizations—primarily in Communications, Energy, 
Transportation Systems, and Water and Wastewater Systems Sectors—in the continental and non- 
continental United States and its territories, including Guam. Volt Typhoon's choice of targets and 
pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering 
operations, and the U.S. authoring agencies assess with high confidence that Volt Typhoon actors 
are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt 
functions. The U.S. authoring agencies are concerned about the potential for these actors to use their 
network access for disruptive effects in the event of potential geopolitical tensions and/or military 
conflicts. CCCS assesses that the direct threat to Canada's critical infrastructure from PRC state- 
sponsored actors is likely lower than that to U.S. infrastructure, but should U.S. infrastructure be 
disrupted, Canada would likely be affected as well, due to cross-border integration. ASD's ACSC and 
NCSC-NZ assess Australian and New Zealand critical infrastructure, respectively, could be vulnerable 
to similar activity from PRC state-sponsored actors. 
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As the authoring agencies have previously highlighted, the use of living off the land (LOTL) 
techniques is a hallmark of Volt Typhoon actors' malicious cyber activity when targeting critical 
infrastructure. The group also relies on valid accounts and leverage strong operational security, which 
combined, allows for long-term undiscovered persistence. In fact, the U.S. authoring agencies have 
recently observed indications of Volt Typhoon actors maintaining access and footholds within some 
victim IT environments for at least five years. Volt Typhoon actors conduct extensive pre-exploitation 
reconnaissance to learn about the target organization and its environment; tailor their tactics, 
techniques, and procedures (TTPs) to the victim's environment; and dedicate ongoing resources to 
maintaining persistence and understanding the target environment over time, even after initial 
compromise. 


The authoring agencies urge critical infrastructure organizations to apply the mitigations in this 
advisory and to hunt for similar malicious activity using the guidance herein provided, along with the 
recommendations found in joint guide Identifying and Mitigating Living Off the Land Techniques. 
These mitigations are primarily intended for IT and OT administrators in critical infrastructure 
organizations. Following the mitigations for prevention of or in response to an incident will help disrupt 
Volt Typhoon's accesses and reduce the threat to critical infrastructure entities. 


If activity is identified, the authoring agencies strongly recommend that critical infrastructure 
organizations apply the incident response recommendations in this advisory and report the incident to 
the relevant agency (see Contact Information section). 


For additional information, see joint advisory People's Republic of China State-Sponsored Cyber 
Actor Living off the Land to Evade Detection and U.S. Department of Justice (DOJ) press release 


U.S. Government Disrupts Botnet People's Republic of China Used to Conceal Hacking of Critical 
Infrastructure. For more information on PRC state-sponsored malicious cyber activity, see CISA's 


China Cyber Threat Overview and Advisories webpage. 


For a downloadable copy of indicators of compromise (IOCs), see: 


e MAR-10448362-1.v1 (JSON, 60 KB) 
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TECHNICAL DETAILS 


Note: This advisory uses the MITRE ATT&CK for Enterprise framework, version 14. See Appendix C: 
MITRE ATT&CK Tactics and Techniques section for tables of the Volt Typhoon cyber threat actors' 
activity mapped to MITRE ATT&CK® tactics and techniques. For assistance with mapping malicious 
Cyber activity to the MITRE ATT&CK framework, see CISA and MITRE ATT&CK's Best Practices for 
MITRE ATT&CK Mapping and CISA's Decider Tool. 


Overview of Activity 


In May 2023, the authoring agencies—working with industry partners—disclosed information about 
activity attributed to Volt Typhoon (see joint advisory People's Republic of China State-Sponsored 
Cyber Actor Living off the Land to Evade Detection). Since then, CISA, NSA, and FBI have 
determined that this activity is part of a broader campaign in which Volt Typhoon actors have 
successfully infiltrated the networks of critical infrastructure organizations in the continental and non- 
continental United States and its territories, including Guam. 


The U.S. authoring agencies have primarily observed compromises linked to Volt Typhoon in 
Communications, Energy, Transportation Systems, and Water and Wastewater Systems sector 
organizations' IT networks. Some victims are smaller organizations with limited cybersecurity 
capabilities that provide critical services to larger organizations or key geographic locations. 


Volt Typhoon actors tailor their TTPs to the victim environment; however, the U.S. authoring agencies 
have observed the actors typically following the same pattern of behavior across identified intrusions. 
Their choice of targets and pattern of behavior is not consistent with traditional cyber espionage or 
intelligence gathering operations, and the U.S. authoring agencies assess with high confidence that 
Volt Typhoon actors are pre-positioning themselves on IT networks to enable the disruption of OT 
functions across multiple critical infrastructure sectors (see Figure 1). 


1. Volt Typhoon conducts extensive pre-compromise reconnaissance to learn about the 
target organization's network architecture and operational protocols. This 
reconnaissance includes identifying network topologies, security measures, typical user 
behaviors, and key network and IT staff. The intelligence gathered by Volt Typhoon actors is 
likely leveraged to enhance their operational security. For example, in some instances, Volt 
Typhoon actors may have abstained from using compromised credentials outside of normal 
working hours to avoid triggering security alerts on abnormal account activities. 

2. Volt Typhoon typically gains initial access to the IT network by exploiting known or 
zero-day vulnerabilities in public-facing network appliances (e.g., routers, virtual private 
networks [VPNs], and firewalls) and then connects to the victim's network via VPN for follow- 
on activities. 

3. Volt Typhoon aims to obtain administrator credentials within the network, often by 
exploiting privilege escalation vulnerabilities in the operating system or network 
services. In some cases, Volt Typhoon has obtained credentials insecurely stored on a 
public-facing network appliance. 
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4. Volt Typhoon uses valid administrator credentials to move laterally to the domain 
controller (DC) and other devices via remote access services such as Remote Desktop 
Protocol (RDP). 

5. Volt Typhoon conducts discovery in the victim's network, leveraging LOTL binaries for 
stealth. A key tactic includes using PowerShell to perform targeted queries on Windows event 
logs, focusing on specific users and periods. These queries facilitate the discreet extraction of 
security event logs into .dat files, allowing Volt Typhoon actors to gather critical information 
while minimizing detection. This strategy, blending in-depth pre-compromise reconnaissance 
with meticulous post-exploitation intelligence collection, underscores their sophisticated and 
strategic approach to cyber operations. 

6. Volt Typhoon achieves full domain compromise by extracting the Active Directory 
database (NTDS. dit) from the DC. Volt Typhoon frequently employs the Volume Shadow 
Copy Service (VSS) using command-line utilities such as vssadmin to access NTDS. dit. The 
NTDS.dit file is a centralized repository that contains critical Active Directory data, including 
user accounts, passwords (in hashed form), and other sensitive data, which can be leveraged 
for further exploitation. This method entails the creation of a shadow copy—a point-in-time 
snapshot—of the volume hosting the NTDS. dit file. By leveraging this snapshot, Volt Typhoon 
actors effectively bypass the file locking mechanisms inherent in a live Windows environment, 
which typically prevent direct access to the NTDS.dit file while the domain controller is 
operational. 

7. Volt Typhoon likely uses offline password cracking techniques to decipher these 
hashes. This process involves extracting the hashes from the NTDS.dit file and then applying 
various password cracking methods, such as brute force attacks, dictionary attacks, or more 
sophisticated techniques like rainbow tables to uncover the plaintext passwords. The 
successful decryption of these passwords allows Volt Typhoon actors to obtain elevated 
access and further infiltrate and manipulate the network. 

8. Volt Typhoon uses elevated credentials for strategic network infiltration and additional 
discovery, often focusing on gaining capabilities to access OT assets. Volt Typhoon 
actors have been observed testing access to domain-joint OT assets using default OT vendor 
credentials, and in certain instances, they have possessed the capability to access OT 
systems whose credentials were compromised via NTDS . dit theft. This access enables 
potential disruptions, such as manipulating heating, ventilation, and air conditioning (HVAC) 
Systems in server rooms or disrupting critical energy and water controls, leading to significant 
infrastructure failures (in some cases, Volt Typhoon actors had the capability to access 
camera surveillance systems at critical infrastructure facilities). In one confirmed compromise, 
Volt Typhoon actors moved laterally to a control system and were positioned to move to a 
second control system. 
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Figure 1: Typical Volt Typhoon Activity 


After successfully gaining access to legitimate accounts, Volt Typhoon actors exhibit minimal activity 
within the compromised environment (except discovery as noted above), suggesting their objective is 
to maintain persistence rather than immediate exploitation. This assessment is supported by 
observed patterns where Volt Typhoon methodically re-targets the same organizations over extended 
periods, often spanning several years, to continuously validate and potentially enhance their 
unauthorized accesses. Evidence of their meticulous approach is seen in instances where they 
repeatedly exfiltrate domain credentials, ensuring access to current and valid accounts. For example, 
in one compromise, Volt Typhoon likely extracted NTDS.dit from three domain controllers in a four- 
year period. In another compromise, Volt Typhoon actors extracted NTDS.dit two times from a victim 
in a nine-month period. 


Industry reporting—identifying that Volt Typhoon actors are silent on the network following credential 
dumping and perform discovery to learn about the environment, but do not exfiltrate data—is 
consistent with the U.S. authoring agencies' observations. This indicates their aim is to achieve and 
maintain persistence on the network. In one confirmed compromise, an industry partner observed Volt 
Typhoon actors dumping credentials at regular intervals. 


In addition to leveraging stolen account credentials, the actors use LOTL techniques and avoid 
leaving malware artifacts on systems that would cause alerts. Their strong focus on stealth and 
operational security allows them to maintain long-term, undiscovered persistence. Further, Volt 
Typhoon's operational security is enhanced by targeted log deletion to conceal their actions within the 
compromised environment. 


See the below sections for Volt Typhoon TTPs observed by the U.S. authoring agencies from multiple 
confirmed Volt Typhoon compromises. 
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Observed TTPs 
Reconnaissance 


Volt Typhoon actors conduct extensive pre-compromise reconnaissance [TA0043] to learn about the 
target organization [T1591], its network [T1590], and its staff [T1589]. This includes web searches 
[11593]—including victim-owned sites [T1594]—for victim host [T1592], identity, and network 
information, especially for information on key network and IT administrators. According to industry 
reporting, Volt Typhoon actors use FOFA[1], Shodan, and Censys for querying or searching for 
exposed infrastructure. In some instances, the U.S. authoring agencies have observed Volt Typhoon 
actors targeting the personal emails of key network and IT staff [T1589.002] post compromise. 


Resource Development 


Historically, Volt Typhoon actors use multi-hop proxies for command and control (C2) infrastructure 
[11090.003]. The proxy is typically composed of virtual private servers (VPSs) [11583.003] or small 
office/home office (SOHO) routers. Recently, Volt Typhoon actors used Cisco and NETGEAR end-of- 
life SOHO routers implanted with KV Botnet malware to support their operations [T1584.005]. (See 
DOJ press release U.S. Government Disrupts Botnet People's Republic of China Used to Conceal 
Hacking of Critical Infrastructure for more information). 


Initial Access 


To obtain initial access [TA0001], Volt Typhoon actors commonly exploit vulnerabilities in networking 
appliances such as those from Fortinet, Ivanti Connect Secure (formerly Pulse Secure), NETGEAR, 
Citrix, and Cisco [T1190]. They often use publicly available exploit code for known vulnerabilities 
[11588.005] but are also adept at discovering and exploiting zero-day vulnerabilities [T1587.004]. 


e In one confirmed compromise, Volt Typhoon actors likely obtained initial access by exploiting 
CVE-2022-42475 in a network perimeter FortiGate 300D firewall that was not patched. There 
is evidence of a buffer overflow attack identified within the Secure Sockets Layer (SSL)-VPN 
crash logs. 


Once initial access is achieved, Volt Typhoon actors typically shift to establishing persistent access 
[TA0003]. They often use VPN sessions to securely connect to victim environments [T1133], enabling 
discreet follow-on intrusion activities. This tactic not only provides a stable foothold in the network but 
also allows them to blend in with regular traffic, significantly reducing their chances of detection. 


Execution 


Volt Typhoon actors rarely use malware for post-compromise execution. Instead, once Volt Typhoon 
actors gain access to target environments, they use hands-on-keyboard activity via the command-line 
[11059] and other native tools and processes on systems [T1218] (often referred to as "LOLBins"), 
known as LOTL, to maintain and expand access to the victim networks. According to industry 
reporting, some “commands appear to be exploratory or experimental, as the operators [i.e., 
malicious actors] adjust and repeat them multiple times."[2] 
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For more details on LOTL activity, see the Credential Access and Discovery sections and Appendix 
A: Volt Typhoon LOTL Activity. 


Similar to LOTL, Volt Typhoon actors also use legitimate but outdated versions of network admin 
tools. For example, in one confirmed compromise, actors downloaded [T1105] an outdated version of 
comsvcs.dll on the DC in a non-standard folder. comsvcs.d11 is a legitimate Microsoft Dynamic 
Link Library (DLL) file normally found in the System32 folder. The actors used this DLL with MiniDump 
and the process ID of the Local Security Authority Subsystem Service (LSASS) to dump the LSASS 
process memory [T1003.001] and obtain credentials (LSASS process memory space contains hashes 
for the current user's operating system (OS) credentials). 


The actors also use legitimate non-native network admin and forensic tools. For example, Volt 
Typhoon actors have been observed using Magnet RAM Capture (MRC) version 1.20 on domain 
controllers. MRC is a free imaging tool that captures the physical memory of a computer, and Volt 
Typhoon actors likely used it to analyze in-memory data for sensitive information (such as credentials) 
and in-transit data not typically accessible on disk. Volt Typhoon actors have also been observed 
implanting Fast Reverse Proxy (FRP) for command and control.[3] (See the Command and Control 
section). 


Persistence 
Volt Typhoon primarily relies on valid credentials for persistence [T1078]. 
Defense Evasion 


Volt Typhoon has strong operational security. Their actors primarily use LOTL for defense evasion 
[TAO005], which allows them to camouflage their malicious activity with typical system and network 
behavior, potentially circumventing simplistic endpoint security capabilities. For more information, see 
joint guide Identifying and Mitigating Living off the Land Techniques. 


Volt Typhoon actors also obfuscate their malware. In one confirmed compromise, Volt Typhoon 
obfuscated FRP client files (BrightmetricAgent.exe and SMSvcService.exe) and the command- 
line port scanning utility ScanLine by packing the files with Ultimate Packer for Executables (UPX) 
[T1027.002]. FRP client applications support encryption, compression, and easy token authentication 
and work across multiple protocols—including transmission control protocol (TCP), user datagram 
protocol (UDP), hypertext transfer protocol (HTTP), and hypertext transfer protocol secure (HTTPS). 
The FRP client applications use the Kuai connection protocol (KCP) for error-checked and 
anonymous data stream delivery over UDP, with packet-level encryption support. See Appendix C 
and CISA Malware Analysis Report (MAR)-10448362-1.v1 for more information. 


In addition to LOTL and obfuscation techniques, Volt Typhoon actors have been observed selectively 
clearing Windows Event Logs [T1070.001], system logs, and other technical artifacts to remove 
evidence [T 1070.009] of their intrusion activity and masquerading file names [T 1036.005]. 


Credential Access 


Volt Typhoon actors first obtain credentials from public-facing appliances after gaining initial access 
by exploiting privilege escalation vulnerabilities [T1068] in the operating system or network services. 
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In some cases, they have obtained credentials insecurely stored on the appliance [T1552]. In one 
instance, where Volt Typhoon likely exploited CVE-2022-42475 in an unpatched Fortinet device, Volt 
Typhoon actors compromised a domain admin account stored inappropriately on the device. 


Volt Typhoon also consistently obtains valid credentials by extracting the Active Directory database 
file (NTDS.dit)—in some cases multiple times from the same victim over long periods [T1003.003]. 
NTDS.dit contains usernames, hashed passwords, and group memberships for all domain accounts, 
essentially allowing for full domain compromise if the hashes can be cracked offline. 


To obtain NTDS . dit, the U.S. authoring agencies have observed Volt Typhoon: 


1. Move laterally [TAOO08] to the domain controller via an interactive RDP session using a 
compromised account with domain administrator privileges [T1021.001]; 

2. Execute the Windows-native vssadmin [T1006] command to create a volume shadow copy; 

3. Use Windows Management Instrumentation Console (WMIC) commands [T1047] to execute 
ntdsutil (a LOTL utility) to copy NTDS.dit and SYSTEM registry hive from the volume 
shadow copy; and 

4. Exfiltrate [TA0010] NTDS.dit and SYSTEM registry hive to crack passwords offline) 
[T1110.002]. (For more details, including specific commands used, see Appendix A: Volt 
Typhoon LOTL Activity.) 
Note: A volume shadow copy contains a copy of all the files and folders that exist on the 
specified volume. Each volume shadow copy created on a DC includes its NTDS.dit and the 
SYSTEM registry hive, which provides keys to decrypt the NTDS . dit file. 


Volt Typhoon actors have also been observed interacting with a PuTTY application by enumerating 
existing stored sessions [T1012]. Given this interaction and the exposure of cleartext-stored proxy 
passwords used in remote administration, Volt Typhoon actors potentially had access to PuTTY 
profiles that allow access to critical systems (see the Lateral Movement section). 


According to industry reporting, Volt Typhoon actors attempted to dump credentials through LSASS 
(see Appendix B for commands used).[2] 


The U.S. authoring agencies have observed Volt Typhoon actors leveraging Mimikatz to harvest 
credentials, and industry partners have observed Volt Typhoon leveraging Impacket.[2] 


e Mimikatz is a credential dumping tool and Volt Typhoon actors use it to obtain credentials. In 
one confirmed compromise, the Volt Typhoon used RDP to connect to a server and run 
Mimikatz after leveraging a compromised administrator account to deploy it. 

e Impacket is an open source Python toolkit for programmatically constructing and manipulating 
network protocols. It contains tools for Kerberos manipulation, Windows credential dumping, 
packet sniffing, and relay attacks—as well as remote service execution. 


Discovery 


Volt Typhoon actors have been observed using commercial tools, LOTL utilities, and appliances 
already present on the system for system information [T1082], network service [T1046], group 
[T1069] and user [T1033] discovery. 
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Volt Typhoon uses at least the following LOTL tools and commands for system information, network 
service, group, and user discovery techniques: 


e cmd e nltest e systeminfo 
e certutil e netstat e tasklist 

e dnscmd e  ntdsutil e wevtutil 

e Idifde e ping e whoami 

e makecab e PowerShell e wmic 

e net user/group/use e quser e xcopy 

e netsh e reg query/reg save 


Some observed specific examples of discovery include: 


e Capturing successful logon events [T1654]. 

o Specifically, in one incident, analysis of the PowerShell console history of a domain 
controller indicated that security event logs were directed to a file named user.dat, as 
evidenced by the executed command Get-EventLog security -instanceid 4624 - 
after [year-month-date] | fl * | Out-File 
"C: \users\public\documents\user.dat’. This indicates the group's specific interest in 
capturing successful logon events (event ID 4624) to analyze user authentication patterns 
within the network. Additionally, file system analysis, specifically of the Master File Table 
(MFT), uncovered evidence of a separate file, systeminfo.dat, which was created in 
C:\Users\Public\Documents but subsequently deleted [T1070.004]. The presence of 
these activities suggests a methodical approach by Volt Typhoon actors in collecting and 
then possibly removing traces of sensitive log information from the compromised system. 

e Executing tasklist /v to gather a detailed process listing [T1057], followed by executing 
taskkill /f /im rdpservice.exe (the function of this executable is not known). 

e Executing net user and quser for user account information [T1087.001]. 

e Creating and accessing a file named rult3uil. log on a domain controller in 

C: \Windows\System32\. The rult3uil.1log file contained user activities on a compromised 

system, showcasing a combination of window title information [T1010] and focus shifts, 

keypresses, and command executions across Google Chrome and Windows PowerShell, with 
corresponding timestamps. 

e Employing ping with various IP addresses to check network connectivity [T1016.001] and net 
start to list running services [T1007]. 


See Appendix A for additional LOTL examples. 


In one confirmed compromise, Volt Typhoon actors attempted to use Advanced IP Scanner, which 
was on the network for admin use, to scan the network. 


Volt Typhoon actors have been observed strategically targeting network administrator web browser 
data—focusing on both browsing history and stored credentials [11555.003]—to facilitate targeting of 
personal email addresses (see the Reconnaissance section) for further discovery and possible 
network modifications that may impact the threat actor's persistence within victim networks. 
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In one confirmed compromise: 


e Volt Typhoon actors obtained the history file from the User Data directory of a network 
administrator user's Chrome browser. To obtain the history file, Volt Typhoon actors first 
executed an RDP session to the user's workstation where they initially attempted, and failed, 
to obtain the C$ File Name: 
users\{redacted}\appdata\local\Google\Chrome\UserData\default\History file, as 
evidenced by the accompanying 1016 (reopen failed) SMB error listed in the application event 
log. The threat actors then disconnected the RDP session to the workstation and accessed 
the file C: \Users\{redacted}\Downloads\History. zip. This file presumably contained 
data from the User Data directory of the user's Chrome browser, which the actors likely 
saved in the Downloads directory for exfiltration [T1074]. Shortly after accessing the 
history.zip file, the actors terminated RDP sessions. 

e About four months later, Volt Typhoon actors accessed the same user's Chrome data C$ 
File Name: Users\{redacted}\AppData\Local\Google\Chrome\User Data\Local 
State and $ File Name: Users\{redacted}\AppData\Local\Google\Chrome\User 
Data\Default\Login Data via SMB. The Local State file contains the Advanced Encryption 
Standard (AES) encryption key [T1552.004] used to encrypt the passwords stored in the 
Chrome browser, which would enable the actors to obtain plaintext passwords stored in the 
Login Data file in the Chrome browser. 


In another confirmed compromise, Volt Typhoon actors accessed directories containing Chrome and 
Edge user data on multiple systems. Directory interaction was observed over the network to paths 
such as C: \Users\{redacted}\AppData\Local\Google\Chrome\User Data\ and 
C:\Users\{redacted}\AppData\Local\Microsoft\Edge\User Data\. They also enumerated 
several directories, including directories containing vulnerability testing and cyber related content and 
facilities data, such as construction drawings [T 1083]. 


Lateral Movement 


For lateral movement, Volt Typhoon actors have been observed predominantly employing RDP with 
compromised valid administrator credentials. Note: With a full on-premises Microsoft Active Directory 
identity compromise (see the Credential Access section), the group may be capable of using other 
methods such as Pass the Hash or Pass the Ticket for lateral movement [T1550]. 


In one confirmed compromise of a Water and Wastewater Systems Sector entity, after obtaining initial 
access, Volt Typhoon actors connected to the network via a VPN with administrator credentials they 
obtained and opened an RDP session with the same credentials to move laterally. Over a nine-month 
period, they moved laterally to a file server, a domain controller, an Oracle Management Server 
(OMS), and a VMware vCenter server. The actors obtained domain credentials from the domain 
controller and performed discovery, collection, and exfiltration on the file server (see the Discovery 
and Collection and Exfiltration sections). 


Volt Typhoon's movement to the vCenter server was likely strategic for pre-positioning to OT assets. 
The vCenter server was adjacent to OT assets, and Volt Typhoon actors were observed interacting 
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with the PuTTY application on the server by enumerating existing stored sessions. With this 
information, Volt Typhoon potentially had access to a range of critical PuTTY profiles, including those 
for water treatment plants, water wells, an electrical substation, OT systems, and network security 
devices. This would enable them to access these critical systems [T1563]. See Figure 2. 
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Figure 2: Volt Typhoon Lateral Movement Path File Server, DC, and OT-Adjacent Assets 


Additionally, Volt Typhoon actors have been observed using PSExec to execute remote processes, 
including the automated acceptance of the end-user license agreement (EULA) through an 
administrative account, signified by the accepteula command flag. 


Volt Typhoon actors may have attempted to move laterally to a cloud environment in one victim's 
network but direct attribution to the Volt Typhoon group was inconclusive. During the period of the 
their known network presence, there were anomalous login attempts to an Azure tenant [T1021.007] 
potentially using credentials [T1078.004] previously compromised from theft of NTDS. dit. These 
attempts, coupled with misconfigured virtual machines with open RDP ports, suggested a potential for 
cloud-based lateral movement. However, subsequent investigations, including password changes and 
multifactor authentication (MFA) implementations, revealed authentication failures from non- 
associated IP addresses, with no definitive link to Volt Typhoon. 


Collection and Exfiltration 


The U.S. authoring agencies assess Volt Typhoon primarily collects information that would facilitate 
follow-on actions with physical impacts. For example, in one confirmed compromise, they collected 

[TA0009] sensitive information obtained from a file server in multiple zipped files [T1560] and likely 

exfiltrated [TA0010] the files via Server Message Block (SMB) [T1048] (see Figure 3). Collected 
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information included diagrams and documentation related to OT equipment, including supervisory 
control and data acquisition (SCADA) systems, relays, and switchgear. This data is crucial for 
understanding and potentially impacting critical infrastructure systems, indicating a focus on gathering 
intelligence that could be leveraged in actions targeting physical assets and systems. 


| VPN "T [I3 RDP 
A A -= ur, = 
{redacted}.zip Gg A SMB (?) 


BB 88 BE 
g c 


Figure 3: Volt Typhoon Attack Path for Exfiltration of Data from File Server 


In another compromise, Volt Typhoon actors leveraged WMIC to create and use temporary 
directories (C: \Users\Public\pro, C: WindowsNTempNtmp, C: \Windows\Temp\tmp\Active 
Directory and C:\Windows\Temp\tmp\registry) to stage the extracted ntds.dit and SYSTEM 
registry hives from ntdsutil execution volume shadow copies (see the Credential Access section) 
obtained from two DCs. They then compressed and archived the extracted ntds.dit and 
accompanying registry files by executing ronf.exe, which was likely a renamed version of the 
archive utility rar . exe) [T1560.001]. 


Command and Control 


Volt Typhoon actors have been observed leveraging compromised SOHO routers and virtual private 
servers (VPS) to proxy C2 traffic. For more information, see DOJ press release U.S. Government 


Disrupts Botnet People's Republic of China Used to Conceal Hacking of Critical Infrastructure). 


They have also been observed setting up FRP clients [T1090] on a victim's corporate infrastructure to 
establish covert communications channels [T1573] for command and control. In one instance, Volt 
Typhoon actors implanted the FRP client with filename SMSvcService.exe on a Shortel Enterprise 
Contact Center (ECC) server and a second FRP client with filename Brightmetricagent.exe on 
another server. These clients, when executed via PowerShell [T1059.001], open reverse proxies 
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between the compromised system and Volt Typhoon C2 servers. Brightmetricagent.exe has 
additional capabilities. The FRP client can locate servers behind a network firewall or obscured 
through Network Address Translation (NAT) [T1016]. It also contains multiplexer libraries that can bi- 
directionally stream data over NAT networks and contains a command-line interface (CLI) library that 
can leverage command shells such as PowerShell, Windows Management Instrumentation (WMI), 
and Z Shell (zsh) [T1059.004]. See Appendix C and MAR-10448362-1.v1 for more information. 


In the same compromise, Volt Typhoon actors exploited a Paessler Router Traffic Grapher (PRTG) 
server as an intermediary for their FRP operations. To facilitate this, they used the netsh command, 
a legitimate Windows command, to create a PortProxy registry modification [T1112] on the PRTG 
server [T1090.001]. This key alteration redirected specific port traffic to Volt Typhoon's proxy 
infrastructure, effectively converting the PRTG's server into a proxy for their C2 traffic [T1584.004] 
(see Appendix B for details). 


DETECTION/HUNT RECOMMENDATIONS 
Apply Living off the Land Detection Best Practices 


Apply the prioritized detection and hardening best practice recommendations provided in joint 
guide Identifying and Mitigating Living off the Land Techniques. Many organizations lack 
security and network management best practices (such as established baselines) that support 
detection of malicious LOTL activity—this makes it difficult for network defenders to discern legitimate 
behavior from malicious behavior and conduct behavior analytics, anomaly detection, and proactive 
hunting. Conventional IOCs associated with the malicious activity are generally lacking, complicating 
network defenders' efforts to identify, track, and categorize this sort of malicious behavior. This 
advisory provides guidance for a multifaceted cybersecurity strategy that enables behavior analytics, 
anomaly detection, and proactive hunting, which are part of a comprehensive approach to mitigating 
cyber threats that employ LOTL techniques. 


Review Application, Security, and System Event Logs 


Routinely review application, security, and system event logs, focusing on Windows 
Extensible Storage Engine Technology (ESENT) Application Logs. Due to Volt Typhoon's ability 
for long-term undetected persistence, network defenders should assume significant dwell time and 
review specific application event log IDs, which remain on endpoints for longer periods compared to 
security event logs and other ephemeral artifacts. Focus on Windows ESENT logs because certain 
ESENT Application Log event IDs (216, 325, 326, and 327) may indicate actors copying NTDS. dit. 


See Table 1 for examples of ESENT and other key log indicators that should be investigated. Please 
note that incidents may not always have exact matches listed in the Event Detail column due to 
variations in event logging and TTPs. 
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216 
(Windows 
ESENT 
Application 
Log) 


325 
(Windows 
ESENT 
Application 
Log) 


637 
(Windows 
ESENT 
Application 
Log) 


326 
(Windows 
ESENT 
Application 
Log) 


Table 1: Key Log Indicators for Detecting Volt Typhoon Activity 


A database location change was detected from 
'C:\Windows\NTDS\ntds.dit' to 
‘\\?\GLOBALROOT\Device\{redacted}VolumeShadowC 
opy1\Windows\NTDS\ntds.dit’ 


The database engine created a new database (2, 
C:\Windows\Temp\tmp\Active Directory\ntds.dit). 


C:\Windows\Temp\tmp\Active Directory\ntds.jfm-++- (0) 
New flush map file “C:\Windows\Temp\tmp\Active 
Directory\ntds.jfm” will be created to enable persisted 
lost flush detection. 


NTDS-++-12460,D,100-++--++-1-++- 


C:\$SNAP_{redacted}_ VOLUMECS$\Windows\NTDS\nt 
ds.dit-++-0-++- [1] The database engine attached a 
database. Began mounting of 
C:\Windows\NTDS\ntds.dit file created from volume 
shadow copy process 
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A change in the NTDS.dit 
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detected. This could 
suggest an initial step in 
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where the database is 
being prepared for 
extraction. 


Indicates creation of a new 
NTDS.dit file in a non- 
standard directory. Often a 
sign of data staging for 
exfiltration. Monitor for 
unusual database 
operations in temp 
directories. 


A new flush map file is 
being created for 
NTDS.dit. This may 
suggest ongoing operations 
related to NTDS credential 
dumping, potentially 
capturing uncommitted 
changes to the NTDS. dit 
file. 


Represents the mounting of 
an NTDS.dit file from a 
volume shadow copy. This 
is a critical step in NTDS 
credential dumping, 
indicating active 
manipulation of a domain 
controller's data. 
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(Windows 
ESENT 
Application 
Log) 


21 (Windows 
Terminal 
Services 
Local 
Session 
Manager 
Operational 
Log) 


22 (Windows 
Terminal 
Services 
Local 
Session 
Manager 
Operational 
Log) 


23 (Windows 
Terminal 
Services 
Local 
Session 
Manager 
Operational 
Log) 


24 (Windows 
Terminal 
Services 
Local 


C:\Windows\Temp\tmp\Active Directory\ntds.dit-++-1- 
++- [1] The database engine detached a database (2, 
C:\Windows\Temp\tmp\Active Directory\ntds.dit). 
Completion of mounting of ntds.dit file to 
C:\Windows\Temp\tmp\Active Director 


Remote Desktop Services: Session logon succeeded: 


User: {redacted}\{redacted} Session ID: {redacted} 
Source Network Address: {redacted} 


Remote Desktop Services: Shell start notification 
received: User: {redacted}\{redacted} Session ID: 
{redacted} Source Network Address: {redacted} 


Remote Desktop Services: Session logoff succeeded: 
User: {redacted}\{redacted} Session ID: {redacted} 


Remote Desktop Services: Session has been 


disconnected: User: {redacted}\{redacted} Session ID: 


{redacted} Source Network Address: {redacted} 
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Successful authentication 
to a Remote Desktop 
Services session. 


Successful start of a new 
Remote Desktop session. 
This may imply lateral 
movement or unauthorized 
remote access, especially if 
the user or session is 
unexpected. 


Successful logoff of 
Remote Desktop session. 


Remote Desktop session 
disconnected by user or 
due to network connectivity 
issues. 
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Session 
Manager 
Operational 


25 (Windows Successful reconnection to 
Terminal a Remote Desktop 


Services ; À Services session. This may 
Remote Desktop Services: Session reconnection . 
Local imply lateral movement or 


succeeded: User: {redacted}\{redacted} Session ID: 
Session unauthorized remote 
{redacted} Source Network Address: {redacted} ia 
Manager access, especially if the 


Operational user or session is 
Log) unexpected. 


Indicates the server closed 


Handle scavenged. 
a handle for a client. While 


Share Name: C$ common in network 


1017 File Name: operations, unusual 


(Windows patterns or locations (like 
System Log) | Users\{redacted}\downloads\History.zip Durable: 1 History. zip in a user's 


Resilient or Persistent: 0 Guidance: The server closed downloads) may suggest 
a handle that was previously reserved for a client after data collection from a local 
60 seconds. system. 


All Event ID 1102 entries 
1102 should be investigated as 
(Windows logs are generally not 
Security cleared and this is a known 
Log) Volt Typhoon tactic to cover 
their tracks. 


Monitor and Review OT System Logs 


e Review access logs for communication paths between IT and OT networks, looking for 
anomalous accesses or protocols. 

e Measure the baseline of normal operations and network traffic for the industrial control system 
(ICS) and assess traffic anomalies for malicious activity. 

e Configure intrusion detection systems (IDS) to create alarms for any ICS network traffic 
outside normal operations. 

e Track and monitor audit trails on critical areas of ICS. 
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e Setup security incident and event monitoring (SIEM) to monitor, analyze, and correlate event 
logs from across the ICS network to identify intrusion attempts. 


Review CISA's Recommended Cybersecurity Practices for Industrial Control Systems and the joint 
advisory, NSA and CISA Recommend Immediate Actions to Reduce Exposure Across all Operational 
Technologies and Control Systems, for further OT system detection and mitigation guidance. 


Use gait to Detect Possible Network Proxy Activities 


Use gait[4] to detect network proxy activities. Developed by Sandia National Labs, gait is a 
publicly available Zeek[5] extension. The gait extension can help enrich Zeek's network connection 
monitoring and SSL logs by including additional metadata in the logs. Specifically, gait captures 
unique TCP options and timing data such as a TCP, transport layer security (TLS), and Secure Shell 
(SSH) layer inferred round trip times (RTT), aiding in the identification of the software used by both 
endpoints and intermediaries. 


While the gait extension for Zeek is an effective tool for enriching network monitoring logs with 
detailed metadata, it is not specifically designed to detect Volt Typhoon actor activities. The 
extension's capabilities extend to general anomaly detection in network traffic, including—but not 
limited to—proxying activities. Therefore, while gait can be helpful in identifying tactics similar to those 
used by Volt Typhoon, such as proxy networks and FRP clients for C2 communication, not all 
proxying activities detected by using this additional metadata are necessarily indicative of Volt 
Typhoon presence. It serves as a valuable augmentation to current security stacks for a broader 
spectrum of threat detection. 


For more information, see Sandia National Lab's gait GitHub page sandialabs/gait: Zeek Extension to 
Collect Metadata for Profiling of Endpoints and Proxies. 


Review Logins for Impossible Travel 


Examine VPN or other account logon times, frequency, duration, and locations. Logons from 
two geographically distant locations within a short timeframe from a single user may indicate an 
account is being used maliciously. Logons of unusual frequency or duration may indicate a threat 
actor attempting to access a system repeatedly or maintain prolonged sessions for the purpose of 
data extraction. 


Review Standard Directories for Unusual Files 


Review directories, such as C: \windows\temp\ and C:\users\public\, for unexpected or 
unusual files. Monitor these temporary file storage directories for files typically located in standard 
system paths, such as the System32 directory. For example, Volt Typhoon has been observed 
downloading comsvcs .d11 to a non-standard folder (this file is normally found in the System32 
folder). 


INCIDENT RESPONSE 


If compromise, or potential compromise, is detected, organizations should assume full domain 
compromise because of Volt Typhoon's known behavioral pattern of extracting the NTDS.dit from 
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the DCs. Organizations should immediately implement the following immediate, defensive 
countermeasures: 


1. Sever the enterprise network from the internet. Note: this step requires the agency to 
understand its internal and external connections. When making the decision to sever internet 
access, knowledge of connections must be combined with care to avoid disrupting critical 
functions. 

a. If you cannot sever from the internet, shutdown all non-essential traffic between the 
affected enterprise network and the internet. 

2. Reset credentials of privileged and non-privileged accounts within the trust boundary 
of each compromised account. 

a. Reset passwords for all domain users and all local accounts, such as Guest, 
HelpAssistant, DefaultAccount, System, Administrator, and kbrtgt. The kbrtgt 
account is responsible for handling Kerberos ticket requests as well as encrypting and 
signing them. The kbrtgt account should be reset twice because the account has a two- 
password history. The first account reset for the kbrtgt needs to be allowed to replicate 
prior to the second reset to avoid any issues. See CISA's Eviction Guidance for Networks 
Affected by the SolarWinds and Active Directory/M365 Compromise for more information. 
Although tailored to FCEB agencies compromised in the 2020 SolarWinds Orion supply 
chain compromise, the steps are applicable to organizations with Windows AD 
compromise. 

i) Review access policies to temporarily revoke privileges/access for affected 
accounts/devices. If it is necessary to not alert the attacker (e.g., for intelligence 
purposes), then privileges can be reduced for affected accounts/devices to "contain" 
them. 

b. Reset the relevant account credentials or access keys if the investigation finds the threat 
actor's access is limited to non-elevated permissions. 

i) Monitor related accounts, especially administrative accounts, for any further signs of 
unauthorized access. 

3. Audit all network appliance and edge device configurations with indicators of malicious activity 
for signs of unauthorized or malicious configuration changes. Organizations should ensure 
they audit the current network device running configuration and any local configurations that 
could be loaded at boot time. If configuration changes are identified: 

a. Change all credentials being used to manage network devices, to include keys and strings 
used to secure network device functions (SNMP strings/user credentials, IPsec/IKE 
preshared keys, routing secrets, TACACS/RADIUS secrets, RSA keys/certificates, etc.). 

b. Update all firmware and software to the latest version. 

4. Report the compromise to an authoring agency (see the Contact Information section). 

5. Fororganizations with cloud or hybrid environments, apply best practices for identity and 
credential access management. 

a. Verify that all accounts with privileged role assignments are cloud native, not synced from 
Active Directory. 
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b. Audit conditional access policies to ensure Global Administrators and other highly 
privileged service principals and accounts are not exempted. 

c. Audit privileged role assignments to ensure adherence to the principle of least privilege 
when assigning privileged roles. 

d. Leverage just-in-time and just-enough access mechanisms when administrators need to 
elevate to a privileged role. 

e. In hybrid environments, ensure federated systems (such as AD FS) are configured and 
monitored properly. 

f. Audit Enterprise Applications for recently added applications and examine the API 
permissions assigned to each. 

6. Reconnect to the internet. Note: The decision to reconnect to the internet depends on 
senior leadership's confidence in the actions taken. It is possible—depending on the 
environment—that new information discovered during pre-eviction and eviction steps could 
add additional eviction tasks. 

7. Minimize and control use of remote access tools and protocols by applying best practices 
from joint Guide to Securing Remote Access Software and joint Cybersecurity Information 
Sheet: Keeping PowerShell: Security Measures to Use and Embrace. 

8. Consider sharing technical information with an authoring agency and/or a sector- 
specific information sharing and analysis center. 


For more information on incident response and remediation, see: 


e Joint advisory Technical Approaches to Uncovering and Remediating Malicious Activity. This 
advisory provides incident response best practices. 

e CISA's Federal Government Cybersecurity Incident and Vulnerability Response Playbooks. 
Although tailored to U.S. Federal Civilian Executive Branch (FCEB) agencies, the playbooks 
are applicable to all organizations. The incident response playbook provides procedures to 
identify, coordinate, remediate, recover, and track successful mitigations from incidents. 

e Joint Water and Wastewater Sector - Incident Response Guide. This joint guide provides 
incident response best practices and information on federal resources for Water and 
Wastewater Systems Sector organizations. 
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MITIGATIONS 
The authoring agencies recommend These mitigations are intended for IT 
organizations implement the mitigations below administrators in critical infrastructure 
to improve your organization's cybersecurity organizations. The authoring agencies recommend 
posture on the basis of Volt Typhoon activity. that software manufactures incorporate secure by 
These mitigations align with the Cross-Sector design and default principles and tactics into their 
Cybersecurity Performance Goals (CPGs) software development practices to strengthen the 


developed by CISA and the National Institute of | security posture for their customers. 
Standards and Technology (NIST). The CPGs 
provide a minimum set of practices and 
protections that CISA and NIST recommend all 
organizations implement. CISA and NIST based 
the CPGs on existing cybersecurity frameworks 
and guidance to protect against the most 
common and impactful threats, tactics, 


For information on secure by design practices that 


may protect customers against common Volt 
Typhoon techniques, see joint guide Identifying 
and Mitigating Living off the Land Techniques and 
joint Secure by Design Alert Security Design 
Improvements for SOHO Device Manufacturers. 


techniques, and procedures. Visit CISA's For more information on secure by design, see 
Cross-Sector Cybersecurity Performance Goals | CISA's Secure by Design webpage and joint 


for more information on the CPGs, including quide. 
additional recommended baseline protections. 


IT Network Administrators and Defenders 
Harden the Attack Surface 


e Apply patches for internet-facing systems within a risk-informed span of time [CPG 1E]. 
Prioritize patching critical assets, known exploited vulnerabilities, and vulnerabilities in 
appliances known to be frequently exploited by Volt Typhoon (e.g., Fortinet, lvanti, NETGEAR, 
Citrix, and Cisco devices). 

e Apply vendor-provided or industry standard hardening guidance to strengthen software 
and system configurations. Note: As part of CISA's Secure by Design campaign, CISA urges 
software manufacturers to prioritize secure by default configurations to eliminate the need for 
customer implementation of hardening guidelines. 

e Maintain and regularly update an inventory of all organizational IT assets [CPG 1A]. 

e Use third party assessments to validate current system and network security 
compliance via security architecture reviews, penetration tests, bug bounties, attack surface 
management services, incident simulations, or table-top exercises (both announced and 
unannounced) [CPG 1F]. 

e Limit internet exposure of systems when not necessary. An organization's primary attack 
surface is the combination of the exposure of all its internet-facing systems. Decrease the 
attack surface by not exposing systems or management interfaces to the internet when not 
necessary. 
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Secure Credentials 


e Do not store credentials on edge appliances/devices. Ensure edge devices do not contain 
accounts that could provide domain admin access. 

e Donot store plaintext credentials on any system [CPG 2L]. Credentials should be stored 
securely—such as with a credential/password manager or vault, or other privileged account 
management solutions—so they can only be accessed by authenticated and authorized users. 

e Change default passwords [CPG 2A] and ensure they meet the policy requirements for 
complexity. 

e Implement and enforce an organizational system-enforced policy that: 

o Requires passwords for all IT password-protected assets to be at least 15 
characters; 

o Does not allow users to reuse passwords for accounts, applications, services, etc., 
[CPG 2C]; and 

o Does not allow service accounts/machine accounts to reuse passwords from 
member user accounts. 

e Configure Group Policy settings to prevent web browsers from saving passwords and 
disable autofill functions. 

e Disable the storage of clear text passwords in LSASS memory. 


Secure Accounts 


e Implement phishing-resistant MFA for access to assets [CPG 2H]. 
e Separate user and privileged accounts. 

o User accounts should never have administrator or super-user privileges [CPG 2E]. 

o Administrators should never use administrator accounts for actions and activities not 
associated with the administrator role (e.g., checking email, web browsing). 

e Enforce the principle of least privilege. 

o Ensure administrator accounts only have the minimum permissions necessary to 
complete their tasks. 

o Review account permissions for default/accounts for edge appliances/devices and 
remove domain administrator privileges, if identified. 

o Significantly limit the number of users with elevated privileges. Implement continuous 
monitoring for changes in group membership, especially in privileged groups, to detect and 
respond to unauthorized modifications. 

o Remove accounts from high-privilege groups like Enterprise Admins and Schema 
Admins. Temporarily reinstate these privileges only when necessary and under strict 
auditing to reduce the risk of privilege abuse. 

o Transition to Group Managed Service Accounts (gMSAs) where suitable for enhanced 
management and security of service account credentials. gMSAs provide automated 
password management and simplified Service Principal Name (SPN) management, 
enhancing security over traditional service accounts. See Microsoft's Group Managed 
Service Accounts Overview. 
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e Enforce strict policies via Group Policy and User Rights Assignments to limit high- 
privilege service accounts. 

e Consider using a privileged access management (PAM) solution to manage access to 
privileged accounts and resources [CPG 2L]. PAM solutions can also log and alert usage to 
detect any unusual activity. 

e Complement the PAM solution with role-based access control (RBAC) for tailored access 
based on job requirements. This ensures that elevated access is granted only when required 
and for a limited duration, minimizing the window of opportunity for abuse or exploitation of 
privileged credentials. 

e Implement an Active Directory tiering model to segregate administrative accounts 
based on their access level and associated risk. This approach reduces the potential impact of 
a compromised account. See Microsoft’s PAM environment tier model. 

e Harden administrative workstations to only permit administrative activities from 
workstations appropriately hardened based on the administrative tier. See Microsoft’s Why are 
privileged access devices important - Privileged access. 

e Disable all user accounts and access to organizational resources of employees on the 
day of their departure [CPG 2G] 

e Regularly audit all user, admin, and service accounts and remove or disable unused or 
unneeded accounts as applicable. 

e Regularly roll NTLM hashes of accounts that support token-based authentication. 

e Improve management of hybrid (cloud and on-premises) identity federation by: 

o Using cloud only administrators that are asynchronous with on-premises 
environments and ensuring on-premises administrators are asynchronous to the cloud. 

o Using CISA’s SCuBAGear tool to discover cloud misconfigurations in Microsoft 
cloud tenants. SCuBA gear is automation script for comparing Federal Civilian Executive 
Branch (FCEB) agency tenant configurations against CISA M365 baseline 
recommendations. SCuBAGear is part of CISA’s Secure Cloud Business Applications 
(SCuBA) project, which provides guidance for FCEB agencies, securing their cloud 
business application environments and protecting federal information created, accessed, 
shared, and stored in those environments. Although tailored to FCEB agencies, the project 
provides security guidance applicable to all organizations with cloud environments. For 
more information on SCuBAGear see CISA’s Secure Cloud Business Applications 
(SCuBA) Project. 

o Using endpoint detection and response capabilities to actively defend on-premises 
federation servers. 


Secure Remote Access Services 


e Limit the use of RDP and other remote desktop services. If RDP is necessary, apply best 
practices, including auditing the network for systems using RDP, closing unused RDP ports, 
and logging RDP login attempts. 
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e Disable Server Message Block (SMB) protocol version 1 and upgrade to version 3 
(SMBv3) after mitigating existing dependencies (on existing systems or applications), as they 
may break when disabled. 

e Harden SMBv3 by implementing guidance included in joint ZStopRansomware Guide (see 
page 8 of the guide). 

e Apply mitigations from the joint Guide to Securing Remote Access Software. 


Secure Sensitive Data 


e Securely store sensitive data (including operational technology documentation, network 
diagrams, etc.), ensuring that only authenticated and authorized users can access the data. 


Implement Network Segmentation 


e Ensure that sensitive accounts use their administrator credentials only on hardened, 
secure computers. This practice can reduce lateral movement exposure within networks. 

e Conduct comprehensive trust assessments to identify business-critical trusts and 
apply necessary controls to prevent unauthorized cross-forest/domain traversal. 

e Harden federated authentication by enabling Secure Identifier (SID) Filtering and 
Selective Authentication on AD trust relationships to further restrict unauthorized access 
across domain boundaries. 

e Implement network segmentation to isolate federation servers from other systems and 
limit allowed traffic to systems and protocols that require access in accordance with Zero Trust 
principles. 


Secure Cloud Assets 


e Harden cloud assets in accordance with vendor-provided or industry standard hardening 
guidance. 

o Organizations with Microsoft cloud infrastructure, see CISA's Microsoft 365 Security 
Configuration Baseline Guides, which provide minimum viable secure configuration 
baselines for Microsoft Defender for Office 365, Azure Active Directory (now known as 
Microsoft Entra ID), Exchange Online, OneDrive for Business, Power BI, Power Platform, 
SharePoint Online, and Teams. For additional guidance, see the Australian Signals 
Directorate's Blueprint for Secure Cloud. 

o Organizations with Google cloud infrastructure, see CISA's Google Workspace Security 
Configuration Baseline Guides, which provide minimum viable secure configuration 
baselines for Groups for Business, GMAIL, Google Calendar, Google Chat, Google 
Common Controls, Google Classroom, Google Drive and Docs, Google Meet, and Google 
Sites. 

e Revoke unnecessary public access to cloud environment. This involves reviewing and 
restricting public endpoints and ensuring that services like storage accounts, databases, and 
virtual machines are not publicly accessible unless absolutely necessary. Disable legacy 
authentication protocols across all cloud services and platforms. Legacy protocols frequently 
lack support for advanced security mechanisms such as multifactor authentication, rendering 
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them susceptible to compromises. Instead, enforce the use of modern authentication protocols 

that support stronger security features like MFA, token-based authentication, and adaptive 

authentication measures. 

o Enforce this practice through the use of Conditional Access Policies. These policies 
can initially be run in report-only mode to identify potential impacts and plan mitigations 
before fully enforcing them. This approach allows organizations to systematically control 
access to their cloud resources, significantly reducing the risk of unauthorized access and 
potential compromise. 

e Regularly monitor and audit privileged cloud-based accounts, including service accounts, 
which are frequently abused to enable broad cloud resource access and persistence. 


Be Prepared 


e Ensure logging is turned on for application, access, and security logs (e.g., intrusion 
detection systems/intrusion prevention systems, firewall, data loss prevention, and VPNs) 
[CPG 2T]. Given Volt Typhoon's use of LOTL techniques and their significant dwell time, 
application event logs may be a valuable resource to hunt for Volt Typhoon activity because 
these logs typically remain on endpoints for relatively long periods of time. 

o For OT assets where logs are non-standard or not available, collect network traffic and 
communications between those assets and other assets. 
o Implement file integrity monitoring (FIM) tools to detect unauthorized changes. 

e Store logs in a central system, such as a security information and event management 
(SIEM) tool or central database. 

o Ensure the logs can only be accessed or modified by authorized and authenticated 
users [CPG 2U]. 
Store logs for a period informed by risk or pertinent regulatory guidelines. 

o Tune log alerting to reduce noise while ensuring there are alerts for high-risk 
activities. (For information on alert tuning, see joint guide Identifying and Mitigating Living 
Off the Land Techniques.) 

e Establish and continuously maintain a baseline of installed tools and software, account 
behavior, and network traffic. This way, network defenders can identify potential outliers, 
which may indicate malicious activity. Note: For information on establishing a baseline, see 
joint guide Identifying and Mitigating Living off the Land Techniques. 

e Documenta list of threats and cyber actor TTPs relevant to your organization (e.g., 
based on industry or sectors), and maintain the ability (such as via rules, alerting, or 
commercial prevention and detection systems) to detect instances of those key threats [CPG 
3A]. 

e Implement periodic training for all employees and contractors that covers basic 
security concepts (such as phishing, business email compromise, basic operational security, 
password security, etc.), as well as fostering an internal culture of security and cyber 
awareness [CPG 2l]. 

o Tailor the training to network IT personnel/administrators and other key staff based 
on relevant organizational cyber threats and TTPs, such as Volt Typhoon. For 
example, communicate that Volt Typhoon actors are known to target personal email 
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accounts of IT staff, and encourage staff to protect their personal email accounts by using 
strong passwords and implementing MFA. 

o In addition to basic cybersecurity training, ensure personnel who maintain or secure OT 
as part of their regular duties receive OT-specific cybersecurity training on at least 
an annual basis [CPG 2J]. 

o Educate users about the risks associated with storing unprotected passwords. 


OT Administrators and Defenders 


e Change default passwords [CPG 2A] and ensure they meet the policy requirements for 
complexity. If the asset's password cannot be changed, implement compensating controls for 
the device; for example, segment the device into separate enclaves and implement increased 
monitoring and logging. 

e Require that passwords for all OT password-protected assets be at least 15 characters, 
when technically feasible. In instances where minimum passwords lengths are not technically 
feasible (for example, assets in remote locations), apply compensating controls, record the 
controls, and log all login attempts. [CPG 2B]. 

e Enforce strict access policies for accessing OT networks. Develop strict operating 
procedures for OT operators that details secure configuration and usage. 

e Segment OT assets from IT environments by [CPG 2F]: 

o Denying all connections to the OT network by default unless explicitly allowed (e.g., by 
IP address and port) for specific system functionality. 

o Requiring necessary communications paths between IT and OT networks to pass 
through an intermediary, such as a properly configured firewall, bastion host, "jump box,” 
or a demilitarized zone (DMZ), which is closely monitored, captures network logs, and only 
allows connections from approved assets. 

e Closely monitor all connections into OT networks for misuse, anomalous activity, or OT 
protocols. 

e Monitor for unauthorized controller change attempts. Implement integrity checks of 
controller process logic against a known good baseline. Ensure process controllers are 
prevented from remaining in remote program mode while in operation if possible. 

e Lock or limit set points in control processes to reduce the consequences of 
unauthorized controller access. 

e Be prepared by: 

o Determining your critical operational processes' reliance on key IT infrastructure: 
= Maintain and regularly update an inventory of all organizational OT assets. 
= Understand and evaluate cyber risk on “as-operated” OT assets. 
= Create an accurate "as-operated" OT network map and identify OT and IT network 

inter-dependencies. 

o Identifying a resilience plan that addresses how to operate if you lose access to or 
control of the IT and/or OT environment. 
= Plan for how to continue operations if a control system is malfunctioning, inoperative, 

or actively acting contrary to the safe and reliable operation of the process. 
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= Develop workarounds or manual controls to ensure ICS networks can be isolated if the 
connection to a compromised IT environment creates risk to the safe and reliable 
operation of OT processes. 
o Create and regularly exercise an incident response plan. 
= Regularly test manual controls so that critical functions can be kept running if OT 
networks need to be taken offline. 
o Implement regular data backup procedures on OT networks. 
= Regularly test backup procedures. 
e Follow risk-informed guidance in the joint advisory NSA and CISA Recommend Immediate 
Actions to Reduce Exposure Across all Operational Technologies and Control Systems, the 
NSA advisory Stop Malicious Cyber Activity Against Connected Operational Technology. 


CONTACT INFORMATION 


US organizations: To report suspicious or criminal activity related to information found in this joint 
Cybersecurity Advisory, contact: 


e CISA's 24/7 Operations Center at Report@cisa.gov or (888) 282-0870 or your local FBI field 
office. When available, please include the following information regarding the incident: date, 
time, and location of the incident; type of activity; number of people affected; type of 
equipment used for the activity; the name of the submitting company or organization; and a 
designated point of contact. 

e For NSA client requirements or general cybersecurity inquiries, contact 
Cybersecurity Requests@nsa.gov. 

e Water and Wastewater Systems Sector organizations, contact the EPA Water Infrastructure 
and Cyber Resilience Division at watercyberta@epa.gov to voluntarily provide situational 
awareness. 

e Entities required to report incidents to DOE should follow established reporting requirements, 
as appropriate. For other energy sector inquiries, contact EnergySRMA@hq.doe.gov. 

e For transportation entities regulated by TSA, report to CISA Central in accordance with the 
requirements found in applicable Security Directives, Security Programs, or TSA Order. 


Australian organizations: Visit cyber.gov.au or call 1300 292 371 (1300 CYBER 1) to report 
cybersecurity incidents and access alerts and advisories. 
Canadian organizations: Report incidents by emailing CCCS at contact@cyber.gc.ca. 


New Zealand organizations: Report cyber security incidents to incidents@ncsc.govt.nz or call 04 
498 7654. 


United Kingdom organizations: Report a significant cyber security incident: ncsc.gov.uk/report-an- 
incident (monitored 24 hours) or, for urgent assistance, call 03000 200 973. 
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VALIDATE SECURITY CONTROLS 


In addition to applying mitigations, the authoring agencies recommend exercising, testing, and 
validating your organization's security program against the threat behaviors mapped to the MITRE 
ATT&CK for Enterprise framework in this advisory. The authoring agencies recommend testing your 
existing security controls inventory to assess how they perform against the ATT&CK techniques 
described in this advisory. 


To get started: 


1. Select an ATT&CK technique described in this advisory (see Table 5 through Table 17). 

Align your security technologies against the technique. 

Test your technologies against the technique. 

Analyze your detection and prevention technologies' performance. 

Repeat the process for all security technologies to obtain a set of comprehensive performance 

data. 

6. Tune your security program, including people, processes, and technologies, based on the 
data generated by this process. 


AYN 


The authoring agencies recommend continually testing your security program, at scale, in a 
production environment to ensure optimal performance against the MITRE ATT&CK techniques 
identified in this advisory. 
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DISCLAIMER 


The information in this report is being provided “as is” for informational purposes only. The authoring 
agencies do not endorse any commercial entity, product, company, or service, including any entities, 
products, or services linked within this document. Any reference to specific commercial entities, 
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products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not 
constitute or imply endorsement, recommendation, or favoring by the authoring agencies. 
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APPENDIX A: VOLT TYPHOON OBSERVED COMMANDS / LOTL ACTIVITY 


See Table 2 and Table 3 for Volt Typhoon commands and PowerShell scripts observed by the U.S. 
authoring agencies during incident response activities. For additional commands used by Volt 


Typhoon, see joint advisory People's Republic of China State-Sponsored Cyber Actor Living off the 
Land to Evade Detection. 


Table 2: Volt Typhoon Observed Commands in PowerShell Console History 


Get-EventL og security -instanceid 4624 -after 
(redacted date) | fl * | Out-File 
‘C:\users\public\documents\user.dat’ 


PowerShell command extracts security log 
entries with the Event ID 4624 after a specified 
date. The output is formatted (f1 *) and saved 


to user.dat. Potentially used to analyze logon 
patterns and identify potential targets for lateral 
movement. 


Get-EventLog security -instanceid 4624 | Where- 
Object ($ .message.contains('(redacted user 
account}')} | select -First 1 | fl * 


PowerShell command extracts security log 
entries with the Event ID 4624 and filters them 
to include only those containing a specific user 
account, selecting the first instance of such an 
event. 

NIDIRG process gat name, pracgssia Appears to be an attempt to use the wmic 
command but with a misspelling (wminc instead 
of wmic). This command, as it stands, would 
not execute successfully and would return an 
error in a typical Windows environment. This 
could indicate a mistake made during manual 
input. 

wmic process get name,processid WMI command lists all running processes with 
process names and process IDs. Potentially 
used to find process IDs needed for other 
operations, like memory dumping. 


tasklist /v 


Command displays detailed information about 
currently running processes, including the 
name, PID, session number, and memory 
usage. 
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taskkill /f /im rdpservice.exe Command forcibly terminates the process 
rdpservice.exe. Potentially used as a 
cleanup activity post-exploitation. 


ping -n 1 (redacted IP address) Command sends one ICMP echo request to a 
specified IP address. 


ping -n 1 -w 1 (redacted IP address) Command sends one ICMP echo request to a 
specified IP address with a timeout (-w) of 1 
millisecond. 


net user Lists all user accounts on the local machine or 
domain, useful for quickly viewing existing user 
accounts. 


quser Displays information about user sessions on a 


System, aiding in identifying active users or 
sessions. 


query user 


net start Lists all active services. 


cd [Redacted Path] Changes the current directory to a specified 
path, typically for navigating file systems. 


Remove-Item .\Thumbs.db PowerShell command to delete the Thumbs . db 
file, possibly for cleanup or removing traces. 


move .\Thumbs.db ttt.dat Relocates and renames the file Thumbs. db in 
the current directory to ttt. dat within the 
same directory. 


del .\Thumbs.db /f /s /q Force deletes Thumbs.db files from the current 
directory and all subdirectories, part of cleanup 
operations to erase traces. 


Deletes files with two-character names, 
potentially a targeted cleanup command. 
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Displays help information for the del 
command. 


net time /dom 


type .\Notes.txt 


Retrieves network configuration details, helpful 
for discovery and mapping the victim's network. 


Queries or sets the network time for a domain, 
potentially used for reconnaissance or to 
manipulate system time. 


Intended as netstat -ano; a mistyped 
command indicating a potential operational 
error. 


Lists active network connections and 
processes, helpful for identifying 
communication channels and potential targets. 


Displays the contents of Notes.txt, possibly 
used for extracting specific information or 
intelligence gathering. 


logoff 


Table 3: Volt Typhoon Observed PowerShell Scripts 


C:\{redacted}\ 
logins.ps1 


# Define time for report (default is 1 day) 
$startDate = (get-date).AddDays(-1) 
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# Find DC list from Active Directory 
$DCs = Get-ADDomainController -Filter * 


The script is designed for 
user logon discovery in a 
Windows Active Directory 
environment. It retrieves a 
list of DCs and then 
queries security logs on 
these DCs for successful 
logon events (Event ID 
4624) within the last day. 
The script differentiates 
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# Store successful logon events from 
security logs with the specified dates and 
workstation/IP in an array 


foreach ($DC in $DCs)( 


$slogonevents = Get-Eventlog -LogName 
Security -ComputerName $DC.Hostname - 
after $startDate | where ($ .eventlD -eq 
4624 }} 


# Crawl through events; print all logon 
history with type, date/time, status, account 
name, computer and IP address if user 
logged on remotely 


foreach ($e in $slogonevents){ 


# Logon Successful Events 
# Local (Logon Type 2) 


if (($e.EventID -eq 4624 ) -and 
($e.ReplacementStrings[8] -eq 2)){ 


write-host "Type: Local Logon tDate: 
"$e.TimeGenerated "tStatus: 

Success tUser: "$e.ReplacementStrings[5] 
"tWorkstation: "$e.ReplacementStrings[1 1] 


} 
# Remote (Logon Type 10) 


if (($e.EventID -eq 4624 ) -and 
($e.ReplacementStrings[8] -eq 10)){ 


write-host "Type: Remote Logon tDate: 
"$e.TimeGenerated " tStatus: 

Success tUser: "$e.ReplacementStrings[5] 
"tWorkstation: "$e.ReplacementStrings[11] 
"tIP Address: "$e.ReplacementStrings[18] 


} 


between local (Logon Type 
2) and remote (Logon 
Type 10) logon events. For 
each event, it extracts and 
displays details including 
the logon type, date/time of 
logon, status, account 
name, and the workstation 
or IP address used for the 
logon. Volt Typhoon may 
be leveraging this script to 
monitor user logon 
activities across the 
network, potentially to 
identify patterns, gather 
credentials, or track the 
movement of users and 
administrators within the 
network. 
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APPENDIX B: INDICATORS OF COMPROMISE 
See Table 4 for Volt Typhoon IOCs obtained by the U.S. authoring agencies during incident response 


activities. 


Note: See MAR-10448362-1.v1 for more information on this malware. 


File Name 


Description 


Table 4: Volt Typhoon Malicious Files and Associated Hashes 


Hashes (SHA256) 


SMSvcService.exe 


between the 
compromised system 
and the threat actor(s) 
C2 server. 


The file is an FRP that | fd41134e8ead1c18cca | edc0c63065e88ec961 

could be used to d27c62a260aa6 97c8d7a40662a15a81 

reveal servers situated 2a9583dc6c82b18ecd 

behind a network Te43b13b70 
BrightmetricAgentexe | firewall or obscured 

through Network 

Address Translation 

(NAT). 

The file is a Windows | b1de37bf229890ac181 | 99b80c5ac352081a64 

executable "FRPC" bdef1ad8ee0c2 129772ed5e1543d94c 

designed to open a ad708ba2adc46dc4ab 

reverse proxy 7a0bd563f1 
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APPENDIX C: MITRE ATT&CK TACTICS AND TECHNIQUES 


See Table 5 through Table 17 for all referenced threat actor tactics and techniques in this advisory. 
Table 5: Volt Typhoon actors ATT&CK Techniques for Enterprise - Reconnaissance 


Reconnaissance 


Gather Victim Host Volt Typhoon conducts extensive pre-compromise 
Information reconnaissance. This includes web searches, including victim- 
owned sites, for victim host, identity, and network information, 


especially for information on key network and IT 
administrators. 


Gather Victim Volt Typhoon conducts extensive pre-compromise 
Identity Information reconnaissance to learn about the target organization's staff. 


Gather Victim 11589.002 | Volt Typhoon targets the personal emails of key network and 
Identity Information: IT staff. 
Email Addresses 


T1592 

T1589 
Gather Victim T1590 Volt Typhoon conducts extensive pre-compromise 
Network Information reconnaissance to learn about the target organization’s 
network. 
T1591 
T1593 
T1594 


Search Open 
Websites/Domains 


Volt Typhoon conducts extensive pre-compromise 
reconnaissance. This includes web searches, including victim- 
owned sites, for victim host, identity, and network information, 
especially for information on key network and IT 
administrators. 


Gather Victim Org Volt Typhoon conducts extensive pre-compromise 
Information reconnaissance to learn about the target organization. 


administrators. 


Search Victim- Volt Typhoon conducts extensive pre-compromise 

Owned Websites reconnaissance. This includes web searches, including victim- 
owned sites, for victim host, identity, and network information, 
especially for information on key network and IT 
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Table 6: Volt Typhoon actors ATT&CK Techniques for Enterprise - Resource Development 


Resource Development 


Acquire 11583.003 | Volt Typhoon uses multi-hop proxies for command-and-control 

Infrastructure: infrastructure. The proxy is typically composed of Virtual 

Botnet Private Servers (VPSs) or small office/home office (SOHO) 
routers. 


Compromise T1584.005 | Volt Typhoon used Cisco and NETGEAR end-of-life SOHO 
Infrastructure: routers implanted with KV Botnet malware to support their 


Botnet operations. 


Compromise 11584.004 | Volt Typhoon has redirected specific port traffic to their proxy 
Infrastructure: infrastructure, effectively converting the PRTG's Detection 


Server Guidance server into a proxy for their C2 traffic. 


Develop 11587.004 | Volt Typhoon uses publicly available exploit code, but is also 
Capabilities: Exploits adept at discovering and exploiting vulnerabilities as zero 
days. 


Obtain Capabilities: | T1588.005 | Volt Typhoon uses publicly available exploit code, but is also 
Exploits adept at discovering and exploiting vulnerabilities as zero 
days. 


Table 7: Volt Typhoon actors ATT&CK Techniques for Enterprise - Initial Access 


Initial Access 


Exploit Public- Volt Typhoon commonly exploits vulnerabilities in networking 
Facing Application appliances such as Fortinet, Ivanti (formerly Pulse Secure), 
NETGEAR, Citrix, and Cisco. 


External Remote Volt Typhoon often uses VPN sessions to securely connect to 
Services victim environments, enabling discreet follow-on intrusion 
activities. 
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Table 8: Volt Typhoon actors ATT&CK Techniques for Enterprise - Execution 


Command and 
Scripting Interpreter 


Command and 


Scripting Interpreter: 


PowerShell 


Command and 


Scripting Interpreter: 


Unix Shell 


Windows 
Management 
Instrumentation 


Exploitation for 
Privilege Escalation 


Execution 


Volt Typhoon uses hands-on-keyboard execution for their 
malicious activity via the command-line. 


Volt Typhoon has executed clients via PowerShell. 


Volt Typhoon has used Brightmetricagent.exe, which 
contains multiplexer libraries that can bi-directionally stream 
data over through NAT networks and contains a command- 
line interface (CLI) library that can leverage command shells 
such as PowerShell, Windows Management, Instrumentation 
(WMI), and Z Shell (zsh). 


Volt Typhoon has used Windows Management 
Instrumentation Console (WMIC) commands. 


Volt Typhoon primarily relies on valid credentials for 
persistence. 


Volt Typhoon first obtains credentials from public-facing 
appliances after gaining initial access by exploiting privilege 
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escalation vulnerabilities in the operating system or network 
services. 


Table 11: Volt Typhoon actors ATT&CK Techniques for Enterprise - Defense Evasion 


Defense Evasion 


Direct Volume T1006 Volt Typhoon has executed the Windows-native vssadmin 
Access command to create a volume shadow copy. 
Indicator Removal: 11070.009 | Volt Typhoon has selectively cleared Windows Event Logs, 
Clear Persistence system logs, and other technical artifacts to remove evidence 
of their intrusion activity and masquerading file names. 
Indicator Removal: 11070.001 | Volt Typhoon has selectively cleared Windows Event Logs, 
Clear Windows System logs, and other technical artifacts to remove evidence 


Event Logs of their intrusion activity and masquerading file names. 
Indicator Removal: 11070.004 | Volt Typhoon created systeminfo.dat in 
File Deletion C: \Users\Public\Documents, but subsequently deleted it. 


Name or Location of their intrusion activity and masquerading file names. 


Modify Registry T1112 Volt Typhoon has used the netsh command, a legitimate 
Windows command, to create a PortProxy registry 
modification on the PRTG server. 


Obfuscated Files or | T1027.002 | Volt Typhoon has obfuscated FRP client files 
Information: (BrightmetricAgent.exe and SMSvcService.exe) and the 
Software Packing command-line port scanning utility ScanLine by packing the 


Masquerading: 11036.005 | Volt Typhoon has selectively cleared Windows Event Logs, 
Match Legitimate system logs, and other technical artifacts to remove evidence 


files with Ultimate Packer for Executables (UPX). 


System Binary T1218 Volt Typhoon uses hands-on-keyboard activity via the 
Proxy Execution command-line and use other native tools and processes on 
systems (often referred to as "LOLBins"), known as LOTL, to 


maintain and expand access to the victim networks. 
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Table 12: Volt Typhoon actors ATT&CK Techniques for Enterprise - Credential Access 
Credential Access 


Brute Force: T1110.002 | Volt Typhoon has exfiltrated NTDS.dit and SYSTEM registry 
Password Cracking hive to crack passwords offline. 


Credentials from 11555 Volt Typhoon has installed browsers saved passwords history, 
Password Stores credit card details, and cookies. 


Credentials from 11555.003 | Volt Typhoon has strategically targeted network administrator 
Password Stores: web browser data, focusing on both browsing history and 
Credentials from stored credentials. 


Web Browsers 


OS Credential T1003.001 | Volt Typhoon used a DLL with MiniDump and the process ID 
Dumping: LSASS of Local Security Authority Subsystem Service (LSASS) to 


Memory dump the LSASS process memory and obtain credentials. 
OS Credential 11003.003 | Volt Typhoon appears to prioritize obtaining valid credentials 
Dumping: NTDS by extracting the Active Directory database file (NTDS . dit). 


Unsecured T1552 Volt Typhoon has obtained credentials insecurely stored on an 
Credentials appliance. 


Unsecured 11552.004 | Volt Typhoon has accessed a Local State file that contains the 

Credentials: Private Advanced Encryption Standard (AES) encryption key used to 

Keys encrypt the passwords stored in the Chrome browser, which 
enables the actors to obtain plaintext passwords stored in the 
Login Data file in the Chrome browser. 


Table 13: Volt Typhoon actors ATT&CK Techniques for Enterprise - Discovery 


Discovery 


Account Discovery: 11087.001 | Volt Typhoon executed net user and quser for user account 
Local Account information. 
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Application Window 
Discovery 


Browser Information 
Discovery 


File and Directory 
Discovery 


Log Enumeration 


Network Service 
Discovery 


Peripheral Device 


Discovery 


Permission Groups 


Discovery 


Process Discovery 


Query Registry 


Software Discovery 


System Information 
Discovery 
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Volt Typhoon created and accessed a file named 
rult3uil.log on a Domain Controller in 

C: \Windows\System32\. The rult3uil.log file contained 
user activities on a compromised system, showcasing a 
combination of window title information and focus shifts, 
keypresses, and command executions across Google Chrome 
and Windows PowerShell, with corresponding timestamps. 


Volt Typhoon has installed browsers saved passwords history, 
credit card details, and cookies. 


Volt Typhoon enumerated several directories, including 
directories containing vulnerability testing and cyber related 
content and facilities data, such as construction drawings. 


Volt Typhoon has captured successful logon events. 


Volt Typhoon has used commercial tools, LOTL utilities, and 
appliances already present on the system for system 
information, network service, group, and user discovery. 


Volt Typhoon has obtained the victim's system screen 
dimension and display devices information. 


Volt Typhoon has used commercial tools, LOTL utilities, and 
appliances already present on the system for system 
information, network service, group, and user discovery. 


Volt Typhoon executed tasklist /v to gather a detailed 
process listing. 


Volt Typhoon has interacted with a PUTTY application by 
enumerating existing stored sessions. 


Volt Typhoon has obtained the victim's list of applications 
installed on the victim's system. 


Volt Typhoon has used commercial tools, LOTL utilities, and 
appliances already present on the system for system 
information, network service, group, and user discovery. 
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System Location T1614 Volt Typhoon has obtained the victim's system current locale. 
Discovery 


System Network 11016.001 | Volt Typhoon employs ping with various IP addresses to 
Configuration check network connectivity and net start to list running 
Discovery: Internet services. 

Connection 


Discovery 


System Owner/User 
Discovery 


Volt Typhoon has used commercial tools, LOTL utilities, and 
appliances already present on the system for system 
information, network service, group, and user discovery. 


T1033 
System Service T1007 Volt Typhoon employs ping with various IP addresses to 
Discovery check network connectivity and net start to list running 
services. 
T1124 


System Time 
Discovery 


Volt Typhoon has obtained the victim's system timezone. 


Table 14: Volt Typhoon actors ATT&CK Techniques for Enterprise - Lateral Movement 


Lateral Movement 


Remote Service T1563 Volt Typhoon potentially had access to a range of critical 
Session Hijacking PuTTY profiles, including those for water treatment plants, 
water wells, an electrical substation, operational technology 
systems, and network security devices. This would enable 
them to access these critical systems. 


Remote Services: T1021.007 | During the period of Volt Typhoon's known network presence, 

Cloud Services there were anomalous login attempts to an Azure tenant 

potentially using credentials previously compromised from 
theft of NTDS . dit. 


Protocol domain administrator privileges. 


Remote Services: T1021.001 | Volt Typhoon has moved laterally to the Domain Controller via 
Remote Desktop an interactive RDP session using a compromised account with 
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Use Alternate T1550 Volt Typhoon may be capable of using other methods such as 
Authentication Pass the Hash or Pass the Ticket for lateral movement. 
Material 


Valid Accounts: T1078.004 | During the period of Volt Typhoon's known network presence, 
Cloud Accounts there were anomalous login attempts to an Azure tenant 
potentially using credentials previously compromised from 


theft of NTDS. dit. 


Table 15: Volt Typhoon actors ATT&CK Techniques for Enterprise - Collection 


Collection 


Archive Collected 
Data 


Volt Typhoon collected sensitive information obtained from a 
file server in multiple zipped files. 


Archive Collected 11560.001 | Volt Typhoon has compressed and archived the extracted 
Data: Archive via ntds.dit and accompanying registry files (by executing 


Utility ronf.exe, which was likely a renamed version of rar. exe). 


T1560 
Data Staged T1074 Volt Typhoon accessed the file 
C: \Users\{redacted}\Downloads\History. zip, which 
presumably contained data from the User Data directory of the 
user's Chrome browser, which the actors likely saved in the 
Downloads directory for exfiltration. 
T1113 


Screen Capture Volt Typhoon has obtained a screenshot of the victim's system 
using two libraries (gdi32.d11 and gdiplus.dll) 


Table 16: Volt Typhoon actors ATT&CK Techniques for Enterprise - Command and Control 


Command and Control 


command and control. 


Encrypted Channel T1573 Volt Typhoon has setup FRP clients on a victim’s corporate 
infrastructure to establish covert communications channels for 
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Ingress Tool Volt Typhoon uses legitimate, but outdated versions of 

Transfer network admin tools. For example, in one confirmed 
compromise, actors downloaded an outdated version of 
comsvcs.d11, on the DC in a non-standard folder. 


T110 
T109 Volt Typhoon has setup FRP clients on a victim's corporate 
infrastructure to establish covert communications channels for 
command and control. 
Proxy: Internal 11090.001 | Volt Typhoon has used the netsh command, a legitimate 
Proxy Windows command, to create a PortProxy registry 
modification on the PRTG server. 


Proxy: Multi-hop 11090.003 | Volt Typhoon uses multi-hop proxies for command-and-control 
Proxy infrastructure. 


Table 17: Volt Typhoon actors ATT&CK Techniques for Enterprise - Exfiltration 


5 
0 


Exfiltration 


Exfiltration Over Volt Typhoon exfiltrated files via Server Message Block 
Alternative Protocol (SMB). 
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ABSTRACT 


The use of social media has been growing every year since its inception. With 
that, individuals, organizations, businesses, and nations have created clever ways to 
spread messages to large audiences; however, in the last decade, those same entities have 
begun utilizing social media to spread false narratives that fit their agenda. Using Tweets 
and memes, non-state and state actors have successfully influenced elections, incited 
riots, and increased membership. Current academic research does not describe who is 
most susceptible to this new type of information disorder. For that reason, the experiment 
detailed in this thesis was designed to aid information environment researchers in 
identifying groups that are most susceptible to information disorder; when conducted, it 
will reveal correlations between the acceptance and propagation of false information 
spread through Tweets and memes and the age group, gender, and education level of 
those most likely to interact with the false information. Once complete, defensive and 
offensive measures can be put in place by individuals, organizations, businesses, and 


nations to defend or attack the most at-risk groups. 
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I. INTRODUCTION 


A. SOCIAL MEDIA, THE NEWS, AND MARKETING: WHAT COULD GO 
WRONG? 


According to a 2019 study by the Pew Research Center, 55% of U.S. adults get 
their news from social media (Suciu, 2019). This figure is up 8% since 2018 and has likely 
increased more due to the 2020 global pandemic (Suciu, 2019). Currently, Facebook 
accounts for 52% of said news, while Twitter is at 17% and Instagram is 14% (Suciu, 
2019). In addition to news, many social media users are seeking product discovery 
(Gorman, 2021). According to Global Web Index, a leading marketing firm for targeted 
advertisements, 42% of individuals use social media for brand/merchandise research and 
roughly “24% of global internet users have clicked on a sponsored post or ad on social 
media" during any given month (Gorman, 2021, sec. *Who clicks on social media ads?"). 
Although many people assume that articles are the main source of news, and digital 
marketing advertisements for product sales, short text blurbs, like Tweets (Figure 1), and 
quick scroll images, like image macro memes (Figure 2), are becoming a mainstream and 
rapid source for current events and brand awareness (Boulter & Bolaji, 2020; Mottola, 
2020). Occasionally, the worlds of social media advertising and news will collide, utilizing 
algorithms (discussed in Chapter II) to target certain audiences for bipartisan or social 
justice topics (Weise, 2018). Unfortunately, this type of intersection creates a massive 
vulnerability to American citizens, opening them up to influence campaigns run by external 


groups. 


While social media does a great job of disseminating word rapidly and to a number 
of audiences, this form of mass distribution opens doors for a new type of information 
operation. Russia, a nation on the forefront of this movement, has been infiltrating social 
media for many years (Wardle & Derakhshan, 2017). Notably, as described in a Senate 
Intelligence Committee report, the 2016 election was fraught with memes and Twitter 
accounts propagating false information aimed at dividing our nation (2019). Much of this 
misinformation took the form of targeted advertisements, like the one beginning with 


“African-Americans have to choose between old Hillary Clinton and rich Donald Trump," 
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that was directly displayed to Facebook users identifying as Hispanic, Asian American, or 
African-American (Weise, 2018, para. 8). Furthermore, after seemingly failed influence 
attempts, China agreed to work with Russia in current and future information operations 
against the Western nations, who they claim to have distorted the narrative around the 
current global pandemic (Weitz, 2020). With that in mind, it is safe to say that foreign 
actors have successfully attempted to influence the thoughts and actions of American 
citizens, and they will only improve at it. These tools (1.e., Tweets, memes, and targeted 
advertisements) are assisting our peer-adversaries in completing their mission, making it 
vitally important that we understand who is most susceptible to online delivered 


information weapons. 


B. KEY INFORMATION DISSEMINATION TOOLS: TWEETS AND 
IMAGE MACRO MEMES 


Using no more than 280 characters at a time, Twitter (2021a), an online social 
media platform, allows users to instantly express their thoughts and feelings to the world 
at large, describing themselves as serving public conversations. The organization believes 
*you should be able to speak your mind and find credible information easily" (Twitter, 
2021c, sec. *Healthy conversations"). The Twittersphere is not exclusive to individual 
users; companies and organizations may use the platform to promote new products, share 
news articles, or show support for current change initiatives. Figure 1, containing a real 
Tweet from The New York Times Twitter page, is annotated to pinpoint specific aspects of 
Tweets that, as detailed in a later chapter, were altered during creation of the false Tweets 


in the experimental design of this thesis. 
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Account Verification Symbol 


Twitter Page Name Twitter Handle Time and Date of Tweet 


The New York Times © @nytim 
Page Image — Breaking News: Johnson and Johnson halted future vaccine shipments in the 
U.S. after about 15 million doses were ruined by a factory mixup. 


DA 


280 Character Text Body 


Shared Article (could ———— Ely e N e w York Cime $ 


be Image) 


Johnson and Johnson vaccine is delayed by a U.S. factory mixup. 
A manufacturer in Baltimore accidentally conflated the ingredients for 
two different coronavirus vaccines, officials say 


? nytimes.com 


Comments Retweets Likes Shares 


Figure 1. A breakdown of a Tweet. Adapted from Twitter (2021). 


Image macro memes, like Figure 2, are likely what comes to mind when the word 
“meme” is used in conversation or writing; they contain text on top of a widely distributed 
photograph (Mina, 2019). For that reason, image macro memes are what will be used for 
this experimental design. However, these digital objects consist of more than images with 
text, encompassing videos, performances, and selfies as well (Mina, 2019). Image macro 
memes appear on all social media platforms, including Twitter, Facebook, Instagram, Tik 


Tok, Reddit, etc., and may be shared by any user in a matter of seconds. 
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Svou Cant WritE a ThESIS\ 


all AbOuT mEmEs 


Figure 2. Image macro meme 


C. WHAT MAKES MEMETIC RESEARCH IMPORTANT? 


Whether a social media user is on Twitter, Facebook, Instagram, or another popular 
application, they are bound to see memes daily. These memes, even if the viewer does not 
realize it, are being created with specific goals in mind; through humor and irony 
(Burroughs, 2020), memes serve as marketing strategies, evident by Fashion Nova's 
Instagram takeover (Raaf, 2018), political campaign ads and propaganda (Burroughs, 
2020), extremist recruitment (Zitser, 2021), or foreign influence tools (Wardle & 
Derakhshan, 2017). Because this information dissemination tactic has evolved from simple 
humorous and ironic images into manipulation techniques, it is paramount that society gain 


a better understanding of how they propagate. 


With undeniable benefits to marketing on social media, it is not surprising that 96% 
of small businesses use it for their marketing strategy (Shepherd, 2021). In fact, social 
media marketing use drives an increase in customer loyalty, leading consumers to spend 
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40% more money once engaged with the business via a follow, like share, etc. (Shepherd, 
2021). Because the preponderance of social media users are on the applications to laugh, 
memes as a marketing tool are growing in popularity (Sprout Social, 2018). Brands ranging 
from Slim Jim to BarkBox are currently utilizing image macro memes (Barker, 2021) like 
the ones displayed in Figure 3. Slim Jim, whose official Instagram page is covered in image 
macro memes, has amassed a following of 1.3 million people (slimjim, 2021). With such 
a large following, Slim Jim holds a lot of influence; if they chose to start posting politically 
driven memetics vice meat stick centric ones, there is no telling what impact they would 
have. Luckily, however, most companies leave the controversial memes to individual users, 
extremist groups, or foreign state actors, who may or may not have a following near that 


of Slim Jim. 


Celebrates with a Slim Yim BK BarkBox @ 


@barkbox 


When u sleepover at a friend's house and they don't 


give u a blanket 


& 
h | 
E That's when I went to Yale. 


E 
lek N 


Thanks! | really need this Yob! 


r 


Figure 3. Slim Jim and BarkBox image macro memes. Source: Slimjim 
(2021) and BarkBox (2021). 


According to the Washington Post, the 2016 political primaries were “the most- 
memed election in U.S. history” (Heiskanen, 2017, p. 1). However, one can make a case 
that the 2020 election took the crown; upon a quick Google search, millions of articles 


appear characterizing an abundance of memes from the most recent presidential election. 
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For example, /nside Hook published a piece entitled *Election Week 2020, As Told in 
Memes," while Cosmopolitan wrote “These 2020 U.S. Presidential Election Memes Will 
Keep You Laughing Until Inauguration Day" (Isaac, 2020; Mahan, 2020). Prior to the 2020 
election, copious amounts of politically driven memetics tended to point out candidate 
hypocrisy or critique policy positions (Heiskanen, 2017). Due to the lack of literature 
surrounding the most recent election, it is difficult to say whether the 2020 memes were 
focused on the same central points. However, upon review of the two articles mentioned 
above, the 2020 election may have encompassed a wider breadth of topics, like the removal 
of Donald Trump from office (Isaac, 2020). Interestingly, politically driven memes like the 
ones mentioned propagate quicker within groups of the same political ideology, making it 
difficult to tell whether they influence voter action (Heiskanen, 2017). Despite the 
uncertainty behind the influential factor of memetics, many extremist groups and foreign 
actors still use them to gain group members or push narratives that benefit them (Graff, 


2018). 


According to the CEO of the Center for Countering Digital Hate (CCDH), a not- 
for-profit organization aimed at “disrupting the architecture of online hate and 
misinformation” (CCDH, 2021, sec. "About"), “Instagram is actively pulling its 
predominantly young users down an extremist rabbit hole” (Zitser, 2021, para. 5). At the 
forefront of these extremist groups is the neo-Nazis (Zitser, 2021). HOPE Not Hate, a 
United Kingdom based group focused on defeating extremism (HOPE not hate, 2021), 
names Instagram as the “platform of choice” for radicalizing the young generation into 
neo-Nazi supporters (Zitser, 2021, para. 7). According to a researcher at HOPE Not Hate, 
memes are the easiest way to spread these ideologies, allowing propagators to hide 
extremism under humor and irony (Zitser, 2021). Once a user interacts with extremist posts 
on Instagram, the algorithm pushes like-information to the “explore” page on the users 
individual account, only increasing the content they encounter (Warren, 2021). According 
to the social media site itself, “interest” is the number one driving factor for feed posts, 
pushing items believed to be “liked” by the user to the top of their screen (Warren, 2021). 
This means that, while one individual may see cookie decorating and cake baking, another 


user will view neo-Nazi and racially charged hate. 
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If extremist groups are using memetics to boost membership, it should come as no 
surprise that foreign actors, specifically Russia and China, are using them to spread 
propaganda and pit our nation against itself (Gaff, 2018; Kao & Li, 2020). In fact, an 
attempt at destabilization through predominantly politically driven misinformation 
memetics has become commonplace (Weitz, 2020). Things like political candidates, 
second amendment rights, and even the COVID-19 pandemic are drivers for foreign 
influence operations (Weitz, 2020; Wyrich, 2017). For example, in Hong Kong, a number 
of students rapidly spread COVID-19 memes with hashtags that placed blame on China 
and its people, hoping to continue longstanding anti-Chinese movements in the area 
(McMinn, 2020). As discussed, however, the effectiveness of memes at dividing a nation 
is unknown (Heiskanen, 2021); this thesis and experimental design will address this gap in 


the literature. 


D. PROBLEM STATEMENT 


Memes have taken center stage in discussions about marketing, politics, extremist 
recruitment, foreign state actors, and even the COVID-19 pandemic (Burroughs, 2020). 
The memes, which include a combination of perceptual cues/elements (Figure 2), 
traditionally manifest themselves as images, texts, videos, performative pieces, and selfies 
(Mina, 2019). However, despite their immense popularity in social media and online 
environments, the field remains understudied. This omnipresence of memetics gives rise 
to an important question: How do memes affect the acceptance and propagation of false 
information? If it is determined that including memes in perceptual stimuli can give rise to 
systemic variation by age, gender, and education level when propagating false information, 
they can be used as leverage in all the methods listed above, especially influence operation 


targeting endeavors. 


E. PURPOSE STATEMENT 


The purpose of this thesis is to design an experiment that explores how memes 
affect the acceptance and propagation of the false information within various ages, 
education levels, and gender groups, when compared to text blurbs (Tweets) alone. In order 
to achieve that, an experiment was designed through the Naval Postgraduate School via the 
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online experimental platform Qualitrics, which, when performed, may be delivered via 
Mechanical Turk (MTURK). The independent variables are the age, education level, and 
gender, which are provided by the experiment participants. The dependent variable is the 
participant willingness to interact with the presented Tweets and memes and their reason 
for doing so. The manipulated variable is the presentation of Tweets and image macro 


memes that contain false information. 


F. RESEARCH DESIGN 


After completing an in-depth literature review, this thesis utilizes experimental 
design to address the purpose and problem statements. It expounds upon how the 
experiment was built, including the reasoning for every single Tweet and meme contained. 
Following methods, the implications for completing the experiment and recommendations 
for future work are detailed. The overarching experimental design for this thesis focuses 
on answering the below hypotheses through an analysis of various participant response to 
a series of Tweets and image macro memes riddled with false information. The survey 
created helps researchers examine whether age, education level, and/or gender correlates 
to the acceptance and propagation of false information spread through image macro 
memes, comparing it to the acceptance and propagation of false information spread 
exclusively through text blurbs. Additionally, as summarized in Chapter III, it will test the 
effects of initial categorization on survey response. The experiment's null hypothesis is 
that age, education level, and gender have no influence on the rate of acceptance of false 


information via memes. This experiment is designed to test the following hypotheses: 


° HA1: Age correlates to the acceptance of false information spread through 


a Tweet and an image macro meme. 


. HA2: Education level correlates to the acceptance of false information 


spread through a Tweet and an image macro meme. 


° HA3: Gender correlates to the acceptance of false information spread 


through a Tweet and an image macro meme. 
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° HA4: Age correlates to the propagation of false information spread 


through a Tweet and an image macro meme. 


. HAS: Education level correlates to the propagation of false information 


spread through a Tweet and an image macro meme. 


° HA6: Gender correlates to the propagation of false information spread 


through a Tweet and an image macro meme. 


. HAT: Initial categorization has an effect on the acceptance of false 


information spread through Tweets and image macro memes. 


° HA8: Memes will be interacted with (by indication of liking, commenting, 


or sharing) at a different rate than Tweets. 


Page 2481of 3957 


Page 2482 of 3957 


THIS PAGE INTENTIONALLY LEFT BLANK 


Page 2482 of 3957 


Page 2483 of 3957 


II. BACKGROUND 


To better understand the interplay of social media and influence, a deep dive into 
the topics of social media, memetics, information disorder, and initial categorization is 
necessary. By unraveling intricacies within the aforementioned topics, one will gain a 
better understanding of the literature review in Chapter III and the thought process behind 


the experimental design detailed in Chapter IV. 


A. THE RISE OF SOCIAL MEDIA 


While social networking took root in the 1960s with the invention of ARPANET, 
most social media sites were not built until the 1990s, lining up with the commercial launch 
of the internet (Edosomwan et al., 2011). Although many social media platforms came 
before it, MySpace was the most popular social media site in the United States until 2008, 
when Facebook took over (Edosomwan et al., 2011). Currently, YouTube, Facebook, and 
Instagram are the most commonly used platforms, with over 4096 of all adults using all 
three applications (Auxier & Anderson, 2021). Twitter, the seventh most popular site, is 
being used by 23% of adults (Auxier & Anderson, 2021). Naturally, with such a large 
number of users, social media comes with pros and cons; while these platforms allow 
individuals from all over the world to connect and find common ground on various topics, 
it has been shown to increase depression and anxiety, as well as lower sleep quality and 
self-esteem in its users (Mammoser, 2018). Depression, anxiety, and low self-esteem tend 
to occur when users over analyze their lives versus another user's life (Mammoser, 2018). 
Additionally, it has been determined that covering distressing events via media, whether it 
be posts online or news casts, is harmful to viewers, sometimes even leading to higher 
acute stress than being at the distressing event itself (O'Brien et al., 2020). Despite knowing 
that, social media use has been on a steady rise since its inception (Auxier & Anderson, 
2021), forming communities for people, serving as a platform for activism and politics, 


and helping organizations/companies market products and ideas. 
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1. Social Media as a Community 


With the rise of social media, researchers began looking into Twitter, Facebook, 
Instagram, and all other platforms for signs of online communities. What they found was, 
through the social network perspective, many groups on social media meet the 
requirements to be considered a community (Gruzd & Haythornthwaite, 2013). By 
identifying the actors, informal and formal ties, roles, and cliques formed on these sites, 
one can begin to see how seemingly random interactions may grow into full communities 
(Gruzd & Haythornthwaite, 2013). For example, two million people follow the account 
“WeRateDogs” on Instagram. On Twitter, nine million people follow the same account, 
ran by the same individual. Every day, followers will send pictures of their dogs to Max, 
the account owner, and he posts them for all to see. The hashtags, which may include 
something like “#seniorpupsaturday” is then used by those in Max’s community, which is 
evident by clicking on said hashtag and reviewing the similar posts (WeRateDogs, 2021c). 
In addition, Max has created a merchandise line that all followers can immediately 
recognize; his “tell your dog I said hi” decals and masks easily help identify members of 
the WeRateDogs community (WeRateDogs, 2021a). Finally, Max regularly posts 
GoFundMe pages for dogs in need of medical care, which always get fully funded in under 
thirty minutes (Weratedogs, 2021b). This example highlights the exchange of information, 
social support, and play that occurs between members of the WeRateDogs community, 
legitimizing social media as a community through the lens of the social network 


perspective (Gruzd & Haythornthwaite, 2013). 


2. Social Media and Activism 


From the inception of social media, people have been using the platforms to spread 
awareness for social issues (Weise, 2018). In 2020 alone, nearly a quarter of users changed 
their viewpoints on a social justice topic based on posts reviewed on one of the many 
platforms (Perrin, 2020); most of those users stated that “Black Lives Matter” (BLM) as 
the driver for that change (Perrin, 2020). BLM, which began in 2014 after the deaths of 
Michael Brown and Eric Garner, started as a movement on Twitter (Carney, 2016). Since 


2014, BLM has made multiple resurgences, the most recent beginning in 2020 with the 
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death of George Floyd (McLaughlin, 2020). After the video of George Floyd's death 
circulated rapidly via social media, more than 20 million people began protesting 
throughout the United States (McLaughlin, 2020). Despite a worldwide pandemic, this 
social justice issue, which began and spread via social media, was able to move millions to 
action, truly highlighting the power of these platforms. Nikita Carney, a researcher with 
the University of California, Santa Barbara and Louisiana State University, believes this 
occurs because social media has increased the accessibility to information that previously 
prevented citizens without access to information from having opinions (2016). While BLM 
is not the only social issue that has been elevated to grand heights by social media, it is the 


most influential one to occur in the last year. 


3. Social Media and Political Appointees 


United States political candidates and elected officials rely heavily on social media 
to reach a broader public. As of April 2021, the official White House Instagram 
(@whitehouse) account has over six-million followers, and President Joe Biden 
(@joebiden) and Vice President Kamala Harris (@kamalaharris) have a combined total of 
over 32 million followers. On Twitter, the two leaders have just under that same mark 
(2021). While the use of social media platforms started with former President Barack 
Obama, his successor, Donald Trump, was the one to employ it nearly every few hours for 
four years, setting a new precedent (Wharton Business Daily, 2020). Through research 
efforts, it has been shown that appointed officials actually get large increases in support 
when they utilize this new communication tool (Wharton Business Daily, 2020). This 
support increase is hypothesized to occur due to the feeling of accessibility that it brings to 
constituents (Wharton Business Daily, 2020). Additionally, the utilization of social media 
by political newcomers may help reduce the barrier to entry into political circles, giving 
hopefuls a voice and platform without the large funding requirements in the past (Wharton 


Business Daily, 2020). 


4. Social Media and Marketing 


Social media marketing may have started as emplaced advertisements, but it now 


encompasses that and much more; influencers, who are social media users with followings 
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large enough to shape attitudes, partner with brands to bring awareness to products and 
lifestyle trends (Glucksman, 2017). Through tracking software that monitors engagement 
with a sponsored post, influencers are able to make money from their partners (Glucksman, 
2017). According to experts, for a sponsored post, Instagram influencers should receive 
$1,000 per 100,000 followers, which allows these individuals/accounts to make a living 
doing this type of marketing (Mathew, 2018). However, not only is influencer marketing 
good for the influencer, but 89% of marketers have seen equal or improved return on 


investment when compared to other marketing techniques (MediaKix, 2019). 


Who are these influencers then? Well, some of the most successful ones are 
seemingly normal accounts that rise to influencer level, not pop culture celebrities (Jin et 
al., 2019). This is because, as research has shown, people who are perceived to be “normal” 
or “one of us" are viewed as more sociable and trustworthy to social media users, making 
them better candidates for marketing partnerships (Jin et al., 2019). While the obvious 
influencer is the popular person, like Alicia McCarvell who has over 300,000 followers 
(aliciamccarvell, 2021), other influencers include accounts like @sarcasm_only or 
@betches, who keep themselves relatively anonymous and post predominantly comedy 


and meme driven media to their multi-million user followings (2021). 


B. WHAT MAKES A MEME, A MEME? 


In 1978, Richard Dawkins began using the word “meme” to describe cultural 
actions that disseminate like genetic material (Mina, 2019). The term has since been coined 
as the internet phenomenon that describes digital objects sharing the common 
characteristics of transformation, awareness, imitation, and circulation (Mina, 2019). 
Those digital objects can take the form of images, texts, videos, performative pieces, and 
selfies (Mina, 2019). While all listed instances are covered under the formal definition of 
meme, the image is the most recognizable and the selected independent variable for this 
study. The image is broken down into two forms: image meme and image macro (Mina, 
2019). When an image meme includes text, it becomes an image macro, as shown in Figure 
2 (Mina, 2019). Because any individual can create a meme whenever they desire (through 


websites like imgflip.com), it is very difficult to get an accurate number of their existence 
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online; however, over two years ago, researchers at University College London were able 
to easily collect 100,700,000 image macro memes for analysis (Cole, 2018). While readers 
can reflect on that number and hypothesize how many memes exist today, one can assume 


that the market is saturated. 


Although memes are short units of information, they generally convey a specific 
narrative (Saint Laurent et al., 2021). These narratives, while predominately humorous or 
ironic, require that the viewer have an established knowledge base in the topic presented 
(Saint Laurent et al., 2021). While these digital artifacts do not present a plot like those of 
traditional stories, they do formulate with a beginning, middle, and ending in mind (Saint 
Laurent et al., 2021). Additionally, memes tend to reference specific characters, like Kermit 
sipping tea, helping to bring meaning to a variety of topics based on similar context (Saint 
Laurent et al., 2021). Despite the lack of a central axis, the character development and 
crossover, as well as the structured manner in which memes fade in and out of relevancy, 


equates them to mini stories (Saint Laurent et al., 2021). 


While image macro memes can be made and posted to Twitter, Instagram, Reddit, 
4Chan, etc., by anyone, they are not guaranteed to be seen by a wide audience (aka go 
*viral"). According to Lin Wang and Brendan Wood, both researchers at the University of 
New Brunswick, meme propagation occurs like an infectious virus; through social 
interaction, meme spread spikes early (infectious stage) but begins to decay once a certain 
number of people have reviewed the content or it begins to lack relevancy (2011). To prove 
their claam, Wang and Wood utilized a modified susceptible, infective, and recovered (SIR) 
compartmental modeling approach, which is commonly used by epidemiologist to compute 
virus spread (2011). Using the Google Trends tool, the researchers were able to utilize 
historical search data to graphically depict the spread of popular topics (Wang & Wood, 
2011). As hypothesized, Wang and Wood found that search volume spikes sharply within 
the first days that a newly introduced idea becomes content, then begins to taper off after 
the allure has run out (2011). Recently, however, this concept of going “viral” is being 
scrutinized by internet culture enthusiasts. 


Abby Ohleheiser, a senior editor for the MIT Technology Review, makes a case for 


c 


abolishing the use of the term “viral,” and it is not simply because of the real virus 
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spreading throughout the world (2020); Abby, through a conversation with Whitney 
Phillips, a Syracuse university assistant professor, discusses that “viral” should be reserved 
for popular online digital objects that contain misinformation (2020). Whitney Phillips 
points out that, because spreading misinformation, whether knowingly or not, causes harm, 
like a real virus does, the term should be reserved solely for those instances (Ohleheiser, 
2020). Additionally, Ohleheiser considers the role that algorithms play in propagating 
memetics; as she states, “authentic popularity isn't necessarily real: algorithms incentivize 
content that people are going to engage with, accelerating its spread, and people have gotten 


really good at manipulating [it]" (2020, sec. “Manipulated popularity"). 


Social media algorithms, like those mentioned by Abby Ohleheiser, drive what 
content a user sees by analyzing what kinds of posts they interact with regularly (Etter & 
Albu, 2021). Traditionally, a user will notice that their content is personalized, displaying 
memes that center on topics they commonly like, share, and comment on (Etter & Albu, 
2021). The coding for these algorithms allows users to become stuck in loops that display 
only one or two topics, giving rise to organized collectives of like-minded users (Etter 
&Albu, 2021). As briefly discussed in Chapter I, this continual reemphasis of specific 
content may expose certain users to constant extremist viewpoints, like Instagram and neo- 


Nazism (Zitser, 2021). 


From its start in 2010, Instagram has amassed over one billion users (Mohsin, 
2021). Of those users, 71% are age 34 or younger and spend a daily average of 53 minutes 
on the application (Mohsin, 2021). While those numbers sound shocking, the age group 
and usage time do not account for the 2020 global pandemic stay-at-home orders and have 
likely increased in the last year. When a user first signs up for an Instagram account, they 
begin following other accounts and posting to their feed. The accounts range from favorite 
celebrities, clothing brands, activist groups, political ideations, humor, and many more. 
Commonly, a user will find a form of memetic on every type of account; whether it be the 
recreation of popular internet dances, ironic image macro memes making fun of the 
president, or 10 second videos promoting a new product, a user is not likely to use 
Instagram without seeing a number of memes. Facebook, another top social networking 
platform, accounts for the preponderance of these types of digital objects. Much like 
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Instagram, by allowing users to like, share, and comment on things, Facebook enables 


meme propagation at a very high rate. 


What, then, is the algorithm influenced saturated meme market sharing with the 
world? Well, image macro memes tend to promote products, meld ideologies together, and 
encourage social activism. Through memetic marketing, like the examples shown in Figure 
3 (Slim Jim and BarkBox), companies are able to increase consumer attitudes towards a 
product, which leads to an increase in purchases (Lee et al., 2019). Co-authors Lee, Liang, 
Liao, and Chen were able to show this concept by surveying 380 Taiwanese Facebook 
users about their thoughts towards internet marketing memes (2019). By focusing on both 
utilitarian attitudes, like functionality representation, and hedonic attitudes, like a 
representation of fun, the researchers were able to conclude that companies who create 


memes with hedonic attitudes as the focus can boost online purchases (2019). 


Interestingly, memes as marketing strategies are being utilized worldwide, not 
exclusively in the United States and Asia. In India, a prominent influencer marketing 
company called Buzzoka has begun meme incorporation (BW Online Bureau, 2020). In 
fact, their CEO Ashutosh Harbola was quoted saying, “Memes have a definite potential to 
become a major phenomenon and we as a company are committed to taking the first foot 
forward” (BW Online Bureau, 2020, para. 4). SBI, after experiencing wide success from a 
previous meme driven campaign, joined in on a viral Pakistani meme called “Pawri,” which 
was initially circulated by Pakistani influencer Dananeer Mobeen (The International News, 
2021). This *Pawri" meme, meaning "party" in Urdu, was then embraced by a multitude 
of Pakistani and Indian companies, like Netflix India, Zomato, Swiggy, and Oyo Rooms 
(News18, 2021). The ability for India and Pakistan to find common ground via memetics, 
despite the possibility of warfare between the two nations (National Intelligence Council, 


2021), highlights the online significant influence generated through memetics. 


Itis important to understand how memetics drive narratives for controversial topics 
associated with politics and religion. As stitching devices, memes blend multiple internet 
platforms, narratives and ideologies, and geopolitics together, unifying people based on 
shared digital media (Burroughs, 2020). These stitched devices then become calcified and 


weaponized ideology (Burroughs, 2020); this commonly occurs in politics, like what was 
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seen during the 2016 election season (Figure 4). Too often, memes stitch politics with 
religion, which is demonstrated rather frequently by conservative individuals or foreign 
state actors (Burroughs, 2020). Summarily, Benjamin Burroughs, an emerging media 
researcher for the University of Nevada, explains that *memes have expanded beyond 
popular culture and humor, they [have] become the grounds for social activism, merging 
the political and social" ideals (2020, pp. 191-200); this description raises the question that, 
if memes are now used for social activism, politics, and marketing, what effect do they 


have on propagating false information online? 


SATAN: IF | WIN CLINTON WINS! 
JESUS: NOT IF | CAN HELP IT! 


Figure 4. | 2016 Election meme created and propagated by foreign state 
actors. Source: National Post Staff (2017). 


C. WHAT IS INFORMATION DISORDER? 


To grasp a better understanding of a particular environment, an individual must 
gather information (Nissen, 2014); according to Mark Nissen, a professor at the Naval 
Postgraduate School, one is said to have gathered information when they can glean 


meaning from a situation (2014). For example, if you were to give the number 120/80 to a 
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person on the street, they would not know what you wanted them to do with it (Nissen, 
2014). Are they dividing 120 by 80? Is it some sort of ratio? After telling the individual 
that 120/80 is a blood pressure reading, the numbers are transformed from data to 
information (Nissen, 2014). Depending on the level of knowledge the person has on blood 
pressure, they can determine what to do with said information (Nissen, 2014). As 
mentioned previously, memes act as stitching devices, pulling different ideologies and 
narratives together. Thus, unless a meme viewer can place meaning behind the digital 
object, the image 1s simply data, not information. The issue then becomes this: Is the 
meaning a viewer places on the meme accurate or is the creator attempting to create a false 
meaning in the viewers mind? If the meaning gleaned from the meme is untrue, the creator 


has succeeded in employing information disorder. 


In 2017, Claire Wardle and Hossein Derakhshan created a new conceptual 
framework to examine information disorder (Figure 5). This framework breaks down the 
spread of false information into three categories: misinformation, disinformation, and 
malinformation and classifies them as “false” and/or “harmful” (cause an adverse effect) 
(Wardle & Derakhshan, 2017). Misinformation is the spread of false information without 
the intent of causing an adverse effect, or harm (Wardle & Derakhshan, 2017). 
Disinformation, on the other hand, is the spread of false information with the intent to cause 
harm (Wardle & Derakhshan, 2017). Finally, weaponized true information, known as 
Malinformation. that is spread with the intent to cause an adverse effect, will traditionally 
appear out of context and frame the information in a way that is no longer truthful (Canan 
& Akil, 2020; Wardle & Derakhshan, 2017). Commonly, individuals refer to the notion of 
information disorder as “fake news,” which poorly describes the complexities of this 
domain and encourages a lack of trust in mainstream media (Wardle & Derakhshan, 2017). 
In an attempt to prevent the undermining of free press, the term information disorder (or 
one of the three respective types of information), vice fake news, will be used throughout 


this thesis. 
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INFORMATION DISORDER 


HARMFUL 


Mis-Information Dis-Information Mal-Information 


False Connection False Context Leaks 

Misleading Content Imposter Content Harassment 
Manipulated Content Hate speech 
Fabricated Content 


Figure 5. Components of information disorder. Source: Wardle and 
Derakhshan (201 7). 


This concept of information disorder is commonly applied in politics (Andrejevic, 
2020), journalism (Wardle, 2020), and even marketing (Liu et al., 2020). In fact, according 
to former President Obama's communications director Dan Pfeiffer, “every policy, speech, 
interview, Tweet, meme, video, and photograph needs to be thought of as a piece of content 
that can be used to persuade voters" (Pfeiffer, 2020, para. 7). In the current political realm, 
information disorder serves a predominant right-leaning audience with an overall goal of 
preventing change rather than calling for it (Andrejevic, 2020) Commonly, a 
disinformation creator will weaponize irony, praying on preexisting prejudices with a focus 
on what can be achieved through widespread distribution (Andrejevic, 2020). For example, 
in 2018, Cambridge Analytica, a data firm utilized by former President Donald Trump's 
campaign, was shown to have collected social media information on 50 million Americans 
in hopes of using it to manipulate voters (Rushkoff et al., 2018). This realization led 
Congress to call upon Facebook CEO Mark Zuckerberg to testify on his company's data 


collection practices (Rushkoff et al., 2018). To combat the use of political information 
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disorder, Mark Andrejevic, a communications and media studies professor and researcher, 
states that we must develop conditions for recognition vice countering information disorder 


with more information disorder (2020). 


Journalism, which can encompass political information disorder, constitutes a 
much larger realm of misinformation and disinformation (Wardle, 2020); journalism opens 
the door to false narratives about any topic, whether it be celebrity news or the COVID-19 
pandemic (Wardle, 2020). During the era of former president Donald Trump, “fake news” 
became a way to describe subpar reporting by journalist in mainstream media (Wardle, 
2020). However, “fake news" in journalism truly refers to information disorder and 
consists of manipulation in the form of “satire, clickbait, inaccurate captions, visuals, 
statistics, genuine content shared out of context, manipulated quotes and imagery, and 
outright fabricated stories” (Wardle, 2020, pp. 71-85). In order to combat this issue, Claire 
Wardle, the co-founder and Leader of the non-profit mis and disinformation research 
organization First Draft, recommends more research into the scale and complexities of 


information disorder (Wardle & Derakhshan, 2017). 


Finally, marketing, which may not be the first topic of conversation when 
discussing information disorder, constitutes of a large number of campaigns (Newsguard, 
2021). For example, researchers Jessica Liu, Sheila McLaughlin, Adrienne Lazaro, and 
Bonnie Halper-Felsher investigated the marketing of e-cigarettes and marijuana use, which 
focuses predominantly on young adults (2020). Recognizing that social media has led to a 
drastic increase in the use of said smoking products, the four women set out to determine 
what appealed to users most (Liu et al., 2020). Through a series of interviews, they were 
able to conclude that tobacco and marijuana users were exposed to information about the 
products without even subscribing to them (Liu et al., 2020). In fact, memes were one of 
the most widely used digital objects leading adolescents to exposure on the subject matter 
(Liu et al., 2020). Interestingly, however, "participants reported awareness of the tobacco 
industry's underlying profit-driven motives" but chose to partake anyway (Liu et al., 2020, 
sec. “Lack of trust in industry"). Additionally, the participants appeared to rely heavily on 
their friends and social media influencers for “credible” information about e-cigarettes and 
marijuana use (Liu et al., 2020). The research goes on to state that “recent evidence that 
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companies such as JUUL [e-cigarettes] use celebrities and young-looking influencers plays 
into this idea of trusting the source" (Liu et al., 2020, sec. Discussion"). Liu et al.'s 
research accurately represents the idea that corporations, through memes and social media, 
can utilize information campaigns to their advantage; despite the research suggesting long- 
standing health problems from smoking (Blaha, 2021), they are still able to mold a 


narrative and sell products. 


Allowing information to flow without many restrictions, like what occurs online 
and on social media, leads to issues for individuals attempting to sort fact from fiction. The 
predominance of problems that arise when analyzing information disorder occur in the 
mass communication and media psychology fields (Bowman & Cohen, 2020). According 
to Nicholas Bowman and Elizabeth Cohen, individuals face issues detecting false 
information due to the following reasons: cognitive dissonance, confirmation biases, 
cognitive shortcuts, emotional responses, social influences, mistrust, and 
misunderstandings (2020). After detailing the correlations between the aforementioned 
terms and information disorder, the authors acknowledge that they have no answers to 
solve the underlying problem (Bowman & Cohen, 2020). This lack of viable solutions sets 
the stage for a wide array of research in the area of information disorder, including the 


experiment designed in response to the hypotheses proposed in this thesis proposal. 


D. A MEME’S ROLE IN INFORMATION DISORDER CAMPAIGNS 


Briefly discussed above and in Chapter I, memes tend to blend different topics 
together with the intent of invoking an emotional response from the viewer (Posetti & 
Bontcheva, 2020). Knowing that, many state and non-state actors have begun using memes 
to impart meaning on topics that fit their narrative, not the true narrative (U.S. Senate, 
2019). Since the 2016 presidential election, Russia has continued to “infiltrate audiences 
on both the left and the right, and try to pit them against each other across race, 
socioeconomic status, religion, and any social issue” (Graff, 2018, para. 12). In 2019, this 
accusation was further supported on a national level by volume two of the Select 
Committee on Intelligence report from the U.S. Senate, which detailed Russia’s social 


media use during said election. For example, Figure 4 shows an image propagated on social 
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media by Russia in 2016 (Wyrich, 2017). These attacks are conducted by a corporation 
known as the Internet Research Agency (IRA), which is directed by Yevgeniy Viktorovich 
Prigozhin, a close ally of Vladimir Putin (Graff, 2018). Within the agency, Prigozhin 
funded an operation known as “Project Lakhta," whose purpose was to widen the political 
divide within the United States (Graff, 2018). Additionally, after failed attempts to 
influence American attitudes via Twitter, China “built a machinery of online controls that 
far exceed any other country's" (Meyers & Mozur, 2019, para. 14). In fact, evidence has 
concluded that China is now working similarly to Russia, “promoting negative messages 
about other states" in an attempt to divide groups (Weitz, 2020, para. 1). Even more 
concerning, the two nations have agreed to work together in future disinformation 
campaigns (Weitz, 2020). The success that Russia has seen in operations waged at free 
societies, specifically in the 2016 election, should raise concerns for all American citizens, 


especially if two peer threats are now corroborating (Calabresi, 2017; Weitz, 2020). 


Although 2016 was previously considered the most meme-filled presidential 
election, according to CNN and BBC journalists, the 2020 one was even more fraught with 
them (Cillizza, 2020; Fabbri, 2020). Chris Cillizza, the editor for CNN's “Point” 
newsletter, discussed that, because former President Donald Trump was the most memed 
president in history, it set the stage for political campaigns run the same way (2020). 
Unsurprisingly, the American people like it this way; as a nation, we have become 
dependent on skimming for information, not actually reading, and memes allow us to gain 
info and move on quickly (Cillizza, 2020). According to Thomas Fabbri, a data analyst for 
BBC News, five main voices, running four overall accounts, were behind the memes of the 
2020 election: Dan Bongino, Franklin Graham, James Woods, and Rafael and Omar Rivero 
(2020). Dan Bongino, who created and shared far-right conservative memes and 
commentary on his Facebook, was receiving more shares than Fox News, CNN, and The 
New Work Times, amassing to seven million in October of 2020 (Fabbri, 2020). Franklin 
Graham and James Woods, more conservative political election influencers, were also 
among the top meme generators and propagators, consistently spreading conspiracy 
theories about the left agenda. Finally, twins Rafael and Omar Rivero, who run the account 


"Occupy Democrats," were the main source of democratic memes during the election, 
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gaining more shares than former President Trump's account on multiple occasions (Fabbri, 
2020). While those five men all reside in the United States, many suspect that Russia, 
China, and Iran implanted their own meme driven narratives like the 2016 election (Corera, 
2020). In fact, the United States government recently imposed sanctions on Russia for their 
state-sponsored roles in influencing the 2020 election (White House, 2021). While a full 
report, like that detailing the use of memes in the 2016 election will not be available for 


some time, it is likely that their involvement only went up after seeing previous success. 


However, the use of memes in information disorder does not stop with political 
elections. In April 2020, the International Center for Journalists and the United Nations 
(UN-ICFJ) conducted a review of the disinformation being spread during the current 
COVID-19 pandemic (Posetti & Bontcheva, 2020). Their research revealed that, of the 
four main formats used for disinformation spread, memes accounted for two: emotive 
narrative constructs and memes, and “fraudulently altered, fabricated, or decontextualized 
images and videos" (Posetti & Bontcheva, 2020, sec. “The four main formats of COVID- 
19 disinformation"). The first format often mixes elements of truth with emotion, lies, and 
personal opinion, while the second format attempts to spread false stories, create confusion, 
and generate distrust (Posetti & Bontcheva, 2020). Although some memes have been used 
to propagate simple Jokes or awareness of the deadliness of the virus, like Ghana's dancing 
pallbearers (BBC, 2020), others have been used with malicious intent; during the initial 
ages of COVID-19 spread, China began using memes and other techniques to convince 
European nations and Japan that U.S. service members spread the virus in their countries 
(Weitz, 2020). Additionally, the Chinese Communist Party offered to pay Twitter users 
with greater than 10,000 followers to share propaganda that discussed their superior 
handling of the pandemic (Kao & Li, 2020). The utilization of memes to spread 
disinformation about an ongoing pandemic solidifies the importance of studying what 


groups are more susceptible to this type of messaging. 


E. TWITTER’S ROLE IN INFORMATION DISORDER 


Dan Pfeiffer, a former White House communications director, states that "political 


campaigns are now modern information warfare—massive state-adjacent propaganda 


24 


Page 2496 of 3957 


Page 2497 of 3957 


operations with Twitter bots that fuel outrage and drive media coverage" (Pfeiffer, 2020, 
para. 2). When attempting to spread a misleading narrative via Twitter, many organizations 
utilize software robots, or bots (Bessi & Ferrara, 2016). Bots, which have been used to 
influence politics since 2010, are somewhat difficult to identify with the untrained eye 
(Bess & Ferrara, 2016). However, using a public website and Python code, the machine 
learning framework known as BotOrNot identifies fake accounts with 9596 accuracy (Bess 
& Ferrara, 2016). Utilizing BotOrNot and Twitter Search API, researchers Alessandro 
Bessi and Emilio Ferrara were able to show that, between the five weeks leading up to the 
2016 presidential election, bots created 19% of all election-related Tweets, amassing to an 
astounding 3.8 million posts (2016). After identifying all the robot Tweets, Bessi and 
Ferrara applied SentiStrength, a sentiment analysis tool, to the bot posted Tweets and 
compared them to human-generated Tweets (2016). In doing so, Bessi and Ferrara showed 
that all Donald Trump related Tweets, human and bot, were positive in nature (2016). 
However, the Hilary Clinton Tweets published by bots were slightly less positive than 
those published by humans (2016). This difference in SentiStrength score highlights the 
importance of understanding who is running these bot accounts, which, in the following 
years, was found to be predominately Russian based offensive attacks aimed at influencing 


the presidential election (Timberg & Dwoskin, 2018). 


While any user has the ability to post whatever he or she desires, a set of rules 
determine what remains online; in fact, between January 2019 and June 2020, Twitter 
suspended over 2.5 million accounts for things like terrorism, violent extremism, and child 
sexual exploitation (Twitter, 2021). While no Twitter suspensions are explicitly stated as 
contributing to misinformation, the website maintains guidelines and policies that restrict 
the spread of false information; for example, the COVID-19 misleading information policy 
explicitly states that “you may not use Twitter’s services to share false or misleading 
information about COVID-19 which may lead to harm" (Twitter, 2021b, sec. “Overview’’). 
However, after a scan of the Twittersphere (also known as Twitterverse), it is fraught with 


it. 
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IIl. RELATED WORK 


It is important to understand where current research stands on memetics, Twitter, 
information disorder, and initial categorization to better grasp the experimental design 
detailed in the follow-on chapter. The sub-sections under each section denote the names of 
published articles, all of which were released in 2015 or later, and the body below 


summarizes the research conducted and its findings. 


A. RESEARCH ON INFORMATION DISORDER WITH MEMES 


The following sub-sections provide insight into information disorder research that 


focuses on the use of memetics on social media. 


1. Political Memes and Fake News Discourses on Instagram 


Ahmed Al-Rawi, an Assistant Professor of News, Social Media, and Public 
Communication at Simon Fraser University, devoted time to researching information 
disorder on Instagram by collecting 293,7773 posts with a search for “#fakenews” (2021). 
While the tools used to collect the posts pulled from 2012 to 2018, there appeared to be a 
central topic: politics (Al-Rawi, 2021). Through topic modeling and pivot tables, Ahmed 
Al-Rawi was able to determine that 69.2% of posts utilizing fake news discourse originated 
from Pro-Trump communities, with the next closest community being Anti-Trump at 
13.9% of posts (Al-Rawi, 2021). Interestingly, most of the top 20 active users posting 
#fakenews images are self-proclaimed meme sites, like @conservative americans and 
@Captain_Kekistan (Al-Rawi, 2021). With this information, we can hypothesize that Pro- 
Trump groups are aware of information disorder around them, but it is unclear if they are 
simply using the fake news hashtag for anything that goes against their belief system or 


truly believe the shared information is inaccurate. 


2. Inferring Social Influence and Meme Interaction with Hawkes 
Processes 


In 2015, researchers Chuan Luo, Xiaolong Zheng, and Daniel Zeng, who work at 


the Chinese Academy of Sciences State Key Laboratory of Management and Control for 
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Complex Systems, noticed that no model existed to explain social influence and meme 
interaction (2015). Their study aimed to predict what effect influence had on users posting 
memes about the same or a similar topic; for example, if user X posts a meme about a 
democratic political candidate, user Y may be influenced to post the same meme or, 
perhaps, a republican one (Luo et al., 2015). Using a multidimensional Hawkes processes, 
which is a statistical method for explaining “that each arrival increases the rate of future 
arrivals for some period of time" (Laub et al., 2015, p. 1), Luo, Zheng, and Zeng, created 
a model that accurately displayed the user behavior related to 15 million Twitter posts 
centered on political events in Spain (2015). This successful model application allows 
follow-on researchers to estimate the propagation rate of memes regarding a specific topic, 


whether they are misinformation or true information. 


3. The Evolution of Political Memes: Detecting and Characterizing 
Internet Memes with Multi-Modal Deep Learning 


David Beskow, Sumeet Kumar, and Kathleen Carley, researchers at the School of 
Computer Science Carnegie Mellon University, hypothesized that, as memes propagate, 
they transform, eventually reaching greater depths of the internet than traditional images 
(2020). Through the utilization of various deep learning methods, the researchers were able 
to classify 5,000 meme and 5,000 non-meme images related to the 2018 U.S. midterm 
elections into various groups of content, or families (Beskow et al., 2020). Using Google 
Vision API to conduct a reverse image lookup, Beskow, Kumar, and Carley found that the 
meme images returned 62,475 matching links, while the non-meme images only returned 
9,536. Crunching those numbers, the researchers found that memes were four times more 
likely to return search results, demonstrating that memes propagate to wider areas of the 


internet than images alone (Beskow et al., 2020). 


B. RESEARCH ON INFORMATION DISORDER USING TWITTER 


The following sub-sections provide insight into information disorder research that 


uses Twitter as a propagation platform. 
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1. Coronavirus Goes Viral: Quantifying the COVID-19 Misinformation 
Epidemic on Twitter 


In 2020, 10 medical faculty at the American University of Beirut ran an experiment 
that reviewed Tweets based solely on COVID-19 (Kouzy et al., 2020). In a single day, the 
researchers collected 673 Tweets that corresponded to 14 trending hashtags (Kouzy et al., 
2020). Upon review of all Tweets, Kouzy et al. found that, while 81.4% of Tweets had true 
information, 24.8% included misinformation, meaning some Tweets contained both 
(2020). Interestingly, 33.8% of personal/group Twitter accounts contained misinformation, 
while only 18.6% of news outlets/journalist Tweets reviewed contained misinformation 
(Kouzy et al., 2020). Finally, the researchers did not find any correlation between the 


number of likes or retweets and the occurrence of misinformation (Kouzy et al., 2020). 


2. The Spread of True and False News Online 


Rather than focus on the spread of false information centered on one topic, 
researchers Soroush Vosoughi, Deb Roy, and Sinan Aral from the Massachusetts Institute 
of Technology (MIT) looked at how true and false information propagate as a whole 
(2018). The MIT researchers pulled approximately 126,000 true and false news focused 
Tweets from 2006 to 2017 that had cascaded via retweets and comments more than 4.5 
million times (Vosoughi et al., 2018). From there, Vosoughi et al. was able to quantify 
depth, size, breadth, and structural virality of the cascades (2018). Interestingly, the 
researchers found that “falsehood diffused significantly farther, faster, deeper, and more 
broadly than the truth in all categories of information” (Vosoughi et al., 2018, sec. 
Abstract”). In fact, the model used by the researchers showed that false Tweets are 
retweeted 70% more often than true ones (Vosoughi et al., 2018). Additionally, Vosoughi 
et al. analyzed false Tweets to speculate on why they were being retweeted at greater rates, 
which led them to determine that they contained more novelty than true Tweets (2018). 
The authors noted that novelty was only speculation and more research was needed to 
determine the true reason false Tweets are spread at greater rates (Vosoughi et al., 2018); 
the experiment designed in this thesis aims to draw some conclusions between that gap in 


literature. 
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C. INFLUENCE EFFECTIVENESS OF INFORMATION DISORDER 


The following sub-sections provide insight into the effectiveness of information 
disorder and propaganda. Currently, the research involving information disorder influence 
effectiveness on social media is limited, so the topics summarized below span an array of 
delivery methods. Propaganda, which uses both true (like malinformation mentioned in the 
previous chapter) and false information to push a specific narrative, is a common term used 
when reading about information disorder (Wardle & Derakhshan, 2017). Propaganda and 
information disorder, however, vary slightly in that propaganda emphasizes emotional 
response at greater depths than information disorder (Wardle & Derakhshan, 2017). 
However, both are influence operations, making propaganda effectiveness an important 


aspect of this thesis. 


1. Does Russian Propaganda Work? 


Beginning in the mid-2000s and increasing when Vladimir Putin regained office in 
2012, Russia has been utilizing propaganda to influence its citizens and those abroad 
(Gerber & Zavisca, 2016). The propaganda, which begins as official government 
statements and propagates through mass media and social media, seeks to legitimize 
current government efforts and project power internationally (Gerber & Zavisca, 2016). 
Understanding the political influence state-run propaganda can have, researchers Theodore 
Gerber, a sociology professor at the University of Wisconsin-Madison, and Jane Zavisca, 
the associate dean for Research, College of Social & Behavioral Sciences at the University 
of Arizona, sought to determine how effective the Russian propaganda had been on its 
audiences (2016). To answer their research questions, Gerber and Zavisca surveyed 
citizens in Russia, Ukraine, Azerbaijan, and Kyrgyzstan (2016). Upon review and analysis, 
they found that the Russian propaganda was effective within the borders of their country, 
but not nearly as effective outside of it (Gerber & Zavisca, 2016). From their research, 
Gerber and Zavisca found that 85% of Russians surveyed viewed the United States as an 
enemy or rival, while only 8% of Ukrainians felt the same way (2016). Azerbaijan, which 
totaled 24% for enemy or rival, was nearly even with Kyrgyzstan, who totaled to 23% 


(Gerber & Zavisca, 2016). In their conclusion, Gerber and Zavisca note that there is not a 
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great solution to counter the propaganda that has been effective in neighboring Russian 


countries because the media is greatly controlled by Russia (2016). 


2. Understanding What Makes Terrorist Groups’ Propaganda Effective: 
An Integrative Complexity Analysis of ISIL and Al Qaeda 


According to Michael Leiter, the former director of the U.S. Counterterrorism 
Center, ISIL maintains a constant presence on social media, pushing out propaganda nearly 
24 hours a day (Houch et al., 2017). In 2015, it was estimated that, along with other media 
utilization, ISIL consistently gained 1,000 members monthly (Houch et al., 2017). Through 
an analysis of the integrative complexity seen in ISIL propaganda, researcher Shannon 
Houck from Syracuse and researchers Meredith Repke and Lucian Conway III from the 
University of Montana evaluated what makes ISIL propaganda more effective than AI 
Qaeda (2017). Houck et al. determined that ISIL used increasingly more simplistic 
messaging than Al Qaeda, hypothesizing that either ISIL realizes complexity of messaging 
fails to reach target audiences or they just happen to be sending out simpler propaganda 
(2017). The research completed by this team backs up previous research that showed 
“when a group is seeking to gain power, less complexity is more effective for garnering 
power and achieving political success" (Houck et al., 2017, sec. “Why might Al Qaeda and 
ISIL differ?"). 


D. CATEGORIZATION AND DECISION MAKING 


When an individual reaches a decision point, like a judge determining if a defendant 
is guilty, they must assign a category (Wang & Busemeyer, 2016). This categorization, like 
the judge determining that he/she is, in fact, guilty, leads to follow-on action, like assigning 
punishment (Wang & Busemeyer, 2016). In the cognitive sciences field, researchers 
hypothesize that, if an individual is required to announce their categorization prior to 
action, they may make a different choice than had they acted without reporting first (Wang 
& Busemeyer, 2016). For example, if a police officer categorizes an individual as having 
a weapon, then reports that the suspect has a weapon prior to acting, rather than shooting 
immediately, the outcome may be different (Wang & Busemeyer, 2016). Knowing that, 


the experimental design detailed in Chapter Four incorporates initial categorization, 
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attempting to address whether said categorization truly affects the way an individual 
interacts with information. Below, recent works in the field of categorization and decision 
making are summarized, allowing the reader to gain an understanding that will translate 


when viewing the follow-on chapter. 


1. Interference Effects of Categorization on Decision Making 


Researchers Zheng Wang of The Ohio State University and Jerome Busemeyer of 
Indiana University utilized multiple models, including the Markov model, Signal detection 
model, and Quantum model, to study category-decision linked tasks (2016). During three 
slightly varied experiments, the researchers presented participants with images of faces 
where some had been categorized (through a label) as displaying a good guy (g) or bad guy 
(b), some were required to be categorized by the participant, and some lacked 
categorization completely (Wang & Busemeyer, 2016). Once viewing the face, and 
categorizing as necessary, participants would decide whether to attack the individual or 
withdraw (Wang & Busemeyer, 2016). After reviewing the results and applying the three 
models listed previously, Wang and Busemeyer were able to identify inference effects 
(statistical conclusions about the data) that occurred between trials with categorization and 
without categorization (2016). The occurrence of these inference effects, which existed in 
some predicted and some unpredicted places, highlights the ability for categorization to 
change the way an individual views something, as well as their follow-on decision (Wang 


& Busemeyer, 2016). 


2. An Evidential Dynamical Model to Predict the Interference Effect of 
Categorization on Decision Making Results 


While the above experiment utilized the Quantum, Markov, and Signal Detection 
models to find inference effects, researchers Zichang He and Wen Jiang of Northwestern 
Polytechnical University created a new evidential dynamic model (2018). Through the 
integration of Dempster-Shafer evidence theory and quantum dynamical modelling, He 
and Jiang’s model successfully illustrated category-decision task inference effects without 
the need for integrating multiple experiments and models together (2018). To be 


successful, He and Jiang created the model to measure the handling of uncertain states in 
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action, which is different than the aforementioned, which measures an “entanglement of 
beliefs and actions" (2018, p. 140). By creating a new model that provides the same 
effectiveness and efficiency of previous models, He and Jiang were able to show once 


again that categorization influences follow-on decision making (2018). 


33 


Page 2505 of 3957 


Page 2506 of 3957 


THIS PAGE INTENTIONALLY LEFT BLANK 


34 


Page 2506 of 3957 


Page 2507 of 3957 


IV. METHODOLOGY 


The experiment designed in this chapter aims to answer the hypotheses presented 
in Section A by creating a survey that can, if released for public participation, highlight 
possible correlations between the acceptance and propagation of false information and age, 
education, and gender, as well as the effect of initial categorization on decision making. In 
Section A, the hypotheses from Chapter I are presented again. In Section B, an overview 
of the experiment is detailed, which includes information on the participants and setting 
(online delivery). In Section C, the Tweets and memes used in the experiment are 
presented. Section D contains a detailed description (with figures) of how the experiment 


was built in Qualtrics. Finally, Section E discusses limitations of the experiment designed. 


A. HYPOTHESES 


The experiment designed in this chapter aims to answer the following hypotheses: 


° HA1: Age correlates to the acceptance of false information spread through 


a Tweet and an image macro meme. 


. HA2: Education level correlates to the acceptance of false information 


spread through a Tweet and an image macro meme. 


° HA3: Gender correlates to the acceptance of false information spread 


through a Tweet and an image macro meme. 


. HA4: Age correlates to the propagation of false information spread 


through a Tweet and an image macro meme. 


° HA5: Education level correlates to the propagation of false information 


spread through a Tweet and an image macro meme. 
. HA6: Gender correlates to the propagation of false information spread 


through a Tweet and an image macro meme. 
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° HAT: Initial categorization has an effect on the acceptance of false 


information spread through Tweets and image macro memes. 


° HA8: Memes will be interacted with (by indication of liking, commenting, 


or sharing) at a different rate than Tweets. 


B. EXPERIMENTAL DESIGN OVERVIEW 


If individuals were to take the experiment as it is designed currently, the 
participants first view instructions for the experiment, then provide consent to participate, 
and finally give their age, gender, and education. Age is broken down into the following 


groups: 18—25, 26—33, 34-41, 42-49, 50—57. Gender is disclosed as preferred sex (not 


assigned), containing options for male or female. Education is broken down by the 
following selections: high school diploma, associate's degree, undergraduate level 
schooling in progress, bachelor's degree, graduate-level schooling in progress, master's 
degree, doctorate-level schooling in progress, and doctorate degree. Please see Table 1 for 


an overview of the variables collected. 


Table 1. Variables collected during the experiment 


Factors Levels 
Age 5 levels 
Education 8 levels 
Gender 2 levels 
Meme (With and Without) Tweet 2 levels 
Categorization (With and Without) Tweet | 2 levels 


Following those selections, participants will begin the experiment. Each participant 
will randomly start with one of the following four groups and proceed on the path outlined 
in Figure 6: seven simulated Tweets with initial categorization questions (set one), seven 
simulated Tweets without initial categorization questions (set two), seven image macro 
memes with initial categorization questions (set one), or seven image macro memes 
without initial categorization questions (set two). All Tweets and image macro memes 
contain inaccurate information centered on COVID-19 and can be viewed later in this 
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chapter. Set one and Set two denote the line of questioning that appears with the Tweet or 


image macro meme and can be viewed below the experimental flow chart. 


Start Point: Mid Point: 
Tweets Memes 
Participant Participant 
Randomly Randomly 
Fl Assigned Initial Assigned Initial 
Categorization Categorization 
or No Initial or No Initial 
Participant Categorization Categorization 
Randomly 
Assigned Start 
Point j M 
(even distribution occurs with Start Point: Mid Point: 
Caa un spy Memes Memes 
C" Participant Participant 
Randomly Randomly 
Assigned Initial Assigned Initial 
Categorization Categorization 
or No Initial or No Initial 
Categorization Categorization 


Figure 6. Experiment flow chart 


When designing the questions, it was important to offer participants a selection for 
any reason they may interact with the Tweet or meme. Because memes are generally 
viewed as humorous, that was included in the top spot. A selection of “A” or “C” (Affiliated 
with my personal views) in question set one or two will help guide research analysis; 
interacting with a Tweet or meme because it is humorous or affiliated with person views 
will help propagate but does not indicate susceptibility to information disorder. However, 
because the experiment is built to measure susceptibility between different independent 
variables, participants may select “Accurate information" or a combination of “Accurate 
information" with “Humorous” or “Affiliated with my personal view." If that is selected, 
it will assist researchers in finding correlations between susceptibility and the independent 
variables. Below, the question sets are presented. Set one includes initial categorization, 


while set two does not. 
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Set One of questioning: 


1. Would you interact with this Meme/Tweet on social media (Facebook, Instagram, 
Twitter, etc.) by liking, commenting, or sharing the post? 


a. Yes 
b. No 
2. If YES, why would you interact with this Meme/Tweet on social media? 


a. Humorous 
b. Accurate information 
c. Affiliated with my personal views 
d. Humorous and Accurate Information 
e. Humorous and Affiliated with my personal view 
f. Accurate information and Affiliated with my personal views 
g. Disagree with information 
3. If NO, why wouldn't you interact with this Meme/Tweet on social media? 
a. Notactive on social media 
b. Inaccurate information 
c. Goes against my personal views 
d. Notactive on social media and Inaccurate information 
e. Notactive on social media and Goes against my personal views 
f. Inaccurate information and Goes against my personal views 
g. Disagree with information 


Set Two of questioning: 


1. Why would you interact with this Meme/Tweet on social media (Facebook, 
Instagram, Twitter, etc.) by liking, commenting, or sharing the post? 

Humorous 

Accurate information 

Affiliated with my personal views 

Humorous and Accurate Information 

Humorous and Affiliated with my personal view 

Accurate information and Affiliated with my personal views 

Disagree with information 

I would not interact with this on social media 


Sm hoe aos 


After each participant has completed all four sections, they are shown a disclaimer 
that tells them that all the information seen in the experiment was manipulated into false 
information. This will prevent any participant from falling victim to misinformation as a 
result of this research. The way in which the information was manipulated is described 


below each tween and meme presented in the next section. 
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C. TWEETS AND MEMES USED 


Below, every Tweet and image macro meme used in the experimental design is 
presented. Underneath each figure, the reasoning for the particular Tweet or meme is 
detailed. First, all 14 Tweets will be presented. Following that, all 14 memes will be 


presented. 


1. Tweets Used in the Experimental Design 


To create the 14 Tweets used in this experiment, many things were taken under 
consideration. First and foremost, the creation source was selected: www.tweetgen.com. 
This site allows the user to adjust the theme, add a profile picture, create a name, insert a 
Twitter handle, make the account verified, add Tweet content, insert an image, and adjust 
the time, date, retweets, and likes. Next, it was important to select a widely recognizable 
news sources’ Twitter profile and mimic it exactly. Had a lesser-known source been 
selected, it was feared that participants would not trust the source, and, in turn, that would 


skew their answers to the experiment questions. 


Having 48.7 million followers on Twitter, The New York Times was deemed a good 
model and all Tweets were created to match its profile. As seen in Figure 7, the image, 
name, and Twitter handle is the same as the real version. Additionally, the account appears 
verified, just like it is online. Finally, if the Tweet was modeled directly after a real The 
New York Times Tweet, the retweets and likes were also modeled directly after the original 
Tweets retweets and likes at the time of creation. However, if the Tweet was modeled after 
a different source, the retweets and likes were randomly generated on the 


www.tweetgen.com site. 


Below, all 14 Tweets used are presented. Beneath each Tweet, the reasoning for the 


Tweet content is briefly explained. 
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The New York Times @ v 
@nytimes 


Coronavirus vaccines offer little hope 
that the pandemic will be tamed and 
public health experts say the coming 
months “are going to be just horrible.” 


2:34 PM - Nov 30, 2020 
144 Retweets 649 Likes 


Q n Q d 


Figure 7. Tweet number one. Adapted from The New York Times (2021). 


Tweet number one was modeled directly after a Tweet posted by The New York 
Times on November 30, 2020, that stated: “Good news about coronavirus vaccines offers 
hope that the pandemic will be tamed. But public health experts say the coming months 
“are going to be just horrible.” In an attempt to make it misinformation, the Tweet was 
altered to remove the beginning words and now contains the word “little” before “hope.” 
As a result, the fake Tweet does not make the COVID-19 vaccine look like a solution to 


the pandemic and creates a sense of doom. 
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The New York Times @ v 
@nytimes 


BREAKING NEWS: CDC says deaths 
categorized as "complications due to 
COVID-19" will no longer be counted in 
overall virus death toll. Story to follow. 


10:14 AM : Nov 26, 2020 
136 Retweets 561 Likes 


Q Ù Q ur 


Figure 8. Tweet number two. Adapted from The New York Times (2021). 


Tweet number two was created in response to real conspiracy theories that claim 
hospitals are inflating numbers of COVID-19 related deaths in an attempt to benefit 
financially (Knight & Appleby, 2020). 
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The New York Times @ Vv 
@nytimes 


Russia has tried to steal COVID-19 
vaccine and treatment technology by 
attempting to hack international 
pharmaceutical companies, including 
Pfizer, a lawmaker said on Tuesday after 
a briefing by intelligence officials. 


8:31 PM : Feb 16, 2021 


158 Retweets 45 Quote Tweets 314 Likes 


Q Tti Q ur 


Figure 9. Tweet number three. Adapted from The New York Times (2021). 


Tweet number three was modeled directly after a Tweet posted by The New York 
Times on February 16, 2021, that stated: “North Korea has tried to steal Covid-19 vaccine 
and treatment technology by attempting to hack international pharmaceutical companies, 
including Pfizer, a South Korean lawmaker said on Tuesday after a briefing by intelligence 
officials.” The date, reTweets, quote Tweets, and likes were taken directly from the original 
Tweet (on February 16, 2021). To make this misinformation, the country of North Korea 
was replaced with Russia, and the identifier of “South Korean lawmaker” was removed. 


As a result, the Tweet presents Russia as the intelligence threat, not North Korea. 
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The New York Times @ v 
@nytimes 


Q 


In the race to increase COVID-19 
vaccinations, states have opened mass 
inoculation sites and expanded eligibility. 


However, a big problem remains: The 
supply of shots are going unused, as 
much of the population refuses the 
vaccine. 


3:28 PM : Jan 28, 2021 


145 Retweets | 60 Quote Tweets 387 Likes 


Q pa! Q 1r 


Figure 10. Tweet number four. Adapted from The New York Times (2021). 


Tweet number four was modeled directly after a Tweet posted by The New York 
Times on February 15, 2021, that stated: “In the race to increase Covid-19 vaccinations, 
states have opened mass inoculation sites and expanded eligibility. But a big problem 
remains: The supply of shots isn't increasing fast enough." The reTweets, quote Tweets, 
and likes were taken directly from the original Tweet (on February 16, 2021). To make this 


misinformation, the big problem was changed to a lack of participants instead of vaccine 


supply. 
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The New York Times @ v 
@nytimes 


A team of experts selected by the WHO 
to investigate the origins of the 
coronavirus returned last week from 
Wuhan. They plan to produce a joint 
report on the virus, which they agree 
most likely originated from a lab, not an 
animal. 


2:12 PM : Feb 14, 2021 


122 Retweets 106 Quote Tweets . 345 Likes 


Q ran Q ul 


Figure 11. Tweet number five. Adapted from The New York Times (2021). 


Tweet number five was modeled directly after a Tweet posted by The New York 
Times on February 14, 2021, that stated: *A team of experts selected by the WHO to 
investigate the origins of the coronavirus returned last week from Wuhan. They plan to 
produce a joint report on the virus, which they agree most likely originated from an animal 
— and not a lab." The date, reTweets, quote Tweets, and likes were taken directly from the 
original Tweet (on February 16, 2021). In the manufactured Tweet, the virus was said to 
be manufactured in a lab (vice naturally occurring in an animal), appealing to individuals 


that believe COVID-19 was created as a bioweapon. 
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The New York Times @ v 
@nytimes 


The U.S. is slowing the pace of 
vaccination, with about 800,000 doses 
administered each day, far from reaching 
President Biden's goal. 


9:01 AM : Feb 12, 2021 


59 Retweets 12 Quote Tweets 195 Likes 


Q El Q ur 


Figure 12. Tweet number six. Adapted from The New York Times (2021). 


Tweet number six was modeled directly after a Tweet posted by The New York 
Times on February 12, 2021, that stated: “The U.S. is also picking up the pace of 
vaccination, with about 1.6 million doses administered each day, exceeding President 
Biden’s goal.” The date, reTweets, quote Tweets, and likes were taken directly from the 
original Tweet (on February 16, 2021). The number of vaccinations occurring daily, as 
well as the perceived pace (slowing vice picking up) was altered to make it appear like 


President Biden is not reaching his goal for the nation. 
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The New York Times @ v 
@nytimes 


Despite notions otherwise, COVID-19 is 
still not the leading cause of death in the 
U.S. right now. It has killed over 1,800 
Americans almost every day since April 7 
- heart disease, however, typically kills 
1,900 Americans a day, and cancer kills 
2,000. 


10:57 AM - Apr 19, 2020 


1.1K Retweets 141 Quote Tweets 2K Likes 


Q uu Q T 


Figure 13. Tweet number seven. Adapted from The New York Times (2021). 


Tweet number seven was modeled directly after a Tweet posted by The New York 
Times on April 19, 2020, that stated: “COVID-19 is arguably the leading cause of death in 
the U.S. right now. It has killed over 1,800 Americans almost every day since April 7 — 
heart disease typically kills 1,774 Americans a day, and cancer kills 1,641.” The date, 
reTweets, quote Tweets, and likes were taken directly from the original Tweet (on February 
16, 2021). This manufactured Tweet was altered to make heart disease and cancer a bigger 


threat than COVID-19. 
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The New York Times @ v 
@nytimes 


There's strong evidence that the virus, a 
coronavirus, is readily soread by humans, 
and it has been tied to a number of 
deaths. But health officials in China and 
internationally are showing little concern. 


11:46 AM : Jan 9, 2020 


3.4K Retweets 1K Quote Tweets 1.6K Likes 


OQ Q Q ur 


Figure 14. Tweet number eight. Adapted from The New York Times (2021). 


Tweet number eight was modeled directly after a Tweet posted by The New York 
Times on January 9, 2020, that stated: "There's no evidence that the virus, a coronavirus, 
is readily spread by humans, and it has not been tied to any deaths. But health officials in 
China and internationally are watching it carefully." The date, reTweets, quote Tweets, and 
likes were taken directly from the original Tweet (on February 16, 2021). The alteration of 
the original Tweet creates a narrative that world leaders knew the early dangers of COVID- 


19 and chose to ignore them. 
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The New York Times @ Vv 
@nytimes 


What's clear: A one-time social 
distancing effort would be sufficient to 
control the coronavirus, but much of the 
U.S. refuses to comply. Without an 
effective vaccine, our pandemic state of 
mind may persist well into 2021 or 2022. 


2:19 PM : May 10, 2020 


1.2K Retweets 90 Quote Tweets 1.7K Likes 


OQ n Q a 


Figure 15. Tweet number nine. Adapted from The New York Times (2021). 


Tweet number nine was modeled directly after a Tweet posted by The New York 
Times on May 10, 2020, that stated: What's clear: A one-time social distancing effort 
won't be sufficient to control the coronavirus, and it will take a long time to reach herd 
immunity. Without an effective vaccine, our pandemic state of mind may persist well into 
2021 or 2022.” The date, reTweets, quote Tweets, and likes were taken directly from the 
original Tweet (on February 16, 2021). Changing the Tweet to state that one-time social 
distancing will, in fact, be enough to combat the pandemic, transforms the original message 


to misinformation. 
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The New York Times @ Vv 
@nytimes 


Early in the coronavirus outbreak, U.S. 
authorities clamped down on information 
to make the virus look less severe, and 
the government more capable, 
thousands of secret government 
directives and other documents reviewed 
by @nytimes and @propublica show. 


7:12 AM : Dec 19, 2020 


2.5K Retweets 933 Quote Tweets 3.6K Likes 


Ọ Q Q a 


Figure 16. Tweet number ten. Adapted from The New York Times (2021). 


Tweet number ten was modeled directly after a Tweet posted by The New York 
Times on December 19, 2020, that stated: “Early in the coronavirus outbreak, Chinese 
authorities clamped down on information to make the virus look less severe, and the 
government more capable, thousands of secret government directives and other documents 
reviewed by @nytimes and @propublica show.” The date, reTweets, quote Tweets, and 
likes were taken directly from the original Tweet (on February 16, 2021). By replacing 
“Chinese” with “U.S.” authorities, we create mistrust towards our government, which is 


rooted in misinformation. 
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The New York Times @ Vv 
@nytimes 


The coronavirus vaccines will probably 
prevent you from getting sick with 
COVID-19. They won't, however, prevent 
you from becoming infected 
asymptomatically and silently spreading 
the virus. 


6:53 PM : Dec 8, 2020 


4.4K Retweets 1.5K Quote Tweets 4.5K Likes 


Q a Q a 


Figure 17. Tweet number eleven. Adapted from The New York Times (2021). 


Tweet number eleven was modeled directly after a Tweet posted by The New York 
Times on December 8, 2020, that stated: “The coronavirus vaccines will probably prevent 
you from getting sick with Covid-19. But it's not yet clear whether you can still get infected 
asymptomatically and silently spread the virus." The date, reTweets, quote Tweets, and 
likes were taken directly from the original Tweet (on February 16, 2021). Slightly changing 
the Tweet to state that the vaccine will not prevent you from catching the virus, vice 


maintaining an unsure position, turns this into subtle misinformation. 
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The New York Times @ v 
@nytimes 


The Cuomo administration undercounted 
coronavirus-related deaths at nursing 
homes by 12%, not the 50% being 
estimated in news outlets nationwide, 
New York's attorney general said. 


4:29 PM: Jan 28, 2021 


5.3K Retweets 1K Quote Tweets 7.2K Likes 


p Cl Q ur 


Figure 18. Tweet number twelve. Adapted from The New York Times (2021). 


Tweet number twelve was modeled directly after a Tweet posted by The New York 
Times on January 28, 2021, that stated: “The Cuomo administration undercounted 
coronavirus-related deaths at nursing homes by as much as 50%, New York’s attorney 
general said.” The date, reTweets, quote Tweets, and likes were taken directly from the 
original Tweet (on February 16, 2021). This misinformation alteration attempts to 
delegitimize the accusations that New York Governor Cuomo greatly underreported 


COVID-19 deaths in nursing homes, while the truth is quite the opposite. 


51 


Page 2523 of 3957 


Page 2524 of 3957 


The New York Times @ v 
@nytimes 


The pandemic has taken over most 
children's lives - shutting down in-person 
school, sports, and socializing. That has 
prompted some teenagers, who 
otherwise feel powerless, to fight back 
by verbally assaulting policy makers on 
social media, blaming them for their 
situation. 


3:24 PM : Feb 16, 2021 


969 Retweets 112 Quote Tweets 1K Likes 


Q pi Q ur 


Figure 19. Tweet number thirteen. Adapted from The New York Times (2021). 


Tweet number thirteen was modeled directly after a Tweet posted by The New York 
Times on February 16, 2021, that stated: “The pandemic has taken over most children’s 
lives — shutting down in-person school, sports and socializing. That has prompted some 
teenagers, who otherwise feel powerless, to fight back by volunteering for vaccine trials.” 
The date was taken directly from the original Tweet, while the reTweets, quote Tweets, 
and likes were randomized by the Tweet generation website. The manipulation of this 


Tweet creates misinformation by framing teenagers as rude and vindictive. 
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The New York Times o ká 
@nytimes 


House Republicans are barreling toward 

passage of President Biden's $1.9 trillion 
economic relief package, with a vote on 

the final legislation expected by the end 
of the month. 


9:01 AM : Feb 12, 2021 


1.2K Retweets . 440 Quote Tweets 7.2K Likes 


Q pg? Q T 


Figure 20. Tweet number fourteen. Adapted from The New York Times 
(2021). 


Tweet number fourteen was modeled directly after a Tweet posted by The New York 
Times on February 16, 2021, that stated: “House Democrats are barreling toward passage 
of President Biden's $1.9 trillion economic relief package, with a vote on the final 
legislation expected by the end of the month.” The date, reTweets, quote Tweets, and likes 
were randomized on the Tweet generation website. Changing "Democrats" to 
"Republicans" paints the picture that there is bipartisan support, making the overall 


message into misinformation. 


2. Memetics Used in Experimental Design 


The image macro memes used in this experiment were created by the author on the 


website https://www.imgflip.com/memegenerator. All images used were selected from the 
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“Expanding Brain" on the imgflip site, specifically under the “Popular” tab. A link to the 
meaning of each image selected is provided in the description of each meme created. The 
various content of the memes were inspired by conspiracy theories and popular 


misinformation campaigns that have been widespread throughout the current pandemic. 


EVERY OTHER COUNTRY,HAS CONTROLLED COVID 


BUT THATS NONEOF MY BUSINESS 


Figure 21. Meme number one. Adapted from Bremmer (2020). 


Meme number one was inspired by a Time article entitled “The Best Global 
Responses to COVID-19 Pandemic" (Bremmer, 2020). The article protests that, as of June 
2020, the epicenter of the pandemic was in the United States (Bremmer, 2020). Following 
that, it lists other nations that did a better job than the United States at controlling the spread 
of the virus (Bremmer, 2020). By suggesting that every other nation, not just some nations, 
have slowed the spread better than the U.S., this misinformation memetic spreads distrust 
in the U.S. Government handling of the pandemic itself. To learn more about the image 
behind this meme, visit https://knowyourmeme.com/memes/but-thats-none-of-my- 


business. 
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X HE'S THIN IKING 
ROUT OTHER: wo 


HOW COME NO ONE j 
5G” 
-19? 


Figure 22. Meme number two. Adapted from Lynas (2020). 


Meme number two was inspired by a widespread conspiracy theory that 5G is 
spreading COVID-19 via the electromagnetic spectrum (Lynas, 2020). According to 
believers, the rollout of 5G and the rapid takeover of coronavirus were identically timed, 
allowing them to link the two events together (Lynas, 2020). To learn more about the image 
behind this meme, visit https://knowyourmeme.com/memes/1-bet-hes-thinking-about- 


other-women. 
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—À—— 


PHARMA ASTHEYPRONT 


OFF COVID-19 


Figure 23. Meme number three. Adapted from Lynas (2020). 


Meme number three was inspired by the conspiracy theory that big pharmaceutical 
companies are hyping up COVID-19 to appear worse than it is in order to sell more 
products (Lynas, 2020). For example, Joseph Mercola, an anti-vax medical professional, 
was banned from Google for pushing his products through claims that they cure and 
prevent COVID-19 (Lynas, 2020). According to Lynas at Cornell Alliance for Science, 
"big pharma conspiracies are a staple of anti-vaccination narratives, so it is hardly 
surprising that they have transmuted into the age of coronavirus” (2020, sec. “COVID is a 
plot by Big Pharma) To learn more about the image behind this meme, visit 


https://knowyourmeme.com/memes/disaster-girl. 
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CORONAVIRUS 
STARTED 
WHEN A 

MAN ATE A BAT 


BILL 
GATES CREATED 
IT TO MAKE 
MORE MONEY 


imgflip.cofmn 


Figure 24. Meme number four. Adapted from Lynas (2020). 


Meme number four was inspired by the theory that Bill Gates knew about an 
impending pandemic and, either created the virus, or invested in vaccination technology to 
profit off of it (Lynas, 2020). According to QAnon and far-right political members, 
previous Bill Gates Ted talks allude to his knowledge of an impending global pandemic 
(Lynas, 2020). Some protestors to this conspiracy theory believe it is the result of Gates 
criticizing former President Trumps move to defund the World Health Organization 
(Lynas, 2020). To learn more about the image behind this meme, visit 


https://knowyourmeme.com/memes/drakeposting. 
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ACOVID-19 DEVELOPED 
AS BIOWEAPON IN 
CHINA LAB 


Figure 25. Meme number five. Adapted from Lewis (2020). 


Meme number five was inspired by a conspiracy theory that believes COVID-19 
was released from a Chinese lab as a bioweapon (Lewis, 2020). Although the true origin is 
said to be naturally occurring in Wuhan, China, former President Trump and many 
supporters claim it started in Chinese virologist Shi Zhengli’s lab (Lewis, 2020). To learn 
more about the image behind this meme, visit 


https://knowyourmeme.com/memes/distracted-boyfriend. 
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COVID-19 WILL 
BE OVER IN 2 WEEKS 


THEY CAN'T 
CLOSE THE 
ECONOMY FOREVER 


"LL JUST 
MOVE THIS 
VACATION TO 2021 


THE GOVERNMENT 
IS HANDLING THIS WELL 


Figure 26. Meme number six. Adapted from Pinsker (2021), Beals (2020), 
Bazelon (2020), & Clarke (2020). 


Meme number six was inspired by the continued question that has plagued 
American minds since March 2020: When will life be normal again? (Pinsker, 2021). 
Initially, citizens were told that COVID-19 would likely diminish in the summer of 2020 
(Beals, 2020). Following the realization that that was not the case, Americans in many 
states were in disarray over the continuous closure of the economy, wondering when that 
would reopen (Bazelon, 2020). As much of the world transitioned to 2021 still in state- 
wide lockdowns, hopeful citizens pushed their winter travel to 2021 (Clarke, 2020). The 
final section of the meme, stating “the government is handling this well,” is simply a way 


to make it appear controversial. To learn more about the image behind this meme, visit 


https://knowyourmeme.com/memes/putting-on-clown-makeup. 
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Figure 27. Meme number seven. Adapted from Lee (2020), & Naishadham et 
al. (2020). 


Meme number seven was inspired by the idea that selfishness has led to many 
infections and untimely COVID-19 related deaths. Currently, there are a number of opinion 
pieces found online that link selfishness to the deaths of loved ones. For example, on The 
Colorado Sun website, you can find an article entitled, “Selfishness during a pandemic may 
have killed my father. It shouldn't have ended this way" (Lee, 2020). Additionally, on the 


Chicago Tribune website, you will see an article titled, “Too many people are selfish: As 
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Americans resist COVID-19 restrictions, U.S. nears 5 million infections” (Naishadham et 
al, 2020). To learn more about the image behind this meme, visit 


https://knowyourmeme.com/memes/daily-struggle. 


} 


GOV GIVING 
AMERICANS OUT WACCINE _ 


WE PROMISE 
THE VACCINE IS SAFE 


Figure 28. Meme number eight. Adapted from Pitofsky (2021). 


Meme number eight was inspired by the large number of the U.S. population that 
claims they will not get the COVID-19 vaccine due to safety concerns (Pitofsky, 2021). 
According to an article on The Hill, 30% of Americans surveyed said they would not get 
the COVID-19 vaccine (Pitofsky, 2021). Of that 30%, 48% claimed they were waiting to 
review long-term effects and safety numbers (Pitofsky, 2021). Another survey conducted 
by the Center for Disease Control and Prevention states that 24% of Americans will not 
get the vaccine, 50% of said 24% were also waiting to see if it was safe (File & Mohanty, 


2021). This meme perpetuates the idea that the vaccine is not, in fact, safe, and the U.S. 
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government is giving it out anyway. To learn more about the image behind this meme, visit 


https://knowyourmeme.com/memes/who-killed-hannibal, 


THE U.S. GOVERNMENT REPORTING 
EVERY DEATH SINCE MARCH 2020 


Figure 29. Meme number nine. Adapted from Lynas (2020). 


Meme number nine was inspired by the conspiracy theory that death certificates are 
being manipulated to make all deaths a result of COVID-19 (Lynas, 2020). This conspiracy 
theory was perpetuated by Annie Bukacek, who spoke in a YouTube video describing the 
death certificate manipulation (Lynas, 2020). After amassing over 250,000 views, the 
doctor was exposed as a far-right, anti-vax activist likely speaking with an agenda (Lynas, 
2020). Despite that knowledge, many people continue to spread this message. To learn 


more about the image behind this meme, visit https://knowyourmeme.com/memes/invest- 


button. 
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WHEN YOU FIND OUT COVID-19 


DISPROPORTIONATELY 
AFFECTS MINORITIES 


Figure 30. Meme number ten. Adapted from CDC (2021). 


Meme number ten was inspired by the growing evidence that COVID-19 
disproportionately affects minorities (CDC, 2021). By placing this specific image in the 
background, it appeals to a white nationalist audience, spreading the false idea that white 
people are superior to minorities. To learn more about the image behind this meme, visit 


https://knowyourmeme.com/memes/leonardo-dicaprio-laughing. 
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| 


FINALLY 


Figure31. Meme number eleven. Adapted from Pitofsky (2020). 


Meme number eleven was inspired by the same statistics presented earlier for meme 


eight. To learn more about the image behind this meme, visit 


https://knowyourmeme.com/memes/hide-the-pain-harold. 
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Figure 32. Meme number twelve. Adapted from Klepper et al. (2021). 


Meme number twelve was influenced by the conspiracy theory that "the U.S. 
created the virus and used it to attack China" (Klepper et al., 2021, sec. “Igor Nikulin”). A 
prominent Russian political Figure, Igor Nikulin, who has supported weaponizing 
misinformation, appeared on Russian state television to spread this narrative 18 times 
between the months of January 2020 and April 2020 (Klepper et. al., 2021). To learn more 


about the image behind this meme, visit https://knowyourmeme.com/memes/steven- 


crowders-change-my-mind-campus-sign. 


65 


Page 2537 of 3957 


Page 2538 of 3957 


Figure 33. Meme number thirteen. Adapted from Lynas (2020). 


Meme number thirteen was inspired by the idea that COVID-19 isn't real. David 
Icke and Alex Jones, both of which are professional conspiracy theorist, spread the 
narrative that COVID-19 was created as “a plot by the globalist elite to take away our 
freedoms” (Lynas, 2020, sec. “COVID-19 doesn’t actually exist"). To learn more about 


the image behind this meme, visit https://www.dictionary.com/e/memes/expanding-brain- 


meme/. 
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FAUCI: COVID-19 IS WORSE THAN THE FLU 


a Q 7 


HALF OF AMERICA: cOvid 19 IS worse ThAn ThE fLU 


imgflip.com 


Figure 34. Meme number fourteen. Adapted from Lewis (2020). 


Meme fourteen was created as a response to former President Trump's claims that 
the coronavirus was “no more dangerous than the seasonal influenza" (Lewis, 2020, para. 
4). Many U.S. citizens went on to believe this claim because their leader was explicitly 
stating it (Lewis, 2020). To learn more about the image behind this meme, visit 


https://knowyourmeme.com/memes/mocking-spongebob. 


D. QUALTRICS 


To build this experiment, Qualtrics was utilized. Qualtrics is an online platform that 
allows users to build very complex surveys for use in data collection for businesses, 
research, and other organizations (Qualtrics, 2021). To build this specific experiment, a 
“Brand Administrator” type of account was purchased and used. After creating an account, 


“Create New Project” was selected and the experimental design began. 
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1. Steps to Create the Experiment Designed in this Thesis 


1. Use the default question block to create the introduction and instructions 
notification. This can be done by clicking on the Q1 and keeping the 
question type as “Multiple Choice,” ensuring the answer type is set to 
“Allow one answer,” and the number of choices is set to “2.” After filling 
in the text and answer choices, the question behavior “Skip Logic” was 
added. If an individual selects “I do not wish to participate in this 
experiment” then he/she will be taken directly to the default end page. 
Figure 35 will show what text is present in the experiment designed in this 


thesis. 


Y Introduction and PII 


Q1 


- Skip to 


End of Survey if | do not wish to participat... Is Selected 


The following survey presents a variety of Tweets and Memes, all of which use COVID-19 as their subject matter. After 
providing non-identifiable information, you will see the COVID-19 Tweets and Memes in no particular order. After 
viewing the Tweet or Meme, read the question below it and answer accordingly. At any point during the survey, should 
you decide to stop participating, just exit the window. If you exit prior to completing the survey, your data will not be 
used during experimental analysis. Thank you for your participation! 


© Continue to experiment 


© | do not wish to participate in this experiment. 


Figure 35. Question one example 


2; Click the plus sign within the first question block to add another question. 
This question will be set up exactly like the previous question but contain 
consent information, which can be reviewed in Figure 36. In this case, the 


“skip logic” is tied to “I do not consent to participate in this experiment.” 
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v HM Skip to 
End of Survey if | do not consent to partici... Is Selected 


| consent to the collection of my non-identifiable information. 
| consent to the use of my responses in experimental analysis. 


| understand that | may exit at any point and my data will be removed from experimental analysis. 


) I consent to participate in this experiment. 


) | do not consent to participate in this experiment. 
Figure 36. Question two example 


3. Click the plus sign within the first question block to add another question. 
This question is set up like the previous two. However, it asks the 
participants to provide their age group, requiring seven answer choices 
vice two. After inputting the age groups listed in Section B of this chapter, 
options for “Under 18” and “58 or older” are included. Because we are not 
measuring individuals below/above this age range, those answer choices 


contain “skip logic” that takes the participant to the end of the survey. 


Q3 


M Skip to 


End of Survey if Under 18 Is Selected 


Y fg skip to 


End of Survey if 58 or older Is Selected 
Please select your age group. 


O Under 18 
18-25 


O 26-33 


) 58orolder 


Figure 37. Question three example 
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4. Click the plus sign within the first question block to add another question. 
This question is set up like the previous three. However, it asks the 
participants to provide their gender, requiring three answer choices. In this 
case, the “skip logic" is tied to “None of the Above" because one goal of 
the experiment is to correlate survey answers to gender. If they do not fall 


into a category, we cannot correlate them properly. 


v fe Skipt 


End of Survey if None of the above Is Selected 


Please select your preferred sex (not assigned). 


Figure 38. Question four example 


5. Step 5: Click the plus sign within the first question block to add another 
question. This question is set up like the previous four. However, it asks 
the participants to provide their education level, requiring nine answer 
choices. In this case, the “skip logic” is tied to “None of the Above” 
because one goal of the experiment is to correlate survey answers to 
education level. If they do not fall into a category, we cannot correlate 


them properly. 


70 


Page 2542 of 3957 


Page 2543 of 3957 


Q6 
Y Skip to 
End of Survey if None of the above Is Selected 
Please select your current education level. 


©) High School diploma 


O Undergraduate level schooling in progress 
O Bachelor's Degree 


Graduate level sch ooung in progress 


O Doctorate Degree 


D O None of the above 


Figure 39. Question five example 


6. Create a new block by selecting “Add Block." This block will be labeled 
“No Initial Categorization (Meme 1)." Open the block add a new 
“Text/Graphic” question. Then, change the content type to graphic. 
Without adding a graphic, add a new multiple-choice question to this 
block. Because this block is labeled as *No Initial Categorization," we will 
input question set two from Section B of this chapter, which contains eight 


answer choices. The block created will look like Figure 40. 
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XM = Thesis Project v ©aa Q 
Survey Actions Distributions Data & Analysis Report 
& Edit question dB Tools v Saved at 6:18PM — Draft | Q | Preview | Publish 
= Question type F 
? = Text/ Graphic v Q100 

—————— Click to write the question text 


~ Content type Select a graphic to use for this question. 


Graphic v 


Q102 


» Format 


Show question text « 


~ Response requirements 


Why would you interact (by liking, commenting, or sharing) with this Tweet on social media (Facebook, Instagram, 
Twitter, etc.)? 


Add validation 
v Question behavior 


Ly Display logic 


? £X. Skip logi 


Figure 40. No initial categorization block example 


y^ After completing the above block, click the three dots to the right of the 
block title. Click “copy” and insert “No Initial Categorization (Meme 2)” 
into the “Please type a brief name/description of the new block:” box. 
After copying the block once, continue until you have created enough 
blocks for seven no initial categorization memes and seven no initial 


categorization Tweets. 


8. Step 8: Create a new block and label it “Initial Categorization (Meme 1).” 
Add a “Text/Graphic” question to the block and change the content type to 
graphic. Without adding a graphic, add three new multiple-choice 
questions to this block. Because this block is labeled as “Initial 
Categorization,” we will input question set one from Section B of this 
chapter, which contains three questions, one with two answers and two 
with seven answer choices. On the “IF YES” and “IF NO” questions, add 
the question behavior “Display Logic.” Click “Question,” then select the 
yes/no multiple-choice question in the block you are working in, and 
select answer choice yes/no depending on the associated question. The 


block created will look like Figure 41 below. 
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= Thesis Project v © a [^] 


Survey Actions Distributions Data & Analysis Reports 


Edit question df Tools v Savedat6:22PM_ Draft fa || remm 


& Question type ‘Add Block 5 
? 35 Text / Graphic v 

*» Block30 
= » Content type 


C) 0100 
Graphic. M Click to write the question text 


Select a graphic to use for this question 


Choose graphic 


v Format 
Show question text €` åm 
~ Response requirements Would you interact with this Tweet on social media (Facebook, Instagram, Twitter, etc.) by liking, commenting, or 


sharing the post? 
Add validation 


) Yes 
~ Question behavior ) No 
1. Display logic 
> ^ Skin lncie E 
XM =_ Thesis Project v OA [4] 
Survey Actions Distributions ^ Data&Analyss Reports 
B Edit question G Tools v — SavedatG22PM — Draft Q Preview 
=] ji ^ 
ES Question type 
gan 
ge | Æ T Graphic v "— 
E ~ B 
E + Content type 
f Would you interact with this Tweet on social media (Facebook, Instagram, Twitter, etc.) by liking.. Yes is Selected 
Graphic v 


If YES, why would you interact with this Tweet on social media? 


Choose graphic 
+ Format 


Show question text @> 


~ Response requirements 


Add validation 
~ Question behavior 


1, Display logic 


Figure 41. Initial categorization block example 


9. After completing the above block, click the three dots to the right of the 
block title. Click “copy” and insert “Initial Categorization (Meme 2)" into 
the “Please type a brief name/description of the new block:” box. After 
copying the block once, continue until you have created enough blocks for 


seven initial categorization memes and seven initial categorization Tweets. 
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10. At the top of the webpage, click the three lines next to the Qualtrics logo. 
After clicking, select the *Library" from the drop down. Click on 
"Graphic Library" right below the logo and three lines. 


11. Click “New Folder” and title it “No Initial Categorization Memes.” Then, 
hit “Upload Graphic” and upload the seven images that will be used for 
the “No Initial Categorization Memes.” After they are uploaded, click the 
gray box under the first image and label it “NIC M1,” which stands for 
“No Initial Categorization Meme 1.” Label the remaining six images, 


ensuring to change the number after each “M.” 


12. Repeat step 11 until folders for “No Initial Categorization Tweets,” 
“Initial Categorization Memes,” and “Initial Categorization Tweets” are 
complete. Ensure that the picture labeling is altered in each new folder, 
accurately depicting what graphic folder and graphic number it is 


assigned. 


= Anthony Canan v © a [| 


Graphics Library Files Librar 
s} Upload Graphic 


Description, Ascending - 


Figure 42. Complete Qualtrics image library 


13. Return to your project. On the block titled “No Initial Categorization 
(Meme 1),” click on the empty “Text/Graphic” question. Click “Choose 
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graphic." Match the block title to the graphic label. For example, click the 


image labeled *NIC M1" and it will automatically appear in the question. 


14. Move to the next empty block and repeat step 13, ensuring that the block 
title and the graphic title match. Continue until all 28 blocks have graphics 


inserted. 


15. Add a final block with a “Text Entry" question. This question alerts the 
participant that the survey is over and that all information they were 
presented with was false. It also requires that they acknowledge that they 
viewed misinformation and are complete with the survey. See Figure 43 


for an example. 


XM = _ Thesis Project v O) A [.] 
Survey T R 
EJ Edit block £ Tools v Saved at 6:22PM — Draft ja | Preview 
a a 
= » Block behavior 
~ — Block29 

? 2G Question randomization 
Q99 

© Loop & merge 


This concludes the survey. 


v Format 
All Tweets and Memes presented included false information. The Tweets were modeled directly after The New York 


GR NextPrevious button text Times Twitter page, with a handful of words manipulated. The Tweets were created using www.tweetgen.com. The 
Memes were influenced by common misinformation or conspiracy theories surrounding COVID-19. The Memes were 
created using www.imgflip.com 


Thank you for your participation. 


Please type "done" in the below text box and hit the final blue enter button 


Import from library -+ Add new question 


Figure 43. End of survey acknowledgement 


16. Click on the "Survey Flow" icon on the left side of the screen. Currently, 
all the blocks will be left justified in a single line. In order to get the 
survey to flow like the diagram in Section B, adjustments need to be 
made. Click *Add a New Element Here" and select *Randomizer." On the 
new element, click “Evenly Present Elements." Under your new element, 


click “Add a New Element Here" and select “Randomizer” again. Again, 
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XM 


Survey 


(5) 
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click “Evenly Present Elements” on the newest “Randomizer.” Finally, 
under your newest element, hit “Add a New Element Here” and select 
“Randomizer” for a third time. Under the third “Randomizer,” click “Add 
a New Element Here” and select “Block.” Add all seven blocks for “No 


Initial Categorization (Meme X)" here. See Figure 44 for an example. 


= Thesis Project v 


Actions Distributions Data & Analysis Reports 
Survey flow Draft 


Show Block: Introduction and PII (5 Quess 


B 


Randomizer 
Randomizer 
Randomizer 


Show Block: No Initial Categorization (Meme 1) (2.0 
Show Block: No Initial Categorization (Meme 2) (2 O 
Show Block: No Initial Categorization (Meme 3) (2 Question 
Show Block: No Initial Categorization (Meme 4) (2 Questo 
Show Block: No Initial Categorization (Meme 5) (2 Questia 
Show Block: No Initial Categorization (Meme 6) (2 Questio 


Show Block: No Initial Categorization (Meme 7) (2.0 


Figure 44. First set of the survey flow 


Under your second “Randomizer,” not the most right justified, click “Add 
a New Element Here,” and select another “Randomizer.” Under the new 
“Randomizer,” add all seven of the “Initial Categorization (Meme X)” 


blocks. See Figure 45 for an example. 
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Thesis Project v 


Data & Analysis Reports 


Survey flow Draft 


Show Block: No Initial Categorization (Meme 7) (2 Questions} 


+ Add a New Element Here 


Show Block: Initial Categorization (Meme 1) (4 Questions 
Show Block: Initial Categorization (Meme 2) (4 Question 
Show Block: Initial Categorization (Meme 3) (4 Questions 
Show Block: Initial Categorization (Meme 4) (4 Question 
Show Block: Initial Categorization (Meme 5) (4 Questions’ 
Show Block: Initial Categorization (Meme 6) (4 Question 
Show Block: Initial Categorization (Meme 7) (4 Questions) 


+ Add a New Element Here 


Figure 45. Second set of the survey flow 


Under the left most justified “Randomizer,” select “Add a New Element.” 


Click “Evenly Present Elements.” 


Add an additional “Randomizer” onto the newest “Randomizer” created in 
step 17. Under the newest randomizer, add all seven of the “No Initial 
Categorization (Tweet X)” blocks. Repeat this step by adding another 
“Randomizer” and all seven of the “Initial Categorization (Tweet X)” 
blocks. 


On the left most justified line, add a final new element as a “Block” and 


select “Show Block: End of Survey Acknowledgement.” 


In the top right corner, select the “Preview” button and ensure the survey 


is working as intended. The first page will look like Figure 46. 
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Restart Survey | Go to Bookmark Clear Mobile viewon @& Tools v 


The following survey presents a variety of Tweets and Memes, all of which use COVID-19 ae ae 


as their subject matter, After providing non-identifiable information, you will see the COVID- . . 
The following survey presents a variety 


of Tweets and Memes, all of which use 
COVID-19 as their subject matter. After 
providing non-identifiable information, 
you will see the COVID-19 Tweets and 
Memes in no particular order, After 
Continue to experiment viewing the Tweet or Meme, read the 


question below it and answer 


19 Tweets and Memes in no particular order. After viewing the Tweet or Meme, read the 
question below it and answer accordingly. At any point during the survey, should you decide 
to stop participating, just exit the window. If you exit prior to completing the survey, your 
data will not be used during experimental analysis. Thank you for your participation! 


accordingly. At any point during the 
survey, should you decide to stop 
participating, just exit the window. If you 
exit prior to completing the survey, your 
data will not be used during 


| do not wish to participate in this experiment. 


experimental analysis. Thank you for 


ER your participation! 


Continue to experiment 


| do not wish to participate in this 
experiment. 


Figure 46. Preview of the survey 


2. Testing the Survey 


Once the Qualtrics building portion was complete, the survey was tested by four 


individuals, verifying that it works as intended. No results were recorded. 


E. LIMITATIONS 


The greatest limitation to this experimental design is the use of one type of meme. 
As mentioned previously, memes encompass a wide array of digital objects. This 
experiment, however, is only designed to draw correlations with image macro memes. 
Additionally, this experiment uses Tweets that only include text blurbs. On Twitter, users 
can imbed images and links, which may affect the way users interact with the digital 
objects. Finally, the experiment is designed to be run online using Mechanical Turk or a 
similar experiment platform. While these platforms are used to run many experiments, 
individuals of certain socio-economic statuses may not have means to access and perform 


the experiment, possibly removing a large audience from survey results. 
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V. FUTURE WORK, IMPLICATIONS, CONCLUSION 


A. FUTURE WORK 


First and foremost, it is recommended that this experiment be run to its fullest 
capacity. Once conducted, it is recommended that researchers adjust the type of meme to 
test for correlations between type and the selected independent variables. Additionally, it 
is recommended that the Tweets be imbedded with images or links to see if that affects 
participant interaction rate. Finally, it is recommended that the experiment be conducted 
world-wide to determine if various nations respond differently to the use of Tweets and 


memes to spread false information. 


B. IMPLICATIONS 


Throughout this thesis, it has been made apparent that memes are wide-scale 
information dissemination tools that are poorly understood by much of academia. Despite 
that, memes are being utilized to spread false narratives on a global scale. While research 
suggests that memes reach depths greater than traditional images, and misinformation gets 
shared at far greater rates than true information, there is extremely limited text detailing 
who is responsible for this phenomenon. The experiment designed in this thesis will add to 
a new body of work that attempts to determine who is influenced by and propagates the 
majority of Tweet and meme information disorder. After conducting the experiment and 
drawing correlations, the relationships identified can be acted upon on both a defensive 


and offensive level by a multitude of entities. 


If it is noted that certain genders, age groups, or education levels interact with and 
believe false information at greater rates than others, individuals and organizations, like 
the military, will be able to create and conduct targeted information disorder training. As a 
defensive tactic, said organizations can protect their at-risk members from falling victim to 
and propagating memes that involve information disorder. Whether it be political, 
extremist, social-activist, or marketing based, the results of this experiment, when properly 
acted upon, can help curb the belief and spread of dangerous narratives related to those 
topics. 
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This experiment has extreme potential in the offensive realm. As noted throughout 
this thesis, other countries have begun using meme information disorder on American 
citizens. However, it is unlikely that they know who is most influenced by the narratives 
that they spread. The military would be able to infiltrate adversary social media platforms 
(which are different than the popular ones in the United States) and imbed information 
disorder that spreads a western narrative. Additionally, marketing firms can utilize the 
same tactics to reach greater levels of exposure, likely boosting sales. Conducting the 
experiment detailed in the previous chapter has the ability to show a more effective route 
to meme influence when targeting a hostile audience and provide a method for identifying 


potential vulnerabilities to nefarious actors’ attempts to target domestic audiences. 


C. CONCLUSION 


The use of social media has been growing every year since inception. With that, 
individuals, organizations, businesses, and nations have created clever ways to spread 
messages to large audiences. However, in the last decade, those same entities have begun 
utilizing social media to spread false narratives that fit their agenda. Using Tweets and 
memes, non-state and state actors have successfully influenced elections, incited riots, and 
increased membership. Current academic research does not describe who is most 
susceptible to this new type of information disorder. For that reason, the experiment 
detailed in this thesis was designed. When conducted, it will reveal correlations between 
the acceptance and propagation of false information spread through Tweets and memes and 
the age group, gender, and education level of those most likely to interact with the false 
information. Once complete, defensive and offensive measures can be put in place by 
individuals, organizations, businesses, and nations to defend or attack the most at-risk 


groups. 
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Quantico, Va. 


FOR IMMEDIATE RELEASE CONTACT: NCISPUBLICAFFAIRS@NCIS.NAVY.MIL 
RELEASE: 02-23-01 
FEBRUARY 23, 2024 


NCIS LEADS COUNTERINTELLIGENCE INVESTIGATION RELATING TO 
ESPIONAGE 


The Naval Criminal Investigative Service (NCIS) is leading a counterintelligence investigation 
of U.S. Navy Chief Petty Officer Bryce Pedicini, assigned to USS HIGGINS (DDG 76), 
involving several violations of the Uniform Code of Military Justice relating to espionage. 
NCIS Office of Special Projects and the NCIS Far East Field Office detained and 
questioned Pedicini on May 19, 2023, after being suspected of removing classified information 
from U.S. Navy secure spaces and passing them to a representative of a foreign government as 
early as November 2022. Pedicini was arrested by NCIS in May 2023 and placed into pre-trial 
confinement by his command. He is awaiting a General Court Martial in San Diego, Calif. 
On Sept. 22, 2023, charges were preferred against Pedicini by U.S. Navy Region 

Legal Service Office Southwest for violations of: 

e Article 103a (Espionage/Attempted Espionage) 

e Article 134 (Communicating Defense Information) 

e Article 92 (Failure to Obey a Lawful General Order) 

e Article 80 (Attempted Violation of a Lawful General Order) of the Uniform 

Code of Military Justice 
These charges include allegations that Pedicini delivered classified and national defense 
information to a representative of a foreign government with reason to believe it would be 
harmful to the United States or advantageous to the foreign nation. 
A preliminary hearing officer found there was sufficient probable cause to believe 

Pedicini committed the above-listed violations and recommended additional charges pertaining 


to conspiracy and unauthorized access on Dec. 14, 2023. The Convening Authority, Commander, 
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Naval Surface Force, U.S. Pacific, referred charges to a general court martial on Feb. 13, 2024. 
A tentative trial date is scheduled for April 2024. 

This investigation is part of the ongoing efforts by NCIS to prevent the exploitation of 
U.S. Navy personnel by foreign adversaries. As the primary investigative and counterintelligence 
arm of the Department of the Navy, NCIS ensures the continued advantage of the Department of 
Defense and the Navy over foreign adversaries by conducting complex counterintelligence 
investigations and other sensitive national security matters involving the Navy and Marine 


Corps. 


HHH 


Page 2565 of 3957 


Page 2566 of 3957 


Foreign Economic Espionage in Cyberspace 


— 
I 1 
I 1 
—— i en e- = 
- I I ae => 7 
à - fl 


9 FJJXXLLL 


Page 256/ ef 3957 


* 
* 


Ne 


; NCSC - Ts J 


"ep STATES OF Roe 


Page 2567 of 3957 


Page 2568 of 3957 


Contents 


Executive Summary e 1 
Scope Note e 2 
|. The Strategic Threat of Cyber Economic Espionage * 4 


Il. Threats from Foreign Countries e» 5 
China: Persistent Cyber Activities e 5 
Russia: A Sophisticated Adversary * 8 
Iran: An Increasing Cyber Threat e 9 


Targeted Technologies e 11 


Ill. Emerging Threats e 12 
Software Supply Chain Operations e 13 
Foreign Laws Could Enable Intellectual Property Theft e 13 


Foreign Technology Companies With Links to Host Governments e 14 


Annex - Decreasing the Prevalence of Economic or Industrial 


Espionage in Cyberspace * 15 


Page 2568 of 3957 


Page 2569 of 3957 


Executive Summary 


In the 2011 report to Congress on Foreign Spies Stealing U.S. Economic Secrets in Cyberspace, 

the Office of the National Counterintelligence Executive provided a baseline assessment of the 
many dangers facing the U.S. research, development, and manufacturing sectors when operating in 
cyberspace, the pervasive threats posed by foreign intelligence services and other threat actors, and 
the industries and technologies most likely at risk of espionage. The 2018 report provides additional 
insight into the most pervasive nation-state threats, and it includes a detailed breakout of the 
industrial sectors and technologies judged to be of highest interest to threat actors. It also discusses 
several potentially disruptive threat trends that warrant close attention. 


This report focuses on the following issues 


Foreign economic and industrial espionage against the United States continues to represent a significant 
threat to America's prosperity, security, and competitive advantage. Cyberspace remains a preferred 
operational domain for a wide range of industrial espionage threat actors, from adversarial nation- 
states, to commercial enterprises operating under state influence, to sponsored activities conducted 
by proxy hacker groups. Next-generation technologies, such as Artificial Intelligence (Al) and the 
Internet-of-Things (loT) will introduce new vulnerabilities to U.S. networks for which the cybersecu- 
rity community remains largely unprepared. Building an effective response will require understanding 
economic espionage as a worldwide, multi-vector threat to the integrity of the U.S. economy and 
global trade. 


Foreign intelligence services—and threat actors working on their behalf—continue to represent the most 
persistent and pervasive cyber intelligence threat. China, Russia, and Iran stand out as three of the 
most capable and active cyber actors tied to economic espionage and the potential theft of U.S. trade 
secrets and proprietary information. Countries with closer ties to the United States also have con- 
ducted cyber espionage to obtain U.S. technology. Despite advances in cybersecurity, cyber espio- 
nage continues to offer threat actors a relatively low-cost, high-yield avenue of approach to a wide 
spectrum of intellectual property. 


A range of potentially disruptive threat trends warrant attention. Software supply chain infiltration already 
threatens the critical infrastructure sector and is poised to threaten other sectors. Meanwhile, new 
foreign laws and increased risks posed by foreign technology companies due to their ties to host gov- 
ernments, may present U.S. companies with previously unforeseen threats. 


Cyber economic espionage /s but one facet of the much larger, global economic espionage challenge. 
We look forward to engaging in the larger public discourse on mitigating the national economic harm 
caused by these threats. 
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Scope Note 


This report is submitted in compliance with the National Defense Authorization Act for Fiscal Year 
2015, Section 1637 which requires that the President annually submit to Congress a report on foreign 
economic espionage and industrial espionage in cyberspace during the 12-month period preceding 
the submission of the report. 


Definitions of Key Terms 


For the purpose of this report, key terms were defined according to definitions provided in Section 
1637 of the National Defense Authorization Act for Fiscal Year 2015. 


Economic or Industrial Espionage means (a) stealing a trade secret or proprietary information or 
appropriating, taking, carrying away, or concealing, or by fraud, artifice, or deception obtaining, a 
trade secret or proprietary information without the authorization of the owner of the trade secret or 
proprietary information; (b) copying, duplicating, downloading, uploading, destroying, transmitting, 
delivering, sending, communicating, or conveying a trade secret or proprietary information with- 
out the authorization of the owner of the trade secret or proprietary information; or (c) knowingly 
receiving, buying, or possessing a trade secret or proprietary information that has been stolen or 
appropriated, obtained, or converted without the authorization of the owner of the trade secret or 
proprietary information. 


Cyberspace means (a) the interdependent network of information technology infrastructures; and (b) 


includes the Internet, telecommunications networks, computer systems, and embedded 
processors and controllers. 


Contributors 


The National Counterintelligence and Security Center (NCSC) compiled this report, with close sup- 
port from the Cyber Threat Intelligence Integration Center (CTIIC), and with input and coordination 
from many U.S. Government organizations, including the Central Intelligence Agency (CIA), Defense 
Cyber Crime Center (DC3), Defense Intelligence Agency (DIA), Defense Security Service (DSS), 
Department of Energy (DoE), Department of Defense (DoD), Department of Homeland Security 
(DHS), Department of State (DoS), Department of Treasury (Treasury), Federal Bureau of Investiga- 
tion (FBI), National Cyber Investigative Joint Task Force (NCIJTF), National Geospatial-Intelligence 
Agency (NGA), National Reconnaissance Office (NRO), National Security Agency (NSA), and Office 
of the Director of National Intelligence (ODNI). 
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I. The Strategic Threat of Cyber Economic Espionage 


Foreign economic and industrial espionage against the United States continues to represent 

a significant threat to America's prosperity, security, and competitive advantage. Cyberspace 
remains a preferred operational domain for a wide range of industrial espionage threat actors, from 
adversarial nation-states, to commercial enterprises operating under state influence, to sponsored 
activities conducted by proxy hacker groups. Next-generation technologies such as Artificial 
Intelligence (Al) and the Internet-of- Things (loT) will introduce new vulnerabilities to U.S. networks 
for which the cybersecurity community remains largely unprepared. Building an effective response 
demands understanding economic espionage as a worldwide, multi-vector threat to the integrity of 


the U.S. economy and global trade. 


The United States remains a global center for research, development, and innovation across multiple 
high-technology sectors. Federal research institutions, universities, and corporations are regularly 
targeted by online actors seeking all manner of proprietary information and the overall long-term 


trend remains worrisome. 


While next generation technologies will introduce a range of qualitative advances in data storage, 
analytics, and computational capacity, they also present potential vulnerabilities for which the 
cybersecurity community remains largely unprepared. The solidification of cloud computing over the 
past decade as a global information industry standard, coupled with the deployment of technologies 
such as Al and loT, will introduce unforeseen vulnerabilities to U.S. networks. 


e Cloud networks and loT infrastructure 
are rapidly expanding the global online 
operational space. Threat actors have 
already demonstrated how cloud can be 
used as a platform for cyber exploitation. 
As loT and Al applications expand to 
empower everything from “smart homes’ 
to “smart cities” billions of potentially 
unsecured network nodes will create an 
incalculably larger exploitation space for 
cyber threat actors. 


$ 


e Lack of industry standardization during 
this pivotal first-generation deployment 
period will likely hamper the development 
of comprehensive security solutions in the 
near-term. 


Building an effective response demands 
understanding economic espionage 

as a worldwide, multi-vector threat to 
the integrity of both the U.S. economy 
and global trade. Whereas cyberspace 

is a preferred operational domain for 
economic espionage, it is but one of 
many. Sophisticated threat actors, such as 
adversarial nation-states, combine cyber 
exploitation with supply chain operations, 
human recruitment, and the acquisition 

of knowledge by foreign students in U.S. 
universities, as part of a strategic technology 
acquisition program. 
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II. Threats from Foreign Countries 


Foreign intelligence services—and threat actors working on their behalf—continue to represent the 
most persistent and pervasive cyber intelligence threat. China, Russia, and Iran stand out as three 
of the most capable and active cyber actors tied to economic espionage and the potential theft of 
U.S. trade secrets and proprietary information. Countries with closer ties to the United States have 
also conducted cyber espionage to obtain U.S. technology. Despite advances in cybersecurity, cyber 
espionage continues to offer threat actors a relatively low-cost, high-yield avenue of approach to a 
wide spectrum of intellectual property. 


We anticipate that China, Russia, and lran will remain aggressive and capable collectors of sensitive 
U.S. economic information and technologies, particularly in cyberspace. All will almost certainly 
continue to deploy significant resources and a wide array of tactics to acquire intellectual property 
and proprietary information. 


Countries with closer ties to the United States have conducted cyber espionage and other forms of 
intelligence collection to obtain U.S. technology, intellectual property, trade secrets, and proprietary 
information. U.S. allies or partners often take advantage of the access they enjoy to collect sensitive 
military and civilian technologies and to acquire know-how in priority sectors. 


China: Persistent Cyber Activities 


China has expansive efforts in place to acquire U.S. technology to include sensitive trade 

secrets and proprietary information. It continues to use cyber espionage to support its strategic 
development goals—science and technology advancement, military modernization, and economic 
policy objectives. China's cyberspace operations are part of a complex, multipronged technology 
development strategy that uses licit and illicit methods to achieve its goals. Chinese companies and 
individuals often acquire U.S. technology for commercial and scientific purposes. At the same time, 
the Chinese government seeks to enhance its collection of U.S. technology by enlisting the support 
of a broad range of actors spread throughout its government and industrial base. 
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China's Strategic Goals 
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e e China uses individuals for whom science or business is their primary profession to target and 
an 2a E 
aa^ Non-Traditional Collectors acquire US technology. 


9 Joint Ventures (JV) China uses JVs to acquire technology and technical know-how. 
: . China actively seeks partnerships with government laboratories-such as the Department of Energy 
Research partnerships labs-to learn about and acquire specific technology, and the soft skills necessary to run such facilities. 
iu China uses collaborations and relationships with universities to acquire specific research and 
[ | Academic Collaborations gain access to high-end research equipment. Its policies state it should exploit the openness 
of academia to fill China's strategic gaps. 
S&T Investments China has sustained, long-term state investments in its S&T infrastructure. 


China seeks to buy companies that have technology, facilities and people. These sometimes 
end up as Committee on Foreign Investment in the United States (CFIUS) cases. 


China uses front companies to obscure the hand of the Chinese government and acquire export 
controlled technology. 


China uses its talent recruitment programs to find foreign experts to return to China and work 
on key strategic programs. 


" ; The Ministry of State Security (MSS), and military intelligence offices are used in China’s 
* Intelligence Services technology acquisition efforts. 
-h^ Legal and Regulatory China uses its laws and regulations to disadvantage foreign companies and advantage its 
ze| Environment own companies. 
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The Intelligence Community and private sector security experts continue to identify ongoing 
Chinese cyber activity, although at lower volumes than existed before the bilateral September 
2015 U.S.-China cyber commitments. Most Chinese cyber operations against U.S. private industry 
that have been detected are focused on cleared defense contractors or IT and communications 
firms whose products and services support government and private sector networks worldwide. 
Examples of identified ongoing Chinese cyber activity include the following: 


According to several cyber intelligence 
companies, in 2017 the China-associated 
cyber espionage group APT10 continued 


widespread operations to target engineering, 


telecommunications, and aerospace 
industries. APT10 targeted companies 


across the globe, including the United States, 
using its exploitation of managed IT 
service providers as a means to conduct 
such operations. 


Cybersecurity researchers have found 

links between Chinese cyber actors 

and a back door in the popular CCleaner 
application that allowed the actors to target 
U.S. companies, including Google, 
Microsoft, Intel, and VMware. 


In November 2017 PricewaterhouseCoopers 
(PWC) reported that the China-based APT, 
known as KeyBoy, was shifting its focus to 
target Western organizations. According to 
PWC, the targeting likely was for corporate 
espionage purposes. KeyBoy previously 
focused on Asian targets, according to 
commercial cybersecurity reporting. 


According to FireEye, in 2017 TEMPPeriscope 
continued targeting the maritime industry 

as well as engineering-focused entities 
including research institutes, academic 
organizations, and private firms in the United 
States. FireEye has detected sharp increases 
in targeting in early 2018 as well. 


Recent Unsealed U.S. Indictment With a Link to China 


In November 2017 Wu Yingzhuo, Dong Hao and Xia Lei, Chinese nationals and residents of 
China, were charged with computer hacking, theft of trade secrets, conspiracy, and identity 
theft. These efforts were directed at U.S. and foreign employees and the computers of 
three corporations that were victims in the financial, engineering, and technology industries 


between 2011 and May 2017 


We believe that China will continue to be a threat to U.S. proprietary technology and intellectual 
property through cyberenabled means or other methods. If this threat is not addressed, it could 
erode America's long-term competitive economic advantage. 
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The threat to U.S. technology from Russia will continue over the coming years as Moscow attempts 
to bolster an economy struggling with endemic corruption, state control, and a loss of talent 
departing for jobs abroad. Moscow's military modernization efforts also likely will be a motivating 
factor for Russia to steal U.S. intellectual property. An aggressive and capable collector of sensitive 
U.S. technologies, Russia uses cyberspace as one of many methods for obtaining the necessary 
know-how and technology to grow and modernize its economy. Other methods include the following: 


e Use of Russian commercial and academic 
enterprises that interact with the West; 


e Recruitment of Russian immigrants with 
advanced technical skills by the Russian 
intelligence services; and 


Russian intelligence penetration of public 
and private enterprises, which enable the 
government to obtain sensitive technical 
information from industry. 


Russia uses cyber operations as an instrument of intelligence collection to inform its decision- 
making and benefit its economic interests. Experts contend that Russia needs to enact structural 
reforms, including economic diversification into sectors such as technology, to achieve the higher 
rate of gross domestic product growth publicly called for by Russian President Putin. In support 

of that goal, Russian intelligence services have conducted sophisticated and large-scale hacking 
operations to collect sensitive U.S. business and technology information. In addition, Moscow uses 
a range of other intelligence collection operations to steal valuable economic data: 


e |n 2016, the hacker "Eas7" confided to 
Western press that she had collaborated 
with the Russian Federal Security Service 
(FSB) on economic espionage missions. She 
estimated that "among the good hackers, 
at least half works (sic) for government 
structures, suggesting Moscow employs 
cyber criminals as a way to make such 
operations plausibly deniable. 


e Moscow has used cyber operations to 
collect intellectual property data from 
U.S. energy, healthcare, and technology 
companies. For example, Russian 
Government hackers last year compromised 
dozens of U.S. energy firms, including their 
operational networks. This activity could 


be driven by multiple objectives, including 
collecting intelligence, developing accesses 
for disruptive purposes, and providing 
sensitive U.S. intellectual property to 
Russian companies. 


Since at least 2007, the Russian state- 
sponsored cyber program APT28 has 
routinely collected intelligence on defense 
and geopolitical issues, including those 
relating to the United States and Western 
Europe. Obtaining sensitive U.S. defense 
industry data could provide Moscow with 
economic (e.g. in foreign military sales) and 
security advantages as Russia continues to 
strengthen and modernize its military forces. 


Page 2576 of 3957 


Page 2577 of 3957 


Recent Unsealed U.S. Indictment with a Link to Russia 


In March 2017 the United States Department of Justice indicted two FSB officials and their 
Russian cybercriminal conspirators on computer hacking and conspiracy charges related 

to the collection of emails of U.S. and European employees of transportation and financial 
services firms. The charges included conspiring to engage in economic espionage and theft 


of trade secrets. 


We believe that Russia will continue to conduct aggressive cyber operations during the next year 
against the United States and its allies as part of a global intelligence collection program focused 
on furthering its security interests. Although cyber operations are just one element of Russia's 
multipronged approach to information collection, they give Russia's intelligence services a more 
agile and cost-efficient tool to accomplish Moscow's objectives. Indeed, Russian cyber actors are 
continuing to develop their cyber tradecraft—such as using open-source hacking tools that minimize 


forensic connections to Russia. 


Iran: An Increasing Cyber Threat 


Iranian cyber activities are often focused on Middle Eastern adversaries, such as Saudi Arabia and 
Israel; however, in 2017 Iran also targeted U.S. networks. A subset of this Iranian cyber activity 
aggressively targeted U.S. technologies with high value to the Iranian government. The loss of 
sensitive information and technologies not only presents a significant threat to U.S. national security. 
It also enables Tehran to develop advanced technologies to boost domestic economic growth, 
modernize its military forces, and increase its foreign sales. Examples of recent Iranian cyber 


activities include the following: 


e [he Iranian hacker group Rocket Kitten 
consistently targets U.S. defense firms, 
likely enabling Tehran to improve its already 
robust missile and space programs 
with proprietary and sensitive U.S. 
military technology. 


e  |ranian hackers target U.S. aerospace 
and civil aviation firms by using various 
website exploitation, spearphishing, 
credential harvesting, and social 
engineering techniques. 


The OilRig hacker group, which historically 
focuses on Saudi Arabia, has increased its 
targeting of U.S. financial institutions and 
information technology companies. 


The Iranian hacker group APT33 has 

targeted energy sector companies as part 
of Iran's national priorities for improving its 
petrochemical production and technology. 


Iranian hackers have targeted U.S. academic 
institutions, stealing valuable intellectual 
property and data. 
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Recent Unsealed U.S. Indictments with a Link to Iran 


In July 2017 Iranian nationals Mohammed Reza Rezakhah and Mohammed Saeed Ajily were 
charged with hacking into U.S. software companies, stealing their proprietary software, and 
selling the stolen software to lranian universities, military and government entities, and other 
buyers outside of the United States. 


In November 2017, Iranian national Behzad Mesri was charged with allegedly hacking HBO's 
corporate systems, stealing intellectual property and proprietary data, to include scripts and 
plot summaries for unaired episodes. Mesri had previously hacked computer systems for the 
Iranian military and has been a member of an lran-based hacking group called the Turk Black 
Hat security team. 


In March 2018, nine Iranian hackers associated with the Mabna Institute were charged 

with stealing intellectual property from more than 144 U.S. universities which spent 
approximately $3.4 billion to procure and access the data. The data was stolen at the behest 
of Iran's Islamic Revolutionary Guard Corps and used to benefit the government of Iran 

and other Iranian customers, including Iranian universities. Mabna Institute actors also 
targeted and compromised 36 U.S. businesses. 


We believe that Iran will continue working to penetrate U.S. networks for economic or industrial 
espionage purposes. Iran's economy—still driven heavily by petroleum revenue—will depend 

on growth in nonoil industries and we expect Iran will continue to exploit cyberspace to gain 
advantages in these industries. Iran will remain committed to using its cyber capabilities to attain 
key economic goals, primarily by continuing to steal intellectual property, in an effort to narrow the 
science and technology gap between lran and Western countries. 
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Although many aspects of U.S. economic activity and technology are of potential interest to foreign 
intelligence collectors, we judge that the highest interest is in the following areas: 


Priority Sectors / Technologies 


Energy / 


Alternative Energy 


Biotechnology 


Defense 
Technology 


Environmental 
Protection 


High-End 
Manufacturing 


Information and 
Communications 


Technology 


* Advanced pressurized water reactor 


and high-temperature, gas-cooled 
nuclear power stations 

e Biofuels 

* Energy-efficient industries 


e Advanced medical devices 

* Biomanufacturing and chemical 
manufacturing 

* Biomaterials 


* Aerospace & Aeronautic Systems 
e Armaments 


e Batteries 
* Energy-efficient appliances 
* Green building materials 


e 3D printing 

e Advanced robotics 

e Aircraft engines 

* Aviation maintenance 
and service sectors 

e Civilian aircraft 

e Electric motors 

e Foundational manufacturing 
equipment 


e Artificial intelligence 

* Big data analysis 

* Core electronics industries 

e E-commerce services 

* Foundational software products 
e High-end computer chips 

e Internet of Things 


* Oil, gas, and coalbed methane development, 
including fracking 

e Smart grids 

e Solar energy technology 

e Wind turbines 


* Biopharmaceuticals 

* Genetically modified organisms 
e Infectious disease treatment 

e New vaccines and drugs 


* Marine Systems 
e Radar 
e Optics 


e Hybrid and electric cars 
e Waste management 
e Water/air pollution control 


e High-end computer numerically 
controlled machines 

* High-performance composite materials 

* High-performance sealing materials 

e Integrated circuit manufacturing equipment and 
assembly technology 

e Space infrastructure and exploration technology 

e Synthetic rubber 


* Network equipment 

e Next-generation broadband wireless 
communications networks 

* Quantum computing and communications 

* Rare-earth materials 


Page 2579 of 3957 


Page 2580 of 3957 


III. Emerging Threats 


A range of other potentially disruptive threats warrant attention. Software supply chain infiltration 
has already threatened the critical infrastructure sector and could threaten other sectors as well. 
Meanwhile, new foreign laws and increased risks posed by foreign technology companies due to 
their ties to host governments, may present U.S. companies with previously unforeseen threats. 


Cyber threats will continue to evolve with technological advances in the global information 
environment. The following are emerging areas of concern that are likely to disrupt security 
procedures and expand the opportunities for collection of sensitive U.S. economic and 
technology information. 


Software Supply Chain Operations 


Last year represented a watershed in the reporting of software supply chain operations. In 2017 
seven significant events were reported in the public domain compared to only four between 2014 
and 2016. As the number of events grows, so too are the potential impacts. Hackers are clearly 
targeting software supply chains to achieve a range of potential effects to include cyber espionage, 
organizational disruption, or demonstrable financial impact: 


Floxif infected 2.2 million worldwide 
CCleaner customers with a backdoor. The 
hackers specifically targeted 18 companies 
and infected 40 computers to conduct 
espionage to gain access to Samsung, 
Sony, Asus, Intel, VMWare, O2, Singtel, 
Gauselmann, Dyn, Chunghwa and Fujitsu. 


Hackers corrupted software distributed by 
the South Korea-based firm Netsarang, 
which sells enterprise and network 
management tools. The backdoor enabled 
downloading of further malware or theft of 
information from hundreds of companies in 
energy, financial services, manufacturing, 
pharmaceuticals, telecommunications, and 
transportation industries. 


A tweaked version of M.E. Doc was 
infected with a backdoor to permit the 
delivery of software from the Ukrainian 
accounting firm a destructive payload 


disguised as ransomware. This attack, 
which was attributed to Russia, paralyzed 
networks worldwide, shutting down or 
affecting operations of banks, companies, 
transportation, and utilities. The cost of 
this attack to FedEx and Maersk was 
approximately $300 million each. 


A malware operation dubbed Kingslayer, 
targeted system administrator accounts 
associated with U.S. firms to steal 
credentials in order to breach the system 
and replace the legitimate application and 
updates with a malware version containing 
an embedded backdoor. Although it is not 
known which and how many firms were 


ultimately infected, at least one U.S. defense 


contractor was targeted and compromised. 
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Foreign Laws Could Enable Intellectual Property Theft 


New and enhanced cyber, national security, and import laws in effect in foreign countries are posing 
an increasing risk to U.S. technology and propriety information. For example, in 2017 China and 
Russia aggressively enforced laws that bolstered their domestic companies at the expense of 

U.S. companies and also might allow their companies access to U.S. intellectual property and 
proprietary information. 


In 2017 China put into effect a new cyber security law that restricts sales of foreign information and 
communication technology (ICT) and mandates that foreign companies submit ICT for government- 
administered national security reviews. The law also requires that firms operating in China store their 
data in China, and it requires government approval prior to transferring data outside China. The U.S. 
Chamber of Commerce has gone on record to explain that if a foreign company is forced to localize 
a valuable set of data or information in China, whether for research and development purposes 

or simply to conduct its business, it will have to assume a significant amount of risk. Its data or 
information may be misappropriated or misused, especially given the environment in China, where 
companies face significant legal and other uncertainties when they try to protect their data 

and information. 


Required Steps for U.S. Companies to Do Business in China 


1 Pass National Security Reviews for Technology and Services 
Store All Data in China 


Form Joint Venture to Open Data Center 


v 

v 

v 

4 Obtain Government Approval for Data Transfers 

wv 

5 Buy Government-Approved Encryption and Virtual Private Networks (VPNs) 


China has Access to U.S. Intellectual Property and Proprietary Information 
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Similarly, in recent years Russia has dramatically increased its demand for source code reviews for 

foreign technology being sold inside the country. Russia's Federal Security Service (FSB), associated 
with economic espionage missions in the past, serves as the authority charged with directing these 
source code reviews and approving the sale of technology products and services sold inside Russia. 


High intelligence threat countries, such as China and Russia, could exploit these laws to significantly 


improve their access to the intellectual property of foreign companies operating in their countries and 
subsequently share this sensitive information with domestic firms. 


Foreign Technology Companies with Links to Host Governments 


Foreign information and communications technology companies are often subject to foreign state 
influence. This presents a risk to U.S. trade secrets and intellectual property. These companies 
provide valuable services that often require access to the physical and logical control points of the 
computers and networks they support. These unique accesses also present an opportunity for 
foreign countries to obtain sensitive proprietary information. Recent events underscore the potential 
risks posed by technology companies that have links to foreign governments with high threat 
intelligence services: 


e Recent Chinese laws—including laws on e In December 2017 the Department of 
national security and cybersecurity—provide Justice made public an agreement with 
Beijing a legal basis to compel technology Netcracker Technology Corp. that resulted 
companies operating in China to cooperate in the company agreeing that it would not 
with Chinese security services. store sensitive information and data from its 

U.S.-based technology clients in overseas 

e In September 2017 the Department of locations, including most notably Russia. 


Homeland Security issued a directive to 
Federal departments and agencies to remove 
Kaspersky Lab products and services based 
on the information security risks posed by 
the company and its links to Russia. 
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Annex - Decreasing the Prevalence of Economic or 


Industrial Espionage in Cyberspace 


The U.S. Government (USG) continues to undertake numerous actions to counter economic 
espionage in cyberspace. Perhaps most evident are current USG efforts to protect critical 
infrastructure and other sensitive computer networks from malicious cyber activities. The USG 
also continues to work with the private sector to address science and technology gaps through 
cyber research and development as a way of mitigating the malicious activities of threat actors in 
cyberspace. The USG will continue to improve its efforts to disrupt, deny, exploit, or increase the 
costs of foreign cyber operations that are targeting the nation's most critical economic assets. 


Examples of USG actions include the following: 


e Sharing information about cyber threats, vulnerabilities, and other risks; 

e Promoting best practices, risk assessments, and capability development; 

e Improving our responses to cyber incidents; 

e Building and driving the market towards a more secure cyber ecosystem; and 


e Partnering with allies to address cyber issues. 


The USG has the capability to impose costs on adversaries who engage in economic cyber 
espionage through various actions, including diplomatic, informational, military, law enforcement, 
and economic response. The details of many of these actions are too sensitive to discuss in this 
publication; however, we have provided a few general examples that illustrate the USG's response, 
such as: 


e Public statements and attribution; 
e Diplomatic demarches; 


e Economic sanctions; and 


e Law enforcement actions. 
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Neurosecurity: 
Human Brain Electro-opticalSignals as MASINT 


by Dr. Matthew Canham and Dr. Ben D. Sawyer 


INTRODUCTION 


pplied neuroscience presently allows not only the 

Aza discovery-oriented probing of the inner 
orkings of the mind, but increasingly the probing of 

individual minds toward gathering intelligence. Significant 
advances in neuroimaging, leveraging both active and 
passive electro-optical energy, can reveal specifics of 
information held in the mind even without cooperation 
(e.g., Lange et al., 2018; Sawyer et al., 2016a). The 
processes of the brain increasingly join many other 
energetic sources from which quantitative and qualitative 
data analysis may extract identifying features and other 
useful intelligence (Sawyer & Canham, 2019). Indeed, it is 
increasingly appropriate to discuss the human brain as a 
system which can be read from, written to, and the 
operations of which may therefore be collected for 
analysis or influenced (Sawyer & Canham, 2019). Indeed, 
we argue here that we are witnessing the end of the era in 
which human thought is generally accepted as an entirely 
private process, the starting point of an unquestionably 
remarkable transition. The collection of unintended 
emissions and byproducts toward intelligence fits well 
into the mold of Measurement and Signals Intelligence, 
and indeed Measurement and Signature Intelligence 
(both MASINT, Macartney, 2001), and so we believe this 
community within the Intelligence Community is well- 
suited to discuss these new realities of neurosecurity, as 
it helped shape many formative discussions surrounding 
cybersecurity. A MASINT perspective on biological, 
neural signatures comes with the need to discuss current 
capabilities, projected technological arc, practicalities, 
and potential abuses. 


While these authors currently have no knowledge of 
remote monitoring of brain activity, multiple commercial 
entities are working toward this technology (Strickland, 
2017) in various forms. Simultaneously, evidence of 
remote interference in normal brain functioning is in the 
news. Most recently, between December 2016 and 
October 2017, at least 21 employees stationed at the U.S. 
Embassy in Havana, Cuba, reported experiencing a 
constellation of symptoms usually associated with a 


concussion or traumatic brain injury (TBI). Eighteen of 
these employees reported a sudden onset of symptoms 
coinciding with an intense chirping or ringing sound 
similar to the Indies short-tailed cricket. Symptoms 
reported by employees included difficulty hearing, 
dizziness, headaches, cognitive difficulties, difficulties 
with balance, and intense brain pressure (Kirk, 2019). A 
clinical evaluation by researchers at the University of 
Pennsylvania found structural differences between 
exposed employees and healthy controls (Verma et al., 
2019). While the clinical implications of this are currently 
unclear, it seems plausible that these employees were 
exposed to something that altered their neurological 
structures and cognitive functioning. The mystery 
continued to deepen in 2018 when an embassy employee 
stationed in Guangzhou, China, reported similar 
symptoms. While we stress that there is still considerable 
mystery surrounding these events, it does seem likely 
that these symptoms were (1) induced and (2) likely not 
the direct goal of whatever process produced the 
phenomenon. Initial examination of the victims suggests 
remote microwave energy, long known to affect temporal 
lobe function (Dyer, 2018). These phenomena provide 
potential evidence of the intentional targeting of neural 
architecture, potentially as an attack, potentially as a side 
effect to some other goal. 


Less circumspect evidence also exists. Capability to 
monitor neural activity exists given direct physical 
proximity, and remote neural monitoring may be feasible. 
Recent advances have seen remote detection of other 
biosignals once considered only measurable from direct 
physical proximity. For example, NASA’s Finding 
Individuals for Disaster and Emergency Response 
(FINDER) system uses low-power microwaves to detect 
heartbeats at great physical range (Liu et al., 2014). Core 
body temperature is now routinely monitored in crowds to 
identify individuals with infections (Ng, Kawb, & Chang, 
2004). Moreover, two categories of neuroimaging 
technology are emerging with the promise to make remote 
brain access a near-term reality. Industry groups like 
Facebook and Open Water are working to advance near- 
infrared and holographic techniques for monitoring neural 
blood flow patterns in real time (Open Water, 2018). 
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Meanwhile, Neuralink, Kernel, and others are working to 
connect the electrical activity of the brain to intermediary 
electrodes, and then to the Internet. The success of either 
of these technologies, neuroimaging at range or Internet- 
connected electroencephalography, will open a new 
universe of possibilities for the realms of MASINT, SIGINT, 
and HUMINT alike. 


CURRENT STATE OF THEART 


a brief introduction into what is currently known 

about how the brain functions. We begin with the 
neuron, the basic building block of the neural network that is 
our brain. A basic decision-making system, it takes in 
input from upstream neurons through receptors known as 
dendrites and, once a certain threshold of these signals is 
met, “fires” an action potential which travels down the 
long synapse to the synaptic gap which separates one 
neuron from another. Here, chemical signals take over, 
propagating further action potentials downstream to other 
neurons in spreading cascades of activity and activation. 
The process is a foundation for complex patterns of 
information being aggregated and processed. For example, 
while the earliest neurons to process visual information 
might only detect the presence or absence of an edge, 
neurons further downstream in visual cortex will 
aggregate the presence of an edge in a specific 
orientation or relative position and recognize this as the 
letter “K.” Further downstream, neurons will respond 
more vigorously to the letter “K” when it is placed at the 
beginning of a word as opposed to the middle or end. In 
this way, information is aggregated and processed into 
meaningful coherence. 


B: diving into the world of neuroimaging, we offer 


While there is still debate surrounding the validity of 
brain area specialization, and growing evidence for 
"network" approaches to understanding activity, at a 
coarse level, brain regions appear to be functionally 
specialized for different activities. Understanding this 
differential specialization allows for a limited, but growing, 
degree of reverse engineering of brain processes. A great 
deal of cognitive processing occurs in the neocortex, the 
outermost layer of the brain. Here, four “lobes,” 
anatomical brain regions, have been linked by research to 
functional specializations (see Figure 1, Miller & 
Cummings, 2017). The occipital lobe, or visual cortex, is 
where much of visual processing takes place. The parietal 
lobe handles spatial awareness and somatosensory 
processes which feed the brain's sense of bodily 
positioning and stimulation. For example, tickling the 
hands or feet with a feather would activate 

somatosensory processing, which would occur primarily 
in the frontal parietal lobe. The temporal lobe also sits just 
forward of the occipital lobe and below the parietal lobe, 


usually just above one's ear. The temporal lobe (aka the 
auditory cortex) processes sound and often handles long- 
term memory processing as well. Finally. the frontal lobe 
is responsible for fine motor functioning, and actions 
known as executive functions: deliberate decision-making, 
inhibitory control, attention, and working memory. If you 
are intensely concentrating on a task, then there is a high 
likelihood that you are recruiting much of your frontal 
lobe's prefrontal cortex. This final example is especially 
significant from a MASINT perspective: it has been 
suggested that when deliberately trying to deceive 
someone, the deceiver relies on his/her frontal lobe to a 
greater degree than does someone who is not attempting 
to be deceptive (Zeki et al., 2004). There is greater 
activation in the prefrontal cortex because the individual 
must inhibit the true version events and must hold two 
versions active simultaneously (Ofen et al., 2016). 
Although there is still much debate on the validity of this 
assertion, as an example it illustrates how neural 
processing might be utilized in an intelligence-gathering 
capacity. 


Parietal Lobe 


Spatial and Sensory 


Frontal Lobe 


Decisions, Attention, Memory 


Occipital Lobe 


Visual Processing 


Temporal Lobe 


Audition, Memory 


Figure 1: The neocortex or surface of the brain, 
disproportionately responsible for cognitive processing. 
is currently conceptualized as divided into functional 
regions. As with technical and social systems, useful 
MASINT consideration of these areas is in terms of 
intelligence and potential influence. Increasingly, it is 
possible to collect electro-optical energy emitted by the 
brain and, leveraging temporal and spatial dimensions, 
decode meaning and so acquire useful intelligence. 
Influence is also possible, and devices which project 
electrical force into the brain can disrupt or modify brain 
processes. 


Detectable Signals — A discussion about neuro- 
imagining should first make the distinction between 
structural and functional imaging. Structural imaging 
provides a highly detailed static image of the neuro- 


American Intelligence Journal 


Page 2587 of 3957 


Page 41 


Vol 36, No 2, 2019 


Page 2588 of 3957 


anatomical structures of an individual. When the 
researchers from the University of Pennsylvania examined 
the embassy employees and found differences in whole 
brain white matter, this difference was found through the 
analysis of static structural images (Verma et al., 2019). In 
contrast, functional imagery tends to be coarser but 
provides a dynamic series of snapshots that provide 
insight into the neural activity of an individual. While 
both techniques have relevance to MASINT applications, 
functional imaging will be the topic of focus here. Within 
the universe of functional imaging there are currently two 
types of signals, blood flow and electrical activity, that 
are detected to derive neural functioning. 


Blood Flow Signals — When neurons are active, these 
cells consume sugar and oxygen and therefore require 
replenishment. This replenishment transpires through a 
process known as hemodynamic response. Termed a 
blood-oxygen-level-dependent (BOLD) signal, this 
difference between oxygenated and deoxygenated blood 
is detectable through various means such as magnetic 
manipulation or using infrared spectrum light. Examining 
this signal using magnetism usually involves a 
technology known as functional Magnetic Resonance 
Imaging (fMRI). fMRI technology witnessed an upshot in 
usage within brain research beginning in the early 1990s 
because it was considerably less intrusive than 
comparable imaging technologies available at the time. A 
major drawback in fMRI as a MASINT technique is the 
need to immobilize a subject and capture imagery over a 
long time period (from 45 minutes to a few hours), while 
secured to a table and loaded into a magnetic resonance 
tube. Movement during imaging is highly detrimental, 
meaning that only extremely compliant individuals can be 
imaged. Finally, high tesla (a measurement of magnetism 
strength) equipment capable of high spatial and temporal 
resolution imaging is extremely expensive and often 
requires a dedicated staff, making this technology largely 
confined to use within a dedicated laboratory. These 
inconveniences notwithstanding, several researchers 
have proposed methods of employing fMRI as a means of 
deception detection (Ganis et al., 2003; Kozel et al., 2005; 
Monteleone et al., 2009: Ganis et al., 2011). Continuing 
advances in the miniaturization of this technology 
suggest this could eventually be an approach moved out 
of the laboratory and into the field (see, for example, 
Cooley etal., 2015). 


Other emerging techniques such as functional Near 
Infrared Spectroscopy (fNIRS) offer a window into more 
near-term workable solutions. Cheap, low-power, and 
portable, fNIRS utilizes the near infrared spectrum light to 
detect the BOLD signal. In the 700-900nm spectral range, 
bodily tissues are mostly transparent, allowing maximal 
detectability of the relative difference between 


oxygenated and deoxygenated hemoglobin. fNIRS utilizes 
a combination of infrared light emitters and receivers to 
parse out the BOLD signal through differences in infrared 
light intensity. These differences in light intensity can 
then be interpreted to detect and localize BOLD signals 
from specific brain regions to infer localized activity. One 
ofthe major advantages of fNIRS over fMRI from a 
MASINT perspective is the ease of use, and portability of 
these devices. Indeed, the technology is routinely held up 
as an excellent match for the demands of brain machine 
interface and field research (respective reviews are Naseer 
& Hong, 2015 and Quaresima and Ferrari, 2019). It is 
currently unclear what the ultimate detectable range using 
the infrared spectrum will be, but at present these signals 
are detected using a sensor cap worn by the subject 
which directly contacts the skin. This portability and ease 
of use would potentially allow for modern deployment in 
the debriefing of HUMINT assets by handlers or 
operational psychologists. 


Electrical Activity Signals — While neuroimaging 
techniques dependent upon blood flow offer high spatial 
resolution and the capability of localizing neural activity, 
they lack the capability of detecting activity with a high 
temporal resolution because there is an inherent lag in the 
reuptake of oxygenated hemoglobin into active neural 
regions. This delay means that events which happen very 
quickly, such as visual recognition, can be missed by 
techniques reliant on BOLD signal. In these situations, 
techniques that detect electrical activity offer an 
advantage over those that detect signals related to blood 
flow. Electrical detection techniques have very high 
temporal resolution (on the order of milliseconds), but 
because electrical fields are distorted by the scalp, they 
lack the spatial resolution that blood flow-based imaging 
techniques have. Therefore, researchers often combine 
these techniques when studying neuro phenomena. 


Techniques measuring electrical activity include deep 
brain electrodes, Electrocorticography (ECoG), and 
Electroencephalography (EEG), listed from most to least 
invasive. Brain-contact techniques utilize small probes 
(approximately 5 im thick) to directly connect to neurons 
to detect activity (Muthuswamy, 2012), and involve 
opening the skull to access the cortex. ECoG is somewhat 
less invasive, involving electrodes that rest upon the 
dura, a thin sheet of enervated tissue which contains the 
cerebrospinal fluid and the brain. Non-invasive 
techniques such as EEG detect voltage potential 
fluctuations deriving from the action potential activity 
within the neurons of the brain. Such measured 
“potentials” can be measured longitudinally over time, or 
measured relative to specific events, an approach which 
can identify specific patterns of brain activity known as 
event-related potentials (ERP). This connection between 
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outside events and brain activity 1s an excellent strategy 
to reverse engineer (to a limited degree) the brain activity 
as it relates to a specific stimulus. One of the most 
studied ERPs, the “P300” wave, is a distinctive positive 
fluctuation that occurs approximately 300 milliseconds 
after visual recognition of a stimulus. The P300 has 
therefore been proposed as a deception detection 
technique in “guilty knowledge tests." A subject wearing 
an EEG would, in such a test, be presented with visual 
stimuli in succession, and an amplified P300 of what 
occurred directly after any image recognized, and without 
the awareness or conscious control of the subject. Many 
other potentially useful ERPs exist, in the context of 
MASINT, and include error-related negativity (ERN, see 
Sawyer et al., 2016b), the P3 (see Rosenfeld et al., 1991), 
and ERN composite signals such as the multifaceted 
electroencephalographic response (MERMER, see Farwell 
& Smith, 2001), to name but a few. Indeed, while the 
present literature is focused upon individual signatures 
and their functional meeting, the overarching message 
here from a MASINT perspective is that electrical signals 
collected incidentally from brain activity can be used to 
provide actionable intelligence. 


Directing Input into the Brain — Thus far our discussion 
has centered around reading activity from the brain, but 
electromagnetic energy can also be effectively used to 
input information into the brain. A delicate system, the 
brain can be influenced or disrupted by relatively small 
amounts of kinetic or electrical energy, and indeed is 
susceptible to informational patterns (Sawyer et al., 2016a: 
Sawyer & Hancock, 2018) Transcranial Magnetic 
Stimulation (TMS) is one such technology. and uses 
magnetic energy directed toward the neocortex either to 
excite or to suppress the underlying neural region. For 
example, an individual who has their visual cortex 
(occipital lobe, see Figure 1) may experience loss or 
aberration of vision. TMS has been used for decades in 
both clinical and research contexts. Recent applications of 
this technology are striking: for example, a research group 
at the University of Washington (Jiang et al., 2019) 
employed TMS as part of an "artificial telepathy" 
apparatus. In this experiment, two subjects (the senders) 
watched the orientation of Tetris-like pieces and focused 
on whether the piece should be rotated to align its 
placement. A third subject (the receiver), located in a 
different room and unable to see the pieces, was tasked 
with deciding whether to rotate the piece. The receiver 
performed well above chance (—8196 accuracy) in deciding 
whether the piece needed to be rotated, based completely 
upon the signal he received from the senders. This 
suggests that beyond collecting actionable intelligence, 
there are presently ever-increasing opportunities for near 
engineering, potentially for influence or projecting force. 


BRAIN MACHINE INTERFACES 
INTRODUCE NEW ATTACKSURFACES 


the development of both invasive and non-invasive 

Brain-Machine Interfaces (BMIs), allowing operators 
to communicate directly with machinery (computers, 
robotics, cars, artificial limbs, etc.) using only their thoughts 
(Roelfsema et al., 2018). A quick patent search reveals that 
over 3,800 patents were filed for such technology in 2018 
(Google Patents, 2019). The intimate connection between the 
operator's brain and the controlled device opens an entirely 
new dimension of attack surfaces to be exploited by cyber 
threat actors. Information security primarily rests upon three 
pillars: Confidentiality (preventing unauthorized disclosure 
of information), Integrity (preventing unauthorized 
modification of information), and Availability (maintaining 
access to information), the so-called CIA Triangle (Wiley, 
2008). Within the context of neuro-security a breach of 
Confidentiality could potentially allow unprecedented 
access to an individual's most private data, his/her 
thoughts. A breach of Integrity would mean that an attacker 
could inject commands into a neuro-device, or alternatively 
send false feedback to the brain from the device. A failure of 
Availability would prevent a user from being able to control 
the device or receive data from it. The failures of any of 
these pillars might seem to be purely within the realm of 
science fiction; however, proof of concept attacks have 
already been demonstrated for each. 


See progress has been made in recent years in 


Reaching into the uncooperative individual’s mind to 
retrieve, or influence, information is increasingly a reality. 
Lange et al. (2018) were able to recover partial Personal 
Identification Numbers (PINs) from subjects” EEG 
(electroencephalogram) signal. Other research (Roelfsema et 
al., 2018) has demonstrated the ability to infer the words or 
concepts that an individual is thinking of, from EEG signals. 
Without the proper security, individuals using BMIs relying 
on similar signal processing would be subject to having their 
private thoughts exposed. Perhaps more disconcerting than 
breaching Confidentiality is a breach of Integrity; such a 
breach was demonstrated by Cusack et al., 2017 in a highly 
controlled environment. In this study, researchers 
conducted a Man-In-The-Middle attack against a BMI and a 
toy car and were able to intercept thought-based commands 
from the user's BMI and inject modified commandis. In this 
case they substituted the command “turn left" with “turn 
right.” If such an attack were launched against an artificial 
limb or a wheelchair (both of which can now be controlled 
with similar technology), an attacker could easily cause 
death or serious physical injury either the user or those 
around them. In a similar vein, Cusack et al. (2017) describe a 
simple modification to their integrity-focused attack of 
flooding the BMI connection with meaningless packets to 
disrupt the control channel and thereby deny the operator 
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access to the controlled device. This type of attack, properly 
timed, could lead to equally destructive results if the 
downstream device is the artificial limb or wheelchair 
mentioned above. 


FUTURE DIRECTIONS AND 
NEUROSECURITY CONCERNS 


e current state of the art in neuroimaging requires 
| that sensors be placed in very close proximity to a 
subject's cranium, a state of affairs that many other 
energetic MASINT sources once shared. Could technology 
be someday (or presently) capable of detecting neural 
signals from a distance? While the signal detection 
difficulties of such a system are great, it is within the realm of 
possibility. Even such a technology with very limited range 
would have serious implications for the Intelligence 
Community, and open the door to covert neuro-surveillance. 
A few inches might allow an apparatus to be embedded in 
surfaces, such as seating. A few meters would allow for 
neuro-surveillance of an interview at a border crossing. 
More range comes with more interesting, and concerning, 
implications. 


What about individuals who choose to use technology to 
project their neural information outward? Neuralink, and 
other industry actors, have this possibility as a direct piece 
of their value proposition. The idea of computer network- 
connected brains mirrors that of other computer network- 
connected sensors: surveillance becomes implicit in return 
for convenience. Indeed, it may be useful to consider the 
fact that surveillance capabilities of a covert microphone 
and a present generation household smart speaker are 
functionally very little. Covert or overt monitoring of neural 
activity holds many parallel possibilities, and Biafra 
mentioned remote neuroimaging is joined by technologies 
which will intentionally transmit neural information over the 
Internet, or other networks. It is extremely likely that industry 
and state actors, in the absence of legislative restraint, will 
find reason and avenues to collect and leverage such data. 
The rights of individuals to their own personal neural 
information, when transported through computer networks, 
is likely in the process of being decided presently by society 
and the courts, as rights to personal electronic information 
are a likely precedent. 


Input, as discussed above, is another fascinating dimension 
of networked neural implants. The ideas are not radical, and 
indeed Apple and Nucleus, manufacturer of cochlear 
implants, recently made 1OS the operating system 
connecting to more human implants than any other. These 
technologies join other apps which can be used to connect 
to a variety of human implants. In cochlear implants, for 
example, the intended mode of input is digital audio signals: 
it is better to listen to your phone call when beamed directly 


to your implant them through a microphone facing the phone 
speaker. However, these devices offer opportunities for 
MASINT, and for influence. Indeed, just as personal 
information and computer networks can be used for both 
surveillance and influence, it may be possible to manipulate 
overtly or covertly a target through an active neural, sensory 
nerves, or peripheral nervous system connection. 


Consider a concerted effort to expose a subject to positive or 
negative stimulation in response to specific actions. Such a 
campaign would certainly result in some level of 
conditioning. We can, for example, imagine creating 
incentives not to enter a geo-fenced location, or not to leave 
one. Threat actors with the goal of rendering a target 
ineffective in their current occupation might leverage a 
cochlear implant to arrange for painful, annoying, disturbing, 
or other negative stimulus to be inflicted whenever the target 
entered their office. They could also simply degrade the 
quality of the function of the device. Because cochlear 
implants connect to the Internet through iPhones, this could 
be accomplished through the malicious employment of code. 
Note that such an attack would leverage intelligence about 
use location from the phone, and use the same phone to 
send negative stimuli to the target through the cochlear 
implants. Of course, cochlear implants in the United States 
presently all have removable external units, and could simply 
be removed. Submitting to deafness in order to remove the 
stimuli a denial in its own right, it is worth considering that 
such a scheme would work on other implants, each with its 
own uncomfortable set of possibilities. 


Figure 2: Modern cochlear implants are now compatible 
with Apple's 1OS, which has therefore become a new and 
widely available attack surface for individuals with this type 
of sensory nerve-connected prosthesis. Neurosecurity 
questions exist regarding which central, sensory, or 
peripheral nervous system-connected devices will soon also 
be Internet-connected, and whether these have input or 
output capabilities. 


The implications of direct and potential remote neuroimaging 
are, course, not limited to intelligence, nor to influence, nor 
to negative outcomes. Neuroimaging, especially remotely, 
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might prove a particularly robust new form of biometrics, 
through the recording of an individual's neural responses to 
specific stimuli, using amenable ERPs, for example. The 
possibilities for industry, health, and human computer 
interface are monumental. Interpersonal communication 
might be revolutionized, or at least improved. However, we 
believe that this hopeful narrative must be tempered with 
understanding of the implications to individual and 
aggregate security. Major questions exist, and at present 
there are no answers. 


OPEN QUESTIONS AND CONCERNS 
SURROUNDING NEUROIMAGING AS A 
MASINT SOURCE 


reserved for experts probing scientific questions are now 

increasingly amenable to MASINT. There are presently 
multiple scenarios in which intelligence can be gathered 
through passive monitoring of the electro-optical signals 
concurrent with brain activity (blood flow and neural 
discharge patterns), and in the near future such access may 
become available at greater physical distance. These 
opportunities are joined by rapid advancements in 
understanding of the functional organization and temporal 
signaling of the brain, coupled with rapid advancement in 
occupational power and machine learning technique quite 
familiar to the MASINT community. The result is the 
beginning of an era in which neural information, and the 
machinations of the human brain, are joining many other 
systems previously made amenable to MASINT information- 
gathering approaches. Indeed, the impacts of these 
combined advances are undoubtedly fueling scattered 
conversation and innovation in the public and classified 
spheres of many countries. While some outcomes will be 
undeniably positive, we feel that there are strong signs that 
a more focused conversation needs to be held. 


| n sum, applied neuroscience techniques previously 


Recently, several U.S. embassy workers stationed at 
Guangzhou, China, have reported symptoms like those 
reported by U.S. embassy workers stationed in Cuba. Again, 
there is much controversy surrounding these reports. One 
widely held assumption is that these are in fact the result of 
some type of “neuro-attack.” Perplexing problems now arise. 
How could such an attack be detected? Every time your 
brain forms a new memory (which happens constantly), your 
brain changes in subtle and poorly understood ways. This 
constant change makes baselining incredibly challenging, 
and there remains some question as to whether this is even 
possible. Moreover, it seems likely that an *input"-based 
technology, as may be the cause, would be infinitely more 
detectable than a technology monitoring output. It seems 
evident that neuroimaging technology holds great potential 
for MASINT, and for this reason alone there is the likelihood 
that state-sponsored intelligence services will attempt to 


employ this technology as an intelligence-gathering 
technique. The high likelihood of this experimentation, and 
the relatively feasible nature of creating such a technology. 
should compel more research to be conducted on a variety 
of related neurosecurity topics. 


It seems evident that neuroimaging 
technology holds great potential for 
MASINT, and for this reason alone there is 
the likelihood that state-sponsored 
intelligence services will attempt to employ 
this technology as an intelligence-gathering 
technique. 


Beyond the fundamental question of whether neural tissue 
is amenable to gathering intelligence, or a likely target for 
projecting force, fundamental forensic questions which 
should be addressed by such a line of research are as 
follows: 


How do we ensure neurosecurity? Just as cybersecurity was 
once poorly understood, so now is neurosecurity. We must 
understand which approaches are real threats, what their 
limitations are, and develop understanding as to how our 
own state, industry, and greater public population can be 
protected. We must also begin a dialogue in scientific, 
legislative, and public spheres to address how best to 
integrate these coming realities into our society. How do we 
safeguard freedom and security when the information 
between our ears is no longer inherently our own? 


How do we detect attacks? In terms of information- 
gathering attacks, neurosecurity is likely to suffer from many 
of the same challenges as cybersecurity; by definition, a 
well-executed attack need leave no trace (see Hancock, 
Hancock & Sawyer, 2015). In terms of influence, the more 
difficult question is one of trust. What is possible in terms 
of influence, and how can we detect it? Indeed, this is the 
challenge of cyber-compromised computer systems which 
serve new masters, or have their cycles turned toward threat 
actor goals. How do we know when an individual has been 
attacked? One of the greatest challenges in the “Havana 
Syndrome" has been establishing whether something in fact 
occurred. Subjectively, patient reports align very closely 
(sudden onset, hearing a high-pitched chirping or ringing, 
difficulty concentrating and maintaining balance), but there 
is thus far no way to establish exposure conclusively. 


Is it possible to develop a baseline? In cybersecurity, 
understanding of the original state of the system is vital for 
understanding whether an intrusion has occurred, and how 
the system is compromised. If a method for detecting a 
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neuroattack is developed, it will likely involve establishing an 
analogous neural baselining. The clinical evaluation of Havana 
Syndrome victims by researchers at the University of 
Pennsylvania found structural differences between exposed 
employees and healthy controls. Specifically, structural imaging 
indicated significantly decreased levels of whole brain white 
matter, differences in regional gray and white matter volumes, 
cerebellar microstructural integrity, and functional connectivity 
in the visuospatial and auditory subnetworks (Verma et al., 
2019). While this study found differences between the exposed 
population and healthy controls, it was unable to demonstrate 
differences within patients before and after the time of exposure 
because there was no baseline created prior to their 
deployment. Another limitation of this study was that it 
focused on the structural aspects of the patients’ neural 
architectures, but not their cognitive functioning. Baselining 

to detect a neuro-attack will likely necessitate a cognitive 
functioning component, perhaps involving rapid response to 
various stimuli. Developing a baseline of cognitive functioning 
willlikelyutilize neuroimaging, forexample EEG to measure 
patient responses to stimuli over time. One of the greatest 
challenges to this will be understanding whether such 
baselining is even possible. The brain is incredibly plastic and 
changes constantly. In fact, every new memory formed causes 
changes within the brain. An unanswered question is what 
does "normal" change look like compared to *abnormal" 
change, and can these differences be detected? If they can be 
detected, is EEG the right technique, and are EEG responses to 
stimuli consistent over time? The few answers that presently 
exist come from vastly different domains in the neurosecurity 
threat to come. 


CONCLUSION: TOWARD A MASINT 
UNDERSTANDING OF THE BRAIN 


N | ASINT has existed for long enough that the 

community has witnessed many energetic signals 

oving from non-useful to pivotal. We here 

predict that the energetic emissions of the human brain will 
follow that pattern. Understanding the time frame of that 
change is difficult. It may take the entirety of our coming 
careers. It may have already happened. The cause of the 
Havana Syndrome remains a mystery at the time of this 
writing. It is also unclear whether Havana Syndrome is 
specifically the result of a neuro-weapon, or something 
entirely different. It does, however, provide the opportunity 
for a timely thought experiment, as the world will witness the 
effects of neuro-weapons in the foreseeable future. It is 
critical that tools and techniques be developed to detect the 
effects of these weapons, and to guard against them. We 
believe that the framework of MASINT, and the broader 
Intelligence Community which has such implicit interest in 
these ongoing developments, is an excellent place to begin 
this critical work. 
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IT Help Desk Technician Charged with Transferring Classified Materials to a 


Speeches 
Foreign Government 

deis AUS. government contractor was arrested on Aug. 24 based on espionage charges in a 
complaint unsealed today. Abraham Teklu Lemma, 50, a naturalized U.S. citizen of Ethiopian 
descent, of Silver Spring, Maryland, is charged with delivering national defense information to 
aid a foreign government, conspiracy to deliver national defense information to aid a foreign 
government, and the willful retention of national defense information. 
According to the criminal complaint, between on or about Dec. 19, 2022, and Aug. 7, 2023, 

oh Lemma copied classified information from intelligence reports and deleted the classification 


Xd the information, which was classified as SECRET 


terial related to & 
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and TOP SECRET, from 
specifi ge 
information without authorization. 


ure facilities at the 
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ding to the charging documents, Lemma used an encrypted application to transmit 
classified national defense information to a foreign government official associated with a 


foreign country's intelligence service. In these communications, Lemma expressed an intere: 


and willingness to assist tho foroig nt official by providing information. In ene 


governr 
ign official stated, “It's time to continue ur support; Lemma 
I” In other chats, the foreign official tasked Lemma to focus on 


communication, the f 
responded, “Roger the 


information related to particular subjects, and Lemma responded "[a]bsolutely, | have been 
focusing on that all this week..." As alleged in tha criminal complaint, the classified national 
defense information Lemma transferred to the foreign official included satellite imagery and 


other information regarding military activities in the foreign country and region. 


The two espionage charges carry a potential penalty of death or any term of years up to life in 
prison, and the willful retention charge carries a maximum penalty of 10 years in prison. A 
federal judge will determine any sentence based on the U.S. Sentencing Guidelines and other 


statutory factors 


The FBI's Washington Field Office, the State Department's Diplomatic Security Service, and the 
Justice Department's Office of the Inspector General are investigating the case. 


Assistant U.S, Attorneys Tejpal Chawla and Al 
Trial Attorneys Heather Schmidt and Kathryn DeMarc: 


andra Hughes for the District of Columbia and 
of the curity Division's 
nd Export Control Section are prosecuting the case. 


jational 
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A criminal complaint is merely an allegation. All defendants are presumed innocent until proven 
guilty beyond a reasonable doubt in a court of law. 


amma complaint Lamma affidavit 


Topics 
‘COUNTERINTELLIGENCE NATIONAL SECURITY 
Components 
National s triet of 
Related Content 

PRESSRELEASE PRESSRELEASE PRESSRELEASE 
Charges and Seizures Justice Department Maryland Woman Pleads 
Brought in Fraud Scheme, Announces Arrest, Guilty to Conspiring to 
Aimed at Denying Premises Search, and Destroy the Baltimore 
Revenue for Workers Seizures of Multiple Region Power Grid 
Associated with North Website Domains to 
Korea Disrupt Illicit Revenue 
» Son Generation Efforts of 
PANEER ated ta Democratic People's dama 


facilities in Maryland, 


tions to disrupt the Republic of Korea 


veration efforts o 


the Democratic People’s Republic ' Justice Department today 


ot Korea (DPRK or North Korea). 
generation efforts of Democr 
People's Republic of Kor 
information technology (IT) 
worker 
May 16,2024 May 16, 2024 May 14,2024 


Office of Public Affairs Office of Public Affairs Direct Line ‘Signup for Email Updates ct 
US. Department of Justice 202-514-2007 jal Media 
850 Pennsylvania Avenue, NW 


Department of Justice Main 
Washington DC 20530 


Switchboard 
202-514-2000 


QC. U.S. Department of 


&3 JUSTICE 


About Accessibility Office of the Inspector. Espanol 
General 

Archives Legal Policies & Disclaimers Vote.goy t$ 
No FEAR Act Dat 

FOIA Privacy 


Vulnerability Disclosure 


For Employees Contact USA.gov CT 


Page 2597 of 3957 


UE Anoffcial website of the United States government mw you nce v 


DOJ Menu 


iOffcos | Find Halp | Contac 


Office of Public Affairs 


Ng) us vepariment of justice [sen 


Documents Internships FOIA Contact ^ Information for Journalists 


of Pul 


Justice.zov > Offi 
Transmitting Sensitive U.S. Military Information To Chinese Intelligence 


I's > News > Press Releases > US. Navy Sailor Sentenced To 27 Months In Prison For 


News PRESS RELEASE 


All News U.S. Navy Sailor Sentenced to 27 
Months in Prison for Transmitting 
Sensitive U.S. Military Information to 
Chinese Intelligence 


Blogs 


Photo Galler 


Podcasts 


Tia linit Monday, January 8, 2024 For Immediate Release 


; Ex Office of Public Affairs 


Videos 


Sp 


AUS. Navy service member was sentenced today to 27 months in prison and ordered to pay a 
55,500 fine for transmitting sensitive U.S. military information to an intelligence officer from the 


People's Republic of China (PRC) in exchange for bribery payments. 


rding to court documents. Petty Officer Wenheng Zhao, 26, aka Thomas Zhao. of M 
Park, California, pleaded guilty in October 2023 to one count of conspiring with the intelligence 


terey 


ES officer and one count of receiving a bribe. 


Mr. Zhao betrayed his solemn oath to defend his country and endangered those who serve in 


the US. military; said Assistant Attorney General Matthew G. Olsen of the Justice Department's 
National Security Division. "Today, he is being held to account for those crimes. The Justice 
ParaNaticiaz en Exnañal Department is committed to combatting the Chinese government's efforts to undermine our 


nation’s security and holding accountable those who violate our laws as part of those efforts; 


ray untry and disgraced himselt when he a 
officer with the People's Republic of China; said U.S. Attorney Martin Estrada for the Central 
District of California. "As a result, he has now be; 


opted bribes from en intelligence. 


joved from the military and will serve time 


my office will swiftly act to root out and punish 
those who seek to undermine our nat 


' security 


"Make no mistake, the PRC is engaged in an aggressive the national 


security of the U.S. and its partners; said Executive As sa L Knapp of the 
FBI's National Security Branch. “Zt our country and put 
others at risk by providing sensitive U.S. information to a PRC intelligence official. The Chinese 
Communist Party has repeatedly shown it will freely break any law or norm to achieve a 

igence advantage. Today's sentenci s yet again, the inability of 
ion el partners from apprehending and 


chose to betray the oath 


perceived int 
Chin 
pro 


to prevent the FBI and cur vi 


telligence S 
uting the spies China recruits” 


“Mr Zhao betrayed his oath to the United States and deserves 
accepting bribes in exchange for transmitting sensitive US. 
intelligence officer from the People’s Republic of China,” sald Acting Special Agent in Charge 
tigative Service [NI 
will continue to leverage its unique law enforcement and counterintelligance authorities 
vigorously pursue those who attempt to compromi 
grateful to the FBI and Department of Justice for their substantial assistance to this lengthy 
tigation and greatly appreciate our continued partnership. 


(d fully accountable 


military information to an 


Angel Cruz of the Naval Criminal Inv ] Office of Special Projects. "NCIS 


‘our national security in 


Zhao, who worked at Naval Base Ventura County in Port Hueneme and held a U.S. security 
ne to collect and transmit ser 


clearance, engaged in a corrupt sel 
information ta the intelligence oí 


itive U.S. military 
icer in violation of his official dutie: 


Between August 2021 and at least May 2023, Zhao received at least $14,866 in at least 14 
separate bribe payr 
secretly collected and transmitted to the intelligence officer sensitive, non-public information 


rom the intelligence officer. In exchange for the illicit payments, Zhao 


regarding U.S. Navy operational security, military trainings and exercises, and critical 


Infrastructure, Zhao entered restricted military and naval installations to collect and record this 


Information, 


Zhao transmitted plans for e large-scale maritime training exercise in the Pacific theatre, 
operational orders and electrical diagrams and blueprints for a Ground/Air Task Oriented Radar 
system located in Okinawa, Japan, 


He used sophisticated encrypted communication methods to transmit the information. He also 


des ice officer. Zhao's conduct. 


'oyed evidence and concealed his relationship with the intellige 


violated his official duties to protect such information and the oath he swore to protect the 
United States. 


The FBI Los Angelas Field Offi 
the Investigation, IRS-Criminal Inv 


xunterintelligence and Cyber Division and NCIS conducted 


igation provided substantial assistance, 
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tor the Central District of California and Trial Attorney Adam Barry of the National Security 
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A US. Navy service mambar pleaded guilty today to federal felony offenses and admitted ho 
transmitted sensitive U.S. military information to an intelligence officer from the People's 
Republic of China (PRO) in exchange for bribery payment: 

Petty Officer Wenheng Zhao, 26, aka Thomas Zhao, of Monterey Park, California, pleaded guilty 
to conspiring with the intelligence officer and receiving a bribe. 

Archived News Zhao, who worked at Naval Base Ventura County in Port Huoname and held a US. security 


ollect and trans ie US. 


clearance, admitted he enge 
military information to the intelligence officer in viol 


ied in a corrupt scheme to 
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"The intelligence services of the People's Republ 
across the military, seeking to entice them with money to provide sensitive government 

stant Attorney General for National Security Matthew C. Olsen. "When 
wy, the defendant chose greed 
held accountable for 


t China actively target clearance holders 
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contacted by his co-conspirator, rather than reporting it to the N 
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tempted to put personal profit ahead of patriotic duty, know that we ere 
lentifying you and bringing you to j 


over protecting the national securi iow bai 


his crimes. To other: 
committed 


"Protecting our country's national security is of the utmost importance,” said Executive 
Assistant Director Larissa L. Knapp of the FBI's National Security Branch. “Zhac’s guilty plea 


sensitive military information to the Government 


an acknowledgement of the betrayal in sellin 


ina. The FBI reminds all government officials to remain vigilant in reporting 
and we remain committed to standing with our 
» threats to our national 


ial recruitment efforts by foreign acto 
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record this information. 


Zhao specifically admitted to transmitting plans for a large-scale maritime trainin 
the Pacific theatre, operational orders, and electrical diagrams and blueprints for a Ground/Air 


Task Oriented Radar system located in Okinawa, Japan. 


Zhao further admitted to using sophisticated encrypted communication methods to transmit the 
th the intelligence officer. 


and the oath he swore to 


information. des 
Zhac’s conduct violated his official duties to protect such informati 
protect the United States: 


Toying evidence and concealing his relationship w 


“Officer Zhao betrayed his country and the men and women of the U.S. Navy by accepting bribes 
from a foreign adversary.” said US. Attorney Martin Estrada for the Central District of California, 
“While he and the PRC officer he served took great pains to conceal their corrupt scheme, 

hamerul plot. Today's resolution, 


investigators wera vigilant in uncovering th 


plead guilty to all charges against him, shows thet wo will act swiftly and de 
our nation from those who seek to undermine our security" 


"The Naval Criminal Investigative Service (NCIS) would like to once again thank our partners at 
Bl and Department of Justice for their continued assistance in bringing this case to a quick 
d Acting Special Agent in Charge Angel Cruz of the NCIS Office of Special 

Projects. “The swift action by the Department of Justice in prosecuting this case should serve as 
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a warning to anyo 
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potential compromise of sensitive military information, please contact your nearest NCIS or FBI 
office 


Zhao pleaded guilty before U.S. District Judge R. Gary Klausner, Sentencing is scheduled for Jen. 
8, 2024, As a result of today’s guilty plea, Zhao f tatutory maximum penalty of 20 years 
in prison -five years for the conspiracy count and 15 years for the bribery charge. Zhao has be 
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1. INTRODUCTION AND DEFINITIONS 


"To subdue the enemy without fighting is the acme of skill."-- 

Sun Tzu, 4th century B.C. 

Psychological operations, or PSYOP, is a form of political and 
military activity that is understood and defined in a number of different 
ways. The definition upon which current peacetime U.S. PSYOP policy is 
based was established in Department of Defense Directive S-3321.1, Overt 
Psychological Operations Conducted by the Military Services in Peacetime 
and in Contingencies Short of Declared War (1984). That definition states 
that Psychological Operations are "planned political, economic, military, 
and ideological activities directed toward foreign countries, organizations, 
and individuals in order to create emotions, attitudes, understandings, 
beliefs, or behavior favorable to the achievement of U.S. political and 
I nM s. 
standard guidelines for all aspects of PSYOP (planning, programming, 
execution, control) conducted by agencies of the U.S. Department of 
Defense in non-wartime conditions. But PSYOP also includes a number 
of other activities that fall under strategic military and political policy. 
Activities of that type are defined in Joint Chiefs of Staff Publication 1 
as: "planned psychological activities in peace and war, which normally 
pursue objectives to gain the support and cooperation of friendly and 
neutral countries and to reduce the will and the capacity of hostile or 
potentially hostile countries to wage war." The latter definition reflects 
the expansion in scope that has occurred in PSYOP in the last fifty 


years. In the modern world, the scope of PSYOP is wider than ever 
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before, even though the basic concepts continue as they have existed for 
thousands of years. Reflecting this expansion, PSYOP expert Fred W. 
Walker notes, "We might consider the term persuasive communications to 
mean the same thing as psychological operations." Another expert, 
William Daugherty, prescribes an even broader field: "PSYOP is 
communication and therefore covers the entire field of human action." 
In the present political-military meaning of the term, PSYOP is a multi- 
stage process that uses a combination of non-coercive devices to gain 
influence over the actions and attitudes of a targeted group without 
resorting to the use of force. The first stage of the process is defining 
the target, the second is finding methods or agents to influence the 
target’s perception of reality, and the third is the output of the message 
through selected channels. In this process, the most critical element is 
credibility--to retain the attention of the audience, the audience must be 
convinced it is receiving information that is reliable and pertinent to its. 
interests. If the audience detects contradictions or falsehoods, credibility 
is lost--for a particular operation, and perhaps for future operations as 
well. Therefore, the cardinal motto for all PSYOP applications is "Truth 
is the best PSYOP." The advantage of using PSYOP has remained the 
same throughout its history: if an opponent's attitude can be influenced 
favorably, his physical resistance will diminish. This means that, when 
used in combination with other military or political operations, PSYOP 
acts as a force multiplier, enhancing the effect of those operations on 
the target. 

The term “psychological operations" was first used in reference to 


surrender messages (messages offering humane treatment for enemy 
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personnel ceasing to resist U.S. forces) sent to the Japanese mainland in 
. 1945. From World War I until the 1960s, "psychological warfare" was the 
umbrella term in common use. In the 1960s, it was recognized that much 
more was included in the modern concept than warfare in the 
conventional sense, so PSYOP became the umbrella term. Psychological 
warfare, or PSYWAR, remains part of the PSYOP concept. It refers to 
activity seeking to influence the attitudes and actions of hostile foreign 


groups in support of national objectives in wartime.9 


Psychological 
warfare is thus the type of psychological operation most closely 
connected with military actions: before and during engagement, to 
minimize the enemy will to fight, and afterwards, to underscore the 
impact of his losses and the hopelessness of his situation. Military 
actions themselves (the dropping of the atomic bomb, as an extreme 
example) may play a psychological role beyond their military impact, 

_ because the demonstrated ability to inflict harm has a psychological 
effect on the potential victim. 

In the twentieth century, PSYOP applications have been broadened 
by the intense ideologies and systems of mass communications that have 
supported them since World War I. Particularly since the 1930s, the 
connection of PSYOP with ideology and mass communication has made it 
a constant strategic element of international politics. Communism and 
Fascism have used PSYOP in new ways, still considered unethical by 
much of the world, and forced the opponents of their ideologies to 
rethink their PSYOP procedures accordingly. The concepts of 


“disinformation” and "active measures" have been added to the 
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international PSYOP vocabulary, and the definition of "propaganda" has 
been expanded in this process. 

Disinformation, translated from the Russian term dezinformatsiya, 
has been defined as "any government-sponsored communication in which 
deliberately misleading information is passed to targeted individuals, 
groups, or governments with the purpose of influencing foreign elite or 
public opinion." Disinformation differs from propaganda because the 
latter does not necessarily involve deceiving a target group, and because 
disinformation always has a specific foreign target. "Active measures" is 
a translation of an umbrella Soviet term, aktivnyye meropriyatiya. It has 
come into English usage because our term "covert activities" does not 
cover the enormous breadth of activities and participants included in the 
Soviet concept. In addition to using conventional covert operations, 
active measures seek to acquire influence over an opponent's attitudes 
through the media, economic leverage, front organizations, and other _ 


seemingly innocent overt agencies with covert sponsorship.9 


The goal of 
active measures can be summarized as political influence and disruption 

on an international scale, to achieve a specific result. Both 

disinformation and active measures are weapons in what Communist dogma 
sees as peacetime psychological warfare. That warfare is an extension of 
the international military goals of the Communist movement. Those 
weapons will be discussed more fully in the Soviet PSYOP section of this 
survey. Butit is important to note that these types of PSYOP have 

been added only to the Soviet arsenal. While the U.S. must respond 


effectively to them, it remains committed to the principle of truth in all 


information programs. 
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"Propaganda" is a broad term that means management of collective 
attitudes through communications and symbols, for the purpose of 
promoting or damaging a cause.8 Among its non-PSYOP applications are 
commercial advertising, political campaigning, and religious exhortation. 
(The term was invented by the Roman Catholic Church in its 
seventeenth-century campaigns against Protestantism.) But in the 
contemporary public understanding, those aspects have been over- 
shadowed by the widespread political uses of propaganda in the twentieth 
century. Although the term had become associated with untruth, 
propaganda in the PSYOP context must contain large amounts of true 
information, because of the primary requirement that the audience believe 
the message. By convention, PSYOP propaganda is divided into three 
types: white, gray, and black. White propaganda originates from a 
correctly identified source, black from a completely misidentified source; 

_the source of gray propaganda is masked by transmission through a — 
"front" agency that is nominally independent of the actual source. 
"Symbolic propaganda" uses action rather than words to produce its 
effect. The most dramatic example of symbolic propaganda was the use 
of the atomic bomb in World War II to physically demonstrate the 
hopelessness of the Japanese position. Several years later, the first 
Soviet nuclear test sent a symbolic message that had a strong 
psychological effect on the West. 

PSYOP relies heavily on correct evaluation and exploitation of the 
target’s "capacity for self-deception." What is this "capacity for self- 
deception,” and how is it exploited? Approaches differ according to 


specific conditions, because target groups vary widely. Examples of such 
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target groups are military enemies, political rivals, indigenous populations 
in guerrilla and counterinsurgency operations, and domestic populations 
whose support is needed for military or political campaigns. Every 
identifiable group, society, and nation has a unique set of needs and 
goals, as well as a uniquely shaped group psychology. The needs and 
goals may be long- or short-term, military or political, real or imaginary. 
To cite two extreme examples, the group psychology may be shared by a 
small group in a short-term, tactical situation (such as a military unit 
occupying foreign territory), or by several nations in a semi-permanent, 
strategic situation (such as a group of nations strategically located 
between two superpowers). Between those extremes are many 
combinations of needs and goals. If a psychological operation is done 
properly, the perceptions formed by the target group can be slanted in a 
particular direction without immediate challenge and actions or attitudes 

Be ccs T lle ep hel ah a aa aa ial aaea 
and expense of coercive action. Such operations are especially useful to 
groups such as guerrilla forces whose capacity for coercive action is 
limited. PSYOPs is not to be confused with military deception, which 
causes an enemy to take inappropriate action by misleading his assessment 
of positions or intentions. 

For the operating side, the immediate target is a weak point of an 
ultimate target, a place where psychological advantage can be gained and 
used as a weapon in the longer term. How would this work in the two 
examples given above? For an occupying force, the points of 
psychological vulnerability might be distance from home and prolonged 


exposure to an uncomfortable cultural environment. In such a case, if 
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the opponent's intelligence reveals discontent within the force, a 
psychological operation might use communications media to convince group 
members of the loneliness and pointlessness of their venture, and to offer 
easy surrender conditions. If such a message penetrates without effective 
challenge, it blunts the effectiveness of the occupation. This approach 
might be accompanied by terrorists acts that "emphasize" the alienation of 
the occupiers. 

In the international example, smaller nations are subjected to 
constant superpower propaganda. The Soviet Union uses overt and covert 
measures in campane to split smaller countries from the United States 
and move them toward a neutral position. In Europe such efforts exploit 
the substantial public and official desire for peace and security, doubts 
about American resolve to defend Europe, and fears of nuclear war. A 
campaign of this sort continues over many years and is woven into the 

. fabric of superpower foreign policy. EE 

In modern times nations increasingly understand the need for 
propaganda to justify their positions to both domestic and foreign 
audiences. In peacetime and in protracted war, PSYOP procedures now 
are integrated with and parallel to measures of military preparedness. 

Key factors in their success are accurate evaluation of adversary 
psychology, secrecy, and the output of information that is consistent and 
credible. 

A PSYOP application of particular current value is in insurgency 
and counterinsurgency activity in what is called "low-intensity conflict" 
(LIC). Geographically confined to the Third World, LIC PSYOP now is 


often used in confrontations of client groups of larger powers such as 
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Soviet Union, China, and the United States. Such confrontations occur 
most often in areas with weak governments, poorly developed or 
unbalanced economies, and valuable natural resources or strategic 
location.® In recent years, El Salvador, Cambodia, and Afghanistan have 
been the sites of major superpower insurgency-counterinsurgency efforts. 
The U.S. has been on both sides of such campaigns, aiding 
counterinsurgency in El Salvador and the Philippines, insurgency in 
Nicaragua and Angola. Because guerrilla warfare relies heavily on 
psychological impact to complement sheer force, successful 
eben eR must use PSYOP aitactively to defeat such campaigns. 
Victory goes to the side that best understands and exploits the 
psychology of the indigenous population that is the main source of 
support for the guerrillas. As insurgency and counterinsurgency have 
developed, important PSYOP tools are community relations programs, 
public information, and civic action programs carried out by military — .— 
personnel in the areas in dispute. Insurgency PSYOP is not limited to 
proxy confrontations between the United States and Soviet camps. The 
Ayatollah Khomeini conducted a very effective insurgency against the 
Iranian government. Exploiting religious fervor and dissatisfaction with 
the government, the exiled Khomeini smuggled large numbers of tape 
cassettes into Iran, spreading propaganda to stir revolutionary feeling 
and build a movement from an initially small number of followers.9 In 
this case, no effective counterinsurgency campaign was mounted, and the 
government fell. | 
In the contemporary world, unconventional warfare is the rule, not 


the exception. Given that fact, PSYOP has become a military tool of 
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greater importance than it was in the "classic" model. This is because 
the element of psychology is present in all forms and levels of combat, 
even when some conventional aspects of doctrine become less relevant. 
When the clear boundaries of open combat disappear and civilian 
populations become an integral part of every confrontation, PSYOP no 
longer is a specialized, sinister weapon that can be disregarded because 
it does not yield spectacular results. Proper PSYOP procedure is often a 
critical guarantee of success; solid PSYOP approaches to an indigenous 
population can hold territory with minimal expense or loss of life. But 
under such circumstances, the PSYOP weapons must be as familiar as any 
other weapon to all military personnel, because it is they who carry out 
PSYOP in their everyday contact with the population. In places such as 
El Salvador, the psychological relationship between military personnel and 
- the civilian population is a prime determinant of the government's success 
against guerrillas; in this case, U.S. advisers are training the host 
nation's forces in PSYOP applications. A key word is "integration" of 
PSYOP into the framework of conventional military doctrine. 

Another important application of PSYOP is to rally a domestic 
population behind a political or military cause. In wartime all nations, 
whatever their political system, must inspire willing sacrifice by their 
people. All U.S. war efforts, from the American Revolution to Vietnam, 
have required extensive "selling." As Korea and Vietnam showed, the 
complex psychology of a democracy is not always receptive to such 
campaigns. In such cases, targeted propaganda is the most important 
tool, but covert active measures have also been useful for totalitarian 


governments in combating uncooperative internal elements. 
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The historical examples that follow will show the variety of goals, 
methods, agents, and target groups that have been included in 
psychological operations of the past. In the sections that follow, 
discussion of past and current Soviet PSYOP will show how that nation 
has refined and expanded the entire field to meet the ideological 
requirements of the Leninist state. And discussion of United States 
PSYOP, past and present, will focus on the response to Soviet PSYOP 
campaigns from World War II to the present, in what has become the 


most massive PSYOP battle in history. 
2. | PSYOP APPLICATIONS IN HISTORY 


The Art of War, a treatise written by the Chinese military thinker 

Sun Tzu in the fourth century B.C., advocates the idea that an army of 
superior numbers can be "made not to fight." This idea was in use even _ 
before that time. An early example is the slaying of Holophernes, leader 
of an Assyrian force invading ancient Israel, by the Israelite Judith. 
Knowing that enemy troop morale depended heavily on the single figure 
of the commander, Judith gained the confidence of Holophernes, 
beheaded him, and carried the head back to her people. The symbolism 
of the missing head and the lost command figure totally demoralized the 
Assyrians, who were easily routed in spite of vastly superior numbers. 
The story appears in the apocryphal Biblical Book of Judith; its 

historical accuracy is unproven, but it remains a good example of 
assessing the enemy’s psychological weak point and using a powerful 


psychological symbol to bolster the morale of one’s own forces. 10 
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In another example, Ghengis Khan is credited with leading huge 
hordes of savage horsemen across Russia and into Europe. The size of 
his armies was exaggerated by agents planted in advance of the army and 
by rumor and other forms of propaganda. To supplement his PSYOP 
activities, Ghengis Khan also used rapid troop maneuver to confirm the 
illusion of invincible numbers. Because the Mongols created an image of 
total, barbaric domination, target groups never believed they were the 
victims of astute psychological warfare. Once the image had spread, the 
Mongols had created a permanent weakness in enemy psychology, and thus 
gained a military advantage wherever the Mongol reputation was known.' Í 

In another instance, during the American Revolution the rebels 
distributed propaganda leaflets that invited Hessian mercenaries and 
British common soldiers to desert. One such leaflet provided two short, 
contrasting lists: the negatives of life in the British Army and the 
advantages of deserting and settling permanently in America. Promises of — 
leniency and surrender passes have become a staple of battlefield PSYOP. 
In the Revolutionary War application, the direct appeal exploited the 
mentality of the occupying force, class differences between officers and 
enlisted men, and nationality differences between the British and their 
German mercenaries. Thousands of troops heeded the appeal and never 
returned to Europe. At the same time, domestic loyalist opposition was 
muffled by anti-British propaganda in the newspapers of the thirteen 
colonies. 12 

A qualitative change occurred in PSYOP about 1900, when 


communications became much faster and more inclusive. For the first 


time, entire nations could be targeted in a psychological operation by 
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print, radio, and film. These media provided direct, reliable transmission 
of propaganda messages to anyone within sight or earshot. The new 
media were first used widely in World War l; the British used them to 
spread rumors of German atrocities, including cannibalism.!? Because the 
British had already developed a more sophisticated print and 
communications system than the Germans, they mounted a propaganda 
campaign that the Germans could not overcome. The British diplomatic 
service was also more adept at public diplomacy than its German 
equivalent. The British used German propaganda ineptitude to their 
advantage by simply disseminating many undiplomatic German statements, 
without change or comment; the difference in PSYOP skill between the 
two sides was enough to make the message clear that the Germans were 
uncivilized, arrogant "Huns" (a term used by the Kaiser himself for his 
army). German morale was deflated by having bombastic public 
statements made into ammunition for the enemy. This propaganda defeat 
was an important incentive for better performance by German 
propagandists in the next war. 

Because of the expanded scale on which it was used, PSYOP is 
considered by historians as a crucial factor in the Allied victory in 
World War |. The Creel Committee, the first specialized U.S. agency for 
wartime propaganda, succeeded in building domestic support for a war 
that was not popular initially; it also was the model for later U.S. 
publicity and propaganda agencies. And the very presence of the U.S. in 
the war, after long neutrality, had great psychological as well as the 
military impact. Early in 1917, Germany began sinking all ships 


approaching Britain, in order to starve the British into surrender. The 
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Germans assumed that Britain would surrender before the U.S. could 
retaliate for its sunken ships by entering the war on Britain's side; when 
the error of this gamble became obvious, German morale fell. The 
German General Ludendorff named allied PSYOP the most important 
factor in German morale decline. 
Before and during World War Il, the Nazis used a propaganda 
machine aimed first at domestic opinion, then at world opinion. The 
basic psychological assumption of that machine was that public opinion is 
formed by symbols and images, not rational thought. If the correct 
symbols were presented with enough force, the public would follow. The 
theory worked because the audiences chosen were prone to self-deception 
about certain emotional topics. The charismatic figure of Adolph Hitler 
provided the ultimate symbol of renewed power to a nation humiliated by 
the results of World War |. The propaganda machine of Joseph Goebbels 
_ convinced Germans and many audiences elsewhere that Communists and 
Jews were the enemies; that only Fascism could provide protection from 
them; and that the advance of Fascism was both just and inevitable. 14 
The worldwide desire for peace provided a psychological weak point that 
prevented rational evaluation of these messages; British and United States 
opposition was delayed until Europe had been conquered piecemeal. By 
that stage, Germany had developed effective print and broadcast media. 
A much older form of propaganda dissemination, the mass rally, was also 
used very profitably. The Germans also made extensive use of "black 
propaganda" and subversive pro-Nazi groups and agents in occupied 


territory. 


Page 261/ of 3957 


Page 2618 of 395 


After World War Il, the Soviet Union raised peacetime PSYOP to 
new levels of sophistication as the Cold War broke out. And, as new 
international political conditions developed, tactical military PSYOP 
began to play a new role. These activities will be the subject of the 


following sections. 
3. | SOVIET PSYOP 


Like other aspects of Soviet policy, the Soviet theory of 
psychological operations is based on the teachings of Lenin. The central 
concept (which sharply differentiates Soviet from United States 
approaches to the subject) is that the Soviet Union is in a state of 
undeclared war with capitalist world--a war that will not end until world 
Communist domination is achieved. Given the magnitude of the goal, 
moral constraints have had much less influence on Soviet PSYOP than on- 
those of the United States and other countries. In the words of covert 
operations specialist Chapman Pincher, for the Soviet Union "politics is 
the continuation of war by other means."19 On the peacetime strategic 
level, politics is the main arena of Soviet PSYOP. However, this 
approach was not invented by the Bolsheviks in 1917; it was used 
sporadically for centuries by the Russian tsars in domestic and foreign 
relations, but it has been codified and intensified in the last seven 
decades. Soviet PSYOP is by far the most intensive, complex and 
consistent peacetime campaign of its type ever launched. The Soviet 
political system backs its PSYOP policy with whatever resources are 


necessary to achieve its goals. 
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Soviet PSYOP campaigns are a tightly integrated combination of 
conventional devices, influential "legitimate" institutions such as the 
diplomatic corps and the press, and covert activities. On the level of 
open propaganda, the goal is to "out-talk" the adversary, establishing 
terms of international dialogue favorable to the Soviet Union. This 
process is constant, aimed at wearing down the West and convincing 
other listeners that the Soviet position is valid. A favorite message in 
the Soviet arsenal says that it is the West that is on the psychological 
offensive: with an irisatiable ideological drive, imperialism uses all 
possible psychological means to unde the progressive development of 
other nations toward the ideal, inevitable Communist order. Furthermore, 
Dmitri Volkogonov, the leading Soviet PSYOP theoretician, says that the 
imperialist powers invented psychological warfare to maintain world 
domination. 16 Briefly stated, his view is that imperialist PSYOP seeks 
to divide the communist world, disorient its people politically, and falsely 
portray the Soviet Union as the main threat to world peace. Volkogonov 
attributes virtually all the known Soviet active measures methodology to 
the United States and its imperialist allies. To the extent that this idea 
is believed around the world, Soviet PSYOP succeeds in putting the 
debate into its terms. 

Three departments of the Soviet government supervise active 
measures and propaganda activities. The International Department of the 
Communist Party of the Soviet Union provides liaison with nonruling 
Communist parties and front organizations abroad, directs their active 
measures, and apportions responsibility for various types of activity. 


This department also suggests new measures to advance the international 
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policies of the ruling Politburo. Overall foreign policy is often affected 

by activities of the International Department (l.D.), which has no 
equivalent in Western governments. | 7 The functions of this agency 
appear to have been expanded and refined in recent years, especially 
after the abolishment of the party’s International Information Department. 
A key figure in this development was Anatoli Dobrynin, former 
Ambassador to the U.S. and head of the I.D. until late 1988. The latter 
was in charge of the overall propaganda apparatus until 1986, when that 
function was split between the 1.D. and a second major agency, the 
Propaganda Department. The latter now runs all domestic and foreign 
propaganda efforts. Its level of sophistication rose especially fast under 
Aleksandr Yakovlev, who until reassigned late in 1988 was an effective 
domestic and international spokesman for the Gorbachev reforms.'® The 
third propaganda agency is the KGB, or Committee for State Security, 
which handles espionage and disinformation activities at home and abroad. | 
The disinformation mission aims mainly at destabilizing and misleading the 
NATO alliance and Japan, while concealing actual Soviet policy aims. In 
addition to the three major agencies, the Ministry of Foreign Affairs has 
broad responsibility for the overt Soviet press and foreign cultural 
relations--which in the Soviet system are closely coordinated with less 
"legitimate" PSYOP functions. 

Although government reform has changed some of the structure of 
this system, there is evidence that even more resources are now 
allocated to PSYOP activities. History has shown that active measures 
are emphasized in times of improved relations with the West because 


targets become more vulnerable in such times. 19 
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Favorite covert devices of Soviet active measures are forged 
documents and planted media stories, surfacing in forms that erode the 
position of the ultimate target. Often, forged United States and NATO 
documents are used to show that the West is intent on aggression in 
Europe or the Third World. Active measures aim to divide the target 
group (most often NATO) by intensifying latent hostilities within it. 
Germany is a favorite target for such divisive methods because the Nazi 
past remains a psychological weak point for all of Europe. Print and 
broadcast media are nearly always used to achieve maximum dissemination 
of a message. The procedure is to identify a potentially sympathetic 
audience with political influence (for example, the leftist West German 
Green Party and the Labor Party in Great Britain), and tailor the message 
for maximum favor with that audience.2° In recent years, this tailoring 
includes maximum exposure of the terms perestroika (restructuring) and 
glasnost (openness), which for the Western audience indicate that hoped- 
for Soviet internal reforms are taking place and Cold War tension is 
easing. Debate flourishes on the actuality of those reforms, but there is 
no doubt that the terminology used to describe them has been quite 
successful in exploiting a Western psychological preoccupation. 


A variety of agencies--from individual covert agents to client 


nations--carry out Soviet psychological operations. In the Third World, 
Cuba is an especially active agent, working on Soviet operations and 
independently. A major front organization for Soviet operations is the 
Helsinki-based World Peace Council. That organization, indirectly 
controlled by the Communist Party of the Soviet Union, plays a major 


role in stirring anti-NATO feeling in Europe. Political influence 
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operations are a special type of active measure, using personal contacts 
to advance a Soviet position in foreign decisionmaking institutions. These 
contacts range from foreign figures (diplomats, journalists, scientists) to 
KGB agents "planted" in positions of influence.2! Because the Soviet 
Union is the initiator, it has been able to choose its "battlefields," where 


chances of achieving psychological influence are greatest and opponents 


can be put on the defensive. In target countries, such campaigns exploit 
weak points such as ethnic rivalries, distrust of existing social or 
government systems, and class antagonism. And active measures are 
always used in conjunction with other devices to advance Soviet foreign 
policy goals. 
A few examples of Soviet active measures will demonstrate their 
goals and methods. In 1976, a testament of Zhou En-lai surfaced in a 
prominent Japanese newspaper. The document spoke against the Cultural 
. Revolution in China and advocated closer relations with the Soviet 
Union. It had been placed by the KGB office in Tokyo.22 In another 
instance, the KGB created a pamphlet, entitled CIA Insider, purported to 
be a listing of CIA agents and press outlets all over the world. The 
pamphlet, released in Switzerland, attempted to show the pervasive CIA 
influence in the Western press; it is an example of the "upside-down" 
black propaganda ploy of attributing Soviet PSYOP methods to Western 
nations.?? And in the early I960s, a long series of items planted in the 
European press ruined the political career of Franz-Josef Strauss, a 
staunch advocate of United States armaments in West Germany. Strauss 
was painted as a warmonger seeking revenge on the Soviet Union for the 


results of World War 11.24 In another example, in 1979, Radio Ba Yi 
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began broadcasting into China from the Soviet Far East. Its positions on 
domestic, diplomatic and military issues aimed initially at discrediting 
Deng Xiaoping, who was also attacked directly by the station. The Soviet 
Union acknowledged no role in the broadcasts, which supported all Soviet 
positions and advocate closer Sino-Soviet relations.29 In the recent 


Soviet effort for better relations with China, the station was shut down. 


The Soviet Union has also found itself on the negative side of 
PSYOP activities. When it invaded Afghanistan, counterinsurgency 
efforts failed to win over the indigenous population, and the occupying 
force became demoralized by guerrilla psychological warfare. And in 1983 
the Soviet Union shot down a Korean civilian airliner, causing an uproar 
in world opinion. The Soviets tried to turn press attention "upside-down" 
by claiming that the United States had provoked the incident--but Soviet 
statements were poorly coordinated and contradictory, and they failed to 
win the battle of world opinion.2® The obvious fabrications and 
confusion in the propaganda line violated the basic principle that 
information used in PSYOP must be believable to the target group. 

Historically, Soviet active measures have had several weaknesses. 
The Soviet ideology of atheism and Communism is unattractive to many 
audiences, so it must be concealed or glossed over in many cases. Acts 
such as the Afghan invasion have eroded trust in the Soviet Union as 
defender of Third-World liberty. And many forgeries and press 
placements have been poorly executed and very obvious.2/ 

Most experts on the Soviet Union agree that in recent years the 
sophistication of Soviet propaganda and active measures has grown, and 


some of their weaknesses have been eliminated. First, the Soviet Union 


19 


Page 2623 of 3957 


Page 2624 of 3957 


now has a charismatic leader in the person of Mikhail Gorbachev. This is 


a weapon the Soviets have never had before. Gorbachev is able to send 
direct, credible messages to world leaders and use international media to 
propagate a view of the Soviet Union as a reformed, peace-loving, and 
benign nation. Like Roosevelt, he has cultivated a personal image of 
honest and moral humanity that has universal appeal. Following the 
cardinal principle of PSYOP, that all messages be based in truth, 
Gorbachev's messages utilize the actual liberalization of internal and 
external Soviet policy (highlighting such events as removal of Soviet 

tanks from Hungary and the liberation of Andrei Sakharov) to maximum 
effect in shaping the new image. Arms control proposals, slipshod and 
obviously insincere under previous regimes, now impress even Western 
skeptics with their scope and consistency. Gorbachev has also shown 
wisdom in choosing and shaping his messages to target audiences, 
alternating between firmness and conciliation. At the same time, there is 
strong evidence of continued commitment to Lenin's principle of all-out 
political war as an extension of military struggle in peacetime. A 1988 
report of the United States Information Agency lists major active- 

measures "black" programs begun after Gorbachev came to power. Among 
the messages widely disseminated by these programs: the AIDS virus was 
created in an American laboratory for germ warfare; the United States 
developed a weapon that kills only non-whites; Latin American babies are 
butchered and sold to U.S. distributors for use in medical transplants; and 
the CIA murdered Swedish Prime Minister Olaf Palme. While such 
messages have not changed substantially since earlier years, the approach 


of more subtle, "gray" programs has changed. Soviet-controlled 
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international peace groups now seek a broader appeal by softening their 
rhetoric; other Soviet-influenced groups now seek wide contact with 
Westerners, to subtly convince them that Soviet positions are just; and 
the Soviets now sponsor many international peace forums, including 
respected professional figures, to enhance their peace-loving image. All 
these efforts complement the statements and actions of Gorbachev, whose 
programs of glasnost and perestroika seem committed to greater Soviet 
openness and nonmilitary programs.28 
In summary, the Soviet Union is by far the largest practitioner of 
PSYOP in the world. PSYOP has been an integral part of its foreign 
and domestic policy since the Bolshevik Revolution. In organizational 
structure and function, Soviet psychological operations overlap the more 
conventional functions of government and diplomatic institutions. 
Because PSYOP is still viewed as another version of military struggle, 
coordination of tactical military doctrine with long-term strategic- 


international goals remains especially close and consistent. 
4. UNITED STATES PSYOP 


In the "age of communications,” all nations must find ways to 
"explain themselves" to the rest of the world, and to their domestic 
populations. The more international obligations the nation has, the more 
vital is the process of sending messages that create desirable 
psychological responses in their recipients. As described in the previous 


section, the United States faces a sustained, multilevel Soviet PSYOP 
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campaign. The campaign aims to discredit the United States and its allies 
in the view of the world and of their own populations. 

Since mass communications became a PSYOP tool, the United States 
has been involved in several wars requiring domestic and international 
justification of its position versus adversaries such as the Germans, the 
Japanese, the Koreans and Chinese, and the Viet Cong. In each conflict, 
large-scale tactical PSYOP machinery also went into motion. Generally, 
such efforts have been a response to the initiative of an opponent; 
neither strategic nor tactical PSYOP apparatus has been at adequate 
strength before the threat appeared. And since World War ll, moral and 
bureaucratic questions have interfered with coordination of PSYOP 
programs. As the definition of the word "war" becomes less clear, 
domestic perceptions of military and political goals become more 
vulnerable to psychological targeting by adversaries. This was seen most 


dramatically in Vietnam, but it also applies to current low-intensity 


conflict situations. 

In World War Il, a very effective PSYOP weapon of the United 
States was the charismatic leadership of Franklin Roosevelt, whose 
inspirational radio broadcasts were admired by Joseph Goebbels, Hitler's 
propaganda chief.29 The United States created two major agencies for 
PSYOP activities in the war: the Office of War Information (OWI, for 


domestic and foreign propaganda), and the Office of Strategic Services 


(OSS, among whose functions was direction of military PSYOP). The 
OWI consolidated a number of information agencies that existed before 
the war. Wartime urgency did not prevent friction between the two 


agencies, congressional interference, and diffusion of PSYOP and 
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propaganda decisionmaking among theater commanders of the Army and 
Navy--factors that hindered PSYOP missions in many cases.?? But the 
propaganda of the OWI was marked by careful evaluation of target 
psychology, appropriate messages, and effective delivery. For example, 
the OWI aimed surrender appeals at the psychological vulnerabilities of 
fanatical Japanese soldiers, inducing large numbers to surrender in spite 
of a military code that seemingly precluded such behavior.2° Although 
the United States PSYOP effort in World War II was somewhat 
cumbersome and disorganized, there were enough instances of such astute 
targeting to overcome the head start that the Axis powers had gained in 
propaganda.3! 
After the war, the word "propaganda" was associated in the United 
States with Fascism and Communism, the systems that had "reinvented" 
the device for their ideological advancement. The American public did 
not consider propaganda an activity to be pursued in peacetime by the 
leader of the free world. There followed a period of indecision about 
the role of PSYOP in peacetime, and most wartime PSYOP units were 
disbanded shortly after the war ended. When the Korean War began, only 
one operational psychological warfare troop unit existed. As in the 
previous war, a strong PSYOP effort was eventually mounted in Korea, 
offering mainly radio, loudspeaker, and leaflet support of conventional 
ground troops. But complaints of weak support often came from the 
PSYOP units at the front.92 The Korean War was the stimulus for 
formation in 1951 of the Office of the Chief of Psychological Warfare 
(the first centralized agency for PSYOP) and the Psychological Warfare 


Center at Fort Bragg in 1952. The former no longer exists, but the 
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latter is now the center of PSYOP training and research for all the 
Armed Forces. In 1953 the United States Information Agency (USIA) 
was created for international dissemination of information. 

In general, withdrawal from PSYOP activity after World War II was 
slowed by the realization that the Soviet Union was now a formidable 
enemy in the Cold War. This realization was based on two ideas: that 
the world does not automatically understand or approve of the United 
States; and that the Soviet Union is ready and able to exploit doubts 
about the morality and motives of the United States, in numerous overt 
and covert ways. An initial reaction to this situation was creation of 
the Central Intelligence Agency in 1946, with authority for covert 
psychological and political activities. The size and scope of this 
organization grew very fast during the Korean War.33 

Beginning about 1960, Communist expansionist doctrine has sought 
to exploit "wars of liberation" and insurgencies in areas previously under 
European colonial control. Soviet propaganda has portrayed the Soviet 
Union as defender of oppressed peoples, and the United States as an 
exploiting imperialist.94 To meet this potent psychological gambit of 
guerrilla war, U.S. PSYOP applications in influencing the Third World 
and conducting unconventional warfare have become increasingly 
important in recent years. 

How successful has the United States been in meeting postwar 
PSYOP challenges? The record has been mixed. A number of systemic 
differences prevent United States PSYOP from ever being the all- 


pervasive, centralized extension of foreign policy that it is for the 


Soviet Union. In the United States, all information cannot be officially 
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controlled; secrecy is difficult even in the most critical cases; and 
decisionmaking always involves a number of conflicting views. The Soviet 
Ministry of Foreign Affairs is mobilized for propaganda activities that the 
United States State Department could never undertake. Likewise, no 
American institution has the total control exercised by the Communist 
Party of the Soviet Union. 

The Vietnam War was the most recent large-scale PSYOP campaign 
of the United States. As in Korea, the main tactical devices were 
loudspeakers, leaflets, and radio. The Chien-Hoi (Open Arms) amnesty 
program stressed the strength of the South Vietnamese Army and the 
hopelessness of the Viet Cong position. In many respects, this massive 
effort fell short on both strategic and tactical levels: the first when 
domestic and international doubts about legitimacy were not met by 
United States official information, the second when PSYOP and military 
operations failed to complement each other, and the enemy was able to 
exploit the psychological vulnerabilities of both United States troops and 
the indigenous population of Vietnam. 

However, a number of post-Korea United States psychological 
operations have been successful. In 1965, American troops invaded the 
Dominican Republic to quell what was believed to be the first stage of a 
Castro-type revolution. During the American presence, liaison between 
military and civilian PSYOP groups was quite successful in supporting 
the military and political aims of the occupation.29 According to verbal 
reports of participants, leaflets became such a valuable source of 
information that they were eagerly purchased in the capital city of Santo 


Domingo. In the Vietnam War, the Civilian Operations and Revolutionary 
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Development Support centralized and focused counterinsurgency targeting 
of indigenous populations in some areas.°© The Joint U.S. Public Affairs 
Office (JUSPAO), founded to integrate public information and PSYOP 
functions in Vietnam, achieved a number of successes. CounterPSYOPs 
activity in Europe in the early 1980s ensured timely installation of 
intermediate-range missiles, despite an intensive Soviet psychological 
campaign to exploit European peace and antinuclear groups. And in the 
Grenada invasion of 1983, U.S. amnesty messages and rewards 
substantially reduced the opposing force. 

After Vietnam, overall budgetary support for PSYOP declined. 
Army PSYOP units in Okinawa, Panama, and Germany were disbanded. 
This left the 4th Psychological Operations Group (consisting of four 
battalions in 1988) at Ft. Bragg as the only active-duty unit in the United 
States Armed Forces with an exclusively PSYOP mission.2” A National 
Guard unit remained in the Air Force and support units remained in the 
Navy, but Ft. Bragg became the source of PSYOP support for all types 
of military operations. If medium- and high-intensity conflict should 
break out, support would come from a reserve PSYOP unit trained at Ft. 
Bragg. In peacetime, the active-duty unit builds the research base for 
future readiness, and it has the mission of PSYOP support for low- 
intensity conflicts and peacetime overt activities.99 Because the latter 
type of support has growing potential for application, a number of leading 
PSYOP authorities have agreed that United States capability needs to be 
expanded, and that PSYOP expertise should be integrated into standard 
U.S. military training. This group includes Alfred Paddock, formerly 


commander of the 4th Psychological Operations Group and director of 
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psychological operations in the Pentagon; Melvin Kriesel and Michael 

Totten, former commanders of the 4th Psychological Operations Group; 

and Sam Sarkesian, professor of political science and former chairman of 

the Inter-University Seminar on Armed Forces and Society.99 

Since the Reagan Administration put additional emphasis on 
information as one of the elements of national power, overt 
psychological operations in peacetime have been increased. These 
psychological operations have included training and advice to indigenous 
forces allied with the United States, surveys and assessments leading to 
actual operations, miscellaneous support to host nation PSYOP programs, 
and other overt PSYOP projects. Typical of PSYOP support to host 
nation programs is the long-term program created for El Salvador. One 
trainer is assigned to the U.S. military group in the capital, San Salvador, 

- to coordinate all U.S. PSYOP programs in the country. Over the years 
the U.S. PSYOP contribution has resulted in significant change not only 
in the PSYOP practices of the El Salvadoran Armed Forces, but also in 
their general approach to insurgency, including an increased respect for 
human rights. 

Programs similar to the El Salvadoran project exist worldwide, as 
established by DoD Directive S-3321.1. This directive requires every 
Unified and Specified Commander-in-Chief to conduct overt psychological 
operations in peacetime as appropriate to the military mission. 

Overt psychological operations are coordinated with the State 
Department and require Country Team approval for each operation. The 
operations are coordinated with the United States Information Agency 


(USIA) to prevent dissemination of conflicting information. DoD 
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operations attempt to fill the informational niches not filled by other 
agencies, dealing with subjects and areas of primary DoD concern but of 
secondary importance to the other information agencies. 

At the strategic level, covert psychological activities are 
centralized in the Central Intelligence Agency, the latitude of whose 
operations has varied with the degree of oversight exercised by 
Congress. Meanwhile, overt propaganda is less centralized, and it is 
isolated from covert activity. In the I980s, the United States has sought 
to bolster programs of cultural relations and positive image-making 
abroad. "Public diplomacy" has been used much more aggressively to 
correct the record about United States intentions and in 
counterattacking Soviet and Cuban propaganda. In 1983 a Special 
Planning Group was formed, including representatives from all 
government agencies having propaganda functions. The goal of this 
group was to centralize the public diplomacy effort and put forth a 
coherent, positive international image. The USIA has been instrumental 
in several specific improvements: coordinating United States explanations 
of Central American policy; ensuring INF installation in Europe; and 
increasing the budget for cultural relations and propaganda. 49 An 
interagency committee for public diplomacy, first used in the INF 
European campaign, continues low-key, behind-the-scenes coordination of 
policy statements and explanations. 

But policy agencies still lack coordination with public diplomacy 
efforts; agency roles in PSYOP are not well defined; and the United 
States has often found itself in a reactive position in international 


situations requiring PSYOP applications. Because of agency 
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compartmentalization, messages often lack the crucial element of 
credibility because they are contradictory. And, in the words of Army 
intelligence officer and scholar John Oseth, there is an "American 


"41 which insulates 


suspicion of the tools of psychological manipulation, 
American institutions from association with such activities. On the 
military side, this takes the form of suspicion toward peacetime support 
of elite, special-purpose groups, such as those that would be given 


exclusively PSYOP missions. 


A number of separate United States agencies now disseminate 
propaganda worldwide. The United States Information Agency runs the 
Voice of America and various cultural and information programs abroad. 
The Board for International Broadcasting runs Radio Free Europe and 
Radio Liberty, which broadcast into the Soviet bloc. And the Central 
Intelligence Agency continues its administration of covert PSYOP and 
counterPSYOPs activities abroad. DoD peacetime overt PSYOP activities 
have joined these groups in disseminating international information. 

Like the USIA, DoD disseminates international information only to 
foreign groups overseas. 

As a result of governmental recognition of PSYOP deficiencies, in 
1985 the Secretary of Defense promulgated a Master Plan to revitalize 
PSYOP. This plan reviewed the considerable inadequacies of PSYOP at 
that time, and recommended remedies for each item. Responsibility for 
DoD policy was given to the Under Secretary of Defense for Policy, 
which in turn created a Directorate for Psychological Operations assigned 
to the Deputy Under Secretary for Policy. This directorate was to be 


responsible for PSYOP policy and monitor response to the Master Plan. 
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The active duty PSYOP group was fully manned for the first time in 
years, and modernized equipment of all types replaced the Korean War- 
vintage radios, presses, and loudspeakers of the PSYOP units. PSYOP 
education and training were greatly improved, with a new Army functional 
area code assigned for PSYOP officers, and an enlisted military specialty 
was created. New awareness and staff training courses were created, to 
provide officers and enlisted personnel to meet a new demand for 
competent staff personnel. PSYOP staffs at all levels were created and 
strengthened, and they were moved out from under control of special 
operations staffs. The PSYOP Worldwatch Program was created, as a 
new, proactive body at the Joint Staff level, monitoring daily intelligence 
and open-source traffic for situations in which PSYOP input is 
appropriate. Similar bodies were created at the Unified and Specified 
Commands, adding a new element of proactive PSYOP to replace the 
traditional U.S. reactive posture. The Secretary of Defense assigned 
PSYOP forces to the newly created United States Special Operations 
Command, giving a four-star proponent for PSYOP and establishing a 
new support structure for Unified and Specified Command psychological 
operations across the spectrum of conflict. Heightened preparedness for 
wartime, contingency situations, low-intensity conflict, and peacetime 
operations resulted from the changes initiated from the Master Plan. By 
1989, the response to the Master Plan had so changed the PSYOP 
environment that a new plan, was needed to accommodate the progress 
made since 1985. Because of the nature of PSYOP, these peacetime 
programs provide the most realistic training for PSYOP personnel. The 


overall effect of this PSYOP renaissance has not yet been calculated, 
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but many successes in peacetime and low-intensity conflict have already 
been ascribed to it. 

In conclusion, the United States has practiced psychological 
operations in the twentieth century when such measures were a military 
or diplomatic necessity, but there has been great reluctance to organize 
and maintain units with PSYOP capability during peacetime. When the 
"rules of the game" changed after World War Il, awareness of the value 
of PSYOP gradually increased, and a number of organizations were given 
distinct functions such as covert activities and distribution of cultural 
information. But no overall, permanent coordination structure has 
appeared to maximize the PSYOP potential of each organization as 
needed, either on the tactical-military or the strategic-international level. 

On the tactical level, United States military PSYOP staffing has 
been low, and military personnel are not widely trained in the goals and 
methods of psychological operations. Writers commenting on this 
situation have pointed out that the potential requirement of United 
States PSYOP aid to counterinsurgency in the Third World seems to be 
increasing, without appropriate improvement in readiness. Although 
efforts were made periodically toward a comprehensive U.S. tactical 
PSYOP doctrine, the policy has been to approach each case individually 
after it arises, with no overall philosophical context.4 The most recent 
of those efforts, the DoD Master Plan, has focused greater attention and 


resources on the subject. 


31 


age 2635 of 3957 — 


Page 2636 of 395 


5. | CONCLUSIONS 


The time-honored principles of PSYOP retain exactly the same basic 
value as they have always had: as a force multiplier that complements 
military operations by lessening the determination of the target to resist. 
But since the days of Genghis Khan the definition of PSYOP has come to 
include a much broader range of activities and methods: from organized 
campaigns using leaflets and speakers in conventional tactical combat, to 
official statements by national leaders aimed at an international audience, 
to the everyday interaction of non-specialized military personnel with a 
host population. In spite of expanded application, the basic principles 
still apply: the message must be credible, meaning that it must be based 
in truth; it must be chosen and shaped to create a positive impression on 
the target audience; and it must be integrated into the overall military or 
political program of which it is part. 

Contemporary PSYOP is practiced by many countries and agencies, 
in many circumstances, for a variety of goals. For the Soviet Union, it 


is a standard part of foreign policy, an accepted method of achieving 


national goals. For the U.S. it retains a negative connotation, both in 
political and military usage, although its utility has been proven in many 
situations. Consistency and coordination have been missing even in U.S. 
wartime PSYOP. For other nations involved in low-intensity or 


unconventional warfare as sponsors or participants, PSYOP has become 


| an invaluable tool in gaining the support of segments of a population. 


For this reason, U.S. PSYOP support of allied nations, and effective 
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PSYOP approaches to neutral nations, has become a vital part of the 
U.S. program of protecting or influencing those countries. 

All of this occurs in a world where: the chief potential military 
opponent has a dynamic, sophisticated, multilevel PSYOP apparatus; 
conventional military operations are increasingly costly, while PSYOP 
remains relatively inexpensive; and the shadow of nuclear war puts most 
world conflicts into vague, quasimilitary forms. Under these conditions 
the psychology of conflict assumes a primary role, one that must be 


understood by every military commander. 
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on the global stage. As a relatively smaller, democratic nation vulnerable to influence 
from these prominent neighbors, Mongolia faces increasing challenges in governance. 
One of the primary challenges is maintaining Mongolian independence, which requires 
national resilience and resistance in the face of external influence. Specifically, it requires 
psychological resilience in all sectors and all layers of society as a critical component for 
comprehensive defense. Mongolian national defense policies have relied on conventional 
military forces for decades, but those policies do not include the psychological 
preparation and involvement of the Mongolian population. This thesis looks to Nordic 
countries and Taiwan for insight. Norway, Finland, and Sweden maintain a 
comprehensive defense, or “total defense," approach that systematically invests in social 
and psychological resilience. This thesis asks, How can Mongolia achieve similar levels 
of national resilience? To address this question, this research uses NATO's 
comprehensive defense model as a framework to explore lines of effort Mongolia can 
invest in to enhance social and psychological resilience across all areas of society through 
education, information, and inclusion. Furthermore, the study makes recommendations 
on how to begin implementing programs to develop Mongolia's psychological resilience 
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I. INTRODUCTION 


Conquering the world on horseback is easy; it is dismounting and 
governing that is hard. 


—Genghis Khan 


Mongolia is bordered by powerful nations that are vying for greater influence on 
the global stage. As a relatively smaller, democratic nation vulnerable to influence from 
these prominent neighboring countries, Mongolia faces increasing challenges in 
governance. One of the primary challenges is maintaining Mongolian independence, 
which requires national resilience and resistance in the face of external influence. 
Throughout history many countries have faced similar dilemmas. When faced by 
potentially threatening neighbors often smaller states will band together in alliances, but 
also seek to strengthen their internal capacity to maintain independence. Such is the 
contemporary case in Europe, where the concept of "comprehensive defense" 


underscores European efforts at resilience and resistance. 


The NATO Comprehensive Defense Handbook (CDH) defines comprehensive 
defense as “an official Government strategy, which encompasses a whole-of-society 
approach to protecting the nation against potential threats,"! the purpose of which is 
"developing the capability and willingness of all members of society to directly 
contribute to their safety, security and natural right to self-determination.”2 The core 
pillars of comprehensive defense include: social and psychological, economic and 
essential services, military, cyber, civil, and internal and border security. As part of the 
whole-of-society approach, Mongolia must pursue lines of effort within each of these 
pillars. Consistent with that overall goal, this research focuses specifically on social and 


psychological resilience. 


I NATO Special Operations Headquarters, NATO Comprehensive Defense Handbook, Vol. 1. (Shape, 
Belgium: Quartier General, 2020), 15. 


2NATO Special Operations Headquarters, 15. 
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Mongolian national defense policies have relied on conventional military forces 
for decades, but those policies do not include the psychological preparation and 
involvement of the Mongolian population. Smaller nations in other parts of the world 
face similar challenges and in response have invested in comprehensive defense efforts. 
Nordic countries and Taiwan in particular offer important insights that might be useful 
for Mongolia. Nordic states’ (Norway, Finland, and Sweden) comprehensive defense or 
"total defense" approach systematically invests in social and psychological resilience. 
Psychological resilience involves “developing and maintaining the will, resolve, and 
determination to overcome a national crisis and defend the nation ... [as] an element of 
national pride and mutual respect which contributes to the strength and commitment to 
overcome a crisis and the faith that it will be overcome."? Nordic countries have seen 
success in this domain. For example, in a Gallup Poll in 2015, 74% of Finns said they 
would fight for their country, which was the highest percentage in Europe.^ Moreover, 
according to a 2018 annual opinion poll, the most recent, by the non-governmental 
organization (NGO) “People and Defence," 81% of Norwegians support a military 
defense in the event of an attack, 79% want to retain conscription, and 72% are willing to 


participate in defense to the extent that they are capable.? 


How could Mongolia achieve similar levels of national resilience? To examine 
this question, this research uses NATO's comprehensive defense model as a framework 
to explore lines of effort Mongolia can invest in to enhance social and psychological 
resilience across all areas of society through three lines of effort: (1) education, (2) 
information, and (3) inclusion. This research is focused on national defense, but it is by 
no means designed to only inform the Mongolian Ministry of Defense (MOD). 


Successful comprehensive defense planning requires a whole of government approach, 


3 Otto Fiala, Resistance Operating Concept, 1st ed. (Stockholm, Sweden: Swedish Defence 
University, 2019), 3. 

4 “WIN/Gallup International’s Global Survey Shows Three in Five Willing to Fight for Their 
Country," Center for Public and Political Studies, May 7, 2015, https://www. gallup- 
international.bg/en/33483/win-gallup-internationals-global-survey-shows-three-in-five-willing-to-fight-for- 
their-country/. 

5 James Kenneth Wither, *Back to the Future? Nordic Total Defense Concepts," Defense Studies 20, 
no. | (January 2020): 67, https://www.tandfonline.com/doi/full/10.1080/14702436.2020.1718498. 
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one that requires an MOD involvement, but can only succeed if all elements of 


Mongolian governmental and civil society are involved. 
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II. THE LITERATURE REVIEW AND APPROACH 


One must learn by doing the thing, for though you think you know it, you 
have no certainty until you try. 


— Sophocles, 400 B.C. 


A. BRIEF OVERVIEW OF THE LITERATURE AND SIMILAR CASES 


Historically, small nations have struggled to deter and resist aggressive 
superpowers. However, sometimes the weak and small have defeated the strong and 
large. Ivan Arreguín-Toft, a U.S. Army electronic warfare and signals intelligence 
veteran and University of Chicago PhD, argues that when large states attack with a 
"direct strategic approach and small states defend with an indirect strategy such as 
preplanned resistance, the weaker actor tends to win."6 Defending against superpower 
nations like Russia and China, however, small nations would be likely to repeat the 
outcome of the Russia-Georgia War in 2008, which seemed to demonstrate that a minor 
country cannot stand up to a superpower in a conventional war. “The defeat of the 
Georgian Armed Forces, fighting alone against the superior Russian military, was a 
warning signal to other small nations, not just in eastern Europe, but around the world." 
Arreguin-Toft would argue that Georgia lost because it attempted to fight the superior 
Russian force with conventional military means: a “direct approach." It might have fared 


better by taking an “indirect approach" that would have included guerrilla warfare. 


In the article *The August 2008 War in Georgia: From Ethnic Conflict to Border 
Wars," Vicken Cheterian identifies that “Great powers’ military and economic interests 
did not always work together with the UN [United Nations] and OSCE [Organization for 


Security and Cooperation in Europe] diplomatic solutions."8 Cheterian illuminates three 


6 Ivan Arregun-Toft, “How the Weak Win Wars: A Theory of Asymmetric Conflict" International 
Security, Vol. 26, No. 1 (Summer 2001), 105. 
7 Bayasgalan Lkhagvasuren, “Book Review: Resistance Operating Concept,” Small Wars Journal 
(June 2021), https://smallwarsjournal.com/jrnl/art/book-review-resistance-operating-concept. 
8 Vicken Cheterian, “The August 2008 War in Georgia: From Ethnic Conflict to Border Wars,” 
Central Asian Survey (July 2009): 165, https://doi.org/10.1080/02634930903056768. 
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things those small nations need to understand in the modern world. These include (1) 
never provoke superpowers in a conventional way; (2) never depend on external 
supports; and (3) without civilian support “total defense" will be useless. Margus Kuul, 
of the Estonian Defense Force, establishes that “a strategy which combines civil 
resistance strategy and unconventional military action can be an effective component of a 
total defense capacity."? This means not only that Mongolian military personnel need to 
learn comprehensive defense policies, but the strategic decision-makers also need to 


understand the “total defense" concept and its key factors. 


Since 2018, two important documents on irregular warfare have been published 
that highlight the need for improved understanding of comprehensive defense or total 
defense strategies as a means of national deterrence. The first 1s the Resistance Operating 
Concept (ROC) published by the Swedish Defense University.!0 The ROC is important 
to Mongolian comprehensive defense strategies because it serves as a master text for a 
whole-of-government approach to national self-defense. The second document is the 
NATO Comprehensive Defense Handbook, mentioned earlier!! Volumes I and II of 
NATO's CDH are also important to understanding and developing comprehensive 
defense strategies. The CDH recommends a whole-of-society comprehensive defense and 
deterrence approach to small nations, and it contains a full training spectrum for 
asymmetric defense components. Both volumes create greater awareness about 
psychological resilience concepts and implementation of the key tenets of preparing for 


comprehensive defense. 


The literature used for this research on psychological resilience as a 
comprehensive defense focuses not only on the ROC and NATO handbook, but also on 
related case studies about psychological resilience in the policies of Nordic states and 
Taiwan. With the exception of Denmark, the Nordic states (Norway, Finland, and 


Sweden) and Taiwan maintain conscription of their personnel , as does Mongolia. One of 


9 Margus Kuul, “Civil Resistance: An Essential Element of a Total Defense Strategy” (master's thesis, 
Naval Postgraduate School, 2014), 106, https://calhoun.nps.edu/handle/10945/42667. 


10 f iala, Resistance Operating Concept, 13. 
11 NATO Special Operations Headquarters, NATO Comprehensive Defense Handbook, 3. 
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the significant advantages of conscription is that it guarantees an adequate number of 
reserves in the military. Also, it boosts the national pride of most citizens. The Nordic 
states have incorporated psychological resilience into their strategy since 2014, and they 
are disclosing their national best practices with NATO countries. In terms of 
psychological resilience, the Finnish government defines it as "the ability of individuals, 
communities, society and the nation to withstand the pressures arising from crisis 
situations and to recover from their impacts.”!2 This definition has demonstrated that 
Finnish national defense policies consider psychological resilience a crucial element. 
Finnish people believe “their country's strong public education system, long history of 
balancing Russia, and a comprehensive government strategy allow it to deflect 
coordinated propaganda and disinformation."!? Meanwhile, the Sweden Defense 
Commission has proposed an "inquiry into psychological defence against propaganda and 


disinformation and distributed an information pamphlet to all households.” !4 


In addition to the European countries discussed, Israel, Singapore, and Taiwan are 
practicing comprehensive defense policies successfully. The Republic of China (Taiwan), 
which is considered a nation, often depends on economic trade and shares (maritime) 
borders with the People's Republic of China (PRC), just as Mongolia does in East Asia. 
Beijing has been practicing economic sanctions in the last years in order to influence the 
Taiwanese government and business sectors. But Taiwan shows a positive example of 
social resilience on this matter. President Tsai Ing-wen's diversification strategy and 
alternative investment options for the economy resulted in “the general public becoming 
more aware of the downsides of dependence on bilateral trade and cautionary sentiment 


towards China's assertiveness.” 15 


12 Yhteiskunnan Turvallisuus, Security Strategy for Society, Finnish Government Resolution 
(Helsinki, Finland: The Security Committee, November 2017), 22. https://turvallisuuskomitea.fi/wp- 
content/uploads/2018/04/YTS 2017 english.pdf. 

15 Reid Standish, *Why Is Finland Able to Fend off Putin's Information War?," Foreign Policy 
(March 2017), https://foreignpolicy.com/2017/03/01/why-is-finland-able-to-fend-off-putins-information- 
war/. 

14 Wither, “Back to the Future? Nordic Total Defense Concepts," 66. 

15 Christina Lai, “More than Carrots and Sticks: Economic Statecraft and Coercion in China- Taiwan 
Relations from 2000 to 2019," Politics (February 2021): 12, https://doi.org/10.1177/0263395720962654. 
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B. APPROACH 


Most Mongolian national defense documents primarily focus on physical 
resilience; therefore, further research is needed to examine how small states can prepare 
and train their civil societies for psychological resilience as a pillar for a whole-of-society 
defense. While decision makers enhance Mongolian defense forces' readiness, they fail 
to persuade the Mongolian private and civilian sectors to participate as a component of 
asymmetric warfare. Namely, the existing defense strategy omits the potential for 
participation by civilian sectors as a practical strategic alternative that could strengthen 


Mongolian deterrence capacity. 


To fill these gaps, thesis explores how CDH would look in the development of the 
Mongolian psychological resilience. The study therefore focuses on three lines of effort: 
(1) education, (2) information, and (3) inclusion. First, this thesis identifies education 
programs promoting the whole-of-society approach to the Mongolian population, 
including the public, private, and civilian sectors for enhancing their resilience 
capabilities. Second, the research explores information programs (e.g., digital literacy) 
that help ensure society is accurately informed about current conditions or trends that 
may affect national safety or security. This is a critical problem. According to January 
2021 estimates, there are 2.60 million social media users in Mongolia.!6 Linda Sanchez, 
U.S. special rapporteur to NATO's Committee on Democracy and Security, highlights 
that “disinformation and propaganda contribute to heightening the polarization of 
societies and increasing dissatisfaction with democracy." 17 Many Mongolians understand 
that disinformation and propaganda are used and yet citizens receive and believe widely 
disseminated false and misleading narratives from domestic and external ill-intentioned 
actors. For instance, the people who have no basic facts about internet security are 
targeted by cybercriminal groups. According to local security authorities, “Police in the 


Mongolian capital of Ulaanbaatar have apprehended 800 Chinese citizens and confiscated 


16 Simon Kemp, “Digital 2021: Mongolia," Datareportal, accessed October 17, 2021, 
https://datareportal.com/reports/digital-202 1 -mongolia. 


17 Linda Sanchez, Bolstering the Democracy Resilience of the Alliance Against Disinformation and 
Propaganda," Preliminary Draft Special Report to NATO Committee on the Civil Dimension of Security 
(Brussels, Belgium: NATO Parliamentary Assembly, March 2021), 1. 
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hundreds of computers and mobile phone SIM cards as part of an investigation into a 
cybercrime ring."18 Therefore, this thesis further identifies the Mongolian population's 
social media vulnerabilities, including existing political debates and social grievances, 
and external threats facing the nation (e.g. weaponized information and other 
psychological tools used to influence Mongolia). Understanding the information 
environment in Mongolia will inform ways for developing an underlying social 
resilience. Third, this thesis examines ways Mongolia can foster inclusion across all 
sectors of society. Inclusion, or group belongingness, is “a fundamental human” !° need, 
and satisfying this need as a valued Mongolian citizen has benefits beyond fulfilling the 
individual's need to belong—it also strengthens the group itself by creating members that 
“strongly identify with the group's values and goals."20 Many initiatives that promote 
societal inclusion overlap with the education and information lines of effort (e.g., 
bridging the digital divide; teaching Mongolian language, history, and traditions), but 
research suggests some additional avenues. Some of these include “inclusive leadership 
styles"?! and the use of national narratives that promote unity and strength. Arie 
Kruglanski, distinguished social psychology professor at the University of Maryland, 
College Park, suggests governments should create opportunities for citizens to pursue 
"significance-bestowing occupations" and "create organizations such as the Peace Corps 
and Doctors Without Borders that take advantage of young people's desire to be idealistic 


and to do something for their country." 22 


Finally, this thesis emphasizes the role of partner nations in supporting Mongolian 
national psychological resilience and future recommendations for Mongolians on 


psychological resilience. To this end, in recent years the Mongolian government has been 


18 *Mongolia Arrests 800 Chinese Citizens in Cybercrime Probe," Reuters, 2019, 
https://www.reuters.com/article/us-mongolia-crime-china-idUSKBN 1 XAONW. 


19 Roy. F. Baumeister and Mark. R. Leary, “The Need to Belong: Desire for Interpersonal 
Attachments as a Fundamental Human Motivation,” Psychological Bulletin 117, no. 3 (1995): 497. 

20H. Tajfel and J.C. Turner, The Social Identity Theory of Intergroup Behavior, Political Psychology: 
Key Readings (Chicago: Hall Publishers, 1986), 14. 


21 Lynn M. Shore and Beth G. Chung, “Inclusive Leadership: How Leaders Sustain or Discourage 
Work Group Inclusion,” SAGE Publishing (May 2021), DOI: 10.1177/1059601121999580. 


22 Zara Greenbaum, “5 Questions for Arie W. Kruglanski,” American Psychological Association, 
April 2018, www.apa.org/monitor/2019/04/conversation-kruglanski#. 
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* 


pursuing what is known as the “Third Neighbor Policy." This multi-lateral approach 


seeks to build effective ties with actors in states that do not physically border on 


Mongolia. It is believed that doing so will help further stabilize Mongolia. 


10 
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III. EDUCATION 


Education is the basic tool for the development of consciousness and the 
reconstitution of society. 


—Mahatma Gandhi 


According to the NATO handbook, "national resilience begins with the 
individual.”23 Therefore, enhancing individual resilience is one of the challenging 
objectives for any country regarding comprehensive defense policies. Mongolian defense 
law declares “the basis of Mongolian defense policy is based on participation of 
government entities and all citizens.”24 Also, the law itself describes the Government of 
Mongolia as being tasked to train all citizens, as well as government entities, and non- 
governmental agencies to defend the nation. In this way, the existing defense policy is 
remarkably conventionally militarized, and the law does not include a psychological 
defense policy or stipulation for programs against disinformation, misinformation, fake 


news, and propaganda.2> 


This vulnerability is not without consequence. Indeed, Mongolia has been a 
"testing space" for misinformation and disinformation for other nations. According to an 
article in Poynter, Battsetseg Enkhtaivan, lead fact-checker of the Mongolian Fact- 
Checking Center, and her family encountered misinformation stating that *COVID-19 
vaccines were just experimental Chinese treatments being tested on Mongolians without 
proper safety checks."26 After hearing that misinformation her mother and sisters refused 
to get vaccinated, and they got sick with COVID-19. The article goes further by 


explaining that although “the practice and impacts of misinformation are not new to 


23 NATO Special Operations Headquarters, 25. 

24 «Barran xawraazax Tyxaii" Monro Ysicprn xyyrr, [Defense Law], The State Great Khural - 
Parliament of Mongolia, October 06, 2016, https://legalinfo.mn/mn/detail/12122. 

25 Sanchez, Bolstering the Democracy Resilience of the Alliance Against Disinformation and 
Propaganda, 2. 


26 Harrison Mantas, “The Mongolian Fact Checking Center Fights Misinformation in a Country where 
the Word Doesn't Exist,” Poynter, August 2021, https://www.poynter.org/fact-checking/202 1 /the- 
mongolian-fact-check-center-fights-misinformation-in-a-country-where-the-word-doesnt-exist/. 
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Mongolia, the concept can be difficult to translate for everyday people.”27 It is just one 
of the latest examples of misinformation in Mongolia, and it demonstrates that 
Mongolian social resilience has not fully developed. Part of the solution requires digital 


literacy education across all sectors of society. 


Just as the NATO CDH outlined that the relevant learning audiences are divided 
into four groups, this thesis also proposes four groups of audiences within Mongolia: 1) 
youth; 2) government entities; 3) private and civic sectors; and 4) military and law 


enforcement agencies. These audience groups are described in the following sections. 


A. YOUTH 


The Mongolian population trends younger. As of 2019, "the proportion of 
children, adolescents and young adults was 35 percent.”2° As the future of Mongolia, the 
youth's social and psychological resilience education is a crucial part of comprehensive 
defense policy. Research suggests “Mongolian youth spend an average of 5-6 hours 
every day on social media,”2? making them especially vulnerable to misinformation and 


disinformation. Therefore, investing in digital literacy programs is key. 


Like other successful digital literacy efforts, it is critical to educate youth "to 
explore digital safety, digital privacy, digital presence, online communication.” 30 
Notably, Finland and Taiwan have focused on media literacy for youth, and the primary 
education system in those countries includes relevant training on media literacy. These 
efforts include the Taiwanese Curriculum Guidelines of 12-Year Basic Education (since 
2014), which teaches students “to effectively use technology, information, and media of 
all types, develop competencies related to ethics and media literacy, and develop the 


ability to analyze, speculate about, and criticize human's relationships with technology, 


27 Mantas, *The Mongolian Fact Checking Center." 

28 «youth in Mongolia,” Amicus Travel (blog), August 13, 2019, 
https://www.amicusmongolia.com/youth-in-mongolia.html. 

29 “Commas merna xapa3rz»» Monroy,” [Social media usage in Mongolia], Digital and Inbound 
Marketing Agency, January 2020, https://dima.mn/2020/01/14/comma3-Me;ma-x»par29-MonroJuv 


30 “Digital Literacy Essentials," Boys & Girls Clubs of America, accessed November 16, 2021. 
https://www.bgca.org/programs/education/digital-literacy-essentials. 
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information, and media.”3! In a 2019 study of Europe, Finland ranked first in media 
literacy.?? Mongolian primary schools, and even more importantly, Mongolian 
universities and colleges did not have this kind of program in their curriculums until most 
recently. Hence, many youths have become victims of misinformation and crimes on 
social media due to a lack of media literacy educations. 


Out of necessity, the Mongolian National Police has conducted a nationwide 


€ 


campaign called the “unfriend” movement on Facebook to protect teenagers from 
cybercrimes and abuses. As a result, parents strengthened control over children's use of 
social media, and the campaign urged social media users to prevent potential risks. Thus, 
it is considered an effective campaign oriented not only to improving teenagers' media 
literacy but also that of most Mongolians who have now obtained basic knowledge about 


the risks associated with social media platforms. 


Mongolian youth are the driving force of next generation; thus, they should have 
comprehensive and solid education on psychological resilience. To start with, media 
literacy education should begin in secondary schools for teens and those education 
programs can be designed and delivered in conjunction with expert NGOs. For example, 
the Mongolian Fact-Checking Center could cooperate with schools and expand their 
practice across Mongolia. What is more, the governmental and non-governmental 
organizations can engage with teenagers in boy scouts, sport communities, clubs for life 
skills, science and health associations, and book clubs regarding how to spot fake news 
on social media platforms. For instance, Lut-Ochir Vanganjil is an active member of the 
National Network for Media and Information Literacy in Mongolia and is enthusiastic 
about sharing the critical use of media and information among children and youths. 
"Together with his colleagues and fellow members of the national network, Lutaa 
produced and disseminated 17 video tutorials in 2020, to provide knowledge on essential 


topics related to access to information, critical and responsible use of information, as well 


31 Ministry of Education, “Curriculum Guidelines of 12-Year Basic Education” (official government 
training curriculum, Taipei, November 2014), 8. 
32 Open Society Institute Sofia, “Finding of the Media Literacy Index 2019: Just Think about It,” 
November 2019, https://osis.bg/?p=3356&lang=en. 
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as evaluation of information.”33 His initiative was supported by UNESCO and made 


significant progress in the last two years in Mongolia. 


In addition, the Ministry of Education and Science, the Communications and 
Information Technology Authority (CITA), and ‘Faro Foundation Mongolia’ (an NGO) 
agreed to jointly organize in collaboration with Facebook a series of webinars, training, 
and content on digital literacy, and involve 10,000 people in 2021. The program is 
labeled “We Think Digital Mongolia” and “aims to teach people how to navigate their 
privileges and obligations in today’s evolving digital space, how they should decipher 
and share information online, and most importantly, how they should interact with other 


people in online communities."54 


B. GOVERNMENT ENTITIES 


The Government of Mongolia’s five-year mission to build a digital nation is 
worth noting. A digital nation’s mission objectives are to enhance the information 
technology (IT) industry and digital literacy, as well as highlight personal data protection 
and cybersecurity issues. For instance, “to support the Government of Mongolia’s 
commitment to become a digital nation, the Accelerator Lab is working with the 
Communication and Information Technology Authority to develop a National Program 
on supporting the digital skills and education.”3> Nevertheless, this program “focuses on 
specific activities to improve the digital access, fill in the digital literacy gaps of the 
vulnerable groups including people with disabilities, elderly, rural and low-income 


households”, >° it’s a good start. 


At present, the Government of Mongolia does not have an agency or organization 


to address damaging misinformation or disinformation such as the Taiwanese 


33 “TL utaa’s Journey for Media and Information Literacy in Mongolia,” UNESCO, May 2021. 
https://en.unesco.org/news/lutaas-journey-media-and-information-literacy-mongolia. 

34 “Facebook Launches ‘We Think’ Digital Program in Mongolia to Cultivate Responsible Digital 
Citizens,” News.mn, April 2021, https://news.mn/en/795665/. 


35 “Bridging the Digital Divide in Mongolia,’ UNDP Mongolia’s Accelerator Lat Team, April 2021, 
https://www.mn.undp.org/content/mongolia/en/home/blog/202 I /bridging-the-digital-divide-in- 
mongolia.html. 

36 "Bridging the Digital Divide in Mongolia." 
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Disinformation Coordination Team, whose mission “includes drafting policies, 
interacting with major social media platforms, and leading interagency discussion such as 
the Ministry of Justice, the Ministry of Education, the Ministry of Interior, the National 
Communication Commission, to name a few."?7 Dulamkhorloo Baatar, founder and 
editor-in-chief of the Mongolian Fact-Checking Center has mentioned that “we don’t 
have a Mongolian word for (misinformation), and when you mistranslate that, it has a 


negative impact on the awareness-raising we're trying to do.”38 


The Government of Mongolia is establishing the Ministry of Cyber and Cyber 
Academia in Mongolia in 2022 to educate and train personnel of the national agencies 
and civic organizations as well as citizens. That effort is needed to bolster agencies' 
interoperability, especially for the subject of social resilience. This challenging effort is 
made even more difficult by a disengagement between the experts and policymakers who 
develop nationwide projects and programs. According to the study "Assessing E- 
Resilience in Kazakhstan, Kyrgyzstan and Mongolia," “in the case of Mongolia, 
expanded investments and support for fixed broadband may be required to achieve 
advanced e-resilience and e-readiness of terrestrial networks.”39 The assessment goes 
further by suggesting “policymakers can consider the following factors: policy regime; 
regulatory framework; regular trainings for experts; national projects; funding system; 
and public events or campaign.”49 Compared with other government entities of 
Mongolia, the Ministry of Defense and the Ministry of Justice and Interior Affairs pay 
more attention to national and social resilience nationwide. Thus, those two ministries 
might be good choices to lead social resilience education programs, along with other 
government agencies in Mongolia. As the NATO CDH emphasized, “education programs 


are not intended to simply inform decisions or encourage support, but instead to impart 


37 Shih-Shiuan Kao, Taiwan’s Response to Disinformation: A Model for Coordination to Counter a 
Complicated Threat, NBR Special Report no. 93 (Washington, DC: The National Bureau of Asian 
Research, September 2021), 5. 

38 Mantas, “The Mongolian Fact Checking Center.” 

39 Aida Karashanova and Elena Dyaknova, “Assessing E-Resilience in Kazakhstan, Kyrgyzstan and 
Mongolia,” (Working paper, Asia-Pacific Information Superhighway Series no. 03, 2021), 20. 


40 Karashanova and Dyaknova, “Assessing E-Resilience in Kazakhstan, Kyrgyzstan and Mongolia,” 
27. 
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knowledge that stakeholders can translate into tangible skills and action."4! Furthermore, 
education programs can take the form of situation-based table-top exercises, open 
seminars with foreign experts, and subject-matter expert exchange programs with other 
nations. Table-top exercises may sound like a military method, but exercises can be one 
of the efficient educational program formats for civilian participants who do not already 
have national level resilience. “Table-top exercises are discussion-based sessions where 
team members meet in an informal, classroom setting to discuss their roles during an 
emergency and their responses to a particular emergency situation.”42 Also, those 
exercises are low-cost but highly effective for assessing emergency plans, responses, and 
more importantly, clarifying roles and responsibilities for other civilian government 
entities. For example, “Gobi Wolf,” the disaster management table-top exercise, is 
“aimed at enhancing abilities to respond and recover from emergency situations, disasters 
and hazards that occur in Mongolia, training corresponding disaster and emergency 
personnel and sharing experiences with experts of other countries."4? The main purpose 
of this exercise was a wider understanding of the concept of crisis management by all 


agencies and organizations across all levels of government. 


C. PRIVATE AND CIVIC SECTORS 


As the NATO's CDH stressed, “achieving military and civil preparedness in 
comprehensive defense requires close collaboration across all sectors of society.”44 
Furthermore, *the majority of the population is contained in the two non-governmental 
categories, the private and civic sectors, sometimes referred to as the 98% of society."45 
After the Warsaw Summit of 2016, NATO member states decided “civil preparedness is 


a central pillar of Allies’ resilience and a critical enabler for Alliance collective 


4l NATO Comprehensive Defense Handbook, 27. 
42 “Exercises,” Ready, last updated October 12, 2021, https://www.ready.gov/exercises. 


43 *Mongolia-U.S. Joint Disaster Management Exercise ‘Gobi Wolf-2019’ Underway,” Montsame, 
September 16, 2019, https://montsame.mn/en/read/20077. 


44 NATO Special Operations Headquarters, 20. 


45 NATO Special Operations Headquarters, 11. 
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defense."46 Accordingly, NATO military forces count on civilian assets such as 
transportation and communications in peacetime and crises situations. Those actions will 
strengthen collaboration between civil-military and civic-government relationships. 
Although Mongolia is not a member of NATO, civil preparedness is the main contributor 
in matters of national resilience even in non-member countries. In this regard, “a renewed 
effort to broaden and strengthen pro-democratic values and civic education through a 


range of educational and other civil society organizations is necessary." 47 


The government's effort to strengthen social resilience across the nation has 
mostly failed the emerging civic-government partnership. On top of that, institutionalized 
collaboration among the government entities, civic organizations, and the private sector is 
not fully functional in Mongolia. Compared to other countries, the inadequate civic- 
government partnership was exposed more than ever during the COVID-19 pandemic in 
Mongolia. As a result, some civilian NGOs refused to support the government 
enforcement of vaccinations, and similarly, many private companies went out of business 
due to the lack of government support for them. In general, the Government of Mongolia 


is losing the trust of people in all sectors. 


It should be emphasized that educating every member of society for whole-of- 
society defense policies in democratic countries is often difficult to accomplish. More 
precisely, “with the exception of conscription, members of the private and civic sectors 
cannot be compelled to participate in defense training beyond that which is included in 
the nation's public education curriculum or laws governing business.”48 Under such 
conditions, it is important to consider using all possible education delivery programs to 
reach the civic and private sectors. In fact, “the civic sector will decide what course the 


nation follow";4? thus, “they can communicate their position explicitly, through various 


46 “Warsaw Summit Communiqué," NATO, July 2016, 
https://www.nato.int/cps/en/natohq/official texts 133169.htm. 


47 J.D. Maddox, Casi Gentzel, and Adela Levis, Toward a Whole-of-Society Framework for 
Countering Disinformation (New York: Modern War Institute at West Point, October 2021), 
https://mwi.usma.edu/toward-a-whole-of-society-framework-for-countering-disinformation/. 


48 NATO Special Operations Headquarters, NATO Comprehensive Defense Handbook, 51. 
49 NATO Special Operations Headquarters, 102. 
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formal mechanisms, or implicitly by demonstrating disinterest."50 Consequently, a strong 


partnership with the civic sector is a key factor in building psychological resilience. 


A “civic-government partnership" could be designed for social resilience as 
follows. First, enhance or promote civic sectors nationwide, including NGOs such as 
Mongolian Fact-Checking Center (MFC). Even though the Government of Mongolia 
cannot afford to provide this kind of support and promotion of policies for civic 
organizations at this moment, it can be one of the areas for collaboration between the 
government and civic sectors in coming years. For instance, the Communication and 
Information Technology Authority (CITA) is the regulatory agency of the Government of 
Mongolia, and the organization itself can enhance and promote any digital literacy 
education programs in the civic sector. More specifically, CITA can support Mongolian 
Fact-Checking Center activities on behalf of the government and help expand their 
practice across the country. According to the MFC, they “train some of Mongolia’s 500 
media organizations in basic fact-checking”>! by themselves, and if CITA supports it, 
those numbers could be doubled. In addition, International Fact-Checking Network 
certification will enable MFC to team up with social media platforms such as Facebook 
and Twitter so MFC could work as a bridge between the government and those social 
media platforms. Nevertheless, collaboration with social media platforms has limitations, 
and it requires a certain degree of cooperation. According to experts, the Taiwanese Fact- 
Checking Center is regarded as a pioneer center among other nations. Dr. Yuan-Hui Hu, 
one of its founders, describes is purpose in these terms: “we are not asking a platform to 
act as the ‘arbiter of truth’ who ‘controls the content of speech’ but rather to be a “basic 


online garbage janitor’ who cleans up harmful contents.” 52 


Taking everything into consideration, if the government takes steps to enhance 
and promote the private and civic sectors, it does not mean they work as the 


government's mouthpiece. In terms of enhancing and promoting the civic sector, the 


50 NATO Special Operations Headquarters, 102. 
51 Mantas, “The Mongolian Fact Checking Center.” 


52 Kao, “Taiwan’s Response to Disinformation: A Model for Coordination to Counter a Complicated 
Threat,” 15. 
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government would make certain decisions/policies to promote the civic sector and 
support it in all means, while the civic sector maintains its distance from the government 
and works independent of the government. For instance, the Mongolian NGO law 
promulgated in 1997 defined NGOs as “not-for-profit, self-governing organizations 
operating independently from the state and established voluntarily by citizens or by legal 
persons other than state legislative, executive, and judicial bodies, on the basis of their 
individual or social interests and opinions.”>3 This law focuses on the legal status and the 
activities of NGOs. But the law itself does not include government support for and 
cooperation with NGOs. Hence, Mongolian laws and policies regarding the civic and 
private sectors need to be updated and streamlined, but not at the expense of ensuring the 


essential freedoms of assembly and open expression. 


Second, the government needs to design and promote intensive educational 
programs on social resilience for NGOs, clubs, civic groups, and private companies. 
Those programs must focus nationwide, with particular attention on emerging civil 
societies and private companies and must be conducted by either governmental (such as 
CITA) or non-governmental organizations (for instance, the MFC). There have been 
many civil society organizations such as NGOs, clubs, and community groups in 
Mongolia, not all of them have worked actively. For example, the most well-known and 
active NGOs are the Mongolian Youth Federation, the Mongolian Women’s Federation, 
the Mongolian Elders Association, the Mongolian National Federation of Disabled 
People’s Organizations, and the Mongolian National Olympic Committee, etc. In general, 
those NGOs have higher capital, human resources, and also have networks of offices 
nationwide. Therefore, intensive educational programs need to develop and adjust with 
those civic organizations. When it comes to the private sector, the economy of Mongolia 
is attached to agriculture, mining, and construction. Therefore, these areas are considered 
as the most prominent and influential among other private industries. In fact, “opinions 


and interests will vary widely among members of the private sectors.”>4 So, social 


53 “Tepnity 6yc Oaiiryynnarbin ryxait" Monroi V;tcbrn xyysb, [Non-Governmental Organization 
Law], The State Great Khural - Parliament of Mongolia, January 31, 1997, 
https://legalinfo.mn/mn/detail/494. 

54 NATO Special Operations Headquarters, NATO Comprehensive Defense Handbook, 103. 
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resilience education "cannot be tailored to every company, or even every type of 
company, but as many interests as possible should be accounted for when seeking 
support."55 Finally, education programs for the civic and private sectors are most 
important because “the social and psychological pillar within the comprehensive defense 


framework further reinforces social harmony and civic responsibility."56 


D. MILITARY AND LAW ENFORCEMENT AGENCIES 


While the Armed Forces of Mongolia enhances defense force readiness, it fails to 
deal with unconventional or hybrid warfare from external sources, namely in the 
information and cyber domain. The Government of Mongolia has passed the bill for the 
establishment of Cyber and Special Forces Command in 2020, through which the Cyber 
command would deal with all kinds of cyber issues including disinformation and 
misinformation. But the command is only dedicated to Armed Forces (conventional and 
special forces) service members. Therefore, psychological resilience education programs 
can be situation-based table-top exercises, open seminars that involve other law 
enforcement agencies such as Border troops, the National Emergency Management 
Agency (NEMA), National Police and Intelligence services, and subject-matter expert 
exchange programs with other nations. Compared to civilians, uniformed service 
members have established many regulations, norms, and codes of conduct related to 
social media or information exchange in the digital domain. Consequently, their 
education programs should focus more on security awareness regarding disinformation, 


weaponized information, subjects of cyber and operation security. 


55 NATO Special Operations Headquarters, 103. 
56 NATO Special Operations Headquarters, 102. 
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IV. INFORMATION 


Social media has created a historical shift from the historically powerful to 
the historically powerless. Now everyone has a voice. 


—Facebook COO Sheryl Sandberg 


A. SOCIAL MEDIA VULNERABILITIES 


As the nature of modern warfare changes, so too does the way nations strategize 
and operate across the spectrum of conflict and competition. This has become 
increasingly complex in the present information era where we continue to see rapid 
technological developments in the information warfare space. In the case of Mongolia, 
the two powerful states on its northern and southern borders are highly advanced actors in 
the area of social media capability. As a result, Mongolia is technically highly vulnerable 
to coercive influence. However, for over a hundred years, in its role as a geographic 
buffer state, Mongolia has served a very useful purpose for both Russia and China. 
Mongolia does not threaten its neighbors and generally pursues a policy of neutrality. 
However, as China's power increases, and tensions between Russia and the West rise, it 
is a prudent policy for Mongolia to strengthen its resilience to malign influence from 


other actors in cyberspace. 


Freedom of information is a foundational principle in democratic societies. Like 
other democratic countries, the Government of Mongolia does not control its domestic 
information environment. It upholds the principles of information freedom. Indeed, 
Mongolian national security policies encourage the "continuity of the Mongolian state 
governance and national unity, support for political parties, civil society, free press and 
media, individual liberties as well as safeguarding public order and social stability."57 


While it is a valuable democratic freedom, by promoting inclusive individual liberties, 


57 “National Security Concept of Mongolia," Ministry of Foreign Affairs of Mongolia, (November 
2015) https://mfa.gov.mn/en/documentation/55280/. 
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“democracies are more vulnerable to weaponized information,” 58 which is defined as “a 
message or content piece that is designed to affect the recipient's perception about 
something or someone in a way that is not warranted.”>9 Of note, not all the weaponized 
information is false. Some information can be true, but the timing of release or targeting 
of people can be harmful. For instance, a 13-year-old Mongolian girl who was studying 
in a high school in South Korea was beaten for six hours by four Korean female high 
school students, forced to drink alcohol, and locked in a room. “Two of the assailants 
were handed over to the prosecution on charges of gang violence, but the others were 
juveniles ... under the age of 14; therefore, they escaped criminal punishment."60 The 
incident happened in July 2021 in South Korea, but the news reached Mongolia in late 
November 2021 and triggered a mass anti-Korean movement on social media. This 
incident also garnered misinformation on Facebook—a fake picture of the Mongolian girl 


was shared by 200,000 people and had over a million views. 


58 Nicholas J. Kane, “Defense against Weaponized Information: A Human Problem, Not Just a 
Technical One,” InterAgency Journal 10, no. 3 (2019): 58. 


59 “Weaponization of Information,” European Center for Populism Studies. (August 2017), 
https://www.populismstudies.org/Vocabulary/weaponization-of-information/. 


^ 


60 «Four Teenage Girls Assaulted a Mongolian Girl for Six Hours with Her Hands and Legs Tied up,’ 
Allkpop, November 2021, https://www.allkpop.com/article/2021/12/tw-cw-four-teenage-girls-assaulted-a- 
mongolian-girl-for-six-hours-with-her-hands-and-legs-tied-up. 
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Figure 1. Example of Misinformation, a Fake Picture of Mongolian 
Allegedly Victimized in South Korea in 2021.6! 


In reality, the girl in the picture is not a victim in South Korea; this fake picture 
was created by someone intentionally. Nevertheless, this misinformation strengthened the 
spread of the news all over Mongolia. As a result, the mass response on social media 
impacted South Korea and Mongolian diplomatic ties and prompted national 
government-level discussion. The incident serves as a powerful example of how social 


media news significantly influenced the Mongolian population nationwide. 


B. EXISTING POLITICAL DEBATES 


Though Mongolia enjoys a democratic system of governance, this system does 
not work as smoothly in Mongolia as it does in other democratic countries. Part of the 
reason for this is historical. After a bloodless revolution in 1990, multiple parties entered 
the Mongolian political system, but only the two dominant parties debated with each 
other in the last 30 years. The Mongolian People's Party (MPP, left-wing) and 


61 Source: “Mongolian Victim Was Beaten for 6 hours, but the Other Side Was Denied and Tried to 
Evade Punishment," Monopolnews, accessed November 28, 2021, https://monopolnews.com/5230/. 
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Democratic Party (DP, right-wing) are the two powerful political parties that hold 
influence nationwide, usually holding power alternately at government and parliament 
levels. Moreover, the Mongolian people's voting tendencies are not stable in each 
election session; political support tends to shift between the two parties. For instance, in 
the last parliamentary election (2020), the MPP won 62 out of 76 seats in parliament, 62 
and with the large majority of parliament, MPP determines the government policies. Then 
again, Mongolian people were divided into two groups as usual—supporters and 
opponents of the government. There is no doubt that this kind of existing political debate 
will continue as long as two dominant parties hold so much influence over the Mongolian 
population. To sum up, the relentless political division negatively impacts the 
information environment undesirably. This strong rivalry influences the press and social 
media, and some politicians use these avenues as weapons to influence to the mass 


population. 


C. PRESS 


After the successful establishment of a democratic system in Mongolia in 1990, 
freedom of speech and of the press is guaranteed in the national constitution. 
Consequently, enhancing the independence and diversity of the media, educating the 
professionals, and fact-checking the press are a particularly crucial priority to Mongolia. 
Domestic press organizations play significant roles in social and psychological resilience. 
Namely, it is essential to any nation to “promote journalistic standards to safeguard 
independent, fact-based, investigative journalism and establish and bolster fact-checking 


standards and norms.” 63 


At this time, Mongolia, as a small nation has over 500 officially registered press 


organizations, and Mongolia was ranked 68th out of 180 countries in the Reporters 


62 Wikipedia, s.v. “2020 Mongolian legislative election,” last modified February 14, 2022, 
https://en.wikipedia.org/wiki/2020 Mongolian legislative election 


63 Maddox, Gentzel, and Levis, “Toward a Whole-of-Society Framework for Countering 
Disinformation.” 
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without Borders’ “2021 World Press Freedom Index."6^ Based on the Resistance 
Operating Concept, one promising way to counter misleading information and external 
influences while building psychological resilience is by a “public diplomacy campaign 
using truthful and independent media."65 Reliable media sources can clarify current 


concerns and expose issues while bolstering national psychological resilience. 


Compared to other countries in the region, Mongolia has some minor issues with 
the press. Essentially, the Mongolian press is inadequate on fact-checking or verification 
of any information. Thus, media or press may amplify misleading information such as 
disinformation (which represents “deliberate creation and dissemination of false and/or 
manipulated information with the intent to deceive and/or mislead"66), misinformation 
(“false or misleading information spread without the intention to deceive"97), and fake 
news. For example, the press provided misinformation when Mongolian peacekeepers 
returned from a UN peacekeeping mission in South Sudan in late November 2021. 
Specifically, some press outlets titled the news as *Mongolian peacekeepers come from 
South Africa," which caused mass panic and fear on social media due to South Africa's 
noticeable new Covid-19 (omicron) cases just discovered at the same time. Consider 
another example of the press disinforming the public through Mongol TV. They 
distributed fake news regarding McDonald's opening a branch in the country in 2013 
even though there had not been any discussion about McDonald's opening a branch in 
Mongolia, and it never did. The planted disinformation was picked up and disseminated 
by nine major media outlets due to payments they received, and none of them verified the 


information for themselves. Nomin Chinbat (at present, the Minister of Culture), head of 


64 «5021 World Press Freedom Index," Reporters without Borders, accessed November 29, 2021, 
https://rsf.org/en/ranking. 

65 Fiala, Resistance Operating Concept, 196. 

66 “NATO’s Approach to Countering Disinformation: A Focus on COVID-19,” NATO, July 2020, 
https://www.nato.int/cps/en/natohq/177273.htm. 

67 Thomas Colley, Francesca Granelli, and Jente Althuis. “Disinformation’s Societal Impact: Britain, 
Covid, and Beyond,” Defence Strategic Communications (July 2020). 
https://stratcomcoe.org/publications/disinformations-societal-impact-britain-covid-and-beyond/36. 


25 


Page 2681of 3957 


Page 2682 of 3957 


Mongol TV, emphasizes “They won't check the facts, they'll just be interested in getting 


paid to run the story."68 


D. COUNTERMEASURES AND MONGOLIAN EXPOSURES 


There are those who argue that “false news spreads more than the truth because 
humans, not robots, are more likely to spread it.”6? In practice, the misleading 
information spreads throughout social media, which is then amplified by unknowing 
digital participants and popular social influencers who do not check the validity of the 
news. This kind of misleading information threatens one of the pillars of comprehensive 


defense: social and psychological resilience. 


To mitigate this threat, some Western countries have developed approaches to 
counter misleading information. First, some NATO member states have adopted laws 
within their legal framework and set up countermeasures to address the spread of 
misleading information. For example, Germany adopted the Network Enforcement Act in 
2017 which made “more than two million users liable for fines of up to €50 million for 
the failure to delete ‘obviously illegal’ content within 24 hours of its publication."70 
According to experts, effective building of resilience is not only focused on digital 
literacy, but also to "continue to pursue policy and regulation of the commercial sector 


with regard to protection of citizens’ privacy."?! 


Currently, Mongolia has not adopted laws or regulations to guard against 
misleading information, except one part of the criminal law of Mongolia emphasizes the 
penalty of spreading fake information. The legal penalty for spreading fake information is 
not robust enough. It is worth mentioning the law itself does not define the term “fake 


information" and does not classify misleading information such as disinformation and 


68 Gavin J. Blair, “Mongolian TV Network Exposes Media Corruption with Fake Story about 
McDonald's," The Hollywood Reporter, December 2013, 
https://www.hollywoodreporter.com/news/general-news/mongolian-tv-network-exposes-media-665859/. 

69 Soroush Vosoughi, Deb Roy, and Sinan Aral, “The Spread of True and False News Online,” 
Science 359, no. 6380 (2018): 1146. 

70 Sanchez, Bolstering the Democracy Resilience of the Alliance against Disinformation and 
Propaganda, 9. 

71 Kane, “Defense against Weaponized Information: A Human Problem, Not Just a Technical One,” 
60. 
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misinformation. In addition, the law itself does not address overseas hostile information 
activities. While the digital nation is appealing in Mongolia, it is also important to bolster 
the legal bases against spreading misleading and other malicious information. In addition, 
national law enforcement agencies should “strive to regain and retain the initiative in the 


information environment"? to maintain the national society's stability. 


Adopting domestic laws and regulations against the dissemination of misleading 
information is not generally accepted in Western countries due to freedom of expression, 
yet some democratic nations are shifting in this direction. For instance, the Latvian 
Ministry of Culture has initiated financial support (since 2017) for "investigative 
journalism, deconstruction of lies, development of media literacy, media criticism, 
support for regional media, and a communication campaign called *Media are not 
comedy' against the dissemination of disinformation."7? These two approaches of 
Western countries to stop the spread of misleading information illustrate efforts that 


Mongolia could adopt to address its vulnerabilities in the information environment. 


E. CIVIC-GOVERNMENT PARTNERSHIP ON INFORMATION 


No single press organization and no simple solution can counter misleading 
information, and no country is immune from it. Like civic or private organizations, the 
press organizations prefer to keep a distance from government agencies to maintain their 
independence. Possibly the best way to understand the need for a whole-of-society 
framework for countering misleading information today is by understanding the 
cooperation and collaboration of governmental and non-governmental organizations, as 
well private and civic ones. Then, the Government of Mongolia should cooperate or 
collaborate with press organizations to combat misleading information by employing 
supportive policies or providing financial support. Like Latvia, the Mongolian Ministry 
of Education and the Ministry of Culture can promote and offer professional educational 


programs to journalists, focusing specifically on fact-checking information. In addition, 


72 Kane, 60. 


73 Klinta Ločmele, “Media literacy in Latvia: The Ministry of Culture's 6 strands," Media and 
Learning (January 2019), https://media-and-learning.eu/type/featured-articles/media-literacy-in-latvia-the- 
ministry-of-cultures-6-strands/. 
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government entities should only work on the development of professionals and should 


not curtail the freedom of expression and the independence of media. 


Regarding the press-government relationship that usually does not work 
smoothly in any country, the Mongolian Press Institute is among the most important. The 
Press Institute has been "the leading non-government organization to work with 
journalists and media users to enhance the skills and knowledge of media in society and 
as a result, has contributed to the vibrant political, social and economic debate that exists 
in the public today."7^ Also, the Press Institute enjoys a successful collaboration with 
several international press and aid organizations, so the institute can bring experts from 
overseas to advise on how to combat misleading information. If the Government of 
Mongolia can establish a civic-government partnership with the Press Institute of 
Mongolia effectively, then the institute could work as a bridge between the government 
and Mongolia's press organizations. On the other hand, the Government of Mongolia can 
support and fund the creation of civic society organizations which counter misleading 
information through efforts like the Estonian website ‘propastop’ or the Ukrainian 


website StopFake. 


Based on open-source information, there is no evidence of a direct external threat 
operating in the Mongolian information environment, but information campaigns are 
happening overseas that could threaten Mongolia's information environment in the 
future. Mongolia has successfully walked tightrope for many years between its two 
powerful neighbors. It must continue to do so if it wishes to maintain its sovereignty. On 
one hand, Mongolia might benefit from increased Russian and Chinese economic and 
political ties by serving as a geographic transit sight for resources, goods and services 
between the two countries. However, greater involvement also comes with great risk. 
Mongolia can help mitigate that risk by enhancing the psychological resiliency of its 


population in the infosphere. 


74 «Press Institute of Mongolia," Devex, accessed November 29, 2021, 
https://www.devex.com/organizations/press-institute-of-mongolia-7778 1. 
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V. SOCIAL INCLUSION FOR YOUNG PEOPLE 


Inclusion is not a matter of political correctness. It is the key to growth. 


—Jesse Jackson 
A. WHAT IS SOCIAL INCLUSION? 


The concept of social inclusion is generally described as a society for all. The 
Government of Mongolia defines social inclusion as “expansion and creation of an equal 
access and opportunity to those disadvantaged social groups, especially individuals based 
on low income, age, gender, disability, ethnic minority, sexuality and geographical 
location who have limited access to social services and participation.”7> There is a 
common understanding that social inclusion is only related to individuals with disabilities 
or from ethnic or sexual minorities. Against this backdrop, social inclusion is simply 
defined as “the process of improving the terms of participation in society." 76 Thus, this 
research focuses on social inclusion that fosters youth participation in the whole of 


society. Greater social inclusion is critical to fostering resilience. 


B. WHY IS IT IMPORTANT? 


Mongolian youth are the future of Mongolia's existence in the Russian and 
Chinese geopolitical environment, and their participation in the whole of society is 
crucial. Under many circumstances, Mongolian youth (people aged 18—29 years) suffers 
from a series of problems such as unemployment, low incomes, and the breakdown of 
family in a rapidly modernizing society. For instance, the Mongolian youth 


unemployment rate has reached “43,5 percent among all unemployed,"77 and since 2020 


75 “Analysis of Social Inclusion and Gender Dynamic for REDD+ in Mongolia," UN-REDD 
Mongolia National Programme, July 2017, 12. 

76 Leaving No One Behind: The Imperative of Inclusive Development, Report on the World Social 
Situation 2016, Report No. ST/ESA/362 (New York: United Nations Department of Economic and Social 
Affairs, 2016), 17. 


T] Otgontugs Bayasgalan, *COVID-19 and Unemployment of the Youth," Ikon, February 9, 2021, 
https://ikon.mn/opinion/24i7. 
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it has been constantly increasing due to the COVID-19 induced economic crises. 
Therefore, the livelihood of many Mongolian young people depends on their parents’ and 
grandparents’ pension and other welfare assistance from the government. There are many 
reasons for youth unemployment such as “a lack of information on vacancies and 
requirements, high demands for collateral in employment contracts from some 
employers, and discrimination based on sex and age."78 Moreover, youth unemployment 
renders the country “vulnerable to economic stresses, uninspired, and unable to innovate 
and contribute to Mongolia's economic growth."7? Besides, the mass migration of youth 
from rural areas to urban areas (particularly to Ulaanbaatar city) is increasing as young 
people seek education and employment. Those young people who migrate from rural 
areas are compelled “to reside on the outskirts of the city in ger district, where poor 
service delivery contributes to air pollution, health problems, as well as high rates of 
alcoholism and gender-based violence.”89 These issues make young people 
disadvantaged group in society, and Mongolian youth are at risk of living lives of 
continued poverty and social exclusion. This factor undermines resilience and creates 


vulnerabilities for and comprehensive defense posture. 


C. WHAT ARE THE CURRENT EFFORTS? 


Many countries have a specific policy on their youth’s social inclusion. It is 
essential to develop the younger generation to be independent by including their 
participation in decision-making processes at all levels of government with a positive 
mindset. Such policies focus on developing young people, educating them, providing 
them with a safe environment to live and work in, and ensuring healthcare wherever they 
may reside in urban or rural areas. In the context of burgeoning youth unemployment, the 
Government of Mongolia proposed various policies to target young people for 
employment, vocational-training programs, and enhancing employment information 


exchange programs. For example, the National Programme on Promotion of Youth 


78 Mercy Corps, Mongolia Strategic Resilience Assessment, Final Report (Portland, OR: Mercy 
Corps, April 2017), 32. 


79 Mercy Corps, 39. 
80 Mercy Corps, 50. 
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Development promotes “basic training in business, management, marketing, legal and 
financial skills for youth and increasing the awareness of youth business incubation 
services."8! This program does not only target government programs for the young but 
also includes policies for the private and civic sector organizations that employ youths. 
Nevertheless, those policies are not addressing psychological and social factors in 
a manner similar to the European Union (EU). In late 2018 The Council of the European 
Union passed the resolution for *The EU Youth Strategy 2019—2027.," It promotes youth 
contribution in the democratic life. For example, the EU’s Youth Strategy offers “new 
tools for mutual learning, such as peer reviews and peer counseling, high-level forums, 
analysis, and studies, following the priorities of the EU Youth Strategy at large."82 Also, 
the strategy captured most of the key issues for youth, and the strategy itself emphasizes 
“positive change inspired by EU values and a European identity.”83 However, Mongolia 
has also taken action., The State Great Khural of Mongolia (parliament) implemented the 
“Vision-2050” long-term development policy of Mongolia in 2020. The policy itself 
fosters national identity, preserves traditional language and scripts, and acknowledges 
nomadic civilization as part of the national identity among the youth. A unified national 
identity is the foundation of social and psychological resilience. Without it, no 


comprehensive defense strategy can survive for long. 


1. National Identity and Shared National Values 


Why is national identity so important? David W. Johnson, of the Cooperative 
Learning Center at the University of Minnesota, stresses “a national identity unites and 
builds a bond among all members of the society.”84 Hence, the participation of youth in 
nation-building or decision-making processes is important to any nation. The Mongolian 


policy document “Vision-2050” emphasizes the need to “educate the entire population 


81 “Youth Employment Policy Summary for Mongolia," International Labour Organization, December 
2016, https://www.ilo.org/asia/publications/WCMS 536713/lang--en/index.htm. 


82 «The European Union Youth Strategy 2019—2027," Resolution of the Council of the European 
Union and the Representatives of the Member States meeting within the Council on a framework for 
European cooperation in the youth field: 2018/C 456/01, December 18, 2018, 6. 


83 «The European Union Youth Strategy 2019-2027,” 4. 
84 L ybi Ma, “Need for a National Identity,” Psychology Today, September 2, 2019. 
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with ‘the mother tongue, the history and the heritage’ based on solid facts, and develop 
shared values that will be the pillar to build a nation-state with a deep sense of national 
similarities/differences and resilience."95? As a result, Mongolia would flourish as a 
nation with a deep-rooted sense of national identity and sharing common values by 2050. 
What is Mongolian national identity? This question appeared with Mongolia's 
peaceful transition from a socialist to a democratic country, and the question remains 
unanswered. According to “Vision-2050,” nomadic civilization is considered a part of the 
Mongolian national identity. Mongolians tried to settle the term “national identity" in 
many ways, but disputes are still ongoing. Some people argue that “Mongolian Blue 
Spot" (which refers to the “blue-gray spots and congenital dermal melanocytotic, the 
marks ... often present at birth but [which] may also appear during the first weeks of 
life"86) is a part of national identity. But Mongolian blue spots do not happen only 
among Mongols and appear in many nations around the world. As William Bloom, 
occasional lecturer at the Department of International Relations, London School of 
Economics, suggested back in the 1990s, “the mass national public will mobilize when it 
perceives that national identity is threatened.”87 Neither nomadic civilization nor 
Mongolian blue spot would cause the mass of people to mobilize even if those factors 
were threatened in Mongolia. On the other hand, it is of primary importance to define the 
national identities of Mongolia and support them with firm policies such as “Vision- 
2050.” Furthermore, Mendee Jargalsaikhan points out “accepting as a centerpiece in its 
national identity democratization, Mongolia has gained geopolitical balance and increased 
its capacity to affirm its distinctiveness versus China and Russia as well as Central Asian 
states or former Asian communist states (Laos, North Korea, and Vietnam)."88 Dr. Mendee 


argues that Mongolian democracy is in the ranks of electoral democracies of the world 


85 The State Great Khural Resolution 52/2020, “Vision-2050 Long-Term Development Policy of 
Mongolia," May 13, 2020, 1. 

86 Jennifer Berry, “Recognizing and Treating Mongolian Blue Spots," Medical News Today, August 
21, 2020, https://www.medicalnewstoday.com/articles/3 18853. 

87 William Bloom, Personal Identity, National Identity and International Relations (Cambridge, UK: 
Cambridge University Press, 1990), 79. 

88 Mendee Jargalsaikhan, “Democratization, National Identity, and Foreign Policy in Mongolia in 
2019,” The Asan Forum, June 25, 2019, https://theasanforum.org/democratization-national-identity-and- 
foreign-policy-in-mongolia-in-2019/. 
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beyond its expansionist neighbors. Against this backdrop, Jargalsaikhan Dambadarjaa 
(known as Jargal DeFacto), who is an independent economist and media representative of 
Mongolia, explains “the basic values of the Mongolian society are now democracy, 
human rights, and freedom.”8? Undoubtedly, if either democracy or human rights were 


threatened or violated in Mongolia, it could cause mass protests. 


2. National Language and Script 


From a subjective point of view, “national identity is based upon the sentiment of 
belonging to a specific nation, endowed with its own symbols, traditions, sacred places, 
ceremonies, heroes, history, culture and territory."9?0 What this means is that each nation 
is distinctive in its traditional cultures, history, language, and script. According to the 
Pew Research Center survey, “language far and away is seen as the most critical to 
national identity."?! Moreover, the survey stressed that “it is very important to speak the 
native language to be considered a true member of the nation."?2 Pew Research Center's 
Global Attitudes survey, conducted in 2016, involved 14 Western countries. Like other 
Asian countries, Mongolians are struggling to promote their traditional national language 
and script since the fall of the Soviet Union. The Mongolian language is part of a family 
within the Altaic language group and is used not only by Mongolians but also in the 
autonomous regions of Inner Mongolia, the PRC, and the Russian Far East (in particular, 
among the Buryat and Kalmykia ethnic groups) Mongolia's long history with its 
language has never been smooth. Specifically, the traditional Mongolian script (written in 
vertical lines top-down) faded away, “while under Soviet influence, Mongolia adopted 
the Cyrillic alphabet in 1941, which it uses to this day."?? Cyrillic has been the standard 


script for official communications for decades, and nowadays, the Mongolian national 


89 Jargalsaikhan Dambadarjaa, “The Vision-2050 Criticism 9: Shared National Values," Jargal 
DeFacto, May 11, 2020, https://jargaldefacto.com/article/mongolia-s-national-identity. 


90 Montserrat Guibernau, “Nation Formation and National Identity," Belgisch Tijdschrift voor 
Nieuwste Geschiedenis [Magazine of Belgian Latest History], vol. 4 (April 2004): 658. 


91 Bruce Stokes, “What It Takes to Truly Be ‘One of Us,’” Pew Research Center, February 2017, 9. 
92 Stokes, 9. 


93 Andrew Warner, “Card Game Aims to Revitalize Traditional Mongolian Script,” Language 
Magazine, December 2020, https://www.languagemagazine.com/2020/12/10/card-game-aims-to-revitalize- 
traditional-mongolian-script/. 
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script has become almost an ancient script. As result, most Mongolians are poor at 
reading the traditional script, and while the young learn to read and write it in school, it 
plays only a small part in modern life. In addition, the old script contains many 
idiosyncratic spellings that varied to make it harder to read and write. For example, the 
city of Ulaanbaatar is written the same in English, but “the traditional script writes it as 
Ulaganbagator.”4 

In 2020, the Government of Mongolia declared “plans to restore the use of its 
traditional alphabet by 2025, replacing the Cyrillic script adopted under the Soviets,"?5 
following the shift in other Central Asian countries such as Kazakhstan, Uzbekistan, and 
Turkmenistan. To that end, “Vision-2050” confirmed as one of its objectives the need to 
“incorporate the Mongolian language and script into national values and foster its 
proficiency and use by every citizen."9?6 The decision, however, faced much criticism 
from the population, but young people, especially, are welcoming the change. An 
incident happened in Inner Mongolia in September 2020 that strengthened the 
government’s decision in Mongolia. Thousands of ethnic Mongolians protested in Inner 
Mongolia, which is part of the PRC, against replacing the Mongolian language with 
Mandarin Chinese in schools. The Guardian emphasized “the official explanation for the 
change to a bilingual education system was to ensure the curriculum and textbooks were 
of a high standard, and that government documents cited by analysts also referred to 
President Xi Jinping’s push for shared language as part of a common identity.”97 
However, the Inner Mongolian objection to the PRC’s proposal triggered social media 
movements in Mongolia expressing anti-China sentiments and calling to “Save the 
Mongolian language,” and it also fostered Mongolian youth’s nationalism. Since then, 


many Mongolians understand why the Mongolian national script is important, and the 


94 Anand Nyamdavaa, “How Much Can Mongols Read Traditional Script?,” Mongolia FAQ, October 
2018, 

https://mongoliafaq.com/2018/10/26/how-much-can-mongols-read-traditional-script/. 

95 Didi Tang, “Mongolia Abandons Soviet Past by Restoring Alphabet,” The Times, March 2020, 
https://www.thetimes.co.uk/article/mongolia-abandons-soviet-past-by-restoring-alphabet-rsvcgqmxd. 

96 *Vision-2050 Long-Term Development Policy of Mongolia," 3. 

97 Helen Davidson, “Inner Mongolia Protest at China's Plans to Bring in Mandarin-only Lessons," 
The Guardian, September 2020, https://www.theguardian.com/world/2020/sep/0 1 /inner-mongolia-protests- 
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Government of Mongolia promotes some policies that focus on boosting traditional 
literacy among the young. For instance, “Foremost Traditional Script Writers of 
Mongolia” is a popular contest conducted annually that attracts participants of all ages. 
Over 1,500 participants sent their works to the annual contest in 2021, and the Minister of 
Education and Science, Enkh-Amgalan Luvsantseren, participated and delivered remarks 
at the award ceremony. Mr. Enkh-Amgalan emphasized, “the Mongolian traditional 
script is a guarantee for national security, and we have an utmost important duty to 
protect the culture and history written in Mongolian traditional script as a cultural 
heritage of humankind and to pass it down to the next generation.”98 That was an 
indication of Mongolia’s progress in preserving this area of national identity. This 
increased interest and involvement in the traditional Mongolian script is a significant 


potential source of psychological resilience. 


3. Mongolia and Nomadic Lifestyles 


Nomadism is defined as the “way of life of peoples who do not live continually in 
the same place but move cyclically or periodically."?? Long after the supremacy of 
Genghis Khan, nomadism remained a way of life that continues in modern Mongolia as it 
does in Kazakhstan and Kyrgyzstan. Nomad ideology has emerged to become “a strong 
pillar of Mongolian national identity, [and] it has also divided the Mongol population into 
distinct groups not only within the present borders of Mongolia, but also in the 
surrounding territories of Central Asia." 100 Mass migration from rural areas to cities has 
been increasing since the 1990s due to many reasons, and consequently, one-third of the 
population now lives in urban areas. In the rural areas, there is little opportunity for 
economic activities that would maintain a household's livelihood at a decent level, except 
for herding. Today, the Mongolians have increasingly adapted to globalized cultures. The 


youth find these cultures appealing, especially the South Korean or a Western lifestyle, 


98 “Winners of 25^ ‘Foremost Traditional Script Writers of Mongolia’ Awarded," Montsame, January 
2022, https://www.montsame.mn/en/read/286540. 


99 Encyclopaedia Britannica, s.v. “nomadism,” April 2016, 
https://www.britannica.com/topic/nomadism. 


100 Zsolt Szilagyi, “Lingering Nomad Ideology in 21* Century Mongolia,” Acta Ethnographica 
Hungarica: An International Journal of Ethnography 61, no. 1 (June 2016): 199. 
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and urban daily life makes the young willing to dispense with nomadic traditions. 
Moreover, challenges such as climate change and natural threats such as zuds (an extreme 
winter), drought, dust storms, earthquakes, and fires (forest and steppe) cause young 
people to leave rural areas. On the other hand, the Mongolian mindset has changed in 
recent years, and urban life has been viewed as the only way to live in the modern world. 
In fact, "Mongolian intellectuals for generations have been taught to regard the herders’ 
life as non-progressive, old-fashioned, even though the repository of Mongolian 
heritage." 101 

Due to air pollution in Ulaanbaatar city and mass migration to an urban area, the 
Government of Mongolia is making some attempts to develop rural areas and support 
nomadic lifestyles as part of the national heritage and as a tourist attraction. For example, 
“Vision-2050” is aiming to position Mongolia to “become a leading country with 
preserved nomadic civilization, based on national mentality, heritage, culture, and 
mindset, and centered on the creative Mongolian citizen.” 102 The policy will adapt to the 
conveniences of modern society while keeping an ancient and fascinating lifestyle alive. 
Migrating from an urban to a rural area is challenging for young people, and it requires 
strong motivation. The policy will require significant investment in providing robust 
support to herders, particularly during harsh winters, connecting the nomadic lifestyle. 
There have been some cases of young people migrating from “the opposite" direction. 
For instance, Batbayar “Baavar,” the President of the Mongolian Hip-hop Association, 
moved to the countryside with his family in 2019, and his family now lives in the 
northern part of Mongolia. Mr. Baavar once emphasized "Living in the countryside is 
wonderful and challenging,"!03 which inspires many young people on social media 


today. 


101 Alicia J. Campi, “Moving Mongolian Nomadism into the 21st century: Cultural and Ecological 
Preservation Coupled with Economic Vitality and National Security," Research thesis, (Washington, 
University of the District of Columbia, 1997), 7. 

102 “Vision-2050 Long-Term Development Policy of Mongolia," 2. 
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103 A Il23cypon, “XeqeeHHi amapan J9HAyy caitxan 6ac compxourroit? [Living in the countryside 
is wonderful and challenging], News.mn, January 2022, https://news.mn/r/2518672/. 
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VI. CONCLUSION AND RECOMMENDATIONS 


Victory comes from finding opportunities in problems. 
—Sun Tzu 


The survival of small democratic nations bordered by superpowers requires 
constant vigilance, especially as the nature of warfare evolves. Warfare is not limited to 
the physical domain; it increasingly cuts across psychological and social frameworks as 
well. Mongolian national defense policies have relied on conventional military capacity 
for decades, but those policies never included psychological and social preparation 
against any external influences. This thesis has examined three lines of effort to develop 
and maintain Mongolia's social and psychological resilience capacities as part of its 
national defense strategy. Notably, Mongolia must sustain and develop strategic 
partnerships with its neighbors and enhance its military-to-military cooperation. 

Building psychological and social resilience is one of the core pillars of NATO's 
comprehensive defense posture. Comprehensive defense policies have been based on 
total defense strategies from Western Europe during the Cold War period and have not 
been tested since then. Many countries such as the Nordic states (Norway, Finland, and 
Sweden) and Taiwan are currently applying comprehensive defense policies. Those 
countries have some similarities with Mongolia such as conscription (mandatory military 
service), small populations, and borders with superpowers and therefore provide useful 
insights into the development of Mongolia's comprehensive defense strategic efforts. 

Mongolia, a small nation, is located in a significant geopolitical environment. 
Failing to invest in social and psychological resilience now puts Mongolia at risk, as has 
been observed elsewhere. Consider Kazakhstan's unrest in January 2022 as an example. 
The International Crisis Group summarizes Kazakhstan unrest as resulting from 
"economic stagnation, a sharp rise in predatory consumer debt, rising internal migration, 


the pandemic, increasing protests and widening inequality," which means that *weakened 
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institutions faced significant tests.”!94 Authorities in Kazakhstan accused protesters of 
being “terrorists,” “bandits,” and “foreigner mercenaries,” but those claims were not 
confirmed officially. According to an Al Jazeera interview, “the main group of 
protesters—young unemployed people from the regions expressing their frustrations 
against injustice,"!05 were manipulated by social media and social influencers. Those 
unemployed youth were victims of information and psychological operations, and many 
of them ended up in prison. A very similar situation arose in Mongolia in 2008, when 
“police arrested over 700 people on the night of 1 and 2 July,” 106 an action that resulted 
in the deaths of five young people. In addition, the current Russian-Ukrainian conflict 
confirms that military objectives aim not only at the military in combat but also at 
civilians back home. For example, during this conflict, military propagandists delivered 
false and demoralizing messages to Ukrainian soldiers at the front and their family 
members back home via cyber-electromagnetic means."107 These incidents demonstrate 
just how crucial psychological and social resilience is in today's world. 

When it comes to Mongolia, the current defense law states that defense policy 
relies on the participation of government entities and all citizens. But the law fails to 
include participants from the private and civic sectors as the asymmetric defense 
component. This is the gap where Mongolia should understand, and consider, the concept 
of the NATO CDH by strengthening integrated layered defense policies. It takes time to 
change conventional defense posture within the whole-of-government approach as a 
comprehensive defense. A critical first step of this approach is to bolster social and 
psychological resilience. Thus, the following recommendations could improve and 


provide support for the psychological resilience of Mongolia. 


104 «Behind the Unrest in Kazakhstan," International Crisis Group, January 2022. 
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105 Agnieszka Pikulicka-Wilczevska, “Do Kazakhstan’s Protests Signal an End to the Nazarbayev 
Ear?," Al Jazeera, January 2022, https://www.aljazeera.com/news/2022/1/1 1/qa-kazakh-activist-yevgeniy- 
zhovtis-on-mass-unrest. 

106 Where Should I Go from Here?’ The Legacy of the 1 July 2008 Riot in Mongolia," Amnesty 
International, December 2009, 4. 

107 Aaron F. Brantly, Nerea M. Cal, and Devlin P. Winkelstein, Defending the Borderland: Ukrainian 
Military Experiences with IO, Cyber, and EW (New York: Army Cyber Institute at West Point, December 
2017), 28. 

38 


Page 2694 of 3957 


Page 2695 of 3957 


A. RECOMMENDATIONS 


To invest in Mongolia's comprehensive defense strategy, this thesis provides 


three recommendations for building psychological resilience in Mongolia. 


l. A persistent national information campaign, initiated and conducted by the 
Government of Mongolia in cooperation with civil society and NGOs, 
would make Mongolians aware of the comprehensive defense concept 

Compared to neighboring states, the Mongolian economy, population, and 
military are relatively small, and there is no direct threat currently. There are, however, 
many indirect threats that could escalate. For example, a recent case of Beijing’s new 
policy replacing the Mongolian language with the Mandarin Chinese language in Inner 
Mongolia triggered a protest in Mongolia. The main concern of the Mongol people was 
“if the traditional written language dies in Inner Mongolia, it would be a massive loss of 
identity for all the Mongols around the world."!08 As described by the CDH, 
understanding the strategy is not only for decision-making politicians and military 
personnel, but requires awareness and participation across all sectors of society. This 
means that Mongolian citizens should be aware of current and potential future threats to 
its democratic values. 

But the world is changing day by day, and citizens of Mongolia need to be 
prepared for potential future threats, especially in terms of psychological and social 
resilience. Today, some malicious acts threaten the safety, security, and sovereignty of 
superpowers and small nations equally. For example, the Russian disinformation 
campaign against the U.S. election in 2016 was a significant surprise to the world. That 
example demonstrates that no country can afford to lack psychological and social 
resilience in the information era. Such a threat requires that every member of society get 
a basic knowledge of psychological resilience. 

There are already frameworks in place that the Government of Mongolia could 
adapt for the purpose of education and information. Furthermore, the Government of 


Mongolia could start by “establishing online and public media-based training and 


108108 “The War You Never Heard of,” T rips@Asia, (January 2021), accessed on 8 February 2022, 
https://www.tripsatasia.com/newsletter-articles/inner-outer-mongolian-language. 
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information programs"109 to promote digital literacy. One example of how this is already 
being accomplished is Mongolian CITA establishing the “Information Technology 
Center" in 2022 “to improve citizens’ digital literacy skills and enable youth to have the 
skills to use modern technologies." 110 

Specifically, programs that exist for disaster response and prevention can translate 
to responses for national security crises. These programs extend nationwide and are not 
difficult to set up. For example, Sweden’s “If Crisis or War Comes”!!! contains 
information about how to respond to natural disasters and malicious acts (such as 
disinformation, terrorism, physical occupation). Moreover, the National Emergency 
Management Agency (NEMA) has successfully established early warning systems 
nationwide in Mongolia through the media, internet, national radio, and communication 


companies to alert the public to potential storms and flooding (see Figure 2). 
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109 NATO Comprehensive Defense Handbook, 64. 

110 Unurzul Majdaa, "Information Technology Center to be Established," Montsame, November 
2021, https://montsame.mn/en/read/280389. 

111 «Tf Crisis or War Comes," Swedish Civil Contingencies Agency, May 2018, 
https://www.msb.se/en/rad-till-privatpersoner/the-brochure-if-crisis-or-war-comes/. 

112 Center for Excellence in Disaster Management and Humanitarian Assistance, Mongolia Disaster 
Management Reference Handbook (Hickam, Hawaii: Joint Base Pearl Harbor, 2018), 33. 
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The way information flow is as follows. It begins with Mongolia's National 
Agency of Meteorology and Environmental Monitoring (NAMEM ) and is “disseminated 
down though the ministries, NEMA, local meteorological offices and through mass 
media until it makes it was to the herders.”!!3 This system and structure could also work 


for disseminating accurate information that may affect national security. 


2, A basic education curriculum in elementary and high school should 

include digital literacy 

Section IV of this thesis examined social media vulnerabilities in Mongolia, and 
these vulnerabilities require a long-term solution. As Section IV mentioned, there is no 
distinction between “disinformation” and “misinformation” in Mongolia. At this time, 
Mongolia does not have rock-solid laws or regulations against misleading information or 
online phishing matters. The misleading information includes not only internal matters in 
Mongolia, but some information that comes from overseas. Chapters II and III of the 
thesis covered case studies on misleading information in Mongolia, and it is not going to 
be stopped in the future. 

The Government of Mongolia is enhancing adult education and professional 
development in certain areas, but this education is not good enough to target the whole of 
society. Teenagers, youth, and older people are still at risk of being manipulated by 
misleading information. Therefore, digital or media literacy programs should be included 
in elementary schools’ educational curricula as is done in Taiwan and Finland. In 
addition, fact-checking norms and digital literacy are essential skills to the student who 
studies journalists for the press personnel capacity building and professionalism. It's 
commonly known that media always plays a considerable role in social and psychological 


resilience. This is not a quick-fix issue but will take some time. 


113 Mongolia Disaster Management Reference Handbook, 33. 
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3. Mongolia should promote civil society organizations and enhance their 


capabilities 


According to Mercy Corps, “Mongolia’s civil society sector is still small and 
focuses primarily on environmental and child welfare issues.”!!4 In fact, civil society 
organizations are inadequate due to the legal framework that constrains their activities. 
Furthermore, as Mercy Corps emphasized, “an enabling environment for resilience and 
development must be supported by citizen demand for good governance through civic 
engagement and collective action." 115 Consequently, the Government of Mongolia and 
its entities are hardly influenced by civil society organizations, and NGOs remain out of 
the circle of political decision-making processes. This is the space for the emerging civic- 
government partnership, and authorities should adapt proper legal frameworks. For 
example, the Mongolian Fact-Checking Center can collaborate with the government on 
media literacy education for the young or effective measures to counter misleading 
information. The Taiwanese FactCheck Center is considered a model for coordination 


with the government and to counter disinformation among other centers. 


What is more, "targeting civic engagement efforts towards youth will be 
especially critical, as this helps cultivate a sense of agency and future purpose that 
underlies resilient individuals and communities.” 116 Access to all kinds of information is 
inadequate, and only civic organizations tend to be effective at reaching and engaging 
youth. The government's policies on youth are not always as effective as those of civic 
organizations, and some countries use this opportunity to promote defense policies in 
creative ways—for example, the Norwegian NGO People and Defense provides “support 
for the armed forces and Norwegian defense policies”!!7 by employing policies aimed at 
youth. Norwegian practice confirms Mercy Corps’ conclusion that “strengthened social 


networks have been shown in many contexts to have a multiplier effect on inclusive 


114 “Mongolia Strategic Resilience Assessment,” 25. 
115 “Mongolia Strategic Resilience Assessment,” 48. 
116 “Mongolia Strategic Resilience Assessment,” 48. 


117 Nina Graeger, From ‘Forces for Good’ to ‘Forces for Status’?, Small States and Status Seeking 
(New York: Routledge, 2015), 99, 86-108. 
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decision-making, civic engagement and an overall enabling environment that supports 
resilience.” 118 

Similar to Norway, there used to be civic societies in Mongolia that supported the 
defense force during the Soviet era, called “Community for Defense Support.” 119 That 
community consisted of various sports clubs such as parachuting, shooting, cross-country 
skiing, and wrestling. Most of the activities were dedicated to youth. The Government of 
Mongolia can promote such kinds of civic organizations to foster psychological resilience 


among the youth. 


B. AREAS FOR FURTHER STUDY 


Establishing a comprehensive defense is complicated, and it "requires all sectors 
of society to be capable of integrating into a single, coherent, multi-layered system."120 
An example of such a multi-layered system is shown in Figure 3. This thesis outlines 
education, information, and inclusion efforts to develop psychological resilience, 
highlighting instruments needed to contribute to comprehensive defense. Furthermore, it 
identified psychological resilience as a strong foundation for the resistance movement. 
The outcome of the ongoing conflict in the Ukraine should also be studied closely for 


potential lessons. 


118 *Mongolia Strategic Resilience Assessment," 49. 


119 C.Tyyz, “DBJI9J199C TƏB 3eniie; XYpc3H Tryyx," [History of the community from council], 
GoGo.mn, June 2009, https://gogo.mn/r/55823. 


120 Source: NATO Comprehensive Defense Handbook, 33. 
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Therefore, the thesis focuses on resilience as “the first line of a multi-layered 
deterrence and response system,”!22 and primarily aims to strengthen asymmetric 
defense components. This means the thesis has not discussed the concern of the armed 
forces and home guards in comprehensive defense policies. 

Future research should consider how the inclusion of the Mongolian Armed 
Forces (particularly the Special Forces Command) and Local Defense Forces (which are 
equivalent to the Home Guard shown in Figure 3) could contribute to comprehensive 
defense policies. The latter was established on June 27, 2018, when the Mongolian 
Parliament passed the law for the “Local Defense Force” (LDF), the purpose of which is 
to regulate local defense force relations aimed at establishing and strengthening the state 
defense system. Mongolia’s new LDF is considered to be a paramilitary organization like 
the Swiss territorial service, Swedish home guard, and the U.S. National Guard. Given its 
close relationship with local populations, it can be a valuable bridge to the civic sector in 


developing a comprehensive defense policy. 


121 NATO Comprehensive Defense Handbook, 33. 
122 NATO Comprehensive Defense Handbook, 34. 
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Executive Summary 


The rise of disinformation 


Disinformation, or the intentional creation and spread of false information, is a growing 
national security concern. While the use of information operations is not a new phenomenon— 
various actors have used them throughout history for a range of objectives—the connectivity 
that characterizes the world today allows both information and disinformation to spread faster 
and with a much greater reach. It is not surprising that a rapidly increasing number of 
adversaries and domestic US actors are coming to understand the utility of the information 
space for achieving their objectives and are seeking to weaponize it. The use of disinformation 
has led directly to real-world events and violence, can have a demonstrable impact on a 
recipient's behavior, and can lead its promulgators to achieve some goals simply through its 
existence, regardless of its believability. Because disinformation's primary impact occurs in the 
mind, technological, political, or military solutions alone cannot sufficiently mitigate the threat. 


Psychological principles associated with 
disinformation spread 


This report is the result of an extensive literature review across multiple domains, including 
disinformation, psychology, military science, foreign affairs, economics, computer science, and 
marketing. Through the literature review, we identified four key psychological principles 
related to the absorption and spread of disinformation: initial information processing; 
cognitive dissonance; the influence of groups, beliefs, and novelty; and the role of emotions and 
arousal. This report describes each psychological principle, explains how the principle 
contributes to the absorption and spread of disinformation, and details ways to mitigate the 
effect of the principle on the spread of disinformation. 


A critical takeaway from the identification of these principles is that they are not unique to 
absorbing and spreading disinformation. These same principles are key to absorbing and 
spreading true information as well. Thus, at an individual level, it appears that disinformation 
is absorbed and spread through normal, routine, and adaptive mechanisms, which malign 
actors can exploit and manipulate for their own objectives. The four psychological principles 
we identified are: 
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e Initial information processing: Our mental "processing capacity" is limited; we 
simply cannot deeply attend to all new information we encounter. Our brains take 
mental shortcuts to incorporate new information, and those shortcuts can open us up 
to mistakes. To the extent that we do not process information as deeply as we should, 
disinformation can be construed as true information. 


e Cognitive dissonance: Cognitive dissonance describes the discomfort we feel when 
we are confronted with two competing ideas. We are motivated to reduce the 
dissonance by changing one attitude, removing (ignoring) the contradictory 
information, discounting the importance of contradictory information, or increasing 
the importance of compatible information. If disinformation supports our initial beliefs 
or creates less dissonance than true information, we are more likely to believe the 
disinformation. 


e Influence of group membership, beliefs, and novelty (the GBN model): Not all 
information is equally valuable to individuals. Our group memberships, our beliefs, and 
the uniqueness of the information influence whether we absorb and share 
disinformation. We are more likely to share information with people we consider 
members of our group, when we believe the information is true, and when it is novel 
or urgent. If disinformation is coming from a group member with whom we identify, is 
consistent with our beliefs, or is new information for us, we are more likely to share it. 


e Role of emotion and arousal in our sharing of disinformation: Just as not all 
information is equally valuable, not all information affects us the same way. Research 
demonstrates that we pay more attention to information that makes us feel positively 
or that arouses us to act. That means we are more likely to share information if we feel 
awe, amusement, or anxiety than if we feel sadness or contentment. Given that 
disinformation is, by definition, created by someone, it is more likely to be absorbed 
and shared if it is constructed to be emotional and arousing. 


Countering the absorption and spread of disinformation 


The research team identified several techniques in the literature that could be useful for 
countering disinformation absorption and spread. Two techniques to help counter 
disinformation were associated with more than one psychological principle: (1) preventive 
inoculation (i.e., warning people about the effects of disinformation and how to spot it) and (2) 
encouraging deeper, analytic thinking. The literature also details techniques that could combat 
the effects of a single psychological principle. For example, to counter the effects associated 
with groups, beliefs, and novelty, researchers recommend creating unique content that 
encourages individuals to identify with a broader “group” and increases their access to 
opposing information. In addition, researchers recommend that disinformation containment 
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policies emphasize behavioral interventions aimed at countering the psychological principles 
activated by disinformation, rather than solely focusing on stopping the malicious use of bots, 
algorithms, and technologies. Before disinformation is shared, it is absorbed by an individual. 
Thus, interventions that disrupt how an individual absorbs disinformation should interrupt 
the chain between seeing disinformation and sharing it. 
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Introduction 


Onthe morning of September 11, 2014—the anniversary of 9/11—the news in St. Mary Parish, 
Louisiana, was alarming. At around 8:30 A.M., the director of the regional Office of Homeland 
Security and Emergency Preparedness received a call from a citizen concerned about a text 
message suggesting that there had been a chemical spill: "Toxic fume hazard warning in this 
area until 1:30 PM. Take Shelter. Check Local Media and columbiachemical.com." 


However, as reporters and analysts documented months later, the text message did not occur 
in isolation. Hundreds of Twitter accounts, many of which appeared to belong to concerned 
citizens in the area, used the hashtag #ColumbianChemicals to report on the unfolding crisis 
by asking questions, sharing pictures, and posting videos (Figure 1). 


Figure 1. Twitter post showing the Columbian Chemicals plant explosion 


P" Anna Russel Y)  .* Follow 


Chemical plant exploded in Centerville, 
Louisiana #ColumbianChemicals 


36 2 Diels it ee 


Source: John Borthwick, “Media hacking,” Render, Mar. 7, 2015, https://render.betaworks.com/media-hacking- 
3b1e350d619c. 
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At the same time, reporters and politicians as far away as New York City began to hear about 
the emergency. One user tweeted at New Orleans Times-Picayune reporter Heather Nolan: 


@EricTraPPP: Heather, I'm sure that the explosion at the #ColumbianChemicals is 
really dangerous. Louisiana is really screwed now. 


Another tweeted at political consultant Karl Rove: 


@zpokodon9: Karl, Is this really ISIS who is responsible for #ColumbianChemicals? Tell 
@Obama that we should bomb Iraq! 


Yet another user tweeted at Oregon senator Jeff Merkley (Figure 2): 


Figure 2. Twitter post asking Oregon senator Jeff Merkley about the Columbian Chemicals 
plant explosion 


"m Teresa Holland +2 Follow 
TezHolland 


@SenJeffMerkley Jeff, Hope it wasn't a 
terrorist attack in Louisiana, was it? 
#ColumbianChemicals 


Source: Matt Kodama, “#ColumbianChemicals Hoax: Trolling the Gulf Coast for Deceptive Patterns,” June 12, 
2015, https://www.recordedfuture.com/columbianchemicals-hoax-analysis/. 


Twitter was not the only platform involved. On YouTube, a video in which “a man showed his 
TV screen, tuned to an Arabic news channel, on which masked ISIS fighters delivered a speech 
next to looping footage of an explosion” suggested that ISIS [Islamic State of Iraq and Syria] 
was responsible for what was now being called an attack.! Another video, titled "Panic due to 
the explosion on a Columbian Chemicals facility in Louisiana," showed an ambulance on 
the highway. Yet another, titled "Flash from an explosion on a Columbian Chemicals 
facility in Louisiana," allegedly showed footage of the actual explosion.? A Wikipedia page, 
citing the video, became active, and a public Facebook page (called "Louisiana News") posted 
an article about the crisis and an alleged statement from ISIS in which the group claimed 


1 Adrian Chen, "The Agency," New York Times Magazine, June 2, 2015, accessed Feb. 2, 2021, 
https:/ /www.nytimes.com/2015/06/07 / magazine/the-agency.html. 


? "Columbian Chemicals Plant Explosion Hoax," Know Your Meme, 2014, accessed Feb. 4, 2021, 
https://knowyourmeme.com/memes/columbian-chemicals-plant-explosion-hoax. 


CNA Research Memorandum | 2 


Page 27210f 3957 


Page 2722 of 3957 


responsibility for the attack. Finally, both the New Orleans Times-Picayune and CNN appeared 
to pick up the story as tweets of coverage on their websites began to circulate. 


Figure 3. Twitter account posting a fake CNN homepage showing the story of the Columbian 
Chemicals plant explosion 


BE GregSpicy YX «2 Follow 


The explosion occurred at the 
#ColumbianChemicals Co. Chemical plant 
located in Centerville, St. Mary Parish, LA. 


« Rer t? Retweet * Favori pape 


Obama: ‘We will degrade, Plant Explosion in Centerville Caused 


ultimately destroy’ ISIS 


The plant explosion at Columt 
LA, caused the wave of panic ar 


towns 


Iraq. FULL STORY 
* Obama's address, as it happened 


* Watch the full address “= 


* Obama: TSIL is not Islamic" ‘= 


Source: John Borthwick, "Media hacking," Render, Mar. 7, 2015, https://render.betaworks.com/media-hacking- 
3b1e350d619c. 


All of this, however, was news to the people working at Columbian, as there had not actually 
been any sort of leak or explosion. The entire event had been fabricated, perpetuated by a 
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skillfully coordinated social media infrastructure that included a botnet spreading content and 
"fully functional clones of the websites of Louisiana TV stations and newspapers.”3 


This particular hoax had a relatively small reach since none of the tweets went viral, the 
mainstream media did not report on the false story at the time if the ongoing operation, and its 
breakthrough at the national level came months later when New York Times reporter Adrian 
Chen linked the effort to Russia's now infamous Internet Research Agency (IRA). Yet, despite 
the hoax’s failure, it is an almost perfect example of a disinformation campaign. 


As the Columbian Chemicals example demonstrates, disinformation (i.e., false information 
created with the intentto deceive) has the potential to be concerning when it comes to national 
security. As adversaries and domestic actors alike increasingly use disinformation to achieve a 
variety of objectives, the study of how disinformation works and how it can be effectively 
countered has become a national security priority. Most of the study on this topic has thus far 
focused on disinformation tactics and tools. This report is different because it looks beyond 
these topics to examine how disinformation affects the recipient and the role psychology plays 
in one's acceptance of disinformation, since disinformation is a method of exercising 
psychological influence. 


The primary impact of disinformation takes place in the mind. While the psychological 
principles behind the absorption of disinformation are normal principles invoked when 
individuals take in any type of information, malign actors can exploit these principles to 
enhance the likelihood of disinformation's assimilation and spread. Thus, understanding how 
to counter disinformation's impact requires a firm understanding of disinformation's effect on 
the mind. 


To date, very little work on the subject of the psychology of disinformation has been aimed at 
policy-makers and defense decision-makers. This report seeks to fill that gap by detailing the 
psychological principles that allow disinformation to flourish in a way that is easy to 
understand for those with no psychology background. It can also serve as a primer for those 
new to the general topic of disinformation because it details the definition of disinformation 
and why it poses a national security threat. 


3 Chen, "The Agency.” A botnet is a network of bots working in coordination. For additional information on the role 
of bots and botnets in propagating disinformation, please see Megan McBride, Zack Gold, and Kasey Stricklin, 
Social Media Bots: Implications for Special Operations Forces, CNA, DRM-2020-U-028199-Final, Sept. 2020, 

https:/ /www.cna.org/CNA files/PDF/DRM-2020-U-028199-Final.pdf. 
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Report elements 


To make this complex topic accessible and useful for practical application, there are several 
important elements of this study. First, for the purposes of this paper, we make no distinction 
between disinformation and misinformation. While the two concepts are distinct, with the intent 
of the information's creator (i.e., malicious versus benign) as the key difference, this paper 
instead focuses on the information itself and the effect on the person viewing or hearing it. In 
most cases, the recipient doesn't know who created the information (e.g., the meme, the video, 
or the email), so the creator's intent is irrelevant to the psychological impact of these types of 
disinformation on the audience. We will discuss and include examples of both disinformation 
and misinformation, categorizing them both as disinformation for simplicity (despite their 
definitional differences, which we recognize). 


Second, the term disinformation has come to mean many different things to different people, 
with a number of distinct, though related, concepts at various times classified as 
disinformation. In this report, we focus on the elements of disinformation included in a recent 
State Department-funded report, and we make the conscious decision to leave out some of the 
other concepts occasionally included in this category. First, we exclude such techniques as the 
creation of fake accounts (bots, trolls, etc.) and fake communities. For our purposes, we 
consider these tools and actions to be part of "influence operations," a category that includes 
disinformation but is not exclusively composed of the disinformation itself. Second, while 
disinformation is a type of influence operation, not all influence operations are disinformation, 
so we also exclude influence operations that do not include disinformation. In other words, this 
study centers on the psychology of disinformation, and not on the broader psychology of 
influence operations. By scoping our report in this way, we are able to speak directly to a 
pressing national security risk in a clear, concise, and focused manner. 


In addition, we are approaching this topic from a nontechnical perspective, with the intent of 
gearing explanations toward those with no prior knowledge of this subject. Therefore, we do 
not include the universe of potentially relevant psychological principles because that could get 
overwhelming and unwieldy. The psychological principles discussed in this report emerge 
from the literature as highly relevant to absorbing and spreading disinformation. Additional 
information on these principles can be gleaned from the cited material. Moreover, the tone of 
this study provides clear explanations and examples to make this report useful for its intended 
audience—policy- and decision-makers. 
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Report organization 


In addition to this introduction, this report has three sections all of which address important 
aspects of our study questions. We first describe what disinformation is within the scope of 
this report and hone in on the definition we then use for the remainder of the report. While 
there are many different and conflicting definitions of "disinformation," our first section 
outlines how we are defining the topic for purposes of this report. 


Our second section addresses the issue of why the topic of disinformation, and therefore this 
paper, is important in the first place. While much has been written on disinformation, in most 
cases this particular question is sidestepped and the importance of disinformation is simply 
stipulated. To effectively counter this threat, it is critical to understand why it matters. 
Consequently, we begin with an exploration of why disinformation is important from a national 
security perspective before turning to the tricky question of whether disinformation is actually 
effective at achieving its objectives. We conclude with why it is important to study the 
psychology of disinformation as a part of this discussion. 


With a firm grounding in what disinformation is and why it matters, we then turn to the 
psychological principles relevant to disinformation. While many principles are tangentially 
related to this topic, we chose to focus on the four mechanisms critical to the absorption and 
spread of disinformation: initial information processing; cognitive dissonance theory; the 
group, belief, novelty (GBN) model; and the effect of emotions and arousal. For each principle, 
we explain the concept in plain language (with examples) before detailing its implications for 
disinformation and what can be done to counter its effects. 


This report ends with a brief conclusion that highlights the importance of continuing this area 
of study. The conclusion summarizes how this study has advanced the conversation on 
countering the spread of disinformation and highlights additional questions to address. 


Approach and sources 


This report relies primarily on a thorough review ofthe (1) disinformation and (2) psychology 
literature to pull out the information relevant to the national security space. For the first two 
sections on the what and why of disinformation, our primary sources are reports from think 
tanks and academic institutions as well as news reports, with CNA's previous studies on memes 
and bots serving as a foundation.^ We also included some foreign language sources in the 


^ Vera Zakem, Megan McBride, and Kate Hammerberg, Exploring the Utility of Memes for U.S. Government Influence 
Campaigns, CNA, DRM-2018-U-017433-Final, 2018, https:/ /www.cna.org/cna files/pdf/DRM-2018-U-017433- 
Final.pdf; McBride, Gold, and Stricklin, Social Media Bots: Implications for Special Operations Forces. 
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discussion of adversary use of disinformation to better understand the place disinformation 
has come to hold in adversary thinking, doctrine, and strategy. 


For the third section, we conducted an extensive literature review of psychology journals. 
Where relevant, we also included literature from other disciplines (e.g., economics, computer 
science, and marketing). Finally, some of the psychological principles related to modern, 
technology-enhanced disinformation have roots in foundational experimental psychology. 
Where applicable, we discuss the root theory first and then apply it to disinformation. 
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What Is Disinformation? 


In the messy mainstream and social media ecosystem that characterizes the contemporary 
world, it is nearly impossible to untangle concerns about disinformation, misinformation, 
influence operations, adversary interference, propaganda, and online manipulation. 
Particularly problematic in the context of this report is the distinction between disinformation 
and misinformation. While these terms are often used interchangeably, they are distinct 
concepts easily differentiated by attention to the intent of the content's creator (Figure 4). 


e Disinformation is information that is known to be false, and that is spread with the 
explicit goal of deceiving. In this case, the creator of the information (i.e., the tweet, the 
post, the email) intends to deceive. 


e Misinformation is information that is false, but that is spread without a desire to 
deceive. In this case, the creator ofthe information (i.e., the tweet, the post, the email) 
has no intention to deceive. 


It may also be helpful to add a third term to the mix: 


e  MalLinformation is information that is known to be true, and that is spread 
intentionally, with the explicit goal of harming. One example might be sharing private 
information with the goal of harming the reputation of a politician. Mal-information is 
slightly different than disinformation and misinformation in that it is not necessarily 
false (it might contain false elements, but it might also be entirely true). We include it 
here, though, in an effort to provide a comprehensive oversight of the information 
ecosystem. 
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Figure 4. Taxonomy of disinformation, misinformation, and mal-information 


INTENT TO HARM 


Mis-information Dis-information Mal-information 


False Connection 


Misleading Content 


Source: Temir Asanov, "Fake News in Modern News Media: Disinformation, Misinformation and 
Malinformation," Medium.com, Mar. 17, 2019, https://medium.com/@tasanoff/fake-news-in-modern-news- 
media-disinformation-misinformation-and-malinformation-e4fdfa2ab57 1. 


While this relatively simple taxonomy may seem to solve the problem, the reality is that the 
correct application of these labels (particularly those of disinformation and misinformation) is 
contingent on the tricky task of identifying the intent attached to the creation of the content. 


To illustrate this, let’s assume, for example, that Alice, Bernard, Claire, and David are active 
Twitter users. 


One day, Alice wakes up planning to go to the beach with friends, but her mother insists that 
she wear sunscreen. Alice doesn't want to wear sunscreen because her friends don't wear 
sunscreen, so she creates a fake graphic detailing the negative consequences of wearing 
sunscreen and posts it to Twitter with the hashtag #sciencefacts. She then shows it to her 
mother in an attempt to get out of wearing sunscreen. In this case, the stakes are relatively low 
and modest, but we could accurately label this content as disinformation because Alice's post 
meets the criterion of that definition: intentionally shared false information designed to deceive. 


A few days later, Bernard is on the subway and the people sitting across from him are having a 
heated debate about sunscreen (perhaps because they saw Alice's post). Bernard finds the 
argument against wearing it compelling. When he gets home, he creates a graphicto share with 
his friends. Because Bernard's graphic is not designed to deceive, it would be accurately 
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categorized as misinformation: information that is false but that is spread without the intent to 
deceive. 


These examples are relatively straightforward because in both cases we know the intention of 
the individual who created the content. Classifying content becomes far more complicated, 
though, when information is retweeted, reposted, and forwarded. 


For example, imagine that a few weeks later Claire is online and she finds a graphic detailing 
the negative consequences of wearing sunscreen. Concerned about the data in the graphic, she 
shares it via social media. While in some ways Claire does the same thing as Alice and Bernard 
(sharing a graphic via social media), we need to know the intention of the graphic's creator in 
order to accurately categorize it. If Claire shared Bernard's graphic, then her earnest post 
would be misinformation: information that is false but that is spread without a desire to deceive. 
If, however, Claire had accidentally stumbled across Alice's graphic, then her post would meet 
the definition of disinformation, and Claire would simply be an unwitting accomplice in Alice's 
disinformation campaign. The difference, again, is in the intention of the content's original 
creator. 


Because this report focuses on the psychology of how disinformation works (and not on, for 
example, adversary intentions) the distinction between disinformation and misinformation is 
not critical. It's true that the perceived or assumed intent of the content's originator is 
important; we read material generated by comedians (who we assume intend to amuse us) 
differently from how we read material generated by news organizations (who we assume 
intend to educate us). These perceived and assumed intentions, though, are facilitated by a set 
of cognitive shortcuts that we use to negotiate the world. We see the New York Times or Wall 
Street Journal banners and assume that we know the content creator's intent. Sometimes 
disinformation takes advantage of these heuristics—as the Columbian Chemical hoax creators 
did by creating a fake screenshot of the CNN website. This is possible because most of the time 
all we have are our perceptions and assumptions; most people don't know the origins of the 
material they view and share online, or the true intention of the person who created that 
content. As a result, we receive disinformation and misinformation the same way. 


To hammer this home, let's take David's perspective. David is an everyday social media user 
scrolling through Twitter. Assuming he doesn't know anything about Alice, Bernard, or Claire, 
the graphics that he sees in their Twitter feeds are exactly the same. The 
disinformation/misinformation distinction just isn't relevant for David (i.e. for the end user or 
consumer), and, psychologically, disinformation and misinformation exploit the same 
principles. Note that, in many cases, these same principles are also exploited by those 
attempting to share accurate information. News agencies, as one example, will also rely on 
these principles to ensure that you visit their sites, view their channels, and click their links. 
The principles themselves are neutral and normal. This report, therefore, will not distinguish 
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between disinformation and misinformation in discussing the relevant psychological 
principles; moreover, in an effort to avoid unnecessarily complicating things, we will use the 
term disinformation to refer to both throughout the remainder of this report. 


Types of disinformation 


While the definitions offered in the section above are accurate and useful, they fall short in 
capturing the range of material that analysts assess under the rubric of disinformation. A 
recent State Department-funded report, however, highlights the nuanced and complex nature 
of this phenomenon: 


To understand the disinformation environment, it is useful to dissect the 
different elements it encompasses. Disinformation can include authentic 
material used in a deliberately wrong context to make a false connection, such 
as an authentic picture displayed with a fake caption. It can take the form of 
fake news sites or ones that are deliberately designed to look like well-known 
sites. Disinformation can further include outright false information, shared 
through graphics, images, and videos. It can also take the form of manipulated 
image and video content, where controversial elements are photoshopped into 
innocuous contexts to evoke anger or outrage. 


In other words, understanding the psychological impact of disinformation isn't merely about 
understanding why a simple graphic might trick a few people. Disinformation exists in a 
context—it exploits our cognitive shortcuts and heuristics in order to be effective—that can be 
fabricated to varying degrees. 


To take just the first part of the definition from the State Department report above, 
disinformation consists of not only patently inaccurate information designed to appear true 
(such as the Columbian Chemicals hoax), but also accurate information that has been 
manipulated or taken out of context. As one example, on September 20, 2015, a pro-Russia 
media outlet falsely claimed that US Ambassador John Tefft had been spotted at an anti- 
government rally earlier in the day.¢ In support of its claim, the website quoted Tefft as saying 


5 Christina Nemr and William Gangware, Weapons of Mass Distraction, Park Advisors, 2019, accessed Feb. 2, 2021, 
https:/ /www.state.gov/wp-content/uploads/2019/05 /Weapons-of-Mass-Distraction-Foreign-State-Sponsored- 
Disinformation-in-the-Digital-Age.pdf. 


6 "US Ambassador to Russia John F. Tefft Is Sent to Opposition Rally in Maryino,” Toca CINA s Poccuu /bxona 6. 
Teo dora ornpaBua Ha MuTHHr onmnosunguu B Mapeune, Ren.TV, Sept. 20, 2015, http://ren.tv/novosti/2015-09- 
20/posla-ssha-v-rossii-dzhona-f-teffta-otpravili-na-miting-oppozicii-v-marine. 
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that he was attending the rally in order to assess the "caliber" of Russian democracy. More 
interesting, the post included a photo of Tefft mid-interview, with the opposition rally visible 
behind him (Figure 5). The media outlet even tweeted the photo with the following caption: 
“US Ambassador to Russia John Tefft strolled at an opposition rally in Marino."$ 


Figure 5. Russian disinformation regarding US Ambassador Tefft 


PEH TB | Hosoctn 9 
Nocon CWA B Poccun {KOH 0. Tedt 
NporyAAACA Ha MUTMHTe onnoauuMwa B 
MapbMHo: ren.tv/novosti/2015-0 


[| 


Source: "Ilocoa CLLIA B Poccuu Axon ©. Teor nporynanca Ha MUTMHTe onnoznynn B Mapbuno,” Sept. 20, 
2015, https://twitter.com/rentvchannel/status/645658877426593792. 


7 Some of this language remains in the REN TV article. Carl Schreck, “Photoshop Wars: U.S. Ambassador 'Attends' 
Russian Opposition Rally...and the Moon Landing,” Radio Free Europe/Radio Liberty, Sept. 21, 2015, accessed Feb. 
3, 2021, https://www.rferl.org/a/russia-photoshop-us-ambassador-tefft-opposition-rally-ren-tv/27260885.html. 


8 “The American Ambassador to Russia John F. Tefft Walked at an Opposition Rally in Maryino,” IIoco: CINA B 
Poccuu Jou ®. Teor nporysisasica ua muTunre ormoauiad B Mapbuno, Twitter, Sept. 20, 2015, 
https:/ /twitter.com/rentvchannel/status/645658877426593792. 
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As the US Embassy in Russia promptly pointed out, though, the image was doctored. In fact, 
they tweeted a response that included the doctored image, the original image, and other 
doctored images of Ambassador Tefft at the moon landing and a hockey game (Figure 6). 


Figure 6. US Embassy response to Russian disinformation regarding US Ambassador Tefft 


a. Nloconscrso CWA s PO © " 
Nocon TedoTt npoBéa BuepaulHMÁ BbIXOAHOU 
AoMa. Ho 6narogapa doTOWONy MOXHO 
OKa3aTbCA rae yrozHo. #fake #ġeñk 


Source: "The American Ambassador to Russia John F. Tefft Walked at an Opposition Rally in Maryino,” Nocon 
CLLIA B Poccun Axon Q. Ter nporynanca Ha MuTUHTe orinosaun B MapbuHo, Twitter, Sept. 20, 2015, 
https://twitter.com/rentvchannel/status/645658877426593792. 

Notes: The original image (upper left); the Photoshopped image that REN TV tweeted (upper right); Tefft at the 
moon landing (lower left); Tefft at a hockey game (lower right). Translation of Twitter post: Ambassador Tefft 
spent yesterday's weekend at home. But thanks to Photoshop you can be anywhere. #fake #fake. 


In this case, the disinformation very clearly consisted of “authentic material used in a 
deliberately wrong context to make a false connection” and a manipulated image in which an 
innocuous element (Ambassador Tefft at a news conference) was Photoshopped into a 
controversial environment (an opposition rally) in order to “evoke anger or outrage.” By 
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contrast, the Columbian Chemicals disinformation campaign is one that involved "fake news 
sites or ones that are deliberately designed to look like well-known sites" and "outright false 
information, shared through graphics, images, and videos." 


That said, the State Department definition—and, by extension, this report, as we have adopted 
the State Department definition—leaves out a number of techniques that are often included in 
discussions of disinformation campaigns but that are better classified as influence campaigns. 
It does not, for example, include instances in which a fake account or persona is used to spread 
true information, amplify the posts of a real person, galvanize a new community, or infiltrate a 
closed community to some ulterior end. There is no doubt an element of deception at play in 
these behaviors, but they don't meet the definition of disinformation and they rely 
predominantly on a different set of core psychological mechanisms (some, but not all, of which 
are explored in this report). 


Disinformation poses a critical threat, but there is no standard for how it will look, where it 
will come from, or what tools might be necessary to identify it. As seen in the State Department 
definition, it can take many different forms: it can be a skillfully doctored screenshot of the CNN 
website or a typo-laden meme with no references; it can come from a friend or a media outlet 
or a stranger; and it might be easily traced via a simple Google query or impossible to track to 
its source. This project thus takes a different tack, focusing not on how disinformation can be 
identified but on how it affects—consciously and unconsciously—the recipients that are 
exposed to it and on how we might mitigate these effects. 
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Why Disinformation Matters 


Since the uncovering of widespread Russian meddling in the 2016 election, the US government, 
academics, think tanks, and social media companies have poured a wealth of resources into the 
study of disinformation. Every few months, Congress drags the leaders of the largest tech 
companies to Capitol Hill to grill them on their plans for countering the threat of 
disinformation; published reports on the issue now abound, tackling topics including Russian 
tactics, enabling technologies, and strategies for pushing back. Of interest, however, is that 
most of these resources seem to take for granted the fact that disinformation matters, rather 
than spelling out why that is the case. This chapter will endeavor to explain why we should 
care about disinformation, with a focus on the threat it poses in the national security context. 


Adversary use of disinformation 


While it is tempting to view adversary use of disinformation as a contemporary problem, the 
use of such means by adversaries attempting to shift the balance of political or military power 
is a long-standing issue. As just one example, in the first century CE, Octavian waged a fake 
news smear campaign—deploying primarily "short, sharp slogans written upon coins in the 
style of archaic Tweets"—to turn public opinion against Mark Antony and secure the role of 
first Roman Emperor.? Disinformation, however, has always been contingent on its ability to 
circulate widely; operating centuries before the printing press, Octavian had to use coins to 
spread his message. Consequently, it should come as no surprise that adversary use of 
disinformation has become something of an international crisis in the social media age, when 
information spreads globally—leaping between continents and across language barriers—in 
mere seconds. It should also come as no surprise that our adversaries would seek to weaponize 
this powerful tool. 


The objectives of disinformation are situationally specific. In discrete instances, disinformation 
might be used to obscure the purpose of a military campaign or cast aspersions on an enemy. 
The type of disinformation that the modern world is struggling with—even when that 
disinformation is coming from adversaries—is typically far less restrained or limited. The most 
commonly cited goals for adversary use of disinformation include causing chaos and confusion, 
sowing discord, distracting from an issue, casting doubt, and making the truth seem 


9 Izabella Kaminska, "A Lesson in Fake News from the Info-Wars of Ancient Rome,” Financial Times, Jan. 17, 2017, 
accessed Feb. 3, 2021, https:/ /www.ft.com/content/aaf2bb08-dca2-11e6-86ac-f253db7791c6. 
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unknowable.!° However, while threatening in themselves, these short-term objectives may 
also be part of a broader long-term strategy for gaining global influence, diminishing US 
influence, claiming great power status, securing a regime, and more.!! As states have 
increasingly become aware of the benefits of information for achieving these objectives 
(including the ease with which they can harness the power of social media, the inexpensive 
nature ofthese efforts, and the relatively low risk of engaging in such behavior), disinformation 
and related types of information influence have come to hold a more prominent place in many 
adversaries' doctrine, strategy, and thinking. 


One of the US's primary adversaries in this space, Russia has come to view the information 
space as one ofthe foundational areas in which states compete today.!? Rather than seeing the 
use of information (including disinformation) merely as support for traditional military 
operations during a conflict, Russia views it as integral to and indistinguishable from 
conventional capabilities, with utility during every phase of conflict and even in peacetime.!? 
In fact, many Russian thinkers have asserted that the boundaries between war and peace are 
increasingly blurry, with the growing emphasis on nonmilitary means (such as information) 
asserted as one cause.!4 In 2013, the Russian Chief of the General Staff Valeriy Gerasimov stated 
that the development of information weapons had the ability to reduce an adversary's combat 
potential.!* He further elaborated on this notion in 2019, writing that nonmilitary means are 
now the primary choice for attaining goals, with military force necessary only when 
nonmilitary means are unsuccessful.!6 Gerasimov also expressed that, while military means 
are decisive once armed conflict begins, nonmilitary means make it possible to create the 


10 Dean Jackson, "Issue Brief: How Disinformation Impacts Politics and Publics,” National Endowment for 
Democracy, May 29, 2018, accessed Feb. 2, 2021, https://www.ned.org/issue-brief-how-disinformation-impacts- 
politics-and-publics/. 


11 Kasey Stricklin, "Why Does Russia Use Disinformation?," Lawfare, Mar. 29, 2020, accessed Feb. 2, 2021, 
https:/ /www.lawfareblog.com/why-does-russia-use-disinformation. 


12 Daniel Kliman et al., Dangerous Synergies, CNAS, 2020, accessed Feb. 1, 2021, https://s3.us-east- 
1.amazonaws.com/files.cnas.org/documents/CNAS-Report-Dangerous-Synergies-May-2020-DoS- 
Proof.pdf?mtime=20200506164642&focal=none. 


13 Makhmut A. Gareev, “Anticipate Changes in the Nature of War: Every Era Has Its Own Kind of Military Conflict, 
and its Own Constraints, and its Own Special Biases,” Voyenno-Promyshlennyy Kuryer Online, June 5, 2013. 


14 [bid. 


15 Valery V. Gerasimov, "The Value of Science is Foresight,” lenHocTb Hayka B rrpezBugteuuu, VPK, BIIK, Feb. 26, 
2013, accessed Feb. 1, 2021, https://vpk-news.ru/articles/14632. 


16 [bid.; Valery V. Gerasimov, “Vectors of the Development of Military Strategy," BeKTOpbI pa3BuTHA BOeHHOH 
crparerua, Krasnaya Zvezda, Kpacnas 3Be371a, Mar. 4, 2019, accessed Feb. 1, 2021, http://redstar.ru/vektory- 
razvitiya-voennoj-strategii/?attempt-1. 
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conditions and influence the operating environment to make the employment of military 
means more effective.7 In fact, it is thought that the use of such nonmilitary means as 
information can even preclude an armed conflict by allowing Moscow to assert influence and 
shape internal dynamics within an adversary state, creating conditions favorable to Russia.18 


Another US adversary in this space, China has long sought to exercise control over information 
that circulates regionally, and has recently begun to extend its influence beyond its borders 
and neighbors.?? In the last decade, the Chinese Communist Party has sought opportunities to 
shape the digital information space and, in 2013, Chinese President Xi Jinping stated that the 
use of innovative techniques to spread narratives positive for China, and promoting the 
Chinese view globally, was a priority.2? The Chinese government has historically employed 
these tactics in regions close to its borders, such as Taiwan, to attempt to shape the geopolitical 
situation in a favorable manner.?! These efforts were typically overt propaganda efforts to push 
Beijing's preferred narrative.2 After the onset of the coronavirus pandemic, China began to 
take a page out ofthe Russian playbook, employing more covert disinformation on social media 
to obscure the virus's roots and shift the blame, typically to the US.23 While itis unclear whether 
Beijing will continue to employ these methods after the pandemic has passed, the Chinese 
government has certainly evolved its thinking on how to use information for influence and the 
utility of disinformation in reinforcing the government's reputation. 


Both Iran's conventional military and the Islamic Revolutionary Guard Corps (a parallel 
military structure tasked with upholding the ideals of the revolution) underscore the 
importance of informational control for offensive and defensive purposes alike.24 Iran sees 


17 Gerasimov, "Vectors of the Development of Military Strategy." 
18 Kliman et al., Dangerous Synergies. 

19 Ibid., p. 5. 

20 [bid. 


21 Joshua Kurlantzick, "How China Ramped Up Disinformation Efforts During the Pandemic,” Council on Foreign 
Relations, Sept. 10, 2020, accessed Feb. 2, 2021, https://www.cfr.org/in-brief/how-china-ramped-disinformation- 
efforts-during-pandemic. 


22 Sarah Cook, "Welcome to the New Era of Chinese Government Disinformation,” The Diplomat, May 11, 2020, 
accessed Feb. 1, 2021, https://thediplomat.com/2020/05/welcome-to-the-new-era-of-chinese-government- 
disinformation/. 


?3 "How China Ramped Up Disinformation Efforts During the Pandemic." 


24 “IRGC (Islamic Revolutionary Guard Corps)," Counter Extremism Project, accessed Feb. 3, 2021, 

https:/ /www.counterextremism.com/threat/irgc-islamic-revolutionary-guard-corps; Emerson Brooking and 
Suzanne Kianpour, Iranian Digital Influence Efforts: Guerrilla Broadcasting for the Twenty-First Century, Atlantic 
Council, 2020, accessed Feb. 1, 2021, https://www.atlanticcouncil.org/wp-content/uploads/2020/02/IRAN- 
DIGITAL.pdf. 
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itself as constantly on the defensive from information efforts emanating from other countries' 
broadcasters, lobbyists, and so on.25 A recent report on Iran's digital disinformation efforts 
describes them as "public diplomacy under duress” and notes that pro-Iranian messaging 
proves most effective when it appears to come from a neutral third party.2¢ Iran thus endeavors 
to set up a narrative structure that its adversaries cannot easily meddle with or take down in 
order to achieve its objectives, which include positioning itself as a leader in the Muslim world 
and serving as a bastion against perceived US and western regional intervention.?7 


The pandemic has seen these three adversaries increasingly amplify each other's 
disinformation, helping China's recent disinformation efforts gain a wider reach than they 
likely would otherwise. Despite varied objectives, the shared goal of undermining US influence 
has caused something of a convergence as Russia, China, and Iran work together to diminish 
the influence of their common adversary. For its part, the US government views disinformation 
in a patently different way than its adversaries. While many adversaries are increasingly 
emphasizing the utility of information for achieving a range of objectives, the US is grappling 
with a range of ethical and legal implications that simply are not issues for its adversaries in 
this space. As a result, it still does not have a clear strategy for countering information 
operations, and its efforts in this space tend to be largely reactive.28 In addition, because the US 
views information influence through a different lens than many of its adversaries, the role of 
such efforts in adversary strategy and thinking is not always well understood. Therefore, the 
study of disinformation is important for ensuring that the US does not find itself unwittingly 
behind or vulnerable in a key area of competition. 


Domestic use of disinformation 


It would be naive to write a paper on disinformation—especially one grappling with its real- 
world impacts—without acknowledging that domestic US actors are active in this space as 
well. As with adversary use of disinformation, the objectives for domestic actors using 
disinformation vary with prominent examples including attempts to shift political discourse 
on a range of controversial issues, such as election integrity, medical advice, and climate 
change. The objectives may also be motivated by a desire to garner support—measured in the 
form of votes, subscriptions, or clicks. Again, though, this is hardly a new phenomenon. In 1835, 


25 Brooking and Kianpour, Iranian Digital Influence Efforts: Guerrilla Broadcasting for the Twenty-First Century. 
26 Ibid. 
27 Ibid. 


28 Doowan Lee, “The United States Isn’t Doomed to Lose the Information Wars,” Foreign Policy, Oct. 16, 2020, 
accessed Feb. 3, 2021, https://foreignpolicy.com/2020/10/16/us-election-interference-disinformation-china- 
russia-information-warfare/. 
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The Sun (a newspaper in New York City) published a series of six articles claiming that life— 
including unicorns—had been observed on the moon by a one of the world's foremost 
astronomers. The hoax wasn't uncovered for weeks, and the newspaper never printed a 
retraction, but circulation did allegedly increase. The discovery of the hoax did not put an end 
to the practice; almost a decade later, The Sun again published fake science news. In this case, 
though, it was famed author Edgar Allen Poe who "sold an ingenious scientific hoax to a 
newspaper publisher for fifty dollars," though this time the newspaper apparently issued a 
retraction. 2? 


In contemporary America, disinformation circulates on a variety of issues ranging from the 
absurd (e.g., a 2017 story that Hollywood elites were using "the blood of babies to get high") to 
the deadly serious (such as that related to the supposed dangers of the COVID-19 vaccine, 
which could deter large quantities of people from getting the vaccine).3? The reality, though, is 
that the psychological mechanisms that allow disinformation to spread are the same, despite 
the motives of the individual behind such content or its potential impacts. 


Is disinformation effective? 


Given the variety and prevalence of disinformation, the existence of disinformation is not 
particularly debatable. Rather, the critical question remaining is whether disinformation is 
actually effective at changing peoples' minds and helping adversaries achieve their objectives. 
This effectiveness is incredibly difficult to assess; after all, it is difficult to know whether 
someone would have taken a certain action or had a certain thought even without the presence 
of disinformation.*! 


Several recent studies looking into the 2016 presidential election have attempted to answer 
the effectiveness question, often with disparate results. A 2018 study released by researchers 
from Ohio State concluded that disinformation likely helped Donald Trump secure victory 
because around 4 percent of Barack Obama's 2012 supporters did not vote for Hillary Clinton 


29 "Edgar Allan Poe—'The Balloon Hoax'," The Edgar Allan Poe Society of Baltimore, Last updated July 15, 2020, 
https:/ /www.eapoe.org/works/info/pt049.htm. 


30 David Mikkelson, "Did Keanu Reeves Say Hollywood Elites Use the ‘Blood of Babies’ to Get High?,” Snopes, Nov. 
22, 2017, accessed Feb. 1, 2021, https://www.snopes.com/fact-check/keanu-reeves-blood-drinking/; Lois 
Beckett, "Misinformation 'Superspreaders:' Covid Vaccine Falsehoods Still Thriving on Facebook and Instagram," 
The Guardian, Jan. 6, 2021, accessed Feb. 3, 2021, https://www.theguardian.com/world/2021/jan/06/facebook- 
instagram-urged-fight-deluge-anti-covid-vaccine-falsehoods. 


31 "Issue Brief: How Disinformation Impacts Politics and Publics." 
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after reading false stories about her.3? By contrast, researchers from the Stanford Institute for 
Economic Policy Research released findings in 2017 showing that only a small portion of 
Americans saw the most widely circulated fake stories, suggesting disinformation during the 
election may not have been that convincing or influential, though the authors did not offer an 
opinion on whether this disinformation ultimately had an impact on the election outcome.?? In 
January 2020, researchers released a study purporting to show that interaction with trolls 
from the Russian IRA during the 2016 election did not have any impact on Americans' political 
behaviors or thoughts because the trolls interacted most with individuals who already held 
strongly partisan attitudes and were unlikely to change their thinking.?^ However, the study’s 
small sample size means that more research is needed on this topic for findings to be taken as 
conclusive. Therefore, none of these studies are decisive for answering the question of 
disinformation effectiveness. In addition, none of these studies explored the question of 
whether the disinformation campaigns might have affected voter turnout (ie. perhaps 
suppressing Clinton voters and energizing Trump voters). 


Most alarmingly, even if consumers of disinformation do not believe the false stories they read 
or change their attitudes or behaviors as a result, the very existence of disinformation or 
perception that it is spreading can help adversaries achieve their objectives. The perception 
that adversaries are excelling in the field of disinformation and may be manipulating events 
could help promote adversary goals by introducing doubt or anxiety about government 
institutions, journalistic outlets, and other staples of democracy. Russia, for example, often 
promulgates a number of narratives on unfolding events, not because it hopes that audiences 
will believe all of the various, often contradictory, messages, but because doing so makes the 
truth seem unknowable, and makes citizens doubt the official government versions of events. 
Russia hopes the long-term effect will lead to democratic systems appearing less appealing, 
engendering a loss of US influence worldwide, while making political systems similar to the 
one found in Russia seem stronger and more effective in contrast.35 


32 Aaron Blake, "A New Study Suggests Fake News Might Have Won Donald Trump the 2016 Election," The 
Washington Post, April 3, 2018, accessed Feb. 1, 2021, https://www.washingtonpost.com/news/the- 
fix/wp/2018/04/03/a-new-study-suggests-fake-news-might-have-won-donald-trump-the-2016-election/. 


33 Krysten Crawford, "Stanford Study Examines Fake News and the 2016 Presidential Election," Stanford News, 
Jan. 18, 2017, accessed Feb. 2, 2021, https://news.stanford.edu/2017/01/18/stanford-study-examines-fake- 
news-2016-presidential-election/. 


34 Christopher Bail et al., "Assessing the Russian Internet Research Agency's Impact on the Political Attitudes and 
Behaviors of American Twitter Users in Late 2017," PNAS: Proceedings of the National Academy of Sciences of the 
United States of America 117, no. 1 (2020), accessed Feb. 3, 2021, https://www.pnas.org/content/117/1/243. 


35 "Why Does Russia Use Disinformation?" 
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While it is unclear if disinformation can actually change an individual's opinion, attitude, or 
vote on a specific issue, there are many examples where disinformation has affected behaviors. 
The psychological principle of cognitive dissonance (to be discussed later) posits that one's 
actions have a powerful effect on one's attitudes since you need to rationalize to yourself why 
you are doing something. Furthermore, it has been shown to affect the national discourse on a 
variety of topics and to even sometimes make its way into the mainstream media. This is at 
least partially because disinformation on social media has proved to spread more widely and 
more rapidly than accurate information. A large 2018 MIT study of Twitter data found that, 
according to every normal metric, disinformation wins out over the truth on social media by 
diffusing "significantly farther, faster, deeper, and more broadly than the truth in all categories 
of information." 36 The authors concluded that this was true because of human nature, rather 
than the use of bots, because the bots studied in the report amplified just as many true stories 
as false stories.?7 


In some cases, the promulgation of disinformation has spurred real-world events, and even 
violence. Countries such as India and Burma have seen social media used to spread 
disinformation on religious minorities that led to actual violence. An additional salient 
example was the 2005-2006 rallies in response to the publication of images of Muhammad in 
aseries of European newspapers, which resulted in violence around the world, leading to over 
100 deaths and 800 injuries. An often-overlooked component of this dynamic, though, was an 
informal publication known as the Akkari-Laban dossier. This document, written by Danish- 
Muslim clerics, was shared widely across the Muslim world. While experts later confirmed that 
much of its content was accurate, they also noted that it contained inflammatory and false 
information. Specifically, the dossier implied that one of the images it contained (of a picture 
of a man dressed as a pig) was meant to depict Mohammad when, in fact, it was an Associated 
Press photo of a French pig-squealing contest.?? The dossier did contain accurate images of 
cartoons as well, but the inclusion of this especially inflammatory image makes it an example 
of disinformation. It is an instance in which "authentic material" (i.e., the Associated Press 
image) was "used in a deliberately wrong context to make a false connection" (i.e., implying 
that the image was part of a larger effort to disrespect Islam).4° Again, it is impossible to know 
if this particular image—one among many—was directly responsible for causing the rallies, 


36 Soroush Vosoughi, Deb Roy, and Sinan Aral, "The Spread of True and False News Online," Science 359, no. 6380 
(2018), https://science.sciencemag.org/content/359/6380/1146. 


37 Ibid. 
38 "Issue Brief: How Disinformation Impacts Politics and Publics." 


3? Martin Asser, "What the Muhammad Cartoons Portray," BBC, Jan. 2, 2010, 
http://news.bbc.co.uk/2/hi/middle east/4693292.stm. 


^' Nemr and Gangware, Weapons of Mass Distraction. 
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violence, injuries, and death. Its inclusion, though, is widely recognized to have exacerbated an 
already delicate situation (because Islam identifies the pig as an unclean animal) and thus 
contributed to significant real-world consequences. 


Summary 


It is not always immediately clear exactly why disinformation matters for national security or 
whether the spread of disinformation is even having an effect. While much has been done to 
map out adversary disinformation tactics and the digital space that enables them, this work 
often takes for granted the fact that we should be studying disinformation in the first place. 
There are, however, demonstrable reasons why it is important to pay attention to 
disinformation. As adversaries and domestic actors alike increasingly turn to information 
means as a way to achieve a range of objectives, the study of disinformation is also growing 
more important to ensure that malign actors do not catch the US flat footed. While it is difficult 
to prove that disinformation is effective in directly changing minds or votes, there is much 
evidence it can affect behaviors and discourse. In addition, the lack of conclusive study on 
whether disinformation is effective means that we cannot discount it; just as we do not know 
exactly how effective disinformation is, we also cannot prove that it is not effective. The issue, 
therefore, requires greater attention and study. 


That study should center not just on disinformation tactics but also on how those tactics affect 
the mind since disinformation's primary impact occurs in the mind. It is by definition a method 
of exercising psychological influence. Those spreading disinformation hope that a recipient will 
believe it, thus allowing the promulgators to achieve their objectives. As mentioned, though, 
disinformation can have an impact even if it is not believable; the mere perception that 
disinformation exists may be enough to lead to certain effects, such as the erosion of trust in 
democratic institutions and the media. This perception, of course, is a mental process as well. 


The impact of disinformation, however, is not limited to the mind. It can have concrete and 
critical secondhand effects beyond the foregoing examples of real-world violence. For example, 
the erosion of trust in democratic institutions can affect voting behavior, increased suspicions 
about medical care can change willingness to receive that care, and distrust of the police can 
lead to increased resistance to arrest. As a result, itis important to understand not merely the 
technical issues of how disinformation is transmitted or how it can be prevented—issues that 
have received considerable attention over the past few years—but also the psychological 
question of how disinformation works and how it can be countered. Increased familiarity with 
the psychology of disinformation is important for understanding how the spread of false 
information aids in the achievement of objectives and, in turn, how to prevent its harmful 
impacts. Moreover, because countering the effects of disinformation is also a cognitive process, 
understanding the psychological principles that make disinformation effective can assist in 


CNA Research Memorandum | 22 


Page 27410f 3957 


Page 2742 of 3957 


understanding what principles may counter it. As the use of disinformation and other types of 
psychological influence become more important to the achievement of malign objectives for 
both adversaries and domestic actors, understanding how to counter these tactics more 
efficiently is a national security imperative. 
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Psychological Principles That Can 
Facilitate Disinformation Adoption 
and Spread 


This section addresses why people are vulnerable to disinformation by examining innate 
psychological mechanisms that govern how people process and share information. The 
primary thesis of this section is that disinformation is processed and shared through routine 
and ordinarily adaptive psychological processes.*1 


We begin by describing the psychological principles associated with initial information 
processing and the subsequent reinforcement of initial judgments through cognitive 
dissonance. Next, we describe how group membership, beliefs, and novelty affect the way we 
process and communicate information. Finally, we describe the role of emotion and arousal in 
people's tendency to share information. In each section, we describe the principles, apply them 
to disinformation specifically, and describe how normal, routine, and adaptive processes can 
be used to further spread disinformation. We also describe how these principles can be used 
to counter the spread of disinformation. Table 1 summarizes these psychological principles, 
provides a brief explanation, and shows the connection between that concept and 
disinformation. 


^1 Here, the word adaptive is used in an evolutionary context. Behavior is adaptive if it helps a person to 
accomplish a goal. 
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Table 1. Psychological principles relevant for disinformation adoption and spread 


Principle Explanation Application to disinformation 
Initial We process information as efficiently We can accept disinformation as true 
information as possible and that can make us because we aren't thinking deeply and 
processing vulnerable to mistakes. critically. 

Cognitive When we are confronted with We accept disinformation that 

dissonance something that goes against our supports our initial beliefs and try to 
beliefs, we are motivated to resolve the reject information that disconfirms our 
conflict. initial beliefs. 

Group, We more readily share information We accept and share disinformation 

belief, and with people with whom we identify, more readily when it comes from 

novelty when we believe it is true, and when it people we know, it appeals to what 
is novel or urgent. "our group" believes, and when we 

think it is new. 

Emotions We pay more attention to information We are more likely to share 

and arousal that makes us feel positively or arouses disinformation if it is constructed to 
us to act. elicit high-arousal emotions. 

Source: CNA. 


Humans are constantly processing information that comes in through our senses. Encoding, 
cataloging, deciding on action, and storing all that information could be a full-time job without 
mechanisms to efficiently process it all. Indeed, we don't have the "computing power" to 
appropriately process each new piece of information as entirely novel. This section describes 
multiple psychological theories and their effects. They all come down to the same bottom line: 
our brains have adaptive mechanisms to triage and organize information as quickly and 
efficiently as possible. 


Initial information processing (dual process 
theory) 


Dual process theory is the foundation for understanding how people process information.£ 
The theory posits that we have two mechanisms to evaluate new information that comes in 
through our senses. Table 2 describes the key elements of these two processes: automatic 
thinking and controlled thinking. 


42 Shelly Chaiken and Yaacov Trope, Dual-Process Theories in Social Psychology, (New York: Guilford Press, 1999); 
Susan T. Fiske and Shelly E. Taylor, Social Cognition: From Brains to Culture, 3rd ed. (London: SAGE Publishing, 
2016). 
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Table 2. Dual process theory 


Process Characteristics How it works 
Automatic Fast, effortless, uses People rely on previous experience with similar 
thinking few resources information and best guesses (heuristics), easy-to- 


process information (fluent), and information that is 
easy to remember to determine how to think about 
new information and act on it with very little 


"thought" 
Controlled Slow, deliberate, People rely on analytical and deep thinking involving 
thinking requires many questioning assumptions to understand and act upon 


cognitive resources new information 


Source: CNA. 


The first process, called automatic, requires very little effort and is fast, efficient, and 
"cognitively cheap." Essentially, when the information comes in, it is immediately associated 
with something already known and is dealt with or "filed away" appropriately. For example, if 
someone were driving the same road to work every day and came upon their exit sign, they 
would automatically turn on their signal and proceed to the exit ramp. This action requires 
very little thought. Kahneman argues that attention requires effort and that we conserve 
mental energy by focusing on only a few things and letting automatic processes handle the 
rest.43 


The second process is called controlled. Controlled processes are slower, more cognitively 
involved, and require deliberate attention. Going back to the driving example, if the exit you 
were expecting to see was closed, your brain would begin controlled processes to determine 
alternative routes for getting to work. While the theory posits two processes, researchers 
acknowledge that there is really a gradient from the most automatic to the most controlled 
processes.*4 Fully automatic processes are those that are completely unintentional and happen 
with little or any cognitive awareness. As processes become more controlled, your brain 
recognizes novel information and attends more deeply to it. And for processes that are more 
fully controlled, people are more likely to seek additional information and think about whether 
the information they have is accurate. 


43 Daniel Kahneman, Thinking, Fast and Slow, (New York: Farrar, Straus, and Giroux, 2011). 


44 Fiske and Taylor, Social Cognition: From Brains to Culture. 
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The amount of information that people can respond to at any given time is finite,*5 so they 
default to the processing option that requires the lowest level of effort.46 This makes our brains 
highly efficient because we do not waste resources thinking more deeply about things than we 
need to. There is a downside, however: we can make mistakes. Returning to the exit ramp 
example, if the exit sign that we see every day is blocked or closed, using the automatic 
processes to proceed as usual can be dangerous. If we fail to recognize the blocked exit 
information as important to attend to, we can make mistakes. 


Heuristics are one of the primary means used to determine the appropriate level of attention 
to give information. Heuristics are mental shortcuts we use to make sense of the world.^7 
Heuristics are developed through previous experience and connections we make between 
similar pieces of information. For example, if you have lived in a given climate for several years, 
you have a heuristic about what the likely temperature will be in January. Most ofthe time, you 
will be close to correct and you can dress for the day without checking the temperature. 
However, some days you will be wrong—it will be abnormally warm or cold—and your choice 
of clothes will be inappropriate. By definition, heuristics are correct (or close enough) most of 
the time, but can lead to huge errors at other times. 


In addition to heuristics, information fluency affects our likelihood of processing information 
and the depth at which we process it. Information fluency refers to how easily people process 
information. Processing is more fluent if the information is easier to understand (this includes 
font, color contrast, accent, and cadence in addition to actual message content).^? In addition, 
information that is easier to understand is more likely to be incorporated into what someone 
believes, regardless of whether it is true.4 Information that is easy to understand "feels right” 
and so it seems true.5?? Once that information is incorporated into our scheme, it becomes 


45 Researchers demonstrated that individuals can reliably recall five to nine pieces of information reliably. Beyond 
that, they are inconsistent or unable to accurately recall. (T. L. Saaty and Müjgan Sagir Ozdemir, "Why the Magic 
Number Seven Plus or Minus Two,” Mathematical and Computer Modelling 38 (2003), doi: 10.1016/S0895- 
7177(03)90083-5.). 


46 Fiske and Taylor have coined the term cognitive miser to describe the tendency to process information at the 
lowest acceptable level of effort. 


47 Daneil Kahneman and Amos Tversky, “On the Psychology of Prediction,” Psychological Review 80, no. 4 (1973). 


48 Christian Unkelbach, "Reversing the Truth Effect: Learning the Interpretation of Processing Fluency in 
Judgments of Truth," Journal of Experimental Psychology: Learning, Memory, and Cognition 33, no. 1 (2007), doi: 
10.1037/0278-7393.33.1.219. 


49 [bid. 


5? Tommy Shane, "The Psychology of Misinformation: Why We're So Vulnerable," First Draft News, June 30, 2020, 
https://firstdraftnews.org/latest/the-psychology-of-misinformation-why-were-vulnerable/. 
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previous knowledge that we can use to build more heuristics and make future judgments about 
new information. 


Another important cognitive psychological principle that influences what we remember is the 
primacy and recency effect.5! It is easier for people to remember information that is presented 
first (primacy) and presented most recently.5? Studies demonstrating the primacy and recency 
effect traditionally focused on which words in a list people could remember. The primary and 
recency effect was displayed when people were more likely to remember the first few and the 
last few words presented. Studies have also shown that the primacy effect is particularly 
important for determining what website links people choose.53 People most often click the 
links listed first in a search, for example. 


Implications of initial information processing for disinformation 


The phenomenon of spreading disinformation may appear to be the result of ideology and deep 
commitment to the material. However, some research suggests that's not the case. Pennycook 
and Rand demonstrated that individuals who were more prone to think deeply about issues 
(based on their Cognitive Reasoning Test score) were more able to discern fake from real news 
and were more discerning regarding information that was ideologically consistent than 
information that was ideologically inconsistent5^ The implication of this work is that 
susceptibility to fake news is driven more by "lazy thinking" than it is by entrenched belief 
structures. Therefore, if people thought more deeply (i.e., used more controlled and less 
automatic processes), they would be less likely to believe and share disinformation. 


Routine initial information processing mechanisms are adaptive and help people to quickly 
organize information, make sense of it, and decide on action to take. However, the efficiency in 
these processes leaves people vulnerable to making mistakes and processing information 
incorrectly. The default automatic processing, relying on heuristics and information fluency, 
leaves us with "blind spots" that prevent us from recognizing when we need to slow down to 
distinguish information from disinformation.5 This results in credible information and 


51 Bennet B. Murdock, Jr., "The Serial Position Effect on Free Recall,” Journal of Experimental Psychology 64, no. 5 
(1962), doi: https://doi.org/10.1037/h0045106. 


52 Cong Li, “Primacy or Recency Effect? A Long-Term Memory Test of Super Bowl Commercials,” Journal of 
Consumer Behavior 9, no. 1 (2009). 


53 Jamie Murphy, Charles Hofacker, and Richard Mizerski, "Primacy and Recency Effects on Clicking Behavior," 
Journal of Computer-Mediated Communication (2020). 


54 Gordon Pennycook and David G. Rand, "Lazy, Not Biased: Susceptibility to Partisan Fake News Is Better 
Explained by Lack of Reasoning than by Motivated Reasoning," Cognition 188 (July 2019), doi: 
https://doi.org/10.1016/j.cognition.2018.06.011. 


55 Kahneman, Thinking, Fast and Slow. 
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disinformation being treated the same and can lead one to miscategorize disinformation as 
true. 


Automatic thinking makes it likely that miscategorized information will be used. Familiarity 
plays in our initial information processing. Rather than rely on controlled processes to evaluate 
the veracity of new information, if the new information is similar to something we are familiar 
with, we might use a heuristic and assimilate the new information just as we did the old 
information. The Columbian Chemicals example, described in the introduction, demonstrates 
how the natural tendency to use automatic thinking could have influenced the spread of that 
fake story. As noted, the story spoofed the CNN website banner and logo. People familiar with 
the CNN logo and reputation as a news outlet were likely to use those heuristics to determine 
that this CNN story was as credible as others. Therefore, they may have shared it to inform 
others of the supposed harm from the explosion. 


Information that is more familiar to us (repeatedly presented) is more likely to be recalled as 
true.*6 This is called the illusory truth effect, when familiarity with something gives the illusion 
thatitis more accurate, and that inadvertently increases someone's beliefin that information.57 
This can be especially problematic when attempting to correct disinformation because the 
correction often repeats the original claim.58 Swire provides a clear and illustrative example of 
this challenge: 


Truthfully stating that playing Mozart to your child will not boost its IQ 
mentions the two concepts of "Mozart" and "increased IQ," thereby making the 
link between the concepts more familiar even though the statement seeks to 
dispel the Mozart-IQ myth. This inadvertent increase in familiarity may reduce 
the effectiveness of the correction and may thus contribute to the continued 
influence effect of misinformation [emphasis in original ].*»? 


56 Nicholas DiFonzo et al., "Validity Judgments of Rumors Heard Multiple Times: The Shape of the Truth Effect," 
Social Influence 11 (2016), doi: https://doi.org/10.1080/15534510.2015.1137224. 


57 [an Maynard Begg, Ann Anas, and Suzanne Farinacci, "Dissociation of Processes in Belief: Source Recollection, 
Statement Familiarity, and the Illusion of Truth," Journal of Experimental Psychology: General 121, no. 4 (1992), 
doi: https://doi.org/10.1037/0096-3445.121.4.446. 


58 Some researchers have argued for a "truth sandwich" to counter this phenomenon. In a truth sandwich, you 
would say the truth, refute each point in the disinformation, then repeat the truth. This puts the truth first and last, 
using the cognitive principles of primacy and recency. It also mitigates the tendency for repeating the lie to make it 
more accepted. However, the usefulness of a truth sandwich in combating disinformation has not yet been 
empirically investigated to our knowledge. 


59 Briony Swire, Ulrich K. H. Ecker, and Stephan Lewandowsky, “The Role of Familiarity in Correcting Inaccurate 
Information,” Journal of Experimental Psychology: Learning, Memory, and Cognition 43, no. 12 (2017), doi: 
10.1037/xlm0000422. 
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Automatic processing does not provide deep consideration of information (source, context, 
etc.). Thus, when processing automatically, individuals might be more likely to recall repeated 
information without the context of why it was repeated to them. This causes errors in 
judgment. When those errors in judgment allow us to encode disinformation as true, itis very 
challenging to undo. 


Once we make initial judgments about information, they become part of our scheme and how 
we understand the world. If that information is inaccurate (because of disinformation or a 
mistake in processing or remembering), we can be left with encoded inaccurate information to 
draw from later. There is a memory effect associated with the likelihood of recalling 
disinformation as opposed to the idea that the disinformation was debunked. The continued 
influence effect describes how corrected disinformation can continue to influence memory and 
reasoning. Examples are the persistence of people's belief that Michael Jackson invented the 
moonwalk, Edison the lightbulb, and Guillotin the guillotine.*! Essentially, this theory posits 
that disinformation, once acquired, is very difficult to correct (unlearn). Corrections through 
debunking and fact-checking can "fail" to correct because the disinformation can be recalled 
later as fact separate from the debunked information. Essentially, both pieces of information 
are stored in a person's memory: the disinformation and the disinformation plus the 
correction. A correction fails when the disinformation is recalled without the correction. Swire, 
Ecker, and Lewandowsky found that effective corrections (those that have a lot of detail and 
affirm the facts) can "wear off' in a week and the participants will retell the inaccurate 
information.?? Dual process theory and the tendency toward automatic processing may be 
partially responsible for this phenomenon. If the disinformation was easier to understand and 
recall, or more familiar than the correction information, then when confronted with new 
information, we are more likely to rely on the disinformation. 


What can we do about it? 


Given the difficulty of correcting disinformation once present in a person's memory, itis more 
fruitful to attempt to prevent disinformation from taking root than to correct disinformation 
that has been encoded as truth. Here we focus on two relevant avenues for combating 
disinformation: the first is bolstering our own internal toolkit, and the second is helping those 
around us. Table 3 summarizes the prevention mechanisms described in detail in this section. 


60 Ulrich K. H. Ecker et al., "Correcting False Information in Memory: Manipulating the Strength of Misinformation 
Encoding and its Retraction,” Psychonomic Bulletin & Review 18 (2011), doi: 10.3758/s13423-011-0065-1. 


61 Bianca Pellegrino, "People Famous For Doing Things They Didn't Do,” ListVerse, Sept. 8, 2019, 
https://listverse.com/2019/09/08/top-10-people-famous-for-doing-things-they-didnt-do/. 


62 Swire, Ecker, and Lewandowsky, “The Role of Familiarity in Correcting Inaccurate Information." 
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Table 3. Disinformation prevention mechanisms for initial information processing 


Concept Description 


Skepticism Recognizing that people might have hidden agendas, scrutinize 
imema information presented to you 
(with Alertness Warnings about the effects of disinformation can make you 
ourself) more alert to the possibility 
y Analytic Purposefully make deliberate, controlled, thoughtful evaluations 
thinking of new information 
Create friction Asking questions that make others process information more 
deliberately (e.g., asking, "what makes you say that?") 
External à : à Ls R 
(with Inoculation Provide awareness of possible disinformation so others can 
recognize it when confronted by it later 
others) : : 
Nudges Provide subtle cues of the behavior you want someone to 
exhibit; in this case, processing information more deliberately 
Source: CNA. 


Bolstering your resistance to disinformation 


The first preventive mechanism we describe involves building resistance to disinformation in 
your own information processing. There are three concepts, all of which can be taught, that 
guard against the inadvertent adoption of disinformation: skepticism, alertness, and analytic 
thinking.® All three of these processes for individually combating disinformation require the 
person to move from a greater reliance on automatic to a greater reliance on controlled 
processes. 


Skepticism is the awareness of possible hidden agendas and a personal desire to understand 
the evidence.™ It works to fight disinformation because skepticism requires the person to use 
more cognitive resources to evaluate information.®> Research indicates that skepticism can be 
encouraged and trained through exposure to and discussion of pseudoscience and false 
advertising campaigns.66 


63 Tommy Shane, "The Psychology of Misinformation: How to Prevent It,” First Draft News, July 27, 2020, 
https://firstdraftnews.org/latest/the-psychology-of-misinformation-how-to-prevent-it/. 


64 Ruth Mayo, “Cognition Is a Matter of Trust: Distrust Tunes Cognitive Processes,” European Review of Social 
Psychology 26 (2015), doi: https://doi.org/10.1080/10463283.2015.1117249. 

65 Briony Swire and Ulrich K. H. Ecker, “Misinformation and Its Correction: Cognitive Mechanisms and 
Recommendations for Mass Communications,” in Misinformation and Mass Audiences, ed. Brian Southwell, Emily A. 
Thorson, and Laura Sheble (Austin: University of Texas Press, 2018). 

66 Rodney Schmaltz and Scott Lilenfeld, “Hauntings, Homeopathy, and the Hopkinsville Goblins: Using 
Pseudoscience to Teach Scientific Thinking,” Frontiers in Psychology 5 (2014), doi: 
https://doi.org/10.3389/fpsyg.2014.00336. 
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Alertness is a heightened awareness to the effects of disinformation.?? Warning people about 
the effects of disinformation—such as the continued influence effect (i.e., the way that once 
disinformation becomes part of our schema for processing the world, it can be difficult to 
correct)—can reduce the continued reliance on disinformation, but it will not eliminate it.68 
Research shows that the specific description of the continued influence effect had the greatest 
impact for countering disinformation. More general warnings about the possibility of 
publishing unverified information are not as effective as a specific warning. 


Analytic thinking involves deliberate, controlled, thoughtful evaluation of information as 
opposed to quick, automatic judgments. Bago, Rand, and Pennycook performed an experiment 
in which they asked people to make initial (automatic) judgments under time constraints while 
doing other tasks.6? Then they asked the participants to reconsider the information without 
time constraints. They found that deliberation (controlled, analytic thinking) was associated 
with more accurate perceptions than initial judgments (automatic) made under constrained 
conditions. This finding indicates that, with deliberation, people can more accurately discern 
the true information from the false, even if they first made incorrect initial judgments. 


Bolstering resistance to disinformation in others 


The second avenue to combat disinformation believed because of initial processing errors 
involves attempts to influence other people's encoding of disinformation. Similar to the 
individual and internal mechanisms described previously, these techniques are based on the 
premise that deeper thinking can overcome fallacies in initial, automatic processes. Three 
related techniques can be used to interrupt the automatic information processing of others: 
creating friction, inoculation, and nudges.” 


Friction is the opposite of fluency. Whereas fluency consists of information that is easy to 
process, understand, and incorporate, friction occurs when something is difficult to process. 
Fazio found that adding friction to processing by asking people to explain why they think a 
headline is true or false reduced their likelihood of sharing stories with false headlines and had 


67 “The Psychology of Misinformation: How to Prevent It.” 


68 Ulrich K. H. Ecker, Stephan Lewandowsky, and David T. W. Tang, “Explicit Warnings Reduce But Do Not 
Eliminate the Continued Influence of Misinformation,” Memory and Cognition 38 (2010), doi: 
10.3758/MC.38.8.1087. 


69 Bence Bago, David G. Rand, and Gordon Pennycook, “Fake News, Fast and Slow: Deliberation Reduces Belief in 
False (But Not True) News Headlines,” Journal of Experimental Psychology: General 149, no. 8 (Aug. 2020), doi: 
10.1037/xge0000729. 


70 “The Psychology of Misinformation: How to Prevent It.” 
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no effect on the likelihood of sharing stories with true headlines.7! The implication here is that, 
if someone is asked to justify the veracity of something prior to sharing it, they are less likely to 
spread disinformation. Creating friction increases the depth at which individuals have to 
process information. Those who engage in more reflective thinking have been shown to be 
more discerning in their social media use. Mosleh and colleagues demonstrated that those who 
were higher in reflective thinking were more selective about whom they followed, shared news 
content from more reliable sources, and tweeted about more substantive topics.7? It is relevant 
to note that Mosleh's study looked at reflective thinking as a trait, not a state that could be 
induced through friction. However, the finding is consistent with Fazio's finding regarding 
induced deep processing. 


Inoculation involves building preemptive resistance to disinformation by exposing people to 
examples of disinformation or disinformation techniques to help them recognize and reject 
them in the future.73 This is similar to the concept of inoculation to viruses through the use of 
vaccines, where individuals are given a small dose, or antibodies for, a disease and that allows 
a body to prepare an informed defense against it7^ Cook, Lewandowsky, and Ecker 
experimentally tested multiple preemptive interventions designed to reduce the effect of 
disinformation and found that inoculating messages that explain flawed arguments or 
highlight real scientific consensus on climate change affected climate attitudes.» The most 
substantial effect was on attitudes of perceived consensus in the scientific community; 
however, other attitudes (including increased trust in climate scientists and decreased trust in 
contrarian scientists) were also observed. Those that were inoculated were more likely to 
express perceived consensus among scientists, trust in climate scientists, and decreased trust 
in contrarian scientists than those who were not inoculated. The implication of these findings 
is that inoculation prior to presentation of disinformation can buffer the disinformation from 
affecting the individual's perceptions. 


The concept of "nudging," introduced by Richard Thaler, involves providing small and subtle 
suggestions to encourage the type of behavior you want someone to perform or the decision 


71 Lisa K. Fazio, "Pausing to Consider Why a Headline Is True or False Can Help Reduce the Sharing of False News,” 
Harvard Kennedy School (HKS) Misinformation Review 1, no. 2 (2020). 


72 Mohsen Mosleh et al., "Cognitive Reflection Correlates with Behavior on Twitter," Nature Communications 12, 
no. 921 (2021). 


73 "The Psychology of Misinformation: How to Prevent It." 
74 Gustav J. Nossal, "Vaccination," in Encyclopedia of Life Sciences, (Hoboken, NJ: Wiley, 1999), www.els.net. 


75 John Cook, Stephan Lewandowsky, and Ulrich K. H. Ecker, "Neutralizing Misinformation Through Inoculation: 
Exposing Misleading Argumentation Techniques Reduces Their Influence," PLoS ONE 12, no. 5 (2017), doi: 
https://doi.org/10.1371/journal.pone.0175799. 
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you want them to make.76 Single-serve snack packaging is an example of a nudge. The 
manufacturer is suggesting the quantity for one sitting, but the person is free to eat more than 
one single-serve snack in a sitting. In the realm of disinformation, a nudge would subtly prompt 
more analytical (controlled) thinking.7 Pennycook and colleagues measured participants’ 
truth discernment and willingness to share a headline with or without a nudge about accuracy 
in headlines.78 Note that, in this case, they were not provided a lecture on the importance of 
accuracy or prevalence of inaccuracy on the internet. They were simply asked to make a 
judgment about the accuracy of a single headline (unrelated to the topic). They were then 
shown other headlines and asked how likely they were to share them on social media. The 
researchers found that participants were more likely to share true headlines (relative to false 
headlines) if they had been asked to rate the accuracy of a single headline.7? Asking them to 
consider accuracy was a subtle nudge before they were asked if they would share a headline. 
This finding demonstrates that a minor, unobtrusive, and nonthreatening "nudge" can affect 
the likelihood of sharing false information on social media, even on a topic unrelated to the 
disinformation that might be shared. 


Cognitive dissonance theory 


Cognitive dissonance happens when a person is confronted with two competing thoughts. For 
example, a person might simultaneously think the following: Exercise is good for my body; 
when I exercise, it hurts. It is uncomfortable to hold two competing ideas/beliefs at one time. 
Therefore, people are motivated to reduce the conflict or remove the dissonance. 


Dissonance theory describes how people are influenced to either accept or reject beliefs, as 
well as the information/arguments that accompany those beliefs. The theory includes both 
cognitive and emotional components. It posits that people feel uncomfortable when they have 
to reconcile conflicting information. Conflicting information is dissonant, whereas 
nonconflicting information is consonant, consistent, or compatible (we will use these as 
synonyms here). 


76 Richard H. Thaler and Cass R. Sunstein, Nudge: Improving Decisions about Health, Wealth and Happiness, (New 
Haven, CT: Yale University Press, 2008). 


77 "The Psychology of Misinformation: How to Prevent It." 


78 Gordon Pennycook et al., "Fighting COVID-19 Misinformation on Social Media: Experimental Evidence for a 
Scalable Accuracy Nudge Intervention," Psychological Science 31, no. 7 (2020), doi: 
https://doi.org/10.1177/0956797620939054. 
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When information is incompatible with our beliefs, we react in one of four ways: (1) adding 
new, consonant cognitions, (2) removing the inconsistent information, (3) reducing the 
importance of opposing information, or (4) increasing the importance of compatible 
cognitions.8? Festinger's classic example was of smokers encountering information indicating 
that smoking was bad for their health. In this case, the smoker has four options: 


1. Change behavior or adopt new attitude (e.g., stop smoking) (adding new, consonant 
cognitions). 

2. Continue to believe that smoking is not bad for health (remove the incompatible 
information). 

3. Compare risk from smoking to risk from something worse, such as auto accidents 
(reducing the importance of opposing information). 

4. Thinkabout the enjoyment of smoking and its good effects (increase the importance 
of compatible information and that it might assist with weight control). 


If someone saw the Columbian Chemicals story and believed it to be true, cognitive dissonance 
would be created when the reader was confronted with information that it was untrue. For 
example, if the person saw the fake CNN story about the explosion first, but then saw a news 
story showing "live footage" ofthe plant where all was seemingly normal, cognitive dissonance 
would occur in the person's mind. When confronted with that contradictory information (i.e., 
the story initially believed to be turned outto be false), people could (1) change their belief and 
agree they were misled, (2) refuse to believe the corrected information, (3) question or 
discredit the source trying to convince them it was a hoax (e.g. believing the correction is a 
"government cover-up," or (4) remind themselves of the importance of protecting ourselves 
against terrorist attacks and "err on the side of caution." 


Cognitive dissonance affects behavior in several ways. Harmon-Jones (editor of Cognitive 
Dissonance: Reexamining a Pivotal Theory in Psychology) summarizes several paradigms of 
dissonance theory that have demonstrated aspects of human behavior that can be 
manipulated.8! These paradigms are first summarized in Table 4 and then described. 


80 Leon Festinger, A Theory of Cognitive Dissonance, (Evanston, IL: Row, Peterson, 1957). 


81 Eddie Harmon-Jones, ed., Cognitive Dissonance: Reexamining a Pivotal Theory in Psychology, (Washington, DC: 
American Psychological Association, 2019), doi: https://doi.org/10.1037/0000135-000. 
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Table 4. Cognitive dissonance paradigms 


Paradigm Description 


Norms consistency People are more likely to believe information that is congruent with 
their previous norms, beliefs, and actions 
Induced compliance People will be more likely to change their beliefs if they act in a way 


consistent with the new belief for little or no direct benefit to them 

Belief disconfirmation People will more likely maintain their belief in disconfirmed 
information if they believe that a group they identify with still believes 
it, and they are provided arguments why it is still true 

Effort justification People are more likely to maintain their beliefs if they had to expend 
significant effort to commit to the belief in the first place; effort also 
includes incurring costs for committing to a belief 

Free choice People are more likely to maintain their beliefs if they made a willing 
choice to believe something in the first place; this is especially true if 
the choice was hard 


Source: CNA. 


The norms-consistency paradigm. People are more likely to accept and defend information that 
is consistent with their previous norms and actions. For example, people whose actions are 
consistent with norms are harsher toward those who fail to conform to them. When sixth 
graders were given an opportunity to cheat, those who cheated revised their attitudes to 
believe that cheating was not so bad, whereas those who refused to cheat moved their attitudes 
to be harsher toward those who cheated. Real-world examples would be with how people 
dress. Those who follow a traditional dress code can harshly judge men who lettheir hair grow 
long, or women who dress in revealing outfits. The men and women who violate these norms 
believe that dress standards are not important. Adults who pay their taxes can be annoyed at 
those who do not. Those who do not pay taxes feel justified (e.g., "My loopholes are legal," or "I 
am genuinely poor”). 


The induced-compliance paradigm. When people are paid to say something that they do not 
believe, their belief will change to reflect what they have outwardly said. This is particularly 
true when the reward offered is small (say $2) and less so if the reward is large (say $20). That 
is because people can justify saying something against their beliefs for a large amount of money 
(they can tell themselves: I did not mean it; I did it for the money). However, to justify lying for 
a small amount of money, they revise their opinion to be more congruent with what they said. 


The belief-disconfirmation paradigm. When a group commits to a belief that can be clearly 
shown to be false, the social circumstances of learning the truth makes a large difference in 
people's opinions. In other words, for a group that believes the world will end on a specific date 
(a prediction that can be clearly and easily proved false when it didn't happen), it matters how 
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they learn this information. Festinger provides the example ofa group that believed that a flood 
would engulf the continent but that they (the believing group) had been chosen to be saved. 
When the anticipated flood did not materialize, the believers who were not with the group at 
the time changed their beliefs about whether or not the flood would ever occur. However, the 
believers who were physically with the group—those who were assembled together as the 
countdown occurred— decided that the flood had simply been temporarily postponed. Thus, 
the believers who were isolated from the group ultimately rejected the disinformation, and 
those who were colocated created an alternative form of the original disinformation. 


The effort-justification paradigm. When people have had to undergo an unpleasant experience 
or have exerted a lot of effort to join a group, their commitment to that group will be higher 
than for groups that do not demand an unpleasant initiation or effort to join. An example is 
initiation processes at fraternities and sororities. Local chapters with difficult initiations elicit 
more commitment than do those with easier inductions. This principle is also evident in the 
observation that converts are often more committed to their religion than natives (i.e. 
someone who converts to Presbyterianism is likely to be more committed to the faith than 
someone who was born and raised as a Presbyterian). 


The free-choice paradigm. Once someone has made a choice, dissonance is likely to be activated. 
There will be more dissonance if the choice is difficult, and less dissonance ifthe choice is easy 
(e.g., if the superiority of the thing chosen is more obvious). For example, someone choosing 
between chocolate and strawberry ice cream will experience more dissonance (because the 
choice is difficult) than someone choosing between chocolate and broccoli ice cream (where 
the superiority of the chocolate is more obvious). To reduce their experience of dissonance, 
people will tend to increase their opinion of the alternative they chose, and decrease their 
opinion ofthe choice they did not make. In our ice cream example, this means that once I choose 
chocolate ice cream over strawberry ice cream, my opinion of chocolate will increase and my 
opinion of strawberry will decrease. 


Aronson explains these phenomena in terms of dissonance with a person's self-concept.£ This 
is known as the self-consistency explanation, and it posits that these phenomena occur when 
we need to reduce the dissonance between something we've done or said or thought, and the 
kind of person that we think we are. For example, our brains will workto reduce our discomfort 
if our decision to cheat or say bad things about someone is dissonant with our self-concept as 
a good person. 


82 Elliot Aronson, “Dissonance Theory: Progress and Problems," in Theories of Cognitive Consistency: A Sourcebook, 
ed. Robert P. Abelson, et al. (Chicago: Rand-McNally, 1968); Elliot Aronson, “The Return of the Repressed: 
Cognitive Dissonance Theory Makes a Comeback,” Psychological Inquiry 3, no. 4 (1992), doi: 
10.1207/s15327965pli0304_1. 
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Harmon-Jones puts it this way: 83 


Oncean individual commits to a given action, any information inconsistent with 
that commitment is likely to arouse dissonance and prevent the action from 
occurring. To maintain the commitment in the face of this inconsistent 
information, the individual selectively enhances the value of the chosen course 
of action and reduces the value of the unchosen course of action. Doing so 
makes effective execution of the chosen action more likely. (p. 17) 


Implications of cognitive dissonance for disinformation 


Dissonance theory has implications concerning whether someone will believe disinformation. 
First, in the free-choice paradigm, people will emphasize the good aspects of a choice that they 
freely chose. For example, if Russian disinformation persuades someone to freely join a faked 
rally (e.g., with paid actors), the person has to justify why they made that choice and went to 
the rally. People are likely to convince themselves that they attended the rally because it was 
for a good cause. 


This has another implication. If disinformation can limit or shape the reader's response options 
to a preferred subset of options, then any response will solidify the reader's commitment to 
that information. Imagine, for example, that someone asks what you might do if you found a 
wallet on the ground. This could be presented as an open-ended question, but the options could 
also be shaped and limited by offering a binary choice: take the money for yourself or leave the 
wallet and walk away. In this case, you aren't presented with an option to return the wallet to 
the owner, but you are forced to make a choice, thus increasing your commitment to a choice 
that you may never have chosen on your own. 


Disinformation can limit or shape choices by only providing one set of facts, all consistent with 
the goals ofthe person pushing the disinformation. For example, disinformation might say that 
fluoridation causes blindness because (1) my uncle Dave moved to an area with fluoridation 
and he went blind right after, (2) a survey of people showed that most people believe it does, 
or (3) the "Honesty in Dentistry Foundation" emphatically states that fluoridation is linked to 
blindness. 84 


Second, in the belief-disconfirmation paradigm, people will become more resistant to 
unequivocal disconfirmation if they have others who will confirm the original erroneous belief. 
Let's say that someone believes that fluoridation causes blindness and sees news of a 
comprehensive study refuting that belief. They forward the news to a like-minded friend who 


83 Harmon Jones, Cognitive Dissonance: Reexamining a Pivotal Theory in Psychology. 


84 [n reality, this was an unscientific survey of the “Honesty in Dentistry Foundation" funded by an anti- 
fluoridation group. 
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says, "That flies in the face of everything we know. The study was probably biased for the big 
toothpaste companies." That reassurance will be enough to discount the comprehensive study. 
In another example, if you belong to an online community that believes in UFOs, and you are 
presented with "proof" that a recent sighting did not occur, you are more likely to reject this 
proof if your online UFO friends also reject it. This is a reason why the comments sections of 
articles often contain messages from people who immediately contradict authoritative voices. 
Having one or more people echoing their disbelief in contrary information is often enough to 
maintain commitment to a belief that is disconfirmed by facts. 


In the effort-justification paradigm, people are more committed to something if they have to 
work for it. We already discussed that in terms of hazing and initiation processes at sororities 
and fraternities. This also applies to the content of information. Providing disinformation that 
portrays the recipient as hard-working and moral, while others outside the group are lazy and 
dishonest, finds a willing audience (people like to feel virtuous) and might also make them 
recall that they had to work hard to be part of the special group of people receiving the 
disinformation. 


In the induced-compliance paradigm, people are more committed to an idea if they perform an 
act for little or no compensation than for a large compensation. If a person can be nudged to 
spread disinformation for little or no financial gain, they will be more committed to the ideas 
they are disseminating than if they are paid significant amounts of money to do so. 


In the final paradigm— norms consistency—people who comply with norms are less tolerant 
and harsher in their judgment of others who break norms. Those who break norms are more 
tolerant of others who also break them. Those who see and reject disinformation will judge 
"disinformation spreaders" harshly. Conversely, those who have spread or supported 
disinformation will reduce any previous commitments they might have made to fight 
disinformation in general. 


What can we do about it? 


When countering disinformation absorption through dissonance, preventive inoculation is a 
promising technique. An offshoot of dissonance theory, developed by McGuire, preventive 
inoculation applies the analogy of vaccination as a method of preventing people from being 
persuaded by propaganda.®5 As explained in the cognition section, inoculation theory states 
that forewarning people about propaganda will reduce its influence, just as vaccines prevent 
or lessen the effects of disease. In the case of dissonance, inoculation can remind individuals 


85 William McGuire, "Resistance to Persuasion Conferred by Active and Passive Prior Refutation of Same and 
Alternative Counterarguments," Journal of Abnormal Psychology 63, no. 2 (1961). 
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about aspects of their self-concept and help them rehearse counterarguments to combat 
disinformation and remove the dissonance in a way that does not introduce disinformation. 


However, when attempting to protect against disinformation or refute disinformation, it is 
important to try not to create cognitive dissonance for the receiver. To avoid creating 
dissonance when using inoculation, messages should be crafted in a way to appeal to previous 
beliefs: 


1. Craft messages that are consistent with the receiver's self-concept. 
2. Craftmessages that are congruent with previous beliefs. 


3. Frame responses in a way that is congruent with your goals and reminds recipients of 
their group identification.86 


As a theory of the emotion and cognitive aspects of social influence, dissonance theory posits 
ways that inoculation can be strengthened. The four key components of using dissonance to 
strengthen inoculation against disinformation are as follows: 


1. Threat. By framing the incoming disinformation as a threat, the individual will be 
emotionally primed to identify the argument as propaganda, fight it, and solidify their 
previous beliefs. If people are not forewarned and given tools to combat the 
disinformation, they will be less likely to fight the message or think of 
counterarguments. Some research suggests that the forewarning of an attack is 
enough to induce resistance to a message, even without the other key element of 
refutational preemption (discussed below).?? This first element is the 
motivational/emotional part of the effect. 


2. Refutational preemption. This part allows the receiver to practice making arguments 
against the propaganda. By providing the receiver with arguments against the 
propaganda, the person's initial beliefs become stronger and prime them to think of 
additional reasons why their initial beliefs are correct. Sometimes people accept 
disinformation simply because they cannot bring to mind reasons for their prior 
beliefs. 


3. Involvement. In order for inoculation to have an impact, it helps that the topic be one 
that the receiver finds important and salient.88 A key part of this is pointing to the 


86 [n the case of disinformation, the group should be defined as an in-group of people who are about to lose 
something very important. In combating disinformation, this would mean reminding people of the larger groups 
they are part of, including people with whom they might disagree. We will discuss this more fully in the next 
section, Group, Belief, Novelty Model (GBN). 


87 Josh Compton and Bobi Ivanov, "Untangling Threat During Inoculation-Conferred Resistance to Influence," 
Communication Reports 25 (2012), doi: 10.1080/08934215.2012.661018. 


88 Michael Pfau et al., “Enriching the Inoculation Construct: The Role of Critical Components in the Process of 
Resistance," Human Communication Research 24, no. 2 (1997), doi: 10.1111/j.1468-2958.1997.tb00413.x. 
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receiver's interest (for example, "the real reason they are going to say this is to take 
away your right to unfluoridated waters"). Unless someone has a stake in the subject 
of the disinformation, he or she is less likely to fight it. As explained earlier, another 
way to obtain involvement is to get people to act on those initial beliefs. 


4. Delay/dosage. McGuire's original theory posited that, just as it takes time for the body 
to develop defenses against bacteria, it will take time for inoculation arguments to 
take hold in the receiver. This portion of the theory is controversial since evidence 
concerning the need for time has been mixed. However, the evidence does point to 
the fact that successful inoculation can have long-lasting effects. We think that delay 
might not be as important as repetition (or dosage) of the inoculation. In our view, the 
issue is not time, but amount of inoculation. Many inoculations require multiple 
doses. For example, with rabies vaccine, people should get their first dose as soon as 
possible (if not received early, the disease is almost always fatal), and on days 3, 7, 
and 14.8? 


Dissonance has pointed to ways that the inoculation effect can be made stronger. One of those 
ways is to make the propaganda seem like an immediate attack on one's vested interests. For 
example, "They will take away your house tomorrow if you do not respond immediately." 
Additional ideas are to encourage anger at the attack source. For example, "The message will 
lie to you and assume you are stupid." Third, inoculation will be stronger if it encourages the 
idea that the propaganda/disinformation is a threat to your core beliefs. For example, "If they 
have their way, they will spit on the ideals of our religion and democracy." As noted earlier, 
dissonance theory predicts that inoculation will be stronger if it appeals to our self-concepts 
as smart, tough, and moral. For example, "Resisting this disinformation means you are clever, 
stalwart, and principled." 


When preventive inoculation is not possible, "therapeutic inoculation" might be valuable. The 
analogy here is to the rabies vaccine, which is given to people after they have been bitten by a 
potentially rabid animal. In the case of the rabies vaccine, a dose is given as close as possible to 
the attack and additional doses are given in succession. Compton and Pfau report that so far, 
examples of successful therapeutic inoculation are sparse?? and, in our opinion, conflicting. 
Table 5 shows how these principles can be used for crafting messages. 


Table 5. Key components of using dissonance for inoculation 


Threat Framing anticipated disinformation as a threat motivates the receiver to 
gather ways to reject it. 


89 Nossal, "Vaccination." 


90 Josh Compton, “Prophylactic Versus Therapeutic Inoculation Treatments for Resistance to Influence,” 
Communication Theory 30, no. 3 (2020), doi: https://doi.org/10.1093/ct/qtz004. 
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Refutational Providing counterarguments, even weak ones, will help the receiver recognize 

preemption how to react how to reject the disinformation. 

Involvement Casting disinformation as an immediate threat activates mechanisms to speed 
reactions and bypass slower thinking processes, rejecting it more quickly 

Delay and Getting the counterargument to the receiver quickly and repeatedly allows 

dosage time for counterarguments to become familiar and rote before disinformation 
is believed. 

Source: CNA. 


The Group, Belief, Novelty (GBN) model 


Not all information is equally valuable to an individual. Some information (or disinformation) 
resonates with some people more than others. The Group, Belief, Novelty (GBN) model helps 
explain the likelihood that someone will pass information (rumors specifically) on to others?! 
The theory posits that we accept and share information more readily when it comes from 
people we know, it appeals to what "our group" believes, and when we think it is new. 


Because the theory is built primarily related to rumors (a subset of information), we briefly 
describe rumors and how they apply to this study on disinformation. Rumors are "unverified 
and instrumentally relevant information statements in circulation that arise in context of 
ambiguity, danger, or potential threat and that function to help people make sense of and 
manage risk."?? While this can include conspiracy theories, they are outside the scope of this 
paper. For our purposes, all conspiracy theories are rumors but not all rumors are conspiracy 
theories. In this section, we focus solely on rumors that are not conspiracy theories. 
Researchers who developed the model cite empirical evidence that rumors are important to 
study because they alter purchase behaviors??? "spark" riots in conflict situations,” and 


91 Bernard P. Brooks, Nicholas DiFonzo, and David S. Ross, "The GBN-Dialogue Model of Outgroup-Negative Rumor 
Transmission: Group Membership, Belief, and Novelty," Nonlinear Dynamics, Psychology, and Life Sciences 17, no. 2 
(2013). 


32 Nicholas DiFonzo and Prashant Bordia, Rumor Psychology: Social and Organizational Approaches, (Washington 
D.C.: American Psychological Association, 2007). doi: https://doi.org/10.1037/11503-000. 


33 Nicholas DiFonzo and Prashant Bordia, "How Top Professionals Handle Hearsay: Corporate Rumors, Their 
Effects, and Strategies to Manage Them,” Public Relations Review 26 (2000); Alix Freedman, "Rumor Turns Fantasy 
Into Bad Dream," The Wall Street Journal, May 10, 1991, 1991. 


94 Donald L. Horowitz, The Deadly Ethnic Riot, (Berkeley, CA: Univeristy of California Press, 2001). 
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influence stock market buying and selling.’ In addition, they reference research findings that 
rumors affect attitudes.?6 


The GBN model is a "two step agent-based mathematical model of negative rumor spread in 
the context of conflicting groups"? that uses concepts and findings from psychology and 
sociology research as the basis for its equations. According to the first step, the probability of 
rumor transmission between two people is based on the following three factors: 


1. Group memberships (G) of the receiver and transmitter 
2. Strength of their belief (B) in the rumor 
3. The perceived novelty (N) of the rumor 


The second step models how belief (B) levels and the perceived rumor novelty (N) of 
participants change over time, using findings from the literature on attitude change. 


The first factor (G) encompasses several findings regarding how group membership affects the 
sharing of rumors. In the case of negative (derogatory) rumors, people share them with their 
in-group (people with whom they identify with, whether age, race, and gender, occupation, or 
political leaning). They rarely share rumors with the out-group (people with whom they feel 
little affiliation). It is not surprising that the rumor target (whether it attacks individuals in the 
in-group or the out-group) and valence (whether it praises or derogates) affect whether a 
rumor is shared and spreads. 


Rumors that derogate the out-group are called “wedge-driving” rumors because they attempt 
to drive a wedge between groups. They can also be used for self-enhancing motives (boosting 
one's self-esteem and those of the in-group)?? or the desire to increase liking between the 
spreader and the hearer. Conversely, people rarely share derogatory rumors about the out- 
group with people from that out-group. 


The second factor, belief, is the person's degree of confidence that the information is true. In 
general, people are much more likely to share information they believe to be true. However, 
the threshold of degree of belief needed to share information is lower when the stakes are 


95 Nicholas DiFonzo and Prashant Bordia, "Rumor and Prediction: Making Sense (But Losing Dollars) in the Stock 
Market,” Organizational Behavior and Human Decision Processes 71 (1997). 


96 DiFonzo and Bordia, Rumor Psychology: Social and Organizational Approaches. 


?7 Brooks, DiFonzo, and Ross, "The GBN-Dialogue Model of Outgroup-Negative Rumor Transmission: Group 
Membership, Belief, and Novelty." 


98 Prashant Bordia and Nicholas DiFonzo, "Psychological Motivations in Rumor Spread,” in Rumor Mills: The Social 
Impact of Rumor and Legend, ed. Gary Allen Fine, Veronique Campion-Vincent, and Chip Heath (NY: Aldine Press, 
2005). 
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higher and it involves planning future actions.?? For example, college professors involved in 
tense labor negotiations shared information they believed to be true, but, because of the high 
stakes involved, they did not require a high degree of confidence in its veracity before sharing 
it. College students, in a very different context, were reluctant to share information about a 
recent campus attack that had occurred, for fear of upsetting others with false information. 


The third factor, novelty, refers to whether the rumor is novel to the hearer, and whether the 
hearer thinks it might be new to others. The hearer may spread the rumor as a way to make 
sense of an uncertain and ambiguous situation. However, once the rumor becomes "old news,” 
people avoid sharing it because it has become stale. This accounts (in part) for why fact- 
checking and corrections are less shared than the original rumor—and why therapeutic 
inoculation is more difficult than is preventive inoculation (which we discussed earlier). 


Buchanan explored multiple factors to determine which had the greatest effect on self- 
reported sharing of disinformation online. He considered attributes of the message, 
including how authoritative the source was and how much consensus information was 
available (e.g., amount of "likes" on the platform). He also considered viewer characteristics, 
such as digital literacy, personality, and demographic variables. Across four studies, people 
who reported the greatest likelihood of sharing disinformation are those who thought the 
material was true or those who had preexisting attitudes consistent with the information. 


Example of the GBN model using authoritarian attitudes 


In this section, we use the construct of authoritarian attitudes to describe how the GBN model 
can illustrate disinformation sharing. People with authoritarian attitudes have been shown to 
have three predominant beliefs:1°1 


e Conventional thinking 
e Submission to authority 
e Abelief in aggression toward out-groups 


They also tend to be considerably less open to experience and somewhat more conscientious 
than other people, whereas those on the other end ofthe scale (“anti-authoritarians”) are more 


99 Ralph L. Rosnow, James L. Esposito, and Leo Gibney, “Factors Influencing Rumor Spreading: Replication and 
Extension,” Language and Communication 8, no. 29-42 (1988); ibid. 


100 Tom Buchanan, "Why Do People Share False Information Online? The Effects of Message and Viewer 
Characteristics on Self-Reported Likelihood of Sharing Social Media Disinformation," PLoS ONE 15, no. 10 (2020), 
doi: 10.5255/UKDA-SN-854297. 


101 Bob Altmeyer, "The Other Authoritarian Personality," Advances in Experimental Social Psychology 30 (1998), 
doi: https://doi.org/10.1016/S0065-2601(08)60382-2. 
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open to experience and slightly less conscientious. More recent literature suggests that those 
with authoritarian attitudes might also be more disagreeable, dogmatic, and lacking in 
intellectual humility.1°* However, this work is preliminary. 


Note that authoritarian beliefs are, to a degree, situation dependent. Research has shown that 
people could relax these attitudes when they did not feel threatened, or when new experiences 
led them to question some of their previous beliefs. 193 Therefore, those with authoritarian 
attitudes are very likely to share disinformation framed as a threat to conventional beliefs (in 
the GBN model, it lowers the threshold of belief in the information's veracity before sharing it). 
Again, using the GBN model, they will share that disinformation with others with whom they 
identify. Maintaining a sense of being under threat is important for maintaining the cohesion 
of authoritarian groups. 


In the Columbian Chemicals example described earlier, when the photo of the explosion was 
paired with the idea that Islamist terrorists had caused it, the explosion became threatening to 
those who are especially threatened by Islamist radicalism and believe that Islamist terrorist 
attacks in the US are rampant. This made the news appeal to previous beliefs (Beliefs). Sharing 
the novel photo was not only a civic duty (dissonance theory's explanation) but a way to boost 
one's self esteem and maintain the group's feelings of threat (Group). The time value of sharing 
the photo is also important: Sharing the photo immediately (Novelty) gets noticed. Trying to 
verify the validity of the photo slows you down and makes it less likely that you will be the first 
with the information. 


Implications of the GBN Model for disinformation 


The GBN model posits that group identity, degree of beliefin the information, and information's 
novelty are powerful factors in whether information gets shared, with whom we share it, and 
when we share it. Once disinformation gets shared, it can be amplified and further distorted by 
those who find the information compelling (as in the old "telephone game" people sometimes 
play at group gatherings, the original story almost invariably gets distorted in the retelling). 
These factors coincide with characteristics of the current information environment, where 
people can stay connected with their smart phones 24/7, allowing people to feel that (1) they 
are never alone, (2) their voice will always be heard, and (3) they can put their attention 


102 Thomas H. Castello et al., “Clarifying the Structure and Nature of Left- Wing Authoritarianism,” Journal of 
Personality and Social Psychology (2021 pre-print), doi: doi 10.31234/osf.io/3nprq. 


103 Martin Roiser and Carla Willig, "The Strange Death of the Authoritarian Personality: 50 Years of Psychological 
and Political Debate," History of the Human Sciences 15, no. 4 (2002), doi: 10.1177/952695102015004682. 
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anywhere they want to put it.1°4 In a sense, we live in a 24/7 virtual telephone game. Although 
these characteristics of the information environment can speed up rumor spread, the GBN 
model provides areas where the telephone game can be interrupted, slowed, or corrected. 


What can we do about it? 


In this section, we discuss how interventions can address all three aspects of the GBN model. 
Table 6 summarizes the insights, which are described in the subsequent paragraphs. 


The first link in the rumor/disinformation chain is the identification with people who are 
similar to us, whether in terms of opinions, race, religion, gender, or age. The first implication 
of GBN is to start with people's narrow group identification. 


Table 6. | Using components of the GBN model to counter disinformation 


Intervention 


Group Expand the "group" with which an individual identifies by highlighting 
aspects of shared destiny and shared values 
Belief Increase a person's access to opposing opinions/information 
Novelty Create new content to expand the group and open up beliefs 
Source: CNA. 


Shared destiny 


One ofthe ways that the effects of disinformation can be reduced is through direct contact with 
the out-group in a situation with a shared destiny.1°5 For example, a set of experiments showed 
that children in integrated classrooms became more accepting of minorities when they were 
placed into “jigsaw” groups where each child had to teach the others a piece of information that 
only they knew. This arrangement made it in the best interest of everyone in the group to listen 
to one another and root for each other's success with learning their part of the materials. We 
see this effect in the military, where everyone in the unit depends on particular individuals to 
do their job well; in fact, they entrust their lives to individuals of different races. 


104 Lauren C. Davis, "The Flight from Conversation,” The Atlantic, Oct. 7, 2015, http://www.theatlantic.com; Sherry 
Turkle, Life on the Screen: Identity in the Age of the Internet, (New York: Touchstone, 1997); Sherry Turkle, Alone 
Together: Why We Expect More from Technology and Less from Each Other, (New York: Basic Books, 2011); Sherry 
Turkle, Reclaiming Conversation: The Power of Talk in the Digital Age, (New York: Penguin Books, 2015); Sherry 
Turkle, The Empathy Diaries: A Memoir, (New York: Penguin Publishing, 2021). 


105 Elliot Aronson and Diane Bridgeman, "Jigsaw Groups and the Desegregated Classroom: In Pursuit of Common 
Goals," Personality and Social Psychology Bulletin 5, no. 4 (1979), doi: 
https://doi.org/10.1177/014616727900500405. 
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To emphasize shared destiny in the internet age, it would be useful for login screens to feature 
information about the shared contributions different groups make to a common goal. Military 
commands depend on each other for resources, information, skillsets, and use of tools. 
Although login information can become part of the "background noise" quickly, a rotating set 
of reminders of interdependence and photos of individuals across the globe with whom one 
works for could reduce the likelihood of forming "gangs" of like-minded individuals 
unnecessarily sharing information only with an in-group. Knowing that information will be 
seen by others can have a moderating effect on what one says and what one shares. 


Itis important to frame arguments to be sure that people feel that they are not isolated in their 
original beliefs.1°° That is why advertisements often stress that many other people like their 
product (e.g., “99% of customers who tried our product liked it"). In the case of disinformation, 
"Everybody knows that this information is true." 


Shared values 


Disinformation can be combated by pointing to areas where the out-group and in-group share 
common values.1 For example, common values could include admiration of past leaders, 
respect for the rule of law, fairness, and justice.1°8 


Easier access to opposing opinions 


The second area of GBN is the degree of belief. The GBN model posits that, when information 
is shared with another individual, that person's feedback will modify one's belief in the 
information. A good option to combat the tendency to share information only with like-minded 
individuals is to provide easier access to opposing opinions. 


Two earlier methods of making it easier to access opposing opinions appeared soon after 
World War II. The fairness doctrine required holders of broadcast licenses to (1) present 
discussion of controversial issues of public importance and (2) do so in a way that is honest, 
equitable, and balanced. In the digital world, this might require access to opposing opinions 
and information on controversial issues in discussion format or question-and-answer format. 


A second method was the equal-time rule. This required candidates of both parties to have 
access to a certain amount of broadcast time atthe same rate as the opposing candidate. In this 


106 Wei-Kuo Lin and Michael Pfau, "Can Inoculation Work Against the Spiral of Silence? A Study of Public Opinion 
on the Future of Taiwan," International Journal of Public Opinion Research 19, no. 2 (2007), doi: 
10.1093/ijpor/edl030. 


107 Kate Woodsome, Danielle Kunitz, and Joy Sharon Yi, “Our Political Divide Is Dangerous. A Neuroscientist and 
Political Scientist Explain Why,” Washington Post, Dec. 24, 2020. 
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way, broadcasts could not favor a preferred political candidate by denying the opposing 
candidate a forum to respond. If candidate A bought 30 seconds of TV time for ads, the opposing 
candidate would buy 30 seconds at the same rate. For the digital world, this might require 
allowing like-minded social media groups to allow people with different viewpoints some sort 
of access to the group. 


Maintaining novelty of shared destiny and values 


The third area of GBN is novelty. One of the common complaints about government 
information campaigns of the past (e.g., vaccination information, seat belt information) was 
that it was repetitive and predictable. If disinformation is to be counteracted, true information 
needs to be presented in different ways (Google updates its screen with a new factoid daily), 
and preferably by a diverse group of people, with humor and other ways to lighten the message. 
We see this in advertising campaigns all the ttme—GEICO constantly updates its ads, and some 
brands adopt a new slogan on a regular basis. The point is that old information gets more 
attention when it is repackaged as new. 


Emotions and arousal 


A person's state of emotion and arousal can also make them more susceptible to 
disinformation. It is no secret that some information and messages affect people more than 
others. In fact, marketing campaigns rely on the effect a message has on a person's emotions 
and subsequent behavior to buy products, donate to a cause, or vote for a candidate. Countless 
books, courses, and practices have been built on the concept of using messages to influence 
people's perceptions and behaviors, including the ubiquitous How to Win Friends and Influence 
People by Dale Carnegie and the extensively researched Influence: Science and Practice by 
Robert Cialdini.!?? While there are multiple compelling aspects of a message that can affect the 
message's ability to persuade, people are more likely to respond to (and share) information 
that is interesting, elicits positive emotions, or arouses action.!1? 


Novelty, discussed at length in the GBN model section, is a primary determinant of what people 
consider interesting.!!! In addition, content can inspire emotional feelings (positive or 


10? Dale Carnegie, How to Win Friends and Influence People, (New York: Simon & Schuster, 1936); Robert B. 
Cialdini, Influence: Science and Practice, 4th ed. (Boston: Allyn and Bacon, 2001). 


110 Katherine L. Milkman and Jonah Berger, "The Science of Sharing and the Sharing of Science," Proceedings of the 
National Academies of Science 111 no. Supplement 4 (2013), doi: 10.1073/pnas.1317511111; William J. Brady, 
Ana P. Gantman, and Jay J. Van Bavel, "Attentional Capture Helps Explain Why Moral and Emotional Content Go 
Viral,” Journal of Experimental Psychology: General 149, no. 4 (2020). 
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negative) and can motivate or depress a response (high or low arousal). The following table 
provides examples that are commonly explored in the literature. 


Table 7. Examples of positive and negative emotions that differ on level of arousal 


High arousal Low arousal 


Positive emotion Awe or amusement Contentment 
Negative emotion Anxiety or fear Sadness 
Source: CNA. 


Emotion and arousal theories would explain that the sharing of the false Columbian Chemicals 
story was enhanced because the story elicited highly arousing negative emotions of anxiety 
and fear. Indeed, the cover graphic explicitly included the word "panic" on the page, further 
priming the arousing emotion. 


Multiple researchers have explored characteristics that make information more likely to be 
shared. Commonly studied characteristics are message placement (i.e., prominence on a page), 
length, interest, usefulness of the information, emotions evoked from the story, and arousal 
evoked from the story. Research demonstrates that positive-emotional content is more viral 
than negative-emotional content, but there is evidence that high-arousal content (regardless 
of whether it is positive or negative) is more likely shared than low-arousal content.1!2 Put 
simply, the level of arousal the content evokes—or the level of arousal a person feels when he 
or she sees the content—is even more important than positive or negative content when 
evaluating the likelihood of sharing information. That means that things that inspire awe, 
anger, and anxiety are more likely shared than things that inspire sadness. It is important to 
note that this relationship remains true even when a variety of other factors are held constant, 
including how interesting the material was, how practical (informative) it was, how 
prominently it was displayed, how long it was available, how long it was, the influence of the 
author, and the gender of the author. This research suggests that, when considering how 
information spreads, focusing on the content of a contagious message is valuable: how does it 
make people feel? Is that emotion arousing or depressing? 


The psychological principles illuminated in this section thus far have described what is 
happening, but they have not offered explanations as to why the relationships exist. Our 
preliminary research has uncovered two possibilities: (a) an illustration of the Yerkes-Dodson 


112 Jonah Berger and Katherine L. Milkman, "What Makes Online Content Viral?," Journal of Marketing Research 49, 
no. 2 (2012), doi: https://doi.org/10.1509 /jmr.10.0353. Jonah Berger, “Arousal Increases Social Transmission of 
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Law that arousal is required to motivate behavior and (b) social psychological theories 
exploring the individual benefits of sharing information with a larger group. 


The Yerkes-Dodson Law is the idea that there is a normal distribution (bell-curve) relationship 
between performance and arousal.113 At very low levels of arousal, individuals will not engage 
in tasks. At very high levels of arousal, individuals are so stimulated that they also cannot 
engage in tasks. There is an optimal level of arousal, near the midpoint, at which an individual 
will maximally perform. The research described regarding emotional arousal and sharing of 
information supports portions of the Yerkes-Dodson law.!1^ Low-emotional arousal is not as 
associated with information sharing as higher levels are. However, we are unaware of 
researchers specifically testing for the bell-curve relationship regarding information sharing 
(i.e., are there levels of emotional arousal where individuals will no longer be inclined to share 
information?). 


There are multiple social benefits served by sharing information among group members. 
Sharing emotional information with others can increase social bonding or increase the 
perception of similarity among group members, both of which can strengthen a community.115 
However, these social benefits also motivate other behaviors to protect the group and group 
identity. Brady, Crockett, and Van Bavel note that, when group identities are threatened from 
individuals inside or outside the group (through challenging information), those who more 
strongly associate with the group are more likely to express or share emotional information. 


Implications of emotionally arousing content for disinformation 


The relevance of emotions and arousal to the likelihood of information sharing is an important 
key for understanding the spread of disinformation. Research suggests that a reader is more 
likely to share false information if it arouses him or her. A recent study exploring 126,000 
tweets found that the false content shared was more novel and inspired fear, disgust, or 
surprise while the true information shared inspired anticipation, sadness, joy, and trust.!!6 In 
this study, false content inspired emotions that were more arousing than emotions inspired by 


113 Robert M. Yerkes and John D. Dodson, "The Relation of Strength of Stimulus to Rapidity of Habit-Formation," 
Journal of Comparative Neurology and Psychology 18 (1908). 


114 Bruce E. Kaufman, “Emotional Arousal as a Source of Bounded Rationality,” Journal of Economic Behavior and 
Organization 38, no. 135-144 (1999), doi: 10.1016/S0167-2681(99)00002-5. 


115 William J. Brady, M. J. Crockett, and Jay J. Van Bavel, “The MAD Model of Moral Contagion: The Role of 
Motivation, Attention, and Design in the Spread of Moralized Content Online,” Perspectives on Psychological Science 
15, no. 4 (2020), doi: 10.1177/1745691620917336. 
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true content. In addition, they found that bots were as likely to share true information as false 
information and that those who shared false information were less likely to be influencers (e.g., 
fewer followers, less active on social media, less time on Twitter, and less likely to be verified) 
than those who shared true information. Of interest, this article explored the extent to which 
false and true information spread and found that an individual instance of true content rarely 
reached more than 1,000 people, whereas the false content routinely reached 1,000 to 100,000 
people. The authors conclude that "the greater likelihood of people retweeting falsity more 
than truth is what drives the spread of false news, despite network and individual factors that 
favor the truth.”117 


It is possible that multiple psychological principles, activated at the same time, can increase 
the likelihood that disinformation is absorbed or shared. Kaufman builds on the Yerkes- 
Dodson Law to describe how higher levels of emotional arousal can interfere with cognitive 
processes (e.g, short-term memory, organizing thoughts, and rational thinking).!!? This 
suggests that if something is highly arousing, it might increase the likelihood that a person 
would process the information using automatic thinking. 


What can we do about it? 


Our literature review did not produce many insights into combating the effects of emotion and 
arousal on disinformation. Indeed, the articles that discuss the topic primarily describe the 
phenomenon in field and laboratory settings, but do not explore ways to counter the effect. 
However, the literature strongly indicates that emotional and arousing content are more likely 
to be shared, and Russia has tended to favor disinformation stories on topics known to be 
highly emotional and arousing to US citizens, such as race relations. 


Given that disinformation is, by definition, constructed, it can be constructed to contain 
emotional or arousing messages. Several of the ideas to combat the absorption and spread of 
disinformation have been discussed in the previous sections. Inoculation, discussed to combat 
multiple psychological principles that can facilitate disinformation, could be applied to 
combating emotional and arousing messages. Making people aware of the effect of 
emotional/arousing information on beliefs and behaviors can give them tools to respond more 
accurately. Increasing controlled processing through friction or nudging could also help 
combat emotional and arousing disinformation. Providing cues to think more deeply about 
information on suspect websites might prime individuals to be more skeptical of 
emotional/arousing information they receive. 


117 Vosoughi, Roy, and Aral, "The Spread of True and False News Online." 
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Summary 


Understanding how false information spreads is the first step toward containing it. We 
described four major psychological principles that research demonstrates are related to the 
absorption and spread of disinformation. 


The first psychological principle relates to how people initially process information. Our 
"processing capacity" is limited, so we cannot deeply attend to all new information. We take 
mental shortcuts to incorporating new information, and those shortcuts can open us up to 
mistakes. To the extent that we do not process information as deeply as we should, 
disinformation can be construed as true information. 


The second psychological principle, called cognitive dissonance, describes the discomfort we 
feel when we are confronted with two competing ideas. We are motivated to reduce the 
dissonance by changing one attitude, removing (ignoring) the contradictory information, 
discounting the importance of contradictory information, or increasing the importance of 
compatible information. If disinformation supports our initial beliefs or creates less dissonance 
than true information, we are more likely to believe the disinformation. 


The third psychological principle describes the role group membership, beliefs, and novelty 
play in absorbing and sharing disinformation. We are more likely to share information with 
people we identify with (i.e., consider members of our group) when we believe the information 
is true and when it is novel or urgent. 


The fourth psychological principle describes the role of emotion and arousal in our sharing 
of disinformation. Research demonstrates that we pay more attention to information that 
makes us feel positively or that arouses us to act. That means we are more likely to share 
information if we feel awe, amusement, or anxiety than if we feel sadness or contentment. 


Further we also summarized the research on countering the effect of disinformation through 
the psychological principles described. Several techniques discussed could be used to counter 
disinformation absorption that results from more than one psychological principle. 
Specifically, preventive inoculation and encouraging deeper, analytic thinking could shield a 
person from the effects of disinformation. Researchers recommend that disinformation 
containment policies should emphasize behavioral interventions that confront psychological 
mechanisms to dissuade the spread of disinformation rather than solely focusing only on bots 
and algorithms. 11? 


11? Vosoughi, Roy, and Aral, "The Spread of True and False News Online." 
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Conclusion 


Brett Horvath, the president of Guardians.ai, argues that “disinformation is not the 
weaponization of knowledge"; rather, he says, "it's the weaponization of cognition." He further 
points out that "a coherent strategy...has to be builton principles: What are you defending, and 
what are you attacking?”!20 As such, we contend that the threat posed by disinformation cannot 
be met solely with technological and political solutions; the psychological principles that 
facilitate its absorption and spread must also be considered. 


Human brains allow us to organize information and respond to it efficiently, but cognitive 
mechanisms are not infallible. As the research we have cited makes clear, disinformation 
weaponizes normal and necessary cognitive mechanisms by exploiting their vulnerabilities. 
But despite their susceptibility to disinformation, cognitive mechanisms present a potential 
path forward. To date, much has been written about how to respond technologically and 
politically to disinformation, but far less has been written about how we might respond 
psychologically to such manipulation. Identifying the best paths forward in this space requires 
first developing an understanding of the psychological mechanisms that make disinformation 
effective. As noted throughout this report, preventive inoculation and encouraging deeper, 
analytic thinking are frequently discussed in the literature as ways to protect against 
disinformation. Additional research is necessary to determine effective ways to integrate these 
two techniques into individual-level cognition and community-level intervention, especially in 
online environments. A more targeted approach may be possible if we explore the four 
psychological mechanisms being exploited to spread disinformation: initial information 
processing, cognitive dissonance, GBN, and emotional arousal. 


Ultimately, solutions that consider technological and political factors alone cannot sufficiently 
diminish the large-scale absorption and spread of disinformation. Because disinformation 
primarily affects the mind, a multipronged response that includes evidence-based 
psychological interventions will be critical to the work of countering this growing threat. 


120 Robert Ackerman, “Cyber-Driven Disinformation Is Here to Stay,” Signal, Sept. 5, 2019, 
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A heightened awareness to the effects of disinformation that can 
prevent disinformation from being absorbed. 

Deliberate, controlled, thoughtful evaluation of new information that 
can prevent disinformation from being absorbed. 

After a group commits to a belief that can clearly be proven false, the 
social circumstances of learning the truth have a large effect on group 
members' acceptance or denial of that truth. 

Dissonance theory describes how people are influenced to either 
accept or reject beliefs, and the arguments/information that 
accompany those beliefs. It posits that people feel uncomfortable 
when they have to reconcile conflicting information. 

The foundation for understanding the two ways we process 
information. The first process, called automatic, requires very little 
effort and is fast, efficient, and "cognitively cheap." The second 
process, called controlled, is slower, more cognitively involved, and 
requires deliberate attention. 

When someone has to undergo an unpleasant experience or exert a 
lot of effort to join a group, their commitment to that group will be 
higher than for groups that do not demand an unpleasant initiation 
or increased effort to join. 

People will emphasize the good aspects of a choice that they freely 
chose. Once someone has made a choice, dissonance is likely to be 
activated. There will be more dissonance if the choice is difficult and 
less dissonance if the choice is easy. 

Friction occurs when something is difficult to process and can be 
created by asking questions that make others process information 
more deliberately (e.g., asking, "what makes you say that?"). It is the 
opposite of fluency and can prevent disinformation from being 
absorbed. 

The theory posits that we accept and share information more readily 
when it comes from a group of people we know (G), it appeals to what 
"our group" believes (B), and when we think it is new (N). 


CNA Research Memorandum | 54 


Page 2774 of 3957 


Definitions 


Psychological Terms 


Heuristics 


Illusory truth effect 


Induced-compliance 
paradigm 


Initial information 
processing 
Inoculation 
Information fluency 
Negative emotion 
Norms-consistency 
paradigm 


Nudge 


Positive emotion 


Primacy and recency effect 


Skepticism 


Therapeutic inoculation 


Yerkes-Dodson Law 


Page 2774 of 3957 


Mental shortcuts we use to make sense of the world. Heuristics are 
developed through previous experience and connections we make 
between similar pieces of information. 

When familiarity with something gives the illusion that it is more 
accurate, inadvertently increasing someone's belief in that 
information. 

When someone is paid to say something that they do not believe, 
their belief will change to reflect what they have outwardly said. This 
is particularly true when the reward offered is small, and less so if the 
reward is large. 

Our brains employ mental shortcuts in an effort o process information 
as efficiently as possible, which can make us vulnerable to mistakes. 
To provide awareness of possible disinformation and the effects of 
disinformation so others can recognize it when confronted by it later. 
This can prevent disinformation from being absorbed. 

A person's ability to process information. This increases when 
information is clear and easy to understand. 

Emotions that make people feel bad. Examples include anxiety, fear 
and sadness. 

People are more likely to accept and defend information that is 
consistent with their previous norms and actions. 

To provide subtle cues for an encouraged behavior. This can prevent 
disinformation from being absorbed. 

Emotions that make people feel good. Examples include, awe, 
amusement, and contentment. 

The tendency for people to remember information that is presented 
first (primacy) or presented most recently (recency). 

The awareness of possible hidden agendas and a personal desire to 
understand the evidence. This can prevent disinformation from being 
absorbed. 

Providing awareness of disinformation that a person has already 
experienced to attempt to remove that disinformation and mitigate 
its effect on future beliefs and behavior. 

The theory that there is a normal distribution (bell-curve) relationship 
between performance and arousal. At very low levels of arousal, an 
individual will not engage in tasks. At very high levels of arousal, the 
individual is so stimulated that they also cannot engage in tasks. 
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Preface 


PERSEREC recently conducted a study of supervisor and coworker reporting of 
information of security concern. In response to our probing for answers as to why 
security-related behaviors are under-reported, interviewees and participants in focus 
groups said that policies were written too broadly for them to implement. The participants 
also said that they were very willing to report serious behaviors that clearly related to 
counterintelligence or security, but much less willing to report on suitability types of 
behaviors, such as excessive drinking and personal problems, because they were not able 
to see the direct link between the human problem and national security. They would 
prefer that these personal troubles be handled through employee assistance programs or 
other monitored treatment programs. 


In response to these research findings, PERSEREC developed a list of 
Counterintelligence Reporting Essentials (CORE) that contained items that were 
primarily behavioral and clearly linked to counterintelligence and security risk. Working 
with the counterintelligence community, PERSEREC honed the list to 16 items. These 16 
items were included as Enclosure 3 in the new DoD Instruction 5240.6, 
Counterintelligence Awareness, Briefing, and Reporting Programs. 


In addition, PERSEREC created a CORE brochure that can be disseminated 
throughout the counterintelligence and security communities. The brochure briefly 
discusses the rationale for developing the CORE list, describes potential uses by security 
professionals, and lists the specific behaviors that should be reported. The behaviors fall 
under the headings, Recruitment, Information Collection, Information Transmittal, and 
Suspicious Behaviors. 


We believe the CORE list—as a new policy enclosure and an easy-to-read 
brochure—responds directly to the concerns of clearance holders in a way that is likely to 


improve security awareness and overall reporting of security-relevant behaviors. 


James A. Riedel 
Director 
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Executive Summary 
Background 


In January 2003, the Defense Personnel Security Research Center (PERSEREC) 
published a report of a study that examined the supervisor and coworker reporting 
requirement within the Department of Defense's (DoD) personnel security program 
(Wood & Marshall-Mies, 2003). The study dealt with self-initiated reporting, when a 
person would see a subordinate or colleague behaving inappropriately and report the 
behavior to Security. One of the aims of the study was to better understand the prevalence 
of workplace reporting, the kinds of behaviors that are reported, and the reasons people 
may not report. To this end, researchers interviewed 45 security managers and 
management personnel in 20 DoD and non-DoD federal agencies who described the 
reporting rate as very low, perhaps reflecting an under-reporting of relevant behaviors. 
They offered a series of explanations as to why people may not report, including cultural 
resistance; negative perceptions of reporting; lack of knowledge and experience of the 
system among security officers, supervisors, and the workforce; and unclear relationships 
between Security, employee assistance programs, and other functions. 


The PERSEREC study also included several focus groups with supervisors and 
employees at various federal agencies to learn participants’ views and recommendations 
concerning reporting. Focus group participants made it clear that they are willing to 
report egregious behaviors that they believe pose a likely threat to national security. They 
simply want to know precisely what such behaviors are. Wording of policy, in their 
opinion, is amorphous and confusing. All participants without exception said that they 
would seldom report certain gray-area behaviors that they describe as too personal (“the 
more private things," as one put it). Such behaviors may include emotional or mental, 
financial, alcohol and drugs, and marital problems, and unusual personal conduct. 
Research suggested that participants are reluctant to report these behaviors because they 
cannot see a link between the behavior and national security; in other words, they are 
unlikely to be convinced of the security relevance of personal problems. They may also 
be reluctant because they do not trust the system to deal with the reports equitably and 
also may fear possible reprisals to themselves as so-called whistleblowers. 


In an attempt to end confusion about what should always be reported, the 
PERSEREC study recommended the development of a list of egregious behaviors that are 
closely connected to counterintelligence (CI) and security. The list would not include 
behaviors of a suitability or reliability nature since the research showed that supervisors 
and coworkers have said they would be unlikely to report such matters. 


The present report documents the rationale for preparing the list and describes the 
processes by which it was developed and its eventual inclusion as Enclosure 3 in the new 
DoD Instruction 5240.6, Counterintelligence Awareness, Briefing, and Reporting 
Programs. 
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Method 


Research comprised the following steps: (1) comparison of major CI policy 
documents; (2) review of other source documents; (3) development of a draft 
Counterintelligence Reporting Essentials (CORE) list of behaviors that must be reported; 
(4) presentation of the draft CORE list for review and editing by CI experts; (5) 
introduction of the final CORE list into DoD policy; and (6) promulgation and 
implementation of the final CORE list, through the Defense Security Service (DSS) and 
other CI entities, for use in security and education programs and CI briefings. 


Policy Review and Review of Other Source Documents 


The various key policy documents that concern the reporting of CI and security- 
related behaviors were compared and contrasted, exploring areas of overlap, specificity, 
and authoritative procedures, i.e., whether one policy superseded another. Other 
documents and publications that have been developed by DoD, intelligence community 
agencies, and PERSEREC in the area of CI awareness and education were also reviewed. 
Examination of these documents provided background, context, and a pool of 
information from which PERSEREC researchers could draw as they developed the draft 
CORE list. 


Development and Evaluation of Draft CORE List of Behaviors 


PERSEREC researchers proceeded to pull together a draft CORE list of behaviors 
that are observable and may be associated with potential risk to national security. This 
became known as the CORE list. 


The draft CORE list was evaluated by staff at the Joint Counterintelligence 
Evaluation Office (JCEO), the DoD Investigative Working Group (IWG), and by the 
Counterintelligence Field Activity (CIFA). The list was then reviewed by staff at the 
DoD Counterintelligence Directorate in the Office of the Under Secretary of Defense 
(Intelligence). 


Introduction of Draft CORE List into DoD Instruction 5240.6 


The 16 items in the final CORE list were added as an Enclosure to the revision of 
DoD Instruction 5240.6, Counterintelligence Awareness, Briefing, and Reporting 
Programs. 


Implementation of PERSEREC's Brochure in the Field 


PERSEREC developed a separate brochure that includes the 16 original 
PERSEREC CORE list items, along with eight others added by the DoD 
Counterintelligence Directorate. This brochure, which explains the rationale for the list 
and its potential uses, is attached to this report as a pdf file and is detachable for use in 
the field. 
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Recommendation 


DoD should distribute the PERSEREC brochure to CI and security agencies for 
their review and possible implementation. Possible uses include security education 
briefings of various sorts (e.g., initial, refresher, and CI awareness). By concentrating on 
direct CI- and security-related behavior, personnel in the field are likely to develop a 
better understanding of exactly what to report and a greater commitment to reporting it. 
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Background 


PERSEREC in 2003 published a report that studied self-initiated reporting, where 
supervisors and co-workers person observe suspicious behavior by a fellow worker 


(usually in the workplace) and report it to a supervisor or security official (Wood & 
Marshall-Mies, 2003). 


During the course of the study, PERSEREC staff learned from several sources— 
extensive literature reviews, headquarters management personnel, and people working in 
the field—that, despite formal policies requiring employees to report security-related 
behaviors, they do so only rarely. Yet employees in the field are not averse to reporting 
genuine security infractions. In fact, under appropriate conditions, they are quite willing 
to act as eyes and ears for the government. They are simply confused about precisely 
what is important enough to report. Many government workers anguish over reporting 
gray-area behaviors they do not consider to be clearly connected to security. They say the 
policies are written too broadly for the average person in the field. One supervisor, 
echoing the opinion of many, said, “We need a clear communication of what is 
mandatory to report.” A coworker complained, “You can't ask people to do something if 
you don’t define it... We need more definitions. How do we know which behaviors are 
OK and which are not?” 


One of the study recommendations, therefore, was that PERSEREC, in 
collaboration with counterintelligence (CI) professionals, develop a clear, succinct list of 
behaviors that could pose a potential threat to national security and thus should be 
reported if observed. This list, to be known as the Counterintelligence Reporting 
Essentials (CORE) list, would contain behavioral examples to clarify what is considered 
egregious or potentially critical to national security. Use of the CORE list should then 
facilitate reporting of truly significant behaviors. Behaviors that raise questions about 
reliability, the gray-area behaviors that interviewees said they would be less willing to 
report, would be handled by supervisors through counseling, employee assistance 
programs, or other monitored treatment programs. The goal was to produce a relevant 
and useful CORE list, which, through adoption as policy, could be employed to improve 
reporting requirements and security education programs. 


Method 


The research methodology to produce, review, and implement the CORE list 
required six steps: (1) comparison of major CI policy documents; (2) review of other 
source documents; (3) development of a draft CORE list of behaviors that must be 
reported; (4) presentation of the list to CI experts for review and editing; (5) introduction 
of the CORE list into Department of Defense (DoD) policy; and (6) promulgation and 
implementation, through the Defense Security Service (DSS) and other CI entities, for 
use in security and education programs and in CI briefings. 
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Policy Review 


The purpose of this section is to report our review of all of the different policy 
documents related to supervisor and coworker reporting and to compare and contrast the 
requirements of various entities with regard to this subject. PERSEREC researchers 
reviewed the policies, Directives, and Executive Orders that concern the reporting of CI- 
and security-related behaviors. The review explored areas of overlap, specificity, and 
authoritative procedures, i.e., whether one policy superseded another. 


The Clinton administration's Presidential Decision Directive PDD/NSC-12, 
Security Awareness and Reporting of Foreign Contacts (August 5, 1993) requires that 
government employees report all contacts with individuals of any nationality, either 
within or outside the scope of the employee's official activities, in which illegal or 
unauthorized access is sought to classified or otherwise sensitive information, or the 
employee is concerned that he or she may be the target of actual or attempted exploitation 
by a foreign entity. 


Executive Order 12968 (August 4, 1995) states in Sec. 6.2(a) that employees 
should protect classified information from unauthorized disclosure; report all contacts 
with persons, including foreign nationals, who seek to obtain classified information; 
report all violations of security regulations to appropriate security officials; and comply 
with all other security requirements of the order. It adds in Sec. 6.2(b): "Employees are 
also encouraged and expected to report any information that raises doubts as to whether 
another employee's continued eligibility for access to classified information is clearly 
consistent with the national security." 


Title 50, USC, Chapter 23, Subchapter 1, Sec. 797, lays out the penalties for 
violating security regulations at a variety of government facilities and under a variety of 
circumstances. Such a violation will constitute a misdemeanor and carry with it, upon 


conviction, a fine not to exceed $5,000 or imprisonment for not more than one year, or 
both. 


The Director of Central Intelligence Directive (DCID) 6/4, Personnel Security 
Standards (July 2, 1998), lists (Annex E, 6 [a] — [m]) several general categories of 
behavior that are reportable if observed in the workplace. These are similar to the 
adjudicative guidelines (in the DoD Directive 5200.2-R) except that they do not include 
the brief behavioral descriptions that appear in the adjudicative guidelines. The 
categories, which—like the adjudicative guidelines—mix CI, security and reliability 
issues, are listed below. Only two—(b) and (c)—are strictly related to CI issues. 


(a) Involvement in activities or sympathetic association with persons which/who 
unlawfully practice or advocate the overthrow or alteration of the United 


States Government by unconstitutional means. 


(b) Foreign influence concerns/close personal association with foreign nationals. 
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(c) Foreign citizenship or foreign monetary interests. 
(d) Sexual behavior that is criminal or reflects a lack of judgment or discretion. 


(e) Unwillingness to comply with rules and regulations or to cooperate with 
security processing. 


(f) Unexplained affluence or excessive indebtedness. 

(g) Alcohol abuse. 

(h) Illegal or improper drug use/involvement. 

(i) Apparent mental or emotional disorder(s). 

(j) Criminal conduct. 

(k) Noncompliance with security requirements. 

(1) Engagement in outside activities that could cause a conflict of interest. 


(m) Misuse of information technology systems. 


The 1996 DoD Instruction 5240.6 (Counterintelligence [ CI] Awareness and 
Briefing Program) (July 16, 1996) differed significantly from the DCID 6/4. DoD 
Instruction 5240.6 is the fundamental, workhorse instruction for CI awareness and 
briefing programs for DoD. (For an analysis of the new DoD Instruction 5240.6, please 
see pp. 9-10 below.) 


In the 1996 DoD Instruction 5240.6, the 13 reportable items from DCID 6/4 were 
described only briefly and included items that were not strictly Cl-related, e.g., sexual 
behavior, alcohol abuse, illegal or improper drug use/involvement, apparent mental or 
emotional disorders. While several items were quite specific, e.g., behaviors such as 
contacts with foreign intelligence or terrorist organizations, requests for unauthorized 
access to classified or unclassified controlled information, contacts with known or 
suspected foreign intelligence officers, and contacts with foreign diplomats, the 
instruction went on to list (at 6.1.2) an amalgam of behaviors, strung together in one 
sentence and describing 10 broad areas that lack specificity and are often repetitive of 
themselves. *...DoD personnel who have information about activities pertaining to 
espionage, terrorism, unauthorized technology transfer, sabotage, sedition, subversion, 
spying, treason, unauthorized release of classified or unclassified controlled information, 
or unauthorized instructions into automated information systems." 


The military services published their own instructions, based on the 1996 DoD 
Instruction 5240.6. The Air Force’s AFI71-101V4, Counterintelligence (August 1, 2000), 
closely mirrors the 1996 DoD Instruction 5240.6, as does the Navy's SECNAVINST 
3875.1A Counterintelligence and Awareness Briefing Program (February 19, 1999). 


Page 2802 of 3957 


Page 2803 of 3957 


The Army, however, expands considerably on reporting requirements in its 
AR 381-12 Military Intelligence Subversion and Espionage Directed Against the U.S. 
Army (SAEDA) (January 15, 1993). In Chapter 3, Reporting Requirements, it addresses 
three areas: SAEDA Incidents, Additional Matters of CI Interest, and Indicators of 
Espionage. The segment on SAEDA incidents describes the incidents and situations that 
must be reported, these items reflecting the old DoD 5240.6 but in much more detail. The 
next section, Additional Matters of CI Interest, expands greatly the reportable behaviors. 
These include, for example, the discovery of listening devices; unauthorized absence of 
Department of the Army (DA) personnel with high-level clearances; reports of attempted 
or actual suicide; COMSEC insecurities; assassination (or attempts) of anyone by 
terrorists or agents of foreign powers; defection, or attempted or threatened defections; 
detention of personnel by a foreign government with interests inimical to those of the US; 
impersonation of DA intelligence personnel; willful compromise of the identify of US 
intelligence personnel engaged in clandestine intelligence and CI activities; and incidents 
in which foreign countries offer employment to US personnel involved in the 
development of nuclear weapons. 


The third section of AR 381-12, Indicators of Espionage, lists 19 behaviors that 
may be indicative of espionage, although the regulation stresses that while a single 
indicator by itself does not necessarily mean that a person is engaged in espionage, it 
must be reported. This list is reproduced below: 


(a) Any attempt to expand access to classified information by volunteering for 
assignments or duties beyond the normal scope of responsibilities or 
attempting to obtain information for which the person has no authorized 
access or need to know. 


(b) Unauthorized removed of classified materials from work area. 


(c) Extensive use of copy, FAX or computer equipment to reproduce or 
transmit classified material that may exceed Job requirements. 


(d) Repeated or unrequired work outside normal duty hours, especially 
unaccompanied. 


(e) Obtaining witness signatures on classified document destruction forms when 
witness did not observe the destruction. 


(f) Bringing unauthorized cameras, recording devices, computers or modems 
into areas where classified data is stored, discussed, or processed. 


(g) Unexplained or undue affluence, including sudden purchases of high-value 
items where no logical income source exists. Attempts to explain wealth by 
reference to inheritance, luck in gambling, or some successful business 
venture. 
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(h) 


(k) 


(0) 


(p) 
(q) 
(r) 
(s) 


Page 2804 of 3957 


Opening several bank accounts containing substantial sums of money where 
no logical income source exists. 


Free spending or lavish display of wealth which appears beyond normal 
income. 


Sudden reversal of financial situation or sudden repayment of large debts or 
loans. 


Correspondence with persons in countries of special concern. 
Unreported contact with officials of countries of special concern. 
Frequent or unexplained trips of short duration to foreign countries. 
Attempts to offer extra income from an outside endeavor to personnel with 
sensitive jobs or to entice them into criminal situations that could lead to 
blackmail. 

Homesteading or repeatedly requesting extensions to tours of duty in one 
assignment or location, especially when the assignment offers significant 
access to sensitive information or the job is not desirable. 

Repeated involvement in security violations. 

Joking or bragging about working for a foreign intelligence service. 


Visits to a foreign embassy, consulate, trade, or press office. 


Business dealings with nationals or firms of countries of concern. 


In summary, DoD Instruction 5240.6, flowing from higher-level policies such as a 
Presidential Decision Directive and an Executive Order, lays out the basic requirement 
for CI awareness and briefing programs in the DoD. Air Force and Navy wrote 
instructions that closely parallel the DoD instruction; the Army elaborated on the 
instruction, providing more details and specifics. Requirements vary somewhat from one 
entity to another. PERSEREC staff decided that a short, succinct list of reportable 
behaviors is needed rather than having supervisors, coworkers, and agencies deal with the 
plethora of different approaches and degrees of specificity found in the different policies. 
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Review of Other Source Documents 


Having completed the policy review, PERSEREC staff reviewed a selection of 
publications and documents that have been developed by DoD, intelligence community 
agencies and PERSEREC in the area of counterintelligence awareness and education. 
These would provide the context and information required to construct PERSEREC's 
draft CORE list. 


DSS published in January 1998 a For Official Use Only (FOUO) document, 
"Recognition of Potential Counterintelligence Issues." The document was intended to aid 
the facility security officers of cleared U.S. defense contractors in recognizing potential 
CI issues. 


PERSEREC's Employees’ Guide to Security Responsibilities has a section on CI 
indicators.' This contains 23 items grouped into five categories: (1) potential motivation, 
(2) potential indicators of information collection, (3) potential indicators of information 
transmittal, (4) potential indicators of illegal income, and (5) other potential indicators. 
(The Guide also has a list of security and suitability behaviors, organized according to the 
13 adjudicative guidelines, e.g., alcohol consumption, allegiance to the United States, 
criminal conduct, drug involvement, etc.) 


DoD 5220.22-M, National Industrial Security Program Operating Manual 
(January 1995), Section 1-300 General, under Reporting Requirements, states that 
contractors are required to report certain events that have an impact on the status of the 
facility clearance, impact on the status of an employee's personnel clearance, affect 
proper safeguarding of classified information, or indicate classified information has been 
lost or compromised. Contractors are required to establish such internal procedures as are 
necessary to ensure that cleared employees are aware of their responsibilities for 
reporting pertinent information to the facility security officer, the FBI, or other Federal 
authorities as required by the Manual, the terms of a classified contract, and U.S. law. 
The manual states that contractors must provide complete information to enable the 
authorities to ascertain whether classified information is adequately protected. 
Contractors must submit reports to the FBI, and to their local security officials. This 
appears to be the only place in the National Industrial Security Program Operating 
Manual (NISPOM) where reporting requirements are mentioned. 


DSS publishes an annual brochure for security professionals, CI personnel, and 
cleared contractors, Suspicious Indicators and Security Countermeasures for Foreign 
Collection Activities Directed Against the U.S. Defense Industry. The brochure is 
designed to help employees recognize suspicious contacts. The most frequent 
information-gathering method employed by foreign entities is simply to request 
information from individuals working in U.S. defense industry science and technology 
programs. The brochure lists indicators to watch for and appropriate security 
countermeasures to apply. Other methods include inappropriate conduct during visits; 


'For more detail, see the Employees’ Guide to Security Responsibilities on the Web at www.dss.mil/ 
training/securityawareness.htm. 
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suspicious work offers; international exhibits, conventions and seminars; joint 
ventures/Joint research; foreign acquisition of technology and companies; co-opting 
former employees; and targeting cultural commonalities. For each of these methods, DSS 
provides a list of indicators and recommended security countermeasures. 


The following agency brochures and booklets were also reviewed: 


e CIA orientation briefing, “Reporting of Security-Relevant Behavior 
Requirements" 

e CIA brochure, “Why We Care: A Guide for Understanding Suitability and CI 
Indicators" (FOUO) 


e DIA brochure, “Plenty of Excuses But No Good Reasons" 

e DIA brochure, “Countering Espionage” 

e DISA Newcomers’ Briefing 

e DSS’s “Suspicious Indicators and Security Countermeasures for Foreign 
Collection Activities Directed against the U.S. Defense Industry” 

e DOE brochure, “Counterintelligence in our Changing World” 

e DOE brochure, “Clues to Spotting a Spy” 

e FBI “Security Handbook” 

e Navy “Security Awareness Chronicle” 

e NCIS list, “Indicators of Espionage” 

e NIMA “MSSR,” unclassified video briefing on espionage, recruitment, 
security, reporting requirements, etc. 

e NSA booklet, “Foreign Intelligence Recruitment Approaches” 


State Department's booklet, *Counterintelligence for the 1990s and Beyond” 


Each agency mentioned above had its own perspective on the subject of CI 
awareness programs, producing guides, learning tools, manuals, studies, handbooks, 
brochures and booklets that contain all the indicators and behaviors that agencies have 
considered to be of CI concern. Review of the above documents provided background 
and a pool of information from which PERSEREC researchers could draw as they 
prepared the draft CORE list. Researchers were able to cull items from the above 
publications and re-arrange them in a more systematic way that would make sense to 
employees in the field. 


Development of Draft CORE List of Behaviors 


Having reviewed the various policies and related materials listed above and 
compared and contrasted the strengths and weaknesses of each in terms of clarity and 
level of detail, PERSEREC researchers developed from the documents a list that included 
behaviors that should be reported when observed because they are genuine security 
violations or have serious CI significance. Researchers focused on behavioral items that 
clearly reflect security and CI risk. Items that were too vague, non-behavioral (e.g., that 
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required an observer to intuit another person's state of mind), or not clearly associated 
with a security risk were eliminated. 


The draft CORE list was developed in a series of steps, each step building on the 
previous one. As we sequentially reviewed the documents listed below we added new 
items not covered in the previous documents until we reached a saturation point where 
we had captured all items that fell within our selection criteria, i.e., behaviors that are 
observable and may be associated with a risk to national security. The aim was to 
construct a list that was simple, short, effective, and credible to the reader. Below are 
listed the steps we followed in constructing the draft CORE list. 


(1) Reviewed DCID 6/4 (13 adjudication guidelines). 


(2) Compared DCID 6/4 with DoD Instruction 5240.6 “Counterintelligence 
Awareness and Briefing Program." 


(3) Compared the above two documents with SAEDA regulations and 
unclassified briefing, "Indicators." 


(4) Then added items from PERSEREC's “Employees’ Guide to Security 
Responsibilities." 


(5) Then reviewed assorted agency brochures and booklets to see what 
reportable behaviors might have been missed. 


(6) Incorporated all the behaviors culled from the above materials into one list, 
using as the selection criterion the fact that the behavior clearly should be 
reported because it is a CI- or security-related violation. The draft CORE list 
was then carefully reviewed by a panel of five additional researchers at 
PERSEREC who attempted to eliminate any items that were essentially non- 
behavioral (e.g., mostly required judgment calls on the part of the potential 
reporter). 


Having developed a draft CORE list, it was important to have it evaluated by 
professional CI experts. 


Evaluation of Draft CORE List by Counterintelligence Experts 


In October 2002, the draft CORE list was circulated among the staff of the Joint 
Counterintelligence Evaluation Office (JCEO) for their review. In turn, JCEO distributed 
the list to members of the DoD Investigative Working Group (IWG) and to a number of 
retired FBI officials working for the Counterintelligence Field Activity (CIFA). These 
individuals provided editorial and substantive comments on the draft CORE list, and their 
responses were incorporated. The list was then reviewed in April 2003 by CI personnel in 
the DoD Counterintelligence Directorate under the Office of the Under Secretary of 
Defense (Intelligence) (OUSD[I]). Directorate staff reviewed the items and made 
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valuable changes to some. Of PERSEREC’s original 30 items, the CI staff advised 
PERSEREC to reject three, either because the items were not supported by policy or 
because items raised legal concerns. PERSEREC staff subsequently eliminated these 
three and eliminated an additional item because it duplicated another. A few items were 
combined. 


Introduction of Draft CORE List into 
DoD Instruction 5240.6 


PERSEREC reviewed an early draft of the new DoD Instruction 5240.6, 
Counterintelligence Awareness, Briefing, and Reporting Programs, dated April 21, 2003, 
for potential coordination with the CORE list. PERSEREC staff members worked with 
DoD Counterintelligence Office staff who wrote the instruction and wanted to include 
PERSEREC’s draft CORE list into the new instruction. The instruction was promulgated 
August 7, 2004. 


The instruction, in Item 6 Procedures, adds a new section (6.1.) that discusses 
awareness and briefing programs. It then describes in 6.1.3. the kinds of information that 
must be included in CI briefings: information about early detection of espionage and 
other suspected foreign intelligence and terrorist activities; comprehensive tailored threat 
information focusing on foreign intelligence, terrorism and other threats; information 
about the DoD anomalies program;? and reporting responsibilities and procedures. In 
Item 6.2, Reporting Requirements, the new instruction states (at 6.2.1) that DoD 
personnel “shall report information pursuant to E.O. 12968 and DoD 5200.2- 
R...concerning security violations and other information with potentially serious security 
significance regarding someone with access to classified information employed in a 
sensitive position." The new instruction refers the reader to an Enclosure 3, where 
specific behaviors that must be reported are listed. This is an extremely important device 
that provides the reader explicit examples of reportable behavior. 


Item 6.2.2 states “DoD personnel shall expeditiously report any contacts or 
circumstances that could pose a threat to the security of U.S. personnel, DoD resources, 
and classified national security information...or controlled unclassified information...” 
These are relatively vague terms, but then 6.2.3 proceeds to list several explicit 
counterintelligence circumstances in which contacts must be reported. These include 
requests of people for unauthorized access to classified information; when contacts may 
indicate that DoD personnel may be targets for exploitation; contacts with intelligence 
officers from any country; contacts where information is received about terrorism, 
espionage, sabotage, subversion, or other intelligence activities; intrusions into U.S. 
automated information systems; contacts with foreign government interests that may be 
reportable under separate procedures (e.g., for attaches or arms control negotiators); and 
other situations where personnel hold sensitive positions and may be required to inform 


? Pursuant to White House Memorandum, Early Detection of Espionage and Other Intelligence Activities 
Through Identification and Referral of Anomalies, August 23, 1996 and ASD(C3I) Memorandum, Early 
Detection of Espionage and Other Intelligence Activities Through Identification and Referral of Anomalies, 
October 15, 1996. 
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their commanders of the nature of any intended contact with a foreign diplomatic 
establishment. For the full wording on the above items, please see Item 6.2, Reporting 
Requirements, on pp. 6-7 of the new instruction. 


The new DoD Instruction 5240.6 is creative and forward-looking in that it sets out 
a specific and explicit set of CI behaviors that should be reported and then refers the 
reader to Enclosure 3 where a further set of behaviors is listed. Prompted by the CI 
Directorate's review of PERSEREC's draft CORE, this is the first time that such a list 
has been included in any such instruction. 


DoD Instruction 5240.6, Enclosure 3, contains 14 items taken directly from 
PERSEREC's CORE list of 16 items. These are behaviors that are clear violations and 
must be reported immediately; no judgment is required of the person reporting. The CI 
Directorate added other items to Enclosure 3. These additions were the kinds of items 
that had initially been rejected by researchers at PERSEREC who recognized such items 
as potentially security-relevant but: (1) were open to different interpretations that might 
have little bearing on security, or (2) were behaviors that could not normally be known to 
a supervisor or coworker. These additional items, several borrowed from the Army's 
SAEDA list, included volunteering for assignments beyond the normal scope of 
responsibilities; use of copy machines, faxes or computers to transmit materials that may 
exceed job requirements; working outside normal duty hours; unexplained or undue 
affluence; sudden reversal of a bad financial situation or repayment of large debts; 
attempts to entice DoD personnel into situation that could place them in a compromising 
position; attempts to place DoD personnel under obligation through special treatment; 
and short trips to foreign countries or travel within the US for reasons that appear unusual 
or inconsistent with a person’s interests or financial means. Counterintelligence 
Directorate staff included these items because they have been previously mentioned in 
policy and have thus traditionally been part of a set of behaviors of possible security 
concern. 


Implementation of CORE Brochure in the Field 


After PERSEREC’s CORE list was included in policy, PERSEREC transformed 
it into a brochure for use in the field. The brochure is designed for distribution to DoD 
components and other departments and agencies that have a need for security education 
materials and educational tools in the area of supervisor and coworker reporting. It 
contains the rationale for creating the CORE list so that people using it in the field will 
understand why items are included. Reportable behaviors are then presented in three 
major categories: (1) recruitment, (2) information collection, and (3) information 
transmittal. A fourth section contains a number of discretionary items, i.e., behaviors that 
are worth noting if one observes them. This fourth section in the brochure is labeled 
Suspicious Behaviors and is included because the items have long been covered in policy. 
(Please see the PERSEREC brochure at Appendix B.) 
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Recommendation 


DoD should distribute the CORE brochure and its developmental rationale to CI 
and security agencies for possible implementation. Potential uses include security 
education briefings of various sorts (e.g., initial, refresher, and CI awareness) and 
distribution to cleared personnel. By concentrating on direct CI- and security-related 
behavior, personnel in the field are likely to develop a better understanding of exactly 
what to report and a greater commitment to reporting it. 
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Department of Defense 


INSTRUCTION 


NUMBER 5240.6 
August 7, 2004 


USD(I) 
SUBJECT: Counterintelligence (CI) Awareness, Briefing, and Reporting Programs 


References: (a) DoD Instruction 5240.6, "Counterintelligence (CI) Awareness and 

Briefing Program," July 16, 1996 (hereby canceled) 

(b) Presidential Decision Directive/NSC No.12,* "Security Awareness and 
Reporting of Foreign Contacts," August 5, 1993 

(c) DoD Directive 5240.2, "DoD Counterintelligence (CI)," May 22, 1997 

(d) Executive Order 12829, "National Industrial Security Program," January 
6, 1993 

(e) through (y), see enclosure 1 


1. REISSUANCE AND PURPOSE 


This Instruction: 


1.1. Reissues reference (a), implements reference (b) within the Department of 
Defense (DoD), and establishes procedures for conducting and administering DoD 
counterintelligence awareness, briefings and reporting as required by reference (c). 


1.2. Provides procedures for the handling of other threat information affecting the 
security of DoD personnel, information, resources, installations, and operations. 


1.3. Reaffirms the requirement for a foreign intelligence and international terrorist 


threat awareness and briefing programs for DoD military, civilian employee, and 
contractor personnel. 


' Authorized users may contact the CI Directorate, DUSD(CI&S), USD(I), Room 3C260, Pentagon for a 
copy. 
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2. APPLICABILITY AND SCOPE 


This Instruction applies to: 


2.1. The Office of the Secretary of Defense, the Military Departments, the 
Chairman of the Joint Chiefs of Staff, the Combatant Commands, the Office of Inspector 
General of the Department of Defense, the Defense Agencies, the DoD Field Activities, 
and all other organizational entities in the Department of Defense (hereafter referred to 
collectively as the "DoD Components"). 


2.2. DoD contractor personnel with security clearances for their briefing and 
reporting requirements as specified under E.O. 12829 (reference (d)), (hereafter referred 
to collectively as "the DoD contractors"). 


2.3. Active and Reserve military personnel, DoD civilian employees, and DoD 
contractors (hereafter collectively referred to as "the DoD personnel"). 


3. DEFINITIONS 


Definitions for this Instruction are in enclosure 2. 


4. POLICY 
It is DoD policy that: 


4.1. The DoD personnel report any contact information or circumstances that could 
pose a threat to the security of U.S. personnel, DoD or other U.S. resources, and 
classified national security information (hereafter referred to as "classified information"), 
or controlled unclassified information under E.O. 12958, DoD Directive 5230.24, DoD 
5400.7-R, and DoD Directive 5210.83 (references (e) through (h)) to an appropriate 
authority. Judicial and/or administrative action may be taken when DoD personnel fail to 
report such required information. 


4.2. The DoD personnel shall receive periodic briefings on the threats posed by 
foreign intelligence services, international terrorists, computer intruders and unauthorized 
disclosures, and individual reporting responsibilities. This shall include insider threats 
and the crimes of spying and treason. 
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5. RESPONSIBILITIES 


5.1. The Under Secretary of Defense for Intelligence (USD(I)) shall oversee the 
DoD Counterintelligence (CI) awareness, briefing, and reporting programs and ensure: 


5.1.1. The Deputy Under Secretary of Defense (Counterintelligence and 
Security) (DUSD(CI&S)) shall establish and sustain the DoD CI awareness, briefing, and 
reporting programs. 


5.1.2. The Director, Counterintelligence, under the DUSD(CI&S), shall: 


5.1.2.1. Recommend policy on CI awareness, briefing, and reporting 
programs to the DUSD(CI&S) and the USD(I). 


5.1.2.2. Provide oversight to the DoD CI Program. 


5.1.2.3. Participate in DoD and national-level forums concerning CI 
awareness, briefing, and reporting programs. 


5.1.2.4. Serve as the staff point of contact within OSD for issues related to 
CI awareness, briefing, and reporting programs. 


5.1.3. The Director, Counterintelligence Field Activity (CIFA), under the 
DUSD(CI&S), shall: 


5.1.3.1. Manage and provide functional oversight of the Department's CI 
awareness, briefing, and reporting programs. 


5.1.32. Brief the USD(I) on significant CI investigative referrals received 
pursuant to this Instruction in accordance with DoD Directive 5105.67 (reference (1)). 


5.1.3.3. Recommend policy changes through the DUSD(CI&S) to the 
USD(TI). 


5.1.3.4. Provide additional training to Component CI personnel on the 
skills required for the CI awareness, briefing, and reporting programs. 


5.1.3.5. Represent the Department with other Government and 
management agencies regarding implementation of all DoD CI matters pursuant to 


reference (i). 


5.1.4. The Director, Defense Security Service, under the DUSD(CI&S), shall 
recommend changes to DoD 5220.22-M (reference (j)) to the DUSD(CI&S), to 
implement this Instruction within cleared defense contractor facilities. 
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5.2. The Heads of the DoD Components shall: 


5.2.1. Develop and implement CI briefing, awareness, and reporting programs 
within their organizations. 


5.2.2. Promptly report any CI information developed from these programs to 
their organic or lead CI agency and to the CIFA pursuant to USD(I) Memorandum, 
"Reporting Significant Counterintelligence Activity," July 19, 2003 (reference (k)). 


5.2.3. Establish time-sensitive reporting procedures pursuant to paragraph 6.3., 
below, for the DoD personnel during official or non-official overseas travel. 


5.2.4. Ensure Component CI agencies report CI information through the 
Portico system. 


5.2.5. Ensure Component CI agency CI information is appropriately 
documented in the Portico system. Information collected responsive to validated 
collection requirements shall be published via Intelligence Information Report on the 
Portico system. 


5.3. The Director, Defense Intelligence Agency, shall, in addition to the 
responsibilities listed in paragraph 5.2., above, and in coordination with the Director, 
Joint Staff, develop and implement CI awareness, briefing, and reporting programs for 
the Chairman, Joint Chiefs of Staff. 


5.4. Defense Agencies with organic CI organizations shall: 


5.4.1. Ensure reported information regarding contractor personnel is referred to 
the Defense Security Service (DSS) and the Federal Bureau of Investigation (FBI). 


5.4.2. Ensure reported information regarding military or DoD civilian 
personnel is referred to the appropriate Military Department CI agency or the FBI, as 
appropriate. Any information reported to the FBI shall also be reported to the CIFA 
pursuant to DoD Instruction 5240.4 (reference (1)). 


5.5. The Secretaries of the Military Departments shall: 


5.5.1. Ensure Department CI agencies refer reported information regarding 
contractor personnel to the DSS and the FBI. 


5.5.2. Refer reported information regarding DoD civilian employees to the FBI 
for possible CI investigative or operational action where the Department does not 
otherwise have investigative authority. Any information reported to the FBI shall also be 
reported to the CIFA pursuant to reference (1). 
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6. PROCEDURES 


6.1. Awareness and Briefing Programs 


6.1.1. The DoD awareness and briefing programs shall promote threat and 
reporting awareness responsibility, enable DoD personnel to identify CI threats, and the 
reporting of suspicious situations and incidents to appropriate authorities. 


6.1.2. Threat awareness may be enhanced through a variety of methods, 
including but not limited to publications, posters, live presentations, and recorded media. 


6.1.3. CI Briefings shall include: 


6.1.3.1. Information about early detection of espionage and other 
suspected foreign intelligence and international terrorist activities to include the crimes of 
sabotage, subversion, treason, and spying. 


6.1.3.2. Comprehensive, tailored threat information focusing on foreign 
intelligence, international terrorism, and other threats to include insider threats relevant to 
the DoD Component's mission, functions, activities and locations. 


6.1.3.3. Information addressing the DoD anomalies program pursuant to 
White House Memorandum, "Early Detection of Espionage and Other Intelligence 
Activities Through Identification and Referral of Anomalies," August 23, 1996 and 
Assistant Secretary of Defense (Command, Control, Communications, and Intelligence) 
Memorandum, "Early Detection of Espionage and Other Intelligence Activities Through 
Identification and Referral of Anomalies," October 15, 1996 (references (m) and (n)), 
which remain in effect. 


6.1.4. Briefings shall be presented at or near the time of initial entry or hire and 
thereafter at least every 12 months. More frequent briefing intervals should be instituted 
if conditions warrant. Some DoD Component organizations or personnel may require 
more frequent briefings predicated on the nature of their duties. 


6.1.5. Briefings should be presented by the Component CI agency when 
feasible. If the servicing Component CI agency is not used, the briefings should be 
coordinated with them for content and accuracy. 


6.1.6. Briefings conducted pursuant to this Instruction do not satisfy the 
requirement of DoD Directive 2000.12 (reference (o)). 


6.2. Reporting Requirements 


6.2.1. The DoD personnel shall report information pursuant to E.O. 12968 and 
DoD 5200.2-R (references (p) and (q)) concerning security violations and other 
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information with potentially serious security significance regarding someone with access 
to classified information or who is employed in a sensitive position. Examples of 
information or observed behaviors that should be reported are listed in enclosure 3. 


6.2.2. Pursuant to this Instruction, the DoD personnel shall expeditiously 
report any contacts or circumstances that could pose a threat to the security of U.S. 
personnel, DoD resources, and classified national security information or controlled 
unclassified information to an appropriate DoD authority. 


6.2.2.1. Appropriate authorities for active duty and Reserve military 
personnel and DoD civilians and DoD contractors working in DoD Component facilities 
include security officers, supervisors, commanders, and organic or lead CI agencies. 
Security officers, supervisors, and commanders shall expeditiously refer any information 
they receive pursuant to this Instruction to their supporting CI agency. 


6.2.2.2. Appropriate authorities for DoD contractors at cleared contractor 
facilities shall include Facility Security Officers, Military Department CI Agencies, the 
FBI, or the DSS pursuant to reference (1). 


6.2.3. The DoD personnel shall report contacts pursuant to the following 
situations: 


6.2.3.1. A request by anyone, regardless of nationality, for unauthorized 
access to classified information under DoD 5200.1-R (reference (r)); controlled 
unclassified information under references (f), (g), and DoD Directive 5230.25 (reference 
(s)); or information systems containing such information. 


6.2.3.2. Contact with an individual, regardless of nationality, under 
circumstances that suggest the DoD personnel may be the target of an attempted 
exploitation by a foreign intelligence service or international terrorist organization. 


6.2.3.3. Contact with a known or suspected intelligence officer from any 
country. 


6.2.3.4. Contact with anyone receiving information of planned, attempted, 
actual, or suspected international terrorism, espionage, sabotage, subversion, or other 
intelligence activities against the Department of Defense, other U.S. facilities, U.S. 
organizations, or U.S. citizens. 


6.2.3.5. Actual or attempted unauthorized access into U.S. automated 


information systems and/or unauthorized transmissions of classified or controlled 
unclassified information over on-line computer services and telephones. 
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6.2.3.6. Close and continuing associations with foreign nationals may also 
be reportable under Director of Central Intelligence Directive (DCID) 6/1, reference (t) 
and DCID 6/4, reference (u). 


6.2.3.7. In addition to the aforementioned reporting requirements, 
personnel who occupy positions designated by their DoD Component as sensitive shall 
apprise their commanders or supervisors of the nature and purpose of any intended 
contact with any foreign diplomatic establishment whether in the United States or abroad. 


6.3. Sanctions. The DoD personnel who fail to report information required by this 
Instruction may be subject to judicial and/or administrative action under applicable law 
and regulations, including the Uniform Code of Military Justice (reference (v)), and other 
applicable sections of the United States Code. 


6.4. Other 


6.4.1. DoD acquisition program personnel working with Critical Program 
Information pursuant to DoD Directive 5200.39 (reference (w)) shall notify their 
servicing security personnel of all projected foreign travel. Such personnel shall receive 
foreign intelligence threat briefings and anti-terrorism briefings prior to overseas travel. 


6.4.2. The DoD personnel with access to Sensitive Compartmented 
Information (SCI) pursuant to DCID 1/20 (reference (x)) incur special security 
obligations that include advance foreign travel notification for official and/or unofficial 
travel and defensive travel briefings. 


7. EFFECTIVE DATE 


This Instruction is effective immediately. 


Ao — 


Stephen A. Cambone 
Under Secretary of Defense for Intelligence 


Enclosures - 3 
El. References, continued 
E2. Definitions 
E3. Examples of Reportable Employee Behaviors 
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El. ENCLOSURE 1 


REFERENCES, continued 


(e) Executive Order 12958, "Classified National Security Information," April 17, 1995 

(f) DoD Directive 5230.24, "Distribution Statements on Technical Documents," 
March 18, 1987 

(g) DoD 5400.7-R, "DoD Freedom of Information Act Program," September 4, 1998 

(h) DoD Directive 5210.83, "Department of Defense Unclassified Nuclear Information 
(DoD UCNI)," November 15, 1991 

(i) DoD Directive 5105.67, "Department of Defense Counterintelligence Field Activity 
(DoD CIFA)," February 19, 2002 

(j) DoD 5220.22-M, "National Industrial Security Program Operating Manual," 
January 1999 

(k) Under Secretary of Defense (Intelligence) Memorandum, "Reporting Significant 
Counterintelligence Activity," July 19, 2003 

(1) DoD Instruction 5240.4, "Reporting of Counterintelligence and Criminal Violations," 
September 22, 1992 

(m) White House Memorandum, "Early Detection of Espionage and Other Intelligence 
Activities Through Identification and Referral of Anomalies," August 23, 19962 

(n) Assistant Secretary of Defense (Command, Control, Communications, and 
Intelligence) Memorandum, "Early Detection of Espionage and Other Intelligence 
Activities Through Identification and Referral of Anomalies," October 15, 1996? 

(0) DoD Directive 2000.12, "DoD Antiterrorism (AT) Program," August 18, 2003 

(p) Executive Order 12968, "Access to Classified Information," August 2, 1987 

(q) DoD 5200.2-R, "Personnel Security Program," January 1987 

(r) DoD 5200.1-R, "DoD Information Security Program," January 16, 1997 

(s) DoD Directive 5230.25, "Withholding of Unclassified Technical Data From Public 
Disclosure," November 6, 1984 

(t) Director of Central Intelligence Directive 6/1, "Security Policy for Sensitive 
Compartmented Information and Security Policy Manual," March 1, 1995* 

(u) Director of Central Intelligence Directive 6/4, "Personnel Security Standards," 
July 2, 1998? 

(v) Section 801-940, Chapter 47, of title 10, United States Code, "Uniform Code of 
Military Justice" 

(w) DoD Directive 5200.39, "Security, Intelligence and Counterintelligence Support to 
Acquisition Program Protection," September 10, 1997 


^ Contact the Counterintelligence Directorate, DUSD(CI&S), USD/I, Room 3C260, 6000 Defense 
Pentagon, Washington DC 20301-6000 to obtain a copy. 

> Contact the Counterintelligence Directorate, DUSD(CI&S), USD/I, Room 3C260, 6000 Defense 
Pentagon, Washington DC 20301-6000 to obtain a copy. 

^ Available to authorized users via DoD Secure Internet Protocol Route Network (SIPRNET). 

> Contact the Counterintelligence Directorate, DUSD(CI&S), USD/I, Room 3C260, 6000 Defense 
Pentagon, Washington DC 20301-6000 to obtain a copy. 
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(x) Director of Central Intelligence Directive 1/20, "Security Policy Concerning Travel 
and Assignment of Personnel With Access to Sensitive Compartmented Information 
(SCI)," December 29, 1991° 

(y) Sections 792-799, Chapter 37 of title 18, United States Code 


* Contact the Counterintelligence Directorate, DUSD(CI&S), USD/I, Room 3C260, 6000 Defense 
Pentagon, Washington DC 20301-6000 to obtain a copy. 
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E2. ENCLOSURE 2 


DEFINITIONS 


E2.1. DEFINED TERMS 


E2.1.1. Anomalies. Foreign power activity or knowledge suggesting foreign 
knowledge of U.S. national security information, processes or capabilities. 


E2.1.2. Classified Information. Information requiring protection in the interest of 
national security, classified "TOP SECRET, SECRET, or CONFIDENTIAL" according 


to reference (x). 


E2.1.3. Contact. Any form of meeting, association, or communication in person; by 
radio, telephone, letter, computer; or other means, regardless of who initiated the contact 
for social, official, private, or other reasons. 


E2.1.4. Controlled Unclassified Information. Data bearing distribution limitation 
statements such as "For Official Use Only" in accordance with reference (g) and other 
information marked under references (f) and (g). 


E2.1.5. Counterintelligence. Information gathered and activities conducted to 
protect against espionage, other intelligence activities, sabotage, or assassinations 
conducted for or on behalf of foreign powers, organizations, or persons, or international 
terrorist activities, but not including personnel, physical, document, or communications 
security programs. 


E2.1.6. Counterintelligence Investigations. Are conducted to prove or disprove an 
allegation of espionage or other intelligence activities, such as sabotage, assassination, or 
other national security crimes conducted by or on behalf of a foreign government, 
organization, or person or international terrorists. CI investigations may establish the 
elements of proof for prosecution or administrative actions, provide a basis for CI 
operations, or validate the suitability of personnel for access to classified information. CI 
investigations are conducted against individuals or groups for committing major security 
violations, as well as failure to follow Defense Agency and Military Department 
directives governing reporting contacts with foreign citizens and out-of-channel requests 
for defense information. CI investigations provide military commanders and 
policymakers with information used to eliminate security vulnerabilities and otherwise 
improve the security posture of threatened interests. 


E2.1.7. Defensive Travel Briefings. Formal advisories alerting personnel of the 
potential for harassment, exploitation, provocation, capture, or entrapment while 
traveling. These briefings, based on actual experience when available, include 


A-12 ENCLOSURE 2 


Page 2825 of 3957 


Page 2826 of 3957 


DODI 5240.6, August 7, 2004 


information on courses of action helpful in mitigating adverse security and personnel 
consequences and advise of passive and active measures that personnel should take to 
avoid becoming targets or inadvertent victims as a consequence of hazardous travel. 


E2.1.8. DoD Component CI Organizations. The organic CI elements of the Army, 
the Navy, the Air Force, the Marine Corps, the Joint Staff, the Combatant Command 
Staffs, the Defense Intelligence Agency, the National Security Agency, the National 
Geospatial-Intelligence Agency, the National Reconnaissance Office, the Defense 
Security Service, the Defense Threat Reduction Agency, and the Missile Defense Agency 
and the CIFA. 


E2.1.9. Espionage. Defined under Sections 792-799, Chapter 37, title 18, United 
States Code (reference (y)) and Article 106a, Uniform Code of Military Justice (UCMJ) 


(reference (v)). 


E2.1.9.1. Espionage is the act of obtaining, delivering, transmitting, 
communicating, or receiving information about the national defense with an intent or 
reason to believe that the information may be used to the injury of the United States or to 
the advantage of any foreign nation. The offense of espionage applies during war or 
peace. 


E2.1.9.2. Reference (y) makes it an offense to gather, with the requisite intent 
or belief, national defense information, by going on, entering, flying over, or obtaining 
access by any means to any installation or place used by the United States for national 
defense. The method of gathering that information is immaterial. 


E2.1.9.3. Anyone who lawfully or unlawfully is entrusted with or otherwise 
has possession of, access to, or control over information about national defense, which he 
or she has reason to believe could be used against the United States or to the advantage of 
any foreign nation, and willfully communicates or transmits, or attempts to communicate 
or transmit, such information to any person not entitled to receive it may be punished 


under reference (y). 


E2.1.9.4. Anyone entrusted with or having lawful possession or control of 
information about national defense, who through gross negligence permits the same to be 
lost, stolen, abstracted, destroyed, removed from its proper place of custody, or delivered 
to anyone in violation of that trust may be punished under reference (y). 


E2.1.9.5. If two or more persons conspire to commit and one of them commits 
an overt act in furtherance of such conspiracy, all members of the conspiracy may be 
punished for violation of reference (y). 


E2.1.10. Foreign Diplomatic Establishment. Any embassy, consulate, or interest 
section representing a foreign country. 
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E2.1.11. Lead CI Agency. A Military Department CI Agency that has been 
designated by the USD(J) to provide defined levels of CI support to one or more of the 
DoD Components. 


E2.1.12. Military Department CI Agencies. The Military Department CI Agencies 
include the U.S. Army Counterintelligence, the Naval Criminal Investigative Service, and 
the Air Force Office of Special Investigations. 


E2.1.13. National Security. A collective term encompassing both national defense 
and foreign relations of the United States. 


E2.1.14. Portico. A program managed by the CIFA to provide automation support, 
through web-enabled software hosted on a robust infrastructure, to the DoD CI 
Community. Portico enables CI enterprise business processes; facilitates information 
sharing, and coordination across DoD Services and Agencies; and provides management 
tools for each CI functional area, as well as supporting tools and services for managing 
the CI process in the functional areas of Collection; Investigations; Analysis and 
Production; Operations; and CI Functional Services. 


E2.1.15. Sabotage. An act or acts with the intent to injure or interfere with, or 
obstruct the national defense of a country by willfully injuring, destroying, or attempting 
to destroy any national defense or war materiel, premises or utilities to include human or 
natural resources, under reference (y). 


E2.1.16. Spying. During wartime, any person who is found lurking as a spy or 
acting as a spy in or about any place, vessel or aircraft, within the control or jurisdiction 
of any of the Armed Forces or in or about any shipyard, any manufacturing or industrial 
plant, or any other place or institution engaged in work in aid of the prosecution of the 
war by the United States, or elsewhere. 


E2.1.17. Subversion. An act or acts inciting military or civilian personnel of the 
Department of Defense to violate laws, disobey lawful orders or regulations, or disrupt 
military activities with the willful intent thereby to interfere with, or impair the loyalty, 
morale, of discipline, of the Military Forces of the United States. 


E2.1.18. Terrorism. The calculated use of violence or threat of violence to inculcate 
fear; intended to coerce or to intimidate governments or societies in the pursuit of goals 
that are generally political, religious, or ideological. 


E2.1.19. Treason. Whoever, owing allegiance to the United States, levies war 
against them or adheres to their enemies, giving them aid and comfort within the United 
States or elsewhere, is guilty of treason (see Section 2831 of title 18, U.S. Code, 
reference (y)). 
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E2.1.20. Unauthorized Disclosure. A communication or physical transfer of 
classified information to an unauthorized recipient. 
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E3. ENCLOSURE 3 


EXAMPLES OF REPORTABLE EMPLOYEE BEHAVIORS 


E3.1. LIST OF REPORTABLE EMPLOYEE BEHAVIORS 


E3.1.1. Unauthorized contact with an individual who is known or suspected of 
being associated with a foreign intelligence, security, or terrorist organization. 


E3.1.2. Illegal activity, conduct or requests for participation in illegal activities or 
other conduct that might make someone susceptible to blackmail or result in a security 


violation. 


E3.1.3. Reading or discussing classified or controlled unclassified information in an 
unauthorized location, such as while using public transportation. 


E3.1.4. Attempts to obtain classified or other protected information in any format to 
which the requesting person does not have authorized access. 


E3.1.5. Requests for witness signatures certifying the destruction of classified 
information when the witness did not observe the destruction. 


E3.1.6. Unauthorized possession and/or operation of cameras, recording devices, 
computers, or modems in areas wherein classified information and data are stored, 


discussed, or processed. 


E3.1.7. The existence or use of any unauthorized listening or surveillance devices in 
sensitive or secure areas. 


E3.1.8. Keeping classified material at home or any other unauthorized place. 


E3.1.9. Acquiring access to classified or unclassified automated information 
systems without proper authorization. 


E3.1.10. Transmitting classified material over unclassified FAX or computer. 


E3.1.11. Seeking to obtain access to sensitive information inconsistent with present 
duty requirements. 


E3.1.12. Removing classified or controlled unclassified material from work areas 
without appropriate authorization by any means. 


E3.1.13. Improperly removing security classification markings from documents. 
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E3.1.14. Discussing classified information on a non-secure, unencrypted telephone. 


E3.1.15. Attempts to expand access to classified information by repeatedly 
volunteering for assignments or duties beyond the normal scope of responsibilities. 


E3.1.16. Extensive use of copy, facsimile, or computer equipment to reproduce or 
transmit classified material that may exceed job requirements. 


E3.1.17. Repeated or un-required work outside of normal duty hours, especially 
unaccompanied. 


E3.1.18. Unexplained or undue affluence, including sudden purchases of high value 
items (1.e., real estate, stocks, vehicles, or vacations) where no logical income source 
exists. Attempts to explain wealth by reference to inheritance, luck in gambling, or some 
successful business venture. 


E3.1.19. Sudden reversal of a bad financial situation or repayment of large debts. 


E3.1.20. Attempts to entice DoD personnel into situations that could place them in a 
compromising position. 


E3.1.21. Attempts to place DoD personnel under obligation through special 
treatment, favors, gifts, money or other means. 


E3.1.22. Short trips to foreign countries or travel within the United States to cities 


with foreign diplomatic activities for reasons that appear unusual or inconsistent with a 
person's interests or financial means. 
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INTRODUCTION 


Supervisors and coworkers are the first line of defense against espionage. The 
government relies on you to protect national security by reporting any behavior 
that you observe that may be related to a potential compromise of classified 
information. You are encouraged, sometimes obliged, by Executive Order, 
Presidential Decision Directive and U.S. Code, as well as by DoD Directives, 
Regulations, Instructions, to report such behaviors. However, judgment calls 
are often required by the potential reporter, and this often leads to indecision 
or choosing not to report anything. 


Therefore, presented below is a focused list of serious counterintelligence- and 
security-related behaviors that, if observed or learned about, should be 
reported immediately to appropriate counterintelligence or security 
authorities. All these behaviors are serious and require little or no speculation. 


Upon receiving your report, a security professional will follow up with 
appropriate verification. If you are at all uncertain, it is better to err on the side 
of reporting than not. The counterintelligence and security people will know 
how to handle your report. 


The list of behaviors is not intended to be exhaustive. You should report any 
additional observed behaviors that may parallel or exceed the concerns listed in 
this brochure. 


The brochure can be used by supervisors, coworkers, and security 
professionals in initial and refresher briefings and in counterintelligence 
briefings. By concentrating on direct counterintelligence- and security-related 
behavior, personnel in the field are likely to develop a better understanding 
of exactly what to report and a greater commitment to reporting it. 


If you want only the CORE items, 


print the last four pages of this document. 
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BACKGROUND 


The Defense Personnel Security Research Center (PERSEREC) conducted research 
on how employees with clearance access understand the requirements to 
report suspicious behavior that they observe.* 


Finding: Supervisors and coworkers are willing to report on behaviors that have a 
clear connection to security, such as transmitting classified documents to 
unauthorized personnel, but they are unwilling to report on colleagues’ 
personal problems, such as alcohol abuse. Because it was difficult to 
discern which reporting requirements were clearly related to security, 

there was very little reporting. 


Outcome: PERSEREC, in collaboration with counterintelligence profes- 
sionals, developed a clear, succinct list of “Coworker Reporting Essentials" (CORE) 
behaviors that could pose a possible threat to national security and thus 
should be reported if observed. The draft CORE was reviewed and edited by 
counterintelligence professionals at the Counterintelligence Field Activity 
(CIFA), and was coordinated by the DoD Investigative Working Group 
(IWG). 


PERSEREC also coordinated with the DoD Counterintelligence Directorate 
in the Office of the Under Secretary for Defense (Intelligence), who included 


the PERSEREC CORE list in DoD Instruction 5240.6, Counterintelligence 
Awareness, Briefing, and Reporting Programs. 


*Wood, S., & Marshall-Mies, J.C. (2003). Improving supervisor and coworker reporting of 
information of security concern. Monterey, CA: Defense Personnel Security Research Center. 
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COUNTERINTELLIGENCE 
REPORTING ESSENTIALS (CORE) 


If you become aware of any of the following behaviors or activities, you should 


report them to your security officer or supervisor. These behaviors are derived 
from the DoD Instruction 5240.6 Counterintelligence Awareness, Briefing, and 
Reporting Programs. 


RECRUITMENT 


Foreign intelligence entities are on the lookout for people who can be solicited to 
commit espionage against the U.S. At the same time, willing would-be spies 
often approach foreign intelligence operatives on their own initiative, thus 
volunteering for recruitment. It is a major task of counterintelligence to 
intercept these relationships. The recruitment cycle requires, first, that contact 
be established between the foreign intelligence agency and the potential spy, 
whether by direct recruitment or by volunteering. While the recruitment 
relationship almost always involves contacts with foreigners, an already- 
committed U.S. spy may approach you or a colleague on the job for recruitment 
into espionage. 


Reportable Behaviors 


* ^ » you become aware of a colleague having contact with an individual who is 


known to be, or is suspected of being, associated with a foreign intelligence, 
security, or terrorist organization. 


* » a you discover that a colleague has not reported an offer of financial 
assistance by a foreign national other than close family. 


* a a you find out that a colleague has failed to report a request for 


classified or unclassified information outside official channels to a foreign 
national or anyone without authorization or need to know. 


* ^ » you become aware of a colleague engaging in illegal activity or if a 
colleague asks you to engage in any illegal activity. 
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INFORMATION COLLECTION 


Before classified or other kinds of sensitive materials can be passed to a 
foreign intelligence agency, they must be collected. They can simply be stolen 
(e.g., paper placed in a briefcase and taken out of the office), photographed, 
collected via computers, or obtained through eavesdropping or other 
surveillance devices. The computer age, with its e-mail and database 
capabilities, has offered new opportunities to potential spies for collecting data. 
While technical countermeasures can control some situations, it is up to 
coworkers to watch for and, if possible, identify breaches in the system that 
allow classified and sensitive information to be collected for espionage 
purposes. 


Reportable Behaviors 


* a a acolleague asks you to obtain classified or other protected information in 
any format to which the person does not have authorized access. 


* 4 » acolleague asks you to witness signatures for destruction of 
classified information when you did not observe the destruction. 


* a a you Observe a colleague operating unauthorized cameras, recording 


devices, computers, or modems in areas where classified data are stored, 
discussed, or processed. 


* a » you become aware of the existence of any listening or surveillance 
devices in sensitive or secure areas. 


* a » you find out that a colleagues has been keeping classified material at home 
or any other unauthorized place. 


* a a you discover a colleague acquiring access to classified or unclassified 
automated information systems without authorization. 


* a a you observe a colleague seeking to obtain access to sensitive 
information inconsistent with present duty requirements. 
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INFORMATION TRANSMITTAL 


In former days the transmittal of classified or sensitive information took the form of 
stealing documents and physically handing them to the foreign intelligence 
agent. In addition, spies could photocopy paper materials, smuggle materials 
out in briefcases, even illicitly take photographs in the workplace. Nowadays, 
there are many more opportunities to transmit information. With the advent of 
e-mail, faxes, and other technological capabilities, it is possible to transmit large 
quantities of information without being immediately caught. Coworkers must be 
aware of this problem and, if an illicit transmission is detected, report it directly 
and immediately to the designated cognizant counterintelligence or security 
authorities. 


Once a relationship with a foreign intelligence agent is established and 
information begins to flow, illicit trips abroad by the recruited spy usually follow 
(meetings are easier to arrange abroad than in the U.S.). These journeys are 
often concealed by the person and the foreign contact is not reported. If you 
learn of such journeys or contacts, you should report. 


Reportable Behaviors 


* a u you see someone removing classified material from the work area 


without appropriate authorization, either by physically taking it home or on 
travel, or by e-mailing or faxing it out of the office. The same rule applies for 
other protected materials, such as export-controlled or proprietary items. 


* a u you observe a colleague using unclassified FAX or computer to 
transmit classified material. 


* a u you observe a person improperly removing the classification 
markings from documents. 


* a m you hear a colleague discussing classified information on a nonsecure 
telephone. 


* a m you become aware that people with TS/SCI or contractors with a 


reporting requirement have attempted to conceal any work-related foreign 
travel and any personal foreign travel. 
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SUSPICIOUS BEHAVIORS 


The new DoD Instruction 5240.6, Counterintelligence (CI) Awareness, 
Briefing, and Reporting Programs (August 7, 2004) lists an additional series of 
eight items that, while not exactly clear-cut violations, have been traditionally 
considered behaviors that may well be connected to counterintelligence and 
security problems. These behaviors do require some degree of judgment before 
reporting. Often you might not know about them directly but only by hearsay. 
Often they may easily carry plausible alternative explanations. They are 
included here with the caveat that they do require a judgment call before 
reporting. If you are at all uncertain, it is better to report the behavior than to 
make no report at all. 


> Attempts to expand access to classified information by repeatedly 
volunteering for assignments or duties beyond the normal scope of 
responsibilities. 


» Extensive use of copy, facsimile, or computer equipment to 
reproduce or transmit classified material that may exceed job 
requirements. 


» Repeated or un-required work outside of normal duty hours, 
especially unaccompanied. 


» Unexplained or undue affluence, including sudden purchases of high 
value items (e.g., real estate, stocks, vehicles, or vacations) where no 
logical income source exists. Attempt to explain wealth by reference to 
inheritance, luck in gambling, or some successful business venture. 


> Sudden reversal of financial situation or sudden repayment of large 
debts or loans. 


>Attempts to entice DoD personnel into situations that could place them in a 
compromising position. 


> Attempts to place DoD personnel under obligation through special treatment, 
favors, gifts, money, or other means. 


>Short trips to foreign countries or travel within the United States to cities 


with foreign diplomatic activities for reasons that appear unusual or 
inconsistent with a person's interests or financial means. 
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ABSTRACT 


This thesis combines regression, sentiment, and social network analysis to explore 
how Russian online media agencies, both overt and covert, affect online communication 
on Twitter when North Atlantic Treaty Organization (NATO) exercises occur. It explores 
the relations between the average sentiment of tweets and the activities of Russia's overt 
and covert online media agencies. The data source for this research is the Naval 
Postgraduate School's licensed Twitter archive and open-source information about the 
NATO exercises timeline. Publicly available lexicons of positive and negative terms 
helped to measure the sentiment in tweets. The thesis finds that Russia's covert media 
agencies, such as the Internet Research Agency, have a great impact on and likelihood for 
changing the sentiment of network users about NATO than do the overt Russian media 
outlets. The sentiment during NATO exercises becomes more negative as the activity of 
Russian media organizations, whether covert or overt, increases. These conclusions 
suggest that close tracking and examination of the activities of Russia's online media 
agencies provide the necessary base for detecting ongoing information operations. 
Further refining of the analytical methods can deliver a more comprehensive outcome. 
These refinements could employ machine learning or natural language processing 
algorithms that can increase the precision of the sentiment measurement probability and 


timely identification of trolls’ accounts. 
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I. INTRODUCTION 


In recent years, social media has become significantly important as a source of 
information and means of communication. Many people worldwide have an account on at 
least one social media platform. Such platforms created a new environment, which 
enormously simplified exchanging ideas, messages, and knowledge. However, it also 
becomes a channel for manipulation, deception, and proliferation of extremist and radical 
ideologies. The popularity of such online services creates opportunities for state and non- 
state actors to manipulate a society's values and beliefs. The online media platforms 
become both a target and source of information campaigns to manipulate public perception. 
Governments worldwide work actively to develop online capabilities for influence to 
strengthen their power and accomplish their political agendas. Examples of such influence 
are the Russian government's online campaign against Ukraine in 2014! and campaigns 
by ISIS2 and the Taliban? using social media to communicate their messages to target 


audiences. 


These examples also demonstrate that the main actors in information operations 
operate overtly or covertly when influencing the targeted audiences. Official media 
agencies or journalists known for their affiliation to such outlets can openly deliver part of 
the narratives in such operations. However, this affiliation can affect their credibility and 
diminish the effects of the information operation. In contrast, media organizations that use 
covert methods can avoid being attributed to the source of the campaign, primarily by using 
fake online accounts. Therefore, they can infiltrate different communities to affect their 


online communication. Most importantly, they do not just push narratives that are in line 


l Ulises A. Mejias and Nikolai E. Vokuev, “Disinformation and the Media: The Case of Russia and 
Ukraine," Media, Culture & Society 39, no. 7 (October 2017): 8-11, 
https://doi.org/10.1177/0163443716686672; Yevgeniy Golovchenko, Mareike Hartmann, and Rebecca 
Adler-Nissen, “State, Media and Civil Society in the Information Warfare over Ukraine: Citizen Curators 
of Digital Disinformation," /nternational Affairs 94, no. 5 (September 1, 2018): 2, 
https://doi.org/10.1093/ia/1iy 148. 


2 Imran Awan, “Cyber-Extremism: Isis and the Power of Social Media,” Society 54, no. 2 (April 
2017): 5, https://doi.org/10.1007/s12115-017-0114-0. 


3 Vincent Bernatis, “The Taliban and Twitter: Tactical Reporting and Strategic Messaging,” 
Perspectives on Terrorism 8, no. 6 (2014): 6, http://www.jstor.org/stable/26297291. 
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with the official position of their state or organization. They can employ more aggressive 
methods and deliberately disseminate misleading, false, or divisive information to create 
in the targeted society disorientation and social confrontation. Consequently, both overt 
and covert media organizations significantly contribute to the overall effect of information 
operations. Their role in such activities needs exploring and constant monitoring to employ 
proper countermeasures. National security agencies need to develop the capacity to counter 
such online information campaigns. Successful and efficient counteraction depends on the 
reliable identification of the sources of information attacks, their target audiences, and their 


strategic messages. 


However, researchers usually employ a single analytical method when exploring 
online information operations. For example, some of the most common methods include 
temporal analysis, data mining, or social network analysis.4 This lack of an integrated 
approach delivers only partial results about the overall picture in the information campaign 
and prevents proper countermeasure planning. Thus, this thesis demonstrates that 
combining statistical analysis, social network analytic tools, text mining, and sentiment 
analysis can improve this approach. It shows that these methods provide the necessary 
results to build models that can explore the role of the different actors in information 
operations. This thesis's more comprehensive approach can increase the probability of 
timely identification of ongoing information operations, their audiences, main actors’ 
probable location(s), and contribution to the overall effect of the operation. This research 
has great potential for improvement by adding new methods to the analysis. For example, 
machine learning algorithms can increase the precision of sentiment measurement. 
Additionally, dynamic network analysis and natural language processing can identify the 


most important topics in the online conversation and who contributes to these topics. 


This thesis focuses on the online conversation on Twitter about the North Atlantic 


Treaty Organization (NATO), by examining the effects of military exercises over the 


4 Kai Shu et al., Fake News Detection on Social Media: A Data Mining Perspective, vol. 19, 2017, 
https://arxiv.org/pdf/1708.01967.pdf; Xinyi Zhou et al., “Fake News: Fundamental Theories, Detection 
Strategies and Challenges," in Proceedings of the Twelfth ACM International Conference on Web Search 
and Data Mining (WSDM ‘19: The Twelfth ACM International Conference on Web Search and Data 
Mining, Melbourne VIC Australia: ACM, 2019), 836—37, https://doi.org/10.1145/3289600.3291382. 
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2013-2014 time period. It explores the relations between the average sentiment of 
messages in this online conversation and the activities of Russia's overt and covert online 
media agencies. The thesis's most important findings are that the messages generated by 
Russia's covert agencies have a more substantial impact on the probability of sentiment 
change than those of the overt Russian media. Furthermore, the study finds that both the 
overt and the covert Russian actors more effectively influence positive rather than negative 
sentiments. Nevertheless, the evidence also shows that sentiment during NATO exercises 
becomes more negative as the activity of Russian covert media organizations increases. 
Furthermore, this thesis finds that during NATO exercises the trend toward negative 
sentiments increases if the sender's location is closer to the borders of the Russian 
Federation. Finally, this study also finds that activity by the Internet Research Agency 
(IRA), a covert Russian social media influencer agency, and Russian media during NATO 
exercises increases the daily network size of users engaged in the NATO conversation, and 
this network becomes more interconnected. When NATO exercises occur, Russian media 
activities tend to increase the centralization of the daily network. By contrast, the IRA 
seems to operate as a more "egalitarian" network of small teams with a similar number of 


ties. 


Page 2861of 3957 


Page 2862 of 3957 


THIS PAGE INTENTIONALLY LEFT BLANK 


Page 2862 of 3957 


Page 2863 of 3957 


II. LITERATURE REVIEW 


A. INFORMATION OPERATIONS AND SOCIAL MEDIA 


The major actors on the international political stage, such as the United States, 
Russia, and China, have similar views about confrontation that unfolds in the form of 
information. Whether they define it as an information operation or information warfare, its 
primary goals are to influence the adversary's political and military leadership's decision- 
making process, reduce the enemy's morale, and tarnish the population's confidence in its 
leaders and institution. All three countries acknowledge that this type of confrontation has 
multidimensional characteristics because it targets physical, informational, and cognitive 
aspects of the information environment. The Joint Chiefs of Staff's JP3-13 provides details 
the U.S. concept of information operations,? while I. N. Panarin presents the Russian view 
and provides that country's definitions for information warfare (Russ. informacionnoe 
protivoborstvo) and its primary goals.Ó In turn, Paul Charon and Jean-Baptist Jeangéne 
Vilmer” provide extensive details about China's concept of information operations, 
examine multiple case studies, and explain how Beijing studies and exploits the lessons 
learned from the Russian and U.S. military campaigns. In addition to the work of Charon 
and Jeangéne Vilmer, Nathan Beauchamp-Mustafaga and Michael Chase and Elsa Kania? 
can provide complementary insight into the Chinese concept of “the Three Warfares"— 


psychological warfare, public opinion warfare, and legal warfare. 


5 The Joint Chiefs of Staff, Joint Publication 3-13: Information Operations, JP 3-13 (Washington, DC: 
Joint Chief of Staff, 2012), https://www.jcs.mil/Portals/36/Documents/Doctrine/pubs/]p3 13.pdf. 


OLN, Panarin, /nformatsionnaia Voina i Geopolitika, [Information Warfare and Geopolitics] Velikii 
Put’ (Moskva: Pokolenie, 2006). 


7 Paul Charon and Jean-Baptist Jeangéne Vilmer, Chinese Influence Operations: A Machiavellian 
Moment (Paris, France: Ministry for the Armed Forces, Institute for Strategic Research, 2021), 
https://www.irsem.fr/report.html. 


8 Nathan Beauchamp-Mustafaga and Michael S. Chase, Borrowing a Boat Out to Sea: The Chinese 
Military’s Use of Social Media for Influence Operations, Policy Papers (Washington, DC: Johns Hopkins 
University School of Advanced International Studies, 2019). 


9 Elsa Kania, “The PLA’s Latest Strategic Thinking on the Three Warfares,” China Brief 16, no. 13 
(August 2016), https://jamestown.org/program/the-plas-latest-strategic-thinking-on-the-three-warfares/. 
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Researchers examining the organization and capabilities of the Russian media 
propaganda machine explain that it has overt and covert components. The former 
encompasses the vast network of media outlets and news agencies whose editorial policies 
are under the Kremlin's direct control. !0 Monica Hanley and Andrey Kuzichkin provide 
valuable details about the organization of the Russian media landscape, the major media 
holding companies, and who owns them. The authors show that these media networks 
receive funds from some of the largest Russian state or private corporations such as 
Gazprom, VneshTorgBank, and Severstal. The authors also describe the specialized 
administrative structures that support the Russian media operations and the role of the 


Russian presidential administration in this process. 


Similarly, Tod Helmus finds that the Kremlin uses its nexus of media companies in 
congruence with covert assets such as online trolls and bots.!! He explores the difference 
in Moscow’s tactics in the countries close to its borders and those far away. In the ‘far 
abroad' states, Helmus observes that the Kremlin identifies radical or extremist groups 
from the conservative or liberal spectrum, tries to reinforce their extreme political views, 
and then provokes a conflict between them. In contrast, in the ‘near abroad,’ the targets are 
typically Russian ethnic and language minorities, Orthodox religious communities, or 
those with a shared memory about historical events. 12 In this light, Vasile Rotaru examines 
Moscow's “soft power" in the countries bordering Russia and provides details on the 


potential role of such groups in Russian influence operations. !3 


10 Monica Hanley and Andrey Kuzichkin, Russian Media Landscape:Structures, Mechanisms, and 
Technologies of Information Operations (Riga, Latvia: NATO Strategic Communications Centre of 
Excellence, 2021), https://stratcomcoe.org/publications/russian-media-landscape-structures-mechanisms- 
and-technologies-of-information-operations/215. 


11 Todd C. Helmus, Russian Social Media Influence: Understanding Russian Propaganda in Eastern 
Europe, Research Report (Rand Corporation), RR-2237-OSD (Santa Monica, CA: RAND Corporation, 
2018), https://www.rand.org/pubs/research reports/RR2237.html. 


12 Helmus, 14-22. 


13 Vasile Rotaru, “Forced Attraction?: How Russia Is Instrumentalizing Its Soft Power Sources in the 
‘Near Abroad,” Problems of Post-Communism 65, no. 1 (January 2, 2018): 37-48, 
https://doi.org/10.1080/10758216.2016.1276400. 
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The covert component of the Russian information operation capabilities includes 
groups such as the IRA that have used concealed actions to disseminate disinformation or 
employ divisive tactics among their target audiences. These IRA activities have attracted 
the attention of the scientific community worldwide. In particular, two events have 
primarily captured the researchers’ focus: the 2016 U.S. presidential elections and the 


protest movement #BlackLivesMater (BLM). 


Ahmer Arif et al.!^ demonstrate that during the BLM protests, the IRA used 
"Twitter and other online platforms to infiltrate politically active online communities." An 
important finding is that the IRA agents focused their efforts to manipulate the pro-BLM 
audience and those against the protest movement. Moreover, the Russian trolls’ activities 
went beyond simply spreading disinformation on social media, as they were able to 
"connect to the cultural narratives, stereotypes, and political positions" of their target 
audiences." The authors point out that the IRA activities rely on three different 
components. The first is “the affordances of the online environment,” or the inherent 
characteristics of Twitter and the other social media that define how the users use them. 
The second is “the social structures and behaviors of the online crowd,” or the targeted 
audience's subgroups, hierarchy, or leaders and how they interact with each other. The 
third is “the improvised performances of agents that seek to leverage that crowd,” or the 


actual actions to influence the target audience. 


Similar findings are presented by Darren Linvill and Patrick Warren, who 
categorize IRA accounts into five general types: Right Troll, Left Troll, News Feed, 
Hashtag Gamer, and Fearmonger. !? These authors observe that “within each type, accounts 


were used consistently, but the behavior across types was different, both in terms of 


14 Ahmer Arif, Leo Graiden Stewart, and Kate Starbird, “Acting the Part: Examining Information 
Operations Within #BlackLivesMatter Discourse," Proceedings of the ACM on Human-Computer 
Interaction 2, no. CSCW (November 2018): 1—27, https://doi.org/10.1145/3274289. 


15 Darren L. Linvill and Patrick L. Warren, “Troll Factories: Manufacturing Specialized 
Disinformation on Twitter," Political Communication 37, no. 4 (February 2020): 447—67, 
https://doi.org/10.1080/10584609.2020.1718257. 
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‘normal’ daily behavior and in how they responded to external events.” 16 They compare 
the Internet Research Agency's organization to industrial enterprises that use 


"interchangeable parts" with specialized functions to achieve political goals. 


Philip Howard et al. reveal how the IRA’s activities sought to polarize U.S. society 
during the 2016 presidential election by engaging primarily far-conservative and far-liberal 
communities on social media. Specifically, the authors used qualitative and quantitative 
analysis to demonstrate that IRA operations targeted "African American voters to boycott 
elections or follow the wrong voting procedures” and incited “extreme right-voters to be 


more confrontational.” !7 


Congressional hearings questioning social media companies’ officials !8 regarding 
the Kremlin meddling in the U.S. election process and court indictments against IRA- 
linked individuals!9 also provide an important source of detailed information about the 
IRA’s structure, leadership, and activities. During the hearings, a Twitter representative 
revealed that more than 47% of the IRA accounts were automated. In addition, he 
confirmed that Russian media company RT purchased ads that promoted election-related 
content that Twitter identified as being “inflammatory or low-quality."20 The court 


indictment details the IRA’s owners, management, departments, activities, and budget. 


16 Linvill and Warren, 447. 


17 Philip N. Howard et al., “The IRA, Social Media and Political Polarization in the United States, 
2012-2018,” Oxford, UK: University of Oxford, Computational Propaganda Research Project, 2019, 
October 2019, 48, https://digitalcommons.unl.edu/cgi/viewcontent.cgi?article=1004&context=senatedocs. 


18 Russia Investigative Task Force: Testimony before Permanent Select Committee on Intelligence, 
115th Cong. (2017) (statement of Sean J. Edgett Acting General Counsel, Twitter, Inc), accessed February 
4, 2022, https://docs.house.gov/meetings/IG/IG00/20171101/106558/HHRG-115-IG00-Wstate-EdgettS- 
20171101.pdf. 


19 The U.S. vs. The Internet Research Agency LLC, 1:18-cr-00032-DLF, filed February 16, 2018, 
https://www.justice.gov/file/1035477/download. 


20 Russia Investigative Task Force: Testimony before Permanent Select Committee on Intelligence, 
115th Cong. (2017) (statement of Sean J. Edgett Acting General Counsel, Twitter, Inc), 
https://docs.house.gov/meetings/IG/IG00/20171101/106558/HHRG-115-IG00-Wstate-EdgettS- 
20171101.pdf, 13. 
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Information operations have different manifestations, and they often result in 
“distraction, distortion, dismay, and disruption”?! in the public perceptions of specific 
communities or the society in a given country as a whole. David Beskow and Kathleen 
Carley's research demonstrates that these activities could be message-driven or network- 
driven.22 Message-driven and network-driven activities differ in their targets. The former 
aims at a public perception by spreading inaccurate or divisive information.2? The latter 
aims to affect group dynamics by manipulating the target's social ties. For example, 
network-driven messages focus on removing a group's less radical opinion to transform it 
into a polarized echo chamber.24 As a result, the main goal of the researchers studying 
information operations is to examine the dynamics of these processes and “to classify 
adversarial actors and their activities, assess and predict their impact, and design effective 


strategies for intervention and building the resilience of online communities."25 


In addition, studies of information operations conducted through the internet agree 
that the dissemination of disinformation or fake news is their most recognizable feature, 
and how to detect them is the central question that needs an answer. The researchers 
approach this problem from different perspectives. For example, the data-oriented 
approach explores online communication by analyzing messages and their social context. 


Knowledge perspective fake-news detection compares verified news articles to knowledge 


21 Ben Nimmo, “Anatomy of an Info-War: How Russia's Propaganda Machine Works, and How to 
Counter It,” Central European Policy Institute 15 (2015), https://www.stopfake.org/en/anatomy-of-an-info- 
war-how-russia-s-propaganda-machine-works-and-how-to-counter-it/. 


22 David M. Beskow and Kathleen M. Carley, *Social Cybersecurity: An Emerging National Security 
Requirement,” Military Review, March-April (2019), https://www.armyupress.army.mil/Portals/7/military- 
review/Archives/English/MA-2019/Beskow-Carley-Social-Cyber.pdf. 


23 W. Lance Bennett and Steven Livingston, “The Disinformation Order: Disruptive Communication 
and the Decline of Democratic Institutions,” European Journal of Communication 33, no. 2 (April 2018): 
122-39, https://do1.org/10.1177/0267323 118760317; Mejias and Vokuev, “Disinformation and the Media.” 


24 R, Kelly Garrett, “Echo Chambers Online?: Politically Motivated Selective Exposure among 
Internet News Users," Journal of Computer-Mediated Communication 14, no. 2 (January 2009): 265-85, 
https://doi.org/10.1111/j.1083-6101.2009.01440.x; Elmie Nekmat, “Prosocial vs. Trolling Community on 
Facebook: A Comparative Study of Individual Group Communicative Behaviors,” International Journal of 
Communication 12 (2018): 1—22, http://joc.org. 


25 Joshua Uyheng et al., “Interoperable Pipelines for Social Cyber-Security: Assessing Twitter 
Information Operations during NATO Trident Juncture 2018," Computational and Mathematical 
Organization Theory 26, no. 4 (December 2020): 3, https://doi.org/10.1007/s10588-019-09298-1. 
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in a trustworthy database.26 The knowledge perspective fake-news detection method 
compares verified news articles to knowledge in a trustworthy database, while style-based 
detection captures “the differences in writing styles between fake and accurate news."27 
Another approach, the propagation perspective, explores the dissemination path of the 
news and indirectly detects fake news by assessing the credibility of the headlines, 


publishers, comments, and users. 


Data mining, machine learning, and natural language processing methods are the 
major tools in implementing these approaches. Each tool differs from the others in its 
strategies, datasets, and techniques.23 They are described in more detail in the following 


section of this thesis. 


Other researchers correctly observe that combining these approaches may yield 
better results. Joshua Uyheng et al.29 put the concept of social cyber-security and 
interoperability at the center of their work. Social cyber-security is “a multidisciplinary and 
multimethodological field that studies how to preserve the Internet as a free and open space 
for the exchange of information." 30 Carley and Beskow further examine how technology 
change and decentralization of information flow enables the emergence of social 
cyberthreats.3! They explain that “technology has waived the requirement for physical 
proximity to influence society; and, the decentralization of information flows has reduced 


the cost of entry.”32 


26 Kai Shu et al., Fake News Detection on Social Media: A Data Mining Perspective, vol. 19, 2017, 
https://arxiv.org/pdf/1708.01967.pdf. 


27 Xinyi Zhou et al., “Fake News: Fundamental Theories, Detection Strategies and Challenges,” in 
Proceedings of the Twelfth ACM International Conference on Web Search and Data Mining (WSDM ‘19: 
The Twelfth ACM International Conference on Web Search and Data Mining, Melbourne VIC Australia: 
ACM, 2019), 837, https://doi.org/10.1145/3289600.3291382. 


28 Zhou et al., “Fake News.” 
29 Uyheng et al., “Interoperable Pipelines for Social Cyber-Security.” 


30 Kathleen M. Carley et al., “Social Cyber-Security,” in Social, Cultural, and Behavioral Modeling, 
ed. Robert Thomson et al., vol. 10899, Lecture Notes in Computer Science (Cham, Switzerland: Springer 
International Publishing, 2018), https://doi.org/10.1007/978-3-319-93372-6 42. 


3l Beskow and Carley, “Social Cyber-Security.” 
32 Beskow and Carley, 122. 
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The analysis of “online content polluters, such as bots and trolls,”33 has an 
important place in the field of social cyber-security. They both spread aggressive or 
disruptive messages. It should be noted that in contrast to trolls who are humans, bots are 
automated accounts.34 The success of these “online polluters” has both technological and 
sociopsychological aspects. Thus, social cyber-security researchers have to combine 


methods in both computational social sciences. 


Several prior Naval Postgraduate School (NPS) theses have also focused on social 
media to study influence in the information environment. For example, Eric Chan explored 
Russian influence operations and the historical background of IRA activity.?? Meanwhile, 
James Morales provided valuable information on how to use tweets' sentiment analysis for 
assessing the anti-American mood in Pakistan and Japan. Particularly interesting is his study 
on how public perceptions change due to U.S. exercises in Japan.36 Greg Selph et al. examine 
the relation between the civil conflicts in Nigeria, the Philippines, and Pakistan and the change 
in sentiment of tweets. The authors provide a valuable assessment of the significance of 


sentiment analysis for studying social media.?7 


B. METHODS OF STUDYING INFORMATION OPERATIONS 


The most frequently used methods for analyzing information operations are 


dynamic network analysis, natural language processing, and machine learning. Machine 


33 Kyumin Lee, Brian David Eoff, and James Caverlee, “Seven Months with the Devils: A Long-Term 
Study of Content Polluters on Twitter," in Fifth International AAAI Conference on Weblogs and Social 
Media, Proceedings of the Fifth International AAAI Conference on Weblogs and Social Media (College 
Station, TX: Texas A&M University, 2011), 8; Emilio Ferrara, Disinformation and Social Bot Operations 
in the Run Up to the 2017 French Presidential Election (Los Angeles, CA: University of Southern 
California, Information Sciences Institute, 2017), 33, https://ssrn.com/abstract=2995809. 


34 David M. Beskow and Kathleen M. Carley, “It’s All in a Name: Detecting and Labeling Bots by 
Their Name," Computational and Mathematical Organization Theory 25, no. 1 (March 2019): 24-35, 
https://doi.org/10.1007/s10588-018-09290-1. 


35 Elvis M. Chan, “Fighting Bears and Trolls: An Analysis of Social Media Companies and U.S. 
Government Efforts to Combat Russian Influence Campaigns during the 2020 U.S. Elections” (master’s 
thesis, Naval Postgraduate School, 2021), 25—59, http://hdl.handle.net/10945/68309. 


36 James Morales, “Assessing Anti-American Sentiment through Social Media Analysis” (master’s 
thesis, Naval Postgraduate School, 2016), 45, http://hdl.handle.net/10945/51587. 


37 Gregory R. Selph, Michael H. Crain, and Andrew Anderson, “Measuring Sentiment Response to 
Collective Violence through Social Media” (master’s thesis, Naval Postgraduate School, 2018), 26, 
http://hdl.handle.net/10945/66275. 
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learning algorithms are very efficient in the automatic identification of fake accounts and 
bots in online conversations.?8 These algorithms are applied to aggregated datasets to 
discover patterns in bots’ messaging behavior or relationships with other social network 
nodes. Uyheng et al. claim that "given a reasonably large dataset of a labeled bot and non- 
bot accounts, predictive models can be trained to discriminate between each type of 
account with decent accuracy ( > 90% ) across various contexts.”39 Other studies 
demonstrate that detecting trolling and opinion manipulation in news community forums 
and Twitter can use online messages’ textual features.49 When studying online information 
operations, another critical task is identifying the topics or central messages of the targeted 
conversations. Techniques such as topic modeling allow researchers to capture the core 
ideas and reveal critical aspects of a disinformation campaign. For example, the Latent 
Dirichlet Allocation (LDA) algorithm can extract topics from a corpus of texts using 
natural language processing.^! Finally, dynamic network analysis provides quantitative 
methods to test hypotheses about users’ influence in an online conversation. It analyzes 
how their characteristics and behavior change over time and how they interact. For 
example, on Twitter, the study of users' features and their ties (how they retweet, reply, or 


are mentioned) can deliver “more complex insights into online discourse." 42 


Uyheng et al.43 convincingly demonstrate that these methods can discover patterns 


in Twitter users’ behavior attributed to online information campaigns during NATO 


38 Fred Morstatter et al., *Is the Sample Good Enough? Comparing Data from Twitter's Streaming 
API with Twitter's Firehose,” JCWSM 2013, June 2013, http://arxiv.org/abs/1306.5204; SiHua Qi, Lulwah 
AlKulaib, and David A. Broniatowski, “Detecting and Characterizing Bot-Like Behavior on Twitter,” in 
Social, Cultural, and Behavioral Modeling: 11th International Conference, SBP-BRiMS 2018 Washington, 
DC, USA, July 10-13, 2018 Proceedings 123, n.d. 


39 Uyheng et al., “Interoperable Pipelines for Social Cyber-Security,” 3. 


40 Carley et al., “Social Cyber-Security”; Todor Mihaylov, Georgi Georgiev, and Preslav Nakov, 
“Finding Opinion Manipulation Trolls in News Community Forums,” in Proceedings of the Nineteenth 
Conference on Computational Natural Language Learning (Proceedings of the Nineteenth Conference on 
Computational Natural Language Learning, Beijing, China: Association for Computational Linguistics, 
2015), 310-14, https://doi.org/10.18653/v1/K15-1032. 


41 David M. Blei, Andrew Ng, and Michael Jordan, “Latent Dirichlet Allocation,” Journal of Machine 
Learning Research 3 (January 2003): 22. 


42 Kathleen M. Carley et al., “Toward an Interoperable Dynamic Network Analysis Toolkit,” Decision 
Support Systems 43, no. 4 (August 2007): 1324—47, https://doi.org/10.1016/j.dss.2006.04.003. 


43 Uyheng et al., “Interoperable Pipelines for Social Cyber-Security,” 5. 
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exercises. They apply LDA to determine what topics are prevalent in Twitter 
communication when NATO exercises occur and how they change over time. Next, the 
researchers explore the features of Twitter accounts to classify them as bots or not. For this 
purpose, they use a random forest machine learning model such as Bothunter.^^ In parallel, 
the authors employ different neural networks trained on a dataset of user descriptions for 
role identification (e.g., if the users are news agencies, reporters, and others) and for 
location prediction. In the end, they use an Organization Risk Analyzer (ORA) for 
individual and network drill-down to identify influential users, characterize the Twitter 
conversation's overall structure, and visualize the results. Uyheng et al.'s approach shows 
that combining computational tools can better analyze information operations in social 
media, as this approach can gain more complex insights into participants and their 


messages than single tools can. 


Nonetheless, these results could be improved further by integrating different 
analytical tools or methods, such as sentiment analysis (especially in languages other than 
English), regression analysis, and network topology metrics’ calculation. The change in 
the sentiment of tweets can play the role of a dependent variable in regression models to 
establish which factors have a statistically significant influence. The calculation of 
different topology metrics of the users’ social network can reveal how its characteristics, 
such as centralization or interconnectedness, change under specific factors. This thesis 
complements the earlier analysis of the Russian covert and overt media agencies' role in 
influencing the information environment during NATO exercises in Europe. It combines 
regression, sentiment, and social network analyses to determine systematically how 
significant political-military events such as Allied exercises affect social media users' 


perceptions. 


44 David M. Beskow and Kathleen M. Carley, Bot-Hunter: A Tiered Approach to Detecting & 
Characterizing Automated Activity on Twitter, Xx (Pittsburgh, PA: Carnegi Mellon University, 2018), 1, 
https://www.researchgate.net/publication/326606376 Bot- 
hunter A Tiered Approach to Detecting Characterizing Automated Activity on Twitter. 
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III. INFORMATION WARFARE: THE BEAR AND THE DRAGON 


A. INFORMATION CONFRONTATION, INFORMATION WARFARE, AND 
INFORMATION OPERATIONS 


The development of information technologies has led many military and political 
leaders worldwide to value the significance of influence and control over the information 
environment. Moreover, the widely accepted understanding is that this influence and 
control can go beyond its traditional force multiplier role in conventional military 


operations and become central in non-military confrontation. 


In the United States, the Department of Defense defines information operations as 
disruptive actions aimed at the decision-making process of potential adversaries. These 
actions include employing information-related capabilities (IRC) to gain advantages in the 
information environment's three distinct dimensions: physical, informational, and 
cognitive.*> JP 3-13 further specifies that the IRCs affect the ability of the targeted 
individual or group “to collect, process, or disseminate information before and after 
decisions are made."49 Beyond the offensive aspect, information operations incorporate 
defensive actions as well. By employing IRC, the information operations aim to protect 
their own forces in the three-dimensional information environment from hostile activities 
that can undermine their own chain of command and the decision-making process. Thus, 
in its essence, an information operation seeks to change the adversary's situational 
awareness and diminish its information capabilities, in order to ultimately disrupt the 


adversary's decision-making process. 


The Russian political elite, the military, and the academic community attach equally 
high importance to the process of influence and confrontation in the information 
environment. As the Chief of General Staff of the Russian Armed Forces, General Valery 


Gerasimov, points out that information warfare creates wide asymmetric opportunities to 


45 The Joint Chiefs of Staff, JP 3-13, 3. 
46 The Joint Chiefs of Staff, I-3. 
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reduce the enemy's combat potential.47 In Russian documents on the topic, these activities 
are part of the broader concept of information warfare (informacionnoe protivoborstva, 
Russ. uugoopuauyuounoe npomuéeobopcmeo). Igor Panarin postulates that the main goals of 
information warfare are to undermine the information security of the hostile state; to 
damage the integrity (stability) of its governmental and military control system; and to 
effectively influence the information provided to its leadership, political elite, and the 
systems that form the public's opinion, perception, and decision making. Panarin states 
that the ultimate goal of every state in information warfare is to achieve information 
superiority in the world information environment. Although he does not define the distinct 
dimensions of the information environment, he distinguishes two types of information 
warfare—technical and psychological. The first refers to the situation in which the targeted 
systems exchange and process information, and the latter focuses on the political elite's 
and public's cognitive capabilities and the alteration of public opinion. However, this 
differentiation demonstrates that the Russian concept also recognizes that information 


warfare can target different dimensions— physical or cognitive.48 


The Ministry of Defense of the Russian Federation shares this definition. It 
specifies that, in wartime, information resources and capabilities become specific means to 
suppress enemy activity and deprive it of the opportunity to resist.49 The Russian military 
leadership also recognizes the multidimensional character of information warfare. It can 
have both physical and informational-psychological impacts on the adversary's force. The 
former is the destruction of the enemy's information, radio-electronic, and computer 
networks, and the latter is the psychological influence on the population and the personnel 
of the armed forces of the opposing sides. The Russian concept incorporates both defensive 


and offensive aspects that must be considered in their unity. As both Panarin and the 


47 Valery Gerasimov, “The Science's Value is in the Prediction." Military Industrial Courier no. 
8(476), 02/27-03/05/2013, https://vpk-news.ru/sites/default/files/pdf/ VPK 08 476.pdf, accessed February 
1, 2022. 


48 Panarin, Informatsionnaia Voina i Geopolitika [Information Warfare and Geopolitics], 172. 


49 Enciclopedia of the Ministry of Defence of the Russian Federation, s.v. “information warfare,” 
accessed February 1, 2022, 
https://encyclopedia.mil.ru/encyclopedia/dictionary/details.htm?id=522 1@morfDictionary. 
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military experts underline, it is equally important to protect one's own decision-making 
process and to influence the adversary's command and control system in information 


warfare. 


The contemporary Russian information warfare concept uses and adapts the Soviet 
Union's “active measures" such as dezinformatsiya or the intentional spread of 
disinformation or false, inaccurate, and controversial information to mislead the target 
audience and shape adversaries’ public opinion.?0 Arif et al. point out that such strategies 
are “ideologically fluid," and thus they are suitable to sow discord among very diverse 
political groups. They involve “harnessing existing public discontent by amplifying 
reductive social interpretations that confirm existing beliefs, support desired conclusions, 


or prompt certain strong emotions regarding groups of people and events."51 


Beijing has carefully analyzed the campaigns of the United States in the Gulf War, 
Kosovo, Iraq, Afghanistan, and Ukraine, and what role information operations played in 
them.>2 It uses these lessons learned to adjust and update its concept for information 
warfare. The foundation of modern Beijing’s concept are the theories of “Unrestricted 
War” and the “Three Warfares.” The former posits that, in future conflict, the state has to 
implement “all means, including armed force or non-armed force, military and non- 
military, and lethal and non-lethal means to compel the enemy to accept one’s interests.” 53 
The latter is part of so-called “political warfare,” which includes the integrated usage of 
psychological warfare, public opinion warfare, and legal warfare. These three warfare 


types constitute “a discursive power over an adversary—that is, the power to control 


50 More details about Soviet disinformation campaigns can be found in Ladislav Bittman, The KGB 
and Soviet Disinformation: An Insider’s View (Washington, DC: Pergamon-Brassey’s, 1985); Peter 
Pomerantsev and Michael Weiss, The Menace of Unreality: How the Kremlin Weaponizes information, 
Culture and Money (New York: Institute of Modern Russia, 2014); and Alvin A. Snyder, Warriors of 
Disinformation: American Propaganda, Soviet Lies, and the Winning of the Cold War: An Insider’s 
Account (New York: Arcade Publishing, 2014. 


51 Arif, Stewart, and Starbird, “Acting the Part,” 3. 
52 Beauchamp-Mustafaga and Chase, Borrowing a Boat Out to Sea, 34-36. 


53 Liang Qiao and Xiangsui Wang, Unrestricted Warfare, 2nd ed. (Wuhan, China: Chongwen, 2011), 
4]. 
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perceptions and shape narratives that advance Chinese interests and undermine those of an 


opponent.”>4 


Beauchamp-Mustafaga and Chase explain that public opinion warfare includes 
using “various media means and information resources” to “create a favorable public 
opinion environment for political initiative and military victory.5>“ This type of warfare 
has a relatively permanent nature and occurs both in wartime and peacetime. It finds 
expression in “long-term infiltration into the objects of the society and culture’s deep 
structure, changing the awareness and conviction of the enemy masses."56 Charon et al. 
specify that China’s general idea of public opinion refers to the terms “public emotion” 
and “public opinion.” The first term is “subjective interpretation of certain social 
realities,"?7 and therefore, it is an individual's perception. At the same time, the second 
emphasizes "the socio-political attitudes generated by social interactions, and thus it is the 
collective majority opinion.” 58 Hence, control over public opinion is inextricably tied with 
control over public emotions. Charon and Jeangéne Vilmer describe the core of public 
opinion warfare as the "cognitive orientation of the masses, to excite their emotions and to 


constrain their behavior."59 


Beauchamp-Mustafaga and Chase point out that there is a difference between 
public opinion warfare and psychological warfare. The latter is “more focused and 
concentrated in wartime."60 According to their analysis of strategic documents of the 
People's Liberation Army, Charon and Jeangéne Vilmer assert that Beijing distinguishes 
four types of psychological warfare: “coercion,” “mystification,” “division,” and 


“defense.”6! The first seeks to force the adversary to adopt a particular behavior; the 


54 Beauchamp-Mustafaga and Chase, Borrowing a Boat Out to Sea, 8. 

55 Beauchamp-Mustafaga and Chase, 9. 

56 Kania, “The PLA's Latest Strategic Thinking on the Three Warfares,” 2. 
57 Charon and Jeangène Vilmer, Chinese Influence Operations, 30. 

58 Charon and Jeangène Vilmer, 30. 

59 Charon and Jeangène Vilmer, 48. 

60 Beauchamp-Mustafaga and Chase, Borrowing a Boat Out to Sea, 8-9. 
61 Charon and Jeangéne Vilmer, Chinese Influence Operations, 49—50. 
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second spreads confusion and misleads; the third uses the adversary's weaknesses and 
domestic disagreements to hinder its decision-making process, ruin fighters’ morale, and 
diminish public confidence. The fourth protects one's own troops' morale from the 
enemy's influence.92 Related to psychological warfare is the concept for “cognitive 
domain operations." As Beauchamp-Mustafaga and Chase explain, China considers these 
operations as the next step in the evolution of warfare, “moving from the natural and 
material domains—land, maritime, air, even electromagnetic—4into the ephemeral, namely 
the human mind."6? Such operations target the enemy's cognitive thinking and decision- 
making processes with the means of psychological warfare to disrupt. Their ultimate goal 


is to achieve “mind superiority."64 


The third component of the “Three Warfares" concept, legal warfare, corresponds 
to the strategic use of the law. Its essence is to exploit the legal provisions of international 
and national laws to provide legitimacy for Chinese demands or policies.® Its goal is to 
"attain normative superiority" that can justify the use of force during a conflict, or when 


confrontation ends “to retain any gains or to claim its due.” 66 


The “Three Warfares" concept demonstrates that China, like the United States and 
Russia, also sees information warfare as a multidimensional phenomenon and recognizes 
the importance of operations in the information and cognitive dimensions. Beijing 
combines contemporary theories such as cognitive-domain operations, discursive power, 
and political warfare with older concepts such as “active measures," which China inherited 
from its historical ties with the former Soviet Union. This combination, together with the 
lessons learned from its main allies and adversaries, allows China to adapt its strategies 
and doctrines successfully to exploit the benefits and weaknesses of today's information 


environment. 


62 Charon and J eangene Vilmer, 49. 

63 Beauchamp-Mustafaga and Chase, Borrowing a Boat Out to Sea, 10. 
64 Charon and Jeangéne Vilmer, Chinese Influence Operations, 31. 

65 Charon and Jeangéne Vilmer, 31. 

66 Charon and Jeangéne Vilmer, 51. 
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In conclusion, all three major actors in the international political system adopt 
strategies and develop capabilities to gain an advantage over the information environment. 
As described in the literature just reviewed, the ultimate goals of information operations 
are to hinder the decision-making process of the adversary's political leadership and 
military commanders, affect the morale of the population and armed forces of the hostile 
nation, and protect a country's own forces and political system from malicious influence. 


Thus, information operations have both defensive and offensive aspects. 


A common understanding is that the information environment has different 
dimensions that define two specific directions of confrontation. The first targets the 
physical dimension and the technical systems that transmit, receive, and store information; 
the second aims at psychological impacts on the target audience by manipulating the 
information and cognitive dimensions. In recent years, with the increase in online 
connectivity and rapid expansion of social media such as Facebook, Instagram, and 


Twitter, the latter dimension has grown more significant. 


B. SOCIAL MEDIA IN INFORMATION WARFARE 


This section explores the main characteristics of the information operations 
conducted on social media, and on Twitter in particular, by the adversaries of the United 
States and NATO. Although the previous chapter makes clear that China has significant 
capabilities and ambitions to dominate the global information environment, until recently, 
Beijing’s focus has been predominantly on influencing its close neighborhood (Hong 
Kong, Taiwan), the Pacific region, and North America. This thesis, however, focuses 
primarily on the activities of various entities connected to the Russian Federation as they 
relate to the possible effects of hostile information operations conducted during NATO 
exercises in Europe. Samantha Bradshaw and Philip Howard point out that the social media 
information environment is complex and constantly evolving. In this environment, various 
actors pursue their political goals by creating and disseminating narratives designed to 
provoke a specific reaction in the targeted audience. At the same time, these audiences also 


are a diverse community, and they react differently to these narratives. Often, they 
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contribute to the further development of the narrative by adding links to other content such 


as video, pictures, or music.®7 


Various Russian companies and organizations are involved in social media 
information operations. Some of them operate openly, such as the television channel RT 
(formerly Russia Today) and the news agency Sputnik, while others work covertly, such 
as the IRA. This combination allows the Kremlin to run “large-scale and complex 


information operations" with actors “at varying levels of attribution."68 


The overt companies comprise a vast network that connects to domestic and foreign 
audiences through online channels on different social media platforms and at the same time 
creates more traditional content for TV channels, newspapers, and news agencies. These 
two forms of communication cannot be entirely separated because the traditional media 
products are also disseminated online.®? A 2021 report by the NATO Center of Excellence 
for Strategic Communication reveals that the RT news service is central in Moscow's 
information operations. This news service was created in 2005 under Russia Today's 
brand, but later it changed its name to RT. The non-profit organization TB-HoBocru/TV- 
News controls RT; however, RT's funding comes entirely from the Russian state budget. 
In 2020, the subsidy to TV-News was more than 360 million U.S. dollars. Around 83% of 
these funds are dedicated to media content production. Margarita Simonyan has been in 
charge of the main editorial office of RT since 2005.70 She and her husband have tight 
connections to members of the presidential administration, such as its First Deputy Chief 
of Staff, Alexei Gromov. He is one of RT's creators and maintains the Kremlin's control 
over the work of the largest newspapers, television channels, and news agencies. 7! RT also 


has a YouTube channel, which was the first “to reach 1 billion views ... and later it was 


67 Philip N. Howard and Samantha Bradshaw, “The Global Organization of Social Media 
Disinformation Campaigns," The Journal of International Affairs, SIPA 71 (September 2018): 9, 
https://jia.sipa.columbia.edu/global-organization-social-media-disinformation-campaigns. 


68 Helmus, Russian Social Media Influence. 

69 Helmus, 26. 

70 Hanley and Kuzichkin, Russian Media Landscape, 22. 
7 Hanley and Kuzichkin, 11. 
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also the first to reach 10 billion views."72 In addition, RT has a vast network of Twitter 
accounts in different languages, such as (RT COM, (gRT America, @RTUKnews, 
(Qde rt com, and (QRTarabic Bn. Each of these accounts has between several thousand 
and several million followers. Simonyan herself has 531.7 thousand Twitter followers. In 
a congressional hearing, one Twitter official testified that "(RT COM and 
(Q)RT America together spent $516,900 in advertising in 2016. As a result, they were able 
to promote 1,912 Tweets and generate approximately 192 million impressions ?? across all 


ad campaigns. 74 


Another Russian media group with significant input into information operations is 
Rossiya Segodnya. It is state-owned, and in 2020 the company received 100 million U.S. 
dollars from the state budget.75 Rossiya Segodnya is a holding company that controls 
influential media outlets such as RIA Novosti, Sputnik, InoSMI, Baltnews, and others. 
These news agencies publish their information products on various online platforms, 


including Twitter. 


Russia's network of existing official media channels significantly contributes to 
Moscow's capability to organize and conduct information operations. Its main 
contributions are to receive legally directed funds from the Russian state for media 
production and to operate legally in different countries. In addition to creating content in 
several different languages, this arrangement helps such media outlets to access broad 
audiences. As Hanley and Kuzichkin point out, RT and Sputnik use this opportunity and 
customize their media products "depending on the audience and the strategic objective. "76 


The authors explain that for its Latin American audience RT produces leftist content in the 


72 Hanley and Kuzichkin, 22. 


73 Twitter defines impressions as viewing the content of the tweet. For details see Russia Investigative 
Task Force: Testimony before Permanent Select Committee on Intelligence, 3. 


74 Russia Investigative Task Force: Testimony before Permanent Select Committee on Intelligence, 13. 
75 Hanley and Kuzichkin, Russian Media Landscape, 25. 
76 Hanley and Kuzichkin, 9. 
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Spanish language, while its products for Eastern European countries emphasize national or 


historical ties to Russia or praise the strength of the Russian economy. 77 


Complementing these public media organizations, the Kremlin's information 
operations arsenal has companies that use covert methods, including fake accounts and 
divisive and fake information posting. A notorious example is the Internet Research 
Agency, a Russian corporation based in Saint Petersburg. Various authorities and scientists 
have revealed the corporation's interference in the 2016 U.S. Presidential election? and 
the Black Lives Matter movement’s protests.7? According to Howard et al., the IRA has 
been using Twitter since 2009. The initial focus was on the Russian audience, and the 
tweets were primarily in the Russian language. The company began targeting English- 
speaking users at a slow pace in 2013. By the beginning of 2014, however, its engagement 


with English-speaking users had increased and grew significantly by the end of the year.80 


Although the company had direct links to the Russian government, the IRA 
primarily received funding for its operations from two companies, Concord Management 
and Consulting and Concord Catering. Both were under the control of Nikolay Prigozhin,®! 
who is also the owner of Wagner (a private military company) and has close connections 
to the Kremlin elite.82 The IRA’s activities also received funding as part of a large 
interference operation named "Project Lakhta" that targeted audiences in the United States 
and Russia, France, and other countries. As of 2016, the IRA's monthly budget was over 


1.25 million U.S. dollars.83 


77 Hanley and Kuzichkin, 9. 
78 The U.S. vs the Internet Research Agency LLC, 1:18-cr-00032-DLF. 
79 Arif, Stewart, and Starbird, “Acting the Part.” 


80 Howard et al., “The IRA, Social Media and Political Polarization in the United States, 2012-2018," 
10. 


81 The U.S. vs the Internet Research Agency at 6-7. 


82 Nathaniel Reynolds, Putin’s Not-So-Secret Mercenaries: Patronage, Geopolitics, and the Wagner 
Group, The Return of the Global Russia (Washington, DC: Carnegie Endowment for International Peace, 
2019), 9-12, https://carnegieendowment.org/files/GlobalRussia NateReynolds Vagner.pdf. 


83 The U.S. vs. the Internet Research Agency at 7. 
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The IRA’s organizational structure was complex, and it had hundreds of employees 
“ranging from creators of fictitious personas to technical and administrative support.” 84 
The company had management and specialized graphic design, data analysis, search engine 
optimization, finance, information technology, and translation departments. The latter 
allowed its operators to post information on social media in different languages and expand 
its global reach.85 The IRA's staff members worked two 12-hour shifts to match regular 
users' activity in different time zones, as they did during the 2016 U.S. presidential 
election. Their tasks were “to create social media accounts that appeared to be operated by 
U.S. persons...[and]... create political intensity through supporting radical groups, users 
dissatisfied with [the] social and economic situation and oppositional social 
movements."86 The employees were very productive: they created 36,746 accounts related 
to the 2016 presidential election. They posted approximately 1.4 million election-related 
tweets from September through November 2016, and these tweets received approximately 
288 million impressions.57 The IRA's management was responsible for receiving and 
evaluating the impact of the organization's online social media operations and the size of 
the online U.S. audiences reached through IR A's posts. They measured “different types of 
engagement with the posts (such as likes, comments, and reposts), changes in audience 


size, and other metrics.”88 


These Russian organizations, both the overt and covert ones, involved in 
information operations have the capability to engage global audiences on various social 
media platforms and in different geographical locations. Online, such organizations operate 
on Twitter, Facebook, Instagram, and geographically, they can influence audiences both 


far and near their borders.89 However, these targeted social groups in the ‘far abroad’ and 


84 The U.S. vs. the Internet Research Agency at 6. 

85 The U.S. vs. the Internet Research Agency at 6. 

86 The U.S. vs. the Internet Research Agency at 14. 

87 Russia Investigative Task Force: Testimony before Permanent Select Committee on Intelligence, 10. 
88 The U.S. vs. the Internet Research Agency at 15. 

89 Helmus, Russian Social Media Influence, 32-39. 
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‘near abroad’ have different characteristics, forcing the Kremlin to adapt its influence 


strategies. 


The so-called *near abroad' includes the former Soviet republics and most East 
European states. Such countries usually have sizable Russian minorities, Russian-speaking 
citizens, or groups that share common memories or interpretations of history. These 
communities are both targets and conduits of Russian “soft power" and influence.?0 
Moscow's most important narratives in these countries include tropes about traditional 
(Russian) conservative values, such as family and orthodoxy, a shared fear of violent 


revolutions, and the West's betrayal and moral degradation.?! 


In contrast to the ‘near abroad,’ Russian information operations in the ‘far abroad’ 
countries focus on radical political groups, social movements, and religious groups. 
Andrew Weisburd, Clint Watts, and Jim Berger argue that Moscow's information 
campaigns fall into four categories: political, financial, social, and conspiracy. The political 
and financial campaigns aim to slander political leaders, undermine governmental 
institutions' credibility, or erode trust in the financial system or experts. The social 
objectives of such operations seek to “undermine the fabric of society.”9? Finally, the 
dissemination of conspiracy theories promotes images of "global calamity while 


questioning the expertise of anyone who might calm those fears."?? 


Ben Nimmo formulates four specific tactics that the Kremlin uses to achieve these 
goals: dismiss, distort, dismay, and distract. The dismiss tactics deny the truth of the facts 
that contradict Moscow's narratives or tarnish the credibility of the source of these facts. 
The distorted tactics mix cherry-picked facts, lies, and disinformation. Since the ultimate 
goal is to sow doubts in the designated audiences, the truthfulness of the dismissed facts or 


blatant falsehood of the distorted message is not essential. All these tactics need only to 


90 Rotaru, “Forced Attraction?," 3-10. 
91 Helmus, Russian Social Media Influence, 10. 


92 Andrew Weisburd, Clint Watts, and Jim Berger, “Trolling for Trump: How Russia Is Trying to 
Destroy Our Democracy,” War on the Rocks, November 6, 2016, 
https://warontherocks.com/2016/1 1/trolling-for-trump-how-russia-is-trying-to-destroy-our-democracy/. 


93 Weisburd, Watts, and Berger. 
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disorient the targeted population or social groups. The dismay tactics intimidate and induce 
fear and anxieties in the audience, usually through harassment and personal threats. Finally, 
the distraction techniques turn the "attention away from the activities of Russia and its 
allies by launching accusations elsewhere."?^ Overall, as Peter Pomerantsev and Michael 
Weiss observe, “the aim of this new propaganda is not to convince or persuade, but to keep 


the viewer hooked and distracted, passive and paranoid, rather than agitated to action.”95 


Linvill and Warren explored the implementation of these tactics by the IRA from 
June 19, 2015, to December 31, 2017, and “identified five categories of IRA-associated 
Twitter handles, each with unique patterns of behaviors."?6 These categories are Right 
Troll, Left Troll, News Feed, Hashtag Gamer, and Fearmonger. The Right Troll accounts 
posted nativist and right-leaning populist messages. The Left Troll handles published 
“socially liberal messages, with an overwhelming focus on cultural identity."?7 The News 
Feed accounts “overwhelming presented themselves as the U.S. local news aggregators,"98 
while the Hashtag Gamer handles promoted hashtag games, some of which had socially or 
politically divisive hashtags. The fifth category, Fearmonger trolls, posted news about 
crisis events, usually fabricated. The authors observed that Left and Right Trolls were more 
active than the other types, but their activity varied significantly on a day-to-day basis. The 
News Feed accounts tweeted at a relatively consistent rate throughout the explored period. 
By contrast, the Hashtag Gamer handles were “very active during and after the election 
season, but by the summer of 2017, they [were] nearly silent.”99 All five troll types 
changed their behavior under specific political circumstances. For example, when John 


Podesta's email was leaked to the press for the first time (8:30 pm UTC on October 7, 


94 Nimmo, “Anatomy of an Info-War: How Russia’s Propaganda Machine Works, and How to 
Counter It.” 


95 Peter Pomerantsev and Michael Weiss, The Menace of Unreality:How the Kremlin Weaponizes 
Information, Culture and Money (New York, NY: The Institute of Modern Russia, 2014), 11, 
https://www.almendron.com/tribuna/wp-content/uploads/2015/08/The_Menace_of Unreality Final.pdf. 


96 Linvill and Warren, “Troll Factories,” 451. 
97 Linvill and Warren, 452. 
98 Linvill and Warren, 452. 
99 Linvill and Warren, 453. 
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2016), the News Feeds trolls continued to post messages at their regular low rate. 
Meanwhile, the Hashtag Gamers' activity which was very high in the late hours of October 
5, 2016, went silent in the following days. In contrast, the Left and Right trolls became 


active on October 6, 2016, and tweeted at a high rate until October 7, 2016. 100 


In conclusion, the Russian Federation has the capability to organize and implement 
online information operations through its covert and overt assets. RT news network and 
Sputnik news agency are among the most powerful tools in the Russian online arsenal. 
Under the Kremlin's strict control, they deliver and popularize narratives to their vast 
audience in countries in the near and the far abroad. Additionally, Moscow has created 
companies that use covert techniques to engage carefully selected social groups in order to 
manipulate their perceptions and emotions. In such cases, the main goal is to sow distrust, 
disorient targeted groups’ value systems, and amplify social divisions. An example of this 
type of covert organization is the Internet Research Agency, which had hundreds of 
employees, and its leadership had close connections to the Kremlin's political elite. Studies 
of the IRA’s activities and tactics revealed possible patterns in its operations on Twitter. 
Most importantly, research has delineated the types of accounts that IRA operators used 
for their tasks. These accounts revealed distinct posting behaviors and shared specific 


information. 


Russia's overt and covert organizations have developed a global reach and can 
target audiences in various languages. Typically, in the ‘near abroad’ countries, the target 
is local Russian-speaking communities, Russian ethnic minorities, and other groups that 
share cultural, historical, or religious identity with Russia. For these audiences, Moscow's 
narratives include positive interpretations of the Russian political and cultural model and 
negative depictions of the Western political, financial, and social systems. The ‘far abroad’ 
narratives aim at damaging social cohesiveness and confidence in institutions. Since their 
goal is to reinforce the most radical opposing opinions, they may also include positive and 


negative messages regarding a particular topic. 


100 Darren L. Linvill and Patrick L. Warren, Troll Factories: The Internet Research Agency and State- 
Sponsored Agenda Building (Clemson, SC: Clemson University, 2018), 11, 
http://pwarren.people.clemson.edu/Linvill_ Warren TrollFactory.pdf. 
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The next chapter details the research methods used in this thesis to examine user 
activity on one particular social media platform, Twitter, between July 2013 and August 
2014, to identify factors related to IRA and Russian media efforts specifically influencing 


sentiments in tweets about NATO. 
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IV. RESEARCH METHODS 


A. HYPOTHESES 


This research examines one year of user activity on Twitter from July 2013 to 
August 2014. The purpose is to identify the significant factors that influence sentiments 
related to tweets on a particular topic—in this case, all tweets in which the text included 


the acronym NATO. 


The first hypothesis is that the overall sentiment in the online conversation on 
NATO will become more negative ifthere is an increase in IRA and Russian media activity 
(Hypothesis 1). The second hypothesis is that while NATO exercises are occurring the 
sentiment of the online conversation related to NATO will become more negative as the 
activity of Russian media organizations, whether covert or overt, increases. Third, this 
thesis hypothesizes that the change in sentiment during NATO exercises will be more 
negative in a country closer to the borders of the Russian Federation (Hypothesis 3). 
Fourth, this thesis also hypothesizes that IRA and Russian media activity during NATO 
exercises will increase the size of the daily user network for the NATO conversation, and 


that network will become more centralized and interconnected (Hypothesis 4). 


B. DATA AND METHODS 


To test the hypotheses formulated in Section A this thesis examines specific 
datasets and applies different methods, such as regression and sentiment analysis, text 


mining, and social network analysis. 


1. Datasets 


This thesis uses the NPS-licensed Twitter archive as the primary data source. It 
contains a random sample of ten percent of the tweets posted globally between August 1, 


2013, and July 31, 2014. 


A search query was constructed based on the acronym NATO (in the English, 
French, Chinese, and Cyrillic alphabets) and a list of handles connected to IRA and Russian 


online media outlets. The U.S. House of Representatives Permanent Select Committee on 
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Intelligence published these handles in June 2018.10! The query's results are stored in two 
datasets. In the first, the results are aggregated in "country-date" units. In the second 
dataset, each row represents a separate tweet with its text, and each message is represented 


as a “point” at a latitude/longitude/time location. 


2. Sentiment Analysis and Text Processing of Social Media Data 


Social media sentiment analysis relies on dictionaries containing words with 
predetermined positive or negative sentiment scores. In this research, two separate 
sentiment lexicons!92 are used, one with negative words and one with positive words. 
These dictionaries are in the English language; therefore, the text of every tweet needs 


translation before further processing. 


Since this research dataset contains information about the tweet's language, the 
initial dataset was split into smaller sub-datasets according to the tweet's language. The 
result was 45 distinct sub-datasets organized by “tweet ID" and “text.” These sub-datasets 
were translated using the Google Translate website at the next stage. After translation, each 
tweet's text went through text processing, including tokenization and cleaning of redundant 
symbols and words such as punctuation signs, special characters, or symbol combinations 


(e.g., @, RT, and URLs). 


Next, cleaned tokens (words) were compared to the content of the positive and 
negative dictionaries. Depending on which lexicon contained a match for a word, each 
word received a sentiment score accordingly. Each word's score was calculated with 


Formula 1 to distinguish between a positive and a negative sentiment: 
Sword = Positive score — Negative score (1) 


Words with a positive sentiment were coded as 1, and the negative as -1. If there was no 


match or the word was found in both dictionaries, the sentiment score was 0 or neutral. 


101 The Internet Research Agency's Handles as of June 2018, U.S. House of Representatives 
Permanent Select Committee on Intelligence (Washington, DC, 2018), 
https://intelligence.house.gov/uploadedfiles/ira handles june 2018.pdf. 


102 Minging Hu and Bing Liu, Mining and Summarizing Customer Reviews, Research Track Paper 
(Chicago, IL: University of Illinois at Chicago, 2004). 
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Finally, the overall sentiment of the tweet was calculated using Formula 2 as the sum of 


the sentiment scores of its tokens: 
Stweet — ue Sword; (2) 


3. Network Topography Measures 


After the sentiment score of the tweets was calculated, edge lists were created for 
every day in the research period. Two Twitter accounts have a tie between them if one of 
them retweeted, mentioned, or quoted the other's tweet. The attribute list includes 
username, language, followers, country name, date when the user tweeted, and two flags 
indicating whether the user was an IRA member or a Russian official media outlet. Using 
R-package “igraph,”!93 it was possible to calculate the network size, density, local 


clustering coefficient, and degree centralization score for all users in 365 social networks. 


4. Dependent Variables 


The mean sentiment of the tweets in the NATO conversation (as defined earlier) 
was the dependent variable used to test Hypotheses 1 through 3. It is aggregated to a 
“country-date” unit of analysis. It is an ordered categorical variable with three levels. The 
first corresponds to negative sentiment, the second to neutral sentiment, and the third to 


positive sentiment. 


Other dependent variables based on network structure, such as network size, local 
clustering coefficient, and degree centralization, were used to test Hypothesis 4. The 
network size is based on the number of accounts in the network. It provides information on 
how many users participated in the explored NATO online conversation. The change in 
network size during the research period can provide information on how the network of 
participants was growing or shrinking.!04 The local clustering coefficient is an 


interconnectedness measure known as average ego-network density. It provides 


103 Gabor Csardi and Tamas Nepusz, “The Igraph Software Package for Complex Network 
Research,” InterJournal Complex Systems (2006): 1695, https://igraph.org. 


104 Daniel Cunningham, Understanding Dark Networks: A Strategic Framework for the Use of Social 
Network Analysis (Lanham, MD: Rowman & Littlefield, 2016), 86. 
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information on how interconnected the actors of the ego network are.!05 The degree 
centralization score “uses the variation of the actor’s [degree] centrality within the network 
to measure the level of centralization.” 106 If the degree centralization is high, the users’ 
degree centrality scores significantly vary. Therefore, if the score is high, one or a few 


accounts are significantly more active than the others. 107 


5. Independent Variables 


The independent variables cover five categories: spatial effects, network 
topography, levels of online activity, and the dates of NATO and Russian military 


exercises. 


The distance to the Russian border is the only spatial variable. It represents the 
shortest distance between the Russian state border and every tweet’s location, measuring 0 


for tweets originating inside Russia. 


Edge density, the only social network topography measure, is an independent 
variable in the models that test Hypotheses 1 through 3. It introduces information about the 
behavior of daily user accounts into the model. Its change reflects the emergence or 


disappearance of the network’s ties (as defined earlier). 


The Twitter-related variables count the number of tweets originating from IRA or 


Russian overt accounts by day. 


Finally, the exercise-related variables provide information measuring the dates on 
which NATO or Russian military exercises occurred, coded as 1 for the dates of the 
exercises and 0 for all other dates. Jan Brzezinski and Nicholas Varangis summarized 
NATO and Russian military activity over this period, and provided information about their 


timeline, location, and participants. 108 There were four NATO military drills in Eastern 


105 Cunningham, 100. 
106 Cunningham, 87. 
107 Cunningham, 87. 


108 Jan J. Brzezinski and Nicholas Varangis, “The NATO-Russia Exercise Gap,” Atlantic Council 
(blog), February 23, 2015, https://www.atlanticcouncil.org/blogs/natosource/the-nato-russia-exercise-gap/. 
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Europe and Scandinavia in the research period. “Steadfast Jazz" took place in Poland and 
Lithuania (November 2—9, 2013), Norway hosted “Cold Response" (March 7—21, 2014), 
Estonia hosted “Spring Storm 14/Steadfast Javelin I" (May 5—23, 2014), and “Saber Strike 
2014" took place in the Baltic States (June 9—20, 2014). The Russian Federation had three 
large-scale exercises in the research period. They took place in the Western Military 
District (Zapad-13, September 17—26, 2013), in the Western and Central Military Districts 
(February 26—March 3, 2014), and the Central Military District (June 21—28, 2014). 


6. Control Variables 


The control variables in the tested model are the total number of tweets, the 
country's population, gross domestic product per capita, political regime type, and access 


to the internet. 


Gross domestic product (GDP) per capita and population provide information about 
the relative size and prosperity of each country. Access to the Internet provides information 
about the degree to which the population can use online media as a source of information. 


The World Bank Development Indicators 10° are the source of these three variables. 


The political regime variable is derived from the Polity5 Project dataset.!!0 The 
model uses the revised combined polity score (Polity2), adapted for time-series analysis. It 
ranges from 10 (strongly democratic) to -10 (strongly autocratic). Introducing this variable 
in the model provides an opportunity to examine how the ruling regime or the type of 


government influences the effectiveness of online information operations. 


The total number of tweets variable provide information about the overall daily 


activity in Twitter 


109 World Bank, *World Development Indicator," accessed February 27, 2022, 
https://datatopics. worldbank.org/world-development-indicators/. 


110 Center for Systemic Peace, "Polity5 Project, Political Regime Characteristics and Transitions, 
1800-2018," April 23, 2020, https://www.systemicpeace.org/inscrdata.html. 
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C. REGRESSION ANALYSIS 


The initial analysis presented here utilizes ordered logit regression models. Its goal 
is to test the formulated hypotheses concerning the relationship among online sentiments, 
military exercises, and the activity of Russian overt and covert agents. The regression 
analysis tests four different models. It starts with a simple additive form and gradually 
introduces different multiplicative interaction terms. These terms examine different 
relations among the independent variables in accordance with the formulated Hypotheses 
1 to 3. A log transformation is applied to all independent variables in the model except 
NATO Exercise, Russian Exercise, and Political Regime in order to reduce the skew in their 
values. The full version of the sentiment model is as follows: 

Sentiment — 
Bo + P,NATO Exercise + B, Russian Exercise + £,IRA Tweets 
+£,Distance to Russia + f; Russian Media Tweets + f, Edge Density 
- B, Political Regime + J,GDP + £,Population 
+ Access to Internet, Total Tweets 
t f,, (Russian Exercise * Distance to Russia) + B, (NATO Exercise * Distance to Russia) 


- f,, (Russian Exercise * IRA Tweets) + /,; (NATO Exercise * IRA Tweets) 
t f, (Political Regime * IRA Tweets) + 2, (NATO Exercise * Russian Media Tweets) 


In addition, six log-linear models are used to test Hypothesis 4. Each pair of models 
tests a different dependent variable—network size, degree centralization, or clustering 
coefficient—with the first model providing a baseline additive specification and the second 
model including multiplicative interaction terms. The full version of each model is given 
by: 

Network Metric = 
f, + BRA Tweets-f,Russian Media Tweets + £,Distance to Russia + Z, NATO Exercise 
t f;Political Regime + &,GDP + „Population + 5, Access to Internet*, Total Tweets 
tB (NATO Exercise * IRA Tweets) 


+2, (NATO Exercise * Russian Media Tweets) 
t B2(Political Regime *IRA Tweets) 
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REGRESSION RESULTS 


RUSSIAN ONLINE INFLUENCE ON SOCIAL MEDIA SENTIMENT 


Tables 1, 2, and 3 show the results of four ordered logit models and their 


performance. The first table includes the goodness of fit scores for the different models, 


the second presents the base term coefficients, and the third shows the multiplicative 


interactive terms in the tested regression models. The analysis of models’ goodness of fit 


scores reveals that the models achieve similar overall error rates, shown by the mean 


absolute error (MAE) and the root mean squared error (RMSE), while Model 4 performs 


slightly better than the others according to the Akaike’s Information Criteria (AIC) scores. 


Thus, Model 4 is used for further analysis. 


Table 1. Sentiment Regression Models: Goodness of Fit 
Sentiment 
Model 1 Model 2 Model 3 Model 4 
(1) (2) (3) (4) 
Observations 57,377 57,377 57,377 57,377 
MAE 0.222 0.222 0.222 0.222 
RMSE 0.341 0.341 0.341 0.341 
AIC 51,658 51,634 51,618 51,617 
BIC 51,774 51,769 51,771 51,787 
Log Likelihood -25,816.011 -25,802.100 -25,792.176 -25,789.443 


The results in Table 2 show that there is a positive (0.065) statistically significant 


relationship (p < 0.01) between the number of IRA tweets and the average sentiment of the 


NATO conversation. Russia’s overt media activities also have positive relationship (0.051) 


to sentiment of the tweets across country-day, though with a lower level of statistical 


significance (p < 0.05). The edge density of the network of users is the third coefficient 


that is also positively related to sentiment of the tweets. Finally, the control variables are 


Page 2893 of 3957 


35 


Page 2894 of 3957 


statistically significant, although on a different level. All of them have a p-value<0.01, 
except political regime with a p-value<0.1. All their coefficients except the country's access 


to the internet are negative. 


Table 2. Sentiment Regression Models: Base Terms 


Sentiment 
Model 1 Model 2 Model 3 Model 4 
(1) (2) (3) (4) 
NATO Exercise -0.001 -0.152 -0.099 -0.365 
(0.038) (0.137) (0.137) (0.252) 
Russian Exercise 0.080 0.071 0.807** 0.807" 
(0.052) (0.052) (0.200) (0.200) 
IRA's Tweets 0.039** 0.052** 0.052** 0.065" 
(0.010) (0.010) (0.011) (0.013) 
Russian Media Tweets 0.062" 0.060** 0.060" 0.051" 
(0.025) (0.025) (0.025) (0.026) 
Distance to Russia 0.005 0.0003 0.004 0.004 
(0.003) (0.004) (0.004) (0.004) 
Edge Density 0.320** 0.326" 0.325"* 0.325" 
(0.020) (0.021) (0.021) (0.021) 
Total Tweets -0.107"** -0.107"** -0.107** -0.107** 
(0.009) (0.009) (0.009) (0.009) 
Political Regime -0.015*** -0.015*** -0.015** -0.008* 
(0.002) (0.002) (0.002) (0.004) 
GDP per capita -0.165** -0.164** -0.164** -0.163** 
(0.022) (0.022) (0.022) (0.022) 
Population -0.180"* -0.180"* -0.180** -0.180** 
(0.014) (0.014) (0.014) (0.014) 
Access to Internet 0.173** 0.171% 0.171% 0.171 
(0.026) (0.027) (0.027) (0.027) 
1|2 -5.579"* -5.648"" -5.595"" -5.580" 
(0.174) (0.175) (0.175) (0.176) 
2|3 0.110 0.043 0.100 0.115 
(0.170) (0.171) (0.172) (0.173) 


Note: “p<0.1; "p«0.05; "*p«0.01 
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Table 3 provides information about the multiplicative interaction terms included in 
Models 2, 3, and 4. The first two terms test Hypothesis 2, or whether there is a negative 
effect on sentiment arising from the combination of NATO exercises and the activity of 
Russia's overt and covert media actors. The first interaction term between NATO Exercise 
and /RA Tweets is negative (-0.106) and statistically significant (p « 0.01). The second 
term, which reflects the influence of Russia's overt media outlets on sentiment during 
NATO exercises, is not statistically significant. Therefore, it is impossible to draw firm 
conclusions concerning the direction and the strength of the relationship. The third term, 
which represents how the users' distance from the Russian border influences the sentiment 
of their tweets when a NATO exercise occurs, is positive and statistically significant, 
indicating that sentiment is stronger at longer distances. The fourth and fifth terms test the 
effects of JRA Tweets and Distance to Russia on sentiment during Russian military 
exercises rather than NATO exercises. Of these, only the interaction between Distance to 
Russia and Russian Exercise is statistically significant (p « 0.01), with a negative (-0.054) 
coefficient, implying that Russian exercises generate more negative effects on sentiment 
as the distance from Russia grows. Finally, the sixth term tests how IRA activities and the 
country's political regime type generate combined effects on sentiment. It is negative 
(-0.003) and statistically significant, although to a lesser degree (p « 0.1), implying that 
IRA activities generate more negative impacts on sentiments in democracies than in 


autocracies. 
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Table 3. | Sentiment Regression Models: Multiplicative Interaction Terms 


Sentiment 
Model 1 Model 2 Model 3 Model 4 
(1) (2) (3) (4) 
NATO Exercise*IRA Tweets -0.105** -0.105** -0.104""* 
(0.029) (0.029) (0.029) 
NATO Exercise*Russian Media Tweets 0.108 
(0.086) 
NATO Exercise*Distance to Russia 0.031°** 0.027% 0.027% 
(0.008) (0.008) (0.008) 
Russian Exercise*IRA Tweets 0.005 0.005 
(0.033) (0.033) 
Russian Exercise*Distance to Russia -0.055** -0.055** 
(0.012) (0.012) 
IRA Tweets *Political Regime -0.003** 
(0.002) 
Note: “p<0.1; "p«0.05; **p«0.01 


2. Analysis of the Findings 


Hypothesis 1: The overall sentiment of the NATO online conversation will become 


more negative if there is an increase in IRA and Russian media activity. 


The results from the regression models do not support Hypothesis 1. Figure 1, 
showing estimates derived from Model 4, demonstrates that increased IRA activity 
heightens the probability that the average sentiment will be positive (blue line) and lowers 
the probability for negative sentiment (red line) in the graph at the left. The second graph 
on the right shows that the that the tweets by overt Russian media have a similar effect on 


sentiment, though that effect is slightly weaker. 
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Figure 1. IRA and Russian Media Tweets vs. Sentiment in the NATO 
Conversation 


The colored shading around the lines in the graphs shown in Figure | represent the 
95% confidence interval of the respective variables and to what degree the slope of the 
lines in the graphs can vary within this interval. The comparison of the two graphs in Figure 
1 reveals that the slopes of the lines are different. Both lines in the graph at left, depicting 
the IRA’s tweets, have a steeper slope than those in the graph at right, depicting the effects 
of tweets by overt Russian media, which means that the IRA’s activity has a more 


substantial effect on the sentiment than does the activity of overt Russian media. 


Figure 2 further supports this conclusion by presenting the substantive effects of 
IRA and Russian media tweets on positive or negative sentiment probability. For 
convenience and better comparison, the graphic on the right in Figure 2 presents the 
absolute values of these effects. From Figure 2, it is easy to compare of the effect 
magnitudes, which are, in fact, negative (given the red lines on the graphs in Figure 1 have 


negative slopes). 


39 


Page 2897 of 3957 


Page 2898 of 3957 


FS 
o 
FS 
o 


w 
[s] 
1 
w 
te] 
1 


N 
o 
L 


= 
o 
1 


AP(Positive Sentiment) 
N 
o 
3 
1 


AP(Negative Sentiment) 


o 


o 


T T T 
Russian Russian 
IRA Media IRA Media 


Independent Variables Independent Variables 


Figure 2. Substantive Effects of IRA and Russian Media Tweets on the 
Probability of Positive and Negative Sentiment 


The graphics in Figure 2 demonstrate two important findings. First, the IRA's 
tweets have a stronger impact on the probability of sentiment change than tweets by the 
overt Russian media. Second, both the overt and the covert Russian actors more effectively 
generate positive sentiment and are counter-intuitively associated with decreases in 


negative sentiment. 


Hypothesis 2: The sentiment of the online NATO conversation during NATO 
exercises will become more negative with the increase of the activity of Russian media 


organizations, whether covert or overt. 


The regression models provide evidence that is partially supportive of Hypothesis 
2. The first and second interaction terms in Table 3 provide the necessary information to 
examine how the Twitter activity of Russia's covert and overt media organizations affects 
the online conversation about NATO during NATO exercises. The first term NATO 
Exercises *IRA Tweets is statistically significant (p < 0.01) and negative (-0.106), implying 
that IRA activities generate more negative effects during NATO exercises. Figure 3 
demonstrates this effect graphically. When NATO exercises take place, the increase in 
IRA's online activity results in a decreased probability for positive sentiment among 
network users. Conversely, when there is no NATO exercise, the probability for positive 
sentiment about NATO among network users increases when the number ofthe IRA tweets 


increases. 
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Figure 3. | NATO Exercises and IRA Tweets vs. Probability of Positive 
Sentiment 


In contrast, the term NATO Exercise*Russian Media Tweets is not statistically 
significant. This finding suggests that in the researched period, during NATO exercises, 
the Twitter accounts of overt Russian media probably were not as active in the online 
NATO conversation. This is contrary to the prediction of Hypothesis #2, which expected 
both overt and covert Russian media to have similarly negative effects during NATO 


exercises. 


Hypothesis 3 The change of sentiment during NATO exercises will be more 


negative if the country is closer to the borders of the Russian Federation. 


The regression results support this hypothesis. The multiplicative interaction term 
NATO Exercise*Distance to Russia is statistically significant (p < 0.01) and positive 
(0.027). Figure 4 shows that when NATO exercises take place, the probability that the 
average sentiment in the online conversation about NATO will be positive is lower in 
countries that are closer to the borders of Russia. In contrast, when there is no NATO 
exercise, the likelihood for positive sentiment decreases in countries that are further from 


Russia. 
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Figure 4. NATO Exercises and Distance to Russia vs. Probability of Positive 
Sentiment 


B. NETWORK MEASURES AND RUSSIAN ONLINE INFLUENCE 


Based on the models’ performance scores in Table 4, it is possible to conclude that 
models 6, 8, and 10 have the best goodness of fit. They each have lower AIC and Bayesian 
Information Criteria (BIC) scores than the other three paired models presented in the table, 


indicating that the addition of the interaction terms decreases the models’ errors. 


The IRA and Russian media coefficients are statistically significant (p « 0.01) for 
all three topology measures. Those for clustering coefficient and network size are positive, 
for both overt and covert media activity, suggesting that these Russian entities" actions 
make the daily networks larger and more interconnected. The degree centralization 
coefficient for IRA activities is also statistically significant (p « 0.01). However, it is 
negative, which indicates that the daily network becomes less centralized with the 


increasing activity of Russia's covert media organizations. 


The interaction term NATO Exercise*IRA Tweets is statistically significant (p < 
0.01) for all three models. It is negative in the models for network size (-0.143) and 


clustering (-0.064), and it is positive in the case of degree centralization (0.027). The term 
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NATO Exercise*Russian Media Tweets is statistically significant and positive only in the 


degree centralization (p « 0.05) and clustering (p « 0.01) models. 


Table 4. | Network Regression Models 


Network Degree Clustering 
Size Centralization Coefficient 
Linear Linear Linear Linear Linear Linear 
(5) (6) (7) (8) (9) (10) 
IRA's Tweets 0.167" 0.179" . .0.049" 0.051" 0.471" 0.4717 
(0.002) — (0.002) (0.002) (0.002) (0.007) (0.007) 
Russian Media Tweets 0.430°" 0.349% -0.005 0.0117*  0.449"* 0274" 
(0.005) — (0.005) (0.004) (0.004) (0.018) (0.019) 
Distance to Russia 0.0027" 0.002" -0.001 -0.0004 0.004" 0.004 
(0.001) (0.001) (0.001) (0.001) (0.002) (0.002) 
Total Tweets -0.009"" -0.008% 0.002 0.001 -0.018"* -0.015% 
(0.002) (0.002) (0.002) (0.001) (0.007) (0.007) 
Political Regime -0.001 -0.0004 0.0002 0.0001 -0.001 -0.001 
(0.0005) (0.0005) (0.0004) (0.0004) (0.002) (0.002) 
GDP per capita -0.073"" -0.064"  0.018™™ 0.016"*  -0.121"* -0.106"" 
(0.005) — (0.005) (0.004) (0.004) (0.016) (0.016) 
Population 0.0127" 0.010" -0.002 -0.002 — 0.022" 0.019" 
(0.003) . (0.003) (0.002) (0.002) (0.011) (0.011) 
Access to Internet 0.113"*  0.099"* — .0.026"  -0.023"" 0.191"" 0.167" 
(0.006) (0.006) (0.004) (0.004) (0.020) (0.020) 
NATO Exercise 0.984" -0.287* 0.375" 
(0.049) (0.037) (0.172) 
NATO Exercise*IRA Tweets -0.143** 0.027" -0.064"* 
(0.006) (0.005) (0.022) 
NATO Exercise*Russian Media Tweets -0.018 0.033" 0.346" 
(0.019) (0.014) (0.065) 
Constant 3.986"  Á 4.052"  .3.124"  .3.136"" -9.010"" -8.784"^"" 
(0.034) — (0.032) (0.024) (0.024) (0.113) (0.113) 
Observations 57,377 57,377 57,377 57,377 57,377 57,377 
MAE 139.775 127.017 0.017 0.017 0.006 0.006 
RMSE 216.542 209.942 0.030 0.030 0.001 0.011 
AIC 117,498 111,696 80,989 80,405 | 257,323 255,768 
BIC 117,588 111,812 81,079 80,521 257,412 255,885 
Log Likelihood -58,739 -55,835 -40,485 -40,189 -128,651 -127,871 
Note: *p<0.1; "p«0.05; "*p«0.01 
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1. Analysis of the Findings 


Hypothesis 4: JRA and Russian media activity during NATO exercises will increase 
the size of the daily network of users in the NATO conversation, and it will become more 


centralized and interconnected. 


The results from these models are partially supportive of Hypothesis 4. Figure 5 
demonstrates that an increase in the number of IRA tweets is associated with a larger size 
of the daily user network, which supports Hypothesis 4. The blue line in the graphic is less 
steep than the red, which means that the IRA’s actions have a weaker effect on the network 
size when there is a NATO exercise than when there is none. The higher starting point of 
the blue line is expected because the dataset for this research is based on the online NATO 
conversation. Thus, when such military drills occur, more Twitter accounts are likely to 
become active and join the online NATO communication. The multiplicative interaction 
term between NATO exercises and Russian media tweets is not statistically significant; 
thus, it is impossible to determine if there is a consistent conditional relationship between 
these variables. However, the coefficient for JRA Tweets is statistically significant (p < 
0.01) and positive (0.349). Thus, over the entire research period, both on exercise days and 
non-exercise days, increased levels of Russian Media Tweets were associated with a larger 


network size in the NATO conversation, which also supports Hypothesis 4. 
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Figure 5. NATO Exercises and IRA Tweets vs. Network Size 
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In contrast, Model 9's results show that the online behavior of the IRA and Russia's 
overt media have different effects on the centralization of the daily networks. The results 
are partially supportive and partially contrary to Hypothesis 4. The blue lines on both 
graphics in Figure 6 lie below the red ones, which demonstrates that during NATO 
exercises, the centralization of the networks is lower than during periods without such 
military drills. However, the online behavior of the different types of Russian actors has an 
opposite effect on network centralization. When the IRA increases its online activity, 
centralization decreases. By contrast, when overt Russian media outlets are more active, 
centralization increases. Therefore, only findings about the effect of Russia's overt media 


organizations on network centralization support Hypothesis 4. 
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Figure 6. NATO Exercises, IRA Tweets, and Russian Media Tweets vs. 
Degree Centralization 


The clustering coefficient is a measure of the network interconnectedness. It 
provides information on the degree to which the accounts in the explored daily networks 
have second-order ties. Figure 7 illustrates Model 10’s results, which support Hypothesis 
4. The clustering coefficient increases when Russia’s covert and overt media organizations 
are more active. NATO exercises also lead to a further increase of interconnectedness in 


the daily networks. 
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Figure 7. NATO Exercises, IRA Tweets, and Russian Media Tweets vs. 
Clustering Coefficient 


C. DISCUSSION 


In the examined period, July 2013 to August 2014, the regression analysis 
demonstrates that there is a statistically significant relationship between the sentiment of 
the online conversation about NATO and the online activities of Russia’s overt and covert 
media organizations. At that time, the IRA was in its initial stage of formation. As Howard 
et al. point out, the agency used Twitter as a “training ground for the political polarization 
efforts.” 111 The goal of IRA operatives then was to create “beachheads” in social networks 
by attracting followers, infiltrating online media platforms groups, and gaining credibility 
for its fake accounts. The prevalence of such preparatory actions could be one of the 
reasons why we observe the IRA’s activity increasing the probability for positive sentiment 


in the research period, contrary to the expectations of Hypothesis 1. 


Closer examination of the effects reveals that the influence potential of covert 
organizations is higher than that of overt media (Figure 2, Chapter V). This finding is 
logical because covert agencies can use fake identities or accounts to avoid attribution, 
infiltrate various online conversations, and implement tactics such as the “4D Approach” 
described by Nimmo.!!2 At the same time, overt media outlets and the journalists who 


work for them cannot avoid this attribution, and the targeted audience can perhaps, 


111 Howard et al., “The IRA, Social Media and Political Polarization in the United States, 2012— 
2018,” 10. 


112 Nimmo, “Anatomy of an Info-War: How Russia’s Propaganda Machine Works, and How to 
Counter It.” 
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therefore, more easily rebuff some of the information. This effect could explain why the 


regression model indicates that overt actors are weaker influencers than covert ones. 


The findings about the effects of IRA and Russian media tweets during NATO 
exercises demonstrate that only the IRA's online activities have a statistically significant 
impact on sentiment. In this case, the model shows that the increase in the number of IRA 
tweets results in a lower probability for positive sentiment among network users. At the 
same time, the multiplicative interaction term combining NATO exercises with the online 
activity of Russia's overt media is not statistically significant. A possible interpretation of 
this regression result is that Russian media outlets did not target the NATO audience when 
the exercises took place. Another finding of the model supports this interpretation. The 
interaction term combining Russian exercises and IRA tweets is also not statistically 
significant. This result implies that the IRA's leadership probably did not make consistent 
use of its capabilities to manipulate the Twitter audience and influence their attitudes in 


favor of Russian military activities. 


Although the model's results show that covert actors are more efficient in Twitter 
influence campaigns than overt media, the latter also have some advantages. First, they 
legally operate on social media platforms under their genuine identities. In this manner, the 
platforms cannot easily restrict their activities as long as the accounts adhere to the 
platforms’ established rules and policies. In contrast, covert media agencies rely on fake 
accounts that act in violation of these regulations, and they could be banned or suspended 
at any time. As with all covert assets, their activity is efficient only as long as they operate 
hidden from their target. Second, official media companies, especially in the case of Russia, 
are quasi-private, and they can receive generous state funding to establish vast networks 
and create quality content. In return, they can be expected to coordinate and align their 


information policy with the ruling political elite. 113 


Both types of organizations can produce diverse online content adapted to specific 
social groups and geographical regions. The regression model indicates that there is a 


statistically significant relationship between the prevailing sentiment of tweets and their 


113 Hanley and Kuzichkin, Russian Media Landscape, 13—30. 
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authors’ distance from the Russian border, conditioned by whether there is a NATO 
exercise or not (Figure 4, Chapter V). It demonstrates that in the vicinity of the Russian 
border, the probability for positive tweets is much lower when a NATO exercise takes 
place than when there is none. The farther from Russia the tweet originates, the greater the 
probabilities for positive sentiment—Tregardless of whether a NATO exercise is in progress. 
This result suggests that the Twitter users closer to the Russian border are more sensitive 
about NATO exercises. One of the possible reasons for this effect is that the dataset 
includes, by definition, a significant number of Russian accounts. In addition, as the 
discussion in Chapter III revealed, in the countries from the so-called ‘near abroad’ there 
are many communities that share Moscow's attitude towards NATO. These social groups 
are more susceptible to Russian “soft power" because of their common language, ethnicity, 
religion, or shared history.!!4 The regression results also support this explanation. Figure 
8 presents a situation where a Russian military exercise occurs, showing that the probability 
for positive sentiment is significantly higher near the border of Russia than when there is 
no exercise. In the absence of an exercise, the probability is almost constant as a function 


of distance to Russia. 


114 Rotaru, “Forced Attraction?," 3-9. 
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Figure 8. Russian Military Exercises and Distance to Russia vs. Probability 
of Positive Sentiment 


The regression analysis of the daily networks of Twitter users also reveals 
statistically significant relations between the activity of Russia's overt and covert 
information agencies and network topology measures. This conclusion suggests that, 
during NATO exercises, these networks change their topology due to the actions of overt 
Russian media outlets and the covert operations of entities such as the IRA. In line with 
Hypothesis 4, the network becomes larger, and the clustering coefficient is higher when 
NATO exercises occur than in periods without military drills. Their values further increase 
if IRA or Russian media intensify their activity on Twitter. The finding on network 
enlargement can be explained by the expected appearance of new accounts engaging in the 
online conversation about NATO when that organization's exercises take place. The 
observed change in the clustering coefficient suggests that IRA and online media accounts 
also increase their second-order interactions. They start tweeting, mentioning, or quoting 
each other more frequently. This interconnectedness becomes even higher during NATO 
exercises. However, there is an important difference between the effect of the online 
activities of the IRA and the overt media outlets, as Figure 6 shows. During NATO 
exercises, IRA activities increase the network interconnectedness at the same rate as they 


do during periods without exercises. Howard et al. explain that “IRA accounts typically 
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operated in ‘teams’ of co-mentioners ...[that]... tended to mention teammates far more 
often than non-teammates; thus, forming a number of coherent communities of 
interaction.”!!5 Similarly, Russian media organizations push the conversation to become 
more interconnected, but with a rate that increases substantially during NATO exercises. 
In other words, participants in the online conversation about NATO start retweeting, 


mentioning, or quoting each other more during NATO exercises. 


Although the regression results for degree centralization partially support 
Hypothesis 4, they also reveal more specific patterns. Contrary to Hypothesis 4, the 
increase in IRA tweets results in a decrease in centralization. On the other hand, Russian 
media activity increases the centralization of the daily networks. These findings suggest 
that the increase in the Russian media's online activity probably makes some nodes in the 
network more central. This conclusion corresponds to the qualitative findings in Chapter 
III that several central and larger online news agencies such as RT, Sputnik, and Ruptly 
appear to dominate the Russian media landscape. In contrast, covert entities such as the 
IRA seem to represent as a more “egalitarian” network composed of what Howard et al. 


referred to as small “communities of interaction" with a more similar number of ties. 


115 Howard et al., *The IRA, Social Media and Political Polarization in the United States, 2012— 
2018," 26. 
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VI. CONCLUSIONS 


This thesis has sought to examine the conversation about NATO on Twitter and to 
explore the relationships between the average sentiment in that conversation and the online 
activities of Russia's overt and covert online media agencies. In addition to the sentiments 
expressed in the tweets, the thesis analyzed how the basic topology measures of the social 
networks hosting this conversation relate to the online activity of overt Russian media and 
so-called troll factories. The thesis's research period was one year, from July 1, 2013, 
through August 31, 2014. The focus was on the conversation about NATO that appeared 
on Twitter and the activity on Twitter caried out by the major Russian media outlets and 
the Internet Research Agency during the NATO exercises that occurred in this period. The 
regression analysis ofthe online conversation about NATO in the specified period provided 
evidence of a statistically significant relationship between the sentiment of the tweets and 
the online actions of the Russia's covert and overt agencies. Several findings follow from 


the tested models’ results. 


First, the overall sentiment of the online conversation about NATO generally 
becomes more positive if there is an increase in online activity by the IRA and overt 
Russian media. Further, the IRA's tweets have a more substantial impact on the probability 
for sentiment change than do tweets by Russia's traditional media outlets. Both the overt 


and the covert Russian actors more effectively influence positive than negative sentiments. 


Second, the prevailing sentiment of the online conversation about NATO during 
NATO exercises becomes more negative as the online activity of covert Russian media 
organizations increases. When a NATO exercise takes place, an increase in the IRA's 
online activity results in a decreased probability for positive sentiment. By contrast, when 
there is no NATO exercise, the probability for positive sentiment increases when the 


number of IRA messages increases. 


Third, the sentiment expressed in tweets during NATO exercises is generally more 
negative if the location of the tweet's originator is closer to the borders of the Russian 


Federation. 
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Fourth, IRA and Russian media online activity during NATO exercises increases 
the size of the daily network of users participating in the conversation on NATO, and that 
network becomes less centralized and more interconnected. During NATO exercises, 
Russian media activities online tend to increase the centralization of the daily network. In 
comparison, the IRA seems to act as a more "egalitarian" network composed of small teams 


with a similar number of ties. 


These conclusions suggest that close tracking and examination of the online 
activities of Russia's covert and overt media agencies can provide the necessary base for 
detecting ongoing information operations. However, their proper identification faces 
specific difficulties. First, today's social media platforms are rapidly increasing their 
number, making monitoring Russian online activities difficult and resource-consuming. 
Second, each social media platform has its own specific and often restrictive rules for 
sharing information about its users’ behavior and how other individuals can extract and 
collect such data. As in the example of the Twitter API,!16 there is a limit on the number 


of tweets collected as well as on access to historical data. 


Nonetheless, further refining of the analytical methods can overcome some of these 
limitations and deliver a more comprehensive outcome. These improvements should focus 
on several directions. First, the measurement of sentiment in tweets could include machine 
learning algorithms that can increase the precision of the final result. Second, the online 
activities of covert agencies similar to the IRA can be tracked across different online 
platforms by natural language processing algorithms. They have great potential to discover 
patterns in online communication that will enable the timely identification of trolls’ 
accounts. 

Finally, it is hoped that the results of this thesis contribute to our better 
understanding of Russian information operations. These results indicate that the activities 
of Russia's covert and overt media agencies can effectively influence online conversation 


and shape public perception. Although the thesis focuses on the narrow topic of NATO 


116 Twitter, “Twitter API Documentation," February 27, 2022, 
https://developer.twitter.com/en/docs/twitter-api. 
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exercises, its results could have implications for other significant events such as elections, 
referendums, or conflicts such as the February 2022 war between Russia and Ukraine. The 
results demonstrate that the online activities of companies such as the IRA need close 
monitoring. The thesis's findings show that the IRA's actions more substantially affect 


online conversation than do channels operated by Russia's overt media. 


Moreover, the events during the current war between Ukraine and Russia suggest 
that the role of covertly operating troll networks can be even more significant in a time of 
crisis or conflict. The European Union imposed restrictions on RT and Sputnik media 
platforms and publicly labeled them as sources of disinformation in 2022.!!7 As a result, 
major online platforms including Twitter, Facebook, and Instagram declared that they will 
comply with the sanctions and will prevent these Russian media networks from posting 
content. 118 Such restrictions will reduce the ability of these covert influencers to interact 
with targeted audiences and diminish their role in the information operations. In this 
situation, only networks covertly established by trolls can continue to operate and affect 
the information environment. Thus, preventive measures against information operations 


must include constant monitoring and timely counteraction of such networks as well. 


117 Foo Yun Chee, *EU Bans RT, Sputnik over Ukraine Disinformation," Reuters, March 2, 2022, 
sec. Europe, https://www.reuters.com/world/europe/eu-bans-rt-sputnik-banned-over-ukraine- 
disinformation-2022-03-02/. 


118 Elizabeth Culliford, “Twitter to Comply with EU Sanctions on Russian State Media," Reuters, 
March 2, 2022, sec. Technology, https://www.reuters.com/technology/twitter-comply-with-eu-sanctions- 
russian-state-media-2022-03-02/. 
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Preface 


Information operations (IO) are essential to the successful execution of military operations. The goal of IO is to 
gain and maintain information superiority that translates to a competitive edge in the information environment. 


Users of Training Circular (TC) 18-06, Special Forces Guide to Information Operations, must be familiar with 
the decisionmaking process established in Army Doctrine Publication (ADP) 5-0, The Operations Process, and 
the operational concepts established in ADP 3-0, Unified Land Operations. 


PURPOSE 


This TC serves as a guide to describe the fundamentals of how to incorporate IO at the tactical and operational 
level. Appendixes A through F offer tactics, techniques, and procedures (TTP) Special Forces (SF) Soldiers can 
use to analyze and plan information operations. This TC implements Army and joint IO doctrine established in 
FM 3-13, Inform and Influence Activities, and Joint Publication (JP) 3-13, Information Operations. 


This TC reinforces the definition of IO used by Army forces: IO employs the core capabilities of electronic 
warfare (EW), computer network operations (CNO), Military Information Support operations (MISO), military 
deception (MILDEC), and operations security (OPSEC), in concert with specified supporting and related 
capabilities, to affect or defend information and information systems and to influence decisionmaking. This TC 
is specifically targeted for SF; however, it is also useful to Army special operations forces (ARSOF) and the 
Army in understanding how SF employs IO. 


SCOPE 


TC 18-6 significantly affects the conduct of full-spectrum operations as an SF-common skill set that applies to 
offensive as well as defensive operations. This TC links to a broad variety of doctrine to provide a rudimentary 
understanding of IO. 


APPLICABILITY 


This publication applies to the Active Army, the Army National Guard/Army National Guard of the United 
States, and the United States Army Reserve, unless otherwise stated. 


ADMINISTRATIVE INFORMATION 


The proponent of this manual is the United States Army John F. Kennedy Special Warfare Center and School 
(USAJFKSWCS). Reviewers and users of this manual should submit comments and recommended changes on 
Department of the Army Form (DA Form) 2028 (Recommended Changes to Publications and Blank Forms) to 
Commander, United States Army John F. Kennedy Special Warfare Center and School, ATTN: AOJK-CDI-SF, 
3004 Ardennes Street, Stop A, Fort Bragg, NC 28310-9610. 
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Chapter 1 
Fundamentals 


IO should be viewed as an element of combat power, focused when and where it best 
supports the operation. As with other elements of combat power, there is no universal 
formula for the application of IO. Mission, enemy, terrain and weather, troops and 
support available-time available, and civil considerations are the major determinants. 


The purpose of IO is to achieve and maintain information superiority or advantage 
over the adversary at a particular time and place. To achieve an information 
advantage, an SF unit must understand the characteristics of the information 
environment in its operational area. The unit must also understand how adversary and 
third-party organizations use information to achieve their objectives. 


Operation VALHALLA 

Operation VALHALLA was a typical SF-type mission. The Jaish al-Mahdi death 
squad was tracked down because of the especially brutal murders of a number of 
civilians and Iraqi troops. On 26 March 2006, a battalion from the 10th Special 
Forces Group (Airborne) (SFG[A]), as part of the Combined Joint Special Operations 
Task Force—Arabian Peninsula (CJSOTF-AP), along with the Iraqi special forces 
unit it was training, engaged the Jaish al-Mahdi at their compound. The mission was 
successful with no friendly casualties. There were approximately 17 Jaish al-Mahdi 
members killed, a weapons cache found and destroyed, a badly abused hostage 
found and rescued, and approximately 16 Jaish al-Mahdi members detained. A 
combat-camera element, along with some SF Soldiers wearing helmet cameras, 
recorded the entire operation. 


By the time the SF and Iraqi forces returned to their compound, roughly an hour after 
leaving the site of the firefight, someone had moved the Jaish al-Mahdi bodies. The 
guns of the Jaish al-Mahdi fighters were taken, and their bodies were put back inside 
the compound so it appeared as if the Jaish al-Mahdi members were killed while 
engaging in prayer. Someone then photographed the bodies in these new poses, 
and loaded the images onto the web, along with a press release explaining that 
American Soldiers had entered a mosque and killed men peacefully at prayer. This 
was done in under an hour. Both the American and Arab media picked up the story 
almost immediately. The United States (U.S.) did not release a statement until 70 
hours after the operation. During the resulting investigation, which took close to a 
month, the SF Soldiers, who had soundly and justly defeated their adversary, were 
made combat ineffective by a cell-phone camera. 


Paraphrased from an article written by Cori E. Dauber 
Military Review 
January—February 2009 
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Key terms used throughout this chapter are defined below: 


e JO. The integrated employment, during military operations, of information 
related capabilities in concert with other lines of operation, to influence, disrupt, 
corrupt, or usurp the decisionmaking of adversaries and potential adversaries 
while protecting our own. 

e Information environment. The aggregate of individuals, organizations, and 
systems that collect, process, disseminate, or act on information. 

e Information superiority. The operational advantage derived from the ability to 
collect, process, and disseminate an uninterrupted flow of information while 
exploiting or denying an adversary's ability to do the same. 


INFORMATION OPERATIONS 


1-1. The possession and use of information can provide a marked advantage to one military force over 
another. SF units expend significant time and resources to collect, process, and internally transfer 
information for the purpose of mission command. Without adequate and accurate information, an SF unit is 
unlikely to successfully accomplish its mission or meet its objectives. 


1-2. Stated in the simplest way, IO is the use of information to gain an advantage over an opponent. Such 
an advantage, known as information superiority, is achieved by a series of actions by military and other 
forces to impact both enemy forces and the operational area. To gain the advantage over the adversary, an 
SF unit should use any available capability at its disposal, whether doctrinal or not, to achieve information 
superiority at specific times and places in the operation. Figure 1-1 describes the five core capabilities, five 
supporting capabilities, and three related capabilities of IO. IO forces can affect data, information, and 
knowledge in three basic ways by— 
e Taking specific psychological, electronic, or physical actions that add, modify, or remove 
information from the environment of various individuals or groups of decisionmakers. 
e Taking actions to affect the infrastructure that collects, communicates, processes, and stores 
information in support of targeted decisionmakers. 
e Influencing the way people receive, process, interpret, and use data, information, and knowledge. 


Core Capabilities Supporting Capabilities Related Capabilities 


Electronic Warfare (EW) Information Assurance (IA) Public Affairs (PA) 


Computer Network Operations Physical Security Civil-Military Operations (CMO) 
(CNO) 


Military Information Support Physical Attack Defense Support to Public 
Operations (MISO) E (DSPD) 

Military Deception (MILDEC) Counterintelligence (CI) 

Operations Security (OPSEC) Combat Camera (COMCAM) — 


Figure 1-1. Information operations capabilities 


1-3. Thinking about IO within the terms of this doctrinal construct may do injustice to IO's true 
capabilities. Field experience shows that IO is less about doctrinal capabilities than it is about 
understanding that every military action has the potential to positively and negatively affect populations 
within the operational environment. In the end, everything an SF unit or detachment does or does not do 
can affect the information environment, and any asset that affects information content and flow is a 
possible contributor to (or detractor from) achieving the mission or the commander's objective. For this 
reason, IO should include any methods and means that can affect information content and flow, and target 
perceptions and behaviors in the operating area. 
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THE INFORMATION ENVIRONMENT 


1-4. To useIO properly, SF commanders and staffs must understand the characteristics of the information 
environment in their operational area. Unfortunately, visualization of the information environment is 
challenging because the most important aspects of the information environment—information content and 
flow—cannot be seen the same way we see terrain. This is because information is an abstract concept and 
the information environment is largely nonphysical. 


1-5. The information environment has existed since humans first began communicating. That is because 
information resides in the minds of humans, is communicated between humans, and is the end result of 
how humans perceive themselves and their surroundings. To explain this phenomenon, most practitioners 
of IO use a three-dimensional model of the information environment (Figure 1-2). 


e This dimension exists in the minds of human beings. 


Cognitive e This dimension exists in individual and collective consciousness. 


Dimension e This dimension forms perceptions and aids decision making. 
e This dimension includes values, beliefs, perceptions, and awareness. 


This dimension is created by the interaction of the physical and 
cognitive dimensions. 


Information e This dimension is where information is collected, processed, and 


Dimension disseminated. 
The significant characteristics of this dimension are information, 


content, and flow. 


This dimension is the tangible, real world. 
This dimension is where the information environment overlaps with the 
. physical world. 
Physical DANA -—- — 

: : This dimension consists of individuals, organizations, information 
Dimension systems, and the physical networks that connect them. 


The significant characteristics of this dimension include terrain, 
weather, civilian information infrastructure media, populace, and 
third party organizations. 


Figure 1-2. Information environment 


1-6. When taken together, the information environment's three dimensions explain how the creation and 
flow of information causes real-world effects by converting real-world (physical) situations into human 
perceptions that form the basis of individual and organizational behavior. Unfortunately, although the 
effects of information are observable, the cause—information content and flow—is largely invisible. 
However, analysis of the information environment's dimensions can explain the disposition of the 
information environment in any specific operational area and its impact on SF operations. Broad 
considerations include the following: 

e The information environment is not uniform. Physical features of the operational area (for 
example, terrain, information infrastructure, population demographics, and so on) determine the 
topography of an information environment and the cognitive aspects of the people and 
organizations present in the area (for example, their collective values, beliefs, and perceptions). 
The interactions of these factors form distinct subinformation environments, or areas in which 
the information environment's characteristics are notably different from those of adjacent areas. 
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Analysis of a specific operational area can identify subinformation environments and their effect 
on SF operations. SF units must anticipate having to employ IO differently within each 
subinformation environment. 

e Information content and flow are variable. The relevance or importance of information changes 
according to the needs of the various population groups and organizations. For example, people 
located in an area devastated by a natural disaster desire information concerning humanitarian 
assistance, whereas the populace in an insurgent-infested area is primarily interested in 
information related to security. The task for SF units is to determine what information in the 
operational area is important to the mission and then to identify and track its primary themes and 
flow, just as SF units observe and monitor the presence of enemy forces. 


e The information environment's character changes by the level of war and mission. The 
information environment becomes less tangible and more conceptual as operations move from 
the tactical to the strategic. At the tactical level, information flow is primarily by short-range 
communications systems and observable means, such as graffiti and banners. What people see of 
their physical surroundings is critical to their situational awareness, perceptions, and behavior. 
On the other end of the spectrum—the strategic level—the information environment is impacted 
less by physical features and more by abstract ideas, ideologies, and philosophies. Information 
flow is not terrain-dependent, extending well over the horizon by long-range and mass- 
communications systems. Finally, the assigned mission (for example, combat, peacekeeping, 
humanitarian assistance, and so on) is a critical determinant of an SF unit's relationship to its 
information environment because it establishes the relative importance of the information 
environment's specific characteristics to the conduct of operations. For example, in conventional 
combat, the physical information infrastructure in the operational area is often a dominant 
characteristic because of its potential use by the enemy. In counterinsurgency missions, populace 
support (a cognitive aspect of the information environment) is a critical characteristic because of its 
importance to enemy and friendly operations. 


1-7. To impact the information environment, an SF unit must identify subinformation environments and 
information nodes in its operating area. Subinformation environments are areas in which the information 
environment's characteristics and effects are notably different from those of adjacent areas. Information 
nodes are places, persons, or infrastructure that shape information content and flow by creating or 
transmitting information into the surrounding area. It is important to note that information nodes can 
change from day to day so what worked one day may not necessarily work the next. 


1-8. Operations in the information environment are asymmetrical and not benign, often favoring one side 
over another. Opposing forces use the information environment just as they use the physical environments 
of air, land, and sea to place their enemy at a disadvantage and to achieve their objectives. Furthermore, 
U.S. adversaries do not use the information environment in the same way or have the same means as U.S. 
forces. Understanding this, an SF unit must identify how its adversary views and uses the information 
environment. This is a challenge, because even though two opposing forces occupy the same operational 
environment, they will not have the same capabilities in the information environment. It is important to 
avoid mirror imaging U.S. concept of IO upon the adversary and mismatching U.S. capabilities and 
vulnerabilities to those of the adversary. Chapter 5 provides additional information. 


INFORMATION SUPERIORITY 


1-9. Information superiority is the purpose of IO. It is also the reason why a commander allocates 
resources to IO. Information superiority should not be treated as a doctrinal catch-phrase. Just as each 
mission's end state is different, so is information superiority. For example, during combat operations, 
information superiority can be gaining surprise over the enemy or preventing the enemy from employing 
its reserve forces. During counterinsurgency operations, information superiority can be gaining populace 
support for friendly operations or preventing enemy freedom of flow. In each case, information superiority 
is defined specifically for the mission in terms of what advantage is sought for the friendly force. 


1-10. To achieve information superiority, an SF unit uses information to actively attack the adversary and 
to shape the information environment to the force's own advantage. This duality of operations—attacking 
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the adversary and shaping the information environment—is analogous to "fires and maneuvers," where 
fires equate to attacking the adversary's ability to use information, and maneuvers are actions to seize and 
retain information nodes to gain a positional advantage in the information environment. To be effective, an 
information operation balances lethal and nonlethal activities to attack the adversary with those that shape 
the information environment. Through a combination of both, an SF unit seeks information superiority 
over its opponent. 


1-11. An SF unit will rarely achieve absolute and universal information superiority. The actions of 
opposing forces, as well as the information content and flow in the operational area, are not static. 
Therefore, information superiority is a localized and transitory condition over the adversary. SF units seek 
information superiority at certain times and places, usually at or before the decisive point of the operation. 
Chapter 3 provides additional information. 


INFORMATION OPERATIONS CAPABILITIES 


1-12. SF operations are not planned for the purpose of using any particular capability. Mission 
requirements, namely campaign objectives, operating environments, and adversary and friendly forces, 
dictate what capabilities a commander uses and how they are employed. IO are no different. 


1-13. Although often described as a discrete set of capabilities (doctrinally organized as core, supporting, 
and related capabilities), IO are much more than that. Capabilities used for information operations should 
be selected based on mission requirements, specifically focused on the desired effect. Some doctrinal IO 
capabilities—MISO, EW, and CNO—require trained specialists and equipment. However, each element of 
an SF unit must be able to employ OPSEC, MILDEC, and COMCAM, as well as other IO enablers, such 
as key-leader engagements and rewards programs. Additionally, various IO capabilities are used in concert 
with PA, Civil Affairs (CA), host nation (HN), foreign internal defense (FID), partner nation information 
capabilities, and select interagency capabilities (for example, provincial reconstruction teams). Chapter 2 
provides additional information leverage. 


CONSIDERATIONS 


1-14. Subject-matter experts for core IO capabilities are typically positioned at the special operations task 
force (SOTF) level and higher when deployed; however, it is essential that commanders at detachment 
levels understand the core capabilities of IO and how to effectively utilize them to achieve information 
superiority and accomplish the assigned missions. SOTF staffs can include an IO planner, EW planner, 
Military Information Support (MIS) planner, a MIS detachment commander, a CA planner, and a 
COMCAM and PA representative. At the joint special operations task force (JSOTF) level, the staff 
mirrors the battalion with the addition of a special technical operations planner and the group public affairs 
officer (PAO), along with retaining the conduits to leverage the higher headquarters (HQ) assets and 
interagency capabilities. The subject-matter experts at the SOTF and JSOTF can provide training and 
recommendations to the Special Forces operational detachments A (SFODAs) and Special Forces 
operational detachments B (SFODBs) on how best to utilize information capabilities, and provide 
assistance in coordination and deconfliction for IO capabilities in support of their concept of operations. 


CONCLUSION 


1-15. IO is the use of information as a military capability. Many of the principles and concepts that guide 
the conduct of other military operations also guide the employment of IO. One way for SF commanders 
and staffs to integrate IO into operations is to consider IO in terms of the factors of mission, enemy, terrain 
and weather, troops and support available-time available, and civil considerations: 

e Mission. The role of IO in the unit mission is to achieve information superiority. As such, it is 
important to identify exactly what advantage over the enemy IO is expected to achieve. 

e Enemy. Gaining an advantage over the adversary in the information environment starts with 
pairing friendly capabilities and vulnerabilities in the information environment against those of 
the adversary. An information operation that defeats the adversary’s capabilities and turns the 
information environment to the friendly force’s favor will achieve information superiority. 
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e Terrain and weather. Terrain and weather interact with the information environment to affect 
information content and flow as well as the employment of IO capabilities. SF units must adjust 
the employment of IO to the terrain and weather. 

e Troops and support available. Rarely does an SF unit have all the assets needed to conduct an 
information operation. Commanders and staffs can fill the gap by thinking beyond doctrine for 
other ways and means to affect information content and flow. 

e Time available. Regardless of echelon, IO requires long lead times compared to other operations. 
Typically, IO must be planned one phase or event in advance of fire and maneuver. 

e Civil considerations. When civil considerations are important to the unit mission, IO capabilities 
can be applied to influence the populace, if doing so will achieve an advantage over the adversary. 


1-6 TC 18-06 22 March 2013 


Page 2933 of 3957 


Page 2934 of 3957 


Chapter 2 
Information Operations Capabilities and Tactics 


This chapter focuses on the employment of IO capabilities and tactics to gain 
information superiority. It also shows the links among the capabilities in diagram 
form. The core and supporting IO capabilities are similar to the warfighting 
functions. They are independent capabilities that, when taken together and 
synchronized, constitute IO. IO planners must not let doctrine constrain their 
selection of capabilities. Any available assets, means, capabilities, or tactics that can 
shape the information environment or target the adversary's ability to use information 
should be considered for employment as part of IO. 


The use of assets and means for the purposes of IO require judgment in application. 
Some capabilities—notably MISO, EW, and CNO—are disciplines that require 
specialized training and skill sets. Employment of these capabilities requires 
specialized technical expertise to properly plan and execute. Other capabilities 
already reside within a command or unit and require only planning and coordination 
to employ them as part of IO. Figure 2-1 outlines some of the more commonly 
employed IO capabilities. 


Capability | Employment 
OPSEC Deny critical friendly information to the adversary. 


Mislead adversary leaders into making decisions that are 
MILDEC à 
favorable to friendly forces. 


MISO Change or reinforce attitudes and behavior favorable to friendly 
objectives. 


Degrade, disrupt, or deny adversary use of the electromagnetic 
EW 
spectrum (EMS). 


Degrade, disrupt, or deny adversary use of cyberspace. 


COMCAM Visually document friendly and adversary forces' operations and 
activities. 


Gain local populace acceptance and support. 


PA Inform populace groups and counter misinformation and 
propaganda. 

COMCAM Visually document friendly and adversary forces' operations and 
activities. 

Local populace and key-leader Gain support for friendly-force operations and HN government 

engagements activities. 


Countering adversary information Neutralize hostile propaganda or mitigate its effects. 
Rewards program Influence adversary leaders' perceptions. 


Figure 2-1. Information operations employment 
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OPERATIONS SECURITY 


2-1. OPSEC is a universal IO capability. It is not just an “in-garrison” competency and needs to be 
operational at strategic, operational, and tactical levels. OPSEC should be included in all plans, operations, 
and activities. The goal of OPSEC, in conjunction with unit security programs, is to achieve essential 
secrecy. Essential secrecy is concerned with the content and flow of critical information. Military forces 
seek critical information about their opponents to fulfill their own information needs. To do this they 
attempt to collect accurate, timely, and relevant information, process the information, and disseminate it for 
use in planning and directing operations. Conversely, if a military force is to prevent its adversary from 
gaining useful information, then it must prevent the flow of critical information from friendly to adversary 
forces. At its core, OPSEC is an approach to conducting operations. To have a good OPSEC program, it is 
imperative that the unit identify this critical information, understand the OPSEC indicators and 
vulnerabilities, and practice essential secrecy. JP 1-02, Department of Defense Dictionary of Military and 
Associated Terms, defines essential secrecy as the condition achieved by the denial of critical information 
to adversaries. Essential secrecy depends on the combination of two approaches to protection—security 
programs to protect classified information, and OPSEC to deny adversaries critical information (which is 
often unclassified). 


2-2. Each command and operation has a tremendous amount of information, both classified and 
unclassified, that must be protected. However, denying all information about a friendly operation or 
activity is seldom cost-effective or realistic. Central to this idea is the concept of essential secrecy. By 
achieving essential secrecy, military forces protect their intentions, capabilities, and activities to retain 
initiative and the element of surprise for operations. As a condition, essential secrecy is not static—it must 
first be developed and then maintained as the situation and mission evolve. Essential secrecy cannot be 
achieved in all places and at all times; therefore, the protection of information must be focused and 
prioritized to counter specific threats. 


2-3. Essential secrecy and the protection of critical information is not the exclusive responsibility of 
OPSEC. It is the result of mutually supportive OPSEC and security programs. The purpose of OPSEC is to 
prevent, or at least limit, the flow of sensitive, unclassified information to adversary forces. The actual 
content of the information, whether classified or unclassified, is the responsibility of information security 
program controls and procedures. OPSEC denies critical, friendly information to the adversary by 
eliminating or reducing to an acceptable level the vulnerabilities of friendly actions to adversary 
exploitation. Because OPSEC is not the sole contributor to essential secrecy, an IO objective can integrate 
other capabilities—such as MILDEC, physical security, information security, and CI—that are not related 
to OPSEC. 


2-4. OPSEC is a process of identifying and protecting critical information and actions that could benefit 
the adversary. A good OPSEC operation starves the adversary's intelligence system by denying it the 
information it seeks. Without information on friendly organization, disposition, and intent, the adversary 
leader's decisionmaking is degraded. 


2-5. The basis for OPSEC's contribution to an operation is the commander's key tasks for IO. This means 
that, for OPSEC to be part of an information operation, at least one essential IO task should address the 
protection or defense of friendly information. 


2-6. Although the purpose of OPSEC is a constant, its focus may change by echelon. At the tactical level, 
OPSEC prevents the adversary's detection and identification of friendly activities and operations to prevent 
the targeting of critical assets and countering of current activities and operations. Operational-level OPSEC 
prevents the disclosure of intentions, capabilities, and future operations (that is, courses of action [COAs]) 
to avoid the compromise of planning and operations. Tactical-level OPSEC addresses specific measures to 
defeat the adversary's collection capabilities; whereas, at the operational level, OPSEC addresses broad 
guidance or general measures for the entire force and new measures to counter the adversary's intelligence 
capabilities. 


2-7. Asa way to systematically identify, analyze, and protect critical information relevant to the mission, 
OPSEC is integrated into the military decisionmaking process. Figure 2-2, pages 2-3 and 2-4, depicts a 
summary of the five-step OPSEC process. 
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Note. The five-step process is used at the JSOTF where the assets to form an OPSEC working 
group exist. At the tactical level, the type of information contained in the OPSEC work sheet 
(Figure 2-3, page 2-4) and the OPSEC tasks (Figure 2-4, page 2-5) needs to be considered when 
developing a concept of operations. 


Identify Critical Information. Determine what information needs protection by identifying the information 
required by the adversary to prevent friendly-force mission success (list of critical information or essential 
elements of friendly information [EEFI]). Adversaries can derive critical information from the aggregation 
of indicators resulting from the observation or detection of friendly-force activity. Friendly actions generate 
indicators (detectable actions and open-source information) that can be collected and developed into 
critical information (facts about friendly intentions, capabilities, and activities). An adversary can plan and 
execute its own operations by using critical information. To identify critical information— 


e identify what information is critical to the friendly mission. Sources of critical information include 
higher HQ plans and operations orders, commander's guidance, and current unit-critical information 
lists. Focus on friendly-force intentions (time and place of units and operations), capabilities, and 
vulnerabilities (strength, technologies, and tactics). 


Keep in mind that critical information is different for every operation. Do not use a "cookie-cutter" 
approach. Continually develop or refine critical-information lists. 


Use an OPSEC working group to take advantage of subject-matter experts (for example, aviation, 
communications, and computer systems). 


Identify the length of time each element of critical information must be protected (not all information 
needs protection for the duration of the operation). 


Write critical information in the form of a statement (do not write critical information in the form of a 
question). Generic examples include current and future locations of unit elements; intelligence, 
surveillance, and reconnaissance capabilities and limitations; and unit movement methods and 
routes. 


List the elements of critical information (for example, time and route of helicopter flight) in the order of 
priority and keep to a manageable number (perhaps five). 


Analyze Threat. Identify the threat to the critical information by determining the adversary's information 

needs and collection capabilities: 

e Information needs are items of information the adversary requires. Do not bother trying to protect 
information that the adversary already has. 
Collection capabilities include human intelligence (HUMINT), signals intelligence (SIGINT), imagery 
intelligence, and open-source intelligence (OSINT). An estimated 90 percent of the adversary's 
information needs are met from OSINT. 


Example threat analysis: Adversary knows: personnel and equipment move by helicopter; adversary 
needs: departure times and routes of flight; adversary collection method: visual observation by spotters. 


Analyze Vulnerabilities. Identify each element of critical information and its vulnerability to adversary 
intelligence collection. These are known as OPSEC vulnerabilities and are the result of detectable 
indicators of the critical information. OPSEC indicators become OPSEC vulnerabilities if they can be 
observed, analyzed, and acted upon by the adversary. To determine OPSEC vulnerabilities: 


e identify OPSEC indicators. Determine what detectable actions and OSINT can be interpreted or 
pieced together by the adversary to derive the unit's critical information. 


Compare OPSEC indicators to adversary collection capabilities. Determine which indicators can be 
observed, analyzed, and acted upon by the adversary. 


Example OPSEC vulnerabilities: Direction of flight, helicopters taking off, loading of troops and equipment, 
and assembly of troops and equipment. 


Assess Risks. The goal is to reduce risk to an acceptable level based on the commander's guidance. 
Conduct a risk assessment for each vulnerability to determine which really need protection. Focus on the 


Figure 2-2. Summary of the five-step operations security process 
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vulnerabilities that produce the most risk to mission success and, therefore, are an unacceptable risk, and 
then select one or more OPSEC measure for each vulnerability: 


e There are three types of OPSEC measures: 


Action controls that change unit procedures, activities, and actions (randomized routine activities, 
avoid repetitive tactics and procedures). 
Countermeasures that disrupt enemy information gathering and targeting (jamming [EW], 
physical attack, and camouflage, cover, and concealment). 
Counteranalysis that deceives the enemy by providing false indicators (decoys, deception in 
support of OPSEC). 
Decide which OPSEC measures to implement. Check that OPSEC measures do not create new 
vulnerabilities. Balance OPSEC measures with operational effectiveness (risk versus unit resources). 
Developing OPSEC measures is a balance between cost and resources in terms of time, personnel, 
assets, and interference with operations. 


Example OPSEC vulnerabilities and mitigating measures: direction of flight (fly in false direction, change 
direction en route), helicopters taking off (vary flight times, conduct false missions), loading of troops and 
equipment (load just prior to takeoff), assembly of troops and equipment (assemble troops and equipment 
under cover). 


Apply OPSEC Measures. Tasks turn OPSEC measures into specified actions. Because OPSEC 
measures do not follow any doctrinal format, it is necessary to convert them to tasks that the executing 
units and elements can understand. Develop tasks that support the command's key IO tasks, as well as 
protect and control the specific indicators associated with key operational tasks: 

e Rewrite approved OPSEC measures as tasks. A useful format is task, purpose, and method. In 
general, for OPSEC, a task is an action that controls or protects observable activities, purpose can be 
critical information requiring protection, and method is the OPSEC means or methods used to 
execute the task. 


Example OPSEC task that supports combat operations: task—jam enemy ground surveillance radars, 
purpose—conceal flow of combat elements from electronic collection, method—screen jamming. 


Example OPSEC task to support stability operations: task—deny civilian populace access to base-camp 
overwatch sites, purpose— prevent line-of-sight observation of security activities, method—unit patrols, 
local police. 

e Assign responsibility and coordinate OPSEC tasks with units and staff, to include the intelligence 
directorate of a joint staff (J-2)/assistant chief of staff, intelligence staff section (G-2)/intelligence staff 
officer (S-2), and CI for monitoring, and then include OPSEC tasks in the operation plan or operation 
order. 


Figure 2-2. Summary of the five-step operations security process (continued) 


Adversary Residua 
Vulnerability | Indicators Collection Risk Level | OPSEC Measure I Risk Assess 


Location | Assault-force | Rotary- Sympathetic | Extremely False insertions Medium No 

of unit insertion wing populace High adversary 

elements movement contact on 
ground 
flow 


Ground Direct Reconnaissance Adversary 
movement | observation element placed surprised 
on route on 
objective 


Figure 2-3. Useful format for determining risk to critical information 
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Standing 
Operating 
Procedures 
or Current 
Adversary Vulnerable OPSEC Additional OPSEC 
Collection Indicators Measures Measures OPSEC Tasks 


Task Spotters on Vehicle Cover vehicles Remove unit 1st Battalion 
organization forward markings markings markings 2d Battalion 
operating bases 
and main supply | Command None No unsecured Group HQ 
routes vehicles communications 


Figure 2-4. Useful format for planning operations security tasks 


2-8. During operations, the current operation staff should monitor and adjust the elements of critical 
information based on the adversary's reaction to the implemented OPSEC tasks and for inadvertent 
disclosure by friendly forces. Tools useful to planning and implementing an OPSEC plan are the OPSEC 
working group, OPSEC standing operating procedures (SOPs), and OPSEC work sheets. 


2-9. The OPSEC working group is a group of subject-matter experts that determines critical information, 
identifies OPSEC vulnerabilities, coordinates and synchronizes OPSEC measures and tasks, and assesses 
the effectiveness of OPSEC tasks. Typical membership includes an intelligence analyst to assist with threat 
analysis, CI personnel to analyze vulnerabilities, a force protection officer, communications and aviation 
representatives, and subordinate unit liaison officers. The OPSEC working group should conduct periodic 
assessments of command critical information, threat collection capabilities, OPSEC vulnerabilities, and 
OPSEC measures. 


2-10. An OPSEC SOP is critical to ingraining OPSEC into unit operations. The SOP should be short and 
direct and should include standing critical information or EEFI, standing OPSEC measures, composition 
and responsibilities of the OPSEC working group, and OPSEC assessment procedures. 


MILITARY DECEPTION 


2-11. JP 1-02 defines MILDEC as actions executed to deliberately mislead adversary military decision 
makers as to friendly military capabilities, intentions, and operations, thereby causing the adversary to 
take specific actions (or inactions) that will contribute to the accomplishment of the friendly mission. 


2-12. MILDEC is more of a process or way of thinking than a capability with tangible assets and 
resources. It may be executed using a unit's own troops and equipment. An effective deception does not 
have to be elaborate or complex; however, any time deception is part of an operation, it is the main effort 
for the information operation and should be included in the defined operational advantage (information 
superiority) provided for the mission. 


2-13. MILDEC is a method, not a result. MILDEC is not conducted merely to deceive an adversary. 
Deception is used only to support the mission. Figure 2-5 shows ways to employ MILDEC. 


Application Purpose | Focus 


MILDEC Achieve an exploitable advantage | [Ne adversary's leaders and 
decisionmakers 


The adversary’s intelligence, 
surveillance, and reconnaissance 
capabilities 


Deception as part of camouflage, Protect units, systems, and The adversary’s weapons and 
concealment, and decoys personnel target-acquisition system 


Figure 2-5. Military deception usage 


Deny information about friendly 


Deception in support of OPSEC forces 
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2-14. MILDEC actively targets adversary leaders and decisionmakers in support of specific battles and 
engagements. It creates an exploitable advantage by misleading or confusing the adversary’s 
decisionmaker. Distorting, concealing, or falsifying indicators of friendly intentions, capabilities, or 
dispositions that the adversary will see and collect can mislead or confuse the adversary. MILDEC is 
conducted at all levels—strategic, operational, and tactical—and must be carefully coordinated to 
deconflict operations between the HQ and subordinate units. 


2-15. Deception in support of OPSEC is conducted to reinforce unit OPSEC and is planned using the 
OPSEC plan as the basis for the deception. A deception in support of OPSEC uses false information about 
friendly forces’ intentions, capabilities, or vulnerabilities to shape the adversary's perceptions. It targets the 
adversary's intelligence, surveillance, and reconnaissance abilities to distract the adversary's intelligence 
collection away from, or provide cover for, unit operations. A deception in support of OPSEC is a 
relatively easy form of deception to use and is very appropriate for use at battalion-level and below. To be 
successful, a balance must be achieved between OPSEC and MILDEC requirements. 


2-16. Camouflage, concealment, and decoys are normally individual or unit responsibilities and governed 
by SOP. These actions may be taken for their own ends. They can also play a role in a larger MILDEC or 
deception in support of OPSEC operations where camouflage, concealment, and decoys comprise just a 
few of many elements that mislead the adversary's intelligence, surveillance, and reconnaissance abilities. 
Merely hiding forces may not be adequate, as the adversary may need to "see" these forces elsewhere. In 
such cases, cover and concealment can hide the presence of friendly forces, but decoy placement should be 
coordinated as part of the deception in support of OPSEC. 


2-17. The uncertainties of combat make decisionmakers susceptible to deception. The basic mechanism for 
any deception is either to increase or decrease the level of uncertainty (commonly referred to as ambiguity) in 
the mind of the deception target. Both MILDEC and deception in support of OPSEC present false 
information to the adversary's decisionmaker to manipulate their uncertainty. Deception may be used in the 
following ways: 

e  Ambiguity-decreasing deception. This type of deception presents false information that shapes 
the adversary decisionmaker's thinking so he makes and executes a specific decision that can be 
exploited by friendly forces. This deception reduces uncertainty and normally confirms the 
adversary decisionmaker's preconceived beliefs so the decisionmaker becomes very certain 
about his COA. By making the wrong decision, which is the deception objective, the adversary 
could misemploy forces and provide friendly forces an operational advantage. For example, 
ambiguity-decreasing deceptions can present supporting elements of information concerning a 
specific adversary's COA. These deceptions are complex to plan and execute, but the potential 
rewards are often worth the increased effort and resources. 

e  Ambiguity-increasing deception. This deception presents false information aimed to confuse the 
adversary decisionmaker, thereby increasing the decisionmaker's uncertainty. This confusion can 
produce different results. Ambiguity-increasing deceptions can challenge the enemy's 
preconceived beliefs, draw enemy attention from one set of activities to another, create the 
illusion of strength where weakness exists, create the illusion of weakness where strength exists, 
and accustom the adversary to particular patterns of activity that are exploitable at a later time. 
For example, it can cause the target to delay a decision until it is too late to prevent friendly- 
mission success. It can place the target in a dilemma for which there is no acceptable solution. It 
may even prevent the target from taking any action at all. Deceptions in support of OPSEC are 
typically executed as this type of deception. 


2-18. Before planning a deception, it is first necessary to determine if there is a deception opportunity. A 

deception may be a feasible option if it is appropriate to the mission and if there is a possibility of success 
against the adversary. The following questions should be considered when planning deception: 

e Is the adversary susceptible to deception? Planners should use the J-2/G-2/S-2 adversary COA 

as a basis to develop information about the adversary's system and decisionmaking process. 

Planners should determine how the deception target acquires and acts on information, what 

knowledge the target has of the situation and how the target views the friendly force. If 
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necessary, planners should make assumptions. To do this, they should try to place themselves in 
the position of the adversary without mirror imaging. 

e Does the friendly mission lend itself to deception? Some missions are better suited to deception 
than others. Planners should not feel compelled to work deception into every operation. 
Generally, when a unit has the initiative and can exercise some control over the mission area of 
operations (AO), then deception is possible. 

e Do constraints prevent the use of deception? Other than the constraints imposed by authorities 
and political considerations, the most important consideration is time. Execution of the mission 
must allow enough time for the adversary to see the deceptive activities, reconstruct the activities 
into the deception story, form the desired perceptions, and issue the orders that will cause the 
adversary force to act in a manner consistent with the deception objective. 


e Are friendly assets available? To successfully deceive the adversary, MILDEC requires assets. 
However, very few assets are specifically designed and designated for deception purposes. This 
means that existing assets have to dedicate support to the deception. This is sometimes difficult, 
especially when assets are limited. Therefore, the unit may have to be creative to find assets and 
to use them efficiently. 


Note. JSOTF will support strategic MILDEC plans and plan operational MILDEC. At the SOTF 
and below, units will use tactical MILDEC. Appendix B provides additional information and a 
tactical deception aid format. 


2-19. As with other operations, deception planning follows the military decisionmaking process. Planning 
a deception does not have to be difficult, but there are certain steps that must be taken to ensure the 
deception is properly constructed. The steps are as follows: 
e Determine the deception goal. The deception goal is the desired contribution of the deception to 
friendly-mission success. In other words, what advantage does the deception provide for friendly 
forces (for example, provide target opportunities for friendly forces)? 


e Determine the deception objective. The deception objective is the purpose of the deception 
operation expressed in terms of what the adversary is to do or not to do at the critical time and 
location. In simpler terms, it is the action or inaction that friendly forces want the adversary to 
take (for example, cause insurgent forces to move into the open). 

e Identify the deception target. The target is the adversary decisionmaker with the authority to 
make the decision that will achieve the deception objective (for example, the insurgent group 
commander). 

e Identify desired perceptions. These are what the deception target must believe to make the 
decision that will achieve the deception objective. Based on the deception objective and target, 
the planner must determine the nature of the desired perceptions—will they increase or decrease 
the target's uncertainty (ambiguity increasing or decreasing)? Desired perceptions eventually 
translate to resource requirements; therefore, the number of perceptions should be kept to an 
absolute minimum to conserve the assets needed for the deception (for example, U.S. forces are 
going to attack from the south). 

e Develop the deception story. The deception story is a plausible, but false, view of the situation 
which leads the deception target to act in a manner that accomplishes the deception objective. To 
be plausible, the story must be integrated into the overall COA. The story is built and stated 
exactly as the planner wants the target to reconstruct it. To develop the deception story, the 
planner thinks about how the target sees the situation and then writes the story like the deception 
target's own intelligence estimate. The story is always written from the target's perspective— 
what does the target expect to see and think and what will he do (for example, indications are 
that U.S. forces are massing to the south in preparation for an attack)? 

e Identify the deception means. These are the methods, resources, and techniques that the unit will 
use to create required observables (things the adversary decisionmaker needs to see to deduce the 
desired perceptions) and act out the deception story. The planner must determine for each desired 
perception what means—physical, technical, and administrative—can be used. Physical means 
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are observable physical activities of forces, systems, and individuals that present visual 
indicators. Technical means include radio broadcasts, radar emissions, and electromagnetic 
deception. Administrative means are used to convey oral, pictorial, documentary, or other 
material evidence to the deception target. 


e Develop deception events. These are the activities conducted by the deception means at a specific 
time and location to convey the deception story to the target. To convey the deception story, the 
deceptive activities must be observed by the adversary. To determine this, planners pair up the 
available deception means with the capabilities of the adversary's intelligence collection system. 
If the adversary intelligence system can “see” the deceptive event, then it can collect the 
information it needs to piece together the deception story. Deception events must be translated 
into tasks to subordinate units if the deception operation is to be executed (for example, 
loudspeaker simulating vehicle traffic, SFODA present in area). 

e Develop OPSEC measures. Without OPSEC to deny critical information to the adversary, the 
deceptive activities may not convince the adversary to believe the deception story. In order for 
the deception to be successful, the unit must adhere to a strict need-to-know policy. 


e Develop assessment requirements. Collecting feedback is a difficult challenge. However, to 
judge the effectiveness of the deception, it is necessary to have indications of how the target is 
responding to the deception. Ideally, there will be indicators of whether the target is receiving the 
deception story as planned, and if the target is acting in accordance with the deception objective 
(for example, insurgents move from building to highway). 


e Develop a termination plan. A deception operation does not just end on its own. Part of the 
operation is a termination plan that establishes when organized deception activities cease, and 
how deception means, techniques, and events will be protected. This is important, because there 
is no logic in executing a deception after the objectives have been met. Additionally, the 
adversary should not know what deception means, techniques, and events were used. Otherwise, 
the next deception operation may not have the desired effect due to the adversary gaining 
insights into friendly TTP. 


2-20. In time-constrained deception operations, the "see—think-do" methodology can be used as an 
abbreviated planning process. The planner uses this process by identifying what he wants the target to do 
(for example, the deception objective), then determines what the target must think (for example, required 
perceptions), and then establishes what the target must see (for example, deception events). 


2-21. Deception operations cannot proceed without approval or coordination. Two authorities can direct a 
deception operation: a higher HQ and the unit commander. In both cases, the command's deception plan 
must be coordinated with the higher HQ. To ensure coordination, deception plans are normally approved 
two levels above the employing unit HQ. It is imperative that a deception be thoroughly coordinated to 
prevent information fratricide; that is, employing deception in a way that causes effects in the information 
environment that impede the conduct of friendly operations or adversely affect friendly forces. 


2-22. The military deception work sheet (Figure 2-6, pages 2-9 through 2-11) is a tool that can be used to 
capture the key elements of the deception plan. Elements of planning information are listed on the work 
sheet in the order they are developed using the deception methodology. 
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Unit Mission: (Concise restatement of the mission. 
Identifies the operational goal(s) of the command to which 
the deception must contribute.) 


Establish a bridgehead across the Knewt Canal to rapidly 
advance forces deep into Towie territory and occupy key 
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Deception Constraints: (Identify constraints on the 
command from higher to lower as they affect the 
deception plan.) 


All liaison activities with members of friendly foreign 
governments and Allies that concern this operation will 


terrain on Sangria Ridge. not be conducted with prior approval by the Atari Chief 


of Staff of the military. 


War stocks, particularly ammunition, will be stored, 
handled, transported, and issued with exercise 
ammunition. The perception that Atari is conducting 
Exercise SACRED HEART must be maintained. 


Wartime SOPs, wartime communications, and wartime 
modes of operation will not be implemented until two 
hours prior to commencement of the actual attack 
operation. 


Commander's Guidance for Disposition/Deception Goal: (Describe the desired effects or the end state a 
commander wishes to achieve [commander's intent for the deception operation].) 


Intent: We will mask the plans for our attack and build-up of our military strike forces by massing supporting logistic 
elements, the forward deployment of our assault engineers and air defense umbrella, and our increased 
communications under the guise of Exercise SACRED HEART (the annual Atari command post and maneuver 
exercise). Exercise SACRED HEART provides the overall cover to conceal our actual intentions. 


End State: Numerically and qualitatively superior combat, combat support, and combat service support elements of 
the Atari 1st Army will be fully deployed on the south bank of Knewt Canal to execute canal crossing operations, 
drive deeply into Towie territory, and occupy key terrain on Sangria Ridge. 


Atari Commander's Goal Statement: Use MILDEC to achieve operational surprise during Atari canal crossing 
operations; and enable Atari freedom of maneuver during our drive to the Sangria Ridge. 


Deception Objective: (Describe the desired action or inaction on the part of the adversary at the critical time and 
location.) 


Cause the Towie front commander to delay mobilization and commitment of the Towie strategic reserve in response 
to operations. (Note: If a delay in mobilization and commitment of the strategic reserve is achieved, this delay then 
contributes to/supports the Atari commander's goal statement of achieving surprise.) 


Deception Target: (Identify adversary decisionmakers responsible for the actions(s) or inaction(s) specified in the 
deception objectives.) 


The Towie front commander has sole authority to mobilize and commit the Towie strategic reserve—he is the single 
and only decisionmaker that can make this decision. 


Desired Perceptions: (Describe what the deception target must believe for it to make the decision that will achieve 
the deception objective.) 


The Towie front commander must believe: 
- The Atari military is not preparing for immediate combat operations against the Towie forces or nation. 


- The Atari military is conducting Exercise SACRED HEART to improve wartime fighting efficiency, mission 
command, and logistics; hence, the buildup of its military forces. 


- Towie intelligence should detect visible signs of impending combat operations, but Atari forces would be preparing 
for an exercise and training in the open. 


Deception Story: (Outline a scenario of friendly actions 
or capabilities that will be portrayed to cause the 
deception target to adopt the desired perception.) 


Deception Means: (Describe how the plan will be 
implemented and how it supports the unit's overall 
mission.) 


Atari military forces are conducting Exercise SACRED 
HEART. The purpose of Exercise SACRED HEART is to 
improve the fighting efficiency, mission command, and 
logistics of the Atari Army via the exercise's numerous 
training and maneuver phases. 


Atari forces can employ the following MILDEC means to 
get the target to take the action desired: physical, 
technical, and administrative. These means can be 
employed independently or in collaboration depending 
on the situation. 


(continued) 


Figure 2-6. Example of a military deception work sheet 
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Assessment: (Describe the methodology to assess the 
deception plan if the plan is successful; if the deception 
fails, or is compromised to Allies or adversaries.) 


The command military deception officer will use feedback 
and intelligence information collected by the command's 
intelligence officer/directorate to assess if the deception 
plan is successful, has failed, or had been compromised. 


Feedback: Is the information providing indications of the 
response (positive or negative) of the deception target 
and conduits to elements of the deception. 


Target (Analytical) Feedback: This is information or 
analytical determinations regarding the actions of the 
target in response to the deception executed by the 
deceiver. 


Conduit (Operational) Feedback: This is information that 
provides indications of if and how the conduits are 
receiving, processing, and transmitting elements of the 
deception to the target. 


Indications of identification of enemy deception and 
counterdeception are provided by the command's 
intelligence officer/directorate. It is their responsibility to 
identify foreign deception operations against friendly 
forces. 
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Physical means are those activities and resources 
used to convey or deny selected information to the 
decisionmaker. Physical means include operational 
activities and resources such as: 


- The movement of the Atari Army and Air Force. 


- Exercise SACRED HEART subexercises and 
training events. 


- Atari logistic actions and the location of stockpiles 
and repair facilities during Exercise SACRED HEART. 


- Reconnaissance and surveillance activities 
performed during Exercise SACRED HEART. 


Technical means are the military material resources 
and their associated operating techniques used to 
convey or deny selected information to an adversary. 
As with any use of Atari military material resources, any 
use of technical means to achieve MILDEC will strictly 
comply with Atari domestic and international law. A 
variety of technical means include the following: 


- Deliberate radiation energy is accomplished when 
Atari command posts, reconnaissance and 
surveillance, and air defense networks go operational 
during Exercise SACRED HEART. 


- Atari multimedia (radio, television, sound 
broadcasting, or computers). 


Administrative means include resources, methods, 
and techniques designed to convey or deny oral, 
pictorial, documentary evidence. The best example of 
this is a well-publicized announcement (all media 
outlets) of the upcoming Exercise SACRED HEART. 


OPSEC Measures to Protect Deception: (What 
OPSEC and other countermeasures are to be used to 
protect the deception plan from compromise.) 


OPSEC measures to implement include the following: 


- The true nature of the operation will be strictly 
enforced by using the principles of "need to know." 


- Encrypted communications, secure land lines, and 
couriers will be used to convey information about our 
true intentions. All other traffic will use the Exercise 
SACRED HEART communications network to pass 
information. 


- The Exercise SACRED HEART SOP is in effect 
command wide; implement the wartime SOP during 
Exercise SACRED HEART pause but no later than two 
hours prior to commencement of the actual operation. 


- No special emphasis will be placed on camouflage 
and concealment of actual assault forces. In the vicinity 
of crossing sites standard camouflage and concealment 
practices to be in place and enforced. 


- Standard counterintelligence operations are executed 
throughout the exercise area but with increased focus 
on the crossing site areas. 


- OPSEC assessments and monitoring will be in effect 
up until the time of the attack. 


Figure 2-6. Example of a military deception work sheet (continued) 
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Termination Plan: (What is the plan for terminating he 
deception plan if the desired effects are achieved, not 
achieved, or compromised?) 


Reasons for Termination: 


- Success. The deception operation has run its course 
and the MILDEC operation concludes because the 
deception target (Towie front commander) took the 
action envisioned in the MILDEC plan. 


- Change of mission scenario. The overall operation 
situation has changed and events and circumstances 
that prompted the deception operation no longer pertain 
or are applicable and the MILDEC operation is 
terminated by executing commander. 


- Recalculated Risk/Success/Probability of Success 
Scenario. Key elements in the deception have changed 
in a negative way that increases the risks and costs (for 
example, casualty estimates rise) to the commander 
and the commander elects to end the deception. 


- Failure Scenario. The deception target does not 
understand key elements of the deception or does not 
care about the deception elements being executed and 
therefore he fails to take the action envisioned in the 
MILDEC plan. The MILDEC plan is terminated because 
the Towie front commander has not taken the bait. 


- Compromise. The deceiver believes the adversary 
has learned some or all elements of t he actual 
deception operation. Compromise of the deception 
poses special challenges to the deceiver and the 
termination process. Not only can important deception 
capabilities and techniques be placed at risk, but once 
the adversary has discovered the MILDEC operation he 
may be able to "read the evidence" and reconstruct the 
tails of the MILDEC. Worst case scenario—the enemy 
(Towie front commander) may be able to exploit the 
compromised deception by initiating his own 
counterdeception operation to counter/negate the true 
operation. 


Figure 2-6. Example of a military deception work sheet (continued) 


MILITARY INFORMATION SUPPORT OPERATIONS 


2-23. The purpose of MISO is to induce or reinforce foreign attitudes and behavior favorable to the 
originator's objectives. In simpler terms, MISO seek to change or reinforce foreign attitudes to further U.S. 
national objectives. 


2-24. The more deliberate the planning process is prior to execution, the more likely the MISO effort will 
be coordinated and integrated with the supported unit's plans. Planning for MISO begins the process of 
identifying specific individuals, groups, or organizations to influence as part of the commander's overall 
objectives. When the MISO process is properly executed, it provides the commander with a formidable 
tool to gain a decisive advantage on the battlefield and potentially save lives. 


2-25. Key terms discussed throughout this chapter are defined below: 

e MISO programs support U.S. national policy and objectives and are approved by the Under 
Secretary of Defense for Policy (USD[P]) through the interagency process. Approved MISO 
programs provide the framework for the execution of MISO in support of the range of military 
operations. MISO programs include objectives, themes to stress, themes to avoid, potential target 
audiences, attribution posture, means of dissemination, a concept of operations, and funding 
sources. To execute MISO, U.S. policy requires a USD(P)-approved MISO program be in effect 
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for the operation in question as well as specified execution authorities in the form of an 
execution order, operation order, or theater security cooperation plan. 

e A MISO theme is an overarching subject, topic, or idea. It often comes from policymakers who 
establish the parameters for conducting MISO by delineating the themes to stress and avoid. 

e Target audiences are groups of people that can effect achievement of the commander’s mission 
and toward which actions are directed. Planning for MISO requires a thorough analysis of each 
group’s attitude, behavior, susceptibility, and sources of information to determine which themes, 
messages, and means will effectively influence the group to exhibit the desired behavior. 

e MISO objectives are general statements of measurable response that reflect the desired behavioral 
change of foreign target audiences and best support the accomplishment of the supported 
commander’s mission. Generally, the MISO objective is written at the geographic combatant 
commander level and is part of the geographic combatant commander’s overall campaign plan. 

e Supporting MISO objectives are the specific behavioral responses desired from the target audience 
to accomplish a given MISO objective. Supporting MISO objectives are unique for each MISO 
objective, and each MISO objective always has two or more supporting MISO objectives. 

e MISO series consist of all the MISO products and actions designed to accomplish one behavioral 
change by a single target audience. 

e Distribution is the movement of completed MISO products from the production source to the 
point of dissemination. 

e Dissemination is the delivery of MISO products directly to the target audience. Planners must 
keep in mind that each target audience varies greatly in their access to a particular medium, 
whether it is radio, television (TV), newspapers, posters, and so on. Additionally, the ability of 
target audiences to understand the message varies because of language, cultural, or other barriers. 


Note. An essential element of effectively planning for MISO is integration into the targeting 
process. This allows MIS forces the opportunity to get the rest of the staff to understand the 
importance of its nonlethal targets and the psychological effects of planned operations on target 
audiences. 


2-26. Tactical-level MISO are typically conducted by MIS forces (directly attached at the SFODA level) 
through close-range means, such as face-to-face meetings, loudspeaker broadcasts, or by pinpoint 
distribution of products, such as leaflets to a particular village. 


2-27. Strategic-level MISO focuses on conveying select information to international regional foreign 
audiences. Operational-level MISO focuses on a theater of operations, whereas tactical-level MISO focuses 
on conveying select information inside a tactical unit’s AO. Because MISO are planned and executed at all 
levels, it is important that they be mutually supporting or complementary of other United States 
Government (USG) information activities, as well as other information capabilities (for example, PA and 
OPSEC). Generally, tactical-level MIS units will use this higher-level guidance as the basis for their own 
information activities. 


Note. The proximity to the target audience does not determine the level of support (tactical, 
operational, or strategic). Mission analysis and, ultimately, the MISO objective determine the 
level of support. Likewise, the impact of a MISO effort at the tactical level can have operational 
or strategic implications. 


2-28. Generally, a joint MISO task force assigned to the higher joint command provides direct guidance to 
all MIS forces in-theater to coordinate MISO at the strategic, operational, and tactical levels. Depending on 
the mission, either a company- or detachment-sized MIS element will typically support the JSOTF or a 
SOTF. Task organization is tailored in accordance with the mission, available resources, and priority of effort. 


2-29. The primary mission of a MIS company supporting a JSOTF is to conduct operations that influence 
behavioral responses and advise the commander of those responses and their impact on the operation. The 
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MIS company typically supports a variety of tactical-level special operations forces missions, monitors the 
psychological state of target audiences in the operating environment, and analyzes adversary information 
activities. It can develop, produce, and disseminate tactical-level products within the guidance assigned by 
the approval authority. The company consists of a company HQ section with a span-of-control of three to 
five detachments. Development and production of MISO products are typically conducted at the company 
level. 


2-30. A MIS detachment attached to the SOTF is comprised of a HQ section and three to six teams 
comprised of three to five Soldiers. The MIS detachment provides direction and oversight of the teams. 
The MIS detachment does product-dissemination planning by determining dissemination priorities and 
tracking the dissemination of products within the AO. (FM 3-53, Military Information Support Operations, 
and FM 3-05.301, Psychological Operations Process, Tactics, Techniques, and Procedures, provide a 
complete description of the responsibilities and duties of the respective MIS elements.) The team is a three- 
to five-man element led by an E-7; the team is generally task-organized down to the SFODA. The E-7 also 
serves as the MIS planner and advisor to the SFODA/SFODB commander and is responsible for the 
integration and employment of the team. The MIS team is the link between the SF commander and local 
target audiences in a given AO. This linkage is possible through face-to-face communication and 
rapport-building with local nationals. Whether conducting loudspeaker operations in support of combat 
operations or collecting information, on target audiences and the operational environment, the MIS team is 
a tactical asset that can significantly influence overall operations. Because of its integrated nature, the team 
is most effective when maintained as a cohesive element. After-action reviews suggest the division of a 
team decreases its capability. 


2-31. A tactical MIS team can perform the following functions during combat operations: 

e Reduce the adversary's will to fight. MIS Soldiers can use loudspeakers and leaflets to instill and 
exploit the fear of death or defeat in the adversary; undermine the adversary's confidence in their 
leadership; decrease their morale and combat efficiency; and encourage surrender, defection, or 
desertion. 

Support deception activities through employment of loudspeaker assets and other means. 
Minimize civilian interference with military operations. 

Monitor and assist in efforts to counter propaganda in the AO. 

Plan, develop, and monitor a key-leader engagement strategy for supported commanders to 
ensure this critical influence tool is appropriately aimed at achieving the commander's 
objectives. 


2-32. During stability and support operations, in addition to discouraging civilian interference and 
assisting in efforts to counter propaganda, MISO can support the following: 

e Humanitarian assistance. MIS units support humanitarian assistance operations by providing 
information on program benefits, shelter locations, food and water points, and medical-care 
locations. MIS units also publicize humanitarian assistance operations to build support for the 
United States and HN governments. 

e  Peacekeeping. MISO help gain acceptance for U.S. or allied forces in the AO, thereby gaining 
support and compliance with U.S. and allied policies and directives, and increasing support for 
HN governments or military and police forces. 

e  Noncombatant evacuation operations. MIS units support these operations by reducing 
interference from friendly, neutral, and hostile target audiences and by informing evacuees. 

e Demining operations. MISO educate the target audience on the dangers of mines, how to 
recognize mines, and what to do when a mine is encountered. MIS units encourage target 
audiences to report locations of mines and unexploded ordnance. 

e Foreign internal defense. MISO help build and maintain support for the HN government and its 
forces while decreasing support for insurgents. 


2-33. In the execution of the MISO series, the team leader coordinates the dissemination of all products 
through the higher MIS detachment and the maneuver unit. Products normally comprised of standard 
visual products, such as posters, handbills, and novelty items; audio products, such as loudspeaker 
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broadcasts, radio messages, and compact discs; and audiovisual products, such as video compact discs or 
digital videodiscs. In dissemination, the team follows the guidelines set forth in the series dissemination 
work sheet, which gives specific instructions for required dissemination to the appropriate target audiences. 
As part of its support to MISO development, the team provides details on possible dissemination sites and 
optimal dissemination times. 


2-34. Whatever dissemination means are used, the MISO messages communicated to the target audiences 
are guided by themes. A theme is a subject, topic, or idea used as a planning tool to develop a MISO series. 
For MISO, a theme is developed through target audience analysis based on approved MISO objectives and 
formulated to affect the attitudes or behaviors of the target audience. As such, themes are broad, somewhat 
static, and not communicated to the target audience. At the tactical level, MISO themes should be the basis 
for all communication with the adversary, local populace, and any other target audiences. The two types of 
themes are the themes to be stressed and the themes to be avoided. The list of themes to stress and avoid 
can be found in the higher HQ MIS annex. The following are examples of themes: 


e Themes to stress. Only local people can resolve problems, coalition forces do not favor any 
group or faction, and displaced persons should return to their homes. Themes to be stressed vary 
according to the target audience: 

= Enemy forces. Themes include inevitability of defeat, hardship and privation, and absence 
from loved ones. 


=» Local population. Themes to stress include security and stability, reconstruction and 
economic prosperity, tribal and cultural, nationality and history (for example, Iraq is a 
multi-ethnic, tribal-sect-dominated state), insurgents are criminals and miscreants. 

= Foreign governments. Themes to stress include commitment and resolve, international 
security, and cooperation. 

= Third-party organizations. Themes to stress include security, stability, and solidarity with 
military forces. 


e Themes to avoid. Themes to avoid include religious issues, cultural comparisons, women's roles 
in local society, themes that appear to favor one faction or group over another, and themes that 
degrade local ethnic, cultural, or religious values. 


2-35. A message is a communication of the theme, whether visually, audibly, or in written form. Messages 
are communicated to the target audiences to influence their attitudes and behavior. As such, messages are 
specific, constantly evolving with the situation, and tailored to specific target audiences. Messages may 
take either of the following forms: 
e Spoken. Messages can be spoken communication delivered in TV and radio broadcasts, talking 
points delivered during face-to-face communication or loudspeaker broadcasts. 


e Written. Written messages can be delivered by leaflets, handbills, or posters. 


In any case, a message is a single thought to be conveyed from U.S. forces to the enemy or other target 
audience (such as the local populace). 


2-36. Because of the number of messages and themes available to the commander for his information 
activities, it is imperative that the IO staff coordinate and synchronize all messages (for example, MIS 
planner, PAO, CA planner) emanating from the commander. This deconfliction should ensure that 
messages from different elements are not contradicting one another and that the correct message is 
communicated to the correct target audience at the right time and place. 


2-37. MISO are not the only IO capability that produces themes and communicates messages to the 
adversary or populace. PA produces and uses PA themes and messages to communicate with the media and 
inform the populace. MILDEC may communicate deceptive messages to the adversary. Therefore, MISO, 
PA, and MILDEC must coordinate and synchronize themes and messages so that the correct message is 
communicated to the correct target audience at the right time and place to avoid information fratricide. 


2-38. By using MISO, the commander brings to bear a force-multiplier that uses its capabilities to degrade 
the enemy's will to fight, reduce civilian interference, minimize collateral damage, and maximize the local 
population's support for operations. MIS forces do this by using assets at their disposal to reach local and 
over-the-horizon targets with different visual, audio, and audiovisual products. Proper employment of 
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MISO means fewer casualties (friendly, enemy, and civilian), fewer U.S. troops required to accomplish the 
mission, shorter operations, and less damage to infrastructure. Success in these areas results in faster 
reconsolidation of combat elements, less required rebuilding of infrastructure, and ultimately, quicker 
return of a nation to self-sufficiency. 


2-39. When employing MISO, there are three primary limitations to consider. First, only personnel school 
trained in MISO and designated by their Service as MIS officers or Soldiers should develop MISO series 
(although any friendly-force element can disseminate products and conduct face-to-face engagements). 
Second, there are legal and political factors that may restrict the use of MISO. MISO must follow U.S. and 
international laws, especially when used without a declaration of war. The third constraint is time. MISO 
planning must begin early in the operation and continue throughout if it is going to effectively influence 
the target audience in time to support the operation. FM 3-53 and FM 3-05.301 provide further details on 
MISO planning and TTP. 


ELECTRONIC WARFARE 


2-40. EW plays a major role in attacking and exploiting the adversary's ability to use information, while 
defending the U.S. ability to process information. By definition, EW is any military action involving the 
use of electromagnetic and directed energy to control the EMS or to attack the enemy. It consists of three 
divisions: electronic attack (EA), electronic protection, and electronic warfare support. EA is the use of 
electromagnetic energy, directed energy, or antiradiation weapons to attack personnel, facilities, or 
equipment with the intent of degrading, neutralizing, or destroying enemy combat capability. EA is 
considered a form of fires. Electronic warfare support involves actions taken to search for, intercept, 
identify, and locate or localize sources of intentional and unintentional radiated electromagnetic energy for 
the purpose of immediate threat recognition, targeting, and planning. Electronic protection involves passive 
and active means taken to protect personnel, facilities, and equipment from any effects of friendly or 
enemy employment of EW. Of EW's three major components, EA has the most direct role in support of 
IO, especially at the tactical level. At the tactical level, EA is primarily used to attack adversaries by 
jamming the electromagnetic frequencies used by the adversary (degrading or disrupting information flow) 
or using the EMS to deceive the adversary (affecting the information content available to decisionmakers). 


2-41. The objective of EA planning and execution is to ensure use of the EMS for friendly forces while 
preventing the adversary's effective use of the spectrum. Electromagnetic jamming denies the adversary 
the use of its receivers by overwhelming them with high-powered signals on the same frequency as the 
receiver. Procedurally, this is accomplished through spectrum management and deconfliction. Spectrum 
management controls frequencies that all friendly emitters use to prevent interference and fratricide. 
Deconfliction is the process used to avoid conflicts in frequency usage. It is also used during mission 
execution to resolve interference problems. 


2-42. To meet the technical requirements of EA, an EW officer is often needed to effectively plan, 
coordinate, monitor, and assess friendly and adversary force activity in the EMS. However, depending 
upon the unit, an EW officer may not be authorized. If the unit does not have an EW officer, EA 
responsibilities will usually fall to the IO planners. In such a case, IO planners should research the EW 
assets available to the command from higher HQ and establish contact with representatives from the units 
that possess the assets. 


2-43. Synchronization of EW tasks is imperative. Up to a certain point in the operation, friendly forces 
may want adversary decisionmakers to communicate, so they do not want to tip off the adversary by 
jamming too early in the operation. Additionally, lack of frequency deconfliction can result in information 
fratricide among friendly forces. 


2-44. Basic planning considerations for EA include the following: 


e Enemy vulnerabilities. The J-2/G-2/S-2 should have an electronic order of battle and other 
intelligence products that identify how the enemy uses the EMS—which systems are critical to 
adversary operations, what those systems are used for, and what frequencies those systems use. 
This information helps determine specific electromagnetic vulnerabilities that may be exploited. 
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e Friendly capabilities. Tactical units have limited organic EA assets. Most EA assets are assigned 
at higher echelons. It is important to know specific capabilities organically available to the unit, 
as well as those assets that are available through higher HQ. 

e EA deconfliction. Frequency-spectrum management ensures effective use of the EMS, preventing 
interference with military and civilian frequencies. 

e Rules of engagement. EA usually has rules of engagement that must be followed to avoid 
violating international treaties that control the use of the EMS. In peacetime, EA is generally 
used only to protect friendly forces. In wartime or conflict, there are restrictions concerning the 
impact of EA on civilian emergency services. 


Note. At the SFODA/SFODB level, leaders must coordinate with the SOTF IO planner for an 
effect in the EMS. The IO planner will coordinate with the EW officer to identify the means to 
achieve the effect. It is imperative that EA be coordinated and deconflicted with higher and 
adjacent elements. The frequency range on the EMS or the cell tower that needs to be jammed 
for an operation may be the primary means of communications or intelligence collection for 
friendly forces. 


COMPUTER NETWORK OPERATIONS 


2-45. CNO provide IO planners with the ability to affect information content and flow within cyberspace. 
The three elements of CNO are computer network attack, computer network defense (CND), and computer 
network exploitation. A computer network attack is the use of computer networks to disrupt, deny, 
degrade, or destroy information resident in computers and computer networks, or the computers and 
networks themselves. CND is the use of computer networks to protect, monitor, analyze, detect, and 
respond to unauthorized activity within Department of Defense information systems and computer 
networks. Information technology professionals assigned to the command, control, communications, and 
computer systems directorate of a joint staff (J-6); assistant chief of staff, command, control, 
communications, and computer systems staff section (G-6); command, control, communications, and 
computer systems staff officer (S-6); and specialized organizations typically execute CMD. Often these 
same personnel conduct IA activities. Computer network exploitation is an enabling operation and 
intelligence collection capability conducted by using computer networks to gather data from target or 
adversary automated information systems or networks. IO planners strive to integrate these CNO elements 
in cyberspace while synchronizing and coordinating them with other IO capabilities to ultimately achieve 
information superiority. CNO is typically a collective effort involving separate Services and interagency 
organizations seeking to achieve effects across the globally interdependent network of information 
technology infrastructures that include the Internet, telecommunications networks, computer systems, and 
embedded processors and controllers. 


Note. Other than CND, which is executed by the J-6/G-6/S-6, CNO is not conducted at the 


JSOTF. If a need for CNO arises, the IO planner at the JSOTF will request support through 
appropriate channels. It requires a long lead time for the approval process. 


2-46. Although CNO has a unique request process involving the joint operations planning process and 
classified supplemental processes, successful CNO planning relies on a five-step process (Figure 2-7, 
page 2-17) that should be integrated into the unit’s planning process. 
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Identify CNO contributions to the information operation and determine targets. IO planners should 
refrain from identifying specific tasks to CNO and should focus on the desired effect for CNO in support of 
the information operation. This can be achieved by reviewing the previously determined IO objectives and 
identifying which objectives can be supported by CNO in terms of the effect included in the objective. 
Once the objectives to be supported are identified, IO planners coordinate with J-2/G-2/S-2 to identify 
potential targets for CNO. Related planning factors for a typical computer network attack include the— 


Quality of available intelligence. 

Reliability of access to the targeted network. 

Level of risk determined through a collateral-effects estimate. 
Timely availability of a required capability. 


IO planners should include CNO-related activities when developing measures of effectiveness (MOEs) 
associated with the IO objectives and identify collection methods for MOEs associated with CNO. 


Determine time available. During this step, IO planners determine if there is time available to employ 
CNO in support of the information operation. Considerations include approval timelines, required timing 
and execution of other IO capabilities in regard to shaping the information environment, and whether 
delayed or disapproved CNO integration will substantially affect specific IO capability efforts or IO's overall 
contribution to the mission. 


Obtain approval. Although CNO is an operational-level planning function, units at the tactical level should 
not hesitate to request CNO support if they identify an appropriate use. The request for CNO is a request 
for national-level assets. The CNO approval process has unique complexities. CNO-related authorities 
are retained at high echelons, and IO planners should plan accordingly. When completing CNO requests, 
IO planners should clearly show the necessity for CNO and its impact on mission accomplishment. IO 
planners at the tactical level should contact operational-level IO planners to submit CNO requests. 
Operational-level planners should handle the somewhat-formal approval process. One significant factor 
pertaining to approval is the fact that computer network exploitation has two distinct subelements. The 
first is that of an intelligence function (collection) and the second is that of an operations activity 
(enabling). This distinction is important because CNO, by doctrinal definition, does not include the 
intelligence subelement of computer network exploitation. However, under Title 10, United States Code, 
CNO can conduct similar activities as long as they are not for the purposes of intelligence collection. The 
intelligence community, operating under Title 50, United States Code, can conduct both subelements of 
computer network exploitation. Therefore, to ensure all activities are legal, coordination between these 
communities is usually required prior to approval. 


Execute CNO tasks. Execution of CNO should be monitored by the unit to ensure synchronization with 
other IO capabilities as well as unit maneuver elements. IO planners should identify collected 
CNO-associated MOEs and make recommendations to the commander concerning variations to the plan. 


Conduct after-action review. Upon completion of the operation, IO planners should determine if CNO 
tasks supported the IO objectives, as planned. IO planners should identify additional CNO tasks that may 
have increased friendly-force advantage. IO planners also review the request for CNO and determine 
what information would have expedited the request. They determine if all MOEs were able to be collected. 
If not, they determine what changes should be made for future operations? Finally, IO planners determine 
how the unit will handle unexpected CNO-related adversary responses in the future. 


Figure 2-7. Five-step computer network operations planning process 


COMBAT CAMERA 


2-47. JP 1-02 defines COMCAM as the acquisition and utilization of still and motion imagery in support 
of operational and planning requirements across the range of military operations and during joint 
exercises. 
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No, We Did Not 
In the spring of 2009, Iragi Security Forces conducted an operation in central Iraq 
with U.S. SF advisors to capture an insurgent leader. During the course of the 
operation, sensitive-site exploitation information led the FID partner-force to a second 
location. The Iraqi Security Force with U.S. SF advisors searched the second 
location and then departed. Following the operation, the government of Iraq received 


complaints that property had been damaged and personnel were harmed during the 
search. 


Due to the IO planning for the operation, COMCAM accompanied the assault force 
and provided crucial footage proving that no damage was caused to the facility and 
personnel were treated with respect. The footage was reviewed and released by 
higher HQ to refute the accusations. 


2-48. COMCAM documents military operations with both video and still photography. When the mission 
dictates, it is used to— 

e Gather intelligence. COMCAM provides imagery of potential targets or target areas and supports 
battle-damage assessments. 

e Support planning efforts. COMCAM validates assumptions by providing accurate images of a 
situation. 

e Provide imagery to PA and other IO capabilities. COMCAM provides graphics, photography, 
video products, and print media to enhance the effectiveness of PA press releases and MISO 
products. 

Document interrogations and autopsies. COMCAM provides evidence of proper techniques and 
procedures. 

e Support landing zone studies. COMCAM imagery can help determine the diameter of the area 
and the terrain's grade. 

e Provide historical documentation. COMCAM provides evidence of events for future use (for 
example, Red Cross investigations) and preserves the accuracy of historically significant events. 


2-49. COMCAM captures a photographic record of military operations but, more importantly, it allows 
commanders to provide visual proof of operations for MISO and PA and to counter adversary IO for 
enemy, adversary, and neutral information activities. Once the COMCAM team's captured imagery or 
video is released by the supported commander, the imagery is digitally transmitted to the noncommissioned 
officer in charge of the JSOTF. Prior to sending the product to the joint combat camera center (JCCC), the 
imagery is reviewed to obtain the commander's release approval. Once approved, the image is sent to the 
JCCC, where it may be used by any Department of Defense entity that has access to the imagery database. 
For example, MIS elements may use these pictures to develop products, whereas PA will use these pictures 
during press conferences and media-engagement activities. At the tactical level, units can use these images 
to make immediate impact on the populace within the operating area by producing visual products 
highlighting local events, good or bad, to achieve the goals set by the unit commander. The complete cycle 
from image acquisition to receipt by the JCCC must occur within 24 hours for the collection imagery to 
remain a viable decisionmaking tool for national-level leaders. 


2-50. The method of documentation depends on the purpose of the mission, the environment in which the 
documentation occurs, and the support available to the Soldiers documenting the event. There are three 
different COMCAM documentation methods: 

e Still photography. Still photography involves producing, processing, and reproducing still- 
picture films, prints, and transparencies. These images can be captured using film or digital 
cameras or can be taken from motion picture or video photography. COMCAM teams use digital 
still-video cameras to capture and transmit images electronically. Some cameras also have night- 
vision devices that permit them to be used during darkness or other limited-light conditions. 
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e Motion media. Motion media is documentation of activities or operations as they occur. Motion 
media technology can be used in daytime, nighttime, and limited-visibility operations. The film, 
which captures positive and negative images, must be edited before IO or other staff elements 
can effectively use it. 

e Multimedia presentations. Multimedia products can be used for a variety of purposes, from 
meeting training requirements to serving as a means to transmit public information. They allow 
commanders to review the operations and training of their forces, and introduce new and 
improved operational techniques and developments to subordinates. 


2-51. COMCAM imagery must be reviewed by appropriate staff members of the supported command prior 
to release. The supported commander is the release authority for all collected COMCAM images before 
they are transmitted out of theater. Composition of the review board should be tailored based on the 
specific unit design. A typical review board includes the following individuals: 


e  J-2/G-2/S-2 representative (for identification of possible intelligence and exposure of classified 
information). 


OPSEC officer (for identification of possible disclosure of unit critical information [EEFI]). 


Judge Advocate General (for identification of possible or perceived violations of the laws of land 
warfare). 


e Operations directorate of a joint staff (J-3)/assistant chief of staff, operations staff section 
(G-3yoperations staff officer (S-3) representative (for identification of exposed TTP or any 
content that is not desirable for release). 


e PAO (for public-release consideration). 


2-52. To maximize COMCAM support, leaders should— 


e Employ COMCAM as an operational asset assigned to the J-3/G-3/S-3. A COMCAM 
representative is identified within the J-3/G-3/S-3 to plan for the employment of COMCAM. 


e Plan to employ COMCAM during the initial phases of an operation to ensure comprehensive 
mission documentation. 


e Provide COMCAM with full mission access (as is reasonably and tactically feasible) during each 
phase of the operation. 


Ensure COMCAM coverage availability before, during, and after operations. 


e Ensure tasks to COMCAM personnel include clearly defined requirements and priorities. Include 
a purpose for each task to take advantage of COMCAM personnel initiative. 


Ensure COMCAM imagery is reviewed by PAO prior to release outside of the organization. 


Ensure COMCAM personnel provide imagery to the JCCC for immediate distribution to support 
strategic and operational objectives. 


Note. COMCAM can provide images for MISO, MILDEC, PA, and CMO. It can be used for 
battle damage MOEs. It can also serve as a record. 


LOCAL POPULACE AND KEY-LEADER ENGAGEMENTS 


The people...represent many things in [a] conflict—an audience, an actor, and a source 
of leverage—but above all, they are the objective. The population can also be a source of 
strength and intelligence and provide resistance to the insurgency. Alternatively, they 
can often change sides and provide tacit or real support to the insurgents. Communities 
make deliberate choices to resist, support, or allow insurgent influence. 


General Stanley A. McChrystal 


2-53. Engagement of the local populace and key leaders is an important part of any counterinsurgency 
campaign or operation. Effective communication with key leaders and key communicators can be critical 
to mission success at all levels. Not only do commanders and senior leaders conduct key-leader 
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engagements, but every Soldier has the potential to conduct some form of engagement with the local 
populace and leaders, and most importantly, to communicate a message through their actions. 


2-54. Military leaders who prepare, listen well, and communicate effectively are more likely to gain the 
cooperation and trust of the local populace. Commanders must also understand that influencing a given 
populace will most certainly require committing assets to help meet the people's needs—talk will only go 
so far. People associate actions with messages. SFODA actions on the objective must support the 
command's themes and messages. Messages with few or no supporting actions generally are given little 
credibility. 


2-55. The attached MIS element is the most capable, by purpose, training, and organization, to develop, 
plan, monitor, and assess a commander's key-leader engagement strategy. As key-leader engagement is 
targeted to influence an action or nonaction, it falls to the MIS element to develop the appropriate 
messages to be disseminated to the appropriate target audience at the right time as part of the commander's 
larger influence efforts. By using attached MISO personnel to manage the KLE program, a commander 
ensures a broader, more effective influence effort in his AO. 


TYPES OF ENGAGEMENTS 


2-56. In interacting with the local population, there are well-planned and coordinated meetings and chance 
encounters, as described below: 

e Planned face-to-face meetings. These meetings are daily or weekly key tactical-leadership 
activities that occur with local leaders and populace. Planned face-to-face engagements are well 
thought out and resourced. They are an important facet of the mission during counterinsurgency. 
Face-to-face meetings are often the result of the targeting process and support specific effects 
tied to accomplishing the desired end state. 

e Key-leader engagements. These meetings are at all levels between military leaders, HN 
government, and tribal or village leaders to achieve or support a specific desired effect. To match 
the appropriate military leader with the leader being engaged requires careful planning. 

e Chance encounters and contacts. Chance encounters typically occur with the local populace 
during patrols and other mission activities by MIS teams, Civil Affairs teams, and SFODAs. AII 
personnel with access to the local populace and leadership should be briefed on how to conduct 
face-to-face engagements, be aware of current matters of interest to the local populace, and be 
knowledgeable of the command's themes and messages. 


THEMES AND MESSAGES 


2-57. Themes and messages are two distinct entities. Each has its own purpose—they are not 
interchangeable. Themes are usually associated with specific lines of operations and are planning tools that 
guide the development of messages and other information tools (for example, talking points, MISO print 
and broadcast products, and PA guidance). Themes represent the broad idea the commander wants to get 
into the mind of the target audience. Themes are not communicated to the target audience; that is the role 
of messages. Themes are broad and enduring. 


2-58. Messages support themes and are communicated by speech, writing, or signals. They contain the 
information that will be delivered to the target audience. Messages are tailored to specific audiences and 
are meant to elicit or prevent a certain behavior. Messages constantly change with the situation and 
mission. Sources of messages include the following: 

e Command information messages. These messages convey the policies and intent of local 
commanders to their subordinates. The PAO develops command information messages. 

e Public information messages. These messages convey information to local target audiences 
through news, public-service information, and announcements from HN officials. The PAO 
develops public information messages. 

e  MISO messages. These messages convey specific information to selected foreign audiences to 
influence their attitudes, perceptions, beliefs, and behavior. MIS elements develop these 
messages. 
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TYPES OF MESSAGES 


2-59. Messages may be either negative or positive. Negative messages are used to attack the target 
audience or to convey the likelihood of negative consequences if the target audience does not engage in the 
desired behavior (for example, if you do not surrender, you will be killed). Positive messaging offers 
specific or implied benefits if the target audience engages in a certain behavior (for example, cooperation 
with coalition forces will result in the construction of a health clinic). 


Note. By doctrine, there are no IO themes and messages. MISO and PA have themes and 
messages. If needed, in coordination with MISO and PA representatives, the IO staff may have 
to develop command themes and messages. 


MESSAGE DEVELOPMENT 


2-60. When developing messages, it is important that message content addresses target-audience 
vulnerabilities (or perhaps an interest or motivation). Target-audience vulnerabilities are determined by 
considering the following four factors: 

e  Motives. Look for factors that drive target-audience behavior. Primary motives include basic life 
needs such as shelter, security, and food. Secondary motives evolve from social interaction 
within the family, clan, or tribe, or from membership in political and religious organizations. 

e Demographics. Look for target-audience characteristics, such as gender, ethnicity, religion, and age. 
Planners must determine which characteristics can be exploited to affect target-audience behavior. 

e  Psychographics. Look for the target audience's cognitive characteristics relevant to the world 
around them, both near and far. These can be values, beliefs, attitudes, and ideology that trigger 
emotional responses. 

e Symbols. Symbols are a sophisticated mix of graphics, video, audio, or audiovisual objects that 
reference architecture, religious symbols, historical events, and symbols with cultural or 
contextual significance to the target audience. 


2-61. Once vulnerabilities are identified, messages are crafted that communicate the approved themes to 
the target audience and address its vulnerabilities. Crafting messages is an art that requires time and 
thought. Figure 2-8, page 2-22, provides a sample message. A few guidelines to follow include— 

e Limit each message to one thought. 


e Keep each message succinct. Complex messages pose challenges for senders, translators, and 
receivers. Limit each message to one sentence and minimize internal sentence punctuation. 


e Keep messages to a manageable number. Rule of thumb is no more than five messages per theme 
or target audience. 


e Tailor messages for the means and method of delivery and the target audience. 


Convey a story (the theme) by arranging the messages from first to last. The sum of the messages 
should then tell the story (or theme). 


e Place the bottom line up front and summarize at the end. The first message should contain the 
most important thought. The last message should restate the first message. 


e Consider developing "escape" messages that leaders and Soldiers can use to deflect 
conversations away from the themes to avoid. 
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It is inevitable that the insurgents will be e While your leaders sleep safe in their warm beds, you 
defeated. are left to suffer in the cold and wind. 

e Your mothers will mourn the deaths of their sons, and 
your children will be orphans when you meet the bloody 
death that awaits you. 

e Lay down your weapons and return home to the families 
who need you. 

The Army is honorable and capable. e The Army is the guardian of the people. 

e The Soldiers fight like bold lions for the freedom of the 
nation. 

e The enemy comes with foreigners in the night to murder 
and rob their fellow tribesmen. 

e Help the Army defeat its enemies and provide 
information about terrorists, weapons, people, and 
activities. 

The insurgents are responsible for civilian e The United States and its allies do everything possible to 
deaths. avoid civilian deaths. 

e The insurgents hide among the populace. 

e [tis well known that the terrorists place women and 
children in harm's way when it suits their purposes. 


Figure 2-8. Example message (paired to themes) 
2-62. The tool that can be used to develop and organize themes and messages is a message development 
matrix (Figure 2-9). 
Target Audience Desired Target 


Target Audience Vulnerability Audience Action(s) Themes Messages 


People in Security from Halt violent Violence does not Violence does 
Village X. villagers in Town Y. | demonstrations. solve any not improve your 


problems. situation. 


Further violence 
will lead to the 
withdrawal of 
coalition aid and 
support. 


Figure 2-9. Example message development matrix 


PREPARING FOR A FACE-TO-FACE MEETING 


2-63. Conducting planned and unplanned engagements with the local populace and their leaders requires 
preparation to be effective. Time spent researching the target, anticipating requests and issues, and 
rehearsing the meeting often pays high dividends. Units conducting operations among the local populace 
should assume engagements will occur and prepare for them prior to the mission. Lack of preparation may 
lead to embarrassing situations that have the potential to diminish the effectiveness of friendly forces and 
create an advantage for the adversary. 


2-64. Leaders should consider the following, when preparing for a key-leader engagement or planned 
meeting: 
e Identify upcoming meeting. Meetings may occur because of— 


a A recurring schedule. Unit leaders often have schedules for reoccurring meetings, such as 
weekly city council meetings or occasional sit-downs with elected officials, clan or familial 
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leaders, or tribal sheikhs. These meetings present a preplanned opportunity to conduct a 
key-leader engagement. 

=m Direction from higher HQ. A higher HQ may direct a unit to engage a specific leader or 
group to support its objectives. Units should incorporate higher HQ directions into the 
existing schedule of meetings. 

a Mission planning. During mission planning, key-leader engagements may be identified as 
part of the operation. These engagements may have to be conducted outside the normal 
schedule of meetings. 

= Requests from local leaders. Local leaders sometimes seek a meeting to address specific 
concerns or emergencies. When arranging these meetings, always consider the importance 
of pairing the right military leader with the right civilian leader. Leaders should be very 
cautious about giving access to relatively insignificant or noninfluential civilian leaders 
who may try to gain access to senior military leaders. 


Note. After identifying a meeting, leaders should determine an appropriate location for the 
meeting. If hosting the event, leaders ensure the area is presentable and cleared of any 
operational information. They ensure the location is quiet and away from disturbances such as 
phones or radios. 


e Identify target-audience characteristics. Gather as much information about the local leader as 
possible (for example, proper name and title, approximate age, family members, ethnicity, 
language spoken, and relationships to other leaders, friendly forces, third-party organizations, 
and the adversary). One way to obtain this information and prepare for a meeting is to consult 
personnel who have met with the person before. It is important to continually refine and update 
background information based on experience with the individual. Characteristics of the local 
leader that are good to know include— 

» Language spoken. Identifying the leader's language may be difficult if multiple languages 
and dialects are spoken in the operational area, all of which could require different 
interpreters. 

a  Education/literacy level. Level of education may determine which form of the language the 
local leader speaks. Many languages have a colloquial version and a more formal textbook 
version (often referred to as high or formal). Knowing the individual's level of literacy may 
impact on decisions to leave written products during the meeting. 

=» Customs and etiquette. Identifying unique customs and proper etiquette prevents awkward 
moments during the meeting. 

= Attitudes. Understanding the local leader's attitudes toward military forces and toward 
other organizations and groups in the AO helps to avoid a tense discussion. Plan a strategy 
to overcome the leader's negative perceptions. 

= Key advisors. Knowing the local leader's key advisors facilitates follow-on discussions and 
may bridge gaps that cannot be resolved with the target directly. Advisors are also helpful 
in gauging the leader's perceptions of U.S. forces and of the results of the meeting. 

e identify target-audience concerns. Every individual engaged has some key concerns that may be 
raised during the meeting. Being prepared to address these concerns will greatly facilitate 
communication. Some of the local leader's concerns may include— 

m Local conditions. Religious, public health, crime, and economic issues in the key leader’s 
AO may impact the dialogue during the engagement. 

=m X Needs. The local leader will probably discuss the needs of his followers. Needs can be the 
basic requirements of food, water, and shelter, or they can be more complex— political 
power-sharing, contact between the populace and U.S. forces, or getting help with 
reconstruction or security matters. Anticipating the leader's concerns allows the U.S. leader 
to plan resources that can enhance cooperation. 
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a Religious, political, and economic viewpoints. Conditions in the operating area may shape 
religious, political, and economic viewpoints, but viewpoints vary depending on the 
individual. Knowing the local leader's viewpoints makes it easier to address or avoid 
sensitive topics that may detract from the meeting. This does not mean that these topics 
should be avoided, but in general it is best to avoid sensitive topics until one is more 
familiar with the target audience. 

e Review previous meetings. Notes, comments, and debriefings from previous meetings with the 
key leader may indentify previous agreements made with the local leader and reoccurring topics that 
are likely to be raised at the meeting. For example, if during previous meetings with a city mayor, 
the mayor asked for more money at each meeting, chances are that he will ask for money again. 

e Identify end state. Typically, the engagement’s end state is the action (or, at times, the inaction) 
friendly forces want the target to take. For example, the unit may want a leader to actively 
support Army recruiting or a religious leader to stop encouraging violence. 

e Develop messages. Develop tailored messages that support the engagement's end state and 
address the key leader's vulnerabilities. When possible, use already approved messages. Review 
MISO themes to stress and avoid. 

e  War-game responses and reactions. Develop appropriate counteractions to the key leader's most 
likely responses and possible demands. 


e Develop meeting exit strategy. Have an exit strategy so the meeting can end tactfully. 


2-65. Leaders can use a face-to-face engagement work sheet (Figure 2-10, page 2-25) to plan critical 
aspects of key-leader engagements. When kept current, the work sheets are a useful planning tool for 
future engagements with the same target. Commanders and leaders should also rely heavily on assigned or 
appropriate themes and messages for reinforcement during the engagement. MIS forces habitually do target 
audience analyses on various individuals, groups, and factions within their assigned AO and are skilled at 
planning operations to influence. 


CONDUCTING A FACE-TO-FACE ENGAGEMENT 


2-66. The following guidelines can help ensure a productive engagement. The spokesman should— 


e Position himself immediately next to the engaged key leader and designate a second person to be 
a recorder. 


e Establish rapport with the target audience. The spokesman uses a greeting phrase in the native 
language, when possible. The spokesman arranges for seating and offers something to drink for 
the meeting. 


e Introduce everyone in the party and record the names and positions of everyone in attendance. 


Avoid rushing through the meeting. The spokesman plans for enough time to accommodate the 
culture and avoids making the target audience feel they are low on the priority list. The 
spokesman is prepared for small talk before discussing business. He takes cues from the target 
audience. 


Ask permission to take photos of the target audience. 


Apologize in advance for any cultural mistakes made. The spokesman assures the target audience 
that he does not mean to offend and asks that the target audience identify any mistakes made. 
The spokesman is careful about telling jokes; they can backfire when translated. 


Avoid restricted topics and confrontational attitudes. 
Never assume that the target audience does not speak or understand English. 


e Always maintain eye contact with the person he is speaking with, not the translator. The 
translator is his voice. The spokesman communicates through the translator, not to him. He 
watches the target audience's gestures, eyes, and body language, not those of the translator. 


e Speak in short clips. He should not recite a long paragraph and expect the translator to accurately 
convey the message. The target audience should feel like he is being conversed with, not being 
lectured to. He should remember that one to two sentences at a time is a good rule. 


e Avoid using acronyms, slang, and idioms. He should keep the language simple. 
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Treat all members of the target audience with courtesy and respect. 
Avoid making or implying promises that cannot be kept. 


e Avoid elevating his position or embellishing his authority. Although he certainly may have to 
check with higher authorities before making promises or decisions, using it as an excuse too 
often may decrease the target audience's respect for him as a leader. 


e Use open-ended questions to facilitate discussion. Yes or no answers tend to be incomplete and 


inaccurate. 


e Be aware of the body language from all parties. He ensures that the body language does not 


negate the message. 


e Recap what has been said, as the meeting closes, and clarify expected actions by both parties. 


Target: Date-Time Group: Location: 
Intended target is John Smith. 210900DEC11 FOB Bragg, Building 2, Room 123 


Characteristics: 


Records from previous meetings indicate John Smith is a stern tribal leader. Research shows him to be supportive of 
U.S. interests, but he has been known to support operations against U.S. forces when it benefits him personally. A 
number of Smith's acquaintances verify this information. Meeting will be limited to one hour. 


Environment and Concerns: 


Meeting at FOB Bragg is a friendly environment. Our 
goal is to provide assurance to Smith that the United 
States will support him upon his return to the tribal 
region. 


Desired End State: 
Reconfirm to Smith that the United States will continue 


to support his tribe by providing a detachment to 
support training against insurgency. 


Anticipated Reaction/Issues: 


Smith's reaction should be positive provided he is 
affirmed of continued U.S. support for his tribe. As an 
issue, it is anticipated that Smith will request monetary 


compensation for the families of wounded and killed 
tribal members. 


Meeting Strategy: 


Meeting rehearsal is scheduled for 200900DEC11. The 
team leader and team sergeant will negotiate on behalf 
of the United States. Participants should be firm, but 
respectful. Negotiation will occur with Smith only. 
Samples of products will be provided. Promises of 
support must remain in keeping with commander's 
guidance. 


Attendees: 


Previous Meetings: 


Previous meetings have been cordial and show Smith 
appears to support U.S. interests. Smith has indicated a 
desire to partner with U.S. forces in the tribal region. 


Themes/Messages: 


The message Smith must receive is that the United 
States will continue to provide support for training and 
combat operations. Posters and pamphlets clarifying this 
support will be provided to Smith upon his departure. 


Response: 


Previous meetings indicate that Smith is a hard 
negotiator, and will initially request more than the United 
States is prepared to offer. Negotiators must remain 
steadfast in limiting promised support to that which is 
deemed appropriate. 


Exit Strategy: 


Time limit for the meeting is set at 1 hour. The code word 
DISCONTENT will be used to end the meeting. 


Scheduled attendees include John Smith, his aide (Michael Jones), the team leader, team sergeant, and intelligence 
sergeant. The intelligence sergeant will maintain a list of additional attendees, including approximate age, home 


town, contact information, profession, and demeanor. 
Notes: 


Team will conduct after-action review immediately following the meeting to compare notes and ensure an accurate 
understanding. Final report will be submitted to Colonel Jackson not later than 220900DEC11. 


Follow-up Actions: 


Meeting notes and after-action report will be provided to all detachments in 
the area. Any required coordination with higher will occur within 10 days of 


the conclusion of the meeting. 


Next Meeting: 


Next meeting is scheduled for 
200900JAN12. 


Figure 2-10. Example of a face-to-face engagement work sheet 
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CHANCE ENCOUNTERS AND CONTACTS 


2-67. During a chance encounter or contact with the target audience, the leader of the unit should conduct 
the face-to-face engagement based upon a preplanned battle drill, to include: 


e Security. Protect both friendly troops and the target audience. 

e Time. Limit the length of the engagement. Establish a codeword for when it is time to end the 
meeting. 

e identify the local leader. Ask who is in charge and talk to him. Otherwise, select a maximum one 
or two people to talk with. Do not distribute anything to the populace without the local leader's 
permission. 

e Take notes. Get names of all people contacted, approximate ages, hometowns, businesses or 
activities, subjects covered, demeanor toward friendly forces, and any particular concerns of the 
target audience. 

e Establish rapport. Offer the target audience refreshment (such as a bottle of water) and move to a 
comfortable location. Sit if possible. 

e Focus. Stay on message by communicating the command’s messages. 

Report. Report contacts with local leaders up the chain of command to ensure that an accurate 
picture of the situation is developed. 


WORKING WITH TRANSLATORS 


2-68. Translators should be treated as a part of the unit. The better the translator is integrated into the unit, 
the better the translator's performance. Leaders must ensure translators are used for translation duties only. 
Using them for other activities may violate their contract. An example of misemployment is using a 
translator to run errands in town. However, sending the translator to town to coordinate a meeting for a 
U.S. official is allowed. A good rule of thumb is if the translator is acting as the leader's official voice, the 
action is legal. 


2-69. Leaders must know each translator's strengths and weaknesses. The lives of Soldiers may be in the 
translator's hands. Translators should speak in first-person, remain nearby during engagements with the 
populace or key leaders, carry a notepad and take notes, project clearly, and mirror the leader's vocal 
stresses and overall tone. 


2-70. The translator should be allowed rest periods to collect his thoughts. Meal meetings are especially 
challenging for a translator. Leaders should allow the translator to eat during or after the meeting. 


2-71. Leaders must rehearse with the translator. If a translator performs poorly, it affects the target 
audience's perceptions of friendly forces. Rehearsals verify the translator's abilities, help identify words 
the translator may not know, and ensure the translator understands the overall message to be conveyed. 
This is especially important with complex, new, or sensitive issues. 


2-72. The translator should be briefed on expected behavior. Leaders must recognize that translators are 
often seen as a representative of the command. All aspects of translator behavior must be kept professional 
and ethical, regardless of nationality or ethnicity. If operational details are briefed to the translator during 
the mission rehearsal, leaders should consider having the translator remain on the base camp until 
execution. Also, the translator should not have a cellular telephone or other communication device. 


2-73. When using a translator, a leader must always maintain eye contact with his counterpart and not the 
translator. The leader communicates through the translator—not to the translator. The target audience 
should be observed for changes in gestures, postures, and body language. Leaders should speak in short 
clips—it is difficult to recite a long paragraph and expect the translator to accurately convey the intent. 


COUNTERING ADVERSARY INFORMATION ACTIVITIES 


2-74. Countering adversary information consists of programs of products and actions designed to nullify 
information for effect, misinformation, disinformation, and propaganda or to mitigate the effects of the 
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information. Successful operations to counter adversary information require the use of all IO and other 
capabilities. 


2-75. All elements of IO can and will support the operations to counter adversary information plans, but 
the focal point for such operations should remain with PA forces. Adversary information is used to 
describe information and activities used by an adversary or enemy, in peacetime and wartime, to 
undermine the legitimacy of operations and the credibility of the force. Previously the term propaganda 
was used to describe all forms of adversary information. The evolution of media forms and capabilities has 
made the term propaganda too limiting in describing how information is used by adversary states and 
nonstate actors to gain an advantage in the global information environment. To better clarify the use and 
application of adversary information this manual divides adversary information into the following four 
categories: 


e Information for effect. Information for effect involves the use, publication, or broadcast of factual 
information to negatively affect perceptions and/or damage credibility and capability of the 
targeted group. Examples of uses of information for effect involve the premature announcement 
of collateral damage caused by friendly forces, reporting or images of the results of insurgent 
attacks on friendly forces, or release of captured sensitive, or classified information. 


e Propaganda. Any form of adversary communication, especially of a biased or misleading nature, 
designed to influence the opinions, emotions, attitudes, or behavior of any group in order to 
benefit the sponsor, either directly or indirectly (JP 1-02). 


e Misinformation. Incorrect information from any source that is released for unknown reasons or to 
solicit a response or interest from a nonpolitical or nonmilitary target (FM 3-13). 


e Disinformation. Information disseminated primarily by intelligence organizations or other covert 
agencies designed to distort information or deceive or influence U.S. decisionmaker, U.S. forces, 
coalition allies, key actors, or individuals via indirect or unconventional means (FM 3-13). 


Countering Adversary Information in Iraq 
In the early part of 2009, U.S. forces were beginning to transfer bases to Iraqi 
Security Force control. During the planning of the transfer, a vulnerability was 
identified that enabled insurgent groups to exploit information and claim they had 
driven U.S. forces out of the bases. In the north, the Islamic State of Iraq propaganda 
efforts were active and could exploit upcoming transfers. 


The SFODA identified Islamic State of Iraq activity in the vicinity of a future base 
transfer. The SFODA, in concert with the SOTF, developed a plan with conventional 
forces to counter Islamic State of Iraq propaganda and highlight the upcoming 
transfer to Iraqi Security Forces using multiple information capabilities, to include 
key-leader engagement, PA, PSYOP, and Iraqi Security Force engagement of 
media. This aggressive information operation with significant Psychological 
Operations support informed the population of the purpose for the base transfer, 
countered Islamic State of Iraq propaganda, and discredited Islamic State of Iraq in 
the area. 


2-76. For the purposes of IO, adversary information justifies actions and bolsters legitimacy of an 
adversary. By communicating with the populace and, at times, friendly forces, the adversary offers a 
window into its philosophy, goals, objectives, and operations. Therefore, adversary information may 
provide a useful insight into how to defeat the adversary. Some of the more commonly used techniques 
include the following: 
e Name-calling. This describes the use of a name or word to connect a person to something 
negative (for example, Muslim extremists describing or terming Westerners as Crusaders). 
e Glittering generalities. This describes the twisting of the meaning of a word that has great 
symbolic value (for example, terming terrorist attacks as a jihad). 
e  Euphemisms. This describes the use of a milder word to make a situation seem less threatening 
(for example, “revenue enhancement" to describe a tax hike). 
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e Transfer. This describes the use of symbols to associate an agenda with a respected institution 
(for example, placing official letterhead on a piece of disinformation). 

e Testimonial. Testimonials add credibility to a position (for example, using celebrities to testify 
on political issues). 

e  Bandwagon. This describes a technique which plays on the desire of people to fit in (for 
example, 7 of 10 workers prefer candidate X). 


e Fear. This describes the manipulating of people's fears to elicit a behavior (for example, without 
jihad, the crusaders will invade your homes). 


2-77. To effectively counter adversary information, it is necessary to understand the environment in which 
the adversary information exists. One way to establish the context of adversary information is to determine 
the interrelationship between information indigenous to the operational area and the culture and history of 
the people. This information is often available in the MISO studies and appendixes to the command's 
operation plan. Furthermore, it is also necessary to identify adversary information from other forms of 
information in the operating environment. Adversary information is often subtle and nuanced, and may be 
mixed in with misinformation and disinformation. To separate propaganda, it is necessary to identify 
adversary capabilities to develop and spread propaganda, as well as the receptiveness of the target audience 
to the adversary's lines of persuasion. This is typically a MISO task, conducted using the source-content- 
audience-media-effects analysis technique for individual pieces or instances of opponent propaganda and 
series analysis to determine the operational impact. Source-content-audience-media-effects analysis 
requires thorough analysis and resources normally found with the MIS elements at the JSOTF level. IO 
planners can facilitate this analysis by assisting intelligence and MIS personnel in the collection of 
suspected propaganda. A simple description of source-content-audience-media-effects is as follows: 

e Source. Identify the originator or sponsor of the propaganda. 

e Content. Identify the line(s) of persuasion used (the message and the source's desired effect). 


e Audience. Identify the audiences targeted by the source and actually reached by the propaganda. 
This step is critical to countering adversary IO planning. 


Media. Identify the medium used and why that particular medium was selected by the source. 


e Effects. Determine the impact of the opponent’s propaganda on the target audience. Try to 
determine whether the propaganda has caused attitudinal or behavioral change. 


2-78. A possible staff solution to the problem of countering adversary information activities is to form a 
working group of personnel from the IO, MISO, PA, and intelligence staffs who can fuse propaganda 
analysis and media analysis with the current intelligence estimate. In general, the working group seeks to 
determine how the adversary affects the content and flow of information in the operating environment, how 
propaganda impacts the various target audiences, and what audience needs are being targeted by the 
propaganda. 


2-79. Countering adversary information activities does not commence upon discovery of adversary 
propaganda. Effective operations to counter adversary information activities proactively seek to mitigate 
propaganda's effects before their onset. 


2-80. Countering adversary information activities is a long-term operation. To mitigate or nullify the 
effects of adversary propaganda, countermeasures must anticipate the adversary's response. Success of this 
effort rests with the ability to correctly direct the capabilities at affecting specific information to the target 
audience. An effective operation to counter adversary information efforts selects the appropriate 
capabilities and determines how these capabilities can be employed to match or overmatch the effects of 
opponent propaganda. Common techniques to counter adversary information include the following: 
e  Forestalling. Forestalling counters possible lines of persuasion prior to the release of propaganda. 
e Conditioning. Conditioning preemptively shapes target audience vulnerabilities prior to exposure 
to propaganda. 
e  Restrictive measures. Restrictive measures deny the intended target audience access to the 
propaganda. 
e Direct refutation. Direct refutation rebuts the propaganda point-for-point. 
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e Indirect refutation. Indirect refutation questions the validity of some aspect of the opponent's 
argument. 

e Diversion. Diversion diverts attention by presenting more important or relevant themes to the 
target audience. 


Imitative deception. Imitative deception alters the propaganda to degrade its impact. 
Silence. Silence offers no response to the propaganda. 


Minimization. Minimization acknowledges selected elements of the propaganda while 
downplaying the importance of the content. 


2-81. It is unlikely that any one set of countermeasures will apply a complete solution. The effects of 
opponent propaganda and friendly countermeasures will likely develop in a nonlinear fashion; hence, a 
constant process of analysis and application is necessary. It is unlikely that any one set of countermeasures 
will apply a complete solution. The effects of opponent propaganda and friendly countermeasures will 
likely develop in a nonlinear fashion; hence, a constant process of analysis and application is necessary. To 
do this, IO planners must monitor any effects produced by the countermeasures, changes to the operating 
and information environments, and adversary responses to the countermeasures. Then, if applicable, IO 
planners reengage the target audiences with new countermeasures. Although there is no doctrinal 
methodology for countering propaganda, the following steps can be used: 

e Analyze target audiences. Understand the environment, the operational area, the inhabitants, the 
culture, and the adversary. 

e Analyze propaganda. Establish a collection plan to identify and collect adversary propaganda. 
Use the source-content-audience-media-effects process to analyze. 

e Analyze media affecting the environment. Identify media in AO and then determine its bias and 
use by adversary for propaganda purposes. 

e Apply countering adversary information measures. Compare the propaganda analysis to the 
various capabilities and countering adversary information techniques and then apply appropriate 
countermeasures. 

e Monitor. Evaluate the effects of the countering adversary information measures. 


REWARDS PROGRAMS 


2-82. The Department of Defense Rewards Program pays rewards to persons for providing USG personnel 
with information or nonlethal assistance that is beneficial to— 

e An operation or activity of the Armed Forces or of allied forces participating in a combined 
operation with allied forces conducted outside of the United States against international 
terrorism. 

e Force protection of the Armed Forces or allied forces participating in a combined operation with 
U.S. Armed Forces. 


2-83. There are two types of Department of Defense rewards: 

e  Preapproved rewards allow a geographic combatant commander to nominate individuals or items 
to be placed on the Secretary of Defense preapproved rewards list for rewards in amounts that 
are in excess of the authority delegated to combatant commanders. 

e Regular rewards paid to individuals providing the information after the target has been 
prosecuted and a monetary value established. 


2-84. The Department of Defense Rewards Program can be used for information leading to the killing or 
capture of high-value individuals, the recovery of weapons caches, or information of impending attack on 
U.S. forces. Rewards can be paid in monetary funds or barter items. It cannot be used for weapons buyback 
programs, running an intelligence program, paying intelligence-source salaries, deceased persons (for 
example, an assassination program), or paying for illegal drugs (for example, a poppy, heroin, or cocaine 
buying program). 
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2-85. Rewards programs can be a potent asset to IO used to shape the information environment and 
provide a conduit to pass messages to the populace and the adversary. Examples of how rewards can be 
used for the purposes of IO include the following: 

e Key-leader engagement. Rewards can be used as a means to establish working relationships and 
build influence with key leaders who have influence in their communities. Rewards can be used 
to bolster a key leader's position in their community. 

e Influence local population. Rewards can be used to convince the local populace they can help 
control the local security situation. They can receive cash rewards for turning in weapon caches 
and insurgents that cause insecurity in their communities. 

e Message insurgent leaders and fighters. Rewards can be used to send messages that affect 
adversary perceptions and decisionmaking. Placing a preapproved reward on a mid-level 
insurgent leader and then saturating his operating area with wanted posters and handbills may 
curtail his ability to move and conduct operations. 

e Rewards as part of deception. Deceptive information about rewards can be used to conceal 
friendly TTP. Messages can be disseminated that insurgents are being captured because they are 
being turned in for rewards and not by friendly collection assets. The success of the reward 
program can be highlighted through MISO products, key-leader engagements, and the “rumor- 
mill." 

e Rewards as a divisive tool. As rewards are paid to individuals concurrent with the kill or capture 
of high-value individuals, friction can be created within an enemy network as members consider 
who may be leaking information, intentionally or unintentionally, that places the network at risk. 


CIVIL-MILITARY OPERATIONS 


2-86. CMO establish, maintain, influence, or exploit relations between military forces, governmental and 
nongovernmental civil organizations, and the local populace. CMO contribute to shaping the operational 
area by focusing on civil aspects of the mission, their impact on military operations, and the impact of 
military operations on the civilian populace. A supportive civilian population can provide resources and 
information that facilitate friendly operations. As is the case with PA, CMO rely heavily on credibility with 
local leaders and the populace. CA forces are the designated forces and units organized, trained, and 
equipped to support the commander in planning and conducting CMO. 


2-87. CA forces are structured to support JSOTF operations at the strategic, operational, and tactical levels 
while maintaining regional focus. The concept of CA support to the JSOTF is that a CA battalion (minus) 
with two CA companies supports the JSOTF. The CA battalion CA planning team is collocated with the 
JSOTF HQ to assist in CMO planning within the joint special operations area. A CA company HQ will be 
collocated with each SOTF and is capable of providing a civil-military operations center (CMOC) outside of 
each SOTF. A CA team is designated to support each SF advance operational base, as directed. The remaining 
CA teams are designated as a surge capability for the SOTF commander. 


2-88. The CMOC is a standing capability formed by all CA units. The CMOC serves as the primary 
coordination interface for the U.S. armed forces and indigenous populations and institutions, humanitarian 
organizations, intergovernmental organizations, nongovernmental organizations, multinational military 
forces, and other civilian agencies of the USG. The CMOC facilitates continuous coordination among the 
key participants with regard to CMO and CAO from local levels to international levels within a given 
operational area, and develops, manages, and analyzes the civil inputs to the common operational picture. The 
CMOC center is the operations and support element of the CA unit as well as a mechanism for the 
coordination of CMO. 


2-89. CA teams are typically four-Soldier elements consisting of a team leader, team sergeant, engineer, 
and medic. Besides planning, coordinating, and supporting civil reconstruction projects, CA teams can 
conduct medical civilian action programs, veterinary civilian action programs, and humanitarian assistance 
missions to provide quick-impact contributions to local populace quality of life. A CA teams’ performance 
in a given area can affect the public perception in the local area. MISO can support these with radio 
broadcasts and other means to advertise the events and later exploit their success. PA can also exploit the 
success of these missions through press releases. It may be useful to attach COMCAM to a CA team to 
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document civil contributions or to provide photographs for intelligence analysis. If COMCAM assets are 
not available, any available Soldier with knowledge of the command's intent for the photographs may take 
pictures. 


2-90. If friendly-force military operations create collateral damage and casualties among the populace, CA 
teams may conduct consequence management to mitigate the negative impact of such operations on the 
populace through payments or other types of reimbursement. The unit's CA officer may be a conduit to a 
provincial reconstruction team or other similar entities that have developed relationships with local leaders. 


PUBLIC AFFAIRS 


2-91. PA units provide timely and accurate information so that both U.S. and international audiences may 
assess and understand the facts concerning military operations. PA units have the following 
responsibilities: 
e Internal. PA provides command information to inform the force and counter effects of adversary 
propaganda and misinformation. 
e External. PA provides information regarding military operations to external agencies, 
governments, media, and populaces. 


2-92. Although PA personnel strive to be separate from IO, there is no denying the impact of timely, 
relevant PA press releases on a given audience. This impact can be multiplied substantially and used to 
support command objectives when PA personnel are included in IO planning and able to prepare 
consequence-management activities by preparing press releases beforehand. 


2-93. Adversary forces may review PA release information to cue intelligence and provide battle damage 
assessments. Additionally, PA may be an information conduit to adversary decisionmakers. Extreme care 
should be taken when employing PA, as successful and effective public relations depends on credibility, 
and credibility relies on truthful reporting. PA can support IO by— 

e Getting ahead of enemy propaganda with the truth. 

e  Countering adversary misinformation and disinformation by publishing accurate information. 

e Ensuring media awareness of the implications of premature release of certain information. 

e Playing a key role in establishing ground rules for embedded reporters. 


2-94. MISO and PA are separate capabilities that support the commander's objectives. Coordination must 
be conducted between both. For IO planners, it is important to understand that rural populations generally 
do not have access to PA release material. Further, PA is wholly dependent on local, regional, and 
international media to carry their messages. These rural and isolated groups are best informed through MIS 
assets, which do have organic production and dissemination capabilities. IO planners can facilitate this by 
ensuring PA releases and articles are sent to MISO planners for dissemination to the local populace. PA 
planners should review and deconflict messaging with MISO planners to ensure that tactical, operational, 
and strategic messages are mutually supporting or, at the very least, not contradictory. 


Note. The best way to influence the populace through themes and messages is to use the most 
influential people in the area—the key communicators. Local leaders, FID partner forces, and 
religious leaders are just some examples of the types of personnel who can spread the message 
amongst the populace. Whoever is viewed as the most influential, trustworthy source (key is 
credibility of the messenger) should be the individual serving as a conduit to the target audience. 


DEFENSE SUPPORT TO PUBLIC DIPLOMACY 


2-95. DSPD are those activities and measures taken by Department of Defense components to support and 
facilitate public diplomacy efforts of the USG. DSPD is a key military role in supporting the USG's 
strategic communication program. It includes peacetime military engagement activities conducted as part 
of the combatant commanders' theater security cooperation plans. 
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2-96. The focus of defense support to the public diplomacy is to understand, engage, influence, and inform 
critical foreign audiences through words and actions to foster understanding of U.S. policy and advance 
U.S. interests. The decisions and actions executed by the SFODA on the ground can have a profound effect 


on U.S. public diplomacy efforts. 


2-97. Figure 2-11, pages 2-32 through 2-35, and Figure 2-12, pages 2-36 through 2-38, provide an overview 
of IO capabilities. Figure 2-13, pages 2-39 and 2-40, outlines the support roles of IO, CMO, and PA. 


OPSEC Supports By: 


Concealing competing observables. 
Degrading general situation information to enhance effect of 


MILDEC observables. 
e Limiting information and indicators that could compromise military 
deception operations. 
e Concealing contradicting indicators while conveying selected information 
MISO and indicators. 


Ensuring products do not contain classified information. 


Physical Destruction 


Concealing friendly delivery systems from enemy offensive IO until it is 
too late for the adversary to react. 


Denying information to the enemy on the success of offensive IO. 


EW 


Concealing EW units and systems to deny information on extent of EA 
and EW support capabilities. 


Physical Security 


Concealing EEFI. 
Reducing the activities requiring physical security. 


Hiding tools of physical security, thus preventing adversary from gaining 
access. 


IA e Concealing physical and electronic information system locations. 
CI e Ensuring EEFI are concealed from enemy collection assets. 
Computer Network Attack : “yd 

(CNA) e Concealing CNA capabilities. 

CND e Denying enemy knowledge about CND capabilities. 


MILDEC Supports By: 


Influencing adversary not to collect against protected units/activities. 


OPSEC e Causing adversary to underestimate friendly operations security 
capabilities. 
MISO e Providing information compatible with MISO theme. 


Physical Destruction 


Influencing adversary to underestimate friendly physical-destruction 
capabilities. 


Influencing adversary to defend C2 element/systems that friendly forces 
do not plan to destroy. 


EW 


Influencing adversary to underestimate friendly EA and EW support 
capabilities. 


Physical Security 


Masking troop activities requiring safeguards. 


Overloading adversary intelligence and analysis capabilities. 


IA 
e Protecting and defending friendly information systems. 
cl e Giving the adversary a cover story so his intelligence system collects 
irrelevant information. 
CNA e Providing MILDEC targets and deception stories to enhance CNA. 
Figure 2-11. Mutual support within information operations capabilities 
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MILDEC Supports By (continued): 


e Causing the enemy to believe U.S. CND defense is greater than it 
CND actually is. 
e Causing the enemy to believe all CND tools are in place. 
MISO Supports By: 
e Disseminating rules of engagement. 
OPSEC e Assisting in the countering of propaganda and misinformation. 


Minimizing resistance and interference by local population. 


Creating perceptions and attitudes that MILDEC can exploit. 
MILDEC e Integrating MISO actions with MILDEC. 
e Reinforcing the deception story with information from other sources. 


Physical Destruction 


Causing populace to leave targeted areas to reduce collateral damage. 


Broadcasting MISO products into adversary civilian and military 
EW frequencies. 


e Developing messages for broadcast on other service EW assets. 


Physical Security e Targeting adversary audiences to reduce the need for physical security. 


IA e Enhancing the ability of IA in the minds of the enemy. 


e Providing messages in enemy decisionmaker's mind that can be 
revealed by CI to determine enemy true intentions. 


Convincing enemy to not do something by describing effects of a CNA if 
CNA they take undesirable actions. 


e Providing MISO messages for dissemination by CNA means. 


CND e Providing information about nonmilitary threat to computers in the AO. 
Physical Destruction Supports By: 


OPSEC e Preventing or degrading adversary reconnaissance and surveillance. 

MILDEC e Conducting physical attacks as deception events. 

ME e Degrading adversary's ability to see, report, and process information. 
e Isolating target audience from information. 

EW e Destroying adversary C2 targets. 


e Reducing physical security needs by attacking adversary systems able to 


able ESET oa) penetrate information systems. 


Attacking adversary systems capable of influencing friendly information 


l^ systems availability and integrity. 

CI e Destroying appropriately nominated adversary collection assets. 

CNA e Supplementing computer network attack by destroying or degrading hard 
targets. 

CND e Destroying or degrading enemy CNA facilities before they attack friendly 


computers. 


EW Supports By: 


Degrading adversary electromagnetic intelligence, surveillance, and 
OPSEC reconnaissance operations against protected units and activities. 


e Creating barrier of white noise to mask unit maneuvers. 


Using EA and EW support as deception measures. 


Degrading adversary capabilities to see, report, and process competing 
observables causing the enemy to misinterpret information received by 
electronic means. 


MILDEC 


Figure 2-11. Mutual support within information operations capabilities (continued) 
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EW Supports By (continued): 


MISO 


Degrading adversary's ability to see, report, and process information. 


Isolating target audience from information and herding that target 
audience onto MISO broadcast frequencies. 


Physical Destruction 


Providing target acquisition through EW support. 


Physical Security 


Using electronic protection to safeguard communications used in 
protecting facilities. 


IA e Using electronic protection to protect equipment. 

CI e None. 

CNA e Supplementing CNA with EA. 

CND e Using electronic protection to protect personnel, facilities, and 


Physical Security Supports By: 


equipment. 


OPSEC e Protecting operation plans and operation orders. 
MILDEC e Restricting access by level of security and number of personnel. 
MISO e Protecting inventory of sensitive products to prevent premature 


dissemination of messages. 


Physical Destruction 


Safeguarding availability of information systems to use in physical 
destruction. 


EW e Safeguarding equipment used in electronic warfare. 
IA e Safeguarding information systems by implementing security procedures. 
cI e Safeguarding personnel, and preventing unauthorized access to 

equipment, installation, materiel, and documents. 

e Safeguarding information systems from sabotage, espionage, damage, 

CNA 

or theft. 
CND e Determining applicable risk and threat levels. 


IA Supports By: 


OPSEC e Ensuring information system confidentiality. 
MILDEC e Providing information system assets for conducting MILDEC operations. 
MISO e Ensuring availability of information systems for MISO. 


Physical Destruction 


Ensuring information systems are available for physical destruction 
tasks. 


EW e Ensuring EW assets are available. 

Physical Security e Providing for information system authentication. 

Cl e Ensuring information systems are available to conduct Cl. 
CNA e Ensuring links with higher HQ to pass CNA. 

CND e Taking actions to ensure availability, integrity, authentication, 


CI Supports By: 


confidentiality and nonrepudiation of computer. 


OPSEC e Countering foreign human-intelligence operations. 
e Countering foreign human-intelligence operations. 
MILDEC e Identifying threat intelligence, surveillance, and reconnaissance 
capabilities. 
MISO e None 


Figure 2-11. Mutual support within information operations capabilities (continued) 
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CI Supports By (continued): 


Physical Destruction e None. 
e Providing electronic countermeasures. 


EW e Conducting countersignal operations to allow broadcast of MISO 
messages. 

Physical Security e Countering foreign human-intelligence operations. 

IA e At certain echelons, helping ensure information integrity. 

CNA e Confirming results of CNA. 

CND e Detecting, identifying, assessing, countering, and neutralizing enemy 


intelligence collection. 
OPSEC e Attacking enemy computers before they can detect U.S. EEFI. 
MILDEC 
MISO e None. 


e Attacking selected targets by nonlethal means, which allows lethal 
attacks on other targets. 


EW e Using with EA. 


e Conducting risk assessment to determine consequence of second- and 
third-order computer network attack effects. 


Providing the deception story through computers. 


Physical Destruction 


Physical Security 


Attacking enemy computers before the enemy attacks friendly 


ie computers. 

Cl e Exploiting enemy intelligence collection. 

CND e Attacking the enemy's ability to attack friendly computers. 
OPSEC e Detecting enemy attempts to acquire information. 

MILDEC e Protecting the MILDEC plan resident inside computers. 

MISO e Preventing the compromise of MISO message before release. 


Physical Destruction 


Protecting fire support C2 systems. 


EW e Using in conjunction with electronic protection. 

Physical Security e Erecting firewalls to protect intrusion into networks. 

IA e Supporting information assurance of information passed via computer 
networks. 

cl e Detecting, identifying, and assessing enemy collection efforts against 
computers. 

CNA e Protecting CNA weapons from enemy detection. 

Figure 2-11. Mutual support within information operations capabilities (continued) 
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OPSEC Can Conflict By: 


MILDEC 


Limiting information that can be revealed to enhance deception story 
credibility. 


MISO 


Limiting information that can be revealed to develop MISO messages. 


Physical Destruction 


Limiting information that can be revealed to enemy to develop targets. 


EW 


Electronic protection and operations security may have different goals. 


Physical Security 


Should be no conflict. 


IA 


Should be no conflict. 


Cl: e Should be no conflict. 
CNA e Should be no conflict. 
CND e Should be no conflict. 


MILDEC Can Conflict By: 


OPSEC e Revealing information OPSEC normally seeks to conceal. 
e Limiting MISO theme selection. 
MISO e Limiting information that can be revealed to develop military information 


themes. 
Undermining the credibility of overt messages and other MISO efforts. 


Physical Destruction 


Limiting targeting to allow survival and conduct of critical adversary C2 
functions. 


EW 


Limiting EA targeting of adversary information systems to allow survival 
and conduct of critical adversary C2 functions. 


Physical Security 


Negating the deception story by physical security preventing 
transmission of a realistic deception story. 


Presenting data the enemy will believe versus assuring data is not 


OPSEC 


IA : 
revealing to enemy. 

cl e Giving the adversary a cover story that inadvertently supports his 
collection plan. 

CNA e Should be no conflict. 

CND e Should be no conflict. 


MISO Can Conflict By: 


Revealing information OPSEC normally seeks to conceal. 


MILDEC 


Limiting deception story selection if deception story contains untruths. 


Physical Destruction 


Limiting targeting of adversary C2 infrastructure to allow conveying of 
MISO messages. 


EW 


Limiting EA against adversary communications frequencies to allow 
MISO messages to be conveyed. 


Physical Security 


Should be no conflict. 


IA e Should be no conflict. 
CI e Should be no conflict. 
CNA e Should be no conflict. 
CND e Should be no conflict. 
Figure 2-12. Potential conflicts within information operations capabilities 
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Physical Destruction Can Conflict By: 


OPSEC e Causing firing systems to reveal their locations. 


e Limiting selection of deception means by denying or degrading elements 
MILDEC of adversary C2I command infrastructure necessary to process 
deception story. 


e Limiting means available to convey MISO messages by denying or 


MISO degrading adversary C2 systems and civilian communications 
infrastructure. 

EW e Limiting opportunities for communications intrusion by denying or 
degrading elements of adversary information systems. 

Physical Security e Limiting access to targeting data (consider need to know). 

IA e Attacking incorrect adversary systems capable of influencing friendly 
information system availability and integrity. 

CI e Destroying insufficient number of adversary collection assets. 

CNA e Should be no conflict. 

CND e Should be no conflict. 

EW Can Conflict By: 

OPSEC e Revealing EW assets prematurely. 

MILDEC e Limiting selection of deception measures by denying or degrading use of 
adversary C2 systems. 

e Reducing frequencies available to convey MISO messages. 

MISO e Jamming military and commercial frequencies used by MISO for 
electronic dissemination. 

Physical Destruction e Limiting targeting of adversary C2 systems. 


Physical Secunt Revealing what physical security is trying to protect (EA). 
y y e Electronic protection should not conflict. 


IA e Should be no conflict. 

CI e Should be no conflict. 

CNA e Should be no conflict. 

CND e Should be no conflict. 

OPSEC e Should be no conflict. 

MILDEC e Reinforcing the deception story. 

MISO e Should be no conflict. 

Physical Destruction e Should be no conflict. 

EW e Deconflicting electronic protection and information assurance. 
Physical Security e Should be no conflict. 

Cl e Having insufficient information systems available to conduct CI. 
CNA e Having no available links with higher HQ to pass CNA requests. 
CND e Should be no conflict. 


Figure 2-12. Potential conflicts within information operations capabilities (continued) 
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CI Can Conflict By: 


OPSEC e Should be no conflict. 

MILDEC e Should be no conflict. 

MISO e Should be no conflict. 

Physical Destruction e Killing sources. 

EW e Needing EW support for other activities. 
Physical Security e Should be no conflict. 

IA e Negating information integrity with ineffective Cl. 
CNA e Should be no conflict. 


Revealing Cl on how networks are protected. 


CNA Can Conflict By: 
e Attacking selected enemy targets may provide information on friendly 


OPSEC ap 
activities. 

MILDEC e Resulting in attacks on wrong target if coordination is not made with 
MILDEC. 

MISO e Preventing the enemy from receiving MISO messages. 


e Attacking same target with nonlethal and lethal weapons wastes both 


day he D ite te time and ammunition. 


EW e Needing to deconflict which systems attack which targets. 


Physical Security 


Revealing computer network attack sources that should be protected. 


IA e Should be no conflict. 
cI ° Attacking enemy computers before exploiting hostile intelligence 
collection efforts. 

CND e Should be no conflict. 

OPSEC e Should be no conflict. 

MILDEC e Reinforcing the deception story. 
MISO e Should be no conflict. 

Physical Destruction e Should be no conflict. 

EW e Should be no conflict. 

Physical Security e Should be no conflict. 

IA e Should be no conflict. 

CI e Should be no conflict. 

CNA e Should be no conflict. 


Figure 2-12. Potential conflicts within information operations capabilities (continued) 
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IO Supported By: 


e Influencing informing populace of civil-military activities and support. 


e Neutralizing misinformation and hostile propaganda directed against civil 
authorities. 


Controlling electromagnetic spectrum for legitimate purposes. 


CMO 


Countering adversary information and protecting from 
misinformation/rumor. 


e Developing EEFI to preclude inadvertent public disclosure. 
e Synchronizing MISO and OPSEC with PA strategy. 

e Ensuring accuracy of information. 

e Maintaining relevance of information. 

e Timeliness of information. 

e Usability of information. 

e Completeness of information. 

e Security of information. 


PA 


DSPD 


e Coordinating guidance to COMCAM teams with commander's 
COMCAM information/objectives. 


e Assisting in expeditious transmission of critical COMCAM images. 


CMO Supported By: 


e Providing information to support friendly knowledge of information 
environment. 


e Synchronizing communications media and assets and messages with 
other information capabilities. 


10 e Coordinating C2 target sets with targeting cell. 


e Establishing and maintaining liaison or dialogue with indigenous 
personnel and nongovernmental organization. 


e Supporting MISO with feedback on MISO themes. 
e Providing news and information to the local people. 


e Providing information on CMOC activities to support PA strategy. 
e Synchronizing communications, media, and message. 


e Identifying, coordinating, and integrating media, public information, and 
HN support. 


PA 


e Providing information to inform interagency elements on local information 
environment. 


e Synchronizing communications media and messages with other IO 
DSPD capabilities. 


e Establishing and maintaining liaison or dialogue with indigenous 
personnel and nongovernmental organizations. 


e Supporting DSPD with feedback on strategic communications themes. 


marie e Using COMCAM capabilities to record priority civic action projects. 
e Synchronizing imagery assignments with COMCAM team leader. 


PA Supported By: 


e Coordinating with IO planners to ensure a consistent message and 
maintain OPSEC. 


e Supporting counter adversary information. 


10 
e Providing assessment of effects of media coverage to OPSEC planners. 
e Providing assessment of essential nonmedia coverage of deceptions 
story. 
Figure 2-13. Support roles of information operations, civil-military operations, 
public affairs, defense support to public diplomacy, and combat camera 
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PA Supported By (continued): 


CMO 


Providing accurate, timely, and balanced information for the public. 


Coordinating with civil affairs specialist to verify facts and validity of 
information. 


DSPD 


Coordinating with interagency planners to ensure a consistent message. 
Proving assessment of media coverage. 


COMCAM 


DSPD Supported By: 


Managing release of key images through PA channels. 


Coordinating for COCAM coverage and access to key events and 
operation. 


Providing a link to interagency for coordination and guidance on strategic 
communications themes and activities. 


Providing a link to interagency for coordination and guidance on strategic 
communications themes and activities. 


Providing a link to interagency for coordination and guidance on strategic 
communications themes and activities. 


COMCAM 


COMCAM Supported By: 


Providing a link to interagency for coordination and guidance on strategic 
communications themes and activities. 


Providing responsive imagery coverage of events in the operational area. 


Providing responsive imagery coverage of events in the operational area. 


Providing responsive imagery coverage of events in the operational area. 


DSPD 


Providing responsive imagery coverage of events in the operational area. 


Figure 2-13. Support roles of information operations, civil-military operations, 
public affairs, defense support to public diplomacy, and combat camera (continued) 
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IO are planned as part of the planning process, whether it is the military 
decisionmaking process, the joint planning process, or some abbreviated planning 
method. However, in comparison with planning other operations, there are two 
noticeable differences: 


e A longer lead time is required for planning IO. Many IO capabilities have time 
requirements for preparation (notably MILDEC, MISO, and CNO). 


e The threat of hostile information from outside the operational area is great. The 
ease of information flow through information networks and the media means 
that operating boundaries are porous to outside influences. 


The focus of mission planning for IO is to gain information superiority. Information 
superiority is an operational advantage derived from the ability to collect, process, 
and disseminate an uninterrupted flow of information while exploiting or denying an 
adversary's ability to do the same. Because absolute information superiority is rarely 
possible to gain or maintain, IO should seek information superiority at or before the 
operation's decisive point. If the operation is phased, it may be necessary to achieve a 
form of information superiority in each phase. If the operation is not phased, planners 
may determine that operational advantages are needed before, during, and after the 
operation. 


Successful IO Plan 
The primary role of the IO planner is to coordinate, synchronize, and deconflict while 
ensuring the appropriate capabilities are employed based on the desired effect. An 
example of this is an information operation that took place in the Basra Province of 
Iraq in 2009. 


The mission was to conduct an information operation with and through the HN forces 
to bolster popular support for a partner unit and decrease the influence of extremist 
groups in the province to set conditions for a safe and secure environment. 


The concept was broken down into three phases and focused on four information 
capabilities: PSYOP, PA, COMCAM, and CMO. The first phase was education and 
training; the focus of this phase was to provide the partner unit with training on how 
to interact properly with the populace and the media. The PSYOP teams took the 
lead during this phase by providing information team training based on various 
approved courses. This was also an assessment phase for the PAO and the CA 
officer on the partner units media relations and CMO capabilities. In addition to 
conducting assessments, the PAO, in cooperation with COMCAM, published 
numerous press releases highlighting the successes of the partner unit’s direct action 
missions. The second phase was planned engagements; the focus of this phase was 
to assist the partnered unit with providing the locals with much-needed supplies and 
materials. The CA planner took the lead during this phase by working with the 
SFODA to determine the best areas to deliver goods and in which areas the SFODA 
wanted to increase their influence. (continued) 
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The PAO and COMCAM supported this phase by highlighting the engagements via 
press releases and photos. They also utilized a broadcaster to gather video footage 
of the successful engagements. Based on the relationships developed during phase 
two, the SFODA transitioned to phase three—planned operations. The SFODA used 
the information gathered during the planned engagements to assist with targeting 
efforts, and focused on decreasing the influence of the insurgent groups in the 
region. 


By incorporating multiple capabilities of IO into a focused, coordinated effort, the plan 
achieved the desired effects to bolster popular support for a partner unit and 
decrease the influence of extremist groups in the province. 


THE STAFF ESTIMATE FOR INFORMATION OPERATIONS 


3-1. The staff estimate is an assessment of the situation and an analysis of the COAs a commander is 
considering. It includes an evaluation of how factors in a staff section's functional area influence each 
COA or assigned mission, and includes conclusions and recommendations. Staff estimates are developed 
as part of the planning process. These estimates normally are text documents; however, they may be 
formatted as maps, graphics, or charts. Whatever form they take, the estimate should be as comprehensive 
as possible without becoming overly time-consuming. 


3-2. The staff estimate for IO is an estimate focused on the information environment and the use of 
information by adversary and friendly forces. It assesses the situation in the information environment and 
analyzes the best way to achieve information superiority for the assigned mission. 


3-3. Staff sections, particularly at the tactical level, rarely have the time to complete all five paragraphs of 
a formal doctrinal estimate. In that case, the estimate should concentrate on situation assessment rather than 
COA development, and only paragraphs 1 and 2 need be produced and updated as operations progress. 


3-4. Figure 3-1, page 3-3, provides a format for an IO staff estimate. Figure 3-2, page 3-4, provides an 
example of a graphic IO estimate. 


PLANNING CONSIDERATIONS DURING MISSION ANALYSIS 


3-5. The purpose of mission analysis for IO is to assist planners in seeing the information environment, 
the adversary, and friendly forces in the context of the assigned mission. At the end of mission analysis, IO 
personnel should have— 


e The intelligence preparation of the operational environment (IPOE) products, such as a combined 
information overlay (CIO) and a template of adversary operations in the information 
environment. 


The essential tasks for IO. 

The capabilities in the information environment. 
The constraints for IO. 

The critical information requirements for IO. 
The EEFI. 


ESSENTIAL TASKS FOR INFORMATION OPERATIONS 


3-6. Units rarely conduct an information operation autonomously. There will always be higher HQ and 
tasks. Although some tasks may have been specifically assigned by the higher HQ, others may be implied 
(meaning they are necessary to accomplish specified tasks or the overall mission). Implied tasks should 
require resources and not be administrative in nature. From the specified and implied tasks, planners 
should identify tasks that the command must successfully accomplish to affect adversary and friendly use 
of information. These are the unit's essential tasks for IO. 
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MISSION. The unit mission. 


SITUATION AND CONSIDERATIONS. 


a. Characteristics of the Information Environment. Summarize significant characteristics of the 
information environment and the impact on military operations. 


(1) Subinformation environments. How terrain and weather, populace, civilian information 
infrastructure, civilian population, third-party organizations, and other physical and cognitive 
features of the information environment create subinformation environments. 


(2) Information nodes. Identify what places, persons, or infrastructure in each subinformation 
environment shape information contact and flow by creating or transmitting information. 


Adversary Forces. Adversary capabilities, vulnerabilities, and activities in the information 
environment. 


Friendly Forces. 
(1) Friendly COA. IO concept of support for each COA. 


(2) Current status of resources. The availability of organic IO capabilities and assets (as translated 
into capabilities to operate in the information environment). 


(3) Current status of other resources. The availability of supporting IO capabilities and assets from 
higher HQ, other commands, agencies, and organizations. 


(4) Friendly-force vulnerabilities in the information environment. 


(5) Comparison of requirements versus capabilities and recommenced solutions. 
(6) Key considerations (evaluation criteria) for COA supportability. 

d. Assumptions. Assumptions for IO developed during mission analysis. 

COURSES OF ACTION. 


a. Listthe COAs that were war-gamed. 
b. List evaluation criteria identified during COA analysis. 


COA ANALYSIS. Analyze each COA using the evaluation criteria. Estimate the likelihood of 
accomplishing the IO objectives given the available time and capabilities. Determine the potential for 
unintended consequences of IO tasks and the possible impacts on friendly and adversary forces' COAs. 
COMPARISON. Compare COAs using evaluation criteria. Rank-order COAs for each criterion. If possible 
use a decision matrix to support. 


CONCLUSIONS AND RECOMMENDATION. Recommend COA based on the comparison (most 
supportable by IO). Identify IO issues, deficiencies, risks, and recommendations to reduce their impacts. 


Figure 3-1. Information operations staff estimate 


3-7. Typically, essential tasks for IO number between three and five. More than five essential tasks 
present the risk of overtaking subordinate elements or having an information operation that is too complex 
to execute. 


3-8. One useful technique for validating an essential task is to ask the following question: *If the unit 
accomplishes all other tasks marginally and does this one well, will it accomplish the mission?" If the 
answer is “no,” then the task is not essential. If more than five essential tasks are identified, planners should 
question the validity of each essential task or the nature of the requirements levied on the unit by higher HQ. 


22 March 2013 TC 18-06 3-3 


Page 2976 of 3957 


Chapter 3 


Populace: Supports enemy 


Information Flow: Cell phone, Internet, 
television, radio 


Information Infrastructure: Well developed; 


supports adversary C2 

Course of Action Considerations: Source 
of enemy propaganda flow 

Conditions: Favors enemy 


CENTRAL 


Populace: Supports government 


Information Flow: Cell phone, broadcasts 
influenced by neighboring state 


Information Infrastructure: Unreliable; 
frequent power outages 


Course of Action Considerations: Enemy 
main effort 


Conditions: Favors friendly forces 
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Populace: Supports government 
Information Flow: Face-to-face, television, 
radio 

Information Infrastructure: Dilapidated; 
largely unusable 

Course of Action Considerations: Area is 
an information vacuum 

Conditions: Favors friendly forces 


FRIENDLY 


Collect: 
* Capabilities: Human intelligence, 
signals intelligence 
* Vulnerabilities: Loyalty of followers 
* Recent Activity: Penetration of local 
police 
Protect: 
* Capabilities: Intimidation of 
populace 
* Vulnerabilities: Couriers 
* Recent Activity: Unsecure 
communications 
Project: Course of Action Considerations: 
* Capabilities: Radio, face-to-face | . “i « * Intelligence loss versus gain with 
* Vulnerabilities: C2 [ Ph EA 


* Recent Activity: Anti-U.S. themes * Interdict neighboring-state 
information flow 


Organic: 

* 3 x Ground-based jammers 
* 1x MISO company 
*1xCAteam 

* 1 x PA detachment 


Supporting: 
*2x EA-6B 


Vulnerabilities: 
* Nonsecure handheld radios 


Likely COA: Incite 

civil unrest in center of area of 
responsibility; discredit U.S. actions; 
build legitimacy for local militia 


Key Leader and Populace Belief: 
Americans fight only for American interests 


Urban 
Areas 


Line of Key 
Communications Terrain 


Rough 
Terrain 


Ethnic 
Flashpoints 


Figure 3-2. Example graphic information operations estimate 


CAPABILITIES IN THE INFORMATION ENVIRONMENT 


3-9. IO planners should determine if the command has the assets to perform assigned tasks. This is done 
by identifying any or all organic and supporting IO-capable assets. Organic assets are resident in assigned 
or attached forces. Supporting assets are available to the command from a higher HQ or government 
agency. Available assets are then compared with the IO mission requirements (specified and implied tasks) 
to identify capability shortfalls and any additional assets that are required. It is important to keep in mind 
that IO planners do not possess any of the individual IO capabilities; these assets all reside within the 
supporting elements. To ensure use of these assets, IO personnel must start coordination early. 
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3-10. IO planners face a challenge in expressing IO capabilities to the commander and staff. A simple list 
of IO capabilities (that is, three ground-based jammers, nine MIS teams, two COMCAM teams, and so on) 
does not help the commander visualize the command's capabilities in the information environment. In 
developing its staff estimate. IO planners should consider the following basic questions: 

e What can the command do using organic assets? 

e What can supporting assets from the higher HQ do? 

e What can not be done? 
3-11. One possible solution to this problem is to organize IO capabilities by elements, asset, and means in 


terms of their contributions to friendly-force operations in the information environment. Figure 3-3 shows 
a sample asset list. 


Supported 
Essential Tasks Effect Targets 
for IO 


Element Assets 


MIS 
detachment 


e 4X MIS Loudspeaker Degrade Degrade Insurgent 
teams operations Rc Influence cell 
; morale 
Handbills Inform Local 
and posters Influence local populace 
Radio and populace to not Key leaders 
TV interfere with 
broadcasts friendly 
operations 
Face-to-face 
Key-leader 
engagement 


SF e SF teams Direct action Disrupt Disrupt Insurgent 
detachment Face-to-face adversary C2 Destroy leaders 
Build legitimacy Degrade Insurgent 
of HN security Inf cells 
nfluence 
forces Local 
populace 
EA e 2x EA-6B Jammer Disrupt Disrupt Insurgent 
adversary C2 Degrade leaders 
Degrade Isolate Insurgent 
adversary cells 
morale Influence 


Figure 3-3. Sample information operations asset list 


CONSTRAINTS ON INFORMATION OPERATIONS 


3-12. Constraints are restrictions placed on the command by a higher HQ that either require the use of 
resources to execute a specific task or prohibit the commander from taking specific actions. In either case, 
constraints reduce the commander's freedom of action. 


3-13. Like most other operations, IO are constrained by rules of engagement, U.S. national policy, 
international politics, and other legal, moral, cultural, or operational factors. Additionally, IO planners 
should consider that IO capabilities have constraints of their own, particularly MILDEC, MISO, CNO, and 
EW. Common constraints include approval authority for deception operations, MISO themes to avoid, allied 
forces’ national policies and capabilities, restricted targets and frequencies, and PAO guidance. 


3-14. To enhance understanding, IO constraints are organized in terms of information content and flow, as 
shown in Figure 3-4, page 3-6. 
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e Themes should avoid favoring any ethnic group. 
e Themes should stress highlighted cooperation. 


Information Content | e During current operations, approval authority is delegated down to the JSOTF and 
brigade combat team commanders. 


e Joint task force commander approves deception. 


e Nocross-boundary EA. 

e All EA must be coordinated with the JSOTF. 

. e Non-U.S. allies may not disseminate U.S. MISO products. 
Information Flow r : 
e PA posture is passive. 

e Mosques are on the restricted-target list. 


e COMCAM priorities. 


Figure 3-4. Example of information content and flow organization 


CRITICAL INFORMATION REQUIREMENTS FOR INFORMATION OPERATIONS 


3-15. Commander's critical information requirements (CCIRs) identify information needed by the 
commander to visualize the operational area and make critical decisions. CCIRs also filter information to 
the commander by defining what is important to mission accomplishment. If the information operation is 
important to the mission, then there should be IO input to the CCIR. 


3-16. The staff nominates information requirements to become CCIRs based upon the commander's 
guidance, higher HQ CCIRs, the essential-task list, and the J-2/G-2/S-2 IPOE (situation template). There 
are two types of CCIRs— 

e Priority intelligence requirements (PIRs). PIRs are information the commander must know about 
the adversary. For IO, PIRs should focus on conditions in the information environment and 
adversary actions that affect the information environment. PIRs that may be required for IO 
include the following: 


= What media outlets are producing or disseminating hostile propaganda? 
= What propaganda themes are being disseminated to the populace by adversary forces? 

e  Friendly-force information requirements (FFIRs) FFIRs are items of information the 
commander must know about the friendly force. For IO, FFIRs provide information on critical 
aspects of the command’s information system, IO-capable assets, and execution of the 
information operation. FFIRs that may be required for IO include the following: 

= Death or serious injury of noncombatants by friendly forces. 
=» Media coverage of alleged friendly-force misconduct. 


ESSENTIAL ELEMENTS OF FRIENDLY INFORMATION 


3-17. EEFI are the critical aspects of a friendly operation that—if known by the adversary—would 
subsequently compromise, lead to failure, or limit success of the operation, and therefore must be protected 
from detection. In other words, EEFI is a list of information that must be protected from the adversary's 
intelligence system to prevent the adversary from making timely decisions and allowing friendly forces to 
retain the initiative. Typically, EEFI include the command intentions, subordinate element status, or the 
location of critical assets (such as command posts and signal nodes). EEFI should be refined throughout 
the planning process, as some information may not be identified until COA development. Once EEFI are 
developed, specific measures (in the form of tasks to subordinate units) are developed to protect the 
information (OPSEC process). Two examples of EEFI are— 
e Friendly forces’ means of intelligence collection. 


e Tribal leaders assisting friendly forces. 


Note. Chapter 4 provides additional information on how to develop EEFI. 
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MISSION ANALYSIS WORK SHEET 


3-18. A mission analysis work sheet (Figure 3-5) guides planners through the critical parts of mission 
analysis. The format to conduct a mission analysis brief to the commander is identical to the mission 
analysis brief format. 


Facts. Statements of known data concerning the situation, including adversary and friendly 
disposition, available troops, unit strengths, and material readiness that will directly affect the 
mission. 


Assumptions. Suppositions on the current or future situation assumed to be true in the absence of 
facts and which will typically describe future eventualities on which success of the operation depends. 
Tasks. 
Specified. Tasks specifically assigned to the command by higher HQ (extracted from 
paragraphs 1, 2, and 3 of the higher HQ base order, annexes, and overlays). 
Implied. Tasks that must be performed to accomplish specified tasks of the overall mission 
(developed from an analysis of specified tasks). 
Essential. Tasks that must be executed to accomplish the mission (derived from analyzing 
specified and implied tasks lists: essential tasks are included in the mission statement). 
Constraints. Restrictions placed on the command by higher HQ that dictate an action or inaction, 
thus restricting the command's freedom of action (extracted from higher HQ guidance, concept of 
operations, coordinating instructions, and annexes—especially IO, rules of engagement, themes to 
avoid, CMO, and PA). 
Available Assets. Organic and supporting troops and equipment available for the operations 
(derived from higher HQ order, current tasks organization, and unit status reports). 


Risk Assessment. Hazards that may be encountered during the mission because of the presence of 
the adversary or hazardous condition in the AO (developed from staff experience and SOPs). 


CCIRs. Information the commander needs to make critical decisions, especially to determine or 
validate COAs. 


a. PIR. Information the commander must know about the adversary (derived from known gaps in 
information required to accomplish the operations). 


b. FFIRs. Information the commander must know about the friendly force (developed form 
knowledge of the friendly force and mission). 


EEFI. Critical aspects of the friendly operation that—if known by the adversary—will compromise, 
lead to failure, or limit success of the operation and, therefore, must be protected from detection 
(derived from higher HQ order and developed by using the OPSEC process). 


Figure 3-5. Mission analysis work sheet 


COURSE OF ACTION DEVELOPMENT 


3-19. A COA is a possible plan to accomplish the assigned mission. The IO planner's goal is to develop a 
concept of support that will generate effects that create information superiority over the adversary at the 
proper time and place. An IO concept of support should be— 


e Suitable. The concept must create information superiority over the adversary. 


e  Feasible. The COA must be practical in terms of time, space, and resources. Considerations 
include time available to shape the information environment and availability of IO capabilities. 


e Acceptable. The command's information operation must consider the cost of resources, as well 
as the operational and accidental risks associated with the proposed concept. 
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e  Distinguishable. Each COA should be supported with a unique information operation, although 
the differences may be subtle. These differences include the use of different IO capabilities, 
changes to the allocation of the capabilities, or changes in the time or sequence of IO tasks. 

e Complete. The COA should provide information superiority and address friendly-force actions in 
the case of undesirable results. 


3-20. Successful IO give subordinates maximum latitude for initiative and postures the unit for follow-on 
missions. Likewise, with a little foresight, IO planners can use one information operation to jump-start 
another. Occasionally, a tactical-level information operation may just be the perfect catalyst for an 
operational-level information operation (and so on). 


STRENGTHS AND WEAKNESSES: INFORMATION ADVANTAGE 


3-21. The first step in developing an IO concept of support is to determine whether friendly or adversary 
forces have the information advantage. A nondoctrinal term, information advantage means being in a 
superior position (able to operate better) in the information environment relative to one's opponent. 
Information advantage is relative, meaning that although two opposing forces are operating in the same 
information environment, how each force operates in the information environment is different. 


3-22. To determine relative information advantages, leaders compare friendly and adversary forces' 
strengths (capabilities) and weaknesses (vulnerabilities) in the information environment. This analysis is an 
asymmetric evaluation, meaning that there will unlikely be a direct correlation between the assets used by 
either friendly or adversary forces, and how those forces employ the assets. Therefore, IO planners should 
attempt to relate similar capabilities and attributes in terms of how information is— 

e Collected. Information collection describes how friendly and adversary forces' means and 
capabilities are used to collect information about the opponent. Leaders must consider 
capabilities in terms of HUMINT, SIGINT, imagery intelligence, measurement and signature 
intelligence (MASINT), and OSINT. 

e Protected. Information protection describes friendly and adversary forces' means and capabilities 
to protect critical information and maintain means of communication. 

e Projected. Information projection describes friendly and adversary forces' means and capabilities 
to put information into the operational area's information environment. Leaders must consider 
the type and number of information systems possessed by each side (for example, face-to-face, 
radio, or TV). 


3-23. The adversary forces’ capabilities and weaknesses can be derived from IPOE, whereas friendly-force 
capabilities come from mission analysis, and vulnerabilities from a center-of-gravity (COG) analysis of 
friendly forces. The results are compared to determine which side is at an advantage or disadvantage in each 
function. If no apparent advantage or disadvantage exists, then that aspect of operations in the information 
environment is neutral for both sides. The end result is a subjective determination of whether friendly or 
adversary forces have the overall advantage in the information environment, and in what way one side has 
the advantage. Once the analysis is concluded, IO planners should have insight into the following: 


e The friendly forces’ information capabilities needed for the operation. 

e The friendly and adversary forces’ vulnerabilities in the information environment. 

e The type of operations in the information environment that may be possible from both the 
friendly and adversary forces’ perspectives. 
The additional IO capabilities and resources required to execute the operation. 
The allocation of existing IO capabilities and resources. 


The information advantage work sheet (Figure 3-6, page 3-9) is a tool for estimating information 
advantage. 
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Capabilities in the Strength/Weakness — Relative Advantage 
Information 


Environment | Friendly | Friendly 
" to Coa e OSINT e Overhead and night capabilities 
dins cu ES Couriers * HUMINT sources 


e Centralized leadership en 
, e Secure communications 
Information Protect | e Unsecure X 
A e Internet leaks 
communications 
e Face-to-face e Radio broadcasts 
Information Project 
e Inconsistent messages | e Lack of credibility with populace 


Overall Information Advantage 


Figure 3-6. Information advantage work sheet 


GENERATING INFORMATION SUPERIORITY 


3-24. Once a thorough understanding of each side's capabilities and vulnerabilities is established and 
apparent advantages and disadvantages are determined, IO planners can begin generating options (COAs) 
to achieve information superiority. 


3-25. Information superiority is an operational advantage derived from the ability to collect, process, and 
disseminate an uninterrupted flow of information while exploiting or denying an adversary's ability to do 
the same. Information superiority can be achieved by attacking the adversary force with information or 
shaping the information environment (or both). These attacks are directed at reducing any relative 
advantages the adversary has and exploiting its relative vulnerabilities in the information environment. 


3-26. This duality of information operations—attacking the adversary and shaping the information 
environment—is analogous to fires and maneuver, where fires equate to attack of the adversary's ability to 
use information for C2 and as a weapon against friendly forces, and maneuver is an activity to seize and 
retain information nodes for the purpose of gaining a positional advantage in the information environment. 
To be effective, an information operation balances activities to attack the enemy force with those that shape 
the information environment. Through a combination of both, a military force seeks information 
superiority over the adversary. Figure 3-7 shows examples of information superiority. 


Focus of IO Cognitive Dimension Physical Dimension 


e Slow decisionmaking 


Adversary Force e Misemployment of forces 
e Reduce morale 


e Change populace support e Change populace behavior 


Figure 3-7. Examples of information superiority 


3-27. Once identified, information superiority becomes the purpose of the information operation, and as 
COAs are developed, they must be nested to the unit's main operation. To do this, IO planners determine 
the operational advantage (that is, information superiority) that will be sought in the information 
environment and ensure its purpose supports the purpose of the mission statement. 


CONCEPT OF SUPPORT STATEMENTS AND SKETCHES 


3-28. The IO concept of support describes how available forces will achieve information superiority. It 
states when and where information superiority needs to be achieved and describes how IO will support the 
operation and how IO capabilities will be employed. IO planners develop an IO concept of support for 
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each assigned mission or COA based on what the command's assets and resources can do to achieve the IO 
objectives. To build an IO concept of support, the IO planner develops the— 
e Purpose of the information operation (information superiority). 
e IO objectives or essential information operations tasks (EIOTs) that will create the effects in the 
information environment to achieve information superiority. 
e Tasks to subordinate units and staff elements that assign specific actions that will achieve the IO 
objectives' desired effects. 
e Target nominations. Certain IO tasks may result in the identification and nomination of targets. 
Request for support from higher HQ. 
Assessment plan to measure progress. 


INFORMATION OPERATIONS OBJECTIVES 


3-29. IO objectives describe the effects that will achieve information superiority. IO objectives do not 
stand alone, but support the commander's operational intent. As such, an IO objective is a statement of 
what IO will do to attack the adversary or shape the environment to achieve information superiority. For 
example, if information superiority for an operation is “prevent target from moving from Objective Black 
prior to attack,” then IO objectives could be “disrupt adversary communications within Operational Area 
Blue to prevent early warning," “deceive adversary decisionmakers on Objective Black to prevent 
relocation of C2," or "influence local populace in Operational Area Blue to support friendly-force 
operations with preventing populace reporting of friendly-force activities." 


3-30. For each mission or COA considered, IO planners develop IO objectives based on the tasks for IO 
identified during mission analysis. Depending upon the complexity or duration of the mission (for 
example, a tactical direct-action mission versus a long-term FID defense mission) there may be only one 
IO objective or there may be numerous IO objectives developed for each phase of the overall operation. 
Generally, regardless of the mission, no more than five objectives are planned for execution at any one 
time in the operation. 


3-31. When possible, IO objectives should be observable (the desired effect is detectable), achievable 
(assets and time are available to accomplish the objective), and quantifiable (the desired effect can be 
measured). The effects describe a physical or cognitive condition either in the information environment 
(focus on information content and flow) or against adversary forces (focus on cognition and behavior). IO 
objectives should not specify ways or means (that is, IO capabilities). 


3-32. There is no doctrinal format for an IO objective. One possible format uses target, action, purpose, 
effect: 

Target describes the object of the desired effect. 

Action describes the capability or cognitive function of the target. 

Purpose describes what will be accomplished for the friendly force. 

Effect describes the outcome (for example, destroy, degrade, disrupt, or deceive). 


3-33. It is important that IO objectives are written in terms of effects, because it is the desired effect that 
focuses the activities (tasks) of IO capabilities. For IO, a proper effect falls into one of the three following 
categories: 

e Effects against the adversary. IO effects against the adversary focus on the adversary’s ability to 
collect, protect, and project information. An example IO objective is to disrupt (effect) 
insurgent (target) abilities to conduct C2 (action) to surprise adversary forces in and around 
Village X (purpose). 

e Effects to shape the information environment. IO effects shape information content and flow 
within the operational area's information environment. An example IO objective is to influence 
(effect) local populace (target) perception of the insurgents (action) to increase reporting of 
insurgent activity and locations to coalition forces (purpose). 

e Effects to protect friendly forces. IO effects regarding friendly forces seek to prevent adversary 
interference with friendly abilities to collect, protect, and project information. An example IO 
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objective is to deny (effect) insurgent (target) ability to exploit negative effects of friendly-force 
operations (action) to prevent support to adversary efforts (purpose). 


Note. Figure 3-8 provides an example of directed effects. 


3-34. Because it is impossible to anticipate all possible effects, terms other than those presented in this TC 
may be used to describe the desired effects for IO. Effects terms should describe a condition—not a task. 
Definitions may vary for the same effect based on the physical and cognitive nature of the effect and the 
target of the specific effect. 


3-35. As IO objectives are developed, IO planners should consider the indications of success (MOEs) and 
how the indications will be collected. If adequate indications and collection means cannot be identified, the 
objective may have to be refined to produce measurable and detectable results. If an objective's MOE is 
focused on behavior or beliefs, planners must consider physical actions that are a result of the desired 
behavior, or belief, as an indicator. 


Effects Against the Adversary | Effects to Shape the Environment 


Physical Effects 


Destroy — Use lethal or 
nonlethal means to 
render adversary 
capabilities to collect, 
protect, or project 
information ineffective, 
unless reconstituted. 


Degrade — Use nonlethal 
or temporary means to 
reduce the adversary's 
effectiveness or 
efficiency to collect, 
protect, or project 
information. 


Disrupt — Interrupt the 
flow of information to and 
from the adversary and 
within the adversary 
organization. 


Isolate — Seal off an 
adversary from sources 
of support or contact with 
other adversarial 
elements. 


Cognitive Effects Information Content 


Deceive — Mislead the 
adversary decision- 
makers, causing them to 
take specific actions or 
inactions that contribute 
to friendly-force mission 
accomplishment. 


Influence — Cause 
adversaries or others to 
behave in a manner 
favorable to friendly 
forces. 


Isolate — Prevent 
effective adversary 
decisionmaking by 
impeding the adversary's 
efforts to collect and 
project information. 


Destroy — Use lethal or 
nonlethal means to 
render adversary 
information or 
information systems 
ineffective, unless 
reconstituted. 


Degrade — Use nonlethal 
or temporary means to 
reduce the effectiveness 
or efficiency of adversary 
message content. 


Exploit — Gain 
advantage of an 
adversary action that has 
negative effects on the 
populace. 


Influence — Cause 
adversaries or others to 
behave in a manner 
favorable to friendly 
forces. 


Effects to Protect Friendly Forces 


Information Flow 


Degrade — Use nonlethal 
or temporary means to 
reduce the effectiveness 
or efficiency of adversary 
communication methods 
with the populace. 


Exploit — Take 
advantage of gained 
access to a populace. 


Isolate — Prevent 
populace groups from 
communicating with each 
other. 


Influence — Cause 
information to move 
faster or slower, resulting 
in populace behavior that 
is favorable to friendly 
forces. 


Disrupt — Break or 
interrupt the flow of 
information between 
selected key-information 
nodes. 


Deny - Withhold information about friendly-force capabilities and intentions that adversaries need to make 
effective and timely decisions. 


Mitigate — Reduce negative effects of friendly-force operations on the populace. 
Neutralize — Render an adversary's collection capability ineffective with regard to time, space, and purpose. 


Figure 3-8. Effects for information operations 


ESSENTIAL INFORMATION OPERATIONS TASKS 


3-36. At the tactical level, in a time-constrained environment, it is sometimes more straightforward to write 
IO objectives as EIOTs. EIOTs serve the same function as objectives; specifically, they focus the activities 
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(tasks) of the various IO capabilities. One difference is that EIOTs include the methods or means that will 
be used to perform the EIOT. A possible format for an EIOT uses task, purpose, method, effect: 

e Task (for example, jam adversary's C2 communications). 

e Purpose (for example, prevent coordinated efforts against friendly forces). 

e Method (for example, EW EA-6B). 

e Effect (for example, disrupt). 


INFORMATION OPERATIONS TASKS TO SUBORDINATE UNITS AND STAFF ELEMENTS 


3-37. Once IO objectives or EIOTs are written, IO planners develop tasks to subordinate units and staff 
elements that possess the IO capabilities needed to accomplish the IO objectives or EIOTs. Therefore, the 
aggregate execution of assigned tasks should achieve the effect of the IO objective or EIOT. Tasks for IO 
capabilities to subordinate units translate the broad concepts of the objectives and EIOTs into discreet 
actions. Tasks are often written as— 
e Task. The task is the action to be performed and the location of the task (for example, prevent 
local populace interference in Village X). 
e Purpose. The purpose is the reason why the task is assigned (for example, prevent civilian 
casualties). 
e Method. The method describes what unit or capability will conduct the task (for example, MIS 
Team C121). 


3-38. To develop tasks, IO planners should consider all available organic and supporting IO capabilities 
and resources that can help achieve each IO objective. As a matter of course, it is best to have 
representatives for each IO capability write their own tasks. 


3-39. Similar to effects, tasks can be organized into three categories (Figure 3-9, page 3-13). These tasks 
are as follows: 

e Tasks against the adversary. These tasks target adversary capabilities and vulnerabilities to 
collect, protect, and project information (as identified during the COG analysis). An example 
task is Counter insurgent propaganda to maintain populace support for capture/kill missions. 

e Tasks to shape the information environment. These tasks shape information content and 
movement by impacting the key nodes in each subinformation environment to influence local 
populace perceptions and behavior. An example task is Engage religious leaders to stop 
inflammatory rhetoric. 

e Tasks to protect friendly forces. These tasks seek to protect friendly-force vulnerabilities in the 
information environment from adversary capabilities to collect and project information. An 
example task is Detect intrusions into friendly-force information systems to prevent adversary 
collection of critical information. 


3-40. An IO planning work sheet (Figure 3-10, page 3-14) is a tool that can be used to develop an IO 
concept of support for input to COA development. One work sheet is filled out for each IO objective. 


INFORMATION OPERATIONS CONCEPT OF SUPPORT 


3-41. The IO concept of support is a word picture that explains how the information operation supports the 
operation from beginning to end, and how IO capabilities will be employed to provide information 
superiority. The IO concept requires defining information superiority for the operation. A well-written 
concept is concise and understandable. Although there is no doctrinally prescribed formula for an IO 
concept of support, leaders should consider the following: 
e  Commander's intent for IO describes what the commander wants IO to do to the adversary or to 
shape the information environment. 
e Information superiority is described in the context of the operational situation and the 
command's mission; this should include the specific time and place for it to be achieved (should 
be linked to decisive points in the operation). 
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e General plan for IO lists the IO objectives, tasks to be executed, capabilities that will execute, 
associated MOEs for the objectives, and collection methods that will be used for assessment. 

e Priority of support designates which subordinate unit or element has the priority of IO assets and 
capabilities. Restrictions on the employment of IO lists prohibited and directed actions that affect 


the employment of IO. 


e General scheme for IO uses doctrinal concepts and terms to explain how the IO objectives will 
be achieved, who will perform them (that is, the tasked units), and the sequencing of key tasks; it 
relates the key tasks to the achievement of information superiority. 


Tasks Against the Adversary 


Counter — Diminish adversary information to 
correctly portray friendly intent and actions. 


Demonstrate — Show or reveal. MILDEC typically 
conducts tasks to demonstrate. 


Deter — Prevent action through the existence of a 
credible threat of unacceptable counteraction. MISO 
forces typically conduct tasks to deter. 


Disseminate — Spread or disperse. MISO and CMO 
typically conduct tasks to disseminate. 


Jam - Interfere with or prevent the clear reception of 
signals by electronic means. EW typically conducts 
tasks to jam. 


Persuade — Induce to believe something or 
convince. MISO forces typically conduct tasks to 
persuade. 

Prevent — Keep from happening or avert. OPSEC 
typically conduct tasks to prevent. 


Tasks to Shape the Environment 


Broadcast — Transmit and make public by means of 
radio or TV. Typically MISO forces conduct tasks to 
broadcast. 


Demonstrate — Show or reveal. MILDEC typically 
conducts tasks to demonstrate. 


Disseminate — Spread or disperse. MISO and CMO 
typically conduct tasks to disseminate. 


Engage - Initiate contact to open dialogue with or 
communicate a message to a target. MISO and CMO 
typically conduct tasks to engage; however, any 
friendly-force asset with access to the target has 
potential to conduct face-to-face engagements. 


Inform — Provide information or educate a specific 
target audience. MISO, PA, and CMO typically conduct 
tasks to engage; however, any friendly-force asset with 
access to the target has potential to inform through 
face-to-face engagements. 


Persuade — Induce to believe something or convince. 
MISO forces typically conduct tasks to persuade. 


Publicize — Bring to the attention of the public. PA 
typically conducts tasks to publicize. 


Tasks to Defend Friendly Forces 


Detect — Discover or discern the existence, presence, or fact of an intrusion into information systems. IA, CI, 
and EW typically conduct tasks to detect. 


Protect — Guard against espionage or capture of sensitive equipment or information. OPSEC, IA, CNO, 
physical security, EW, and CI typically conduct tasks to protect. 


Respond - React quickly and appropriately to an adversary attack or intrusion in the information environment. 
All IO capabilities have potential to respond, depending on the specific incident. 


Restore — Bring information systems or conditions in the information environment back to their original state. 


IA typically conducts tasks to restore. 


Figure 3-9. Tasks for information operations capabilities 
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COA: Conduct raid at Objective LIMA to remove insurgents and return control of the area and populace to the 
existing government. 


IO Objective: Disrupt communications by jamming insurgent communications. This will prevent coordinated 
efforts against friendly forces. 


EW Tasks: Information Operations | Protect Assets: 

Provide electronic jamming of mission command Targets: Protection of friendly 

communications used by the insurgents. Insurgent command and | communications is 
communications nodes. essential. 

MISO Tasks: 

None 


OPSEC Tasks: 


Protection of the essential elements of friendly 
information is imperative to ensure success of 
electronic warfare plan. 


MILDEC Tasks: MOEs: 


None Inability of insurgent forces to send early warning 
and inability to communicate during the mission. 


CMO Tasks: Intelligence Requirements: 


None Insurgent key personnel and frequencies used by 
key communicators in the area of operations. 


PA Tasks: 
None 


Other Tasks: Coordination: 


None Coordinate with the spectrum manager and adjacent 
and higher headquarters. 


Figure 3-10. Example of an information operations planning work sheet 


INFORMATION OPERATIONS CONCEPT OF SUPPORT SKETCH 


3-42. The IO concept of support sketch is a visual graphic (Figure 3-11, page 3-15) of the information 
operation. It is the product used to brief the commander and staff on what IO capabilities will do during the 
mission. The format or medium used for the sketch is not as important as ensuring the correct elements of 
information are presented, that the sketch shows that the information operation is synchronized with other 
operations, and that it clearly depicts the synchronization of the IO capabilities involved with the operation. 
The sketch should answer the following questions: 
e Who? What capabilities will be employed to perform the IO tasks? 
e What? What operational advantage is provided by the information operation (that is, information 
superiority)? What objectives (or EIOTs) must be achieved and what are the required tasks to IO 
capabilities? 
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e When? What time during the operation will tasks be performed? 
e Where? Where in the operating area will the IO tasks be performed? 
e Why? What is the purpose of each IO task? 


Information Superiority: Decrease opposition to friendly- 
force operations IO objectives: 
e Influence insurgents to disarm and disband, IO task: 
Increase populace confidence in the established 
government. 


è Exploit insurgent intimidation tactics against the populace, 
IO task: Increase populace support to friendly-force 
objectives. 


IO Element Tasks: 
MISO 
1. Disseminate leaflet to suspected insurgent areas, IO task: 
Decrease insurgent's will to fight. 


. Employ MIS teams to disseminate handbills to known 
insurgent areas, IO task: Increase populace participation in 
humanitarian assistance distribution. 


. Employ MIS teams in direct support of maneuver units, IO 
task: Prevent populace interference. 


. Inform populace of recent insurgent related atrocities, IO 
task: Prevent insurgency recruitment. 


. Distribute humanitarian assistance to populace in insurgent 
areas, IO task: Reduce populace support to insurgency. 


. Distribute humanitarian assistance to dislocated civilians 
camps, IO task: Increase support to friendly-force 
operations. 


. Publicize peacekeeper's role in humanitarian assistance 
projects, IO task: Prevent effective adversary propaganda. 


Time Line Phase | Phase II Phase III 


Figure 3-11. Example information operations concept of support sketch 


ORDERS PRODUCTION 


3-43. Plans and orders are as detailed as time permits. The size of these documents depends on the 
command and mission; they can run the gamut—from a series of overlays with written comments to 
voluminous documents of hundreds of pages. Regardless of the format used, an order must be clear, 
concise, timely, and useful to the implementing commands and units. 
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3-44. The IO annex (Army orders format) or appendix (joint orders format) describes the complete IO 
mission and how IO will gain information superiority in support of the scheme of the maneuver. This 
approach places a lesser emphasis on individual IO assets and capabilities and greater emphasis on the 
aggregate IO effects needed to achieve information superiority. The IO staff must be careful to not let the 
requirement to develop and explain IO capabilities contribution to the operation overwhelm the primary 
purposes of the IO annex, which are to— 

e Provide operational details on the information operation. 

e Focus element and unit tasks on achieving specific effects in the information environment. 

e Provide the information needed to assess the information operation. 


3-45. There are two basic formats for an IO annex: a five-paragraph (Figure 3-12, pages 3-16 and 3-17) 
and a matrix annex. The five-paragraph annex is used when sufficient planning time is available. The matrix 
annex is used when time is limited or when directed by the J-3/G-3/S-3 or unit SOP. 


ANNEX P (INFORMATION OPERATIONS) TO OPERATIONS ORDER NO ## 


1. SITUATION. 


a. AO.Describe the information environment's subenvironments. Identify significant characteristics (for 
example, terrain, weather, populace, civilian information infrastructure, civilian population, and third- 
party organizations). State the aggregate impact on adversary and friendly operations. Identify 
aspects of the information environment, to include key information nodes that favor adversary and 
friendly operations. 


b. Adversary Operations in the Information Environment. Describe how, when, where, and why 
adversary forces will operate in the information environment. Describe likely objectives and activities 
and how information capabilities will be employed. Identify adversary capabilities and vulnerabilities in 
the information environment in terms of information collection, protection, and projection. 


c. Friendly Capabilities and Vulnerabilities in the Information Environment. Identify friendly-force 
capabilities to shape the information environment and attack adversary forces with information. 


d. Civil Considerations. Identify key people, groups, and organizations that operate in the information 
environment and will affect friendly and adversary forces' operations. Describe likely objectives and 
activities in the information environment. 

e. Attachments and Detachments. List organic and supporting assets that are available to execute the 
information operation. 

2. MISSION. State the unit mission. 
3. EXECUTION. 

a. Concept of Support. Describe how IO will be conducted and who will perform it from beginning to 
end, to include adversary capabilities and vulnerabilities to be attacked and friendly critical 
vulnerabilities to be protected. Define information superiority (that is, the operational advantage 
derived from operating in the information environment) and explain how and when IO will achieve it. 
Include IO effects (that is, objectives or EIOTSs), sequencing of key tasks, and IO capacities priorities 
by phase. 


Assessment. Describe the assessment plan for the information operation. 
c. Tasks to Subordinate Units. List subordinate units and assigned IO tasks. 


d. Coordinating Instructions. List IO instructions common to two or more units. State any rules of 
engagement applicable to IO capability. List constraints not contained in the concept of support. 


4. SERVICE SUPPORT. Identify requirements for support pertaining to IO as a whole. Identify service 
support to individual IO elements in their respective appendixes or annexes. 


5. COMMAND AND SIGNAL. Significant command and signal information related to IO not covered in the 
base order. Include arrangements needed to exchange information among IO capabilities. 


ACKNOWLEDGE: (If distributed separately from base plan/order) 


Figure 3-12. Format for a five-paragraph information operations annex 
(Army orders format) 
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[Authenticator's last name] 
[Authenticator's rank] 


APPENDIXES: 

1. OPSEC 

. MISO 

. MILDEC 

EW 

. 1O Execution Matrix 


2 
3 
4. 
5 


Figure 3-12. Format for a five-paragraph information operations annex 
(Army orders format) (continued) 


3-46. Typically, at the tactical level, the information operation can be adequately described on a matrix 
order format (Figure 3-13). When combined with a copy of the IO concept of support sketch, most IO 
capabilities can understand and execute accordingly. There is no specific format for an execution matrix. 
Figures 3-14 and 3-15, pages 3-18 and 3-19, are two examples. 


Enemy Situation: Friendly Situation: 


See Appendix 1 to Annex B XXI Corps EC-130H, EC-130E, EA-6B, F-16CJ 
(HARM), AC-130 (Specter) 


Mission: Information Superiority: 


Prevent preemption of air assault; influence local Dominance of the information environment which 
population to not interfere in and around the permits mission success without effective opposition 
objective; shape the information environment to and minimal civil interference. 

establish order and provide basic services. 


Concept of Support: 


Prevent preemption of the air assault and minimize civil interference in and around the objective by 
destroying, degrading, disrupting, and exploiting adversary mission command and fire support systems; 
deceiving adversary decisionmakers; destroying, degrading, disrupting, and deceiving enemy information 
systems; denying adversary decisionmakers information about XXI Corps intentions and capabilities; 
protecting mission command and information systems. 


IO Objectives/Tasks: 


Prevent compromise of the operation; protect XXI Corps 

mission command; disrupt 109th Division air defense and 
targeting systems during critical periods of the operation; 
minimize civilian interference. 


Coordinating Instructions: 
XXI Corps: Contact counterparts to coordinate and synchronize efforts to identify suspected SPF locations. 


Service Support: 
No change. 


Command and Signal: 
XXI Corps IO cell is located in the Main CP. 


Appendixes: 
Appendix 1 (OPSEC), Appendix 3 (EW), Appendix 4 (IO Execution Matrix). 


Figure 3-13. Example of a format for a matrix information operations annex 
(Army orders format) 
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Capability 
MISO 
OPSEC 


NO 
CMO 


COMCAM Document 
operation. 


Phase I 


Monitor signals of 
interest. Electronic 
protection for 
personnel and 
equipment. 


Broadcast 
harassment 
messages for 
enemy. Broadcast 
noninterference 
messages for local 
populace. 


Determine essential 
elements of friendly 
information for 
mission. 


Maintain computer 
network defense to 
protect friendly 
communications 
and information. 


UU 


Prepare 
Commander's 
Emergency 
Response Program 


paperwork for funds 


disbursement. 
Coordinate with 
provincial 
reconstruction 
team. 


Prepare press 
releases. 


Take lead in all 


lethal actions on the 


objective. 


Phase Il 


Electronic attack to 
disrupt enemy 
communications. 
Electronic protection 
for personnel and 
equipment. 


Implement 
measures to protect 
essential elements 
of friendly 
information to 
protect movement 
routes, mission 
command, and 
objective. 


Maintain computer 
network defense to 
protect friendly 
communications 
and information. 


Document 
operation. 


Take lead in all 
lethal actions on the 
objective. 


Phase III 


Broadcast via 
mobile radio to keep 
population informed 
on mission. 


Maintain computer 
network defense to 
protect friendly 
communications 
and information. 


N/A 
N/A 


Take lead in all 
lethal actions on the 
objective. 
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N/A 


Broadcast on 
mission success. 
Coordinate with 
combat camera 
crews for post- 
mission 
propaganda and 
counter- 
propaganda. 


Maintain computer 
network defense to 
protect friendly 
communications 
and information. 


Assist personnel 
returning to 
villages. Assess 
small-scale 
immediate 
projects. 


Send press 
releases. Control 
local and national 
media. 


Document Document 
operation. operation. 


Take lead in all 
lethal actions on 
the objective. 


Figure 3-14. Example 1 of an information operations execution matrix 
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Time on Target 
or Location Remarks 
Time of Effect 


Tasked Unit 
or System 


H-1 through Throughout area of | Successful if 
H-hour operations enemy is unable to 
send early warning 


H-24 and continue Objective LION Successful if no 
civilian 
interference 


95th Civil Affairs H-24 though H-hour | Through area of 
Brigade operations 


Special Instructions: None 


Figure 3-15. Example 2 of an information operations execution matrix 


CONSIDERATIONS 


3-47. IO planning can be initiated at the SFODA typically by the attached MIS element as the only 
information capability at that echelon, and finalized at the SOTF. Typically, an SFODA will not have 
access to all of the IO capabilities. When developing a concept of operations, planners must consider and 
include the applicable capabilities in Figure 3-14, page 3-18. The SOTF IO planner will coordinate for 
assets and synchronize and deconflict the effects. It is important for the SFODBs and SFODAs to 
understand the JSOTF/SOTF IO plans to ensure the higher HQ intent is nested within their plans. 


CONSEQUENCE MANAGEMENT 


3-48. When planning, the SFODAs should consider what actions to take if the operation does not go as 
planned. In the event that an operation does go awry, it is important to understand the information 
environment, to include the influential leaders that SFODAs and their FID partnered units should engage to 
assist in getting the appropriate information and messages to the populace. Also, it is important to note 
what media outlets are available to assist with getting ahead of the news cycle. Key consideration is that 
the first voice is the loudest. If the SFODA or the HN provides the facts of an operation or event in a 
timely manner, the adversary will be forced into defense and will have to react and counter the information 
as they fight to influence the population. 
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Execution of Information Operations 


This chapter focuses on the key staff tasks IO planners must accomplish during 
execution of an information operation. Once execution begins, IO planners monitor 
the adversary and friendly situations, track IO task accomplishment, determine the 
accomplishment of the IO objectives and tasks, and detect and track any unintended 
consequences. Three staff tasks critical to execution include the following: 


e Monitor. Planners must maintain situational awareness and monitor the progress 
of operations to determine if the operation is going according to plan. 


e Evaluate. Planners analyze the progress of the information operation, the status 
of the adversary, and the effects in the information environment to determine if 
there are variances from the plan and the significance of the variances. 


e Adjust. Planners estimate the effectiveness of task execution and the 
effectiveness of IO on the adversary, the local populace, and friendly operations. 
If an unexpected incident occurs, IO planners—in coordination with current 
operations staff—coordinate with subordinate units and staff elements to 
develop an appropriate task for that incident. 


MONITORING 


4-1. The key to monitoring is the collection of information critical to execution of the information 
operation. The first step is determining what information is needed to evaluate and adjust the information 
operation. Two sources for deriving the information are the CCIR and the J-2/G-2/S-2 decision support 
template. From these sources, IO planners can determine their own information requirements; notably, 
intelligence requirements and FFIRs that will help guide the information collection effort. 


4-2. Next, IO planners monitor both the command's overall operation and the IO tasks and activities as 
spelled out in the operation order, IO appendixes, annexes, and execution matrices. Then, operations 
reports and intelligence summaries are reviewed for IO-relevant information and paired against the IO 
objectives to evaluate progress of the information operation. If necessary, requests for information are 
submitted and tracked for clarification or additional information. 


EVALUATING 


4-3. The purpose of the assessment is to judge success or progress of the information operation. Progress 
is determined by analyzing relevant information and intelligence from unit operations and intelligence 
reports. The information is then applied against current IO objectives to determine whether the desired 
effects are being achieved. However the assessment is conducted, planners should consider the following 
principles: 
e The assessment should lead to recommendations to the commander to continue, end, or change 
the operation. 
e The assessment must detect situation changes quickly enough for commanders to respond 
effectively. 
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e A balanced assessment considers changes in both the friendly and adversary forces’ information 
environment. 

e The assessment of an information operation should focus on collective rather than individual 
tasks and targets, because changes in the information environment or adversary force usually are 
not the result of any single task or target. 


4-4. Assessing IO can appear complex and difficult, but it need not be burdensome if IO planners use a 
simple methodology to assess the information operation. In principle, assessing an operation consists of 
evaluating the operations against measures of performance (MOPs) and MOEs. 


Note. IO planners must be careful not to over assess by becoming bogged down in formal 
assessment procedures for numerous tasks and effects, or to overwhelm subordinate units or 
staff elements with requirements for numerous reports, questions, and information requirements. 


4-5. MOPs measure friendly actions in terms of task accomplishment and performance. IO cannot 
generate effects if the planned tasks are not successfully executed. As such, assessment should account for 
task execution. Because task completion affects execution as well as assessment, it is important that the IO 
capability representatives and subordinate units report accomplishment of their respective tasks. MOPs are 
not measures of success—they gauge task completion and do not measure effect success or failure. 


4-6. MOESs are used to measure the results achieved in the overall mission and execution of IO 
objectives. More practically, MOEs determine if a desired condition or outcome is in place (that is, effect), 
even if not directly caused by planned military action. Because IO objectives are written to articulate a 
specific condition or state in the operational environment, most MOEs are crafted and used to measure the 
effects generated by those tasks collectively executed to achieve each IO objective. 


4-7. An assessment plan is normally developed as part of the planning process. For complex or long-term 
operations, it may be necessary to form an assessment working group to produce the information required 
to assess the information operation. Attendees to the working group may include representatives from the 
J-2/G-2/S-2; J-3/G-3/S-3; plans directorate of a joint staff (J-5); assistant chief of staff, plans staff section 
(G-5); MISO; EW; CA; and PA. During combat operations, the combat assessment board may supplant the 
assessment working group. 


Note. One of the critical factors in a successful relief-in-place or transfer of authority between 
IO planners is the passing on of all historical IO data and ongoing assessment plans. 


4-8. There is no standardized or doctrinal assessment process. In the absence of a doctrinal process, IO 
planners must develop their own methodology to guide assessment. Based on field experience, the 
following process is a logical approach to assessing an information operation: 


e Develop assessment criteria. The first step in the assessment process is to develop the assessment 
criteria. This involves developing the items that support the MOE, indicators, and MOPs. One or 
more MOE is normally developed for each IO objective. Each MOE should clearly articulate the 
desired condition (effect) or end state that supports the associated IO objective. For example, for 
an IO objective to “reduce popular support for insurgents,” an MOE could be “level of popular 
support to insurgents." Next, indicators are developed for each MOE. Multiple MOEs should be 
developed and used to determine if the IO objective is being achieved. Indicators for the MOE 
“increased reporting of insurgent activities" could include increased tips-line reporting, increased 
tips to patrols, and increased walk-in tips. MOPs assess task accomplishment. Example MOPs 
include the number of face-to-face interviews conducted, the number of handbills disseminated, 
and the number of radio broadcasts (all observable and measurable activities). 

e Define the measures. Once MOEs, indicators, and MOPs are developed, IO planners establish a 
foundation for comparison and analysis (also known as benchmarking). Benchmarking 
determines the current state of MOEs and supporting indicators. 
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e Collect and analyze data. The next step is to identify sources of data needed to assess the MOEs, 
indicators, and MOPs. Data collection requirements should be kept as simple as possible. When 
possible, standard operations and intelligence reports are used as the means to collect the data. 
Figure 4-1 shows some data collection sources. 

e Provide recommendations. Assessment should yield changes to execution (based on MOPs), 
changes to desired effects (based on MOEs), and changes to resource allocation. 
Recommendations based on the assessment should provide the commander with the bottom line, 
a recommended way ahead, and any issues requiring the commander's involvement. 


Data Collection Sources 


Internal Situation reports, intelligence summaries, current operations data, and other command reports. 


Organic HUMINT, CA, MISO, and PAO reports; significant acts database; subordinate unit assessments. 


External Other government agencies, international organizations, polling and populace surveys, media 
analysis, OSINT. 


Figure 4-1. Sources of data collection 
4-9. As the data is collected, it should be analyzed against the established indicators to establish the 
benchmarks. Follow-on data collection periods and assessments establish changes to the indicators and 


MOEs. The sum of indicators then provides the assessment for each MOE. Figure 4-2 shows an example of 
an assessment graphic. 


MOE 1: Level of Reporting of V 
Insurgent Activity 
e Number of calls to tips line 
reporting insurgent activity 
«10 20 30 40» 


e Commander's assessment of local 
leader support for insurgents 


Support No Support 


e Number of kinetic attacks | 
against local populace 
<5 10 15 20> 
e Number of acts of intimidation 
against local populace a | 


<5 10 15 20> 


Figure 4-2. Example of an assessment graphic 


ADJUSTING 


4-10. The ways that IO planners can adjust the information operation in response to events in the 
information environment are battle drills, the IO working group, and crisis-action teams. In a best-case 
scenario, IO planning accounts for all possibilities and sets conditions for further operations. The 
information environment is never static, and planning for consequence management through battle drills 
and rehearsed crisis-action teams is critical to staying ahead of the adversary’s information cycle. By the 
same token, proactive planning of synchronized IO efforts helps preclude reactive IO responses 
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for example, facilitating more timely and better prepared MISO and PA products and preplanned key- 
leader engagements. 


BATTLE DRILLS 


4-11. Staff battle drills are planning aids designed to speed response to crisis situations that occur during 
the conduct of a mission. For IO, quick responses to the adversary's actions and events in the operational 
area are necessary to beat the adversary in the information environment and ultimately achieve information 
superiority. 


4-12. Battle drills are developed during the planning process; however, they are not complete and final 
COAs. Rather, battle drills are predeveloped concepts that anticipate crises. Once a crisis occurs, the battle 
drill (that is, the COA) can be quickly adjusted to address the realities of the situation at hand. 


4-13. A military operation can be thought of as a series of events, planned and unplanned, that force both 
friendly and enemy forces to react to a changing situation. Some of these events, referred to as critical 
events, are keys to mission success of friendly or enemy forces. Critical events— 


e Can create both intended and unintended effects and may be brought on by friendly, adversary, 
or third-party actions. 


e Can be either negative or positive. The staff can develop drills that react to either type. For 
negative critical events, a battle drill should mitigate the impact of the event on the populace and 
friendly forces. For positive critical events, a battle drill should exploit the event to maximize the 
impact on the populace and adversary forces. 


e Can be triggers or cues for the staff to initiate a battle drill. 


4-14. An IO battle drill is a generic concept of support that addresses a friendly-force IO response to a 
critical event that may occur during execution of the operation. There is no established format for battle 
drills, though it should be recognizable to the staff and mirror existing products. Development of battle 
drills does not follow an established guide, but rather, they are developed to suit specific missions and 
potential branches and sequels of missions. Each battle drill should— 


e Identify critical events. 

e Define information superiority. 
e Develop IO concept of support. 
e Determine tasks and targets. 


The information contained in a battle drill is not a final and complete plan, but rather a concept that must 
be refined to the realities of the situation at hand. Depending on the battle drill, productions of approved 
MISO products (such as radio scripts or other products) may be appropriate. 


Identify Critical Events 


4-15. Planners determine what critical events may result from friendly, adversary, or third-party action. 
During an upcoming operation, planners focus on events that will either occur in or affect the information 
environment and are significant enough to affect the command's mission. The following list provides some 
examples of critical events: 


e Civilian collateral damage. 
Civilian casualties. 
Fratricide incidents. 


Quick-reaction force deployment. 


Adversary or friendly forces violation of law of land warfare (for example, atrocities against 
civilians, mass-grave discovery). 


e Environmental incident (for example, hazardous-material spill). 
e Propaganda directed against friendly forces. 
e  EEFIor any other sensitive or classified information disclosure. 


e 
e 
e  Populace interference with friendly-force operations (for example, civil demonstrations). 
e 
e 
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Define Information Superiority 


4-16. Battle drills are designed to respond to a specific situation. Therefore, the situation must be 
sufficiently defined so the IO planners can adjust the battle drill's concept to compensate for the 
differences between the planned and actual situation. For IO, this means defining information superiority 
for each battle drill. Information superiority is the operational advantage provided to the commander 
through the control and management of information content and flow in the AO. Examples of information 
superiority for mitigation and exploitation battle drills are as follows: 
e A mitigation battle drill: 
a Event. Disclosure of EEFI or classified information. 
= Target. Adversary. 


= Information superiority. Adversary decisionmakers are unable to take advantage of 
sensitive information about the friendly force. 


e Anexploitation battle drill: 
a Event. Destruction of key infrastructure by adversary. 
= Target. Populace. 
= Information superiority. Populace does not support the actions of enemy forces. 


Develop Information Operations Concept of Support 


4-17. The concept of support is a concise and easily understandable word picture describing how IO 
capabilities may be employed and what staff coordination must be conducted to employ the capabilities. 
The concept must be integrated with the overall operation, when applicable. How much information is 
known when the battle drill is created determines the level of detail. The IO concept of support should 
include the following: 

e  Assumptions. Planners list information accepted as true in the absence of facts at the time the 
battle drill is developed. Planners periodically review and update the battle drill by validating the 
assumptions. 

e Information superiority. Planners determine and then describe the operational advantage IO will 
provide. 

e General scheme for IO. Planners use doctrinal concepts and terms to explain how IO will 
achieve information superiority, listing any IO objectives, EIOTs, and who will perform each 
key task at what time. 


Note. Where the tasks are performed is determined once the battle drill is put into action. 


e Priority of support. Planners designate which subordinate unit or element has priority use of IO 
capabilities. 

e Constraints on IO. Planners list prohibited and directed actions that are expected to affect the 
information operation, paying particular attention to information content and flow (for example, 
no jamming in urban areas). 


Determine Tasks and Targets 


4-18. Leaders develop tasks, purpose, methods, and means, and, if appropriate, targets for each 
participating IO capability. A purpose for each task is included to explain each capability's part in the 
operation. If appropriate, general target sets are identified for each tasked element or capability. All 
IO-relevant capabilities—maneuver units and those staff entities that may have important roles in 
responding to the battle drill event—are considered. A purpose for each task is included to maximize asset 
initiative. Supporting elements develop MOP for their assigned tasks. 
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Note. The formal battle drills are developed and coordinated at the SOTF level. The SOTF IO 
planner will use the 7-day mission tracker to ensure they are ready to provide support upon start 
of mission. 


EXAMPLE STAFF BATTLE DRILL 


4-19. There are several different battle drill formats currently in use. Figure 4-3 provides a sample format 
that has worked well in the field. Leaders should modify the format as needed to fit the command's needs 
and situation. Figure 4-4, page 4-7, provides an abbreviated staff battle drill. 


SITUATION: Insurgent forces attack friendly forces, a friendly third-party organization, or an opposing faction 
(for example, a bombing, shooting, or mortar attack). 


ASSUMPTIONS: The insurgent attack does not cause significant friendly causalities. 


LIKELY FRIENDY ACTION: A response force is deployed to secure the site, and find and destroy the 
insurgent force. Security operations are conducted in and around the area of attack. If necessary, force 
protection measures are increased. 


IO CONCEPT: The purpose of this IO is to gain populace support for counterinsurgency activities and identify 
hidden insurgent cells for targeting. IO capabilities provide direct support to the response force. MIS teams 
disseminate print products to the populace near the attack site. Unit leaders, MIS teams, and CA teams engage 
local leaders to gain support for friendly operations. PAO issues a press release to explain the command's 
position and counter misinformation concerning the situation. Restrictions: MISO products must conform to 


and support approved programs. MOE: Increased reporting of insurgent activity by populace. 


Capability Key Tasks Purpose Method 


MISO Disseminate print Identify hidden Handbills and Local populace. 
products and radio insurgent cells. posters. Insurgent fence- 
broadcasts to the sitters. 
populace of villages 
in and around the 
attack site. 


Reduce populace Contact radio. 
support for insurgent 
forces and activities. 


Engage local Gain support for Face-to-face. Civil leaders. 
leaders. counterinsurgency 
activities. 


Figure 4-3. Battle drill format for insurgent-related violence 


INFORMATION OPERATIONS WORKING GROUP 


4-20. An information operations working group (IOWG) consists of staff representatives who meet to 
coordinate and provide recommendations for the planning, execution, and assessment of IO. The IOWG 
also is used to synchronize the contributions of the IO capabilities. Participation in the IOWG is typically a 
mix of staff representatives and subject-matter experts. 


Note. IOWGs are formed at the SOTF and JSOTF levels. 


4-21. The frequency of IOWG meetings depends on the situation and echelon. The working group may 
gather daily, weekly, or monthly depending on the situation, echelon, and time available. The formality of 
the IOWG also varies by echelon. For purposes of organization and focus, even the simplest IOWG should 
have an agenda. The composition of the IOWG is tailored to the agenda. Representatives from every staff 
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need not attend every IOWG. Participants are selected because they either represent a critical element or 
capability or because they have expertise that is critical to the information operation. Typical attendees 
include the following: 


e IO planners. 

MIS representatives. 

EW representatives. 

OPSEC representatives. 

COMCAM representatives. 

CA representatives. 

PA representatives. 

MILDEC representative. 
Representatives from the J-2/G-2/S-2. 
Representatives from the J-3/G-3/S-3, effects cell. 
Special technical operation planners. 
Fire support officer. 

Others, as required. 


Note. Appendix A, pages A-1 through A-6, provides detailed information on IOWG. 


Situation: React to collateral damage resulting from coalition-force action. 
Information Superiority: Preempt adversary propaganda and negative media reporting. 
Immediate (on-site): 
e Notify commander. 
e Document the scene (for example, COMCAM photos). 
e Conduct on-site key-leader engagement to determine facts and conduct initial mitigation. 
Within 2 Hours: 
Notify operational-area owner. 
Notify local-government officials. 


IO coordinates and synchronizes a public statement of the facts for broadcast by local print, radio, 
and TV media. 


Within 24 Hours: 


e Conduct key-leader engagements with local elders using HN partner-unit commanders, coalition 
commanders, and local-government officials. 


e Assess damage for possible CMO projects. 
After 24 Hours: 
e Coordinate for follow-up media coverage and key-leader engagement by operational-area owner. 


e Compensate family (if appropriate) and conduct CMO activities. 


Figure 4-4. Abbreviated staff battle drill 


CRiSIS-ACTION TEAM 


4-22. For significant operational matters, a crisis-action team may be activated. The crisis-action team 
consists of key members of the staff, to include the IO officer. When activated, the crisis-action team plans 
and rehearses the command's reaction to the event, and then issues a fragmentary order. To be a viable 
participant, IO planners should develop response options to support the crisis-action team planning 
process. When possible, IO planners use battle drills as the basis for adjustments to the information 
operation and tasks to the IO capabilities. 


22 March 2013 TC 18-06 4-7 


Page 3000 of 3957 


Page 3001of 3957 


Chapter 4 


REPORTING 


4-23. Significant events and friendly- and adversary-force activity in the information environment should 
be routinely reported to the J-2/G-2/S-2, J-3/G-3/S-3, and, as appropriate, the higher HQ' IO staff. The 
guiding principles for reports are to— 

e Keep the report as simple and as short as possible. 

e Include only that information which feeds a planning, assessment, or reporting requirement. 


4-24. At the JSOTF, it may be useful to develop an IO intelligence summary or IO operation summary. 
Depending on the mission and tempo of the operation, these reports may be daily, weekly, or monthly 
products. The IO situation report is an event-driven report that provides basic information on significant 
activity in the information environment as it occurs. 


INFORMATION OPERATIONS INTELLIGENCE SUMMARY 


4-25. An intelligence summary is provided to subordinate commands, interested staff elements, and higher 
HQ. The primary focus of the report is to capture significant events in the information environment 
(focused on the IO planners’ intelligence requirements) and assess their impact on friendly- and 
adversary-force operations. 


INFORMATION OPERATIONS OPERATION SUMMARY 


4-26. Subordinate units provide operation summary reports on the status of IO in their respective AOs. 
The primary focus of the report is assessment. The report provides recent significant activities, current and 
planned operations, capability status, and assessment of IO objectives, key tasks, and engagements. 


INFORMATION OPERATIONS SITUATION REPORT 


4-27. The purpose of the IO situation report is to provide an update since the last reporting period. An IO 
situation report is event-driven by significant changes to the characteristics of the subinformation 
environments with regard to information content and flow, or modifications to adversary actions that 
address the characteristics. The information in the situation report usually consists of the 5Ws (who, what, 
when, where, and why). Situation reports are rendered as needed. 


4-28. At the SOTF level and below, an IO summary should be produced. The IO summary should include 
significant events in the information environment, focusing on— 


e IO planners’ intelligence requirements and assessments of their impact on friendly- and 
adversary-force operations. 


e Recent significant activities, current and planned operations, capability status, and activities and 
assessment of IO objectives and key tasks. 


e Engagements and significant changes to the characteristics of the subinformation environments 
with regard to information content and flow. 


e Modifications to adversary actions that address the characteristics. 
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Intelligence is the product resulting from the collection, processing, and integration 
of information and knowledge about adversaries and their networks obtained through 
observation, investigation, analysis, or understanding. IO planning and execution rely 
on the existing intelligence capabilities of the command to provide support. IO 
significantly increase the demand for intelligence and require detailed analysis of the 
information environment and the adversary's use of the information environment. 


Intelligence support to IO is not solely an intelligence-community task. The intelligence 
staff is responsible for coordinating and overseeing all command intelligence; however, 
each staff section and element involved in planning and execution has a responsibility 
to assist in this task. Thus, IO planners should work closely with intelligence personnel 
throughout the intelligence cycle to ensure effective intelligence support, but they must 
also conduct their own research and analysis. 


Intelligence support to IO is continuous and requires long lead times. The intelligence 
necessary to affect the perceptions and decisionmaking of adversaries or other 
audiences often requires that specific sources and methods be positioned and 
employed to collect the information and conduct the analyses needed for the 
information operation. The challenge is to get the right information and intelligence 
at the right time. 


As in other intelligence activities, analysts should be careful not to describe or 
portray the adversary's actions in the information environment as a mirror image of 
U.S. IO concepts, doctrine, and TTP. Culturally, the adversary is unlikely to think or 
act as the United States does. 


The key terms used in this chapter are defined below: 


e Information requirement. Information requirements are information elements 
required for planning, executing, and assessing operations. 


e Intelligence requirement. An intelligence requirement is a requirement for the 
intelligence system to fill a gap in the commander's and staff's knowledge or 
understanding of the operational environment or threat. 

e Priority intelligence requirement. The commander designates PIRs. PIRs are 
requirements associated with a decision that affects mission accomplishment. 
Information requirements not designated by the commander as PIRs become 
intelligence requirements. 

e Intelligence estimate. An intelligence estimate is an appraisal of available 
intelligence relating to a specific situation or condition with a view to 
determining the COAs open to the enemy or adversary and the order of 
probability of their adoption. 

e Intelligence preparation of the operational environment. IPOE is an analytical 
methodology employed to reduce uncertainties concerning the enemy, 
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environment, and terrain for all operations. IPOE builds an extensive database 
of potential areas where units may be required to operate. The database is 
analyzed in detail to determine the impact of the enemy, environment, and 
terrain on operations and then presents the analysis in a graphic form. IPOE is a 
continuing process. In joint doctrine, IPOE is referred to as joint intelligence 
preparation of the operational environment. 


INFORMATION OPERATIONS AND THE INTELLIGENCE CYCLE 


5-1. All intelligence for the command and staff, to include that needed for IO, is produced as part of the 
intelligence cycle. By working closely with the J-2/G-2/S-2 during the intelligence cycle, IO planners can 
minimize intelligence gaps and maximize available intelligence and collection assets to develop a 
reasonably accurate understanding of the information environment and a representative and reliable model 
of adversary operations in the information environment. To integrate into the intelligence cycle, IO 
planners— 

e Identify intelligence gaps (IO-specific) concerning the information environment and adversary 
operations in the information environment, develop PIRs, and submit requests for information to 
fill the gaps. 

e Become familiar with available collection assets, capabilities, and support relationships (direct 
support or general support). Planners determine time requirements for each collection asset and 
consider the capabilities and limitations of the assets that will perform the mission. 

e Coordinate with the collection manager to ensure information requirements for IO are considered 
for inclusion as collection tasks. 

e Establish relationships with key intelligence personnel. Planners should not go directly to an 
analyst without awareness or concurrence of J-2/G-2/S-2 leadership. 

e Vet all intelligence products developed from reachback support and other external sources 
through the J-2/G-2/S-2 to avoid disconnected analysis. 

e Provide feedback on the quality of intelligence provided and its usefulness to facilitate 
refinement. 

€ Assess the intelligence support that is provided to improve the working relationship with the 
intelligence staff while providing feedback to the intelligence analyst for improvements. 


INTELLIGENCE “PUSH” AND “PULL” 


5-2. Intelligence is disseminated by either the “push” or “pull” principle. For “push,” IO planners must 
coordinate with the J-2/G-2/S-2 staff to get access to the dissemination means that have IO-pertinent 
products. This is accomplished by working with the intelligence analysts to get IO-specific information 
requirements injected into the collection cycle, nominating PIRs for either the information environment or 
adversary actions in the information environment, and coordinating with higher HQ IO staffs to get routine 
access to their intelligence products. To “pull” intelligence from the J-2/G-2/S-2 staff, IO planners should 
coordinate for access to those assets and systems that have IO-relevant information and intelligence, attend 
J-2/G-2/S-2 staff updates and fusion meetings, and coordinate with troop units and specialized teams 
(SFODAs, MIS teams, CA teams, and so on) to collect and report collateral information that is relevant to 
IO. 


5-3. OSINT is an often overlooked way to get information and intelligence. Much useful information 
about the populace and media is available from public sources. This information often addresses the IO's 
information and intelligence requirements. Like other aspects of planning, IO planners must be prepared to 
conduct their own OSINT gathering. 
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REQUESTS FOR INFORMATION 


5-4. Intelligence production is requirements-driven. Requests for information are used to request specific 
information and intelligence. Fach command has its own requests for information format and procedures; 
however, the following rules should be observed when developing requests for information: 

e Conduct initial research. Units should try to find the information or intelligence on their own, 
using requests for information to get information that is not readily available. Sources already 
checked should be listed so the intelligence analyst does not waste time working with materials 
and products that do not have the requested information. 

e Clearly state the requirement. Units should describe—as specifically as possible—what 
information is needed. Language and terms associated solely with IO should be avoided, as 
should requests for a particular type of intelligence (for example, SIGINT or HUMINT). 
Requests for information should be restricted to one question. 

e Justify the request. Units must articulate why the request is important. For greater priority, units 
may try to tie the requests for information to a PIR. 

e State accurately the latest time the information will be of value. Units should state when 
information will no longer be useful, being truthful about the date. The information that units 
provide affects collection management and assets dedicated for higher-priority missions. 


INTELLIGENCE PREPARATION OF THE 
OPERATIONAL ENVIRONMENT 


5-5. The basis of intelligence support to IO is the IPOE process, a prerequisite to planning any operation. 
The mechanics of analyzing the information environment and adversary operations in the information 
environment are generally the same as those established to support IPOE for other military planning. 
Ideally, the J-2/G-2/S-2 has the lead on conducting IPOE and will include IO considerations in the 
analysis. However, IO planners can expect to assist in the process or conduct portions of the IPOE that are 
specific to IO. In such a case, J-2/G-2/S-2 products should be used as the basis for any IO-oriented 
analysis. 


5-6. Information IPOE differs from traditional IPOE in purpose, focus, and end state. The purpose of 
IPOE is to gain an understanding of the information environment in a specific geographic area and to 
determine how the adversary will operate in that environment. The focus is on analyzing the adversary's 
use of information to gain an advantage. The end state is the identification of adversary vulnerabilities that 
friendly forces can exploit with IO, and adversary capabilities in the information environment against 
which friendly forces must defend. 


5-7. For IO, IPOE results in the production of a graphic visualization product known as the CIO. The 
CIO is a map of the information environment that shows where and how information content and flow will 
affect military operations. 


VISUALIZING THE INFORMATION ENVIRONMENT 


5-8. To employ IO properly, commanders and staffs must grasp the character and impact of the 
information environment in their operational area. To do this, it is necessary to rationally analyze the 
information environment using the IPOE process and the three-dimensional model of the information 
environment (as described in Chapter 1). 


5-9. Every operational area has an information environment with information moving through it. This 
information flow (the information domain) creates tangible, real-world effects by converting real-world 
situations (the physical dimension) into human perceptions that form the basis of individual and 
organizational behavior (the cognitive dimension). 


5-10. Visualization of the information environment begins with the identification of its significant 
characteristics. To do this, planners must examine the operating area and identify the existing and projected 
characteristics that are relevant to the content and flow of information (for example, Step 1 of IPOE). 
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Although there is no single set of characteristics useful for analyzing every information environment, some 
broad characteristics that can serve as starting points are terrain (weather), populace, civilian information 
infrastructure, civilian population, and third-party organizations. Figure 5-1 provides a broad list of 
characteristics of the information environment. 


Significant 
Characteristic 


Terrain 


Civilian 
Information 
Infrastructure 


Civilian 
Population 


Third-Party 
Organizations 
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Those aspects of terrain and geography 
that impact information content and 
flow. 


Key information system links and nodes 
(information conducts) in the operating 
area. 


Radio, TV, print, and Internet, to include 
audiences. 


Demographics, such as distribution, 
language, religion, ethnicity, and 
education. 


Cultural factors, such as societal 
structures, ideologies, perceptions, 
and beliefs. 


Interagency, nongovernmental 
organizations, private volunteer 
organizations, and international 
organizations that can be competing 
influences in the information 
environment. 


Information Requirements 


How does terrain (and weather conditions) 
canalize and compartmentalize information 
content and flow? 


How does terrain (and weather conditions) 
impact information flow? 


What are the key information systems 
(telephone, microwave, Internet, and so 
on)? 


What information content is passed on each 
information system? 


Who (friendly forces, enemy, civilians, other 
organizations) uses each information 
System? 


Who manages and controls the information 
systems? 


What media sources are available (for 
adversary and friendly use) in the AO? 


What information content is reported by 
each media source? 


Who is each media's audience? 


What is the context or bias of the media 
outlets? 


How does the populace communicate? 


What information content does the populace 
need or want? 


What are the populace's biases? 
What is the populace's social organization? 


What are the populace's cultural 
characteristics? 


Who are the interagency, nongovernmental 
organizations, private volunteer 
organizations, and international 
organizations in the AO? 


What are their purpose, goals, and 
objectives? 


What information do these organizations 
project? 


Figure 5-1. Visualization of the information environment 
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5-11. Planners analyze each of the previously identified significant characteristics using the three- 
dimensional model to determine specific impacts on operations in the information environment (that is, 
Step 2 of IPOE). To accomplish this task, each characteristic is considered within the framework of the 
three following dimensions: 


e Physical. Units focus on what information systems in the operational area collect, process, and 
disseminate information. Identification should include the tangible aspects of each significant 
characteristic, such as technical information systems and networks (for example, radio towers, 
fiber-optic networks, and telephone networks) and nontechnical (human) information network 
nodes and links (such as persons with influence, key leaders, and face-to-face communications 
networks). Additionally, analysis should show where those information systems and networks 
are located in the physical environment. 

e Cognitive. Units focus on the values, beliefs, and perceptions of key individuals and 
organizations in the operational area that make decisions, as well as how those decisions are 
formulated. This analysis should show how this human mental programming affects the value of 
specific information to those key individuals and organizations in the operational environment. 


e Information. Units focus on how information flows and the content of that information. Flow 
describes the exchange of information in terms of conduits, form, and speed. Content includes 
the major subjects or topics circulating in the AO. 


THE COMBINED INFORMATION OVERLAY 


5-12. Analysis of the information environment should result in a CIO. The CIO (Figure 5-2, page 5-6) is 
not a static document; it is intended to be a working product that is continually refined as new information 
becomes available. Building a CIO begins with a map of the operational area (ideally the same map used 
by the intelligence and operations staffs). The information environment's significant characteristics are 
combined and plotted on the map to show aggregate effects in relation to the terrain of the operational area. 
This should result in the identification of subinformation environments. 


5-13. Subenvironments are areas in which the information environment's significant characteristics and 
effects notably differ from adjacent areas. Because the composition of the information environment is not 
uniform, there will be distinct subinformation environments in the operating area. Physical features and 
cognitive aspects of the information environment determine subinformation environments. Leaders must 
consider that subinformation environments may transect international borders and unit boundaries. For 
example, subinformation environments may be based on the significant characteristics of ethnicity, media 
presence, and population density. One subenvironment may have a single ethnic group with widespread 
access to media and information, whereas another subinformation environment may have an entirely 
different populace group with limited or no access to outside media. The subenvironments can be further 
analyzed to determine their composition and character. Ideally, analysis will identify those parts of the 
operational area that favor either the friendly or adversary forces’ operations. 


5-14. After subenvironments are identified, key information nodes are selected within each subinformation 
environment. Information nodes are places, persons, or infrastructure that shape information content and 
flow by creating or transmitting information. Identifying key nodes is important because these areas may 
be the most-effective means for inserting messages into the local populace or adversary networks. The 
nodes critically affect information content and flow. Each subinformation environment will likely have one 
or more key information nodes. An information node can be human (for example, key communicators or 
leaders), technological (for example, cellular telephone towers, media outlets, and religious or meeting 
centers), or both. Nodes critical to both are key terrain in that they critically affect information within the 
operational environment and provide an advantage to either adversary or friendly forces. For example, a 
well-known mosque with an influential imam is a possible candidate for a key node because it creates or 
perpetuates information content affecting military operations. 
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5-15. The CIO is a guide, not a rigid template. It typically depicts mission-significant aspects of the 
information environment, subinformation environments, key information nodes, and information flow in 
the operating area. The information included in the graphic should be presented in a concise manner. 
Whatever final form the CIO takes, it must present an operationally-relevant overview of the information 
environment. Every CIO will be unique because every information environment is different. 


leaders key informantion conduits 
|| Media: Procoalition 


' | Autonomous from rest of AOR: 
' cellular phones 


us 'Radió-X 
x Co Ed 


-z Se ^ 


El Ai lis M ' A AE Pöitical Center ^». 
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pega "Radio Y 
Populace: Hostile P J 
Culture: Mosques (key nodes) 
Imams (key communicators) 
Media: Anticoalition 
Information Infrastructure: 


Developing, cellular phones 


Rough Urban Key Ethnic 
Terrain O Areas i Flashpoints 


Figure 5-2. Example combined information overlay 


ADVERSARY OPERATIONS IN THE 
INFORMATION ENVIRONMENT 


5-16. Information and the information environment are not benign and often favor one side over another. 
Opposing forces use the information environment just as they use the physical environments of air, land, 
and sea to place their enemy at a disadvantage and to achieve their objectives. Understanding this, IO 
planners must identify how the adversary views and uses the information environment. 


5-17. The adversary does not use the information environment in the same way or have the same 
constraints and means as U.S. forces. To avoid mirror-imaging the friendly concept of IO upon the 
adversary and to prevent mismatching U.S. capabilities and vulnerabilities, adversary operations in the 
information environment can be viewed in terms of activities to collect, protect, and project information. 
These three functions are universal to any armed force's ability to use information as combat power regardless 
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of its organization, capabilities, and mission. As such, they form the basis of the adversary's capabilities 
(and vulnerabilities) in the information environment. Collect, protect, and project are defined as: 
e Collect. To plan and execute operations, the adversary must collect accurate and timely 
information. 
e Protect. To be successful, the adversary must protect its critical information from collection and 
maintain its means of communication. 
e Project. To further its goals and objectives, the adversary must project the information into the 
information environment to influence the perceptions of its target audiences. 


5-18. Depending on the adversary, the means used can be as simple as direct human observation and open 
sources (collect); couriers and intimidation (protect); and night letters, other printed materials, and graffiti 
(project). Ideally, analysis of how the adversary operates in the information environment is based on 
modeling, or templating. 


TEMPLATING USING CENTER-OF-GRAVITY ANALYSIS 


5-19. Once a clear understanding of the environment is established, IO planners should analyze adversary 
capabilities, requirements, and vulnerabilities in the information environment (Figure 5-3). The purpose of 
performing a COG analysis is to determine and evaluate the adversary's critical vulnerabilities for 
exploitation. Because this tool is used to evaluate the adversary, the appropriate time to perform this 
analysis is during Step 3 (evaluate the threat) of IPOE. The results of the COG analysis are later used 
during COA development to exploit identified vulnerabilities. 
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Figure 5-3. Example center-of-gravity analysis and the use of the CARVER process 
to rank and plot critical vulnerabilities in the information environment 
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5-20. The COG analysis of the adversary should be conducted by the J-2/G-2/S-2. If not, IO planners and 
operational detachments in the field can use a COG analysis to analyze the adversary in the information 
environment by— 


e Identifying potential threat COGs. Visualize the threat as a system of functional components. 
Based upon how the threat organizes, fights, makes decisions, and its physical and psychological 
strengths and weaknesses, select the threat's primary source of moral or physical strength, power, 
and resistance. Depending on the level (strategic, operational, and tactical), COGs may be 
tangible entities or intangible concepts. To test the validity of the COG, the question that needs to 
be asked is: *Will the destruction, neutralization, or substantial weakening of the COG result in 
changing the threat's COA or denying its objectives?" When possible, the J-2/G-2/S-2 identifies 
the COG. If these assets are unavailable, then an independent information environment may need 
to identify the COG. Typically this is the adversary's information position, which is a way of 
describing the quality of information an organization possesses and its ability to use that 
information. 


e Identifying critical capabilities. Each COG is analyzed to determine what primary abilities 
(functions) the threat possesses in the context of the operational area and friendly mission that 
can prevent friendly forces from accomplishing the mission. Critical capabilities are not tangible 
objects; rather, they are threat functions. To test the validity of a critical capability, the questions 
that need to be asked are: “Is the identified critical capability a primary ability in context with the 
given missions of both threat and friendly forces? Is the identified critical capability directly 
related to the COG?" A critical capability is a means that is a crucial enabler for a COG to 
function and, as such, is essential to the accomplishment of the adversary's specified or assumed 
objectives. 


Note. The adversary's critical capabilities are the functions in the information environment— 
collect, protect, and project. 


e identifying critical requirements for each critical capability. Each critical capability is analyzed 
to determine what conditions, resources, or means enable threat functions or mission. To test 
validity of a critical requirement, the questions that need to be asked are: *Will exploitation of 
the critical vulnerability disable the associated critical requirement? Does the friendly force have 
the resources to affect the identified critical vulnerability?" 


Note. Critical requirements usually are tangible elements such as communications means, nodes, 
or key communicators. 


e Identifying critical vulnerabilities for each critical requirement. Each critical capability is 
analyzed to determine which critical requirements (or components thereof) are vulnerable to 
neutralization, interdiction, or attack. As the hierarchy of critical requirements and critical 
vulnerabilities are developed, interrelationships and overlapping between the factors are sought 
to identify critical requirements and critical vulnerabilities that support more than one critical 
capability. When selecting critical vulnerabilities, a critical-vulnerability analysis is conducted to 
pair critical vulnerabilities against friendly capabilities. 


Note. Critical vulnerabilities may be tangible structures or equipment, or intangible perception, 
populace belief, or susceptibility. 


e  Prioritizing critical vulnerabilities. The CARVER is a special operations forces methodology to 
prioritize targets. The methodology can be used to rank-order critical vulnerabilities, thereby 
prioritizing the targeting process. The six criteria are applied against the critical vulnerability to 
determine impact on the threat organization as follows: 

a  Criticality is the estimate of the critical vulnerability importance to the enemy. 
Vulnerability will significantly influence the enemy's ability to conduct or support 
operations. 
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=» Accessibility is the determination of whether the critical vulnerability is accessible to the 
friendly force in time and place. 

=»  Recuperability is the evaluation of how much effort, time, and resources the enemy must 
expend if the critical vulnerability is successfully affected. 

m Vulnerability is the determination of whether the friendly force has the means or capability 
to affect the critical vulnerability. 

m Effect is the determination of the extent of the effect achieved if the critical vulnerability is 
successfully exploited. 

=»  Recognizability is the determination if the critical vulnerability, once selected for 
exploitation, can be identified during the operation by the friendly force, and can be 
assessed for the impact of the exploitation. 


5-21. The result of the analysis should determine the adversary's vulnerabilities that can be attacked by 
friendly-force IO capabilities. Figure 5-3, page 5-7, provides a visual depiction of the relationship between 
critical vulnerabilities. 


5-22. In testing the validity of the COG analysis, leaders should apply the following questions: 

e Will destruction, neutralization, or substantial weakening of the COG result in changing the 
threat's COA or denying its objective? 

e Does the friendly force have the resources and capabilities to accomplish destruction or 
neutralization of the threat COG? If the answer is no, than the threat's identified critical factors 
must be reviewed for other critical vulnerabilities, or planners must reassess how to attack the 
previously identified critical vulnerabilities with additional resources. 


ADVERSARY ACTIVITIES IN THE INFORMATION ENVIRONMENT 


5-23. As part of determining the adversary's COA (Step 4 of IPOE), IO planners should determine how 
the threat employs its assets to operate in the information environment and achieve information superiority 
over U.S. forces. To be valid, this analysis should be developed in concert with, and integrated into, the 
intelligence staff's analysis. 


5-24. To graphically depict an adversary's COA in the information environment, planners start with the 
CIO and then add why (likely information objectives and actions), where (location of primary information 
assets and means), when (a forecast of when the adversary will employ its assets), and how (the 
employment of capabilities) the adversary will seek information superiority. The result is a concept of the 
operation that describes how the adversary will operate in the information environment. In turn, this 
product can be used during mission planning. 


CONSIDERATIONS 


5-25. Intelligence that may be considered less-than-credible or insignificant to a traditional intelligence 
analyst can be key to an IO planner. Some examples include the following: 


e Perceptions. Planners use the target audience's existing perceptions to their advantage. 
Knowledge and understanding of existing perceptions of the population, insurgent groups, and 
HN government and forces can provide IO opportunities to exploit to achieve desired effects or 
counter the adversary's exploitation. Gaps in understanding perceptions can be answered using 
MIS teams, CA teams, and during the conduct of key-leader engagements. Examples of 
perceptions to exploit or counter include— 


=» An insurgent group that believes a mole exists within their organization (exploit). 
= The populace believes that insurgents are forcing U.S. forces out of bases (counter). 


e Rumors. Planners use rumors as a method to achieve an effect. IO planners look for various 
fissures in organizations to exploit and shape perceptions. Examples are— 


a Mistrust or jealousy among individuals. 
= Greed or desire for power. 
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e Sensitive-site exploitation. Soldiers conducting sensitive-site exploitation, should observe the 
location and mentally record information that may not be of immediate tactical value but can be 
used by IO planners to better understand the information environment. Questions that Soldiers 
should ask include— 


= Is there a TV? What channel is it on? 

= Is there a radio? What station is it on? 

x Are there periodicals? If so, what type are they? What language? 

= Are there music compact discs? What type of music? 

» | How much food is in the house? Is it more than necessary to support the family? 
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This appendix provides multiple planning aids for Soldiers conducting IO missions. 
It outlines the duties and responsibilities of the IOWG and provides Soldiers with 
numerous mission analysis tools. 


INFORMATION OPERATIONS WORKING GROUP 


A-1. The IOWG brings together representatives of those staff elements concerned with the information 
operation. It is the most important meeting held by the assistant chief of staff, information operations 
(G-7yinformation operations staff officer (S-7). The unit SOP should address the following for the 
working group: 
e Purpose. The purpose of the IOWG is to synchronize the contributions of all staff elements to 
the work of the IO section. 


e Frequency. The frequency of IOWGs depends on the situation and echelon. The working group 
may gather daily, weekly, or monthly, depending on the situation, echelon, and time available. 
Corps and division HQ may have daily (combat operations) or weekly (stability operations) 
IOWGs. Battalion and brigade HQ normally have fewer working groups than higher echelons. 


e Composition (chair and attendees). The G-7/S-7 determines participation in the IOWG. It is a 
mix of staff-element representatives and subject-matter experts. 


e Inputs and outputs. Attendees must know what information, products, and formats they are 
required to produce and use. 


e Agenda. The formality of the IOWG also varies by echelon. For purposes of organization and 
focus, even the simplest IOWG should have an agenda. 


COMPOSITION 


A-2. The composition of the IOWG is tailored to the agenda. Representatives from every staff section 
need not attend each and every IOWG. Participants are selected because they either represent a critical 
element or capability, or have expertise that is critical to the IO. Core participants are staff members and 
subject-matter experts who regularly attend the IOWG due to their role in IO. Core participants include the 
following: 


e 10 personnel. 

MIS representatives. 

EW representatives. 

OPSEC representatives. 

COCAM representatives. 

CA representatives. 

PA representatives. 

MILDEC representatives. 
Representatives from the J-2/G-2/S-2. 
Representatives from the J-3/G-3/S-3, effects cell. 
Special technical operation planners. 
Fire support officer. 

Others, as required. 
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A-3. There are other staff members who may not attend the IOWG on a regular basis, but whose role is no 
less important. They include the following: 


COMCAM officer in charge. 
G-6/S-6 representative. 

Cultural advisor. 

Chaplain. 

Political advisor. 

Subordinate-unit IO officers. 

Staff Judge Advocate representative. 
Liaison officers. 


DUTIES AND RESPONSIBILITIES 
A-4. Figure A-1 provides the duties and responsibilities of the IO working group members. 


Chair and facilitate working group. 
Establish and enforce agenda. 
Encourage active participation. 


Serve as subject-matter expert for their staff function or unit. 
Provide input on capability status. 
* Provide input on current and future tasks and activities. 


. * Provide intelligence relevant to IO. 
G-2/S-2 Representatives . . . 
* Answer working group requests for information. 


IO Capability 
Representatives 


G-3/S-3 Representatives * Provide input on current and future operations. 


Subordinate Unit IO. * Serve as subject-matter expert for their unit. 
Representatives/Liaison 


Officers * Provide input on current and future missions, priorities, and tasks. 


Recorder * Record, write, and disseminate minutes of working group. 


Other Participants * Serve as subject-matter expert for their staff function or area of expertise. 
* Actively participate in the working group. 


Figure A-1. Information operations working group duties and responsibilities 


PREPARATION 


A-5. Preparation is critical to a successful IOWG. A successful working group requires a collective effort 
from the IO section. For example, someone sets and prepares the agenda, another person notifies 
participants and ensures each is prepared to provide meaningful input to the working group, and another 
person prepares the IOWG presentation. Preparation tasks for the IWOG include the following: 


e Set agenda. 
e Notify participants: 
= Verify time and place of IOWG. 
= Identify additional participants. 
Review status of due-outs and contact those participants with due-outs. 
Coordinate with participants who have formal input. 
Publish a read-ahead packet: 
= If possible, provide IOWG materials to participants prior to the meeting. 
=» Ensure participants provide input to IOWG presentation prior to the meeting. 
e Assign a recorder to take minutes for the working group. 
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A-6. There are certain basics of meeting management that—if applied to the IOWG—can increase its 
effectiveness. Some basic suggestions include the following: 


e Meet at established times and places. 

Keep meetings short—1 hour is a good rule of thumb. 

Have an agenda and follow it. 

Tailor working group membership to those people who are truly needed. 

Encourage participation by members; working groups are not one-way conversations. 


Complete detailed work and coordinate actions before the IOWG. Discuss actions and issues that 
are relevant to the working group. 


e Identify and work critical issues. Identify and work side issues after the working group. 


e Follow through on actions and due-outs. Record and track the results of the working group and 
publish minutes. 


e Insist on timely delivery of due-outs and products. 
Invite subordinate and higher-command representatives. 
Give feedback to working-group members. 


AGENDA 
A-7. IOWG agendas vary by mission, situation, and echelon. A typical IOWG agenda includes the 
following: 
e Roll call. 
e  Due-outs from previous IOWG. 
e Intelligence update. 
e Assessment update. 
e Operations update. 
e Discussion and issues. 
e Review of due-outs. 


e Conclusion. 


A-8. Some IOWGs are organized along the lines of a targeting meeting, whereas others are similar to an 
operations meeting. Regardless of what agenda the IOWG takes, the purpose remains the same—to 
synchronize IO's contributing capabilities. 


Due-Outs from Previous Working Group 


A-9. Due-outs address unanswered questions or issues from the previous IOWG. Previous due-outs not 
answered during the IOWG should be carried over to the next IOWG for resolution. Typically, a due-out 
identifies the issue or question requiring resolution, and the person or element responsible for answering 
the due-out. 


Intelligence Update 


A-10. The purpose of the intelligence update is to answer current G-7 intelligence requirements. As such, it 
focuses on the information environment, the adversary's actions in the information environment, and the 
impact of those actions on friendly operations. Intelligence updates for IO should not be a regurgitation of 
other conventional intelligence updates. One way to structure the intelligence update is to capture 
significant events in the information environment and organize them by the G-7's intelligence 
requirements. Figure A-2, page A-4, provides a sample intelligence update format. 


Assessment Update 


A-11. The purpose of the assessment update is to assess the impact and effectiveness of current IO. Its 
focus is on analyzing and presenting information and intelligence from unit operations and intelligence 
reports, as well as input from the IOWG members. Figure A-3, page A-4, provides a sample of how the 
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assessment update can be depicted. Each operational area has a pie chart that represents the status of the 
current IO objectives (in this example there are five IO objectives). 


E11 Intelligence Requirement #1: 
Anticoalition propaganda 
(Night letters) 


ME Intelligence Requirement #2: 


Violent demonstration 


(3) Intelligence Requirement £4: 
Successful collection of 
information against coalition 
forces 


e Intelligence Requirement #7: 
Media disinformation 
(Antigovernment) 


Figure A-2. Sample intelligence update format 


IO Objectives 
1. Deny... 
2. Disrupt... 
3. Exploit... 
4. Deny... 
5. Disrupt... 


AO Assessment 


Figure A-3. Sample assessment update format 


OPERATIONS UPDATE 


A-12. The purpose of the operations update is to synchronize the IO objectives with element/capability 
tasks and targets for current and future (mid-range) IO. The focus is on gaining or maintaining information 
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superiority. One way to structure the operations update is to use graphics that show time, location, and 
purpose for key IO tasks for each major operation. Figure A-4 provides a sample format. 


Operation MAGENTA Future Operations 


Current Operations 


Operation CYAII 
e Air Force EW mission 


e MISO product distribution €) 
e Target 2301 (©) 


Operation RAIII 
e EW support (4) 
Unplanned Events 
e Car bombing [B] 
e United Nations announcement (A) 


Figure A-4. Sample operations update format 


Discussion and Issues 


A-13. The purpose of the discussing issues or special topics is to support the G-7/S-7 decisionmaking and 
to synchronize the current and future activities of IO supporting capabilities. Discussion topics are selected by 
the G-7/S-7. Working-group participants have the opportunity (and responsibility) to discuss the topics from 
the perspective of their staff function or area of expertise. This discussion can be facilitated or focused by the 
use of an operations calendar (Figure A-5, page A-6) containing critical events and planned operations. 


Review of Due-Outs 


A-14. The purpose of reviewing due-outs is to ensure the working group participants understand and 
acknowledge their due-outs and responsibilities for the next meeting. Prior to final questions and 
comments, the G-7/S-7 reviews new due-outs identified during the working group as well as any open due- 
outs from the previous working groups. Each due-out should identify the issue or question requiring 
resolution, and the person or element responsible for answering the due-out. 


Conclusion 


A-15. The G-7/S-7 briefly discusses what the meeting accomplished and what working-group objectives were 
met. If necessary, side conversations, meetings, and other subworking groups are identified and scheduled. 
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Current Operations 


JUNE JULY AUGUST 
Rotation of Forces 


Operation COBRA Operation VIPER 
Operation MAGENTA 


Figure A-5. Sample operations calendar 


INFORMATION OPERATIONS PLANNING AIDS 


A-16. Figure A-6 is an IO planning aid depicting the relationship between the military decisionmaking 
process and IO. Figure A-7, page A-7, depicts the relationship between IPOE and IO. 


Military Decisionmaking Information Operations 
Process Step Focus 


e Conduct initial assessment of information operation. 


Receipt of Mission f . : 
e Determine IO planning requirements. 


e Understand IO situation. 

e Analyze the higher HQ IO. 

Mission Analysis e Define and analyze the information environment and threat. 
e Develop IO mission statement and objectives. 

e Seek commanders IO guidance. 


e Identify friendly IO capabilities and vulnerabilities. 


COA Development 
e Develop IO concept of support. 


e Visualize operations in the environment. 


COA Analysis e War-game IO concept of support against how the enemy will 
employ its information systems and assets. 

COA Comparison e Analyze and evaluate IO support to each COA. 

COA Approval e Finalize details of the information operation. 


e Prepare IO annex and input to base operation 


Orders Production order/operation plan. 


Figure A-6. Information operations planning aid 


A-17. The purpose of performing a COG analysis (Figure A-8, page A-7) is to determine and evaluate the 
adversary's critical vulnerabilities for exploitation. Because this tool is used to evaluate the adversary, the 
appropriate time to perform this analysis is during Step 3 (evaluate the threat) of IPOE. 
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A-18. In testing the validity of the COG analysis, leaders should apply the following questions: 


Will destruction, neutralization, or substantial weakening of the COG result in changing the 
threat's COA or denying its objective? 

Does the friendly force have the resources and capability to accomplish destruction or 
neutralization of the threat COG? If the answer is no, then the threat's identified critical factors 
must be reviewed for other critical vulnerabilities, or planners must reassess how to attack the 
previously identified critical vulnerabilities with additional resources. 


Intelligence Preparation 


of the Operational Environment 


Information Operations 


Steps Focus Analysis Product 


Define the operational 
environment. 


Define the information environment. | Combined information overlay— 


significant characteristics of the 


Describe the operational 
environment's effects. 


information environment and 


Describe the information ! 
effects on operations. 


environment's effects. 


Evaluate the threat. 


Threat COG analysis—critical 
vulnerabilities. 


Evaluate the threats’ information ° 
system. 


e Threat templates—who makes 
decisions; what nodes, links, 
and systems the threat uses; 
how information assets are 
employed. 


Determine threat COAs. 


Determine threat actions in the 
information environment. 


Information situation template— 
when, where, and why the threat 
Will seek to gain information 
superiority. 


CC = Critical Capabilities 
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Figure A-8. Sample center-of-gravity analysis 
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A-19. Figure A-9, page A-9, is a sample combined information overlay. Figure A-10, page A-9, depicts a 
sample IO mission-to-task product chart. Figure A-11, page A-10, depicts a sample IO mission and tasks 
(tactical level). Figure A-12, page A-10, depicts a sample COA sketch. 


A-20. In addition to doctrinal effects, IO have a number of nondoctrinal effects, to include the following: 


e Destroy. This renders a target so damaged that it cannot function as intended nor be restored to a 
usable condition without being rebuilt. 


e  Degrade. This reduces the effectiveness or efficiency of adversary information systems, assets, 
or functions. 


e Disrupt. This temporarily interrupts the flow of information. 


Deceive. This misleads or manipulates adversary understanding of friendly forces' activities, 
capabilities, vulnerabilities, and intentions. 

e Influence. This affects an adversary or others perceptions, attitudes, and behavior to support 
friendly-force objectives. 


e Preserve (nondoctrinal) 'This maintains the effectiveness or efficiency of friendly-force 
information systems, assets, or functions (related to doctrinal effect protect). 

e Deny. This hinders or prevents an adversary and others from gaining access to, collecting, or 
using information concerning friendly forces. 


A-2 


[mn 


. Possible IO tasks include the following: 
Control. 
Counter. 
Counter-reconnaissance. 
Defeat. 
Delay. 
Demonstrate. 
Destroy. 
Deter. 
Engage. 

Fix. 

Inform. 
Interdict. 
Isolate. 

Jam. 
Neutralize. 
Persuade. 
Prevent. 
Protect. 
Secure. 
Suppress. 


Note. Italicized tasks are proposed IO tactical tasks. 
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Combined Information Overlay 


Significant characteristics 
of each information subenvironment 


Information Subenvironment A: Northern Plains External information flow and 
influence from neighboring country 
Populace: Group X Majority (80 percent) 


Information flow: Primary info source is outside country 
Information infrastructure: Underdeveloped and dilapidated 
Support: Largely antigovernment regime 

Favors friendly-force operations 


Populace: Sparsely populated by Group Y 
Information flow: Information vacuum 


Information infrastructure: Canalized along ground 
lines of communication 


Support: Ambivalent toward government regime 
No significant impact on friendly-force operations 


Information Subenvironment C: Southern Plains 


Populace: Densely populated by Group Y (95 percent) 
Information flow: Follows ground lines of communication 


Information infrastructure: Well-developed information 
infrastructure; supports military C2; key nodes in cities 


Support: Strong support for current government regime Graphic portrayal 
Favors enemy operations of information environment 


Civilian information infrastructure must be interdicted to reduce threat advantage 


Coaxial Cable —————— Roads O Key Nodes —————— Information Flow 


Figure A-9. Sample combined information overlay 


Mission Tasks Products 
IO Mission Statement How IO will support the command's mission (who, what, where, when, why). 
IO Objectives (3 to 5 What IO will do to affect the information environment (effect, object of the 
Objectives per Phase) effect [target], purpose of the effect). 


What actions the elements will perform to execute the information 
operations (task, purpose). 


Tasks to Units Task, purpose. 


Tasks to IO Elements 


How the information operation will be conducted (commander's intent for IO, 


IO Contept of Súpport information superiority for the operation, general plan for IO, priority). 


Figure A-10. Mission-to-task products 
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IO Mission: On order, the friendly force disrupts the enemy ground and air defense forces' C2, influences 
civilian populace perceptions, and protects Corps' critical information in the AO to facilitate destruction of 1st 
Operational Strategic Command forces. 


IO Objectives: 


e Disrupt the enemy force's air defense C2 to prevent coordinated engagement of the friendly force's 
deep attacks. 


e Disrupt operational reserve command posts and communication networks to delay employment of 
reinforcing or counterattack forces. 


e Influence civilian populace in occupied areas to minimize interference with the friendly force's operations. 


e Deny detection and identification of the friendly force's main and tactical command posts to prevent 
targeting by the enemy force's artillery fires. 


Figure A-11. Sample information operations mission and tasks (tactical level) 


IO Concept of Support: Objectives and Tasks 
Map of AO with locations ü (for! Mis ERA) 


of IO tasks J . 
Information Superiority: 1st Operational Support Command 
unable to conduct synchronized reaction to the coalition main 
attack. 


IO Objectives: 
* Destroy enemy force C2, and neutralize C2 between 
battle zone and reserve forces. 
* Influence populace IO tasks; minimize interference with 
coalition operations 


lO Element Tasks: 
Friendly Forces: 
1. Destroy Corps and division command posts. 
2. Destroy forward observers and reconnaissance in 
zone 


EW: 
3. Jam Corps/Division command posts. 


MISO: 

4. Inform populace of coalition intentions, location of 
humanitarian assistance, and dislocated civilians 
routes and camps 

5. Employ military information teams in direct support of 
maneuver units 

CA: 

6. Distribute humanitarian assistance to dislocated 

civilians camps. 
PA: 

7. Publicize coalition role in humanitarian assistance 

support 


Time Line Phase I 


Timeline (by phase) of IO task execution 


Figure A-12. Sample course-of-action sketch 
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MISSION ANALYSIS AND INFORMATION OPERATIONS 


A-22. As part of the planning process, the IO staff must conduct its own mission analysis. Figure A-13 
depicts the relationship between IO and mission analysis. 


Military Decisionmaking Information Operations 
Process Step Focus 
Analyze Higher HQ Order Analyze the higher HQ IO. 
Perform IPOE Define information environment and determine threat COAs. 
1. Determine Tasks Determine what the IO must do. 
2. Review Available Assets | Determine organic and support IO capabilities. 
3. Determine Constraints Determine constraints on information content and flow. 
4. Identify Facts and Identify facts and assumptions relevant to information content, flow, and 
Assumptions use. 
= DE Input hazards resulting from IO tasks. 
6. ils Slang Determine EEFI. 


Determine Intelligence, 
Surveillance, and Input information requirements for IO. 
Reconnaissance Plan 


Update Timeline Input lead time for IO tasks. 
Write Restated Mission Write IO mission statement (if used). 
G Delve! Mişsion-Analysiş Input to mission-analysis briefing. 
Briefing 
Approve Restated Mission Approve IO mission statement (if used). 
Develop Commander's Intent Input to commander's intent. 
Issue Commander's Guidance Issue guidance for IO. 
Issue Warning Order Input for IO. 


Review Facts and Assumptions Address changes to IO planning factors. 


Figure A-13. Mission analysis and information operations 


A-23. Figure A-14, page A-12, provides a sample mission-analysis work sheet. The mission-analysis work 
sheet— 


e Provides a tool to conduct mission analysis. 
e Focuses on the minimum information needed for a plan. 
e Follows the sequence of the mission-analysis briefing format, not the steps of mission analysis. 


A-24. Identify specified and implied tasks to IO; not tasks to the capabilities. Tasks to the capabilities may 
be a constraint because they allocate resources away from the IO. Specified tasks are tasks specifically 
assigned to a unit by its higher HQ. Implied tasks are tasks that must be performed to accomplish a 
specified task or the mission, but are not stated in the higher HQ order. 


A-25. IO tasks ignore staff coordination, administrative, and SOP tasks (for example, conducting a weekly 
IOWG, or submitting daily reports). Leaders organize identified specified and implied tasks to improve 
clarity. Tasks may be divided into two categories— 


e Tasks to shape the information environment and to engage enemy forces. 
e Tasks associated with information flow and information content. 


A-26. Essential tasks are specified or implied tasks that must be executed to accomplish the mission. 
Leaders select three to five essential tasks, which are approved by the commander during the mission- 
analysis briefing. 
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Facts: Situation remains that the enemy will continue to use improvised explosive devices, small-unit 
attacks, and ambushes to attempt to gain strength for its cause. Friendly forces will continue to find and 
engage the enemy to eliminate improvised explosive devices. Current strength remains at 90 percent. 
Troops in the area of operations remain on the offensive and material readiness remains at 90 percent. 


Assumptions: Attacks will continue to increase as the weather continues to improve, allowing for more 
insurgents and better leadership. This has been the pattern over the last several years and by all 
indications will continue. 


Tasks: 


a. Specified: Detachments within the area of operations will continue to hunt for suspected insurgents 
and find, fix, capture, or eliminate as situation dictates. Additionally, detachments will continue to provide 
support to coalition forces and provide humanitarian support to the host nation. 


b. Implied: Continue offensive operations against insurgents. Continue to provide operational support to 
coalition forces and provide humanitarian support and security for the host nation. 


c. Essential: Provide for security and protect essential elements of friendly information. Provide training 
support to host-nation and coalition forces and conduct offensive operations to deter and eliminate 
insurgent activities in concert with collation partners. 


Constraints: Close air support is authorized in rural areas. The use of close air support in urban areas 
must be approved by regional commander. Cultural support team will interrogate women and children 
only and detachments will provide security, as applicable. 


Available Assets: All organic detachment equipment will be used, to include combat controllers, 
interpreters, Civil Affairs teams, Military Information Support teams, provincial reconstruction teams, and 
coalition support. Current rules of engagement remain in effect. Avoid using themes that will denigrate 
host-nation forces, such as cultural and religious themes. All releases to the media must first be 
approved by the public affairs office. 


Risk Assessment: Improvised explosive devices will remain a constant threat. Weather conditions will 
hamper aviation and air support. 


CCIR: In order to maintain the offensive, the commander needs to know current situational status and 
personnel status for both U.S. and coalition forces. 


a. PIR: Commander needs a clear and concise understanding of the enemy strengths and 
weaknesses; the disposition of forces and key leaders. 


b. FFIR: Commanders need a clear and concise understanding of coalition and friendly forces within 
the area of operations—specifically, which units are available to support detachments if needed, to 
include other ongoing operations within the detachment area of operations. 


EEFI: Protection of intelligence requirements. Mission of higher and friendly forces within the area of 
operations, infiltration and exfiltration routes, unit strength, and communications must be protected. 


Figure A-14. Example of a mission-analysis work sheet 


REVIEW AVAILABLE ASSETS 


A-27.Leaders examine available assets to determine IO capabilities and limitations, considering both 
organic and supporting assets based on current task-organization, support relationships, and status of units. 
Assets are compared to specified, implied, and essential tasks to determine if there are enough assets to 
accomplish all tasks. It may be useful to translate assets into IO capabilities (effects and targets). 
Figure A-15, page A-13, provides a sample matrix to help in this comparison. 
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Organization 


Tactical 
Psychological 
Operations 
Company 


1 x Product 
Development 
Detachment 


9 x Tactical 


Supported 


Essential 
Task 


Organic Assets 


Face-to-face 
Loudspeaker 
Handbills 


Influence 
Inform 
Deceive 
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Local populace 


Psychological Posters 


Operations Radio 
Teams Television 


Military 3 x Prophet Electronic 
Intelligence attack 
Company 


Enemy 
communication 


Local civilian 
leaders 


Local populace 


Civil Affairs Face-to-face Influence 


Battalion 


12 x Tactical 
Support 
Teams 


Humanitarian Inform 


assistance 


Medical 
assistance 


Co-opt 


Reconstruction 
projects 


7 


Supporting Assets 


Division-level 
communications 


Corps-level 
communications 


Electronic Disrupt 


attack Degrade 
Electronic Destroy 


support 
PP Inform 


Influence 


Figure A-15. Example of an information operations asset/capability matrix 


DETERMINE CONSTRAINTS 


A-28. Constraints are restrictions on the use and employment of IO. The two types of constraints are 
prohibited actions (cannot do) and directed actions (must do; that is, resources and assets are required to do 
something). Constraints affect the use of IO capabilities and may be found in base orders, annexes, and 
appendixes. Constraints may be organized by affect on information content and flow (Figure 3-4, 
page 3-6). 


FACTS AND ASSUMPTIONS 


A-29. Facts and assumptions establish an understanding of the situation. Facts are known data concerning 
the situation. Assumptions are accepted as true in absence of facts. Leaders focus on facts and assumptions 
that concern assigned tasks. Figure A-16, page A-14 provides a sample fact and assumption analysis. Facts 
and assumptions may be organized as follows: 


e Information environment (content and flow). 
e Adversary capabilities and vulnerabilities in the information environment. 
e Friendly capabilities and vulnerabilities in the information environment. 
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Local populace is illiterate. (Fact) 
: : Radio primary means to reach populace. (Fact) 
Information Environment . ; 
Populace is pro-United States. (Fact) 


Local leaders can control populace behavior. (Assumption) 


SIGINT is limited to short-range very high frequency radio. (Fact) 


Adversary Forces Use satellite and cell phones for C2. (Fact) 


Will direct adversary information against U.S. forces. (Assumption) 


Friendly forces can jam the enemy's C2. (Fact) 


Friendly Forces : : ' : 
Friendly forces can use local radio stations. (Assumption) 


Figure A-16. Example of a fact and assumption analysis 


RISK ASSESSMENT 


A-30. Leaders identify and assess risks in the information environment arising from the essential tasks for 
IO. Risk assessment has five steps: 
e Identify hazards (accomplished during mission analysis). 
Assess hazards (accomplished during mission analysis). 
Develop controls. 
Determine residual risk. 


e Implement controls. 


A-31. IO planners identify two kinds of hazards (risks). Tactical risk is concerned with hazards that exist 
because of the presence of the enemy or adversary. Accidental risk includes risks to friendly forces, to 
civilians, and the operation's impact on the environment. 


INPUT TO COMMANDER'S CRITICAL INFORMATION REQUIREMENT 


A-32. The CCIR identifies the information needed for direct execution of the mission. There are two types 
of CCIRs—PIRs and FFIRs: 

e  PIRs are information the commander must know about the enemy. For IO, PIRs focus on 
conditions in the information environment and threat actions to affect the information 
environment. 

e FFIRs are information the commander must know about the friendly force. For IO, FFIRs focus 
on the friendly force's capability to shape information content and flow. 


ESSENTIAL ELEMENTS OF INFORMATION 


A-33. EEFI is information that must be protected from the adversary's intelligence system. Sources of 
information for developing EEFI are commander's guidance, facts, assumptions, and essential-task lists, 
and the intelligence estimate (information about adversary intelligence capabilities and requirements). 
EEFIs are written as statements, not questions; otherwise, EEFI may be confused with PIRs. Figure A-17, 
page A-15, provides an example. 
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What information systems is the adversary using for C2? 
What means is the enemy using to disseminate propaganda? 


Is adversary information turning popular opinion against operations? 


Media coverage of alleged friendly force's misconduct. 
Civilian casualties caused by friendly-force operations. 


Friendly force's means of intelligence collection. 


Tribal leaders who are assisting friendly forces. 


Figure A-17. Example of a commander's critical information requirement 
and essential elements of information for information operations 


MISSION-ANAL YSIS BRIEFING 


A-34. The IO portion of the briefing is included either in the G-3 and G-2 planners’ presentations or, when 
appropriate, developed as separate slides. IO input typically includes the following: 


e Mission. Commander's intent for IO of HQ two levels up and own commander’s IO guidance. 
IPOE. CIO and enemy COAs in the information environment. 

Facts and assumptions. Critical facts and assumptions for IO. 

Tasks. Specified, implied, and essential tasks for IO. 

Constraints. Restrictions on the use and employment of IO. 

Forces available. Organic and supporting IO-capable assets and their capabilities and limitations. 
Risk assessment. Risks in the information environment. 

CCIR. Input to PIR, FFIR, and EEFI. 

Timeline. Input to the time allocation plan for accomplishment of IO essential tasks. 

Restated mission. IO mission statement (if used). 


INFORMATION ENVIRONMENT CONSTRUCT 


A-35. Figure A-18 depicts the different dimensions of the information environment and their key characters. 


Information Environment Dimensions | Key Characteristics 
Cognitive e Beliefs 
e Individual and collective consciousness e Values 
e Where decision are made e Perceptions 


e Awareness 


e  Decisionmaking 


Information e Information content 
e Intersection of physical and cognitive dimension e Information flow 
e Where information is created and exists e Information functions—collect, project, protect 
Physical e Technological information systems, Internet, 


e The physical world—land, sea, air, and space media 


e Where information systems and networks reside e Human—societal organization, military 
formations, third-party organizations 


Figure A-18. Information environment 
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DEFINE INFORMATION ENVIRONMENT 
A-36.Leaders define the information environment by examining the AO to identify the following 
significant characteristics of the cognitive, information and physical dimensions: 
e Terrain. Canalization and compartmentalization. 
e Civilian information infrastructure. Key links and nodes. 
e Media. Radio, TV, print, and Internet, including audiences. 
e Civilian population: 
=» Demographics, such as distribution, language, religion, ethnicity, and education. 
m Cultural factors, such as societal structures, ideologies, perceptions, and beliefs. 
e Third-party organizations. Nongovernmental organizations, private organizations, criminal 
organizations. 


A-37. The information environment variances by level of war are depicted in Figure A-19. 


e Terrain and weather. 
Physical e Local information systems. 
e Face-to-face contact. 
Tactical - : 
- f e Line-of-sight flow. 
nformation : : 
e Content addresses immediate needs. 
e Immediate perceptions and behavior. 
Physical e Regional information systems. 


o 3 i i e Over-the-horizon flow. 
nformation 
perationa e Content addresses higher-level issues and concepts. 


e Near-term group perceptions and behavior. 
Physical e Mass, long-distance information systems. 


S : inf ü e Global flow. 
nformation 
trategic e Content addresses abstract ideas, ideologies, and philosophies. 
e Long-term perceptions and beliefs. 


Figure A-19. Information environment variances by level of war 


DESCRIBE THE INFORMATION ENVIRONMENT'S EFFECTS 


A-38. Leaders analyze each significant information environment characteristic in detail and plot the data in 
a template (such as the sample provided in Figure A-20, page A-17). 
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Populace 


Information Infrastructure 
Coaxial Cable - Secure 
communications, but network 
coverage is limited... 


Roads - Used for couriers; 
relatively well developed but... 


Cellular - Only reliable telephone 
system; complete... 


Satellite - Exclusive use by 
government officials, only... 


Infrastructure parallels 

roads between major 

cities. Rural areas lack 
connectivity I Roads sie Church Q Satellite 


Figure A-20. Sample information environment effects matrix 


DESCRIBE SUBINFORMATION ENVIRONMENT AND KEY NODES 


A-39. By identifying and acting on key nodes, a military force can affect the information environment. 
Subinformation environments are areas in which the information environment's characteristics and effects 
are notably different from those of adjacent areas. Subinformation environments— 


€ Are determined by physical features and cognitive aspects of the information environment. 
€ Are formed by interactions of physical and cognitive dimensions. 
e Determine an advantage to the friendly or adversary force. 


A-40. Information nodes are key terrain in the information environment. Information nodes are places, 
persons, or infrastructures that shape information content and flow by creating or transmitting information. 
Information nodes— 


e Exist in each subinformation environment. 

Can be human, technological, or both. 

Are located at the center of information content and flow. 
Critically affect information flow and content. 

Provide an advantage to one side or the other. 


COMBINED INFORMATION OVERLAY 


A-41. The CIO is a graphic depiction of where and how the information environment's effects will impact 
military operations. Figure A-21, page A-18, provides a template for a CIO. Figure A-22, page A-19, 
provides a sample CIO. The CIO— 


e Depicts subinformation environments and key nodes. 
e Describes information flow in the operating area. 
e Includes a “so what" analysis. 
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Graphic of Information Environment 
* Subinformation environment 
* Key information nodes 
* Information flow 


Subinformation Environment Description 
* Significant characteristics 
* Information flow 
* Impact on military operations 


jet EN 
" 
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Figure A-21. Combined information operations overlay template 


EVALUATE THE THREAT—CENTERS OF GRAVITY 


A-42. The purpose of performing a threat COG analysis is to determine and evaluate the enemy's (and 
others’) critical vulnerabilities for exploitation. Because this tool is used to evaluate the threat, the 
appropriate time to perform this analysis is during step 3 (evaluate the threat) of IPOE. The results of COG 
analysis are later used during COA development to exploit identified vulnerabilities. Chapter 5, Templating 
Using Center-of-Gravity Analysis, page 5-7, provides additional information. 


A-43. The COG analysis of the threat should be conducted by the G-2. The IO staff will provide input to 
the COG analysis and use it to determine what aspects of the threat IO should engage. Figure A-23, page 
A-20, provides a graphical depiction of where the COG analysis falls into the military decisionmaking 
process. 


EVALUATE THE THREAT—TEMPLATING 


A-44.More formal modeling produces templates that portray the normal or doctrinal (historical) 
composition and organization of the adversary's information system and its assets. The result should 
identify adversary capabilities and vulnerabilities under ideal conditions in the information environment. 
Templates will vary widely by operation—the examples provided are illustrative only. 


Decisionmaking Template 


A-45. The decisionmaking template identifies who makes decisions. Its purpose is to identify key leaders, 
organizational structures, linkages and interrelationships, key decisionmakers, and decisionmaking 
characteristics. Figure A-24, page A-20, provides a sample decisionmaking template. 
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Information Infrastructure Template 


A-46. The information infrastructure template identifies what assets and means the adversary uses to 
collect, protect, and project information. The template identifies critical adversary information system 
nodes, links, and systems (to include those assets capable of impacting the information environment). 
Figure A-25, page A-21, provides a sample information infrastructure template. 


Information Tactics Template 


A-47. The information tactics template identifies how the adversary will collect, protect, and project 
information. It identifies adversary tactics, past use of information, and available assets. Figure A-26, page 
A-21, provides a sample information tactics template. 


Significant characteristics of 
each subinformation environment 


Information Infrastructure: Cell phones 
Media: Anticoalition 

Populace: Hostile, Serb culture 

3rd Parties: Serb church 


er aX s Rug : Dominated by Serbian propaganda 
| Information Infrastructure: Cell phones f ^ radi ey aus 
Media: Progovernment Serb radio AAA en I" v^ c7 [VS "ON I ^ 
Populace: Mixed Serb and Albanian AI Va : à Fi 
3rd Parties: United Nations Relief 
Organiztions and International Relief 
Organizations 
Conflicting information 


44 ital T! TW EPIS n Aut. 
io T. a f 
Province Government 


"d. 
x > NN * ` ' 
Information Infrastructure: Dilapidated, rumor Coalition forces must interdict flow of Serb 
mill propaganda and fill vacuum in Albanian 
Media: Pristina TV areas. Focus of information content is the 
Populace: Friendly, Serb culture flashpoints. 
3rd Parties: Serb church 


Information vacuum 


Graphic portrayal of information environment 


Figure A-22. Example of a combined information operation 
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Military Decisionmaking Intelligence Preparation of the 
Process Steps Operational Environment 


Receipt of Mission Step 3, COG analysis: 


* |dentify threat COGs, 
Mission Analysis critical capabilities, and critical 
requirements. 
* Identify critical vulnerabilities. 
COA Development 


Step 1, Analyze relative combat 
power: 
* Prioritize critical vulnerabilities 
(CARVER analysis). 


-—— 
ail ~ 


/^' Media Cell 


Mortar Cell Kidnap Cell 


IED = Improvised explosive device 


Figure A-24. Decisionmaking template 
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Internet, F2F Council 


Interdiction of courier and 
satellite networks are key 


Subcommander to degrading operations. 


Cell Phone Cell Phone Cell Phone 


CDR = Commander F2F= Face to face IED = Improvised explosive device 


Figure A-25. Information infrastructure template 


Protect 
Information is protected by 
compartmenting information flow. 


: 


\ 
\ 4 Day 1 Day 


SS 
Subcommander 


ae 


~ 
1D 
Collect ? Hours x y 


Cells collect information Yy x 


for own operations. Local Local 
Media Leaders 


A Media 
Cell 

5 Days 

Media 


Figure A-26. Information tactics template 
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DETERMINE THREAT ACTIVITIES IN THE INFORMATION ENVIRONMENT 


A-48. The information situation template identifies where, when, and why the adversary will seek 
information superiority. The result is a concept of operations that describes how the adversary will operate 
in the information environment. Figure A-27 provides a sample information situation template. 


Information Site Map — Phase III 


Information Site Map — Phase II 


Information Site Map — Phase I 


Public Information: 
Task: Highlight collateral damage 
Purpose: Discredit coalition mission 
Method: International media, local 
TV and radio 


Propaganda: 
Task: Influence populace dislocated 
civilians 
Purpose: Cause interference with 
Method: Products, AM radio 


EW: 
Task: Jam tactical signals 
intelligence 
Purpose: Prevent collection agains 
Method: Corps EW battalion ba Violent Outbursts 


Special Operations Forces: 
Task: Attack Corps and division Threat Information Objectives: 
Purpose: Slow offensive combat 1. Prevent coalition intelligence 
operations 2. Degrade coalition C2 
Method: Direct action, artillery fires| 3. Ferment civilian discontent 


Figure A-27. Information situation template 


STAFF ESTIMATE FOR INFORMATION OPERATIONS 


A-49. The staff estimate is an assessment of the situation and an analysis of the COAs the commander is 
considering. The estimate includes an evaluation of how factors in a staff section's functional area 
influence each COA, and the conclusions and recommendations for each COA. Staff estimates are 
normally text documents, but may be formatted as maps, graphics, or charts. The estimates are as 
comprehensive as possible, yet not overly time-consuming to develop. They are developed as part of the 
planning process, and updated as the operation progresses. 


A-50. The staff estimate for IO is an estimate tailored to the specific needs of the IO staff. It assesses the 
situation in the information environment and analyzes the best way to achieve information superiority. 
Leaders focus on the information environment and the use of information by enemy and friendly forces. 
When possible, graphics are added to illustrate the less-tangible aspects of IO. 


A-51. The written estimate is a six-paragraph document. The first two paragraphs are necessary for all 
plans. The other paragraphs can be truncated when time is short. Figure A-28, page A-23, depicts a format 
for a written IO estimate. 
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Mission. Define information superiority for the mission (Step 1). 
Situation and considerations. 

a. Characteristics of the information environment (Step 2). 

b. Enemy forces (Step 3). 

c. Friendly forces (Step 4). 

d. Assumptions (Step 5). 

COAs. List options for achieving information superiority. 


Analysis. Estimate likelihood of accomplishing IO objectives given available time and capabilities. 
Comparison. Compare COAs using evaluation criteria. 


Recommendations and conclusions. 
Recommended COA based on which is most supportable by IO. 


Figure A-28. Example of an information operations estimate format 


MISSION 


A-52. The IO mission describes the operational advantage that IO achieves in support to the unit's mission. 


Characteristics of the Information Environment 


A-53. The characteristics paragraph describes the significant characteristics of the information environment 
in terms of the physical, information, and cognitive dimensions. The following characteristics should be 


considered: 
e Terrain. 
e Civilian information infrastructure. 
e Media. 
e Civilian population. 
e  Third-party organizations. 


A-54. The character of each subinformation environment in the AO is reviewed to determine whether it 
favors friendly or adversary forces. Leaders identify information nodes in each subinformation 
environment (that is, places, persons, or infrastructure that shape information content and flow by creating 
or transmitting information). 


Enemy Forces 


A-55. The enemy forces paragraph describes how, when, where, and why the enemy force operates in the 
information environment. It identifies enemy capabilities and vulnerabilities in the information 
environment in terms of information—collection, protection, projection. 


Friendly Forces 


A-56. The friendly forces paragraph describes friendly-force capabilities to operate in the information 
environment. It identifies friendly vulnerabilities to enemy and third-party actions in the information 
environment. 


Assumptions 


A-57. The assumptions paragraph lists the assumptions essential for planning, execution, and assessment of 
the information operation. It is organized by— 


e Information environment (information content and flow). 
e Adversary capabilities and vulnerabilities in the information environment. 
e Friendly capabilities and vulnerabilities in the information environment. 
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GRAPHIC INFORMATION OPERATIONS ESTIMATE 


A-58. A graphic IO estimate (Figure A-29) contains the same basic information as a written estimate. It 
includes— 

e Information superiority for the mission. 

e Characteristics of the information environment (subinformation environment nodes). 

e Enemy vulnerabilities and capabilities in the information environment. 

e  Friendly-force capabilities and vulnerabilities in the information environment. 


IO Estimate 
Information Superiority for the Mission 


Description of Information 
Environment 
* Subinformation 
environments 
* Key information nodes 
* Information flow 


Enemy Force 
* Collect, protect, project 
* Capabilities and 
vulnerabilities 


Graphic of AO 
Description of information 
environment 
Enemy-force operations in 
information environment 
Information flow 


Friendly Force 
* Capabilities 
* Vulnerabilities 


Figure A-29. Graphic information operations estimate 


INFORMATION OPERATIONS ANNEX 


A-59. Plans and orders are as detailed as time permits. Depending on the command and mission, these 
documents can be a series of overlays with written comments or they can be voluminous documents of 
hundreds of pages. Whatever the format, an order must be clear, concise, timely, and useful to the 
implementing commands and units. The IO annex describes the information operation as a whole and how 
IO forces will gain information superiority in support of the scheme of maneuver. This approach places 
less emphasis on individual IO assets and capabilities and more on the aggregate IO effects needed to 
achieve information superiority. The IO staff must be careful to not let the requirement to develop and 
explain the IO element contribution to the operation overwhelm the primary purposes of the IO annex, 
which are to— 

e Provide operational details on the information operation. 

e Focus element and unit tasks on achieving specific effects in the information environment. 


e Provide the information needed to assess the information operation. 


A-60. There are two basic formats for an annex: 


e  Five-paragraph IO annex. The five-paragraph annex (Figure 3-12, pages 3-16 and 3-17) is used 
when time is available and/or when directed by the G-3 or unit SOP. 


e Matrix IO annex. The matrix annex (Figure 3-13, page 3-17) is used when time is available or 
when directed by the G-3 or unit SOP. 
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A-61. Figure A-30 provides an example of an execution matrix. 


Example Information Operations Execution Matrix 


Tasked Unit 


or System Phase II Phase III Phase IV 


Example Information Operations Execution Matrix 


<n 


Element/ 
Capability Phasen | phaser | (Piee 


| WA 
P ET 
EE 


Figure A-30. Example of an execution matrix 


INFORMATION OPERATIONS CONCEPT OF SUPPORT 


A-62. The IO concept of support is a word picture that explains execution of the information operation 
from beginning to end and how the capabilities will be employed to gain information superiority. This 
requires defining information superiority for the operation. A well-written concept is concise and 
understandable. Although there is no doctrinally prescribed formula for an IO concept of support, planners 
should consider including the following: 

e  Commander's intent for IO. Explain what the commander wants IO to do to the enemy or the 
information environment. 

e Information superiority. Explain specifically what information superiority is within the context 
of the operational situation and the mission. Include the specific time and location information 
superiority will be achieved. 

e General scheme for IO. Use doctrinal concepts and terms to explain how the IO objectives will 
be achieved, who will perform IO (that is, the tasked units), and the sequencing of key tasks. 
Relate the key tasks to the achievement of information superiority. 

e Priority of support. Designate which subordinate unit or element has the priority of IO assets and 
capabilities. 

e Restrictions on the employment of IO. List prohibited and directed actions that affect the 
employment of IO. 
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Tactical Deception Aid 


Tactical MILDEC is deception planned and executed by and in support of tactical 
commanders to result in adversary actions that are favorable to the originator's 
objectives and operations. The purpose of tactical deception is to mislead or confuse 
the enemy decisionmaker by distorting, concealing, or falsifying indicators of 
friendly intentions, capabilities, or dispositions. Figure B-1 provides an overview of 
the deception planning process. Figure B-2, page B-2, provides a deception estimate 
format. 


R t | ReceiptofMission | Mi Determine enemy susceptibilities 
| ReceiptofMission | of Mission Identify deception opportunities 
Identify constraints on deception activities 


Identify friendly assets 


[Mission Anaysis | [Mission Anaysis | Prepare deception estimate 


Determine the deception objective 
Identify deception target 

Identify desired perceptions 

Determine friendly deception capabilities 
Develop deception story 

Select deception means 

Develop deception events 


Identify OPSEC measures 
Develop assessment plan 


Develop tasks to subordinate units 
Develop termination plan 
EH Synchronize with IO OPSEC and the overall 
operation 
Analyze and evaluate each COA 


COA 
Approval 


Orders Production Produce the deception appendix 


Figure B-1. Deception planning process overview 


COA 
Development 


Finalize details of the deception 
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"- e Restated mission of the command. 
ission i R : ; 
e Deception objective. Identify the purpose of the deception. 


"NEM Summarize the situation in terms of characteristics of the AO, enemy situation, 
Situation and friendly situation, assumptions. 


COA 
Identify friendly deception COA. 


For each deception COA, list the target-vulnerability analysis, desired perceptions, 
deception story, means, events, risk analysis, and probability-of-success 
assessment. 


Analysis of 
Deception COAs 


Comparison of Compare each deception COA in terms of costs and benefits, operational risks, 
Deception COAs comparative strengths, weaknesses, and probabilities of success. 


e Recommend a deception COA. 


Figure B-2. Deception estimate format 


DESIRED PERCEPTIONS 


B-1. Desired perceptions are those thoughts the target audience must process to believe the planned 
deception story. The formation of the target audience's perceptions is largely based on the means and 
events used to portray the deception story. 


MEANS 


B-2. Considerations for selecting deception means include the following: 

What collection systems or mechanisms does the target audience use? 

How much credibility does the target audience place on information from each conduit? 
What kind of information can be conveyed through each of the means? 

When is each means available to transmit information? 

What filters affect information as it moves through the means? 

How long will it take the information to reach the target audience? 


EVENTS 


B-3. The deception story is portrayed to the target audience through deception events conducted by friendly 
forces. These are pieces of a puzzle that the target audience assembles over time. The puzzle itself is the 
deception story, the pieces are the deceptive events seen by the target audience via the means. Events must be 
observed and accepted as reality by the target audience. The two types of deception events include— 

e Those necessary for the formation of desired perceptions (required events). 

e The supporting events that complement or reinforce the desired perceptions. 


ASSESSMENT PLAN 


B-4. The two primary forms of feedback in deception operations are— 

e Indicator feedback. This feedback is information that indicates whether and how the deception 
story is reaching the deception target audience. This feedback is useful for the timing and 
sequencing of executions. (It answers the question: “Is the target audience receiving the 
deception story as planned?") 

e Perception feedback. This feedback is information that shows whether the target audience is 
forming the desired perceptions and is acting (or is likely to act) in accordance with the 
deception objective. (It answers the question: “Is the target audience acting in accordance with 
the deception objective?") 
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B-5. At the tactical level, the pace of operations and limited number of collection assets may reduce the 
practicality and utility of feedback. For this reason, at the lowest levels of command, tactical deception 
operations must not depend on feedback for successful execution. 


DECEPTION TECHNIQUES 


B-6. Tactical deceptions often contain one or more of the following techniques: 


e Feint. A feint is a limited operation to deceive the enemy of the location or time of the decisive 
operation. Forces seek direct fire contact with the enemy but avoid decisive engagement. Feints 
usually occur before or during the main operation. Multiple feints may be needed to portray the 
deception story. The objective of a feint is to cause the enemy to misemploy forces. 


e Demonstration. Demonstrations are shows of force to deceive the enemy as to the location or 
time of the decisive operation. They are similar to feints, except no contact is made with the 
enemy. The objective is to delude the enemy into an unfavorable COA. Demonstrations are 
useful when time and distance factors make the lack of contact realistic. 


e Ruse. A ruse is a deliberate exposure of false information to enemy collection means. 


Display. A static display of an activity, force, or equipment is intended to deceive enemy 
observation. Displays project the appearance of objects that do not exist or appear to be 
something else. Observables include the use of heat, smoke, electronic emissions, false tracks, 
and fake command posts. 


DECEPTION TACTICS 


B-7. The two types of deception tactics are ambiguity-increasing deception and ambiguity-reducing 
deception. The following paragraphs discussed these tactics. 


AMBIGUITY-INCREASING DECEPTION 


B-8. Ambiguity-increasing deception increases decisionmaker uncertainty about key information needed 
to make decisions. It can be used to delay a specific decision or reduce the quality of a decision. 
Ambiguity-increasing deception— 

e Presents conflicting elements of information. 

e Overloads enemy intelligence-collection and analytical capabilities. 


e  Confuses enemy expectations about friendly-force size, activity, location, unit, time, equipment, 
intent, or mission. 


AMBIGUITY-DECREASING DECEPTION 


B-9. Ambiguity-decreasing deception provides the decisionmaker with the illusion of reduced uncertainty 
and risk. It can be used to elicit specific behavior that can be exploited by friendly forces and to provide 
cover for friendly actions. Ambiguity-decreasing deception— 


e Reinforces the enemy's preconceived beliefs. 

Draws enemy attention from one set of activities to another. 

Creates the illusion of strength where weakness exists. 

Creates the illusion of weakness where strength exists. 

Accustoms the enemy to particular patterns of activity that are exploitable later. 


MILITARY INFORMATION SUPPORT OPERATIONS IN SUPPORT 
OF DECEPTION OPERATIONS 


B-10. At the tactical level, MISO are a primary deception capability. MIS units may conduct tactical 
deception by using sonic deception (that is, loudspeakers) for protection and in support of direct action 
missions. MIS forces may also develop, modify, and disseminate print and audiovisual products to support 
a deception operation. 
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DECEPTION IN SUPPORT OF COMBAT OPERATIONS 


B-11.In support of combat operations, deception can preserve friendly forces and equipment from 
destruction, gain time, or minimize an enemy's advantage. A deception is most effective if the friendly 
force has more COAs available than the enemy has forces to cover in strength. The purpose of deception in 
combat operations is to create an operational advantage through surprise (that is, specific time, place, 
method, and scope of an attack). Possible objectives include the following: 


e Delay or prevent the enemy's action or counteraction. 
Cause the enemy to misdirect assets. 
e Cause the enemy to employ forces in ways that makes them vulnerable to the friendly COA. 
Cause the enemy to reveal strengths, dispositions, and intentions. 
Cause the enemy to waste combat power with inappropriate or delayed actions. 


DECEPTION IN SUPPORT OF STABILITY OPERATIONS 


B-12. Deception is appropriate during stability and support operations when transparency of operations is a 
likely requirement. Deception may serve to protect U.S. Soldiers, mask operational intentions, and deter 
adversary factions. The purpose of deception during such operations is to degrade adversary attempts to 
disrupt peace. Possible objectives include the following: 

e Cause hostile forces to not attack friendly forces (protection). 

e Deter factional violence. 


B-13. Political objectives may override military considerations, to include the use of deception. 
Participation of multinational forces also may restrict the utility and use of deception. 


DECEPTION IN SUPPORT OF OPERATIONS SECURITY 


B-14. Deception in support of OPSEC increases the likely detection of indicators that the enemy can 
observe to derive an incorrect conclusion. OPSEC hides real indicators, whereas deception shows fake 
indicators. Observables are presented to distract enemy intelligence collection away from (or provide cover 
for) real friendly operations and activities. 


DECEPTION IN SUPPORT OF COUNTERINSURGENCY 


B-15. During counterinsurgency missions, in-depth human-factors analysis of deception target audiences 
may not be possible. In lieu of a human-factors analysis of the target audiences, planners can use profiles 
of cell leaders or security organizers. Counterdeception is important, as insurgent and guerrilla warfare 
theory emphasizes the use of deception to accomplish goals. 
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OPSEC is a universal IO capability. It should be included in all plans, operations, and 
activities. The OPSEC process is a framework to systematically identify, analyze, and 
protect information. The goal of OPSEC, in conjunction with unit security programs, 
is to achieve essential secrecy. The OPSEC process should be integrated into the 
military decisionmaking process. It uses the steps indicated in Figure C-1, but does 
not have to follow them in a particular sequence. 


Operations Military 
Security Step Decisionmaking Process 


1 
Identify Critical Information Receipt of Mission 
— JAENTCTICEN BECTTE Analysis 
2 
METRE METRE guum 


Course of Action Development 


Course of Action | Course ofAction Analysis | 
4 Course of Action Comparison 
Course of Action Approval 
5 . 
Apply Operations Security Measures <-> Orders Production 


Figure C-1. Operations security and the planning process 


Q e] AECEEECBM 


IDENTIFY CRITICAL INFORMATION 


C-1. Planners determine what information must be protected (that is, a list of EEFI). Sources of EEFI 
include the— 

e Higher HQ plans and operation orders. 

e Commander’s guidance. 

e Current unit EEFI. 
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C-2. EEFI focus on friendly-force intentions (time and place of units and operations), capabilities, and 
vulnerabilities (strength, technologies, and tactics). EEFI are different for every operation. Leaders must 
avoid the “cookie-cutter” approach and should continually develop new EEFI or refine old EEFI. The 
OPSEC working group can be used to take advantage of subject-matter experts (for example, aviation and 
communications). Leaders identify the length of time each EEFI must be protected (not all information 
needs protection for the duration of the operation). EEFI are prioritized and kept to a manageable number 
(perhaps five). 


ANALYZE THE THREAT 


C-3. The threat to EEFI is the sum of enemy information needs and enemy collection capabilities. A CI 
template (Figure C-2) is a useful tool to depict enemy collection capabilities. It shows when and where the 
EEFI are vulnerable to enemy collection. 


Very High Frequency Village X 
Intercept 


Village Y 


[es] 


Base Camp 


Figure C-2. Example of a counterintelligence template 


ANALYZE VULNERABILITIES 


C-4. Leaders identify each EEFI’s vulnerability to enemy intelligence collection (that is, OPSEC 
vulnerability). The OPSEC vulnerability is a result of the OPSEC indicator and enemy collection 
capabilities. OPSEC vulnerabilities are detectable indicators of EEFI. OPSEC indicators become OPSEC 
vulnerabilities if they can be observed, analyzed, and acted upon by the enemy. To determine OPSEC 
vulnerabilities, leaders— 
e Identify OPSEC indicators. Leaders determine what detectable actions and OSINT can be 
interpreted or pieced together by the enemy to derive EEFI. 
e Compare OPSEC indicators to enemy collection capabilities. Leaders determine which 
indicators can be observed, analyzed, and acted upon by the enemy. 


ASSESS RISK 


C-5. Leaders develop measures to protect OPSEC vulnerabilities by conducting risk assessments for each 
vulnerability and then selecting one or more OPSEC measure for each vulnerability. There are three types 
of OPSEC measures: 


e Action controls. The controls change unit procedures, activities, and actions (for example, 
randomized routine activities, avoiding repetitive TTP). 
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Countermeasures. These measures disrupt enemy information-gathering and targeting (for 
example jamming [EW], physical attack, and camouflage and concealment). 

Counteranalysis. This action deceives the enemy by providing false indicators (for example, 
decoys and deception in support of OPSEC). 


C-6. Once leaders decide which OPSEC measures to implement, they must check that OPSEC measures 
do not create new vulnerabilities. Leaders must balance OPSEC measures with operational effectiveness. 


APPLY OPERATION SECURITY MEASURES 
C-7. Leaders apply OPSEC tasks to units and staff as follows: 


Rewrite approved OPSEC measures as tasks. 
Assign responsibility and coordinate OPSEC tasks with units and staff. 


Coordinate OPSEC measures with MILDEC, PA, and COMCAM to prevent compromise of 
EEFI. 


Integrate OPSEC tasks with IO. 

Include OPSEC tasks in the operation order/operation plan. 

Adjust OPSEC measures based on adversary reaction to the implemented OPSEC measures. 
Monitor execution. 

Evaluate effectiveness. 

Adjust measures and tasks. 

Coordinate monitoring of OPSEC measures through the G-2 and CI. 
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Media Assessment Aid 


Media analysis is a quick and useful technique for evaluating the impact of media 
coverage on military operations. 


IDENTIFY MEDIA SOURCES 


D-1. Planners identify media outlets that are critical to mission accomplishment by analyzing the flow 
of media reporting in the AO and area of interest, selecting those media outlets that have local, regional, 
or international influence. Media outlets that are overtly biased toward the adversary should not be 
used. A good sampling of media outlets includes the following: 


e Local media in the AO. These outlets influence local public opinion. 


e Regional media in countries adjacent to the AO. These outlets can influence public and political 
opinion in the AO and area of interest. For example, in Afghanistan it is important to monitor the 
Pakistani press. 


e International media are the larger media outlets associated with countries outside the AO. 
Typically these outlets impact U.S. domestic, coalition partner, and worldwide public and 
political opinion (for example, in Canada, the Canadian Broadcasting Corporation; in the United 
Kingdom, the British Broadcasting Corporation; in Germany, Der Spiegel; and in the United States, 
the Cable News Network, The Washington Post, Los Angeles Times, and The New York Times). 


Note. Home (domestic) media is a primary consideration for the PA staff, but it is not a 
consideration for military IO. 


D-2. The media analysis presented in this aid is a tool that staffs can use to understand and assess the 
impact of media reporting on friendly and enemy activities in the AO. This type of media analysis helps 
the staff— 


e Maintain situational awareness on media reporting. 

e Evaluate the impact of media reporting on the mission. 
e Identify adversary information. 

e Provide data for assessment. 


D-3. Other staff elements may also conduct media analysis to support their functional area: 
e The PAO conducts a media content analysis to assess news coverage. 
e The intelligence staff may collect and analyze media reporting as part of OSINT. 


e MIS forces prepare extensive media assessments and analyses of commercial and government 
media within their AO, as they seek to leverage more indigenous and credible local media outlets 
to use for dissemination. 


D-4. The IO staff must be prepared to analyze the media, to monitor changes in the information 
environment, and to counter adversary misinformation and propaganda. 


22 March 2013 TC 18-06 D-1 


Page 3046 of 3957 


Page 3047 of 3957 


Appendix D 


DATA COLLECTION 


D-5. Planners systematically monitor media coverage of the command, its mission, and the AO from 
the sources identified above. Useful sources of media reports and stories include the following: 


e PAO media operations center. This center provides translations of foreign press coverage in 
addition to monitoring major English-language media outlets. 


€ OSINT media-monitoring sources (contracted by the Department of Defense). 
e United States Government open-source center. 
e Internet. 


D-6. Data collection must be continuous and consistent—usually on a daily basis. Several factors can 
affect collection of data reports. Items that need to be considered include the following: 
e  English-language media sources are readily available and may skew the collection effort away 
from local media. 
e Translation of local and regional media may cause a lag time of a day or more. 
e A database should be created, populated, and maintained to establish a baseline upon which 
comparisons can be made (for example, media reporting for one month versus another month). 


D-7. Other than the PAO's media content analysis, there is no established doctrinal method for 
analyzing the media. The media analysis process identified in Figure D-1 has been field-tested. It can be 
modified to fit command and staff needs. 


1 i " 

What media outlets are critical to 
mission accomplishment? 

2 What stories are media outlets 

reporting about the command, its 
mission, and the AO? 


3 " 
Identify Media Themes What are the current media 
themes? 


4 : : : 
Determine Operational Impact INGE) ue operational impact of 
the media coverage? 
: What stori i j 
Report Findinas at stories summarize major 
themes and impact operations? 


Figure D-1. Media analysis process 
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IDENTIFY MEDIA THEMES 


D-8. Planners analyze and plot the media coverage collected above to identify current media themes 
(Figure D-2). Planners should do this by— 


e Picking out primary themes in media reports and stories. 


e  Categorizing themes into groups that either support (positive), run counter to the command's 
objectives (negative), or are neutral to either enemy or friendly forces. 


Identifying ad hoc themes of interest to the command. 
Pairing media sources and themes to the command’s objectives or lines of operation. 


Objective Theme (+/-) Source 


Maintain (+) United Kingdom supports troop expansion | British Broadcasting Corporation 
international News and Cable News Network 


support for 
mission (-) U.S. missile strikes kill civilians British Broadcasting Corporation 
News and Associated Press 


Objective Theme (+/-) Objective 


support for police 
insurgents 
strikes 


Figure D-2. Media theme assessment diagram 


DETERMINE OPERATIONAL IMPACT 


D-9. Planners analyze the themes identified above to determine the impact on friendly and enemy 
operations. Media sources and themes are categorized by echelon (that is, local, regional, and 
international). For each theme, planners answer the following questions: 


e Whois the originating source of the theme: 

= Enemy or hostile forces? 

= Friendly forces? 

=m ‘Third-party organization? 

» Embedded media? 

Who is the target audience? 

What is the circulation of theme (most critical for local media)? 
What are the second- and third-order effects? 

Is the event affected by extended media coverage? 


D-10. Themes are prioritized within each category based on degree of impact. Planners determine 
which negative themes pose potential problems for ongoing and future operations and determine which 
positive themes provide an opportunity for exploitation. 


REPORT FINDINGS 


D-11. There is no standard method on how to report media findings. The key is to portray media 
coverage in an easily understood format that can be quickly scanned to see what themes are important. 
Planners should use color coding to clearly display the impact of each theme: green is positive, red is 
negative, and blue is neutral. Symbols (for example, +/-, letters, or numbers) should be added so the 
analysis can be understood if printed in black and white. Planners must resist the temptation to fill the 
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boxes with headlines rather than themes. Media themes that reflect enemy propaganda should be added, 
along with an assessment of operational impacts. Planners display a trend analysis to put the current 
media reporting into a broader context. Figure D-3 provides one technique of reporting findings. 


CONSEQUENCE MANAGEMENT 


D-12. Military operations can trigger either positive or negative coverage by the media. This coverage 
may be a situation that must be mitigated to prevent or reduce the impact on the unit mission, or 
exploited as an opportunity to further the command's objectives. Such a situation is called “media 
bounce." 


D-13. Media bounce refers to the staying power of a story over time. The bounce is usually short, 
particularly if another newsworthy event occurs. Monitoring media bounce avoids reacting to an event 
that loses media's attention and may renew negative reporting, thereby aggravating the situation. A 
consequence-management tracker (Figures D-4 and D-5, page D-5) is a simple decisionmaking aid that 
tracks subsequent media reporting of an event (bounce) to determine whether subsequent command 
action is required. 


Local Media International Media 


(—) Local village leaders call for the 
withdrawal of foreign troops 

(*) President welcomes the presence 
of foreign troops 


Prioritized list of 
current media themes 


Populace support waning: U.S. forces 
are killing local civilians 


Special Themes 


Enemy propaganda theme: U.S. 


i ps Assessment of 
forces are killing local civilians 


operational impact 


eoooeoo0ceeeeoo9 


Daily assessment 


® = Positive 
Q 7 Negative 
H =- Positive Bl = Negative 7 Neutral O = Neutral 


Figure D-3. Sample media report 
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Event of interest —events 
can be positive or negative 


# Positive 


Follow-up period should be about 
a week, although most stories filter 
out before the week's end 


# Negative 


Figure D-4. Consequence-management tracker format 


Consequence-Management Tracker 


Event: Missile Strike on Senior Leader of Insurgent Group 
Date Occurred: 02 May 08 
Monitoring Period: One week (07 May 08) 


Event of interest—events 
can be positive or negative 


# Positive 


o 
= 
+ 
© 
D 
o 
zZz 
+ 


Figure D-5. Example of a consequence-management tracker 
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Conducting Face-to-Face Meetings 


This appendix provides a guide for tactical face-to-face engagements by troops at the 
detachment, company, battalion, and group level when meeting target audiences. 


Leaders must always remember they are representing their unit, the command, and, 
for all intents and purposes, the United States and its allies. Regardless of rank or 
position, actions taken when in contact with the populace can shape the battlefield to 
defeat an enemy seeking local sanctuary to conduct attacks on the forces and allies of 
the United States. 


PREPARING FOR A FACE-TO-FACE MEETING 


E-1. Leaders can take a number of steps to prepare for face-to-face meetings. These steps include: 

e Research. Leaders should learn everything they can about the target audience, to include proper 
name and title, approximate age, family members, ethnicity, language spoken, and the target- 
audience's relationship to other leaders, friendly forces, third-party organizations, and the 
adversary. Reliance on intelligence and MISO capabilities provides a strong foundation of 
information to leaders prior to a face-to-face meeting. 

e Check previous contacts. Leaders should determine who has had contact with the target 
audience; when the meeting took place; what was discussed; what promises were made; whether 
the target audience was deemed truthful, manipulative, or trustworthy; and the groups or 
individuals to which the target audience is tied. With attached or assigned MIS forces managing 
the key-leader engagement program, this information should be catalogued and ready for access 
to guide future contacts. 

e Keep records. Leaders should take notes during the conversation (either personally or via an 
aide) referring back to them at the end to capture the essence of the conversation. Notes should 
be shared with other interested persons, particularly MIS planners. 

e Coordinate. Face-to-face meetings are coordinated to prevent other friendly forces from sending 
mixed messages to the target audience. 

e Set a time limit. Leaders determine how long the meeting should be, staying as close to the 
timeline as possible while exploiting any available opportunities. 

e Consider perceptions. Many factors affect target-audience perceptions (for example, uniforms, 
long versus short guns, large versus small convoys, aircraft in the area, type and size of escort, 
civilians present, and the number of people attending the meeting). 

e Plan for problems. Leaders establish code words to maintain control of information flow and 
security. Typical situations where code words may be used include the desire to end the 
conversation, a noted potential for violence or increased threat, and other possible emergencies. 

e  Rehearse. Leaders practice the discussion with another person through the translator. Comments 
should be solicited from anyone having experience with the target audience. 

e Plan the rest of the operation. Leaders should plan face-to-face meetings with the same intensity 
and focus as they would plan combat operations. Special items of note include— 


=m Translator integration. 

» Movement (ingress and egress). 

=» Security (both sides know of planned meetings, so units must anticipate compromise). 
=» Contingency and emergency situations and covert danger signals. 
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CONDUCTING A FACE-TO-FACE MEETING 


E-2. When conducting face-to-face meetings, leaders should— 

e Bring past notes or previous reports for reference. This demonstrates interest as well as directs 
the conversation into favorable areas. 

e Perform introductions. Leaders introduce everyone in their party and record the names and 
positions of everyone outside their party who is attending. Collecting information is a key goal of 
each meeting. 

e Take photographs. After asking (and receiving) permission, leaders should take photographs of 
the target audience. 

e Be sincere. Leaders may wish to apologize in advance for any cultural mistakes made, reassuring 
the target audience that no offense is intended. Leaders may ask the target audience to point out 
errors as a learning tool. As the face-to-face meeting ends, the leader may wish to ask what 
cultural mistakes were made and thank the target audience for helping the leader to learn the 
local culture. 

e Avoid restricted topics. Leaders should not discuss sensitive issues such as religion or other 
societal practices. 

e Compare notes. Immediately after the meeting, the attendees should discuss what was observed 
to ensure an accurate understanding of what occurred. 

e Avoid false assumptions. Leaders should never assume the target audience does not understand 
English. 


CHANCE ENCOUNTERS AND CONTACTS 


E-3. A chance encounter or contact with the target audience occurs most often during patrols at the squad, 
platoon, and company levels. The leader of the unit should conduct the face-to-face meeting based upon a 
preplanned battle drill. Items to consider during chance encounters include the following: 

e Maintain security. The leader of the patrol should preserve security of the communicator and the 
target audience. 

e Maintain schedule. The leader of the patrol should limit the length of the face-to-face meeting by 
establishing a code word for when it is time to end the meeting. 

e Identify the local leader. The leader of the patrol should ask who is in charge and talk to him 
only. The patrol should not distribute anything to the populace without the local leader's 
permission. 

e Be fair and firm. The leader of the patrol should stay in charge and be respectful, not rude. 

e Be selective. The leader of the patrol should select a maximum of one or two people to talk with. 

e Take notes. The patrol should get names of all people contacted, approximate ages, hometown, 
business or activity, subjects covered, demeanor towards friendly forces, and any particular 
concerns of the target audience. This information should be shared with the intelligence and 
MISO capabilities at the first opportunity after the contact. 

e Be prudent. The patrol should not make promises that cannot be kept. 

e Establish rapport. The leader of the patrol should offer the target audience refreshments (such as 
a bottle of water) and move to a comfortable location. Sit, if possible. 

e Focus. The patrol should stay on message by knowing what messages the command is focusing 
on in specific AOs and during specific time periods. 

e Reinforce the message. The patrol should use any applicable/available printed products 
(handbills, pamphlets, or posters) to reinforce the verbal message and request a formal follow-up 
engagement, if deemed necessary, based on the issues discussed. 

e Report. The patrol should report all contacts with local leaders up the chain of command to 
ensure that an accurate picture of the situation is developed. 
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How to Use Translators 


The following information is specifically applicable to category I (local hire, 
uncleared) translators. However, some aspects of the information are applicable to 
category II (cleared for SECRET) and category III (cleared for TOP SECRET) 
translators. 


Leaders must remember that the translator is their voice and their representative to 
the community. The translator will be seen as a representative of the command, of the 
Army, and of the United States. As such, leaders must monitor and keep all aspects of 
their behavior professional and ethical regardless of their nationality or ethnicity. 


GENERAL GUIDELINES 


F-1. Leaders should insist translators— 

Speak in first person. 

Remain nearby when the leader is speaking. 

Carry a notepad and take notes, as needed. 

Project clearly and mirror the vocal stress and overall tone of the leader. 


F-2. Good leaders know their translators. The lives of Soldiers may be in the translator's hands, so it is 
critical to know the translator's strengths and weaknesses. Translators should be treated as part of the unit. 
The better the translator is integrated into the unit, the better the translator's performance. 


F-3. Translators should be used for translation duties only. Using them for other activities may violate 
their contract. An example of misemployment is using a translator to run errands in town. However, 
sending the translator to town to coordinate a meeting for U.S. officials is allowed. 


F-4. The translator is the leader's voice and, as such, may be subject to physical harm because of the 
messages delivered. Translators should be offered physical protection. If the translator is allowed to carry a 
weapon, the unit must ensure that he can handle it in a safe manner. Range familiarization/qualification (as 
well as knowledge of movement techniques and chemical, biological, radiological, and nuclear equipment) 
is highly recommended. 


F-5. Translators should be allowed rest periods to collect their thoughts and catch their breath. Meal 
meetings are especially challenging for a translator. Leaders should ensure the translator is allowed to eat 
during or after the meeting. 


F-6. Translators should be dressed like the troops they are supporting so they can be readily identified as 
a friendly in a combat situation to preclude fratricide. Uniform accessories (such as wet weather gear, body 
armor, and glint tape) that are common on Soldiers’ uniforms should be made available to the translator. 


REHEARSING WITH A TRANSLATOR 


F-7. Leaders must check the translator to verify their abilities. To ensure accuracy and security, 
periodically record your translator, both with and without his knowledge, for quality checks by higher HQ. 
If operational details are briefed to the translator during the mission rehearsal, units may consider having 
the translator remain on the base camp until execution. Also ensure the translator does not have a cellular 
telephone or other communication device. 
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Appendix F 


F-8. Leaders must rehearse conversations, particularly when dealing with complex, new, or sensitive 
issues. A rehearsal will help define words the translator may not know and ensure the translator 
understands the overall message to be conveyed. Leaders provide feedback to the translator and make 
corrections as needed. Leaders must keep in mind that if the translator performs poorly, it affects the target 
audience's perception of the unit. 


WORKING WITH A TRANSLATOR 


F-9. Leaders must always maintain eye contact with the person they are speaking with and not the 
translator. The target audience should be observed for gestures, posture, and body language. 


F-10. Leaders using translators should speak in short clips and not recite long paragraphs. The goal is to 
make the target audience feel like they are conversing and not being lectured. One to two sentences at a 
time is a good rule. Acronyms, slang, and idioms should be avoided. 


F-11. For simple ideas or routine information, some leaders feel confident that the translator is capable of 
delivering the intended message. This technique works best if the leader introduces the topic and then 
expresses confidence in the translator's ability to speak on the leader's behalf. Conversations should be 
ended with closing comments and an opportunity for questions. 


BATTLE DRILLS AND STANDING OPERATING PROCEDURES 


F-12. There are some situations when a leader may want to establish battle drills or SOPs that address 
information the translator will convey to the local populace. Some possible situations and the type of 
information that the translators should be prepared to provide are— 

e Vehicle checkpoints. Common concerns include questions about where the vehicle occupants are 
going or if they are armed, and instructions on where vehicle occupants should stand or what 
they should do during the search. 

e Cordon and search. Common concerns include an explanation of what military forces are doing 
when they question residents about any weapons or suspicious activities. 

e Detention of a person. Common concerns include an explanation telling why the person was 
detained, how the detention process works, how the detainee's family can reach the detainee, and 
how friendly forces humanely treat detainees. 
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SECTION I - ACRONYMS AND ABBREVIATIONS 


ADP 

AO 

C2 

CA 
CARVER 


CCIR 
CI 

CIO 
CJSOTF-AP 
CMO 
CMOC 
CNA 
CND 
CNO 
COA 
COG 
COMCAM 
DA 
DSPD 
EA 
EEFI 
EIOT 
EMS 
EW 
FFIR 
FID 
FM 
G-2 
G-3 
G-5 
G-6 


G-7 
HN 
HQ 
HUMINT 
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Army Doctrine Publication 
area of operations 
command and control 
Civil Affairs 


criticality, accessibility, recuperability, vulnerability, effect, and 
recognizability 


commander’s critical information requirement 
counterintelligence 

combined information overlay 

combined joint special operations task force—Arabian Peninsula 
civil-military operations 

civil-military operations center 

computer network attack 

computer network defense 

computer network operations 

course of action 

center of gravity 

combat camera 

Department of the Army 

defense support to public diplomacy 
electronic attack 

essential elements of friendly information 
essential information operations task 
electromagnetic spectrum 

electronic warfare 

friendly-force information requirement 
foreign internal defense 

field manual 

assistant chief of staff, intelligence staff section 
assistant chief of staff, operations staff section 
assistant chief of staff, plans staff section 


assistant chief of staff, command, control, communications, and computer 
systems staff section 


assistant chief of staff, information operations 
host nation 
headquarters 


human intelligence 
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IA 

IO 
IOWG 
IPOE 
J-2 

J-3 

J-5 

J-6 


JCCC 
JP 
JSOTF 
MASINT 
MILDEC 
MIS 
MISO 
MNF 
MOE 
MOP 
OPSEC 
OSINT 
PA 

PAO 
PIR 

S-2 

S-3 

S-6 

S-7 

SF 
SFG(A) 
SFODA 
SFODB 
SIGINT 
SOP 
SOTE 
TC 

TTP 

TV 

US. 
USAJFKSWCS 
USD(P) 
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information assurance 

information operations 

information operations working group 

intelligence preparation of the operational environment 
intelligence directorate of a joint staff 

operations directorate of a joint staff 

plans directorate of a joint staff 


command, control, communications, and computer systems directorate of a 
joint staff 


joint combat camera center 

joint publication 

joint special operations task force 
measurement and signature intelligence 
military deception 

Military Information Support 

Military Information Support operations 
multinational force-Iraq 

measure of effectiveness 

measure of performance 

operations security 

open-source intelligence 

public affairs 

public affairs officer 

priority intelligence requirement 
intelligence staff officer 

operations staff officer 

command, control, communications, and computer systems staff officer 
information operations staff officer 
Special Forces 

Special Forces group (Airborne) 

Special Forces operational detachment A 
Special Forces operational detachment B 
signals intelligence 

standing operating procedures 

special operations task force 

training circular 

tactics, techniques, and procedures 
television 

United States 

United States Army John F. Kennedy Special Warfare Center and School 
Under Secretary of Defense for Policy 
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Glossary 


USG United States Government 


SECTION Il - TERMS 


information environment 
The aggregate of individuals, organizations, and systems that collect, process, disseminate, or act on 
information. (JP 1-02) 


information operations 
The integrated employment, during military operations, of information-related capabilities in concert 
with other lines of operation to influence, disrupt, corrupt, or usurp the decisionmaking of adversaries 
and potential adversaries while protecting our own. Also called IO. (JP 1-02) 


information superiority 
The operational advantage derived from the ability to collect, process, and disseminate an 
uninterrupted flow of information while exploiting or denying an adversary's ability to do the same. 
(JP 1-02) 
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EXECUTIVE SUMMARY 


For roughly a century, the United States and its allies have endured coordinated 
efforts by the Soviet, and then Russian government to interfere in the West's domestic 
affairs. The frequency, intensity, tactics, and targets of these clandestine attacks have 
varied over the years, but the Kremlin's main goals of information manipulation, societal 
destabilization, reputational harm, and political influence have remained largely consistent. 
The efficacy of Russia's influence measures has also varied over the decades, but 21st- 
century advances in technology and decreased Western focus on Moscow as a major threat 
since the end of the Cold War have allowed these insidious tactics to proliferate in new and 
damaging ways. Left unchecked, Russian influence campaigns could cause severe harm to 


the integrity of future elections and the credibility of U.S. institutions.! 


This thesis studies the history of Soviet and Russian meddling in the domestic 
affairs of the United States and its Western rivals to identify trends in their efforts and 
successes, and examines various recent interference campaigns as a means to understand 
the Kremlin's subversive attempts to influence foreign elections unduly. Studying the 
gradual buildup of capabilities beginning with the Soviet Union through Russian 
interference in the 2016 U.S. elections, commonalities and signals can be identified that 
highlight the greatest vulnerabilities faced by the United States and other Western 
democracies. Common themes this thesis identifies in both Soviet and modern Russian 
interference efforts include the use of media manipulation, proxy organizations, fabricated 
material, and instigation of specific, opposing groups to provoke division. Other recent 
Western elections and referenda allegedly affected by Russian influence, including 
France's presidential election the following year, further highlight Kremlin attack patterns. 
Commonalities found in this analysis include hack-and-leak incidents, plots involving 


election infrastructure, and attempts to manipulate voters through disinformation. What 


! Charles E. Ziegler, *International Dimensions of Electoral Processes: Russia, the USA, and the 2016 
Elections," International Politics; Basingstoke 55, no. 5 (September 1, 2018): 569-71, 
http://dx.doi.org.libproxy.nps.edu/10.1057/s41311-017-0113-1; Vasu Mohan and Alan Wall, “Foreign 
Electoral Interference: Past, Present, and Future," Georgetown Journal of International Affairs; 
Washington 20 (September 1, 2019): 116. 
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emerges from this study is a clear signal that credibility of elections and legitimacy of 
government leaders and institutions are imperiled by Kremlin meddling, without a 


comprehensive or practical remedy. 


Investigative findings by bodies including the bipartisan Senate Intelligence 
Committee demonstrate unequivocally that Russia's preferred influence operation 
outcomes in the 2016 U.S. presidential election came to pass, potentially along with 
"victories" in other elections.? With nearly a century of experience in covert influence 
techniques and plenty of practice trying to interfere in Western elections, Russia has many 
skills and tools, such as disinformation and cyberattacks with which to continue meddling 
in the democratic affairs of its rivals. The Kremlin has also clearly signaled an intention to 
continue stressing rival nations' democratic systems with a variety of techniques and 
targets, potentially including rumors of corruption and election fraud, exploitation, and 
exacerbation of domestic civil tensions, and even promotion of secession movements and 
rebellion loom as possible threats. Challenges to the legitimacy of some future elections 
are plausible, bolstered by a variety of well-honed Kremlin tradecraft, such as production 
or dissemination of genuine, doctored, or fabricated material designed to lend credence to 


allegations. 


This thesis chronicles and draws connections between Soviet and modern Russian 
interference techniques to highlight the Kremlin's capacity and intention to inflict damage, 
such as election-related chaos and the ruination of the credibility of U.S. government 
institutions, leaders, and electoral systems. The examples and conclusions presented in this 
thesis seek to underscore the need for intelligence communities, investigative bodies, and 
other national and homeland security entities to prioritize efforts to identify, thwart, and 
deter Russian interference campaigns going forward, particularly with regard to the 


integrity of the electoral process. 


? Select Committee on Intelligence, Russian Active Measures Campaigns and Interference in the 2016 
U.S. Election Volume 2: Russia's Use of Social Media with Additional Views, Rep. 116-XX, Senate, 116th 
Cong., 1st sess., 2018, 4-8, 
https://www.intelligence.senate.gov/sites/default/files/documents/Report_Volume2.pdf. 
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I. INTRODUCTION 


For roughly a century, the United States and its allies have endured coordinated 
efforts by the Soviet, and then Russian government to interfere in the West's domestic 
affairs. The frequency, intensity, tactics, and targets of these clandestine attacks have 
varied over the years, but the Kremlin's main goals of information manipulation, societal 
destabilization, reputational harm, and political influence have remained largely consistent. 
The efficacy of Russia's influence measures has also varied over the decades, but 21st- 
century advances in technology and decreased Western focus on Moscow as a major threat 
since the end of the Cold War have allowed these insidious tactics to proliferate in new and 
damaging ways. Left unchecked, Russian influence campaigns could cause severe harm to 


the integrity of future elections and the credibility of U.S. institutions.! 


Current Russian President Vladimir Putin is widely regarded as seeking to expand 
his nation's global influence and regional dominance, as well as to suppress any potential 
threat to his authoritarian grip on power in Russia.? While Putin may not share his Soviet 
predecessors’ worries about imminent nuclear war with the United States, he does appear 
to retain their bitter mistrust and hostility toward the nation, which he accuses of fomenting 
and financing unrest within Russia along with revolutions in neighboring states.? Just as 
the Soviet leadership before him did, Putin appears to see weakening the U.S. government 


and its global influence as a key component of Russia's security and external power goals. 


! Charles E. Ziegler, *International Dimensions of Electoral Processes: Russia, the USA, and the 2016 
Elections," International Politics; Basingstoke 55, no. 5 (September 1, 2018): 569-71, 
http://dx.doi.org.libproxy.nps.edu/10.1057/s41311-017-0113-1; Vasu Mohan and Alan Wall, “Foreign 
Electoral Interference: Past, Present, and Future," Georgetown Journal of International Affairs; 
Washington 20 (September 1, 2019): 116. 


? Robert Person, “Balance of Threat: The Domestic Insecurity of Vladimir Putin," Journal of Eurasian 
Studies 8, no. 1 (January 1, 2017): 44—45, https://doi.org/10.1016/j.euras.2016.11.001; Kari Roberts, 
*Understanding Putin: The Politics of Identity and Geopolitics in Russian Foreign Policy Discourse," 
International Journal: Canada's Journal of Global Policy Analysis 72, no. 1 (March 1, 2017): 29-30, 
https://doi.org/10.1177/0020702017692609. 


? Vladimir Putin, “Predsedatel Pravitelstva Rossiyskoy Federatsiy Vladimir Putin provel zasedaniye 
Koordinatsionnovo soveta Obshcherossiyskovo narodnovo fronta” [Prime Minister of the Russian 
Federation Vladimir Putin led the Coordination Council of the All-Russia People's Front], Pravitel'stvo 
Rossiyskoy Federatsii [Office of the Prime Minister of the Russian Federation news release], December 8, 
2011, https://web.archive.org/web/20120607083034/http://premier.gov.ru/events/news/17330/. 
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As such, he employs the Kremlin's military and intelligence apparatus to do so.^ Putin 
appears to believe that his foes engage in similar tactics, likely leading him to see Russia's 
influence campaigns as necessary, justified, and urgent. He has accused the U.S. 
government of fomenting revolutions in Eastern Europe to disrupt Russia's regional 
hegemony, aggressively expanding the North Atlantic Treaty Organization (NATO) to 
Russia's borders as a direct military provocation, and even attempting to remove him from 
power by leading a clandestine revolt.” Combined with his apparent fear that Western-style 
democracy could eventually lead to the end of his authoritarian reign, Putin has ample 
motivation to take steps to undermine and weaken the United States and its democratic 
allies. As such, the U.S. government must be aware of and on guard against all of Russia's 


destabilization efforts. 


The November 2020 U.S. elections provide a case in point. These elections took 
place in an environment in which the prospect of Russian interference was of grave concern 
to some voters and dismissed as a hoax by others, following years of reports and 
investigations about alleged Kremlin-backed election infrastructure tampering, 


dissemination of misinformation, and even attempts to incite violence.’ 


A. RESEARCH QUESTION 


What are the greatest U.S. vulnerabilities to Kremlin interference campaigns, 


particularly with regard to elections? 


4 Michael Isikoff and David Corn, Russian Roulette: The Inside Story of Putin’s War on America and 
The Election of Donald Trump, 1st ed. (New York: Twelve, 2018, 49, 57-58; Malcolm W. Nance, The Plot 
to Destroy Democracy: How Putin and His Spies Are Undermining America and Dismantling the West, 1st 
ed. (New York: Hachette Books, 2018), loc. 3561-3571 of 5796, Kindle. 


? Defense Intelligence Agency, Russia Military Power: Building a Military to Support Great Power 
Aspirations (Washington, DC: Defense Intelligence Agency, 2017), 15-17, 
https://www.dia.mil/Portals/27/Documents/News/Military%20Power%20Publications/Russia%20 Military 
%20Power%20Report%202017.pdf?ver=2017-06-28-144235-937; Richard Sakwa, “‘New Cold War’ or 
Twenty Years’ Crisis? Russia and International Politics,” International Affairs 84, no. 2 (March 1, 2008): 
257-263, https://doi.org/10.1111/j.1468-2346.2008.00702.x. 


8 Richard Clarke, “Counterterrorism Expert Richard Clarke on Trump’s Relations with Intelligence 
Agencies,” NPR, February 17, 2017, http://www.npr.org/2017/02/17/515728608/counterterrorism-expert- 
richard-clarke-on-trumps-relations-with-intelligence-age. 


: University of Chicago Harris School of Public Policy and Associated Press-NORC Center for Public 
Affairs Research, Americans Split on Relationship with Russia (Chicago, IL: University of Chicago Harris 
School of Public Policy, 2020), https://apnorc.org/wp-content/uploads/2020/10/topline release1.pdf. 
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B. LITERATURE REVIEW 


This section focuses on Russia as a saboteur attacking the civil society of other 
nations from within through manipulation of such tools as cyber infrastructure and access 
to information. Because incidents, such as the 2016 U.S. presidential election interference, 
involve such relatively novel mechanisms as cybersecurity and the use of social media or 
alternative news sources, much of the available literature is very recently published.? A 
consensus apparently does not exist regarding which aspect or target of subversive Russian 
attacks is the most important or dangerous; as a result, the burgeoning array of recent 


sources lacks a cohesive narrative, theme, or focus. 


1. Russia’s Intent, Capability, and Mechanisms 


An abundance of literature dutifully explains Vladimir Putin’s belief that modern 
Russia deserves to be the center of the Slavic and Eurasian world and at least as strong a 
global power as the Soviet Union and Imperial Russia once were.? Many works credit 
Putin's adversarial attitude toward the West to a fear that expansion of the NATO military 
alliance is designed to weaken or threaten Russia's global prominence and its dominance 
of the Eastern European and Central Asian regions." Among these writers, prominent 
Russian dissident Garry Kasparov and U.S. historian Walter Laqueur argue that the 
Russian president views his nation's success and security as a zero-sum game requiring the 
weakening of the United States and its allies, as well as a global acknowledgement that 


many states from the former Soviet territories must remain irrevocably within Russia's 


8 Amos C. Fox and Andrew J. Rossow, “Assessing Russian Hybrid Warfare: A Successful Tool for 
Limited War," Small Wars Journal 12, no. 1 (August 8, 2016). 


? Peter Pomerantsev, “Yes, Russia Matters: Putin’s Guerrilla Strategy," World Affairs 177, no. 3 
(September 30, 2014): 21; Tassos E. Fakiolas and Efstathios T. Fakiolas, “Domestic Sources of Russia's 
Resurgence as a Global Great Power," Journal of International and Area Studies 16, no. 2 (December 1, 
2009): 100—101. 


10 John J. Mearsheimer, “Why the Ukraine Crisis Is the West’s Fault: The Liberal Delusions that 
Provoked Putin,” Foreign Affairs, September 30, 2014, 77-79; Douglas Mastriano, “Putin—The Masked 
Nemesis of the Strategy of Ambiguity,” Defense & Security Analysis 33, no. 1 (January 20, 2017): 69-70, 
https://doi.org/10.1080/14751798.2016.1272175. 
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orbit.!! According to Laqueur, “Russian government strategy is dominated by the 
American shadow and the conviction that what helps the United States must be bad for 
Russia.” '* By extension, the Kremlin strategy also presupposes that what hurts the United 


States is quite likely beneficial for Russia. 


Many sources emphasize that Putin's prior career as a foreign counterintelligence 
operative with the KGB” guides his alleged heavy use of clandestine or obfuscated tactics 
of subversion. ^ For example, Malcolm Nance warns, “For [Putin] to succeed at the mission 
of damaging the United States, he will use all tools of the Russian statecraft such as forging 
alliances, but also blackmail, propaganda, and cyberwarfare."!^ Regrettably, Nance's 
books and a number of other publications on the subject veer out of objective analysis and 
into sharply partisan political rhetoric. For example, Nance indulges his apparent distaste 
for Donald Trump with colorful descriptions, such as “Worse than his mouth was his 
fingers when connected to Twitter. In 140 characters he managed to derail his candidacy 
with insulting, racy, or inappropriate comments," potentially alienating some readers and 
blurring his analysis with his editorializing.'° With years-long federal investigations into 
whether Russian interference helped Trump defeat Hillary Clinton in a polarizing 2016 
election (and outsized national media coverage thereof), an influx of partisan, biased, and 
emotion-infused works on the topic is not particularly surprising, but must be taken with a 
grain of salt. Without much difficulty, recent mainstream newspaper articles and mass 
market books arguing for and against many Russia-based allegations can easily be found. 
To separate signal from noise and preserve accuracy, this thesis relies on scholarly, peer- 


reviewed sources where available. Study of partisan, biased, and speculative works is 


1 Garry Kasparov and Mig Greengard, Winter Is Coming: Why Vladimir Putin and the Enemies of the 
Free World Must Be Stopped, 1st ed. (New York: PublicAffairs, 2015), 253; Walter Laqueur, Putinism: 
Russia and Its Future with the West, 1st ed. (New York: Thomas Dunne Books, 2015), 151. 


te Laqueur, 151. 
13 Komitet Gosudarstvennoi Byezoapasnosti [the Soviet Union’s Committee for State Security]. 


14 Malcolm Nance, The Plot to Hack America: How Putin’s Cyberspies and WikiLeaks Tried to Steal 
the 2016 Election (New York: Skyhorse Publishing, 2016), 24-26; Nance, The Plot to Destroy Democracy, 
loc. 687—701. 


15 Nance, The Plot to Hack America, 36; Nance, The Plot to Destroy Democracy, loc. 687—701. 


16 Nance, Plot to Hack America, 13. 
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nevertheless insightful, as the existence of multiple popular public works espousing 
exaggerated dangers, misguided fears, or foolhardy dismissal of legitimate risks could 
work to Russia's advantage as it seeks to undermine, conceal, and obfuscate. One example 
is a nakedly partisan 2018 work entitled Russia Hoax penned by a longtime Fox News 
anchor, which devotes an entire chapter to downplaying or refuting risks and legal 
questions regarding a controversial meeting between Trump campaign representatives and 


Russian representatives offering “dirt” on Clinton." 


A study by Kevin McCauley shows how Soviet manipulation techniques have 
evolved into the current threat posed by Putin’s Kremlin.!? This work alleges that in 
addition to launching conspiracy theory-peddling media disinformation campaigns and 
employing online “troll armies" to disparage unfavorable information sources, Russia 
employs targeted destabilization campaigns in a number of NATO and European Union 
(EU) countries in a further effort to weaken or dismantle the alliances.? Citing reports 
from NATO and the governments of Estonia, Moldova, and the United States, McCauley 
asserts, “The Russian Federation is conducting sophisticated and large-scale 
disinformation campaigns to destabilize U.S. allies and interests" and explains, “Russia 
continues to employ influence methods formulated under the Soviets, as well as integrating 
new information age methods."?? His conclusions support others warning that Russia uses 


“troll armies" and such other cyber tactics as social media. 


In pursuit of destabilization, Russia has been accused of interfering with elections 


of friend and foe alike, including Ukraine, Moldova, Georgia, the United States, Great 


M Gregg Jarrett, Russia Hoax: The Illicit Scheme to Clear Hillary Clinton and Frame Donald Trump 
(Northampton, MA: Broadside Books, 2018), 171—190. 


18 Kevin N. McCauley, Russian Influence Campaigns against the West: From the Cold War to Putin 
(North Charleston, SC: CreateSpace Independent Publishing Platform, 2016). 


1? «Russian troll armies" is a term used to describe networks of internet commentators, allegedly paid 
by the Kremlin and often posing as Westerners, who systematically post propagandistic comments on 
Western news articles and social media in support of Russia or against its foes. 


zi McCauley, Russian Influence Campaigns, loc. 8541—8697. 
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Britain (particularly regarding Brexit), and France.” Mikhail Myagkov, Peter Ordeshook, 
and Dimitry Shakin provide “evidence and eyewitness accounts that even Russian spin 
doctors and those who committed fraud cannot dispute" of fraudulent machinations 
employed to ensure favorable results in both Russian and Ukrainian elections within the 
21st century.? The same author team reached similar conclusions through a separate 
analysis of the 2004 Orange Revolution in Kyiv.” Ominously, both the 2009 Forensics of 
Election Fraud and the 2008 Election Fraud: Detecting and Deterring Electoral 
Manipulation also devote pages to the study of the U.S. vulnerability to election fraud, with 
the latter detailing several mechanisms by which Americans' confidence in the legitimacy 
of the vote could be shaken. One warning stands out sharply, namely that “in the United 
States since the 2000 election there have been concerns raised regarding electoral 
irregularities—either intentional election fraud or unintentional problems in the election 
that result in an inaccurate (and thus sometimes in the eyes of the losing side, fraudulent) 


outcome."?^ [n more detail, the authors assert: 


The ongoing debate about the security of electronic voting technologies 
reflects one aspect of this debate. Concerns have also been raised about 
fraud in absentee voting, early voting, precinct voting, and voting by 
military personnel and overseas civilians... that are all unrelated to the type 
of voting technologies used. Moreover, in the 2002 gubernatorial election 


21 Vladimir Socor, “Russia Orchestrates Gagauz Election in Moldova, Ponders the Next Steps,” NGO 
Publication, Jamestown Foundation 12, no. 59 (March 15, 2015), https://jamestown.org/program/russia- 
orchestrates-gagauz-election-in-moldova-ponders-the-next-steps/; Luke Harding, *Barack Obama Urges 
Russia Not to Interfere in Neighbouring States," The Guardian, sec. World news, July 7, 2009, 
https://www.theguardian.com/world/2009/jul/07/obama-russia-first-trip; Nance, The Plot to Hack America, 
62; Isobel Thompson, *Did Russia Hack the Brexit Vote?," Vanity Fair, April 12, 2017, 
http://www. vanityfair.com/news/2017/04/did-russia-hack-the-brexit-vote; “France Warns Russia against 
Interfering in Elections,” Radio France Internationale, February 16, 2017, http://en.rfi.fr/france/20170216- 
france-warns-russia-against-interfering-elections. 


22 Mikhail G. Myagkov, Peter C. Ordeshook, and Dimitri Shakin, The Forensics of Election Fraud: 
Russia and Ukraine (Cambridge, New York: Cambridge University Press, 2009), 139. 


23 Mikhail Myagkov, Peter C. Ordeshook, and Dimitry Shakin, “Fraud or Fairytales: Russia and 
Ukraine’s Electoral Experience,” Post-Soviet Affairs 21, no. 2 (January 1, 2005): 91-131, 
https://doi.org/10.2747/1060-586X.21.2.91. 


24 R, Michael Alvarez, Thad E. Hall, and Susan D. Hyde, eds., Election Fraud: Detecting and 
Deterring Electoral Manipulation (Washington, DC: Brookings Institution Press, 2008), 71. 
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in New Hampshire, there were convictions related to jamming political 
party ‘get-out-the-vote’ telephone banks.?? 


Such factors point to a potentially serious security risk. Between Russia's 
experience, history, and motivation regarding election infrastructure tampering in foreign 
states, and existing latent susceptibility to shaken confidence in U.S. elections, the Kremlin 
has a sizable opening to exploit in its destabilization efforts, and may already be attempting 


to make use of it. 


2. 21st Century Vulnerabilities 


Covert interference can take many different forms, and democratic elections can be 
subverted in a variety of ways from voter suppression and election infrastructure tampering 
to subversive attempts to influence potential voters. Works related to Russian attacks and 
emerging vulnerabilities regarding elections have proliferated in recent years, though some 
topics have garnered considerably more attention than others have. Methods of interference 
Russia has been accused of using to disrupt Western states’ electoral processes successfully 


include the following: 


e hacking as a form of espionage or sabotage 

° the leaking of stolen information 

° propagating false news and propaganda distribution and promotion 

° deployment of online troll armies 

. the financing of fringe candidates 

° release of kompromat (compromising material) to damage a government 


leader or political candidate 


. provocation and support of secession-minded dissidents 


2m Alvarez, Hall, and Hyde, 71. 
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Of these tools, one with an abundance of recently produced literature is the topic of 
hacking. Cybersecurity sources from 2014 and earlier seem to focus on the threat to 
infrastructure, military, and intelligence rather than the use of stolen information to tip the 
balance in elections and undermine a particular candidate, party, or entity, but even on this 
topic, a consensus is also lacking. Marc Goodman presents dire warnings of drone and 
pacemaker hacking, as well as a large-scale power grid shutdown, in Future Crimes; 
likewise, Ted Koppel’s Lights Out points out that Russia has already penetrated the United 
States’ power grid network.?? Both of these volumes argue that the U.S. government is not 
adequately equipped to deal with the large-scale disaster that a sustained cyberattack on 
the grid could cause, whether due to legislative inaction or practical limitations. Koppel's 
caution is particularly dire. He warns: 

The American public are not the only ones unwilling to contemplate, much 

less cope with, the eventuality of a debilitating cyberattack against our 

power grid. The government agencies and civic organizations charged with 


enabling the nation to recover from catastrophe are also woefully 
unprepared.” 


Such lack of readiness could be due to any or all of the same failures (imagination, policy, 
capabilities, and management) identified in the 9/11 Commission Report regarding the 
federal government’s inability to stop the novel terrorist attacks of September 11, 2001; 
indeed, each of these are alleged to some degree in Goodman and Koppel’s works.?? 
Though books, reports, and studies critical of U.S. government inaction and lack of 
preparedness against state-sponsored hacking threats are increasingly prevalent, works 
analyzing existing shortfalls and capabilities are less abundant but beginning to emerge. In 


March 2020, a congressionally sponsored group called the U.S. Cyberspace Solarium 


?6 Marc Goodman, Future Crimes: Inside the Digital Underground and the Battle for Our Connected 
World, First Anchor Books Edition (New York: Anchor Books, 2016), 43, 338-341; Ted Koppel, Lights 
Out: A Cyberattack, a Nation Unprepared, Surviving the Aftermath, 1st ed. (New York: Crown Publishers, 
2015), 71-72. 


a] Koppel, Lights Out, 92. 


28 Thomas H. Kean and Lee Hamilton and U.S. National Commission on Terrorist Attacks upon the 
United States, 9/11 Commission Report: The Official Report of the 9/11 Commission and Related 
Publications (Washington, DC: Government Printing Office, 2004), 
http://www.gpoaccess.gov/911/index.html. 
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Commission released a report detailing risks, outlining challenges, and recommending a 
strategy of "layered cyber deterrence" U.S. government agencies could adopt to mitigate 
its cyber-based vulnerabilities.?? The report contained more than 80 recommendations for 
U.S. government entities on the topics of structural reform, cultivation of enforcement 
tools, and promotion of resilience and collaboration with the private sector, though it 
remains unclear how many will be adopted. A consortium of U.S. government agencies 
attempted to conduct a 2020 exercise of a large-scale state-sponsored cyberattack with 
kinetic effects and produce an interagency after-action report, but the COVID-19 pandemic 


scuttled these plans.?? 


Works covering the spread of false information— "fake news"—have become 
abundant since the 2016 U.S. presidential election, to include information deliberately 
spread by suspected Russian actors. A 2017 paper from Stanford University states: 

Recent evidence shows that: 1) 62 percent of U.S. adults get news on social 

media; 2) the most popular fake news stories were more widely shared on 

Facebook than the most popular mainstream news stories; 3) many people 

who see fake news stories report that they believe them; and 4) the most 


discussed fake news stories tended to favor Donald Trump over Hillary 
Clinton.?! 


A key challenge to such recent studies is the fact that the fake-news environment 
continually changes in the era of social media; as awareness of fake-news campaigns and 
the associated risks grow, governments and media entities adapt to contain them, while 
purveyors rapidly adapt to the restrictions and entrepreneurs capitalize on dissent. For 
example, social media platforms Facebook, Twitter, Reddit and YouTube each took a 
number of escalating measures between 2017 and 2020 in reaction to novel fake-news 


tactics, but still drew criticism in the process and sometimes had to roll back certain actions 


29 Cyberspace Solarium Commission, Report (Arlington, VA: Cyberspace Solarium Commission, 
2020), https://www.solarium.gov/report. 


30 «National Level Exercise 2020,” Federal Emergency Management Agency (blog), July 23, 2020, 
https://www.fema.gov/emergency-managers/planning-exercises/nle/2020. 


31 Hunt Allcott and Matthew Gentzkow, “Social Media and Fake News in the 2016 Election,” Journal 
of Economic Perspectives 31, no. 2 (February 16, 2017): 212, https://doi.org/10.1257/jep.31.2.211. 


9 


Page 3092 of 3957 


Page 3093 of 3957 


in response to the backlash.** At the same time, such rival platforms as Gab and Parler 
have emerged specifically as an alternative for social media users frustrated by the 
restrictions of the industry's titans.? As a result, many recent works studying the 
environment of fake news and social media have become quickly outdated, and exist 
mainly as an incomplete snapshot in time inside a rapidly changing ecosystem. As a case 
in point, two 2020 studies on Facebook's internal efforts to combat fake news, while 
insightful and not without merit, each focused on measures the company modified, 
improved, or replaced just months later in response to newer threat information and public 


feedback regarding its policies.?^ 


Books, think-tank reports, and a number of government hearings and reports 


highlight Russia's role in disinformation campaigns, including fake news and 


32 An example of measures rolled back due to criticism include Twitter's October 2020 decision to 
rescind its ban on the sharing of a controversial article about U.S. presidential candidate Joe Biden and his 
son. The veracity of the article's assertions had been heavily questioned and some U.S. lawmakers had 
warned of a high probability that its genesis had been a Russian disinformation campaign, though the 
official reason for Twitter's ban (and the blocking of Trump administration and congressional accounts that 
attempted to share it) was that the article contained private personal information and material allegedly 
gleaned from a hack. The reversal came after withering criticism and accusations of politically motivated 
censorship from President Trump and lawmakers from his party. The official reason given by Twitter was 
that the article had received so much attention that the information therein was no longer technically 
“private,” and it did not publicly explain whether its stance on the allegations that it came from hacked 
material had changed. Paul Mena, “Cleaning up Social Media: The Effect of Warning Labels on Likelihood 
of Sharing False News on Facebook,” Policy & Internet 12, no. 2 (June 1, 2020): 166, 
https://doi.org/10.1002/poi3.214; Petros Iosifidis and Nicholas Nicoli, “The Battle to End Fake News: A 
Qualitative Content Analysis of Facebook Announcements on How It Combats Disinformation," 
International Communication Gazette 82, no. 1 (February 1, 2020): 74, 
https://doi.org/10.1177/1748048519880729; Catherine Sanz and Catherine Thorbecke, “What Social Media 
Giants Are Doing to Counter Misinformation This Election," ABC News, October 18, 2020, 
https://abcnews.go.com/Technology/social-media-giants-counter-misinformation- 
election/story?id=73563997; Kevin Roose, “Facebook and Twitter Dodge a 2016 Repeat, and Ignite a 2020 
Firestorm,” New York Times, sec. Technology, October 15, 2020, 
https://www.nytimes.com/2020/10/15/technology/facebook-twitter-nypost-hunter-biden.htm; Kate Conger 
and Mike Isaac, “In Reversal, Twitter Is No Longer Blocking New York Post Article,” New York Times, 
sec. Technology, October 16, 2020, https://www.nytimes.com/2020/10/16/technology/twitter-new-york- 
post.html. 


Craig Timberg and Isaac Stanley-Becker, “QAnon Learns to Survive—And Even Thrive—A fter 
Silicon Valley’s Crackdown,” Washington Post, October 28, 2020, 
https://www.washingtonpost.com/technology/2020/10/28/qanon-crackdown-election/. 


: Mena, *Cleaning Up Social Media"; Iosifidis and Nicoli, *The Battle to End Fake News"; Conger 
and Isaac, "In Reversal, Twitter Is No Longer Blocking New York Post Article." 
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propaganda.?? The House of Representatives Committee on Armed Services 2015 hearing 
Countering Adversarial Propaganda and the Committee on Foreign Affairs’ hearing 
Confronting Russia's Weaponization of Information from later that year provide a glimpse 
into the U.S. acknowledgement of Russia's campaign to harm the West through targeted 
information.*© In the former, a member of the U.S. government's Broadcasting Board of 


Governors testified: 


With Russia, much of the propaganda that surfaces is aimed at destabilizing 
the West, undermining the trust and credibility of journalism, of 
government, of NATO, of EU, and all those things...the Russian 
propaganda aimed at the non-Russian audiences aimed at undermining 
NATO, EU, government, media...is a very scary destabilizing influence if 
it is actually having the impact—and it is a seeping impact—onto the 
audience.?" 


The latter went much further, beginning with a stark warning from Russian propaganda 
expert Peter Pomeranstev, who explained that while Russia knew it was no match for 


NATO in physical combat: 


what if the Kremlin could bypass NATO militarily, make war without ever, 
officially at least, firing a shot? What if it could use the very openness of 
democracy's open markets, open culture and, very importantly, open 
information against us? So over the 21st century, Russian military theorists 
developed a theory of what they called information psychological or hybrid 
war—a mix of media, economic and cultural warfare with a dab of covert 
military action.?? 


Witnesses at the hearing also explained how such a strategy was enacted through a wide 
array of tools to include what Pomerantsev described as *bankrolling and lending political 


support to both far right and far left parties" to create instability in Western nations, 


35 Marcel van Herpen, Putin's Propaganda Machine: Soft Power and Russian Foreign Policy 
(Lanham: Rowman & Littlefield, 2016). 


36 House Committee on Armed Services, Countering Adversarial Propaganda: Charting an Effective 
Course in the Contested Information Environment: Hearing before the Subcommittee on Emerging Threats 
and Capabilities, House of Representatives, Hrg. 59, serial 97-493, 114th Cong., 1st sess., 2015; House 
Committee on Foreign Affairs, Confronting Russia's Weaponization of Information: Hearing before the 
Committee on Foreign Affairs, House of Representatives, serial 114-37, 114th Cong., 1st sess., 2015. 


37 H.R., House Committee on Armed Services, Countering Adversarial Propaganda, 15. 


38 H.R., House Committee on Foreign Affairs, Confronting Russia's Weaponization of Information, 5— 
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weakening U.S. influence and NATO power, and working to “sow divisions, demoralize 
and disorganize—to weaponize information." Such reports illustrate that while the U.S. 
government may not have had remedies for Russian destabilization efforts in the mid- 


2010s, it was not necessarily unaware of the threat thereof. 


C. RESEARCH DESIGN 

This thesis studies the history of Soviet and Russian meddling in the domestic 
affairs of the United States and its Western rivals to identify trends in their efforts and 
successes. My analysis requires a study of the known threats, adversarial tactics, and 
vulnerabilities and the Kremlin's apparent goals, to identify possible unmet needs for U.S. 


security and intelligence entities to use in countering Russian interference. 


This thesis studies various recent interference campaigns as a means to understand 
the Kremlin's subversive attempts to influence foreign elections unduly. After studying the 
gradual buildup of capabilities beginning with Soviet Union, I explore the case of 
established Russian interference in the 2016 U.S. elections and trace Russia's actions to 
identify commonalities or signals to ascertain better the greatest vulnerabilities Russia has 
an opportunity to exploit. Common themes I identified in both Soviet and modern Russian 
interference efforts include the use of media manipulation, proxy organizations, fabricated 
material, and instigation of specific, opposing groups to provoke division. I also compare 
the 2016 U.S. election case to other recent Western elections and referenda allegedly 
affected by Russian influence, including France's presidential election the following year. 
Commonalities found in this analysis include hack-and-leak incidents, plots involving 
election infrastructure, and attempts to manipulate voters through disinformation. What 
emerges from this study is a clear signal that the credibility of elections and legitimacy of 
government leaders and institutions are imperiled by Kremlin meddling, without a 


comprehensive or practical remedy. 


D. OVERVIEW OF CHAPTERS 


In Chapter II, I outline the evolution and refinement of Russian interference 
campaigns from their genesis in the early days of the Soviet Union through to the era of 


Putin's second decade in power to highlight the scope and seriousness of the threat faced 
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by the United States and its Western allies. Chapter III is an in-depth look at how the 
Kremlin's refined disinformation system was deployed within the U.S. 2016 presidential 
election campaign, along with similar actions in EU member states’ elections. In Chapter 
IV, I examine the fallout from Russia's meddling in the 2016 U.S. presidential campaign 
to determine plausible damage scenarios the United States may encounter if it fails to deter 


or mitigate against ongoing and future Russian disinformation efforts effectively. 
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Il. ACENTURY OF KREMLIN INTERFERENCE: 
DIRTY TRICKS PAST AND PRESENT 


Russia's present capabilities and strategies to destabilize rival governments are the 
product of a long history of refinement. This chapter chronicles three elements of Soviet 
influence campaigns: media manipulation, secret proxy organizations, forgeries and 
rumors, and manipulating and instigating multiple groups to distrust and attack each other. 
The present analysis then shows how such methods have evolved into the contemporary 
threat toolbox, which still features media manipulation and proxy organizations while 


adding novel cyberattacks as a force multiplier. 


A. THE ORIGINAL THREAT 


From its inception in the 1920s, the Soviet Union developed and refined a 
sophisticated series of subversive actions and manipulation techniques to employ against 
the United States and its allies. The Kremlin's main security agencies (in various 
incarnations including Cheka, NKVD, KGB, GRU, and FSB) have dedicated official 
departments to carrying out these attacks, known primarily as “active measures," for 


example, “dezinformatsiya”—disinformation.°? 


In a Cold War-era study of the long history of Soviet disinformation campaigns, 


Roy Godson and Richard Shultz defined “active measures" as: 


influencing the policies of another government, undermining confidence in 
its leaders and institutions, disrupting relations between other nations, and 
discrediting and weakening governmental and non-governmental 
opponents. This frequently involves attempts to deceive the target... and to 
distort the target’s perceptions of reality.“ 


39 Federal Security Service of the Russian Federation, all referred to herein using common anglicized 
transliterations of their Russian-language acronyms. “Cheka”—1917—1922, All-Russian Extraordinary 
Commission for Combating Counter-Revolution, Profiteering and Corruption; “NK VD”—1922-1943, 
People’s Commissariat for Internal Affairs; “KGB”—1954—1991, Committee for State Security; *GRU"— 
1991-present, Foreign Intelligence Service of the Russian Federation; *FSB"—1995-present, Federal 
Security Service of the Russian Federation. Richard H. Shultz and Roy Godson, Dezinformatsia: Active 
Measures in Soviet Strategy (Washington, DC: Pergamon-Brassey’s, 1984); Isikoff and Corn, Russian 
Roulette. 


40 Shultz and Godson, 2. 
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*Dezinformatsiya" was one of the principal tools of a broader campaign to alter 
perceptions and attitudes in ways that benefited the Soviet Union, and proved to be one of 
its most insidious weapons. With the strategic use of this discipline, Moscow could cause 
covert damage in the West without drawing it into a potentially catastrophic armed conflict, 
and support behaviors and policy changes in rival states where threats and diplomatic 


entreaties could not succeed. 


1. Media Manipulation 


One of the earliest examples of calculated manipulation of Western audiences 
involved compromising a trusted source within a prominent American newspaper: The New 
York Times. In the 1930s, Times columnist Walter Duranty won a Pulitzer Prize for 
descriptions of Soviet dictator Joseph Stalin and conditions of life under his rule, but 
subsequent research reveals that his articles ranged from hagiographic to deeply 
disingenuous.^' Duranty produced deliberately inaccurate dispatches from his post within 
the Soviet Union that aggressively contradicted reports of a brutal famine in the country's 
western regions (this mass starvation, known as Holodomor, is now widely believed to 
have been a purposefully created genocide conducted by Stalin against Ukrainian 


peasants).^? 


Duranty not only presented a deceptively rosy picture of Ukrainian life in his 
articles during the time of mass famine, but also actively sought to discredit accurate 
Western reporting on it. Most notably, he forcefully refuted the accurate press releases 
of Gareth Jones, a British reporter for prominent newspaper The Times whose subsequent 


murder was allegedly carried out by Soviet secret police ordered to put an end to his 


SE E Taylor, Stalin's Apologist: Walter Duranty, The New York Times's Man in Moscow (New 
York: Oxford University Press, 1990); Askold Krushelnycky, “Ukrainians Want Pro-Stalin Writer Stripped 
of Pulitzer," The Guardian, sec. World News, May 4, 2003, 
http://www.theguardian.com/world/2003/may/04/russia.usa. 


42 Robert Conquest, The Harvest of Sorrow: Soviet Collectivization and the Terror-Famine (New 
York, NY: Oxford University Press, 1987), 320. 


43 Conquest, 320. 
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negative reporting.^^ Duranty’s attempts to destroy Jones’s credibility hint that his Soviet 
benefactors had both the intent and the means to influence Western opinion both through 


false information and the suppression of factual information it found unpalatable. 


By all appearances, Duranty's actions were not the work of an objective, honest 
journalist, working independently without bias or coercion. Duranty enjoyed a lavish 
lifestyle during his tenure as a journalist in Moscow, to include awards and praise bestowed 
on him by Joseph Stalin. By all appearances, the Soviet government made concerted 
efforts to ensure that its relationship with Duranty was a positive one with "benefits" to 
both sides; in a country known for its iron grip on control of the domestic press, the fact 
that Stalin praised and likely courted a renowned Western reporter is a telling sign of the 


Kremlin's strategy of information manipulation abroad. 


According to Robert Conquest, Duranty may have had other incentives to write 
articles in service of the Soviet Union beyond being seduced by the opportunity to boost 
his career with interviews and unrivaled access to Stalin; he was possibly being 
blackmailed as well.“ In one of the earliest potential examples of Soviet manipulation of 
Western citizens through kompromat, it has been alleged that Stalin's secret police used 
knowledge of Duranty's opium abuse and participation in bisexual orgies to ensure that his 
journalistic missives were acceptable to, if not laudatory of, the Communist Party of the 


Soviet Union.*” 


According to Duranty biographer S. J. Taylor, Duranty's Soviet-friendly New York 


Times articles influenced President Franklin Delano Roosevelt's 1933 decision to grant 


^^ Marco Carynnyk, “The Famine the ‘Times’ Couldn't Find,” Commentary Magazine, November 1, 
1983; Ray Gamache, Gareth Jones: Eyewitness to the Holodomor (Cardiff, Wales: Welsh Academic Press, 
2016); Anne Applebaum, “How Stalin Hid Ukraine’s Famine from the World,” The Atlantic, October 13, 
2017, https://www.theatlantic.com/international/archive/2017/10/red-famine-anne-applebaum-ukraine- 
soviet-union/542610/. 


m Carynnyk. 
iid Krushelnycky, *Ukrainians Want Pro-Stalin Writer." 


ud Kompromat is a Russian-language term for a political tool attributed to the Soviet and Russian 
government in which negative information about an individual, usually a politician or public figure, is 
obtained, cultivated, or manufactured for use in discrediting, intimidating, or blackmailing the individual. 
Krushelnycky, *Ukrainians Want Pro-Stalin Writer." 
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diplomatic recognition of the Soviet Union.“ Notably, Roosevelt's recognition of the 
Soviet Union was contingent on a guarantee from the Soviets that they would not interfere 
in domestic American affairs or disseminate propaganda within U.S. territory; the U.S. 
government already suspected such an agenda.^? Declassified State Department documents 
show that diplomatic relations between the two nations soured within months of the 
recognition, as *evidence emerged that the Soviet Government had violated its pledge not 
to interfere in American domestic affairs" along with reports of state-sponsored killings 


known as “The Great Purge.”°? 


Manipulation of the press to benefit the Soviet Union was a feature of 
dezinformatsiya in neutral states as well. A Central Intelligence Agency (CIA) report 
revealed that the Soviet Union managed to place more than 160,000 messages into India's 
ostensibly free press between the 1960s and 1980s by using several hundred bribed or 
compromised journalists across at least six English-language papers.?' The smuggled notes 
of KGB dissident Vasili Mitrokhin later corroborated this report that indicated that no 
fewer than 10 Indian papers were under Kremlin control by 1973 and more than 5,500 
KGB-tailored articles appeared in Indian papers in 1975 alone.” Along with allegedly 
outright coercing individual journalists to do their bidding, the Soviets also exercised other 
types of influence, both overt and clandestine, over foreign press to amplify their 
disinformation.?? The CIA report describes two methods by which disinformation made its 
way into prestigious Indian papers that relied on credible sources. In one method, Soviet 


operatives debuted fraudulent articles in smaller and less-heralded publications—for 


i Taylor, Stalin's Apologist. 


49 “Recognition of the Soviet Union, 1933,” in Milestones in the History of U.S. Foreign Relations: 
1921-1936 (Department of State Office of the Historian, 2009), https://history.state.gov/milestones/1921- 
1936/ussr; Richard Gribble, “United States Recognition of Soviet Russia: 1917-1933— Church and State 
Responses," American Catholic Studies 119, no. 4 (December 1, 2008): 21—51. 


ey “Recognition of the Soviet Union, 1933.” 


?l Director of Intelligence, The Soviets in India: Moscow’s Major Penetration Program,” Intelligence 
Assessment (Washington, DC: Central Intelligence Agency, 1985), 
https://www.cia.gov/library/readingroom/docs/CIA-RDP86T00586R000400490007-7.pdf. 


us Christopher M. Andrew and Vasili N. Mitrokhin, The World Was Going Our Way: The KGB and 
the Battle for the Third World (New York: Basic Books, 2005), 324. 


33 Conquest, Harvest of Sorrow, 39. 
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example, the communist press—and then encouraged journalists at English-language 
publications to pen their own articles using these planted articles as sources. In the other 
method, the Soviets placed their articles directly into Indian press and wire services whose 
managers they had bribed and then used these services' bylines to add cover and 


legitimacy. 


Such operations undoubtedly served to influence domestic Indian public 
perceptions, yet they carried another key benefit with even greater value for the Kremlin. 
These tactics gave the Soviets the ability to publish rumors, insinuation, and disinformation 
under respected Indian newspaper mastheads and then cite them as “neutral” international 
sources in disinformation campaigns throughout the globe.?^ By cloaking their damaging 
rumors and disinformation in the credibility of neutral foreign press, the Soviets could 
appear to merely amplify objective information, and thus infect Western audiences that had 
long since learned not to trust any accusations originating directly from Moscow. In one 
notable instance, a 1968 hoax—alleging that the U.S. military had been spreading 
weaponized epidemics in Vietnam and Thailand—was introduced by the Mumbai-based 
Free Press Journal and amplified in a weekly publication called Blitz.” This fabrication— 
fake news before the age of fake news— was based on a forged U.S. Office of Naval 
Research letter produced by the KGB active measures division known as *Service A" and 
gained enough traction and credibility from its coverage in the Indian press to achieve 
republication in the London Times.” Popular acceptance of this slanderous fabrication 


fueled anti-U.S. military sentiment that may still linger to this day, as persistent rumors 


54 Director of Intelligence, *The Soviets in India"; Nicholas J. Cull et al., Soviet Subversion, 
Disinformation and Propaganda: How the West Fought against It: An Analytic History, with Lessons for 
the Present (London: London School of Economics and Political Science, 2017), 22, 33-36, 
https://www.lse.ac.uk/iga/assets/documents/arena/2018/Jigsaw-Soviet-Subversion-Disinformation-and- 
Propaganda-Final-Report.pdf. 


°° Max Holland, “The Propagation and Power of Communist Security Services Dezinformatsiya,” 
International Journal of Intelligence and CounterIntelligence 19, no. 1 (January 1, 2006): 12, 
https://doi.org/10.1080/08850600500332342; Andrew and Mitrokhin, The World Was Going Our Way, 
318. 


56 Holland, 12; Department of State, Soviet Influence Activities: A Report on Active Measures and 
Propaganda, 1986—1987 (Washington, DC: Department of State, 1987), Proquest. 
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about U.S. military use of biological weapons may well have roots in stories based on 


Soviet sources.°” 


As shown in the alleged coercion or bribery of Walter Duranty, a key component 
of Soviet disinformation efforts was the courting and financing of Western journalists to 
promote a Kremlin-approved counter-narrative. Allegations and proven cases of such 
attempts throughout the Cold War abound, with the case of French journalist Pierre-Charles 
Pathé standing out as one of the most high-profile instances.?? French officials observed 
Pathé, regarded as an expert on Soviet affairs by prominent French media outlets, in 1978 
conducting a clandestine meeting with a KGB agent, when he was given money and 
documents instructing him on points and themes he was expected to publish under his own 
name.?? Upon his subsequent trial and conviction, it became known that he had spent 20 
years in the service of the KGB disinformation campaign and published articles under 
pseudonyms as well as in his own name. His Soviet-financed publications included a 
journal called Centre d'Information Scientifique, Economique et Politique and a newsletter 
called Synthesis, described as highly influential to the French political elite.9? An analysis 
of the majority of Synthesis editions by Godson and Shultz revealed, along with multiple 
articles attempting to pin the assassination of President John F. Kennedy on the Federal 
Bureau of Investigation (FBI), several key themes amplifying Soviet positions, including: 

fostering mistrust among the NATO allies and their friends, denigrating 

Western weaponry and defense policies, criticizing French policy vis-à-vis 


American and NATO political and defense arrangements, and expressing 
distrust of and censuring the United States.9! 


57 Holland, “Propagation and Power of Dezinformatsiya,” 13. 


58 Sean M. Dixon, “Finding the Limit: The Strategic Potential of the Network-Based Actor” (master’s 
thesis, Naval Postgraduate School, 2016), 10-13. 


39 Christopher M. Andrew and Vasili N. Mitrokhin, The Sword and the Shield: The Mitrokhin Archive 
and the Secret History of the KGB (New York: Basic Books, 2000), 471; Arnaud de Borchgrave, “The 
KGB’s Bead on the Media,” Washington Post, April 14, 1981, 
https://www.washingtonpost.com/archive/politics/1981/04/14/the-kgbs-bead-on-the-media/a58625f1-6959- 
470b-8afe-15ed92949304/. 


60 Shultz and Godson, Dezinformatsia, 134. 
61 Shultz and Godson, 136. 
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The Kremlin had evidently cultivated Pathé's reputation as an expert on Soviet 
affairs in part by feeding him information and funding, and in part, by exploiting his status 
as the son of a prominent French filmmaker.9? Once his credibility and bona fides were 
thus established, the subsequent propaganda and false information published under his 
name carried an air of legitimacy in the Western world far greater than the Soviets were 


able to achieve through their dissemination of overt propaganda. 


2. Secret Proxy Organizations 


Another early method of interference in domestic American affairs was Soviet 
support for such foreign communist organizations as the Communist Party of the United 
States of America (CPUSA). As shown by its own records (retrieved from Russia by 
emissaries from the U.S. Library of Congress after the fall of the Soviet Union), the CPUSA 
worked with its Kremlin financiers to exploit disaffected or oppressed segments of the U.S. 
population as early as the 1920s.9? Such targeting included farm workers hit hard by the 
Great Depression and Black citizens suffering under oppressive Jim Crow discrimination. 
These efforts netted such victories as the recruitment of popular African American actor, 
singer, and sportsman Paul Robeson to promote, amid much contemporary controversy, 
the Soviet cause as superior to the oppressive U.S. government.™ In the CPUSA and other 
ostensibly domestic organizations, the Kremlin cultivated valuable covert means to recruit 
spies, allies, and unwitting assistants, and to manipulate and exacerbate U.S. social unrest 


in support of its interference objectives. ® 


62 Pathé's father Charles was a famous, successful businessman known for popularizing phonograph 
records and essentially pioneering the film industry in early 20th century France, and he invented many 
popular techniques and tropes along the way. The media production and distribution conglomerate he 
created, Pathé Fréres, has remained in operation since 1896. Shultz and Godson, 135. 


63 Deb Riechmann, “Retrieved Papers Shed Light on Communist Activities in U.S.," The Billings 
Gazette, January 30, 2001, http://billingsgazette.com/news/world/retrieved-papers-shed-light-on- 
communist-activities-in-u-s/article bd5e5ca5-38b7-5dcd-b645-b203cbaa0445.html. 


64 Scott Martelle, The Fear within: Spies, Commies, and American Democracy on Trial (New 
Brunswick: Rutgers University Press, 2011), 193—196, Proquest. 


63 Notably, the CPUSA has long outlived its Soviet benefactor. Though it has not formally fielded a 
presidential ticket since activist Angela Davis shared the ticket with CPUSA leader Gus Hall in 1984, the 
party proudly claimed elected city council representatives in Wisconsin and Pennsylvania as of 2020. 
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After anti-communist sentiment in the United States began to crest at the onset of 
the Cold War, the Soviets made extensive use of international and multinational front 
organizations; many of them ostensibly dedicated to such laudable causes as disarmament 
or world peace. This more subtle approach enabled the KGB to recruit potential 
sympathizers and unwitting allies who not only worked intentionally or directly to aid the 
Kremlin, but also gave the Soviet Union Trojan Horse-like propaganda dissemination and 
information gathering outlets within countries where overt Soviet influence would not be 
tolerated.®’ Perhaps the best known of these organizations is the World Peace Council 
(WPC), founded in 1950.55 Along with such partners as the World Federation of Trade 
Unions and the dubiously named World Federation of Democratic Youth, the WPC led 
protests throughout Western democratic nations for several decades and published 
materials intended to generate mass anger against U.S. weapons development.9? 
Specifically, these organizations produced inflammatory and spurious literature falsely 
accusing the United States of such crimes as conducting biological warfare in the Korean 
War.” These organizations were later used to foment domestic and international outrage 
against U.S. activity in the Vietnam War, followed by a sustained campaign to discredit 
and split or dissolve NATO including hosting an annual “Stockholm Conference on 
Vietnam" and supporting “anti-neutron-bomb” protests in European NATO member 
states.^! Perhaps tipping their hand, these organizations nearly unanimously ignored the 
Soviet military buildup and such Soviet-dominated alliances as the Warsaw Pact. When 


> 66 


they had to acknowledge them, these organizations defended them as Soviets’ “alliances,” 


96 william Styles, “The World Federation of Scientific Workers, A Case Study of a Soviet Front 
Organisation: 1946-1964,” Intelligence and National Security 33, no. 1 (January 2, 2018): 116-29, 
https://doi.org/10.1080/02684527.2017.1323479; Shultz and Godson, Dezinformatsia, 112—131. 


67 Andrew and Mitrokhin, The Sword and the Shield, 427; Shultz and Godson, Dezinformatsia, 112. 


68 Andrew and Mitrokhin, The World Was Going Our Way, 324; Shultz and Godson, 112-131; 
Andrew and Mitrokhin, 427. 


69 Shultz and Godson, 112—131. 


70 World Council of Peace, World Peace Movement: Resolutions and Documents (Vienna, Austria: 
Secretariat of the World Council of Peace, 1955), 102-103; Shultz and Godson, Dezinformatsia, 123. 


71 Shultz and Godson, 125-127. 
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as well as being a necessary defensive posture, even as they called for U.S. disarmament 


in the interest of global peace.” 


3. Forgeries and Rumors 


Yet another method used by the Soviet Union to sway popular opinion and breed 
mistrust of the U.S. government among U.S. and allied citizens was through the creation 
and planting of forged documents and letters." Soviet-made materials with meticulously 
mimicked Western handwriting, syntax, and signatures were disseminated both by Soviet- 
compromised publications, and by neutral or anti-Soviet publications duped by the 
fabrications; for example, the 1968 Office of Naval Research epidemic weapon forgery 
carried by the Indian press.” Contentious and painful social issues within U.S. society, 
such as the civil rights struggle, a rash of high-profile assassinations, and heated arguments 
about the U.S. military's role in the Vietnam War, were popular targets for forgery and 
slander attacks. Manipulation of the press to introduce or reproduce the KGB-generated 
allegations and false documents played a key role in helping rumors, doubt, and lies to 


spread throughout U.S. society. 


According to Mitrokhin, the KGB launched a campaign to reduce the influence of 
nonviolent civil rights champion Martin Luther King, Jr. in favor of Stokely Carmichael, 
whom the Soviet Union saw as more radical and likely to incite violence and division.” 
KGB leaders authorized implantation of articles in English-language newspapers in 
African countries slandering King, ostensibly written by Black opponents of his ministry 


and movement."9 


Hoping these articles would be reprinted in U.S. newspapers, Soviet 
authors used such incendiary Western racial terms as *Uncle Tom" to describe King, and 


produced forged documents indicating that he was a paid mole injected into the movement 


7? Shultz and Godson, 126. 


73 Bureau of Public Affairs, Soviet ‘Active Measures’ Forgery, Disinformation, Political Operations 
(Washington, DC: Department of State, 1981), https://www.cia.gov/library/readingroom/docs/CIA- 
RDP84B00049R001303150031-0.pdf; Shultz and Godson, Dezinformatsia, 151—157; Andrew and 
Mitrokhin, The World Was Going Our Way, 318; Andrew and Mitrokhin, The Sword and the Shield, 245. 


7^ Bureau of Public Affairs; Shultz and Godson, Dezinformatsia, 151—157. 
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by the Johnson administration." When King's assassination the following year led to 
nationwide unrest and riots, the disinformation department quickly reversed course and 
began using its press operations to hail King as a martyr whose murder traced back to U.S. 


government attempts to silence him." 


Concurrently, the Mitrokhin archive chronicles KGB financing and assistance to 
publishers and authors responsible for advancing conspiracy theories that the CIA 
orchestrated the 1963 assassinations of Kennedy and his killer, Lee Harvey Oswald.” In 
hopes of capitalizing on popular mistrust created by President Richard Nixon's career- 
ending Watergate scandal a decade later, the disinformation department also created and 
circulated a forged request for information—ostensibly from Oswald—to disgraced 
Watergate operative and former CIA agent E. Howard Hunt, in an effort to further imply 
that the CIA was behind Kennedy’s murder.®° Though the KGB’s clumsy use of initials in 
this forgery led some readers to conclude erroneously that a right-wing oil magnate with 
the same surname was its ostensible recipient, the letter’s subsequent publishing and 
“verification” by multiple handwriting experts helped accomplish the main goal of 


convincing some Americans that CIA operatives had killed the President.?! 


Similar forgery efforts sought to frame FBI chief J. Edgar Hoover on a variety of 
fronts, including that he was alternately a right-wing extremist, a corrupt abuser of the FBI 
office, and even a secret transvestite bent on seeding the FBI with fellow homosexual 
activists. Though some of the more outlandish insinuations against Hoover may have 
failed to gain mainstream credibility initially, such allegations as unproven speculation 


regarding Hoover's sexual preferences gained widespread acceptance within U.S. society 


77 Andrew and Mitrokhin, 237. 


78 Andrew and Mitrokhin, 238. Note: Mitrokhin's original files in Cyrillic are only available for 
viewing at the Churchill College in Cambridge, England. Manipulation regarding Dr. King can be found in 
The Papers of Vasiliy Mitrokin, volume 6, chapter 14, part 2. 


7? Andrew and Mitrokhin, 225—229. 
Bp Holland, “Propagation and Power of Dezinformatsiya,” 18; Andrew and Mitrokhin, 228-229. 


3l “Lawyer Says Texan Told Him Oswald Had Aid in ‘63 Plot,” New York Times, sec. Archives, April 
3, 1977, https://www.nytimes.com/1977/04/03/archives/lawyer-says-texan-told-him-oswald-had-aid-in-63- 
plot.html; Andrew and Mitrokhin, 228-229. 


82 Andrew and Mitrokhin, 235. 
24 


Page 3107 of 3957 


Page 3108 of 3957 


and have continued to resurface for decades.9? The lack of definitive evidence regarding 
aspects of Hoover's personal life makes it difficult to ascertain for certain whether Soviet 
operatives invented such stories or simply used its disinformation techniques to capitalize 
on existing rumors or even facts. Regardless, such techniques amplified public awareness 
of controversial Hoover rumors at the very least, and demonstrate that Kremlin interference 
efforts included both disinformation and amplification of legitimate information it felt was 


advantageous yet getting insufficient attention organically. 


4. Manipulating Multiple Sides, Instigating Groups against Each Other, 
and Inciting Violence 


In some cases, Kremlin subversive measures sought to create kinetic impact and 
create physical casualties. Evidence of such attempts highlights the multi-faceted nature of 
Soviet interference techniques and the multilateral danger to U.S. interests presented 
therein. For example, Mitrokhin's smuggled KGB archive details a diabolical plot to 
exacerbate racial tensions in the 1960s, seeking not just to provoke conflicts and arguments 
or influence political narratives but actually to incite violence within U.S. society. One of 
the most alarming examples is a 1971 plot, codenamed “Operation Pandora," to detonate 
an explosive device at a predominantly Black college in New York and anonymously call 
several Black organizations attributing the explosion to the Jewish Defense League 
(JDL).*^ Mitrokhin's notes indicate that this idea was not an isolated one but rather one 
element of an elaborate campaign to incite a deadly race war between Jewish and African- 
American communities. To accomplish this plot, the Soviets produced insulting racist 
material made to look like it was written by the JDL and distributed the letters to militant 
black power groups. Along with these forgeries, the Soviets sent anonymous letters to 
African-American organizations listing made-up atrocities against the Black community 
committed by the JDL, and calling Black citizens to retaliate violently against the league's 
leadership. Whether such plots were designed to harm the future electoral prospects of 


presidents Lyndon Johnson or Nixon, tarnish the U.S. reputation internationally, or simply 
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to cause ongoing division or chaos as a more general goal is unclear, but each is plausible 
in the context of concurrent Soviet disinformation schemes. Whatever the aim, attempts to 
create tangible impacts and casualties added a dangerous new dimension to Soviet 


interference operations beyond propaganda, bribes, and disinformation. 


5. Diminishing Returns, Lasting Impacts 


Moscow's various strategies in its interference campaigns during the Cold War 
demonstrate the breadth and adaptability of its subversive influence arsenal, but such 
diversity may have been born of necessity or pragmatism as some of its most successful 
tools began to lose power with repeat usage. Most of the Soviet active measures and 
disinformation tactics achieved varying levels of success over the course of the Cold War, 
but many waned in effectiveness as targets began to identify them or at least grow 
reasonably suspicious. For example, Western observers eventually caught on to the robust 
forgery operations, and occasionally managed to undermine their effectiveness by shining 
a light on the practice. One such failed operation was a KGB attempt to deflect blame for 
a 1981 assassination attempt against Pope John Paul II away from itself and onto the CIA. 
In this incident, two forgeries purported to be cables from the U.S. embassy in Rome were 
published by a communist-friendly Italian newspaper, but quickly discredited due to 
formatting errors and correctly labeled a “Soviet active measure" by other Italian 
newspapers.®° Another diabolical yet ineffective operation involved sending forged letters 
purportedly from the Ku Klux Klan to African and Asian nations ahead of the 1984 
Summer Olympic Games in Los Angeles warning that Black athletes would be shot, 
burned, or lynched if they attempted to compete. Such apparent misfires do not indicate 
a broader failure of Soviet influence operations, however. To the contrary, the presence of 
seemingly unsuccessful attempts amid a series of successes merely indicates that the 


Kremlin's subversion strategy involves placing a large number of low-risk bets, or lighting 


85 Dennis Kux, “Soviet Active Measures and Disinformation: Overview and Assessment,” 
Parameters, Journal of the U.S. Army War College 15, no. 4 (December 1, 1985): 24-25; *Two Diplomatic 
Cables Called KGB Forgeries," United Press International, July 14, 1983, 
https://www.upi.com/Archives/1983/07/14/Two-diplomatic-cables-called-K GB-forgeries/2457427003200/. 
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a series of small flames to see which ones ignite into destructive fires. It is also notable that 
some attempts, such as the Kennedy assassination forgery project, lay dormant for years 


before eventually bearing fruit and enduring for decades. 


Despite growing Western awareness of Soviet dezinformatsiya and U.S. efforts to 
challenge it aggressively under Ronald Reagan's administration, many active measures 
plots continued to achieve some degree of success, even during the tentative thaw in U.S.- 
Russia relations, and even after being positively identified as disinformation. In 1983, the 
KGB published a fake letter in Patriot, an Indian newspaper formed two decades earlier 
with Soviet aid for the purpose of seeding disinformation.®” The letter, ostensibly from an 
American scientist who wished to remain anonymous, claimed that the burgeoning human 
immunodeficiency virus/acquired immunodeficiency syndrome (HIV/AIDS) virus had 
been developed by the Pentagon as a biological-weapons experiment.?? After the letter 
initially failed to gain international attention, a spurious scientific paper crafted by Kremlin 
loyalists in East Germany was issued to bolster it, with Soviet press deliberately 
misidentifying the paper's origin as French to further obscure the Kremlin connection.?? 
While other Soviet proxies around the world spread stories related to and building on the 
Pentagon/AIDS myth, traditional Soviet media in turn amplified them, and by 1987, the 
story had been shared in more than 30 languages and 80 countries.?? More than 35 years 
since the Soviet Union set out to convince the world that the U.S. government had created 
the AIDS virus, and more than 25 years after the KGB admitted the entire ploy, U.S. and 


global public health officials and medical workers continue to struggle against popular 


97 Thomas Boghardt, *Soviet Bloc Intelligence and Its AIDS Disinformation Campaign," Studies in 
Intelligence 53, no. 4 (December 1, 2009): 4-7. 


og Department of State, Soviet Influence Activities. 
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acceptance of the fabrication and the knock-on consequences of it.?! For example, a 2005 
study revealed that more than one out of every four African-Americans surveyed believed 
that AIDS was produced in a government laboratory, and that more than 15 percent of 
respondents believed the government had created the virus to control or reduce the Black 
population.?? As demonstrated by political controversy that jeopardized mass acceptance 
of a potential COVID-19 vaccine among U.S. citizens during a global pandemic in 2020, 
conspiracies that undermine the credibility of government administration of health 
resources, or frame the government for disease outbreaks, can have significant and durable 


negative political and public health impacts.?? 


B. CONTEMPORARY ADAPTATIONS AND NEW THREATS 


Russian active measures and disinformation against the West did not end with the 
demise of the Cold War. Indeed, modern Russian influence campaign methods build on 
Soviet active measures and exploit new technology that appears to increase their 
effectiveness. This section borrows the framework of the previous section to demonstrate 
how recent Kremlin interference operatives have adopted and adapted the techniques of 


their forebears, and to highlight areas in which such tools may be even more potent today. 


1. Media Manipulation 


Sinikukka Saari noted in 2011 that Russia’s “active measures” influence strategies 


were evolving to include: 


?! Jacob Heller, “Rumors and Realities: Making Sense of HIV/AIDS Conspiracy Narratives and 
Contemporary Legends,” American Journal of Public Health 105, no. 1 (November 13, 2014): e43—e50, 
https://doi.org/10.2105/AJPH.2014.302284; David Robert Grimes, “Russian Fake News Is Not New: 
Soviet AIDS Propaganda Cost Countless Lives," The Guardian, sec. Science, June 14, 2017, 
https://www.theguardian.com/science/blog/2017/jun/14/russian-fake-news-is-not-new-soviet-aids- 
propaganda-cost-countless-lives. 


?? Laura M. Bogart and Sheryl Thorburn, *Are HIV/AIDS Conspiracy Beliefs a Barrier to HIV 
Prevention among African Americans?," JAIDS Journal of Acquired Immune Deficiency Syndromes 38, no. 
2 (February 1, 2005): 213-218. 


93 Sarah Kreps et al., *Factors Associated with U.S. Adults' Likelihood of Accepting COVID-19 
Vaccination," Journal of the American Medical Association Network Open 3, no. 10 (October 20, 2020), 
https://doi.org/10.1001/jamanetworkopen.2020.25594; Jonathan Chait, “Trump Determined to Get Vaccine 
before Election, Overrules FDA Guidelines,” New York Magazine: Intelligencer, October 5, 2020, 
https://nymag.com/intelligencer/2020/10/trump-vaccine-overrules-fda-election-coronavirus-science.html. 
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1) Proactive political involvement, e.g. creating links to a variety of political 
actors, assisting reorganisation and coordination of pro-Russian parties, 
export of political technologies and consultation around elections, 2) ‘NGO 
diplomacy' e.g. creating and assisting pro-Russian youth groups, minority 
and separatist civil organisations and think tanks, [and] 3) Creation and 
management of favourable media environment, e.g. the establishment of 
Russian media ventures, launching media campaigns in the Russian media, 
or influencing the local national media.” 
To Saari's last point, modern Russian media ventures have been used as an integral tool in 
its interference campaigns against Western democracies, overtly operating within the states 


it seeks to influence. 


Since 2005, the Russian government has operated and expanded its own 
international media outlets, for example the television and online video enterprise RT 
(originally called Russia Today) and the internet-based news and commentary agency 
Sputnik. Both widely regarded by Western intelligence sources as mouthpieces of official 
Kremlin propaganda, these outlets have established multi-language ventures throughout 
the world and used a range of marketing strategies to build a substantial public audience. 
RT, Sputnik, and other government-sponsored Russian outlets with an international 
outreach mission provide factual coverage and interesting content on a variety of topics, 
yet they also clearly support agendas and messages that the Kremlin wishes to spread.” 
These outlets amplify news and opinions Russia wishes to promote, whitewash or cast 
doubt on the veracity of negative stories involving Russian interests, promote 
conspiratorial theories and interpretations, and give remarkably high amounts of coverage 
and airtime to representatives of political groups and parties seen as controversial or 


"fringe."?9 Opinions Russia wishes to promote with its news broadcast networks include 


94 Sinikukka Saari, “Putin’s Eurasian Union Initiative: Are the Premises of Russia's Post-Soviet Policy 
Changing?," Swedish Institute of International Affairs UI Brief, no. 9 (November 1, 2011): 4, 
https://www.ui.se/globalassets/ui.se-eng/publications/ui-publications/putins-eurasian-union-initiative-are- 
the-premises-of-russias-post-soviet-policy-changing-min.pdf. 


°° Galina Miazhevich, “Nation Branding in the Post-Broadcast Era: The Case of RT,” European 
Journal of Cultural Studies 21, no. 5 (October 1, 2018): 575-93, 
https://doi.org/10.1177/1367549417751228; Steven Erlanger, “Russia’s RT Network: Is It More BBC or 
KGB?,” New York Times, sec. World, March 8, 2017, 
https://www.nytimes.com/2017/03/08/world/europe/russias-rt-network-is-it-more-bbc-or-kgb.html. 
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denigration of NATO and defense of Russia's 2014 annexation of Ukraine's Crimean 
peninsula.” Examples of conspiracy promotion include attempts to portray the shootdown 
of Malaysian Airlines Flight MH17, said to be done accidentally by Kremlin proxies in 
occupied east Ukraine with a Russian anti-aircraft missile, and GRU agents' alleged 
poisoning of a former Russian spy in Great Britain, as deliberate acts perpetrated by rivals 


scheming to frame and slander Moscow.?? 


At times, Russian officials have openly acknowledged these media outlets’ purpose 
as a powerful tool or even weapon against the Western world. In explaining the importance 
of RT's American TV channel in 2011, editor-in-chief Margarita Simonyan appeared to 
hint at the network's role as a strategic defense weapon: 

It's important that there is a channel that people are used to, that they like, 

so then when you need to, you show them what you need to show them. In 

a sense, not having your own “inoveshaniye” [foreign broadcasting] is the 

same as not having a ministry of defense. When there is no war, it seems as 

though it is not necessary. But damn, when there is war, it's absolutely 

critical. But you can’t create an army a week before the war begins.?? 
In a satellite video appearance with the president of Argentina commemorating the 
beginning of RT's Spanish-language broadcasting in South America in 2014, Putin himself 
stated, “With accelerated development of electronic media, this sphere has acquired 
immense importance and has perhaps become a formidable weapon to potentially 


manipulate public consciousness." 9? 


97 Martin Kragh and Sebastian Asberg, *Russia's Strategy for Influence through Public Diplomacy and 
Active Measures: The Swedish Case,” Journal of Strategic Studies 40, no. 6 (September 19, 2017): 779— 
799, https://doi.org/10.1080/01402390.2016.1273830. 


98 Gordon Ramsay and Sam Robertshaw, Weaponising News: RT, Sputnik and Targeted 
Disinformation (London, England: King’s College, 2019), 21—44, https://www.kcl.ac.uk/policy- 
institute/assets/weaponising-news.pdf; Adam Holland, *RT *Covers" the Shooting down of MH17," July 
18, 2014, The Interpreter, https://www.interpretermag.com/rt-covers-the-shooting-down-of-mh1 7/. 
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It is no surprise, then, that an interagency report on Russian interference published 
in 2017 by the Director of National Intelligence concluded that RT and Sputnik are key 
components of "Russia's state-run propaganda machine" and a vital tool in its foreign 


influence campaigns. ^! 


According to a 2019 study from King's College London analyzing all English- 
language content produced by RT and Sputnik during two four-week periods in 2017 and 
2018, the Kremlin news agencies flooded the market with more than 2,100 articles 
highlighting political dysfunction in Western countries and Ukraine, which represented 
81.7 percent of all content the agencies wrote about these nations.!° Of the March 2018 
RT and Sputnik articles studied, a staggering 138 of them sought to sow confusion and 
doubt about the Kremlin's recent poisoning of a former spy in the United Kingdom, in 
many cases by offering competing and contradictory counternarratives, such as lies that the 
U.S. or British government created the Novichok poison used in the attack. Such 
misdirection and noise are hallmarks of RT and Sputnik's defense of Kremlin scandals, 
particularly regarding infamous large-scale incidents such as the Russian military's seizure 
of the Crimea peninsula and the downing of Malaysian Airlines Flight MH17.'^ The anti- 
Ukrainian rhetoric and dishonesty coming from Russia's English-language RT channels in 
London and the United States during these two events were so prolific and reprehensible 


that two of its anchors publicly resigned out of frustration with the network's deceptive 


101 Office of the Director of National Intelligence, Assessing Russian Activities and Intentions in 
Recent U.S. Elections (Washington, DC: Office of the Director of National Intelligence, 2017), 
https://www.dni.gov/files/documents/ICA_2017_01.pdf. 
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reporting, while a third forcefully condemned the network's disinformation campaign on 


air during a live broadcast. !?^ 


Disturbingly, the King's College report also discovered that RT and Sputnik's 
English-language content infected British news sources as well; 21 different articles across 
five prominent British newspapers in an eight-week sample replicated at least 30 percent 
of the text found in articles that RT or Sputnik had published previously, including 11 
directly related to political issues.!°° Only two of the 21 articles gave credit or attribution 
to the earlier RT or Sputnik articles, meaning British audiences had no reason to suspect a 
Kremlin-friendly bias. Taken alongside other studies' findings, for example a report that 
conspiracy-minded U.S. media outlet InfoWars had republished more than 1,000 RT 
articles, it appears that the old Soviet method of publishing stories with the hope that 
Western media outlets would later amplify their messages is now more successful than 


ever. 107 


Government-run propagandistic media outlets represent only the tip of the iceberg 
of Russia's modern-day foreign influence apparatus, however. Beneath the surface, the 
Kremlin also appears to continue employing such practices as co-opting journalists and 
covertly manipulating the foreign press, playing puppet master to proxy organizations 
designed to stir up social divisions, fabricating and spreading false information, and 


providing material and financial support to foreign political candidates and campaigns. '?? 
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a. Co-opting Journalists and Using Outside Media to Influence News 
Coverage 

Echoing past Soviet use of Indian, East German, and African publications to hide 
its authorship of disinformation, the internet is awash with obscure and low-level news 
portals throughout the world that fail to disclose the editorial control or influence of the 
Kremlin. In particular, the FSB and Russia's Main Intelligence Directorate of the Russian 
General Staff (GRU), work with loyal supporters to enact this scheme. 1° Hungarian news 
media website Hídfó.net, whose content was eventually found to have been almost entirely 
produced by Russia's GRU, was used to dramatic effect in a Kremlin campaign to turn 
Ukraine’s neighbors against its fledgling post-revolutionary government.!? The site 
caused a massive uproar by falsely reporting that Hungarian tanks had been seen rolling 
across the Ukrainian border.!! The site also published false assertions regarding such 
topics as Crimea-related sanctions, the 2016 U.S. presidential election, NATO aggression, 
and an “exposé” alleging a U.S.-run hybrid war campaign against its rivals.''* As in Soviet 
times, the site's articles could be cited by the Russian media as though it were a credible 


foreign news source, without the stories appearing to be state-generated propaganda. 


b. Inventing and Planting Stories in the Internet Age 


As the hidfo.net incident illustrates, the Kremlin is able to leverage such significant 
technological advances as the internet to enhance the efficiency and expand the reach of 
Soviet disinformation tools. In a hyper-connected digital age in which much of the world 
receives information from sources outside traditional news networks, Russia is now able 


to accomplish its goals of spreading disinformation without needing to explicitly 


109 Andrew Higgins, “Intent on Unsettling E.U., Russia Taps Foot Soldiers from the Fringe,” New 
York Times, sec. Europe, December 24, 2016, https://www.nytimes.com/2016/12/24/world/europe/intent- 
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compromise or exploit journalists or news publications, nor even to create its own Western- 
leaning information portals. The advent of social media, in particular, has helped modern 
Russian influence campaigns reach an exponentially wider audience than Soviet operations 


were able to, and with considerably less difficulty and risk. 


Since at least 2013, active measures harnessing the power of the internet and social 
media to stoke artificial public interest in a topic, spread disinformation, and attack 
Russia's foes have proliferated.''? Novaya Gazeta, a Moscow newspaper whose critical 
investigative work since Putin rose to power is believed to have prompted the assassination 
of several of its prominent employees, reported in August 2013 that its journalists had 
infiltrated a St. Petersburg “troll factory” called Internet Research Agency (IRA).!!^ The 
IRA offered weekly salaries and free food to employees for writing blogs, article 
comments, and social media posts on prescribed themes.!? According to this exposé, 
young Russian citizens working for the agency were given a list of topics and targets about 
which to produce content across Russian and Western traditional and social media.'!® 
These topics included praise for Putin, the Group of Twenty (G20) summit (held in St. 
Petersburg that year), and Russian activity in the Syrian war, along with negative content 
directed at Russian opposition politician Aleksei Navalny, Forbes magazine, and various 
American entities. Burnished by other media reports corroborating these findings, the 
Novaya Gazeta investigation discovered that similar operations were planned for or already 


working in Moscow, and also found evidence that the agency's influence campaign 
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predated its July 2013 business registration." Subscribers to British newspaper The 
Guardian complained that the online comment section of articles related to Ukraine's 
ongoing revolution were all so inundated by a torrent of Kremlin-friendly propaganda that 
legitimate conversation was impossible.!? A May 2014 column filed by The Guardian's 
readers' editor in response recalled that the newspaper had reported two years earlier about 
Russian troll influence campaigns, implying that it had subsequently become a target of 
such attacks. "? Indeed, a February 2012 Guardian report about hacked emails to and from 
the leader of a Russian political youth organization, many of which dated back at least to 
2010, outlines a well-financed campaign to amplify pro-Russia internet content and smear 
a list of 168 enemies of the organization, including Navalny, journalists, and human rights 


activists, on social media and blog sites. 1° 


A 2018 RAND Corporation analysis posits that the Kremlin's interest in social 
media information warfare may have stemmed from Putin believing that such mass unrest 
incidents as the 2011 Moscow post-election protests and various revolutions in former 
Soviet republics had been fomented by the United States and coordinated via Facebook 
and Twitter. !?! These U.S.-based social media platforms were widely reported as critical 
tools for the launch and coordination of revolutionary uprisings in Egypt and Tunisia that 


same year, which Putin decried as U.S.-orchestrated interference in his speech justifying 
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neighborhood], March 11, 2015, https://mr-7.ru/articles/112478/; Viktor Rezunkov, “Oni lyubyat Putina 12 
chasov podryad,[They love Putin 12 hours straight]” Radio Svoboda [Radio Liberty],” March 14, 2015, 
https://www.svoboda.org/a/26899521.html; Hannah Levintova, “Russian Journalists Just Published a 
Bombshell Investigation about a Kremlin-Linked “Troll Factory,"" Mother Jones, October 18, 2017, 
https://www.motherjones.com/politics/2017/10/russian-journalists-just-published-a-bombshell- 
investigation-about-a-kremlin-linked-troll-factory/; Adrian Chen, “The Agency,” New York Times, sec. 
Magazine, June 2, 2015, https://www.nytimes.com/2015/06/07/magazine/the-agency.html. 


18 Chris Elliot, “The Readers’ Editor On... The Pro-Russia Trolls below the Line on Ukraine Stories,” 
The Guardian, May 4, 2014, https://www.theguardian.com/commentisfree/2014/may/04/pro-russia-trolls- 
ukraine-guardian-online. 


119 Elliot, 


120 Miriam Elder, “Emails Give Insight into Kremlin Youth Group’s Priorities, Means and Concerns,” 


The Guardian, February 7, 2012, https://www.theguardian.com/world/2012/feb/07/nashi-emails-insight- 
kremlin-groups-priorities. 


121 Todd C. Helmus et al., Russian Social Media Influence: Understanding Russian Propaganda in 
Eastern Europe (Santa Monica, CA: RAND, 2018), 1-15, 
https://www.rand.org/pubs/research_reports/RR2237.html. 


35 


Page 3118 of 3957 


Page 3119 of 3957 


the annexation of Crimea.'** This perception may have cemented Putin's resolve to build 
up Russia's so-called "information confrontation" capability to counter what he believed 
to be a grave new American threat. Though a number of studies later found that the role of 
social media in the Arab Spring had been somewhat overstated, the 2014 Ukrainian 
revolution that prompted Putin's seizure of Crimea would have nevertheless proven this 
hypothesis anyway. 1° The mass demonstrations in Kyiv that year began with a journalists 
Facebook post and relied heavily on social media to organize protests, recruit volunteers, 


and capture the attention of the Western world. 14 


Following The Guardian's report, and increasingly cognizant of robust pro-Russia 
sentiment within the comment sections of prominent news sites, the American news media 
gradually began to take notice of the story. News and entertainment aggregator site 
Buzzfeed published a lengthy exposé in June 2014 that used leaked emails from alleged 
troll factory financiers to describe the Russian troll operation in great detail. ! The feature 
showed the troll factory to be a well-financed and sophisticated operation and revealed 
attempts to hire English tutors for employees, a list of such media targets as Politico and 
Fox News, and orders for employees to operate six active Facebook accounts or 10 Twitter 
accounts and post 50 comments to news sites per day. Yet, in response to the Buzzfeed 
article, a Washington Post column highlighting the newspaper's own interaction with 
suspected Kremlin trolls downplayed the impact of the alleged influence campaign and 


suggested that domestic commentators were clever enough to mock, refute, or ignore any 
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false claims from foreign invaders. Though many outlets reported on the troll campaign 
as a nuisance offshoot of Russia's adventurism in Crimea, none seemed at the time to 


recognize it as a threat to U.S. domestic affairs, and neither did prominent U.S. officials. 


By April 2015, *malicious cyber activity" was well known and taken seriously 
enough that President Barack Obama issued Executive Order 13694: Blocking the Property 
of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities. This order 
was a directive declaring a national emergency and threatening harsh sanctions on any 
foreign actors whose cyber activities threatened U.S. national or economic security, 
financial stability, or foreign policy.” Regrettably, in what now seems like a colossal 
oversight and missed opportunity, the focus around this executive order did not appear to 
include Russian troll activity. Rather, the text of the executive order centered on such 
contemporary events as financial cyber crimes, state-sponsored Chinese hacking for the 
purposes of espionage and intellectual property theft, ISIS propaganda and recruitment 
through social media, and an incident in which North Korea levied a crippling hacking 
operation on Sony Pictures in retaliation for its production of a film depicting the 
assassination of Kim Jong Un. '?? Notably, Obama attempted to correct this oversight in the 


waning days of his presidency by issuing Executive Order 13757: Taking Additional Steps 


126 The Washington Post article focused on flagrantly absurd Russian comments, summarizing one 
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launches into an anti-American screed in Russian. ]," as well as typical banter, such as a seemingly 
domestic commentator rapidly responding dismissively to a comment that Obama should avoid 
involvement with Ukraine-Russia conflict. It did not appear to account for the possibility of more subtle 
efforts to stir up division without revealing pro-Russian bias. Caitlin Dewey, *Hunting for Paid Russian 
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to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled 


Activities to amend Executive Order 13694 after Russia's 2016 election interference. !?? 


2. Proxy Organizations 


Just as the Soviet Union was able to implant advocates for its causes and policies 
into foreign states’ political and social environments via surrogates such as the CPUSA 
and WPC, modern Russia offers support and assistance to (and sometimes creates) proxy 
organizations in the West. This strategy includes support for oft-discounted political parties 
in other countries, including neo-Nazis and white supremacists. 1°? As in the Soviet past, 
this support and these alliances had nothing to do with shared ideology and everything to 
do with perceived usefulness to national goals; especially regarding potential collaborators 
who could assist against a shared enemy. Just as with the leaders of Cuba, North Korea, 
Vietnam, and such non-communist nations as Egypt and Iraq during Soviet rule, the key 
question was who was the enemy. The enemy of Moscow's enemy (the West and the 


United States) was thus the Kremlin's friend. ^?! 


Andras Rácz describes Russia's strategy as “scattershot... placing small bets, 
directly or through proxies, on ready-made fringe groups in an effort to destabilize or 
simply disorient" such rivals as the EU.'? An Atlantic Council report titled The Kremlin’s 
Trojan Horses agreed and warned that Russia was waging a subtle destabilization effort 


focused on: 


(1) building political alliances with ideologically friendly political group 
and individuals, and (2) establishing pro-Russian organizations in civil 
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society, which help to legitimate and diffuse the regime's point of view. The 
web of political networks is hidden and nontransparent by design, making 
it purposely difficult to expose. Traceable financial links would inevitably 
make Moscow's enterprise less effective: when ostensibly independent 
political figures call for closer relations with Russia, the removal of 
sanctions, or criticize the EU and NATO, it legitimizes the Kremlin's 
worldview. It is far less effective, from the Kremlin's point of view, to have 
such statements come from individuals or organizations known to be on the 
Kremlin's payroll. ?? 


The appearance of Russia's support for fringe groups is alarming for a variety of 
reasons, especially its apparent effect of amplifying far right, ultranationalist, and even 
neo-Nazi parties and organizations in Slovakia, Austria, France, Germany, Hungary, and 
other Western nations.'** Alleged beneficiaries of Russian support include members of 
European Parliament representing such far-right or nationalist parties as Alternative for 
Germany and France's National Rally (formerly National Front), as well as such agitator 
organizations as Austrian Technologies GmbH and Italy's Eurasia Coordination Project. t? 
A common thread among the majority of these disparate fringe groups with Kremlin 
backing has been their assertion that Russia's annexation of Crimea was legitimate and that 
the sanctions levied as a result of it should be repealed.'°° Another use for this hodgepodge 
of policy-agnostic alliances also seems to be their members’ participation as monitors, 
neutral observers, or official recognizers of elections in Russia or its intended sphere of 
influence, where they can dubiously vouch for or cast doubt on the elections’ credibility 


and fairness. !°” 
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These parties and groups can also be used to cause problems domestically, for 
example, sowing domestic unrest and stymieing the work of their nations' governments 
from within using veto power or obstructionism. Even support for less successful fringe 
parties has a detrimental effect on the nations in which they practice. In October 2016, 
septuagenarian neo-Nazi Istvan Gyorkos, leader of a small organization known as the 
Hungarian National Front, murdered a police officer during a raid on his illegal weapons 
cache in a western Hungarian village.!?? A parliamentary committee later briefed on the 
incident by the intelligence community was informed that Gyorkos had been under 
surveillance for years due in part to collaboration with extremists in Russia, and that 
Russian GRU military intelligence personnel posing as diplomats had regularly engaged in 


combat drills with him and his followers. '?? 


Support for a tiny militant and antagonistic party in Hungary seems duplicitous 
considering the warm relations already established between the Kremlin and both 
Hungary's prime minister Viktor Orban, and his leading challenger, the Jobbik Party. '*° 
Russian support for groups that glorify or co-opt the fascist ideology of the Soviet Union's 
bitterly hated World War II opponent seems even more jarring. These seeming 
contradictions, however, underscore the assertion that Russia is willing to place small bets 
on a plurality of parties, so long as they show signs of being able to weaken the powers 
that be or disrupt the European status quo. Since such support is pragmatic and sinister 
rather than ideological, even groups with policies and worldviews antithetical to those of 
the Russian government may still receive assistance. Such is the case throughout Europe; 
political parties strongly rumored to have Russian backing in Germany include the left- 


leaning Social Democratic Party, hard-left Die Linke, and far-right Alternative für 
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Deutschland. 14t In Greece, the ruling far-left Syriza party has come under fire due to its 
rumored Russian financing and ties to such radical Russian nationalists as Alexander 
Dugin, who is also accused of supporting far-right neo-Nazi opposition party Golden 
Dawn.!^ The story is similar in Italy, where the resurrected center-right Forza Italia party 
and right-leaning nationalist Lega Nord parties are both believed to enjoy Russian 
backing.!? The United Kingdom's British National Party and UK Independence Party 
have drawn suspicion on this subject as well due to the effusive praise heaped on Putin by 
some of their members and the alleged Russian interference in their favor during the Brexit 
referendum.'^^ The evident promiscuity of Russia's foreign political support, even to 
multiple fringe candidates within a single country, reveals that an aspect of the Kremlin's 
strategy is to amass a large number of levers to pull in the name of destabilization and 
ability to impose its will on foreign governments; it is accumulating spoilers and trump 


cards wherever it can. 


Alarm bells about Russian influence sounded in Spain almost immediately upon an 
explosion of chaos and violence centered on a secessionist movement in Catalonia in 
September 2017. Citing Catalonian disinformation, Russian media amplification, and 


Russian Twitter bots' frenzied sharing of both, Spanish media quickly speculated that a 


14! One notable instance of Russian support for Germany's Social Democratic Party is its relationship 
with former German Chancellor and SDP leader Gerhard Schróder. After a setback in Germany's federal 
election cost him the Chancellorship, he announced his resignation and then controversially signed a deal 
allowing Russia to build a gas pipeline between the two nations under the Baltic Sea just before his final 
day in office. Russia, to which the pipeline carried enormous strategic importance, swiftly rewarded 
Schréder for his assistance by naming him the head of shareholders for the pipeline project and hiring him 
to a lucrative position as board chairman for the nation's ROSNEFT energy company. Schróder has since 
served as a reliable defender of controversial Russian actions in the news to include partially rationalizing 
the Crimea annexation. Polyakova et al., The Kremlin's Trojan Horses, 15; *Anger as German Ex- 
Chancellor Schroeder Heads up Rosneft Board," BBC News, sec. Europe, September 29, 2017, 
https://www.bbc.com/news/world-europe-41447603. 


142 Courtney Weaver, Kerin Hope, and Sam Jones, “Alarm Bells Ring over Syriza’s Russian Links,” 
Financial Times, January 28, 2015, https://www.ft.com/content/a87747de-a713-11e4-b6bd-00144feab7de; 
Peter Foster and Matthew Holehouse, “Russia Accused of Clandestine Funding of European Parties as U.S. 
Conducts Major Review of Vladimir Putin’s Strategy,” The Sunday Telegraph, January 16, 2016, 
http://www.telegraph.co.uk/news/worldnews/europe/russia/12103602/A merica-to-investigate-Russian- 
meddling-in-EU.html. 


143 Max Seddon and James Politi, “Putin’s Party Signs Deal with Italy’s Far-Right Lega Nord,” 
Financial Times, March 6, 2017, https://www.ft.com/content/0d33d22c-0280-11e7-ace0-1ce02ef0def9; 
Laqueur, Putinism. 


od: Polyakova et al., The Kremlin's Trojan Horses, 18. 


41 


Page 324 of 3957 


Page 3125 of 3957 


Kremlin hand had been stirring the pot.! Subsequent reports from German and Spanish 
intelligence agencies later found that a surge of Russian disinformation and support had 
indeed been a key provocation for Catalonia's illegal separatist referendum and the bloody 


riot that followed. 4$ 


The 2016 Internet Research Agency Facebook advertisements included a series of 
conservative-targeting posts calling for Texas's secession from the Union; a campaign that 
all but disappeared after the election but may have intensified had Clinton won. 1” On the 
other end of the political spectrum, RT reported within one month of Trump's victory that 
an *embassy" dedicated to California's secession from the United States had been opened 
in an expensive area of downtown Moscow.'^? Contemporaneous reporting from more 
credible news outlets revealed that the California secessionist behind this apparent stunt 
was a New York-born Russophile and Russian resident with a history of right-wing U.S. 
political activism.!^? It was soon discovered that the dubious diplomatic outpost managed 
to secure its improbable real estate bonanza only because the space was being provided for 


free by a Kremlin-financed party that was also supporting a fledgling Texas rebellion. 1° 
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The Anti-Globalization Movement of Russia, as this group is called, exists to offer support 


and encouragement to separatists in nations all over the world. 1t 


At a Senate Intelligence Committee hearing regarding Russia's social media 
influence campaigns in November 2017, Russia was accused of using social media bots, 
state media amplification, and even clandestine financial and material aid to support and 
amplify recent secession movements. "? Among these campaigns were Catalonia's 
contentious unauthorized referendum against Spain in 2017, a narrowly defeated 2014 
referendum regarding Scotland's independence from the United Kingdom, the United 
Kingdom's unexpected 2016 vote to exit the European Union, illegal sham referenda in 
Crimea and Ukraine’s Donbass region in 2014, and activity in other “frozen conflict" 
zones."? Evidence presented at this hearing suggested that Russia also attempted to 
provoke Hawaiian, Puerto Rican, and Native American tribal rebellion in addition to the 
Texas secession. ^^ Russian support for secession movements serves as evidence of a broad 
trial-and-error strategy. That Russia appears to have directly advocated violence and fear 
among U.S. citizens and attempted to coordinate confrontations between rival groups in 
2016, further reinforces the notion that they are experimenting with ways to stoke 
something akin to a civil war or unrest reminiscent of Soviet race war plots in the 1960s. ^? 
This notion is further bolstered by such stunts as an incendiary Internet Research Agency 


troll group called Black Fist funding self-defense classes for African-American activists 


15! Not only can secession movements cause chaos and force national governments to focus attention 


and resources on internal matters, they also serve as a useful propaganda tool for Russia to justify and 
normalize its near-universally condemned takeover of Crimea. Reevell, *Texas, California Separatists 
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throughout the United States ahead of the election.^9 With sometimes-violent unrest 
popping up in cities across the United States in 2020 over coronavirus mitigation measures, 
political campaigns, election results, and social justice issues—including at least one foiled 
plot to assassinate a state governor and provoke a rebellion—some of Russia's longshot 


bets have a legitimate chance of paying out to some degree. 17 


3. New Threats and Force Multipliers: Cyberattacks 


In addition to the resurgence of active measures techniques that appeared dormant 
in the years following the collapse of the Soviet Union, new tactics have emerged as 
complements and accelerants to such measures in present-day influence campaigns. In 
many cases, longstanding interference methods have adapted and improved, often with the 
benefit of technological advances, such as the internet and social media. Espionage, 
reconnaissance, propaganda distribution, recruitment, and many other elements of 
interference tradecraft have been made much easier and more successful by the availability 
of data and social media on the internet. Contemporary Russia has thus been able to expand 
greatly the size and scope of its activities compared to Soviet influence efforts. Along with 
legal means of information harvesting and dissemination, Russia uses the internet as a 
powerful new toolset for its influence campaigns: cyberattacks, to include hacking, 


infrastructure disruption, and file manipulation. 


Twenty-first-century Russian hacking operations have proven to be useful 


disruptors in their own right, as well as accelerators for other influence methods, such as 
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slander, forgery, and political influence. The information obtained from a hack can be used 
to inform future influence campaigns, identify vulnerabilities and strategies that can be 
exploited and countered, or to embarrass or compromise the target upon public release. ^? 
Worse yet, the stolen material can even be doctored to create compromising material where 
none naturally exists.'°? The theft or even insinuation of theft of sensitive information can 
be used as blackmail if release is threatened. Finally, attribution of a cyberattack's origin 
can be difficult, so a perpetrator can avoid detection, and thus also avoid consequences. It 
is in this space that Russian influence campaigns have been masterful. Cyberattacks are 
now a staple of the Kremlin's influence campaigns, whether targeting a nation's 


candidates, election systems, government services, or even critical infrastructure sectors. 9? 


The ways in which any hostile power could conceivably disrupt infrastructure or 
commerce grows with every new interconnected device and advance in networking, limited 
only by a potential attacker's capacity and the intended victim's ability to thwart, punish, 
or effectively counterattack. By this metric, the threats posed by Russian cyberattacks are 
among the most severe imaginable, as the GRU has spent years honing its craft. Also in 
the Kremlin's favor is the fact that its nuclear weapons arsenal provides the ultimate 
strategic defense against a physical or military counterattack to its cyber meddling; an 
advantage very few of the world's other hackers and groups can boast. As the full range of 
possible cyberattack capabilities is too broad to list, it may be more useful to analyze 


actions allegedly already taken by Kremlin agents. 


A bellwether case study for the havoc Russian-origin cyberattacks can wreak on a 
society is a 2007 Estonian cyberattack. In the wake of Estonian authorities’ decision to 
move a controversial Soviet World War II memorial from downtown Tallinn to a military 


cemetery, and fueled by disinformation on Russian-language media saying the monument 
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was set to be destroyed, riots among the Russian-language population ensued. The 
following night, Estonian network systems were beset by a weeks-long siege including 
computer script-driven “distributed denial of service" (DDoS) attacks that caused sporadic 
outages in the banking, media, and government sectors, to include failure of automated 
teller machines, public servant email accounts, and news broadcasts. In a taunting and 
unpersuasive denial, Putin wryly suggested the attack might have been the work of 
independent ^patriotic hackers" motivated by love for Russia and incensed at the 
exaggerated news of the statue’s removal rather than official state actors.'?! The Russian 
government refused to assist Estonian law enforcement's investigation of the perpetrators 
despite a standing treaty compelling them to do so, and significant evidence that the attack 


originated with Russian IP addresses.!*? 


This incident, which rattled Estonian society and led the government to bolster its 
cybersecurity posture significantly, offered an example of the unpredictable chaos Russia 
could unleash on a foe under the guise of domestic tensions and difficult-to-attribute 
cyberattacks. The attack also put Russia's potential foes on notice that the nation is capable 
of inflicting substantial damage on a rival society without crossing a border or firing a shot. 
Perhaps most troubling to U.S. observers, the Estonian attack hinted at Russia's apparent 
ability and willingness to wound a NATO member state at a significant level without 
triggering the alliance's Article Five agreement, which states that an attack against any 


member is an attack against all and must be met with a unified response. 9? 


Perhaps less risky for Russia though is the following option: a hybrid campaign that 
cripples essential services ina NATO country via a devastating yet difficult to definitively 


attribute cyberattack, yet does not involve physical weaponry deployment or border 
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incursion. Such a “gray area" attack could trigger alliance infighting and a lack of 
consensus regarding a full-scale Article Five response, thus undermining the alliance's 
main purpose. Perhaps cognizant of such a novel scenario, NATO quickly founded the 
Cooperative Cyber Defence Center of Excellence in Tallinn not long after the 2007 
Estonian cyberattack.!9^ More than a decade after the Estonia incident, however, ambiguity 
continues to surround each NATO member's stance on the threshold a cyberattack must 
hit before signifying an act of war. Questions include whether it makes a difference if the 
attack is definitely state-sponsored or possibly carried out by its “patriotic” residents (as 
Putin has smugly suggested more than once), and whether it is definitively safe to declare 
a cyberattack an act of war while also engaging in offensive cyber activity, such as Stuxnet 
(a malicious cyber worm of alleged U.S. and Israeli origin used to damage Iran's nuclear 
program severely).'® A June 2017 statement issued by NATO Secretary General Jens 
Stoltenberg in the wake of a mysterious global cyberattack hinted that questions still remain 
even as the alliance seeks to harden its cyber defenses, as he warned those responsible that 
NATO nations had agreed that a cyberattack could trigger Article Five (emphasis 
added). 195 


Notably, the attack Stoltenberg referred to (known as *NotPetya") originated in 
Ukrainian tax software and wreaked havoc on the nation in a manner similar to the 2007 
Estonia attack, before spreading sporadically and uncontrollably to public and private 


sector entities worldwide. U.S. CIA and British intelligence reports identified with high 
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confidence the GRU as the perpetrator for this attack, which concurred with earlier 


Ukrainian intelligence assessments. 167 


Whereas NotPetya may have been an out-of-control juggernaut affecting as many 
sectors as possible, Russia has demonstrated that it can also target infrastructure and 
communications equipment with precision. In June 2015, 12-channel French television 
network TV5 Monde was hit with a devastating cyberattack that appeared to have been 
meticulously tailored to destroy its broadcast transmission hardware.!9? Seven different 
components simultaneously fell under attack, including a Netherlands-based remote- 
control camera company used by the network. The network website was maliciously 
reprogrammed to display a message indicating the Islamic State took credit for the 
mayhem, but French authorities quickly traced the attack to the GRU.!9? Six months later, 
a well-coordinated and highly sophisticated remote takeover of multiple Ukrainian power 
grid control center distribution systems, later attributed to the GRU by the UK Cyber 
Security Centre, shut off power to hundreds of thousands of residents in western 
Ukraine.” The GRU has also been blamed by Western governments for a litany of 
infractions to include a pre-war attack on Georgia’s government agency systems in 2008, 
the penetration of various Eastern European countries’ defense ministries in 2014, and a 


significant 2015 network takeover and data destruction attack against Germany’s 
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Bundestag parliamentary system.'”! In light of the broad array of cyber-based disruptions 
it has been practicing and refining, it is clear the Kremlin has a new toolset to deploy 
strategically as a means to sow division, influence, or thwart communications during a 
critical event or time period, and disrupt the normal functioning of a foreign government. 
For example, Russian operatives could unleash a precise, narrowly targeted attack against 
a media network during an election cycle that could materially affect voters' ability to 
access information about a candidate or result, or a targeted attack on critical infrastructure 
in a given municipality that could cause chaos and disruption at polling locations and 


undermine the integrity of the outcome. 


4. Relative Impunity 


When confronted with the fact that more than a dozen GRU operatives were under 
criminal indictment in the United States for cyber-based election interference, Putin denied 
that the suspects worked for the Russian government, demanded the United States reveal 
its evidence, and bluntly swore that Russia would never cooperate with other nations' 
attempts to prosecute its hackers: *Never. Never. Russia does not extradite its citizens to 
anyone."!7? By always denying responsibility for cyberattacks and refusing to extradite or 
cooperate with investigations, the Kremlin has mostly escaped consequences for these 
intrusions thus far, which has allowed them to enjoy a measure of freedom to test and refine 
their capabilities. Similarly, the risk of prosecution for an army of citizens paid through 
proxies to create and amplify disinformation on social media and hide behind fake foreign 
personas is low due to the high volume of content and relative anonymity of its operatives. 
Any rival nation's attempt at in-kind retaliation would likely be thwarted by the Russian 


government's strict control of the internet within its borders, which allows it to block any 
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content it chooses swiftly.!^ Finally, Russia's support and cultivation of fringe parties and 
organizations in rival states in some cases may give it allies capable of thwarting 
investigations into its interference, vetoing penalties such as sanctions, and sponsoring or 
attacking legislation to suit the Kremlin’s interests. '"^ Taken in aggregate, it becomes clear 
that in the current environment, Moscow has a large array of well-honed interference tools 


and little to dissuade it from using them. 
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III. ELECTION INTERFERENCE 


This chapter focuses on a Russian interference attack type that may have the 
greatest potential for destructive, lasting impact: meddling and manipulation in the process 
of electing leaders in democratic societies. Russia's methods of foreign political 
interference were on full display in such pivotal world events as the 2016 U.S. presidential 
election, the “Brexit” referendum regarding Great Britain's membership in the EU, and 
other elections throughout Europe. Just as in Soviet times, some of the primary goals of 
this interference appear to include the weakening of Western rivals and alliances such as 
NATO, the promotion of leaders with favorable attitudes toward Moscow, attacks smearing 
politicians seen as hostile toward Russia, the deflection and denial of Russia's role in 


nefarious events, and the stoking of mistrust and division in Western societies. '”° 


To understand U.S. vulnerability to Russian election interference and establish the 
plausibility of the threat, this chapter first details known instances of Soviet attempts to 
influence U.S. politicians and tilt the scales toward a Kremlin-favored outcome. Next, it 
analyzes the broad range of tools that Russia used in its bid to influence the 2016 U.S. 
presidential election. Finally, this chapter explores other recent instances of Russian 


meddling in Western elections to identify tactics and efficacy further. 


A. SOVIET MEDDLING IN U.S. ELECTIONS 


During the Cold War, Moscow made overt offers to potential U.S. presidential 
candidates on multiple occasions by offering to help them defeat anti-Kremlin rivals in 
exchange for the expectation of friendly treatment. For example, John Bartlow Martin 
reported in 1977 that Adlai Stevenson, the Democratic Party candidate whose unsuccessful 


1952 and 1956 campaigns included nuclear nonproliferation rhetoric that Kremlin officials 
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saw as beneficial, reported one such overture."9 According to Stevenson, Soviet 
ambassador Mikhail Menshikov set up a one-on-one meeting ahead of the 1960 
presidential election to persuade him to run against sitting Vice President Richard Nixon. 7 
To Stevenson's alarm, the ambassador offered to use the Soviet press to help him win 
election, in part by publishing either positive or critical stories about the campaign; 


whichever Stevenson thought would get him the most votes. '? 


Soviet leader Nikita Khrushchev later acknowledged that he continued to do 
everything in his power to prevent Nixon from winning the 1960 election, citing as 
motivation animosity following an infamously tense exchange between the two at an 
American technology exhibition the year before."? Aleksandr Feklisov, a Soviet spy 
serving as the KGB's Washington, DC, station chief during this time, later admitted to 
having been "instructed... to propose measures, diplomatic, propagandist, or other, to 
encourage [John F.] Kennedy's victory" and revealed that an agent had attempted to offer 


assistance to Kennedy’s campaign against Nixon through his brother Robert F. Kennedy. 9? 


Upon meeting President Kennedy for the first time after his victory, Khrushchev 
took credit for tipping the close race by bragging that he had weakened Nixon by refusing 
to release American pilots from Soviet captivity until after the election.!5! When Nixon 
again ran for president in 1968, Soviet intervention attempts were even more direct. 


Anatoly Dobrynin, Moscow's ambassador to the United States at the time, admitted 
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carrying out an order to offer campaign assistance secretly to Nixon's opponent Hubert 
Humphrey including financial aid.'®* Mitrokhin also notes that even after Nixon's 
resignation due to the Watergate scandal, then-KGB chairman Yuriy Andropov ordered his 
bureau to make overtures to officials in Nixon's administration—including speechwriter 
William Safire and eventual presidential candidate Pat Buchanan—in attempts to use them 


for the Soviet cause. In each case, the Americans refused the offers. 183 


Though most if not all U.S. politicians appear to have known better than to accept 
Soviet offers for aid, the practice may have still been of value to the KGB’s active measures 
apparatus. Directly offering assistance to potential U.S. presidential candidates could have 
served multiple purposes: aside from providing the offered boost to the Kremlin's desired 
candidates, any accepted offer could have also served as leverage for blackmail or a 
foolproof way to ruin the acceptor's reputation should the relationship ever sour. In 
addition, any evidence that an offer of assistance was made, or that contact between foreign 
influence agents and anyone involved in a candidate's campaign or administration had 
taken place, could be used by that candidate's opponents or detractors. Opponents could 
use evidence of a Russian attempt to render aid to smear or slander the candidate as corrupt, 
even if the candidate rejected the offer. Additionally, if a credible suggestion that the 
Kremlin might have influenced a U.S. election or compromised a lawmaker were 
introduced in the American press or even leaked deliberately by Soviet agents, domestic 
and international belief in the legitimacy of elected leaders could be undermined, which 


would then lead to a constitutional crisis. 


According to Mitrokhin's archives, the KGB launched a concerted effort to doom 
hawkish anti-Soviet Senator Henry *Scoop" Jackson's presidential aspirations in 1976 by 
forging FBI documents falsely indicating that he was a homosexual (at a time when U.S. 
voters were seen as likely to reject such a candidate), and distributing them to his political 


rivals, as well as popular magazines in hopes that the rumor would catch on.!?^ Though no 
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evidence suggests these rumors played a significant role in derailing Jackson's presidential 
bid, the KGB continued attacking the Senator by disseminating forged documents 


regarding his sexual preferences more than a year after he ended his campaign. ^ 


B. MODERN MEDDLING IN U.S. ELECTIONS 


The initial years after the Soviet Union's collapse marked an apparent respite in 
concerted Russian attempts to influence the outcome of Western elections, but by the 
second decade of the twenty-first century, it became increasingly clear that the lull was 
over. Particularly since 2014, the concept and scope of Russian interference campaigns has 
become extremely well known in Western nations, even as Moscow issues repeated 
denials. Along with U.S. elections, allegations of Russian interference have surfaced in 
recent British, Bulgarian, German, French, Scottish, Spanish, and Ukrainian elections and 
referenda within a five-year period. 186 One of the largest and arguably most consequential 
Kremlin attempts to tip the scales for or against political candidates in recent years is the 
2016 U.S. presidential election, in which a variety of mechanisms were allegedly deployed 
in support of candidate Donald Trump and against Putin foe Hillary Clinton. This section 
attempts to analyze the various subversive avenues Russia used in its attempt to sway the 
election, as well as a few others occurring in the same general timeframe, to include overt 


Russian media, social media, hacking theft, and other cyberattacks. 


1. State-Run Media 


In 2017, the U.S. Director of National Intelligence (DNI) released an interagency 


report on Russian interference in the 2016 presidential election, which revealed that the 
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nation had used both overt and covert means to affect the outcome. This document 
extensively referenced state-owned media outlets RT and Sputnik and highlighted their 
role in attempting to tilt the previous year's U.S. presidential election in favor of Trump. '®” 
The report cites the Kremlin-backed media companies' frequent denigration of Democratic 
candidate Hillary Clinton and the U.S. presidential election process as a calculated, years- 
long program aimed specifically at damaging her electability. Russia's English-language 
media outlets are not only used to spread negative information, to be sure. These news 
networks also take advantage of their apparent legitimacy as news sources to boost 
coverage of events and political actors not widely covered by traditional media, and thus 
boost the candidates' profiles and expand their audiences. Far-left U.S. Green Party 
presidential candidate Jill Stein, derided by many Democratic Party supporters as an 
unserious candidate whose presence on the ballot served primarily to split the liberal vote, 
and thus, to benefit Republicans, received outsized support and publicity from RT and 
Sputnik during the 2012 and 2016 presidential campaigns.'®® Such support included a 
number of interviews and a primetime 2016-debate broadcast that allowed her to showcase 
her campaign platform.!9? Stein's enthusiastic appearance at a 2015 gala celebrating RT’s 
10th anniversary, along with her outspoken advocacy for such Kremlin obsessions as lifting 
Crimea-related sanctions and criticism of Ukraine, raised alarm in light of the DNI 
report. Evidently suspicious of RT’s outsized coverage of Stein, the U.S. Senate 
Investigative Committee in 2017 announced a probe of her campaign to look for evidence 


of illegal Russian support.'?! Stein denied any improper collusion with the Kremlin but 
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initially resisted cooperating with the investigations, and at least two separate reports 
commissioned by the U.S. Senate found strong evidence of longstanding Russian support 
for her campaigns beginning soon after RT's launch. Such support was not 
unprecedented, as RT had also frequently played host to former Republican congressman 
Ron Paul, one of Stein’s 2012 presidential election opponents. '?? For his part, Paul, who 
conducted three combative, nontraditional populist presidential campaigns as a Libertarian 
and a Republican, has been described as one of the most outspoken defenders of Putin ever 
to have held U.S. federal office.?^ RT also provided significant support and airtime to 
former Minnesota governor and professional wrestler Jesse Ventura, an avid conspiracy 
theorist and U.S. government critic who occasionally announces exploratory presidential 


campaigns. !%° 


Though not a candidate himself, U.S. Lieutenant General Michael Flynn was also 
frequently invited to appear as a guest speaker on RT to advocate for positions supported 
by the Kremlin. '?9 A sharp critic of U.S. foreign policy since being ousted from his role as 


President Obama's Defense Intelligence Agency director, Flynn found a very receptive 
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audience for his criticisms in RT.'%” Flynn’s acceptance of $45,000 from the network to 
give a speech at the same network gala Stein attended later played a role in his forced 
resignation as President Trump's National Security Advisor due to improper contacts with 
the Russian ambassador before Obama's term ended, along with a federal indictment and 


trial that dragged on for the entirety of Trump's presidency. !?? 


2. Social Media 


On the covert side of its operation, Russia's attempts to interfere in the 2016 U.S. 
election made extensive use of its internet troll and bot armies on U.S.-based social media 
platforms. Even as Western newspapers began to grapple with the trolls’ invasion of online 
comments sections, such social media titans as Facebook and Twitter appeared clueless or 
unconcerned by contrast. Just after Trump's victory in November 2016, Facebook founder 
Mark Zuckerberg publicly scoffed at accusations that fake news on social media or foreign 


manipulation of the platform had any noteworthy impact, and insisted, “to think it 


influenced the election in any way is a pretty crazy idea." 9? 
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At the same time, however, Facebook offered to embed staff in both the Trump and 
Clinton campaigns to help them use company algorithms to tailor paid content to optimal 
audiences; the company was clearly confident that its advertising service could be used to 
influence voters.?? Additionally, the social media giant accepted Russian rubles as 
payment from a company buying more than $100,000 worth of divisive U.S. political ads; 
thus, arguably, Facebook also knew or should have known that foreign entities were using 
the platform to attempt to exert their own influence on the election.??! See Figure 1. To 
Facebook's credit, it evidently had alerted the FBI of anomalous domestic political activity 
originating from Russia that it had detected on its platform in June 2016. Unfortunately, 
the company misidentified the nature of the abnormal activity as relating to possible 
espionage rather than an election influence campaign, and thus missed an important early 


signal of the operation.??? 


200 Daniel Kreiss and Shannon C. McGregor, “Technology Firms Shape Political Communication: The 


Work of Microsoft, Facebook, Twitter, and Google with Campaigns during the 2016 U.S. Presidential 
Cycle," Political Communication 35, no. 2 (April 3, 2018): 155-77, 
https://doi.org/10.1080/10584609.2017.1364814. 


201 Committee on the Judiciary, Extremist Content and Russian Disinformation Online: Working with 
Tech to Find Solution, Senate, 105th Cong. 1st sess., 2017, 
https://www.judiciary.senate.gov/meetings/extremist-content-and-russian-disinformation-online-working- 
with-tech-to-find-solutions. 


202 Adam Entous, Elizabeth Dwoskin, and Craig Timberg, “Obama Tried to Give Zuckerberg a Wake- 
up Call over Fake News on Facebook,” Washington Post, September 24, 2017, 
https://www.washingtonpost.com/business/economy/obama-tried-to-give-zuckerberg-a-wake-up-call-over- 
fake-news-on-facebook/2017/09/24/15d19b12-ddac-4ad5-ac6e-ef909e1c1284_story.html. 
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B| Back the Badge 


Community of people who support our brave heroes. 


Back the Badge 
Community 


ie Like Page 
111,113 people like this. s 9 


Ad ID 2743 
Ad Text Community of people who support our brave heroes. 
Ad Landing Page https://www.facebook.com/Back-the-Badge-341 177 102896426/ 
Ad Targeting Location - Living In: United States 
Age: 24 - 45 
Placements: News Feed on desktop computers, News Feed on mobile 
devices or Right column on desktop computers 
People Who Match: Interests: Police, Law enforcement or Police officer 
And Must Also Match: Interests: The Thin Blue Line, National Police Wives 
Association or Heroes Behind The Badge 
Ad Impressions 17 
Ad Clicks 3 
Ad Spend 37.32 RUB 
Ad Creation Date 10/18/16 03:13:22 AM PDT 


Targeted Facebook Advertisement identified as part of a Russian interference effort, paid 
for in Rubles and advertising a Russian-operated page sharing additional content. 


Figure 1. Back the Badge Facebook Advertisement. ??? 


Approximately one year after the election, Facebook executives were called to 
appear before the Senate Judiciary Committee regarding the role the platform unwittingly 
played in Russia's influence campaign. At this hearing, a company representative testified 
that internal analysis showed that Russian influence agents had reached 126 million unique 
users over a period of three years leading up to the 2016 election.” These figures included 
at least 3,517 advertisements purchased by the IRA as highly targeted sponsored content 
(e.g., paid posts seen only by a narrow audience fitting demographics specified by the 
advertiser). Much more of the volume came from the creation of interest-based groups and 


false American identities producing and sharing such free content as pop culture-based 


203 Source: Permanent Select Committee on Intelligence, *Social Media Advertisements, 2016, 
Quarter 4, 2016-10: P(1)0005278," U.S. House of Representatives, accessed December 6, 2020, 
https://intelligence.house.gov/social-media-content/social-media-advertisements.htm. 


204 S., Committee on the Judiciary. 
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memes, however.” The campaign also exploited the company's subsidiary photo- and 
video-sharing site Instagram, which hosted at least 170 Russian interference-linked 
accounts and duplicated a number of the insidious ads purchased on Facebook.??9 Russia's 
disinformation was then amplified on both sites by unsuspecting Americans sharing and 
reposting the tainted content to even wider audiences." See Figures 2 and 3. Content 
known or suspected to have come from coordinated Russian activity covered a wide range 


of election-adjacent topics, including but not limited to the following: 


° promotion or attack of political policies 

. commentary on social issues 

° inflammatory religious imagery 

. election logistics disinformation, such as false advertisements with phone 


numbers encouraging readers to text their votes rather than waiting in line 


at a polling location.??? 


205 A meme is a popular image or video, often humorous in nature, shared widely by Internet users. 
Nick Penzenstadler, Brad Heath, and Jessica Guynn, *We Read Every One of the 3,517 Facebook Ads 
Bought by Russians. Here's What We Found," USA Today, May 11, 2018, 
https://www.usatoday.com/story/news/2018/05/11/what-we-found-facebook-ads-russians-accused-election- 
meddling/602319002/. 


206 Mike Isaac and Daisuke Wakabayashi, “Russian Influence Reached 126 Million through Facebook 


Alone,” New York Times, sec. Technology, October 31, 2017, 
https://www.nytimes.com/2017/10/30/technology/facebook-google-russia.html. 

207 Isaac and Wakabayashi. 

208 On a document for Congress showing a series of English and Spanish tweets encouraging Clinton 
supporters to vote via text or Twitter hashtag and/or falsely claiming that each voter would need to bring a 
birth certificate, “IL driving license record”, naturalization certificate, social security card, government ID 
card AND a U.S. or foreign passport to vote, Twitter appended a disclaimer that they had not definitively 
attributed Russian origin to those particular ads, but attributed them to automated accounts. The House 
Intelligence Committee Minority subsequently released the document showing these tweets along with a 
comprehensive list or IRA Twitter account names and RT network's paid Twitter advertisements in a 
release titled: “Exposing Russia's Effort to Sow Discord Online: The Internet Research Agency and 
Advertisements," U.S. House of Representatives, Permanent Select Committee on Intelligence, accessed 
September 30, 2020, https://intelligence.house.gov/social-media-content/default.aspx; Penzenstadler, 
Heath, and Guynn, *Every One of the 3,517 Facebook Ads"; AnneClaire Stapleton, *No, You Can't Vote 
by Text Message," CNN, November 7, 2016, https://www.cnn.com/2016/11/07/politics/vote-by-text- 
message-fake-news/index.html. 
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STOP Stop a wh Like Page 


| bet most of Americans don't want to pay for illegal aliens that get more 
welfare benefits than U.S. citizens. And if the people are only source of 
power, according to the Constitution of the United States of America, why 
does the government not deport all illegal aliens yet? 


ti Like @ Comment ^ Share 


Ad ID 1301 


Ad Text | bet most of Americans don't want to pay for illegal aliens that get more 
welfare benefits than U.S. citizens. And if the people are only source of 
power, according to the Constitution of the United States of America, why 
does the government not deport all illegal aliens yet? 

Ad Landing Page https //www facebook com/Stop-Al-896610653786585/ 
Ad Targeting Location: United States 
Age: 18 - 65+ 
Placements: News Feed on desktop computers or News Feed on mobile 
devices 
People Who Match: People who like Stop A.L., Friends of connections 
Friends of people who are connected to Stop A I 


Ad Impressions 1,111 
Ad Clicks 237 
Ad Spend 300.00 RUB 
Ad Creation Date 05/18/16 01:48:58 AM PDT 
Ad End Date 05/20/16 01:48:57 AM PDT 


Targeted Russian Facebook advertisement, paid in rubles, attempting to capitalize on social 
and political issues by promoting its “Stop All Invaders/Stop A.I.” page in May 2016. 


Figure 2. Stop A.I. (AKA Stop All Invaders) Facebook Advertisement??? 


?09 Source: Permanent Select Committee on Intelligence, *Social Media Advertisements, 2016, 
Quarter 2, 2016-05: P(1)0000410,” U.S. House of Representatives, accessed December 6, 2020, 
https://intelligence.house.gov/social-media-content/social-media-advertisements.htm. 
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Ej BM sh Like Page 
There is a disgusting video circulating on the internet which shows an 
unidentified white cop rape a helpless Black teen. 


RAPIST WHITE COP 
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Ad ID 2230 


Ad Text There is a disgusting video circulating on the internet which shows an 
unidentified white cop rape a helpless Black teen. Shameless White Cop 
Rapes Black Teen | BM BM 
Ad Landing Page https -//blackmattersus com/16874-shameless-white-cop-rapes-black-teen/ 
Ad Targeting Location - Living In: United States: Cleveland (+25 mi) Ohio 
Age: 16 - 65+ 
Language: English (UK) or English (US) 
Placements: News Feed on desktop computers or News Feed on mobile 
devices 
People Who Match: Interests: Black Power, Racial equality, Social justice. 


Black Panther Party or Cop Block 
Ad Impressions 0 
Ad Clicks 0 
Ad Spend None 
Ad Creation Date 10/26/16 06:12:50 AM PDT 
Ad End Date 10/04/16 01:47 38 AM PDT 
Ad ID 2231 


Ad Text There is a disgusting video circulating on the internet which shows an 
unidentified white cop rape a helpless Black teen. Shameless White Cop 
Rapes Black Teen | BM BM 


Ad Landing Page https: //blackmattersus.com/16874-shameless-white-cop-rapes-black-teen/ 


Ad Targeting Location - Living In: United States: Minneapolis (+25 mi) Minnesota 
Age: 16 - 65+ 


MUST FACE THE LAW 


Shameless White Cop Rapes Black Teen | BM Placements: News Feed on desktop computers or News Feed on mobile 


There is a disgusting video circulating on the intemet which shows an unidentified devices 
white cop rape a helpless Black teen People Who Match: Interests: Black Power, Racial equality, Social justice. 
Black Panther Party or Cop Block 


Ad Impressions 0 
Ad Clicks 0 
Ad Spend None 
Ad Creation Date 10/26/16 06:13:56 AM PDT 
Ad End Date 10/04/16 01:47:38 AM PDT 


Russian Facebook advertisements using incendiary racial and social content to drive traffic to a fake Black 
social justice website operated by the IRA and narrowly targeted to Facebook users within 25 miles of 
Cleveland and Minneapolis, in the final weeks before the 2016 U.S. election. A Senate Intelligence 
Committee report found that “no single group of Americans was targeted by IRA information operatives 
more than African-Americans" and that two-thirds of IRA Facebook advertisements included words related 
to race; the report also illuminated efforts to dissuade African-Americans from voting in 2016, or to support 
Green Party candidate Jill Stein. 


Figure 3. BM (AKA Black Matters) Facebook Advertisement.?!? 


Exact figures on Kremlin-produced content are unattainable for a variety of 
reasons. Deleted or suspended accounts cannot always be recovered for review, definitively 
identifying the origin of every single well-produced fake profile is likely impossible, and 
distinguishing impersonators and amplifier accounts from authentic users is challenging. 
Nevertheless, a sense of the scope and breadth of Russia's operation can be gleaned from 
a review of statistics put forth by social media companies and investigative reports 


following the 2016 election.?" At the same Senate Judiciary Committee hearing where 


210 Source: Permanent Select Committee on Intelligence, *Social Media Advertisements, 2016, 
Quarter 4, 2016-10: P(1)0004496," U.S. House of Representatives, accessed December 6, 2020, 
https://intelligence.house.gov/social-media-content/social-media-advertisements.htm. 


211 Renee DiResta et al., The Tactics & Tropes of the Internet Research Agency (Austin, TX: New 
Knowledge, 2018); Penzenstadler, Heath, and Guynn, *Every One of the 3,517 Facebook Ads"; S., 
Committee on the Judiciary. 
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Facebook disclosed its initial findings, Google admitted its streaming platform YouTube 
had been host to more than 43 hours of content across over 1,100 videos produced by 
suspected Russian interference agents. Google also shared that its AdSense online 
advertisement service had accepted more than $4,700 from the IRA to advertise on web 
pages and in search results.?"? In its turn at the same hearing, Twitter divulged the discovery 


of more than 2,700 IRA-affiliated accounts that had produced 130,000 tweets.?!? 


Each of these platforms substantially raised the totals in subsequent reporting on 
Russian interference in the ensuing months and years as investigations continued. In 
October 2018, Twitter released more than nine million messages generated by 3,841 IRA- 
linked accounts.?!^ Facebook later announced that it had deleted roughly 583 million 
fraudulent accounts and 837 million spam posts in the first quarter of 2018 alone, and that 
it believed that an additional four percent of its more than two billion active users were 
likely fake accounts that had gone undetected.?^ Though Russian interference was not 
likely responsible for every one of these fraudulent accounts, the sheer volume highlights 
the high degree of vulnerability of social platforms to misuse and illustrates the tremendous 
difficulty of detection and removal on so grand a scale.*'® Concurrently with Facebook and 
Twitter's announcements, such additional platforms as blog-hosting site Tumblr were 
found to have been exploited as well. After first reporting the suspension of 84 accounts 
that the company says "engaged in state-sponsored disinformation and propaganda 
campaigns" in March 2018 following months of media pressure, Tumblr added an 


additional 113 names to this list by mid-November.?" 


212 S. 
213 S. 


214 Twitter News Desk, “Twitter’s Focus Is on a Healthy Public Conversation," Elections Integrity 


(blog), October 17, 2018, https://about.twitter.com/en us/values/elections-integrity.html. 


215 Guy Rosen, “Facebook Publishes Enforcement Numbers for the First Time,” Facebook Newsroom 
(blog), May 15, 2018, https://newsroom.fb.com/news/2018/05/enforcement-numbers/. 

216 Rosen. 
Issie Lapowsky, “Tumblr IDs 84 Accounts that Spread Propaganda,” Wired, March 23, 2018, 
https://www.wired.com/story/tumblr-russia-trolls-propaganda/; “Public Record of Usernames Linked to 
State-Sponsored Disinformation Campaigns,” Tumblr Help Center (blog), November 16, 2018, 
http://tumblr.zendesk.com/hc/en-us/articles/360002280214-Public-record-of-usernames-linked-to-state- 
sponsored-disinformation-campaigns. 
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3. Microtargeting 


One of the reasons Russia’s 2016 social media influence campaign escaped 
mainstream scrutiny for as long as it did likely owed to its ability to tailor specific messages 
to different groups.?!? By partitioning the content, Russian actors ensured that only those 
likely to accept or appreciate a given message would even see it; indeed, the Senate 
Judiciary hearings into Russian social media influence campaigns indicated that much of 
the content was tailored and distributed to specific audiences.”!9 While the trolls may have 
simply exploited publicly visible biographical and interest-based information on users' 
social media profile pages and user-generated content, they also may have capitalized on 
the availability of public records data in U.S. jurisdictions and thus extrapolated this data 


by using political or societal stereotypes.??? 


Worryingly, speculation abounded in the months after the 2016 election that 
Russia's targeted influence efforts may have also relied on criminally obtained 
information. One popular early theory was that Russian hackers might have stolen voter 
data by hacking the Democratic or Republican National Committee or even election 
commission offices.??! Another incendiary accusation was that the Trump campaign might 
have provided information about voter rolls to the Russian operatives.??? Though neither 
story was proven, the implication is terrifying; immense troves of data concerning potential 


voters exist in nearly all developed Western democracies. Much of this data is maintained 


"i Filipe N. Ribeiro et al., *On Microtargeting Socially Divisive Ads: A Case Study of Russia-Linked 


Ad Campaigns on Facebook," in Proceedings of the Conference on Fairness, Accountability, and 
Transparency—FAT* ‘19, 140—49, January 29, 2019, https://doi.org/10.1145/3287560.3287580. 


219 ¢ Committee on the Judiciary. 


220 Robert E, Walker, *Combating Strategic Weapons of Influence on Social Media" (master's thesis, 
Naval Postgraduate School, 2019), https://www.hsdl.org/?view&did=828243. 


??! Violet Blue, “What If Russian Voter Hacks Were Just Part of Its Facebook Ad Campaign?," 


Engadget, October 6, 2017, https://www.engadget.com/2017-10-06-russian-voter-hacks-support-facebook- 
ad-campaign.html. 


222 Peter Stone and Greg Gordan, “Trump-Russia Investigators Probe Jared Kushner-Run Digital 


Operation,” McClatchey DC Bureau, July 12, 2017, https://www.mcclatchydc.com/news/nation- 
world/national/article160803619.html; Issie Lapowsky, “Did Trump’s Data Team Help Russians? 
Facebook Might Have the Answer,” Wired, July 14, 2017, https://www.wired.com/story/trump-russia-data- 
parscale-facebook/; Martin Longman, “Did the Russians Mess with the Voter Rolls?,” Washington 
Monthly, June 1, 2018, https://washingtonmonthly.com/2018/06/01/did-the-russians-mess-with-the-voter- 
rolls/. 
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by private entities outside the federal government's purview to protect or regulate.?? 


Moreover, nearly all this data can be obtained through a variety of means, to include 


legitimate purchases, theft, espionage, or collusion with a compromised actor. 


4. Hacking and Cyberattacks 


One of the most widely known and consequential examples of Russia's use of 
cyberattacks to influence an election is the hacking, attributed to the GRU, of the 
Democratic National Committee (DNC) and Hillary Clinton campaign team members' 
emails around 2016. According to a July 2018 indictment filed by Special Counsel Robert 
Mueller against 12 GRU officers, the intelligence agency used a variety of techniques 
including spearfishing through spoofed Google security notification messages and 
Microsoft files.?^ Once inside the DNC’s networks, they monitored staff activity, 
implanted malware, and stole additional documents. The intrusion was not wholly 
unnoticed, but it was not stopped. The FBI had alerted the DNC of suspicious Russian- 
based activity on their servers on multiple occasions beginning in September 2015, though 
miscommunications and insufficient technical scans within the DNC failed to act properly 


on these tips.??* 


In June 2016, the hackers used anonymous online personas called DCLeaks and 
Guccifer 2.0 to *leak" selectively and promote links to thousands of the emails and other 
documents to the public without revealing obvious Kremlin fingerprints. The hackers also 


appeared to partner with WikiLeaks, a renowned international trafficker of stolen 


= Stephen P. Mulligan, Wilson C. Freeman, and Chris D. Linebaugh, Data Protection Law: An 
Overview, CRS Report No. R45631 (Washington, DC: Congressional Research Service, 2019), 79. 


5 Department of Justice, Indictment: United States of America v. Viktor Borisovich Netyksho, Boris 


Alekseyevich Antonov, Dmitriy Sergeyevich Badin, Ivan Sergeyevich Yermakov, Aleksey Viktorovich 
Lukashev, Sergey Aleksandrovich Morganchev, Nikolay Yuryevich Kozachek, Pavel Vyacheslavovich 
Yershov, Artem Andreyevich Malyshev, Aleksandr Vladimirovich Osadchuk, Aleksey Aleksandrovich 
Potemkin, and Anatoliy Sergeyevich Kovalev, Defendants (Washington, DC: Department of Justice, 2018), 
https://www.justice.gov/file/1080281/download. 


225 Tsikoff and Corn, Russian Roulette. 
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information and government secrets.” U.S. media outlets reported extensively on the 
contents of the emails each time a new batch was released, to damaging effect; a Columbia 
Journalism Review study conducted after the election argued that The New York Times’ 
extreme focus on the hack and leak played an outsized role in costing Clinton the 
presidency.?^ Among other controversial issues, information in the emails revealed DNC 
chairwoman Debbie Wasserman Schultz's apparent bias toward Clinton and disdain for 
her primary opponent Bernie Sanders.” This disclosure led to Wasserman Schultz's 
immediate resignation on the eve of the Democratic National Convention, as well as high 
tension between Sanders and Clinton supporters that overshadowed Clinton's nomination 
ceremony and potentially cost her some of the Sanders supporters’ votes in the general 


election.*79 


Somewhat surprisingly, Moscow’s scheme with the stolen emails was not entirely 
met with bipartisan condemnation, and may have even received some measure of tacit 
encouragement. In July 2016, Trump generated a scandal by publicly asking Russia to “find 
the 30,000 emails that are missing” from Clinton’s server during a televised campaign 
speech, saying Moscow’s hackers would “probably be rewarded mightily by our press” for 
doing so.?*? Occurring soon after public reports that intelligence officials believed Russia 
was behind the DNC server hack emerged, Trump's request was criticized by some as a 


literal entreaty to an adversarial foreign state to intervene on his behalf in the election via 


226 Committee on Intelligence, Russian Active Measures Campaigns and Interference in the 2016 U.S. 
Election Volume 5: Counterintelligence Threats and Vulnerabilities, S. Rep. 116-XX, Senate, 116th Cong. 
1st sess., 2020, https://www.intelligence.senate. gov/sites/default/files/documents/report_volume5.pdf; 
Isikoff and Corn, 66. 


227 Duncan J. Watts and David M. Rothschild, *Don't Blame the Election on Fake News. Blame It on 


the Media," Columbia Journalism Review, December 5, 2017, https://www.cjr.org/analysis/fake-news- 
media-election-trump.php. 


228 teikoff and Corn, Russian Roulette, 130—131, 164—175; Alana Abramson and Shushannah Walshe, 
“The 4 Most Damaging Emails from the DNC WikiLeaks Dump,” ABC News, July 25, 2016, 
https://abcnews.go.com/Politics/damaging-emails-dnc-wikileaks-dump/story?id=40852448. 


229 Sean Illing, “Division and Tension at the DNC: The Democrats’ Night of Unity Is Marred by 
Dissent,” Salon, July 26, 2016, 
https://www.salon.com/2016/07/26/division_and_tension_at_the_dnc_the_democrats_night_of_unity_is_m 
arred_by_dissent/. 


= Ashley Parker and David E. Sanger, “Donald Trump Calls on Russia to Find Hillary Clinton’s 
Missing Emails,” New York Times, sec. U.S., July 27, 2016, 
https://www.nytimes.com/2016/07/28/us/politics/donald-trump-russia-clinton-emails.html. 


66 


Page 3149 of 3957 


Page 3150 of 3957 


illegal activity.” In 2017, reports emerged that Trump's son Donald Jr. and son-in-law 
Jared Kushner, along with Trump campaign manager Paul Manafort, had met with a 
Kremlin-linked Russian attorney offering damaging information about the Clintons the 
same week that documents stolen from the email hack were released.^? To Trump's rage 
and dismay, his opponents seized on this meeting, along with inconsistent explanations of 
it from Trump and his legal advisors, to accuse his campaign of collusion with Russia in 
the hacking and influence campaign or at least inappropriate behavior in the face of 


improper offers of assistance from a top U.S. foe.?? 


Moscow's hacking efforts targeted not just communications and documents from 
political campaigns, but also attacked U.S. election infrastructure; a chilling escalation that 
has the potential to cause longer-term damage to democratic societies than the defeat of a 
single candidate. Two months before the 2016 election, U.S. voters were alarmed by 
reports that the Department of Homeland Security (DHS) had detected hacking attempts 
on the election systems of 21 states, with Russia as the likely culprit.” A month before 
that disclosure, the Illinois Board of Elections had already confirmed that its database of 


registered voters had been breached in what the FBI considered a sophisticated foreign 


231 Darker and Sanger. 

232 Phillip Bump, “What We Know about the Trump Tower Meeting,” Washington Post, August 7, 
2018, https://www.washingtonpost.com/news/politics/wp/2018/08/07/what-we-know-about-the-trump- 
tower-meeting/; Isikoff and Corn, Russian Roulette. 


233 Further fanning the flames of collusion accusations was the revelation that major Trump campaign 


supporter Roger Stone had been in contact with WikiLeaks and seemed familiar with the contents of stolen 
emails before their release. Stone was later convicted on seven felony counts related to his obstruction of a 
Congressional inquiry into Russia’s attempts to influence the election in favor of Trump, including lying 
under oath and attempting to block the testimony of other witnesses. Even if no actual coordination 
occurred between the Trump campaign and Russia with regard to stolen and leaked emails, these incidents 
at the very least illustrate how the DNC and the Clinton campaign hacking operation managed to cause 
problems for both candidates at different times, and contribute more generally to exacerbating mistrust and 
division among American voters. Isikoff and Corn, Russian Roulette, 74; Parker and Sanger, “Donald 
Trump Calls on Russia”; Sara Murray and Kate Sullivan, “Text Messages Show Roger Stone Discussing 
WikiLeaks Plans Days before Hack,” CNN, November 26, 2018, 
https://www.cnn.com/2018/11/14/politics/text-messages-roger-stone-wikileaks-hack/index.html; Isikoff 
and Corn, Russian Roulette; Sharon LaFraniere and Zach Montague, “Roger Stone Is Convicted of 
Impeding Investigators in a Bid to Protect Trump,” New York Times, sec. U.S., November 15, 2019, 
https://www.nytimes.com/2019/11/15/us/politics/roger-stone-trial-guilty.html. 


as Cynthia McFadden et al., “Red Alert? Hackers Target Election Systems in 20 States,” NBC News, 
September 29, 2016, https://www.nbcnews.com/news/us-news/red-alert-election-systems-20-states- 
targeted-hackers-n657036. 
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attack.??? In July 2018, the office of Special Counsel Mueller took action on these claims 
and announced an indictment charging that two GRU operatives probed websites and 
networks of counties in Georgia, Florida, and Iowa for back-end server vulnerabilities one 
week before the 2016 election.”°° In 2019, reports from the Senate Intelligence Committee, 
DHS, and FBI eventually acknowledged that Russia had actually attacked the election 
infrastructure of all 50 U.S. states in 2016, with a possible intent to use the fruits of these 


attacks at a later time.??? 


C. OTHER MODERN RUSSIAN EFFORTS TO INFLUENCE FOREIGN 
ELECTIONS 


Such a multi-faceted and sophisticated blitz (e.g., support for preferred candidates, 
slander against opponents, media manipulation, internet trolls, cyberattacks, and other 
interference tactics) has troubled democratic elections across the world. In fact, the United 
States could have looked toward NATO partner Bulgaria's elections in 2015 and 2016 as 
a warning of the potential danger to come in its own election cycle. On the day of its local 
elections and referendum on future electronic voting in 2015, the networks of Bulgaria's 
Central Elections Commission and various government ministries were besieged by a 
DDoS attack.” Such assaults are commonly used to overwhelm sites and servers with 
automated connection requests to the point of a catastrophic crash. The Central Election 
Commission announced that it was confident that the integrity of the results remained intact 


despite the attack, but subsequent U.S. government and private sector analysis of the attack 


235 Cynthia McFadden, William Arkin, and Kevin Monahan, “Russians Penetrated U.S. Voter 
Systems, Top Official Says,” NBC News, February 7, 2018, 
https://www.nbcnews.com/politics/elections/russians-penetrated-u-s-voter-systems-says-top-u-s-n845721; 
Ellen Nakashima, “Russian Hackers Targeted Arizona Election System,” Washington Post, July 29, 2016, 
https://www.washingtonpost.com/world/national-security/fbi-is-investigating-foreign-hacks-of-state- 
election-systems/2016/08/29/6e758ff4-6e00-11e6-8365-b19e428a975e_story.html. 

2 Department of Justice, Indictment: United States of America v. Viktor Borisovich Netyksho. 

237 Select Committee on Intelligence, Russian Active Measures Campaigns and Interference in the 
2016 U.S. Election Volume 1: Russian Efforts against Election Infrastructure with Additional Views, S. 
Rep. 116-XX, Senate, 116th Cong., 1st sess., 2018, 
https://www.intelligence.senate.gov/sites/default/files/documents/Report_Volumel1.pdf. 
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accusing GRU as the culprit raised alarms about the extent of Russian influence 


campaigns.??? 


Ahead of the country's 2016 presidential election, multiple Bulgarian government 
officials reported that its national security service had intercepted an election strategy 
dossier produced by a Kremlin-linked Russian think tank and prepared for Bulgaria's 
Socialist Party.” Delivered by a Russian official sanctioned by the United States for 
spying, the document proposed the distribution of false polling data favoring the party's 
candidate and anti-NATO position to help the party win.*4! Polls predicting the Socialist 
Party candidate's victory and alleging that a majority of Bulgarians trusted Russia more 
than NATO had indeed mysteriously surfaced during the election campaign season.?^? The 
poll had been conducted by a mysterious Bulgarian company called Gallup International, 
which bore no relation to and was the target of a name-infringement lawsuit from renowned 
U.S.-based polling company Gallup Incorporated.?^ Per former Bulgarian ambassador to 
Russia, Ilian Vassilev, regarding the anti-NATO Gallup International report: 

This wrapped-in-secrecy poll had no details on methodology nor funding 

sources. Russian media strategists and their Bulgarian proxies used the 

Western name to fool people about its credibility and spread their 

message.” 

Along with this assessment, Vassilev published a warning about Russia’s use of RT, 


Sputnik, and various proxies to sway the Bulgarian vote and ultimately drive the nation out 


239 Gordon Corera, “Bulgaria Warns of Russian Attempts to Divide Europe,” BBC News, sec. Europe, 
November 4, 2016, https://www.bbc.com/news/world-europe-37867591. 
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of NATO.?^ In the end, the Socialist Party's preferred candidate, Rumen Radev, won the 


election and became president.*“° 


The attack on Bulgaria's elections system was not unprecedented, as Russia had 
allegedly attempted the same in Ukraine one year prior during its 2014 presidential and 
parliamentary elections. Days before the election, self-proclaimed Russian “hacktivists” 
hacked the Central Election Commission's website in an effort to publish false information 
declaring a well-known far-right extremist as the election winner.” Not long after this 
came to light, the head of Ukraine's SBU security service announced two days before the 
election that a virus meant to destroy election results had been detected and removed from 


its Central Election Center services.?^? 


At the same time Bulgaria and the United States endured Russian election 
interference campaigns, yet another NATO country found itself in the Kremlin's 
crosshairs. French National Rally candidate Marine Le Pen’s 2016-2017 presidential 
campaign benefited from $13 million in loans from a Moscow bank, likely approved and 
quite possibly directed by the Kremlin.?? This substantial funding was seen as vital to 
keeping the once-fringe candidate's campaign afloat, and helped her achieve a shocking 
second-place finish. During a highly publicized meeting between Le Pen and Putin ahead 
of the election, the Russian leader appeared to be trying hard not to smile as he ominously 
stated that “of course" Russia did not want to meddle in the French election.’ Such outside 


support has been critical to National Rally's survival as French and other Western banks 
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had refused to finance a party seen by many as racist and xenophobic.?! A BBC report 
citing hacked emails and conversations with multiple Le Pen associates heavily suggested 
prior clandestine meetings between Le Pen and Putin and detailed her intended role in 
legitimizing Russia's Crimea annexation.^? It should be noted that financial support 
offered by Russia is often obscured through intermediaries for plausible deniability, and 
that support need not be explicitly monetary.” Hungary’s Political Capital Policy 
Research and Consulting Institute opined in 2014 that in exchange for fealty to the Kremlin, 
parties are given “valuable professional, organizational and media assistance, i.e., access 


to networks and political know-how.” ?54 


During France's 2017 presidential election, Russia's state-run Sputnik news agency 
published false reports that Francois Fillon had overtaken Emmanuel Macron as Le Pen's 
strongest challenger. At minimum, the ploy seemed geared to ensure that her opponent 
in a potential runoff round would be Filion—another Russia-friendly, NATO-criticizing 
candidate—rather than Kremlin skeptic Macron.? Russian foreign media relentlessly 
attacked and smeared Macron throughout France's election season with a wide variety of 


topics and tactics." Sputnik and other Russian media outlets published baseless 
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accusations that Macron was homosexual, mentally ill, and financially supported by a 


mysterious and powerful “gay lobby.” ?>8 


The Kremlin also repeated the hack-and-leak stunt it used against the Clinton 
campaign during its interference in France's presidential election, albeit with diminished 
success. Two days before the 2017 presidential election runoff between Le Pen and 
Macron, nine gigabytes of data stolen from the Macron campaign including 21,075 emails 
were posted to the internet and promoted on social media by a large network of automated 
accounts, as well as WikiLeaks.” Disturbingly, the stolen Macron emails were 
purportedly mixed with falsified documents attempting to frame him for fraud; a trick that 
seems difficult for readers to discern or investigators to prove, given the illicit nature of the 
genuine documents’ theft and release.?9? Bolstering the theory that Russia had altered the 
emails, a report from the University of Toronto released that same month revealed similar 
tactics used by the GRU against journalist and Putin critic David Satter, whose stolen 
emails were deliberately modified in an effort to smear Putin critic Aleksei Navalny.?*! 
Such tactics represent a perhaps overlooked element of danger to hacked and stolen 
documents; they can be used as cover to add legitimacy to forgeries that thus put a digital 


twist on an age-old KGB dezinformatsiya trick. 


Possibly due to its mistimed release within the mandatory media blackout period of 


French eve-of-voting “election silence" laws, or perhaps because voters had already made 
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up their minds or were wary of email leaks after the recent Clinton hacking debacle, the 
episode seemingly had no major effect on the election result.??? Though Russia denied 
responsibility, an analysis conducted by cybersecurity company Flashpoint attributed the 
attack to the GRU.?9? This finding supported an earlier Trend Micro report warning of 
Russian phishing attempts against Macron and his campaign.?9* On October 19, 2020, the 
U.S. Justice Department unsealed indictments against six GRU officers for their roles in 
"spearphishing" hacks against Macron and his party, along with other cyberattacks 
including NotPetya, the Ukraine cyber grid disruption, and a 2018 Winter Olympic Games 


cyberintrusion.?9? 


These European countries’ recent experiences with Russian election interference 
contain many of the same elements the United States was subjected to in 2014: 
disinformation, media manipulation, leak of stolen documents, forgeries, support for fringe 
candidates, and even attacks on election infrastructure. The diversity, frequency, and broad 
range of Kremlin efforts to intervene in its rivals’ electoral affairs, along with the obvious 
harm manipulating the outcome of a country’s democratic process can cause in the short 
and long term, illustrate that election interference may be the most potent and dangerous 


of Russia’s covert influence tactics. 
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IV. FALLOUT AND VULNERABILITIES 


This chapter explores a range of vulnerabilities and possible consequences faced 
by the U.S. should such attacks on elections succeed. To do so, this chapter explores several 


examples of fallout from Russia's efforts against the 2016 U.S. presidential election. 


Though the Special Counsel finding and myriad intelligence reports definitively 
point to deliberate Russian interference in the 2016 U.S. election in support of a Trump 
victory, assessing the operation's effect on the outcome is necessarily an inexact science. 
While it is impossible to know, for example, how many voters would have chosen Clinton 
rather than Trump, Stein, or another option had it not been for encounters with Russian 
disinformation or the leaked email controversy specifically, it is not difficult to trace clear 


examples of damage to the Kremlin plot. 


One obvious consequence of Russian interference in the 2016 U.S. election was 
reputational harm for candidates and their surrogates. For one, the email leaks had a 
demonstrable effect on the DNC when Wasserman Schultz resigned as chairwoman due to 
the content of her exposed conversations. ?*9 Media coverage and public perception in light 
of the strategically damaging leaks was undeniably negative for Clinton as she sought to 
win over undecided and reluctant voters. Trump, his family, and his campaign team all 
clearly viewed coverage of the Trump Tower meeting and other allegations of the 
campaign's ties to Russia as unpalatable, given their efforts to deny accusations and shut 
down the Special Counsel investigation. Jill Stein, too, bristled at accusations that her 
campaign had been supported by Russia once the investigations of interference triggered 
additional scrutiny of her warm relationship with RT.?9/ It is clear, however, that 


reputational harm from the fallout of Moscow's meddling extended far beyond that of 
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political candidates and their campaign associates, likely to an extent that surprised even 


the leaders of the malign influence operations. 


Another example of how the ever-present possibility of Moscow meddling can lead 
to confusion and controversy occurred in October 2019, when a quote by Hillary Clinton 
warning that Russia was likely *grooming" a third-party disrupter like Stein to help defeat 
the 2020 Democratic candidate made waves in the media." Many U.S. news outlets 
reported that Clinton had accused 2020 Democratic presidential candidate Tulsi Gabbard 
of being a Russian asset, which then prompted a public feud between the two that led other 
2020 Democratic candidates to take sides amid a small rift within the party.?? Such 
organizations as the Alliance for Securing Democracy reported that Gabbard received 
outsized coverage on RT and that “bot-like activity" periodically boosts her profile on 
social media.?”° This finding raised several alarming possibilities, including that Russia 
could have either been boosting Gabbard as Clinton insinuated, or that it could be framing 
her as a distraction or a form of campaign-sinking slander. Even if the accusation could be 
proved false, this incident could nevertheless illustrate how the specter of Russian 
interference can be weaponized against a candidate and contribute to division without 
Russia even having to take action. This incident—and its knock-on effects—were only 
possible because of successful Russian influence operations and the effect it had on U.S. 


voters' perceptions. 
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Notably, Gabbard, Stein, and Trump have all publicly labeled criticism of their 
seemingly pro-Russia policies and associations as “McCarthyist.”?”' McCarthyism 
describes a period of time in which the U.S. government subjected thousands of its own 
citizens to loyalty tests, harsh investigations, and accusations of treason in service of the 
Soviet Union.?" Though Soviet espionage undeniably posed a threat at the time, this period 
is generally regarded negatively due to government overreach, baseless political 
persecutions, and exaggerated fears of communist influence. Today, RT journalists 
repeatedly publish articles decrying “McCarthyism’s return” in an effort to protest 
mounting restrictions against their operation in Western countries.?"^ Such disingenuous 
protests are reminiscent of Kim Philby, the notorious London Times journalist and Soviet 
double agent within British intelligence services who provided Moscow with top-secret 
communications between U.S. and British operatives in the CIA and MI6. Philby claimed 
to be an innocent victim of McCarthyist slander when his cover began to be blown, and 
used the success of his disingenuous protest to prolong his espionage for a time.” Though 
erroneously exonerated of the accusations, Philby did resign from his position at MI6 amid 


ongoing speculation; though he continued work as a journalist, his value to the Kremlin 
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was greatly diminished. Eventually outed by a Soviet defector, Philby ultimately defected 


himself, but received a cooler-than-anticipated reception in the Soviet Union. ?/9 


Ultimately, the 2016 U.S. election influence campaign paid more dividends than 
even Russia likely expected. One likely unplanned windfall of the DNC and Clinton 
campaign hacking operation for Moscow is that the U.S. response to the attack managed 
to entangle the FBI, long a target of Soviet dezinformatsiya smear campaigns, in extreme 
controversy that tarnished its reputation among a significant portion of the U.S. population. 
The Clinton email leaks added fuel to an ongoing, unrelated scandal regarding her improper 
use of a private email server for official business during her tenure as Secretary of State, 
as it hinted the possibility of security breaches with classified information." This 
development put FBI director James Comey in a bind as he struggled to decide what the 
bureau should and should not disclose to the public about both the private server 
investigation and the DNC hack investigation, because he feared any disclosures could 
imply or reveal improper conduct by a presidential candidate and thus potentially impact 


voters’ choices.?" Comey’s decisions on these matters led many Democrats to accuse him 
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of demonstrating undue bias against Clinton and deliberately swinging the election for 


Trump.?” 


Notably, Comey’s decisions were said to have been influenced by another facet of 
Russian interference and disinformation: the FBI’s discovery of a suspicious Russian 
intelligence document alleging that Attorney General Loretta Lynch had pre-emptively 
reassured Clinton's team that the server investigation would tread softly.*°° This document 
involved purported but possibly fabricated emails involving Lynch and Wasserman 
Schultz.??! Though the bureau's own analysis concluded that the report was unreliable and 
possibly deliberately manufactured to fluster U.S. intelligence agencies, its existence 
helped persuade Comey that a public explanation was needed as a defensive measure 


against future accusations of corruption.??? 


Unfortunately, for the FBI, Trump, along with many of his supporters, came to view 
Comey as biased against him due to the bureau's further investigation into Russian 


interference after the election, as it implied that Trump's narrow victory might have been 
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assisted by a top rival state. Trump also complained throughout his presidency that 
Comey and a cabal of “deep state" actors within the DOJ and FBI had engaged in illegal 
spying activity against his campaign to prevent or end his presidency.” Post-election 
polling indicates that the bureau experienced a loss of trust from both Congress and a 
significant portion of the U.S. population immediately following these episodes.”®° A 2018 
poll conducted by Penn State University found that since this episode, voters who lean 
Republican or independent trusted the FBI less than half the time, and that less than half of 


Americans believed that “most FBI agents enforce the law fairly."?96 


Other U.S. government intelligence agencies suffered from the fallout from 
Russia's election interference as well. The DNI released a declassified joint CIA, National 
Security Agency (NSA), and FBI report two months after the 2016 election, which 


unequivocally accused the Kremlin of meddling in the election to Trump's benefit: 


Russian President Vladimir Putin ordered an influence campaign in 2016 
aimed at the U.S. presidential election. Russia's goals were to undermine 
public faith in the US democratic process, denigrate Secretary Clinton, and 
harm her electability and potential presidency. We further assess Putin and 
the Russian Government developed a clear preference for President-elect 
Trump... Putin and the Russian Government aspired to help President-elect 
Trump's election chances when possible by discrediting Secretary Clinton 
and publicly contrasting her unfavorably to him...Moscow's influence 
campaign followed a Russian messaging strategy that blends covert 
intelligence operations—such as cyber activity—with overt efforts by 
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Russian Government agencies, state-funded media, third party 
intermediaries, and paid social media users or “trolls.”7°” 


Upset that it undermined the degree or legitimacy of his victory, Trump forcefully rejected 
the report’s finding even before it was published.?9? In December 2016, he issued a derisive 
rebuttal to the CIA's reported findings that starkly undermined his own intelligence 


agency’s credibility, “These are the same people that said Saddam Hussein had weapons 


of mass destruction.” 7° 


Siding with a principal U.S. adversary over his own intelligence community, Trump 
repeatedly insisted that he believed Putin’s denials about responsibility for the hack.??? On 
multiple occasions, Trump also suggested that the operation could have been the work of 
China, other countries, a morbidly obese domestic hacker, or even the DNC itself as a 
distraction from Clinton's private server scandal.??! The public spat touched off lasting 
friction between Trump and the intelligence agencies, particularly once Trump expressed 
public disdain for the Special Counsel investigation and sought a one-on-one meeting with 


Putin without alerting or consulting the DNI.?9?? 


The outgoing administration struggled to respond appropriately to the Clinton email 


release operation as it unfolded. President Obama initially chose to tread lightly and sought 
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to avoid appearing to aid Clinton's chances of victory.?9? Later deciding to alert the public 
of Russia's hand in election manipulation, Obama found himself thwarted by Mitch 
McConnell, the Republican Senate Majority Leader.*°* McConnell espoused skepticism of 
the available intelligence and refused to cooperate in a joint warning about election 
interference.” DHS Secretary Jeh Johnson's offer to provide state election officials with 
federal cybersecurity assistance was similarly thwarted by incidents such as Georgia 
Secretary of State Brian Kemp accusing the Obama administration of “a politically 
calculated move" and refusing to cooperate lest the Democratic administration seek to use 


the situation to aid its party's candidates in some way.” 


The Obama administration's eventual punitive response—the expulsion of 35 
Russian diplomats and the closure of two Russian embassy compounds—resulted in further 
collateral damage to the credibility of certain U.S. government officials when curiosity 
regarding Russia's uncharacteristic restraint from retaliation later ensnared two members 
of Trump's cabinet in scandals.” Mike Flynn, Trump's National Security Advisor, was 
found to have engaged in, and lied to the FBI and administration officials about, 
undisclosed conversations with Russia's ambassador to the United States before Trump 
took office, along with other omissions such as failing to report a $45,000 payment for his 
speech at the RT gala referenced earlier.?9? These findings led to Flynn’s swift departure 


from Trump's cabinet, which sparked investigations surrounding his alleged service as an 
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undisclosed foreign agent and potential violations of the U.S. Constitution's Foreign 


Emoluments Clause, and eventually drew indictments and a guilty plea from Flynn.?9? 


Attorney General Jeff Sessions was also embroiled in controversy over his own 
initially undisclosed contacts with the Russian ambassador prior to Trump's inauguration, 
when Sessions was a U.S. senator.” Amid calls for his resignation from Senate Democrats 
who felt he had misled them by failing to inform them of these contacts, Sessions swiftly 
recused himself from any DOJ investigations regarding Russian election interference.” 
Sessions' recusal led to the appointment of a Special Counsel investigation led by former 
FBI Director Robert Mueller, which infuriated Trump and ultimately led to Sessions's 


forced departure.??? 


Furious at accusations that his campaign had colluded with Russia, Trump sought 
to discredit the Special Counsel investigation throughout its duration by decrying it as a 
witch hunt and accusing Mueller and his team of being “angry Democrats" and “Trump 
haters” with a partisan agenda to sabotage him.” The investigation ultimately led to, 
among other things, 14 referrals of criminal matters to the DOJ, 37 indictments, and a 


report finding “numerous links between the Russian government and the Trump campaign" 


zd *Cummings Releases New Documents Confirming That Flynn Received Funds from Instrument of 
Russian Government," House Committee on Oversight and Reform, March 16, 2017, 
https://oversight.house.gov/news/press-releases/cummings-releases-new-documents-confirming-that-flynn- 
received-funds-from; Indictment: United States of America v. Michael T. Flynn, Defendant, Case 1:17-cr- 
00232-RC 1 (D.D.C. 2017), https://www.justice.gov/file/1015126/download. 


300 teikoff and Corn, Russian Roulette; Michael A. Memoli, *Trump National Security Advisor 


Michael Flynn Resigns over Contacts with Russia," Los Angeles Times, February 13, 2017, 
https://www.latimes.com/politics/la-na-pol-trump-flynn-20170213-story.html. 


301 Mark Landler and Eric Lichtblau, “Jeff Sessions Recuses Himself from Russia Inquiry," New York 


Times, sec. U.S., March 2, 2017, https://www.nytimes.com/2017/03/02/us/politics/jeff-sessions-russia- 
trump-investigation-democrats.html. 


302 Office of Public Affairs, “Appointment of Special Counsel,” Department of Justice, May 17, 2017, 
https://www.justice.gov/opa/pr/appointment-special-counsel; Peter Baker, Katie Benner, and Michael D. 
Shear, “Jeff Sessions Is Forced Out as Attorney General as Trump Installs Loyalist,” New York Times, sec. 
U.S., November 7, 2018, https://www.nytimes.com/2018/11/07/us/politics/sessions-resigns.html. 


305 Rachel Frazin, “Trump Knocks Mueller over Russia Probe: ‘18 Angry Democrats’ and ‘0 
Collusion,” The Hill, April 19, 2019, https://thehill.com/homenews/administration/439855-trump-knocks- 
mueller-over-russia-probe-18-angry-democrats-and-0. 


83 


Page 3166 of 3957 


Page 3167 of 3957 


along with evidence of “sweeping and systemic” Kremlin election interference.” William 
Barr, Sessions’ eventual successor as Attorney General, generated controversy and 
questions of credibility by issuing a summary letter of the Special Counsel report to the 
congressional Judiciary Committees in March 2019 that appeared to gloss over some of 
the report’s findings.°°° This report was assailed by many legal analysts, journalists, and 
Special Counsel members, including Mueller himself, as an inadequate or even deliberately 
misleading portrayal of the investigation's findings. The ensuing controversy resulted in 
further accusations of DOJ partisan corruption, and led to more than 2,000 former DOJ 
employees publicly calling for Barr's resignation, as well as 27 members of the DC Bar 
requesting sanctions against him in a formal disciplinary complaint." In aggregate, the 
nation's top law enforcement, justice administration, and intelligence bodies weathered a 
torrent of attacks on their credibility in the course of investigating Russian interference in 
the 2016 U.S. presidential election. Historically low faith in the DOJ, FBI, and intelligence 


community is an indisputable boon for future Russian election interference attempts. 


As with the AIDS and Kennedy assassination dezinformatsiya episodes, Russia 
could not have predicted or controlled the aftermath and consequences of their initial 
cyberattack against the DNC and social media trolling campaign, but can only be delighted 


by the outsized and lingering results. As it stands, the fallout of a hacking and 
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disinformation operation perpetrated by the Russian government helped induce a 


staggering amount of damage to a variety of targets. These include but are not limited to 


the following: 
e undermining Clinton's election campaign and damaging her prospects of 
victory 
e sowing lasting discord within the DNC 
° alienating and enraging potential left-leaning voters who had favored 
Sanders 
° setting in motion multiple events resulting in distrust for the FBI and DOJ 


and the ruination of prominent officials’ careers 


. provoking lasting animosity between Trump and the U.S. intelligence 
community 
° creating legal and political headaches along with embarrassing distractions 


for Trump, his children, and associates 


. spurring the firing and criminal prosecution of the National Security 
Advisor 
° leaving a large number of U.S. citizens believing their leader conspired 


with a major U.S. foe to take power 


The degree of damage to the credibility of U.S. government leaders and institutions 
affected by Russia's 2016 interference campaign is varied and difficult to quantify, but it 
is undeniable that some harm was sustained; and worryingly, could occur again. Even 
where evidence of Kremlin interference is elusive, the specter of such attacks hangs over 
subsequent elections and stokes long-term damage in voters' faith that elections are secure 


and free of outside tampering. 


To wit, a minor incident in the 2020 U.S. presidential election offered a warning 


that the specter of Russian interference remains, and is still capable of inflicting damage 
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on the nation and its leaders. With early voting already underway, The New York Post 
controversially published a trove of emails allegedly sent to and from the son of 
Democratic candidate Joe Biden." Many media outlets and analysts investigating the 
story identified significant questions about its veracity, including speculation that 
suspected and indicted Russian influence agents had provided the material to a U.S. 
intermediary.?? Within days, reports emerged that an FBI investigation had been launched 
regarding whether the emails were hacked and doctored as part of a foreign disinformation 
campaign.” Soon after, the DNI, John Ratcliffe, publicly denied the ongoing investigation 
and declared the story “not part of some Russian disinformation campaign” and excoriated 
House Permanent Select Committee on Intelligence chairman Adam Schiff for publicly 
linking the story to a Russian disinformation plot.?'? Notably, Facebook and Twitter both 
took immediate steps to limit posts linking to the Post article due to its questionable 
veracity, its use of possibly stolen private personal information, and its status as possible 
election-related disinformation; decisions that Trump campaign officials immediately 
decried as undue election interference by the social media titans.?!' While this incident 
does not appear to have had a major impact on the election results, it illustrates the fact that 
either Russian interference or accusations thereof may be an ever-present facet of future 
elections and has the capacity to provoke questions of credibility for U.S. government 


officials tasked with securing elections and national interests. 
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V. CONCLUSION 


Investigative findings by bodies including the bipartisan Senate Intelligence 
Committee demonstrate unequivocally that Russia's preferred influence operation 
outcomes in the 2016 U.S. presidential election came to pass, potentially along with 
“victories” in other elections.*'* Much argument and investigation has ensued over the 
degree to which Kremlin meddling influenced such outcomes, but its presence and 
potential is virtually undeniable. With nearly a century of experience in covert influence 
techniques and plenty of practice trying to interfere in Western elections, Russia has many 
skills and tools, such as disinformation and cyberattacks with which to continue meddling 
in the democratic affairs of its rivals. The persistence of such decades-old Soviet-made 
myths as the Pentagon AIDS connection and Kennedy assassination conspiracies point to 
a sobering truth regarding Russia's modern disinformation campaigns: it is impossible to 
forecast the long-term effect a given Kremlin fabrication may have, but history strongly 
suggests that at least a few may potentially cause damage even after discovery and 
attribution. Unfortunately, Russia appears all too willing to continue stressing the system 


with a variety of techniques and targets. 


Covert Kremlin operations may be capable of corrupting a political candidate, 
framing one to make it appear that they had, or reaping the paranoia-inducing fruits of prior 
influence campaigns even when not directly intervening in an incident. Examinations of 
Soviet precedent and recent Kremlin tactics in democratic campaigns reveal that true or 
fabricated rumors of corruption and election fraud, exploitation, and exacerbation of 
domestic civil tensions, and even promotion of secession movements and rebellion, loom 
as possible threats. Challenges to the legitimacy of some future elections are plausible, 
whether because of successful Russian interference or even a good faith or disingenuous 


inaccurate accusation of such. These accusations could even be bolstered by a variety of 
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well-honed Kremlin tradecraft, such as the production or dissemination of genuine, 


doctored, or fabricated material designed to lend credence to allegations. 


It is therefore critically important for intelligence communities, investigative 
bodies, and other experts to evaluate the Kremlin's capacity for future operations, as well 
as their possible response to less favorable outcomes in future campaigns. Russia has the 
motivation, the capability, and a century of experience preparing it for future interference 
in U.S. affairs, and denying them the prize of election-related chaos and ruination of the 
U.S. government and electoral systems' credibility should be a top priority for national and 


homeland security entities. 
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This paper will examine the evolution of how the U.S. Government and the Department of 
Defense have organized to conduct strategic influence as an instrument of national power, from 
the Psychological Warfare Division of World War II, through the Psychological Strategy Board 
and Operations Coordinating Board of the early Cold War, through the Vietnam years to today. 
Are they organized effectively today to meet the asymmetric threats of the 21*' Century? 
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THE EVOLUTION OF STRATEGIC INFLUENCE 


It is the significant actions taken by government in and of themselves, the 
appropriate and most desirable arrangements of such actions, and the 
manner and emphasis of the publication of such actions to the world, that 
advance the struggle for men's minds and create a desirable climate of 
world opinion. 

—Robert Cutler 


In the aftermath of the terrorist attacks on America in September 2001, both the 
American people and the U.S. Government tried to understand why some people could hate the 
United States so much that they would perpetrate such acts. Time and investigation into the 
motivations behind the terrorist acts have revealed that simply destroying terrorist organizations 
will not alter the conditions or mindsets that fostered such actions. 

America has again entered a war of ideas, of hearts and minds - a war of ideologies as 
potent and potentially dangerous as the Cold War. Failure to succeed could have equally dire 
consequences as any envisioned in the struggle against the Soviet Union and Communism. 
Like the Cold War, this is a global war. Like the Cold War, the War on Terrorism needs to 
contain the wellsprings of Anti-Americanism to prevent further spreading, and then to erode and 
eventually eliminate those wellsprings. As before, this new war for the minds of men includes 
our friends, allies and neutral audiences, as well as hostile ones. Despite its lone superpower 
status, the United States will need the support of other nations to succeed on a long-term, 
global scale. 

Since September 11, the Bush Administration has wrestled with how to organize and 
conduct a campaign to influence world audiences on a global scale — how to organize for 
strategic influence. In this paper, strategic influence is broadly defined as the deliberate, 
conscious coordination or integration of all government informational activities designed to 
influence opinions, attitudes, and behavior of foreign groups in ways that will promote U.S. 
national objectives, combined with other elements of national power to achieve maximum 
psychological effect. 

Every act of government has a psychological impact. The movement of a carrier battle 
group from one end of the Mediterranean Sea to the other, for example, has a direct 
psychological impact on the countries in the area it departed and the countries near its new 
location. It may also indirectly influence other audiences around the world. The movement of 
the carrier becomes part of a strategic influence campaign when its movement was deliberately 
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directed and timed with White House and Department of Defense (DoD) press conferences, 
with State Department diplomatic endeavors, and with other government actions to magnify the 
psychological effect. 

Strategic influence is nothing new; the United States has conducted strategic influence 
campaigns since its inception. The history of strategic influence in the United States has been a 
roller coaster, with ups and downs and occasional unexpected turns in new directions. And like 
a roller coaster, we always seem to end up back where we started. This oscillating approach 
has been a result of a peculiarly American outlook that using persuasion and influence at the 
national level is somehow unethical and inconsistent with a democracy, that using 
"psychological tricks" is "dirty" and immoral, and that it's completely unnecessary: there is no 
need to overtly persuade; the United States should just factually show the world who we are, 
and everyone will automatically recognize how wonderful we are and want to emulate us. The 
successful propaganda efforts of U.S. enemies also contributed to the American distaste in 
many circles for strategic influence. Anything that smacked of propaganda or psychological 
warfare became something that only the "bad guys" did: first the Nazis, then the Soviets. 
Fortunately, despite this attitude and resistance, most U.S. administrations in the latter half of 
the 20" Century recognized both the value and need for strategic influence. 

Strategic influence and its elements have been known by many names: foreign 
information program, international information activities, political warfare, propaganda, 
psychological warfare, psychological operations, public information, public affairs, public 
diplomacy, international military information, information operations, influence operations, and 
perception management, to name just a few. Further, strategic influence has always had both 
overt and covert components. 

Today, key informational components of strategic influence include public affairs, 
political warfare, political advocacy, public diplomacy and psychological operations. While each 
of the components contains a persuasive element to some degree, by themselves they do not 
constitute strategic influence. Public diplomacy by itself is not strategic influence. 

Psychological operations are not strategic influence. None of these components can be 
conducted in isolation in the 21*' Century. Strategic influence constitutes the orchestrated 
combination of them all. 

There is an accepted belief that history repeats itself, and that the mistakes of history will 
be repeated if we don't learn them. As the Bush Administration continues to prosecute the War 
on Terrorism, what can history teach us about organizing for strategic influence? How has the 
U.S. Government organized in the past to coordinate and conduct strategic influence? What 
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has been the DoD organization for and role in strategic influence? In a world where information, 
both true and false, is available worldwide, twenty-four hours a day, where events are broadcast 
worldwide virtually instantaneously, is the United States organized effectively to win the 
strategic influence battle of the War on Terrorism? 


WORLD WAR II 


The real crucible for the evolution of U.S. strategic influence was World War Il. While 
there had been a successful foray into propaganda during World War I, that experience was 
fleeting. U.S. propaganda in World War I had no lasting impact on the people involved, the U.S. 
Government, or the War Department. World War II, however, laid the foundation for the future 
for strategic influence. While many people still had doubts about the efficacy of propaganda 
and psychological warfare, few had been unexposed to it. Propaganda was everywhere: on 
the home front, in local, national and international news, and across the battlefields. Names 
synonymous with early U.S. Government and DoD efforts in strategic influence had their 
seminal experiences in psychological warfare in World War Il — Robert McClure, Robert Cutler, 
and Gordon Gray, to name just a few. And the impressions and experience of these and other 
World War II veterans directly affected the U.S. Government's approach to strategic influence 
through at least 1960. 

At the outbreak of World War II, neither the U.S. Government nor the War Department 
had an organized capability to conduct psychological warfare. There were no committees trying 
to coordinate amongst the departments. No departments or agencies had offices or personnel 
dedicated to propaganda. The Army had no psychological operations units, and had not had a 
psychological warfare office on the staff since 1918.' 

In early 1941, Colonel William B. Donovan conducted a fact-finding trip to the Middle 
East and Great Britain. Donovan was particularly impressed by Britain's system of coordinating 
and combining intelligence, counterintelligence, psychological warfare and unorthodox methods 
of sabotage, subversion and guerrilla warfare to achieve objectives. Upon his return, Donovan 
recommended that the U.S. establish a single agency to coordinate and control these same 
elements for the U.S. Government. 

Donovan's recommendations, combined with the growing Nazi threat, apparently 
received support within the Roosevelt Administration. On 11 July 1941, President Franklin D. 
Roosevelt established the office of the Coordinator of Information (COI), with Donovan as its 


first director. COI had two divisions, Research & Analysis and the Foreign Information Service 
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(FIS), plus sections for special intelligence and sabotage. FIS had the information piece, with a 
mission to explain U.S. policy everywhere except Latin America.” 

Thus the initial seed for strategic influence was sowed. But conjoined to that seed from 
its inception was a disease that continues to plague strategic influence today: internecine and 
interagency rivalry, misperceptions, misinformation, and "turf" battles over control, frequently 
leading to deliberate roadblocks. Not everyone was happy with COI; too few people understood 
either psychological warfare or the infant "special operations." 

Less than a year later, on 11 June 1942, Roosevelt dissolved the COI, replacing it with 
two new organizations: the Office of War Information (OWI), responsible for the psychological 
warfare function, and the Office of Strategic Services (OSS), responsible for special operations. 
Roosevelt created OWI due to a need to consolidate wartime information and psychological 
warfare activities in one agency and to better coordinate with the increasing number of agencies 
involved in propaganda. Roosevelt also desired to separate wartime propaganda from strategic 
intelligence and special operations. Over the next several months, additional presidential 
directives clarified the lines of responsibility between OWI and OSS. OWI had responsibility for 
domestic and overt psychological warfare, while OSS had the mission to conduct covert 
operations, including covert psychological warfare. Interestingly, the last such directive, in 
March 1943, directed that OWI coordinate its activities with the military services, but did not 
direct that OSS do the same? 

The War Department also began examining psychological warfare. In June 1941, John 
J. McCloy, the Assistant Secretary of War, formed a Special Study Group within G-2 to plan for 
future psychological warfare operations. This office eventually evolved into the Psychological 
Warfare Branch (PWB), G-2.* 

Over the next year, a multitude of committees and groups were established to wrestle 
with psychological warfare issues: the Joint Chiefs of Staff (JCS) established a Joint 
Psychological Warfare Committee and a Joint Psychological Warfare Advisory Subcommittee; 
OSS established a Supporting Committee on Psychological Warfare; and Donovan chaired a 
Joint Psychological Warfare Advisory Committee that was chartered to coordinate psychological 
warfare activities with other government and civilian agencies outside JCS purview, including 
OWI and the State Department.° 

This multitude of groups actually proved counterproductive at this stage of the 
development of strategic influence. In December 1942, the War Department disbanded the 
PWB. Too many agencies complained about the difficulty of defining psychological warfare and 
the various interpretations caused conflict within the Department. Interagency “turf” battles in 
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the new arena hampered any coordinated, constructive effort. JCS subsequently abolished all 
of its psychological warfare committees and gave OSS responsibility for military psychological 
activities. In response, the Army eliminated its PWB More than a year before the U.S. 
launched Operation Overlord, the top levels of the military bureaucracy had no psychological 
warfare offices, because they could not agree on a definition or who should be responsible for 
what activities. 

However, the military was not bereft of psychological warfare assets. The same JCS 
document which disbanded the PWB and committees also gave the military theater 
commanders control of psychological warfare within their areas. This direction implicitly gave 
theater commanders the authority to determine their own relationship with OWI and OSS.’ 

Both the Pacific and European theaters conducted operational and tactical psychological 
warfare, controlled by organizations at the theater level. The theater commands created 
Psychological Warfare Branches or Divisions, depending on their needs. General Eisenhower 
activated the largest of these, the PWB at Allied Forces Headquarters (PWB/AFHQ), in North 
Africa in November 1942. By February 1944, PWB/AFHQ had expanded to become the 
Psychological Warfare Division, Supreme Headquarters, Allied Expeditionary Force.? At the 
tactical level, the Army established a number of Mobile Radio Broadcasting Companies, armed 
with print presses, loudspeakers, typewriters, radios, public address systems and leaflet bombs. 
These units operated much as military tactical psychological operations units do today, forming 
small teams that deploy forward to directly support the combat units.? 

In November 1943, after much discussion and still with lukewarm endorsements, the 
Army reversed its earlier decision and established a Propaganda Branch in G-2 in November 
1943. The new branch had responsibility to coordinate propaganda functions for the War 
Department, to staff OWI plans through JCS, and to provide an Army representative to the JCS 
liaison with OWI. '? 

Following World War II, despite advice to the contrary and the efforts of those involved, 
Army psychological warfare staffs and units virtually disappeared during the post-war 
drawdown. OWI and OSS also disbanded. By the outbreak of the Korean War five years later, 
the Army had only one operational psychological warfare troop unit. '' 

Two notable exceptions remained. In the occupied territories, the theater military 
Psychological Warfare Divisions became Information Control Divisions (ICD). The ICDs 
focused on "consolidation psychological operations" — gaining the cooperation of the civilian and 
military populace in the occupied area, creating favorable public opinions for Allied objectives for 
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the areas, and controlling all information sources as well as the dissemination of information 
within the occupied territories." 

At the War Department and Army headquarters, the Psychological Warfare Branch 
moved in late 1946 from the G-2 to the Policy Section, Plans and Operations Division. This 
marked the first recognition that psychological operations are operational in nature, and while 
intelligence supports psychological operations, psychological activities are not an intelligence 
function. However, centralization of psychological warfare still eluded the War Department. 
Responsibilities for different aspects of psychological warfare rested with several different 
agencies within the Department. Not until the Office of the Chief of Psychological Warfare was 
established in January 1951 did the War Department achieve centralization of effort. '? 

At the end of World War II, while writing about his experiences as Supreme Commander, 
Allied Expeditionary Forces, General Eisenhower noted: 


"In this war, which was total in every sense of the word, we have seen 
many great changes in military science. It seems to me that not the least of 
these was the development of psychological warfare as a specific and 
effective weapon...| am convinced that the expenditure of men and money 
in wielding the spoken and written word was an important contributing 
factor... Without doubt, psychological warfare has proved its right to a place 
of dignity in our military arsenal." '* 


When Eisenhower became President, psychological warfare became far more than just 
a piece of the military arsenal. 


THE EARLY COLD WAR 


The early Cold War years were a "Golden Age" for strategic influence. Veterans 
populated every department and agency of the U.S. Government — veterans, who, while they 
may not have been directly involved in psychological warfare, had seen the value and impact of 
such activities, and wanted to keep and utilize that capability in the future. Many people in 
government also correctly read the early evidence that the Soviet Union had also recognized 
the impact of propaganda during World War Il, and was quickly building what would become a 
fearsome propaganda machine. The perspective of the country changed, too, in the aftermath 
of World War II and the beginning of the "Nuclear Age" — no longer could isolationism rule; the 
U.S. had to become the leader of the free world. Information and influence on the international 
scene grew in importance, as did the means to disseminate information. 

The need for enhanced coordination of national security policy at the top levels of the 
U.S. Government arrived on the coattails of World War Il. In June 1945, James Forrestal, 


Secretary of the Navy, asked Ferdinand Eberstadt, vice chairman of the War Productions 
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Board, to conduct a study on what form of postwar organization should be established to 
provide for national security. Forrestal requested recommendations not just for better 
organizing the War and Navy Departments, but also how to better integrate the military services 
with other government departments and agencies for national security matters.'? 

In his report to Forrestal, Eberstadt recognized that a new organization for the military 
services and their integration with other departments was just one piece of a larger problem that 
needed to be solved. He discussed the growing necessity to integrate and provide direction for 
all the departments and agencies within the U.S. Government towards a common goal and a 
unity of effort. Eberstadt also believed that stronger ties should be created among the military 
services, departments and agencies for strategy, logistics, planning, scientific research, 
mobilization, and "between the gathering of information and intelligence and its dissemination 
and use."' 

To accomplish the necessary integration and direction, Eberstadt recommended the 
creation of a National Security Council to be the cornerstone of a new national security 
organization. Among its duties and functions as the formulator and coordinator for national 
security policy, Eberstadt recommended, "the Council should also control the policies and 
activities of the organizations responsible for the conduct of psychological and economic 
warfare." Strategic influence, then, has been a part of the National Security Council since its 


inception. 


TRUMAN 


Two years later, on 26 July 1947, President Truman signed the National Security Act, to 
"provide for the establishment of integrated policies and procedures for the departments, 
agencies, and functions of the Government relating to national security"? The National 
Security Act enacted many of Eberstadt's recommendations, including both the creation of the 
National Security Council, to advise the President on the integration of domestic, foreign, and 
military policies relating to national security, and the creation of the Central Intelligence Agency 
(CIA). ? 

The National Security Council's first foray into a national information policy came in 
December 1947, with the signing of National Security Council Memorandum (NSC) 4/4A, 
"Coordination of Foreign Information Measures." The National Security Council hoped this 
directive would correct the lack of coordination in a weak U.S. propaganda campaign, to counter 
the well-coordinated and increasingly effective Soviet propaganda campaign. NSC 4 dealt with 
overt information policy. The memorandum designated the State Department as the primary 
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coordinator of U.S. information policy, and created the Interagency Foreign Information 
Organization (IFIO). NSC 4 also identified the CIA and the Army's Chief of Information, under 
the Deputy Chief of Staff, as key supporters of the national propaganda effort. NSC 4 included 
the Navy's Division of Public Information and the Air Force Troop Information and Education 
Division as potential players as well. The latter agency, and others similar to it, was included in 
information policy organizations throughout the Cold War because Cold War psychological 
warfare and counter-propaganda campaigns also included protecting and arming troops against 
hostile propaganda. NSC 4A, a classified annex, directed the CIA to initiate and conduct covert 
psychological operations to counteract Soviet propaganda.” Echoes of OWI and OSS can be 
clearly seen in this delineation of effort between overt and covert operations. 

IFIO members included the Joint Chiefs of Staff (JCS), the Office of the Secretary of 
Defense (OSD), CIA and the National Security Resources Board.’ The Assistant Secretary of 
State for Public Affairs headed the organization. IFIO did little until the Korean War. During that 
conflict, IFIO issued weekly directives that were to be used by member agencies as a basis for 
their propaganda activities overseas. IFIO’s more lasting contribution came from its chairman, 
Edward Barrett, who first suggested the creation of a National Psychological Strategy Board in 
August 1950 to more effectively coordinate the national effort. For Barrett and the State 
Department, however, it was also a move to demilitarize the Government's psychological 
warfare activities." 

Congress also maintained a keen interest in national information and security policy. 
After a visit to Europe, where they had been inundated with hostile Soviet propaganda, Senator 
H. Alexander Smith and Representative Karl Mundt sponsored the Smith-Mundt Act. This Act, 
which passed with little difficulty on 16 January 1948, "breathed life into overseas information 
programs," and laid the groundwork for the future U.S. Information Agency (USIA). The Smith- 
Mundt Act provided funds “to spread America's message to the world" through a variety of 
media, including radio, print, film and exchange programs.” The Smith-Mundt Act also 
directed that any such information and programs "shall not be disseminated within the United 
States, its territories, or possessions. ^^ Congressional and Department of Defense General 
Counsels have interpreted this statute to also apply to military psychological operations. 

In response to the concerns and disagreements between DoD and the State Department 
over the implications of NSC 4/4A, President Truman signed NSC 10/2 on 18 June 1948. This 
directive created the Office of Special Projects, to carry out covert activities that had been 
assigned to the CIA, including covert psychological operations. The Office of Special Projects 
carried out plans as formulated by the Departments of State and Defense, but reported only to 


Page 321/ of 3957 


Page 3218 of 3957 


the CIA. This gave State and Defense some input into covert operations, but kept responsibility 
for it within the CIA. To maintain the secrecy and security of the covert operations, the name of 
the office changed shortly thereafter to the more ambiguous Office of Policy Coordination.” 
One of CIA's early ventures included the establishment and covert funding of U.S.-controlled 
overseas broadcasting stations, including Radio Free Europe and Radio Liberty.” 

As the Cold War continued to build, some officials in the Truman Administration argued 
that the U.S. needed to do more than it was currently doing to influence the world situation. 
Based on recommendations from an ad hoc committee headed by Paul Nitze, Truman signed 
NSC 68 on 14 Apr 1950. NSC 68 called for an intense program of both overt and covert 
economic, political and psychological warfare to influence the political and psychological 
conditions in both the Free World and Soviet areas, with a particular aim to foster unrest in 
Soviet satellite countries.”*” NSC 68 was the hallmark of the American containment strategy of 
the Cold War. 

While the Truman Administration prepared to fight both the Cold War and a potential 
World War III, North Korea attacked South Korea in the Fall of 1950 and precipitated a new type 
of war — "limited" war. The Soviet role in the origins of the Korean War galvanized the need for 
better coordination and planning of psychological warfare at the national level. The Soviets 
increasingly used propaganda and other unorthodox methods to increase their sphere of 
influence. The United States needed to find ways to counter Soviet influence that would not 
trigger nuclear war. Recognition arose that this was as much a battle of ideas, a battle for the 
hearts and minds of men, as it was a battle of tanks and artillery. Political and psychological 
warfare became key weapons in the U.S. arsenal. 

At the Pentagon, the Army activated the Psychological Warfare Division (PWD), G-3, to 
handle Army's psychological warfare responsibilities in both Korea and the growing Cold War. 
Six months later, the PWD became the Office of the Chief of Psychological Warfare (OCPW). 
OCPW was not a section within the G-staff, but a special staff office with over 100 personnel 
and a direct access to the Chief of Staff. OCPW had responsibility for developing Army 
psychological and special operations plans, recommending policies for psychological warfare 
and special operations, and supervising the execution of Army programs in the field.” 

Within the Korean theater, the military organized theater, operational and tactical level 
military psychological units much like the ones in World War II — with one key advancement. 
The 1*' Radio Broadcasting and Leaflet Group (1% RB&L) was specifically designed to conduct 
strategic propaganda in direct support of military operations and to further long-term strategic 
aims. The 1*' RB&L targeted not just enemy forces, but foreign populations in both friendly- and 
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enemy-occupied areas.” It was the first military psychological operations troop unit to have a 
strategic psychological mission. 

On 4 April 1951, President Truman created the Psychological Strategy Board (PSB) to 
develop, coordinate and evaluate the national psychological strategy effort, including the 
formulation and promulgation of national psychological objectives, policies and programs.? The 
PSB had three principal tasks: "(1) to provide more effective planning of psychological 
operations within the framework of approved national policies; (2) to coordinate the 
psychological operations of all departments and agencies of government; and (3) to evaluate 
the effectiveness of the national psychological effort."?' 

The creation of the PSB was the first time the U.S. Government attempted to organize a 
national psychological effort for influencing international audiences above the military 
theater/operational level. PSB members included the Under Secretary of State, the Deputy 
Secretary of Defense, and the Director of Central Intelligence; JCS provided a representative as 
the principal military adviser. PSB had a full-time Director, an Executive Secretariat, and a staff. 
The staff was organized into three offices, each under an Assistant Secretary: Plans and 
Policy, Coordination, and Review. The PSB also established panels, made up of 
representatives from each Office, and others agencies as needed. Panels were created as 
needed to handle one issue, and reported to the Offices and directly to the Board.** The PSB 
was not technically a part of the National Security Council structure. Rather, it was an 
independent organization, but was required to report to the NSC on its activities and its 
evaluation of national psychological efforts. An important distinction - the PSB was intended 
as a coordinating organization and was not authorized to perform psychological operations? 

Truman's first PSB director was Gordon Gray, former Secretary of the Army.? Gray 
took a very broad view of PSB's responsibilities. None of the directives governing the PSB 
provided a specific definition for “psychological strategy" or "psychological operations". Gray 
interpreted PSB responsibilities as having cognizance over anything that had a psychological 
impact. Since virtually any act by a nation has such an impact, Gray eventually believed that 
PSB should have the lead on all foreign policy matters short of formal hostilities. A clash with 
State was inevitable. State firmly believed that PSB should be restricted to just coordinating 
information and propaganda, and not other aspects of foreign policy. Over time, other agencies 
and departments also became concerned that PSB was overstepping its boundaries and 
becoming almost a second National Security Council. This friction and broad interpretation of 
responsibilities eventually led to the PSB's downfall.?? 
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Gray's early priorities on taking charge, however, are still a model for today: 
development of a strategic plan, an estimate of the current situation, a statement of objectives, a 
plan for reaching national goals, and a clear delineation of responsibilities. Gray was also an 
early proponent of the need to improve understanding of the scientific aspects of psychological 
operations." 

Additional specific tasks and responsibilities for psychological operations were 
articulated in NSC 59/1, which covered overt propaganda efforts and established the 
Psychological Operations Coordinating Committee, and NSC 10/5, signed 21 October 1951, 
which expanded on NSC 10/2, reaffirming CIA responsibility for covert operations, including 
covert psychological operations, and calling for intensified covert action.?? At this time, there 
were three key players in strategic influence: CIA, State and DoD. On 16 January 1952, State 
Department established the International Information Administration as its information arm that 
coordinated with PSB.?? 

In response to the establishment of the PSB and the additional psychological operations 
tasks specified in NSC Memorandums 10/2, 10/5 and 59/1, the Department of Defense (DoD) 
published DoD Directive C-5132.1 in April 1952, titled “Organization, Office of Psychological 
Policy.” This directive established the Office of Psychological Policy, under the Assistant 
Secretary of Defense for International Security Affairs. The new office was headed by a Deputy 
for Psychological Policy, formally known in Defense parlance as the Deputy Assistant to the 
Assistant Secretary of Defense for International Affairs — Psychological Policy. DoD signaled 
the importance it gave this new office by specifying in the directive that the Deputy for 
Psychological Policy "shall have direct access to the DoD member of the PSB on matters 
pertaining to PSB and to the Assistant Secretary of Defense for International Security Affairs on 
other matters." 

The directive laid out DoD responsibilities, which included developing DoD positions on 
all PSB objectives, policies and programs; providing representation to the PSB and its panels, to 
the Consultant's Committee established by NSC 10/2, to any ad hoc committees established by 
NSC 10/5, and to the Psychological Operations Coordinating Committee established by NSC 
59/1; and ensuring coordination with all DoD departments and agencies participating in any of 
these committees' activities."' 

The role of DoD in peacetime psychological operations was not clear in DoD, let alone 
the other departments. The other departments tended to believe that, while DoD had a clear 
role in psychological warfare during hostilities, it didn't have much to do in peacetime. Some 
senior officials in DoD, though, felt that DoD capabilities could be utilized more effectively in 
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peacetime than the limited scope envisaged by other departments. DoD began to make a case 
for a larger role in psychological operations and planning its portion of the PSB's first status 
report, outlining the planning it had already done for wartime, when most of the U.S. 
propaganda machine would be subordinated to military goals. In the report, DoD also called for 
increased use of military assets for peacetime propaganda value.^? In March 1952, the Army 
established the Psychological Warfare Center at Fort Bragg, North Carolina, to train both 
psychological operations and special operations personnel and units.^ In late 1952, DoD 
further supplemented and expanded on its policy and roles regarding psychological operations 
with DoD Directive S-3140.1. 

Two of the key purposes in DoD Dir S-3140.1 were establishing authority for using DoD 
capabilities to conduct psychological operations when not at war, and establishing a DoD 
Committee on Psychological Operations to more effectively coordinate and integrate DoD 
psychological operations efforts in the national psychological operations effort." The directive 
also sought to increase senior official attention on psychological operations, and to enhance 
continuity, consistency, security and timeliness of psychological actions. To ensure that 
psychological operations received the necessary consideration at the top levels of the policy 
decision-making chain, DoD directed the Services Secretaries to assign functional 
responsibilities for psychological operations to Under Secretaries or Assistant Secretaries, and 
directed the Joint Chiefs of Staff to assign responsibility for military psychological matters to a 
general or flag officer. These officials, plus a representative from the DoD Office of Public 
Information, constituted the members of the new DoD Committee on Psychological Operations, 
headed by the Deputy for Psychological Policy. As with the earlier directive, DoD declared the 
significance of these new responsibilities by stipulating that the committee members "shall be 
specifically empowered to have necessary access to key personnel within their respective 
departments in all matters concerning psychological problems with which they are concerned." ^? 
The committee's purpose included securing the exploitation and integration of DoD potential in 
psychological operations and securing DoD viewpoints on psychological operations matters. 
The committee’s initial task included developing and submitting an outline of the specific roles, 


objectives and capabilities of DoD to conduct psychological operations during the Cold War.^ 


EISENHOWER 


The “Golden Age" for strategic influence continued under Eisenhower. Due to his 
wartime experience, Eisenhower came to the presidency with a clear idea on the uses and 
effectiveness of information and psychological warfare. He also had some very firm ideas about 
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the need for coordination at the highest level of government to win the battle against 
Communism. In a campaign speech in 1952, he spoke about the need to coordinate every 
significant act of government, to time and direct all the departments’ actions, to produce the 
maximum effect." In his second National Security Council directive, Eisenhower stated, 
"psychological operations are established instruments of national power."^? 

Early in 1953 Eisenhower established the President's Committee on International 
Information Activities (PCIIA), to examine in depth the nation's Cold War information policy. The 
committee was headed by William H. Jackson, a lawyer and former Deputy Director of the CIA, 
and included other notables in Eisenhower's Administration: Robert Cutler, Eisenhower's first 
National Security Adviser and a one-time member of the PSB; Gordon Gray, who would later 
become one of Eisenhower's National Security Advisers; John C. Hughes, one of Eisenhower's 
aides; and C.D. Jackson, a former member of the OWI who had worked with Eisenhower during 
World War Il and Eisenhower's future PSB Director.” 

The PCIIA report, published in June 1953, criticized the current state of information 
policy and the PSB in several areas. First, while the PSB had accomplished significant planning 
and provided guidance to the other agencies, it lacked the power and authority to effectively 
coordinate within an uncooperative interagency environment and to ensure implementation of its 
plans and policy guidance. Second, the PCIIA criticized the Truman Administration for 
conducting a defensive campaign against the Soviet regime, and urged Eisenhower to take the 
offensive in psychological warfare. And, third, they felt that the PSB had gone too far in 
developing an independently existing psychological strategy that was not integrated with overall 
national strategy. The name itself fostered a misconception that psychological strategy could be 
separated from every act the nation took.*' 

At this time, the National Security Council was an advisory board, not a coordinating 
agency. There were no interagency working groups, no policy coordinating committees as there 
are today. There was not even a National Security Adviser yet. PSB, at least while under Gray, 
had tried to fill that coordinating role, but without the proper authority, was unsuccessful. 

Amongst PCIIA's recommendations, Eisenhower enacted three key ones that were to 
have a profound effect on national security policy-making and psychological warfare under his 
Administration: the creation of the Special Assistant to the President for National Security 
Affairs, the creation of the Operations Coordinating Board, with the subsequent abolition of the 
PSB, and the creation of the USIA. 

Cutler, in a separate report to Eisenhower, first recommended that the President's 
Special Assistant for Cold War Planning become an adviser to the National Security Council, 
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with the corresponding elimination of the PSB Director as an observer. Not long after, the Cold 
War Planning position became the President's Special Assistant for National Security Affairs, 
and Eisenhower chose Cutler as his first National Security Adviser.” 

PCIIA strongly recommended replacing the PSB with the Operations Coordinating Board 
(OCB) to "coordinate and integrate psychological with national strategy and, more importantly, 
to act as the coordinating and integrating arm of the National Security Council for all aspects of 
the implementation of national security policy." PCIIA clearly intended to fix some of PSB's 
problems, and signaled a change in the view of the National Security Council from advisory to 
coordinating. This was also the birth of the modern National Security Council interagency 
committee system. 

Eisenhower established the OCB by Executive Order 10483 on 2 September 1953. Like 
the PSB, OCB was not originally within the NSC structure, but a separate agency that reported 
toit. The order also designated the Under Secretary of State as OCB chair. According to 
Cutler, the OCB would coordinate and "ride herd on" the performance and policies of all 
departments and agencies responsible for carrying out national security policy, and would be 
"constantly mindful” of the psychological implications of their actions.” 

In January 1954, Eisenhower signed a National Security Council Memorandum that 
delineated the responsibilities for the departments and agencies participating in foreign 
information programs and psychological operations under his new National Security Council 
system. OCB responsibilities, with respect to psychological operations, included initiating new 
proposals for action, advising agencies on their operational planning responsibilities, 
coordinating the interdepartmental aspects of those plans, and orchestrating the timely 
execution of psychological operations to ensure their full contribution to the attainment of 
national security objectives.” 

The third key recommendation of the PCIIA was the creation of the USIA. Truman had 
created the International Communications Agency to manage the activities under the Smith- 
Mundt Act. Based upon the PCIIA report, Eisenhower created the USIA to perform the same 
work, but now as an autonomous agency reporting directly to the National Security Council. 
The USIA Director regularly attended National Security Council meetings as an observer." 

Eisenhower's directive gave USIA responsibility for coordination of policies, plans and 
operations for the national foreign information program. USIA also had responsibility for 
disseminating to other departments guidance concerning the official treatment of news in foreign 
information outlets. In another attempt to correct the PSB's problems, the memo also stipulated 
that such guidance was authoritative for all departments and agencies. The directive also drew 
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a line between USIA and DoD responsibilities: USIA had responsibility for the foreign 
information program only in areas that were not military theaters of operations or where U.S. 
troops were actually engaged in combat operations. Since this NSC Memorandum also 
reconfirmed CIA's responsibility for covert psychological operations in accordance with the 
applicable NSC directives (NSC 10 series), this relegated DoD to military psychological 
operations matters only, and an advisory role for the rest?? 

This same directive also rescinded NSC 59/1, which had established the Psychological 
Operations Coordinating Committee (POCC), and established a new organization to provide 
OCB with a forum for carrying out its psychological operations responsibilities. Chaired by the 
Executive Secretary of OCB, other members included representatives from DoD, State, CIA, 
JCS, USIA, and the Foreign Operations Administration. The Service's psychological warfare 
chiefs established in DoD Directive S-3140.1 served as consultants. All of the members also 
provided personnel to be a full-time staff, with OCB providing administrative support. ® 

Throughout the rest of his time in office, Eisenhower continued to refine his mechanisms 
for coordinating national security policy and the national psychological operations effort. On 25 
February 1957, Executive Order 10700 changed OCB's status from an independent 
coordinating board to actually part of the National Security Council structure. The Executive 
Order also changed the OCB chairman from State Department to whomever the president 
designated? — and Eisenhower's first choice was Gordon Gray.5' 

On 4 June 1958, Eisenhower signed NSC 5812/1, which dealt with wartime 
responsibilities for psychological operations. Recognizing that "no single department or agency 
having responsibility in the field of psychological operations can feasibly perform these 
operations for the entire Executive Branch," this directive specified the responsibilities of DoD, 
CIA, USIA and DoD under a variety of conditions. Eisenhower covered not just the general 
wartime responsibilities, but also which department or agency was in charge, depending on 
whether the target audience was friendly, neutral or hostile, and within or without the theater of 
operations. The directive also specified the workings of the coordination and flow of guidance 


from Washington to overseas and back. 9 


THE MIDDLE COLD WAR 


The next two decades after Eisenhower's term constituted an "Ice Age" for strategic 
influence. The interagency structures and committees that Truman and Eisenhower built to 
coordinate strategic influence disappeared. The psychological warfare offices in DoD, JCS and 
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the Army dissolved, as did their coordinating committees. The few people on the staff who 
retained some responsibility, now lowly action officers rather than generals or Assistant 
Secretaries, lost direct access to the decision makers — an access that has never been 
regained. The military psychological troop units demobilized after the Korean War, except for 
one lone unit at Fort Bragg. Even before President Kennedy’s assassination, the focus of the 
Psychological Warfare Center had changed to special operations — even the name had 
changed, to Special Warfare Center. As one writer put it, "The congenial climate for American 
psychological operations was polluted in the seventeen years that followed 1956; not until 
President Reagan's Westminster speech was there again much sunshine.” 

Subsequent administrations still used information and psychological methods in the Cold 
War, but they no longer received top-level attention. The elements of strategic influence still 
existed, but were compartmentalized throughout the departments. CIA retained the covert 
operations mission. State Department conducted its traditional foreign diplomacy mission, and 
USIA had the overt foreign information mission. However, starting in the 1960s, the USIA 
shifted focus. The informative function, focusing on objective, factual reporting of news, gained 
emphasis, while attention on the persuasive function and the function of advising other 
departments on psychological implications declined.5* 

The various administrations during this period did not create any permanent overarching 
committees to coordinate psychological activities within the government. Departments and 
agencies were expected to coordinate with the others, but no one "ran the show". There was no 
national level effort to direct and coordinate the timing of acts to ensure maximum effect. Ad 
hoc committees sometimes appeared to fill the vacuum, but these were usually narrowly 
focused and of short duration. 

Party politics played a key role in this change. Eisenhower carried over into his 
Administration people who had been key in Truman's Administration, such as Gordon Gray. 
Kennedy, much like modern presidents, brought in a whole new team. Kennedy also, both 
personally and as a Democrat, had a vastly different view of the role of the National Security 
Council and its organization. 

Another key factor appears to be the loss of a voice of sufficient stature to influence the 
top levels of the government. This may have been due to a generational change and lack of 
direct experience. The Truman and Eisenhower Administrations had been filled with high- 
ranking World War II veterans who had worked together, or at least known one another, during 
the war, and who had had to consider the implications of psychological warfare at the theater 
level. Starting with Kennedy, World War Il veterans in the Administration tended to have been 
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junior or field grade officers, with virtually no propaganda experience except at the receiving 
end. Truman and Eisenhower had many advocates for strategic influence; Kennedy and 
Johnson had few. 

Prior to Kennedy taking office, Senator Henry M. Jackson headed a congressional 
inquiry into government methods for formulating national policy in the Cold War. Jackson's 
report was highly critical of Eisenhower's National Security Council system, deeming it a bloated 
paper mill that didn't accomplish much real work, and that exceeded what he envisioned as the 
proper role for the Council. Jackson viewed the National Security Council as a small forum of 
intimates for the President to explore intelligence and policy options; he believed it ill-suited for 
comprehensive coordinating and follow-through of responsibilities. 

Jackson recommended a complete reorganization of the National Security Council, 
starting with the abolishment of the OCB. He believed that State Department should not only 
have control over foreign information policy, but should also be the agent of coordination on all 
major policies toward other nations. In his view, OCB infringed on this basic responsibility. 
Jackson also saw no need for permanent interdepartmental committees. He believed that the 
lead agency should have responsibility for implementation of policies cutting across 
departmental lines, with possibly the assistance of an informal, temporary interdepartmental 
group. 99 

Jackson's views dovetailed completely with Kennedy's own views. Less than a month 
after taking office, Kennedy issued Executive Order 10920, abolishing the OCB. Over 45 
interagency committees died with OCB. In the next few weeks, Kennedy continued to dismantle 
Eisenhower's system, abolishing another 40 interdepartmental groups. The National Security 
Council staff decreased significantly and lost much of its power.9 

Kennedy did not completely abandon psychological warfare, due to the focus on 
counter-insurgency throughout his term. Kennedy issued a number of National Security Action 
Memorandums (NSAM) directing increased emphasis, spending and action in counter- 
insurgency. While psychological activities rarely received primacy, they were normally 
imbedded in many of these policy directives. Four in particular demonstrated that the 
Administration did not ignore information as an element of national power. 

NSAM 3, issued 15 April 1961, directed the Bureau of Budget to study continued CIA 
funding of activities such as Radio Free Europe, and whether open government support would 
be better. Someone had raised the very valid concern that if the CIA cover were compromised, 
the program would lose credibility and therefore most of its effectiveness. 
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NSAM 61, issued 14 July 1961, directed the State Department and USIA to use their 
means to support and disseminate an approved counter-theme to combat a Soviet propaganda 
theme called "peaceful coexistence”. 

NSAM 63, issued ten days later, directed the State Department, through the USIA, to 
provide foreign policy guidance to all international radio broadcasting and television stations 
controlled by U.S. Government agencies. These included DoD stations, such as the Armed 
Forces Radio and Television Service and the Voice of the United Nations Command in Korea. 
NSAM 63 also gave the USIA the authority to preempt any of these stations as needed for 
"special programs".? 

Kennedy did establish some interdepartmental groups, which he called "Special 
Groups". On 18 January 1962, NSAM 124 established the Special Group (Counter-Insurgency). 
Special Group (CI) functions included insuring that all U.S. Government agencies recognized 
that subversive insurgency was a major form of politico-military conflict on a par with 
conventional war, and that such recognition was included in the "political, economic, 
intelligence, military aid and informational programs conducted overseas by State, Defense, 
[U.S. Agency for International Development], USIA and CIA." 

During the Vietnam years, the U.S. Government and DoD again established a fairly 
robust psychological operations effort to support the war. But this effort was narrowly focused 
to that theater, primarily tactical in nature, and did not last once the war ended. ” 

A study on national coordination of psychological operations conducted by the Joint Staff 
in the early 1970s noted that an ad hoc committee approach had arisen to fill the void caused by 
both a lack of coordination and insufficient authority at high enough level providing guidance for 
psychological operations. One example cited was the Psychological Operations in Critical 
Areas Watch Committee (POCA). Another ad hoc group, the Interagency Working Group on 
Psychological Operations in Critical Areas, had formed POCA based upon a 1965 USIA study. 
The Joint Staff deemed POCA moribund at the time of its study, as POCA had had no meetings 
since May 1969, even though the memorandum of agreement establishing it was still valid. ? 

Military psychological operations units during the Vietnam years traveled the familiar 
roller coaster track. In the 1960s, the Army had just one psychological operations unit. At the 
height of the Vietnam War, the Army had a full Group operating in Vietnam, and other 
psychological operations units stationed in Fort Bragg, Germany, Panama and Okinawa. By the 
mid-1970s, all that remained in the active component was one Psychological Operations Group 
— undermanned and with poor, antiquated equipment.” 
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President Johnson's national security system was modeled after Truman^, but 
regarding strategic influence resembled Kennedy's. USIA clearly had the lead on psychological 
warfare programs, and the emphasis was on Southeast Asia.” While Johnson strengthened 
the National Security Council and established interdepartmental working groups, none appear to 
have dealt directly with strategic influence or psychological operations. A few, limited-scope ad 
hoc bodies did appear: the Vietnam Psychological Operations Working Group, which had been 
dormant for over a year by 1967, and the Psychological Operations Pressure Operations Group, 
which appeared briefly during the latter stages of the Vietnam War." Like Kennedy, Johnson 
believed that the State Department should have the lead in foreign policy. In March 1966, 
Johnson signed NSAM 341, which gave the Secretary of State authority and full responsibility 
for the overall direction, coordination and supervision of interdepartmental activities overseas.” 

President Nixon reformed the National Security Council more along Eisenhower's lines. 
Regarding strategic influence, though, he did not resurrect anything similar to the Psychological 
Strategy Board or the Operations Coordinating Board. Nixon continued a multi-pronged 
approach with CIA, State, and USIA, responsible for covert psychological operations, public 
diplomacy and overt information programs, respectively. DoD continued to have responsibility 
for psychological operations only in military theaters of operations. 

Nixon did issue a number of National Security Decision Memorandum (NSDMs) which 
had informational or psychological components: NSDM 3, "Direction, Coordination and 
Supervision of Interdepartmental Activities Overseas"; NSDM 7, "Direction, Coordination and 
Supervision of Interdepartmental Groups"; NSDM 19, "Washington Special Actions Group"; 
NSDM 23, "Vietnamese Special Studies Group"; and NSDM 40, “Responsibility for Conduct, 
Supervision and Coordination of Covert Action Operations". Only one dealt directly with 
psychological operations: NSDM 63, "Psychological Warfare Operations Against Vietnamese 
Communists"."? This NSDM continued the national-level narrow strategic influence focus on the 
Vietnamese theater, as opposed to a global focus. Unfortunately, further information dealing 
specifically with these NSDMs or the establishment of any ad hoc interagency committees was 
unavailable or still classified. 

The lack of attention at the upper levels of the government on strategic influence and the 
limited focus on Southeast Asia led to a reduction in effectiveness against Communist 
propaganda worldwide. Most U.S. efforts outside the Vietnam theater were negated by the 
virulent anti-Vietnam movement, and the highly effective Soviet and Communist psychological 
operations programs, which were both strategic and global. At the time, both JCS and the 
Army strongly recommended the establishment of a permanent standing committee with 
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broadened responsibilities to coordinate implementation by all government agencies of the 
psychological aspects of decisions rendered by the National Security Council.?' Their 
recommendations fell on deaf ears. As one writer put it, "During the Vietnam years, in spite of 
some notable successes with psychological and political techniques of counterinsurgency 
warfare, the US military and the government as a whole proved unable to devise and execute 
an overall strategy that took due account of the vital importance of the psychological-political 
dimension of the struggle."** 

President Carter continued the separation of the elements of strategic influence among 
CIA, USIA, State Department and DoD. However, in his restructuring of the National Security 
Council system, he established two new committees that included information policy within their 
scope, but not as a primary focus. The Policy Review Committee developed national security 
policies in those areas that were the primary responsibility of one department but where the 
subject also had important implications for other departments. These areas included foreign 
policy issues with significant military or interagency aspects and defense policy issues having 
international implications. The Special Coordinating Committee handled sensitive intelligence 


activities and covert operations.” 


REAGAN AND BEYOND 


Under President Reagan, strategic influence experienced a rebirth, buoyed by his 
emphasis on foreign policy and determination to win the Cold War. During his terms in office, 
the press dubbed Reagan “the Great Communicator” for his ability to use his speeches to gain 
support for his policies. It is an equally apt term for what he accomplished for strategic 
influence. 

Reagan’s initial national security strategy contained four basic components: diplomatic, 
economic, military and informational.9^ This was the first time that information had been 
elevated from a supporting instrument to a top element of national strategy. This emphasis on 
information and the psychological component — on strategic influence — of national security 
strategy continued throughout his terms. 

Three National Security Decision Directives (NSDDs) built the cornerstone of Reagan’s 
strategic influence policy: NSDD 45, signed 15 July 1982; NSDD 77, 14 January 1983; and 
NSDD 130, 6 March 1984. 

NSDD 45 revitalized the U.S. international broadcasting program, declaring it an 
important instrument of national security policy. It directed quantum improvements in the quality 


and capabilities of US-controlled broadcasting stations, such as Voice of America, Radio Free 
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Europe/Radio Liberty, and Radio in the American Sector of Berlin. The directive established 
Radio Marti, to garner and consolidate anti-Castro support in Cuba and among Cuban exiles in 
the U.S. Reagan specifically stipulated that the money and other resources required to 
implement his improvements were to be given the same priority as other programs deemed vital 
to the national security. NSDD 45 also directed that State Department give high priority to the 
diplomatic requirements for modernizing and expanding these stations, with particular emphasis 
on obtaining international support to halt and deter Soviet jamming of the stations and to 
develop countermeasures to that jamming. Reagan foresaw the future of space-borne 
platforms and initiated further research into direct broadcasting by satellite. Finally, NSDD 45 
directed a study between State and DoD on closer integration and role of broadcasting facilities 
in crisis and war.? 

NSDD 77 established a Special Planning Group (SPG) under the National Security 
Council to strengthen the organization, planning and coordination of the various aspects of 
public diplomacy related to national security. Chaired by the President's National Security 
Adviser, SPG members included the Secretaries of State and Defense, the Director, USIA, and 
the Assistant to the President for Communications, with other agencies invited as needed. The 
directive indicated the importance Reagan placed on strategic influence by listing department 
and agency principals as the primary members, although they could designate an alternate.*? 

NSDD 77 also established four interagency standing committees that reported to the 
SPG: the Public Affairs Committee, the International Information Committee, the International 
Political Committee, and the International Broadcasting Committee. The latter committee had 
responsibility for planning and coordinating international broadcasting activities pursuant to 
NSDD 45.” 

NSDD 77 gave the Public Affairs Committee responsibility for the planning and 
coordination of major speeches on national security subjects, and for the planning and 
coordination of public affairs for foreign policy events and foreign and domestic issues with a 
national security dimension. The International Information Committee had responsibility for 
planning, coordinating and implementing international information activities in support of US 
national security interests. This committee dealt almost exclusively with USIA activities, and 
was chaired by the Director, USIA. ?? 

The International Political Committee had a broader role than the other three. Headed 
by the State Department, it had responsibility for planning, coordinating and implementing 
international political activities in support of US national security interests. These activities 
included State Department's role in foreign aid, in training and organizational support for 
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democratization, and coordination and cooperation with non-government organizations and 
private voluntary organizations that supported democratization. NSDD 77 specifically directed 
the International Political Committee to develop means to increase the U.S. Government 
capability to promote democracy, "as enunciated in the President's speech in London, 8 Jun 
82," known as the Westminster speech. The directive also directed the committee to develop 
and implement plans, programs and strategies to counter totalitarian ideologies and political 
action by the Soviets. Additionally, NSDD 77 gave the State Department some authority to 
direct other departments to implement political action strategies in support of objectives 
established by the International Political Committee.” 

While Reagan was generally pleased with the progress made under NSDDs 45 and 77, 
he did not feel that the departments had gone far enough, nor that they were maintaining focus. 
On 6 March 1984 he signed NSDD 130 to re-emphasize and clarify his policy on strategic 
influence.” 

NSDD 130 reiterated the importance of U.S. international information programs to 
national security, expanded Reagan’s policies set out in NSDDs 45 and 77, and directed 
“sustained commitment over time to improving the quality and effectiveness of U.S. international 
information efforts” — including improving the level of resources devoted to international 
information activities and their coordination with other elements of national power. Areas 
highlighted for improvement included designing products for different cultural target audiences, 
further enhancing international radio broadcasting, and reconstituting a program for 
disseminating books and other publications abroad. NSDD 130 directed studies into more 
effective use of international television broadcasting, including the new audio and videocassette 
technologies, and into how to utilize new communications technologies to penetrate closed 
societies. NSDD 130 also addressed functional and personnel requirements, including 
development of career tracks and education programs.” 

NSDD 130 also directed great changes and improvements for DoD. First, NSDD 130 
directed DoD to give a high priority to the revitalization and full integration of PSYOP in military 
operations and planning. Second, Reagan directed DoD to participate in overt PSYOP 
programs in peacetime. Third, he tasked the SPG to lead the development of coordinated 
interagency international information plans that included utilizing DoD capabilities. Fourth, 
NSDD 130 directed all departments and agencies to develop special procedures to ensure 
policy consistency and timeliness in international information programs during crisis and war? 

When NSDD 130 was published, DoD undertook a major review and evaluation of 
military psyop capabilities. That review showed that DoD capabilities had significantly atrophied 
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since the Vietnam War. DoD's solution to correct its deficiencies was the DoD Psychological 
Operations (PSYOP) Master Plan of 1985. This watershed document provided a 
comprehensive plan for the fundamental improvement of DoD PSYOP capabilities worldwide, 
across the spectrum of conflict. 

Throughout DoD, PSYOP offices were re-established or improved. DoD created a 
PSYOP directorate, the first such office on the staff in over 20 years. JCS upgraded its PSYOP 
staff element from a branch to a division. The Department of the Army Staff upgraded its 
PSYOP staff element from a one-man shop to a PSYOP and Civil Affairs division.” Both Active 
and Reserve PSYOP units experienced growth in personnel, more funding for training, 
exercises and operations, and received updated equipment. 

One important directive of the Master Plan was the separation of PSYOP staff elements 
from special operations staff elements throughout DoD, including the military departments, the 
Joint Staff, Service staffs, unified and specified command staffs and their components. The 
DoD review had determined that the subordination of PSYOP personnel under special 
operations "de-linked" the PSYOP personnel from broad support of national policy and 
objectives and critical interagency coordination. The Plan also noted that PSYOP personnel in 
special operations staffs tended to work PSYOP issues only part-time, and the placement within 
special operations staffs contributed to a continuing lack of understanding within DoD of 
PSYOP. It also tended to reinforce the misperception by both military and civilian senior leaders 
that PSYOP focused primarily on special operations? 

The 1985 PSYOP Master Plan also called for the creation of a Joint PSYOP Center 
(JPOC), dedicated to the long-term development and nurturing of joint PSYOP capabilities in 
DoD. Among the responsibilities envisaged for the JPOC would have been developing long- 
range strategic PSYOP plans, and assisting both JCS and the Office of Secretary of Defense 
(OSD) to develop, plan and coordinate the DoD portion of national psychological operations 
activities. DoD placed the implementation of the JPOC on hold pending resolution of several 
issues resulting from the congressionally mandated reorganization of special operations, 
including the creation of the U.S. Special Operations Command (USSOCOM). Once military 
PSYOP was placed under USSOCOM, the implementation of JPOC was never executed - lost 
in the internecine battle for resources within USSOCOM.” Nevertheless, the other directives 
within the PSYOP Master Plan greatly strengthened and improved military PSYOP. 

Reagan provided additional guidance to DoD for increasing psychological operations 
with Executive Order 12333. Reagan wanted to increase and expand the execution of 
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democratization programs in Latin America. The EO established a presidential finding for CIA 
covert psychological activities and directed DoD to initiate several programs in the region. 

On 26 July 1984 DoD published DoD Directive S-3321.1, Overt PSYOP Conducted by 
Military Services in Peacetime, in direct response to NSDD 130 and Executive Order 12333. 
This directive is still valid and used daily as the policy guidance for peacetime PSYOP. DoD 
Directive S-3321.1 established the Overt Peacetime PSYOP Program (OP3), still operative 
today. Under OP3 each regional combatant commander develops and submits a plan for 
conducting peacetime psychological activities to support combatant commander and national 
security objectives within their area of responsibility. These activities are not limited to military 
PSYOP units, nor even to military activities — regional combatant commanders can recommend 
that other departments execute certain activities. Combatant commanders coordinate their OP3 
plans with Ambassadors in their region, and then submit the plans to JCS. JCS obtains 
concurrence within the military side of the Pentagon, while concurrently sending the proposed 
OP3 plans to OSD. OSD then coordinates within the interagency for review, comment and 
deconfliction. JCS passes approval of the plans back to the combatant commander once OSD 
has approved the plans. This process ensures that all the key players have had an opportunity 
to review the OP3 plans before the combatant commander executes the plan. °° 

Reagan also created the National Endowment for Democracy (NED) as a mechanism for 
overseeing disbursement of funds for the support of democratic political and cultural institutions 
abroad. ‘°° In his Westminster speech, Reagan proposed an initiative “to foster the infrastructure 
of democracy — the system of a free press, unions, political parties, universities — which allows a 
people to choose their own way, to develop their own culture, to reconcile their own differences 
through peaceful means."?' Congress authorized NED as part of the Fiscal Year 1984/85 State 
Department Authorization Act. Since its inception NED worked closely with State, USIA and, 
especially, private sector groups to foster abroad cultural values, institutions and organizations 
of democratic pluralism. By 1992, both Canada and the United Kingdom had developed similar 
grant programs. NED is still extant today as an independent organization which continues to 
work with the private sector to promote democratic institutions around the world. "° 

Despite a setback from the Iran-Contra Affair, the success and potency of Reagan's 
strategic influence program directly contributed to President George Bush's (“Bush |”) success 
in building and maintaining a coalition during the Gulf War. Reagan's improvement of U.S. 
military PSYOP capabilities also directly resulted in a highly successful psychological operations 
campaign during the conflict. 
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When Bush | took office, many "Reaganites" continued to serve in the new 
administration. Bush | continued many of Reagan's policies and practices, but not all of them. 
Many of the Reaganites tried to re-establish the best of Reagan's conventions, particularly those 
dealing with strategic influence. However, none were of sufficient stature to “carry the torch" 
through either the aftermath of Iran-Contra or the distraction of the re-election season. During 
the Gulf War, Bush's National Security Council did establish and chair an ad hoc committee, the 
PSYOP, Propaganda and Public Diplomacy Committee (3PD). 3PD included representatives 
from OSD, State Department, USIA, CIA and JCS. The committee generally met at least twice 
a week, and focused on coordination and exchange of information between the participating 
agencies, rather than tasking or execution of activities. 3PD ended quickly after the Gulf War. 
OSD and JCS, with positive endorsements from the other members, led a drive to get it 
permanently established, but NSC never took action. Most of the senior Administration officials 
did not see the utility of a standing committee in peacetime. 9? 

On 28 March 1990, Bush | signed National Security Review (NSR) 24. NSR 24 directed 
a broad examination of U.S. Government international broadcasting activities in the context of 
overall U.S. foreign policy objectives. The dramatic changes in the word political situation — the 
reintegration of Germany, the fall of the "Iron Curtain" and the pending dissolution of the Soviet 
Union — prompted the complete review of the mission, objectives and resource implications of 
government broadcasting. Bush | intended to use the response to NSR 24 for short-term 
decisions in the next two years. The NSR was very comprehensive, including directives for both 
a detailed assessment of current and future roles, and for the development of a broad range of 
policy options.'?^ 

Six months later, Bush | superseded NSDD 77 with National Security Directive (NSD) 
51. NSD 51 reaffirmed the four basic missions for U.S. Government international broadcasting: 
explaining U.S. policies and actions to foreign audiences; describing and explaining American 
culture and institutions; providing objective news, commentary and information about U.S. and 
world events; and providing surrogate programming to areas of U.S. interest where there is not 
a free press. Additionally, NSD established a Policy Coordinating Committee on International 
Broadcasting, chaired by State. However, NSD 51 also directed the consolidation of 
broadcasting operations and other austerity measures due to constrained budget levels.'?? 

Perhaps the most important directive in NSD 51 was the appointment of an independent 
bipartisan task force to study U.S. broadcasting assets, activities and technologies. Further, 
Bush | directed the task force to provide him with recommendations on the most appropriate 
organization and structure for a single U.S. Government broadcasting entity. This was the 
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genesis of the Broadcasting Board of Governors (BBG). . On 1 October 1 1999, as part of the 
1998 Foreign Affairs Reform and Restructuring Act, the BBG became an independent, 
autonomous entity responsible for all U.S. Government and government sponsored, non- 
military, international broadcasting. '9 

One outcome of the Gulf War was the rise in the military of the term “command and 
control warfare" (C2W). C2W was a new concept for disrupting an enemy's decision cycle. 
C2W consisted of five elements, called "pillars": PSYOP, electronic warfare, deception, 
operations security, and physical destruction, all supported by intelligence as the foundation. By 
the end of the 1990s, C2W had become a subset of the broader "information operations," which 
added computer network operations and critical information infrastructure defense to the original 
five pillars. 

When President Clinton took office, he abolished what remained of Reagan's and Bush's 
strategic influence interagency mechanisms. However, most of the military gains — the PSYOP 
Master Plan, OP3, and the improvement in military PSYOP troop units — remained, even 
through the post-Gulf War drawdown. 

In the late 1990s, Congress pushed for significant decreases in the foreign policy 
budget, including public diplomacy, under the pretext that with the winning of the Cold War, 
such a large public diplomacy machine was no longer needed - in reality, Congress was looking 
for money for domestic programs. In 1998, Congress passed the Foreign Affairs Reform and 
Restructuring Act. Among its many actions, the Foreign Affairs Reform Act disestablished the 
formerly independent USIA, and merged its functions and missions under the cognizance of the 
Department of State, within the new Under Secretary for Public Diplomacy & Public Affairs. ^" 
The same act slashed the State Department's budget, a condition that persisted for over a 
decade. In 2001 the share of the budget devoted to international affairs was only 1.18 
percent. "° 

By the end of the 1990s, the rise of the Internet and global media capabilities led to vast 
amounts of information, misinformation and opinions being available to the global audience. 
Much of the information and opinions spread by these new communications means did not 
reflect well on the U.S. or support national security objectives. Yet until 1999, the Clinton 
Administration did not have any specific national security policy concerning public diplomacy, 
international information, or information operations.’ Two key events in which information was 
used to devastating effect — the Balkans and the genocidal wars in Rwanda — galvanized 
Clinton into developing a national security policy to better fight this “new” war of ideas.'"° 
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On 30 April 1999, President Clinton finally established a policy on strategic influence by 
signing Presidential Decision Directive/NSC-68, "International Public Information". The overall 
objective of this presidential decision directive (PDD) was to "promote understanding and 
support for U.S. foreign policy initiatives around the world." PDD 69 goals included 
developing and executing a more effective and coordinated international public information (IPI) 
strategy, countering the growing hostile misinformation about the United States, and more 
effectively promoting U.S. policy, values and interests to foreign audiences. Most importantly, 
the PDD sought to harmonize and synchronize at the national level the efforts of all the various 
players and planners in IPI — including what the PDD terms "overt international military 
information." '* 

PDD 68 directed three key implementation strategies to ensure that IPI was integrated into 
national security policy-making. First, PDD 68 established the IPI Core Group (IPICG) as the 
interagency working group responsible for coordinating the activities and efforts of all 
government agencies that planned and conducted IPI activities. '? 

The State Department chaired the IPICG, with NSC serving as deputy chair. Other 
permanent members included Assistant Secretary-level representatives from DoD, JCS, USAID, 
and the National Security Council, plus a stipulation for others as required, and the option to 
establish sub-groups on regional, functional and transnational issues as appropriate." 

Second, PDD 68 directed the development of a national IPI strategy, including IPI plans 
for potential major regional and transnational challenges and contingencies. Plans were to 
address U.S. responses, resources required, scope and duration of IPI activities, and the 
desired result. The PDD also directed that these IPI plans be integrated into interagency 
planning as mandated in PDD 56, “Managing Complex Contingency Operations.”'"° 

Third, PDD 68 directed the IPICG to work with U.S. Government educational institutions to 
develop and conduct annual education and training activities designed to foster expertise in IPI 
and promote better coordination. '' 

At the instigation of OSD and Joint Staff, PDD 68 also directed the detailing, on a full-time, 
non-reimbursable basis, of one or more military personnel to the IPICG Secretariat, in 
recognition of the “predominant interest of DoD.”'"” 

PDD 68 was initially welcomed by the parties involved in its crafting. There had been no 
presidential guidance on strategic influence since Reagan’s NSDDs in the 1980s. And as USIA 
had been the primary means of “telling America’s story” overseas during the Cold War, there 
was growing concern about the U.S. Government's ability to influence foreign audiences. PDD 


68 was seen as a way to alleviate these concerns. '? 
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However, PDD 68 ran into problems almost from its inception. State Department had the 
chair, but did not have the necessary direction and tasking authority over the other departments. 
Meetings turned in reporting forums rather coordinating arenas. ? The State Under Secretary 
also hesitated in acting and forming the IPICG; in two years only two meetings of the formal 
IPICG were convened, although action officers did meet. Resourcing was another issue. PDD 
68 did not specifically provide any means or resources to the IPICG or to the implementing 
agencies. The departments hesitated to expand upon or initiate any new information activities 
without the assurance of funds to do so. '?' 

PDD 68 was also an unclassified document. It soon appeared in the media, and critics 
abounded, from journalists, to former officials, to current “unnamed” officials. Criticism ranged 
from those who thought it would be no more than a global spin machine, to those who thought it 
would filter information normally widely available to reporters, to those who thought it was meant 
to propagandize the American public, to those who thought the party in power would use it as a 
political tool. '** 

PDD 68 did have some accomplishments before its denouement. Under the IPICG, the 
Balkan IPI Working Group has been very effective in coordinating IPI activities in support of the 
continuing operations in Bosnia and Kosovo. And PDD 68 was the genesis of what is today a 
very close, mutually beneficial working relationship between DoD, the Broadcasting Board of 


Governors and the Voice of America. ?? 


STRATEGIC INFLUENCE TODAY 


Shortly after taking office, President George W. Bush issued National Security Policy 
Directive (NSPD) 1, which restructured the NSC system. NSPD 1 abolished all of Clinton's 
standing interagency working groups (IWG) and ad hoc groups. Instead of IWGs, Bush 
established policy coordination committees (PCC). NSPD 1 established a number of PCCs; 
more would be established in later NSPDs. NSPD 1 also recreated some of Clinton's IWGs as 
subcommittees under one of the new PCCs. 

The IPICG was one of many former IWGs that languished for several months, awaiting a 
decision from the new Administration. Eventually Bush decided to grandfather PDD 68, and the 
IPICG became a subcommittee under the new Counter Terrorism PCC. However, the IPICG 
lost momentum as an interagency coordinating body during its time in limbo. While it still 
continued to operate, it became primarily a State Department operation. "^ 
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The events of 11 September 2001 changed everything, not least of which was the 
administration's outlook concerning strategic influence. Faced with direct evidence that many 
people around the world actively hated the United States, Bush began taking action to more 
effectively explain U.S. policy overseas. 

Initially the White House and DoD turned to the Rendon Group, a private public relations 
firm that was already under contract to burnish the U.S. image overseas. Rendon focused on 
the immediate 24-hours news cycle as a means to shape opinions, rather than a long-term 
ideological change. Rendon helped create Coalition Information Centers (CIC) in Washington, 
London and Islamabad. Personnel in these offices prepared daily press releases and 
responses to any enemy propaganda in the news, conducted polling and held focus groups, and 
coordinated the appearances of U.S. officials on key Arabic television programs to occur at 
strategic, highly watched moments.’ Over time, Rendon's work was supplanted by other 
organizations. 

In October 2001, Bush swore in Charlotte Beers as the new Under Secretary of State for 
Public Affairs and Public Diplomacy. Beers had been a highly successful advertising executive 
on Madison Avenue. Secretary of State Colin Powell and President Bush hoped that Beers 
would be able to use her advertising skills to rejuvenate State's public affairs and public 
diplomacy programs to sell American policy and values overseas.'”° 

Reactions to Beers' appointment and to her first year in office have been mixed. Many 
critics doubt that the skills which succeed in selling a brand-name product to American 
consumers translate well into skills needed to sell policy and win a war of ideas with foreigners. 
Many complain that world opinion has changed little, or even worsened in the last year. Others 
feel that Beers has initiated several programs that may have an impact over time. '^ 

Early in August 2002, Bush announced the creation of the Office of Global 
Communications (OGC) to help manage and shape the U.S. image abroad. ^? Five months 
later Bush signed Executive Order 13283, officially establishing OGC within the White House 
Office. Bush assigned OGC the mission to advise the President on the most effective means 
“to ensure consistency in messages that will promote the interests of the United States abroad, 
prevent misunderstanding, build support for and among coalition partners of the United States, 
and inform international audiences." This advice was to be given only for overt information 
activities. ^? 

Other OGC functions specified in the Executive Order include assessing methods and 
strategies used by the government; coordinating the formulation of messages among 
appropriate agencies; working with other departments to develop a strategy for disseminating 
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“truthful, accurate and effective messages" about American policies, people and culture; and 
coordinating the creation of temporary communication teams that would deploy to areas of high 
global interest and media attention. Teams could not deploy without consultation with State 
Department and DoD. '?? 

Like the Rendon Group, OGC is focusing on the short-term goal of winning the evening 
news cycle rather than making any long-term effort to change attitudes and opinions. Its 
messages are more informative, more journalistic, than persuasive. OGC reports only to the 
White House; it is not within the NSC structure, although it does coordinate with the two PCCs 
discussed below. Despite its direct link to the White House, OGC does not have any tasking 
authority. The last line of the Executive Order specifically states that OGC does not have 
authority to issue directives to other agencies."' 

Bush split the remaining elements of strategic influence between two PCCs, the Counter 
Terrorism Information Strategy (CTIS) PCC and the Strategic Communications PCC (SC). NSC 
chairs the CTIS PCC, which is responsible for countering terrorist hostile propaganda and 
contains at least one subgroup, the Counter Propaganda Working Group. Both CIA and DoD 
participate in the CTIS PCC. NSC and State Department act as co-chairs of the SC PCC, which 
is responsible for overt public affairs and public diplomacy. The SC PCC has four 
subcommittees: Future Directions, Afghanistan, Iraq, and the State Fusion Center. Neither CIA 
nor DoD attends the SC PCC. And while the NSC chair of the CTIS PCC attends SC PCC 
meetings, the reverse is not true. '*? 

In August 2002, Congress also approved spending $225 million on cultural and 
information programs abroad, mostly targeting Muslim countries. Representative Henry Hyde 
sponsored the bill, citing a need to correct a “cacophony of hate and misinformation” about the 
U.S. «199 

In March 2002, the U.S. Broadcasting Board of Governors (BBG) launched Radio Sawa, 
an Arabic entertainment and news station that can be heard throughout the Middle East. Within 
just a few months, ratings increased by 33%. The BBG is now planning a television 
counterpart. '?^ 

In 2001, OSD established the Office of Strategic Influence (OSI), in an attempt to fill the 
gaps between Bush's PCCs and the OGC. Officials within DoD were also concerned about the 
void left from the nonfunctional IPICG. Bush's organizations took a long time to become fully 
established and begin working. DoD also felt that the three organizations were too narrowly 
focused on explaining U.S. policy to broad, global audiences. None appeared to be focused on 
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specific target audiences, with a specific strategy and objectives in mind, or on the government 
actions needed to affect long-term U.S. goals. '*° 

OSI was headed by Major General Worden, U.S. Air Force. OSI was nominally under 
the Assistant Secretary of Defense for Special Operations and Low Intensity Conflict (ASD 
SOLIC), who had policy oversight of psychological operations, but it reported directly to the 
Under Secretary of Defense for Policy. DoD did not envision that OSI would be solely a DoD 
organization. OSI sought input and representatives from other departments from the beginning. 
DoD hoped that OSI would be a catalyst for action, and once it started developing and 
implementing influence campaigns, State would take a bigger role, and eventually OSI would 
become an interagency body. "°° 

MG Worden had a vision, plans and objectives for what he believed OSI should 
accomplish in support of national objectives — something that was lacking in the other players in 
strategic influence at the time. One of the first things OSI looked at was how to affect change in 
the madrassas, the Muslim schools, where the current curriculum and textbooks are virulently 
anti-American. '°” 

In a classic example of the internecine battles that have always plagued strategic 
influence, OSI was sabotaged internally within DoD and abolished by Secretary of Defense 
Donald Rumsfeld less than five months after its establishment. Someone in DoD leaked 
information to the press that OSI intended to plant false messages and misinformation in 
overseas media, news that would then be reported in the U.S. as factual. This type of action 
was not in OSI's charter, and the charge was never substantiated. Nonetheless, Rumsfeld felt 
that the damage caused by the media controversy and exposure were too great to overcome, 
and he closed the office. 

All that remains in OSD for strategic influence is a small Office of Information Activities 
(OIA) buried within ASD SOLIC. OIA has retained responsibility for policy oversight of military 
psychological operations activities. It also provides the OSD representative to the CTIS PCC. 
OIA hopes to implement a few of the actions recommended by OSI, but with few resources, few 
personnel, and little authority, its effectiveness is doubtful. Additionally, OIA is maintaining a low 
profile, due to fears that whoever sabotaged OSI will also sabotage OIA. "°° 

JCS currently has a PSYOP division, generally six personnel headed by an Army O-6, 
within the J-39, Deputy Director for Information Operations (DDIO), a directorate that has 
existed only since 1997. Other divisions within DDIO have responsibility for other elements of 
information operations. The DDIO himself is a brigadier general; the first three have been Air 
Force generals. This gives functional responsibility for a majority of strategic influence to a 
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general or flag officer, something that had been missing for decades. The PSYOP Division has 
a multitude of responsibilities: coordinating PSYOP policy within JCS; developing and staffing 
JCS positions on DoD and national policy regarding PSYOP; promulgating joint PSYOP 
doctrine; representing JCS in the interagency; preparing and staffing deployment orders for 
PSYOP units; shepherding approval of PSYOP plans and orders within JCS and the Services; 
providing national-level PSYOP guidance to the combatant commanders; staffing PSYOP 
product approval within JCS and with OSD, when approval has not been delegated to the 
regional combatant commanders; and providing the U.S. representative to the North Atlantic 
Treaty Organization (NATO) PSYOP Working Group. '*? 

When the War on Terrorism started in the Fall of 2001, JCS established the Information 
Operations Task Force (IOTF), at the direction of the Chairman of the Joint Chiefs of Staff 
(CJCS), General Myers. Originally, the CJCS intended the IOTF to be an interagency group 
that would direct information and influence operations and act as the single point of contact for 
the U.S. Government; its original title was "Information Operations Resource Center (IORC)." 
But no other agencies or departments would participate in the IORC. No other agency wanted 
to put their people under a DoD brigadier general. '^? 

When the IORC didn't become an interagency group, JCS established the IOTF. It was 
given space, but few other resources. DDIO stripped almost two-thirds of its own people, 
including all of the PSYOP Division, away from their normal duties to fill the IOTF.'^' 

The IOTF was largely ineffective and was disbanded in July 2002. It initially developed a 
system of public affairs, PSYOP and information operations "alerts" to provide guidance and 
information to DoD senior officials and the regional combatant commands. No one ever used 
the public affairs or PSYOP alerts. The information operations alerts became just “FYI” notes 
for the DoD leadership, rather than action documents. The alert system had been designed to 
address both foreign and domestic audiences; however, the focus quickly changed to domestic 
audiences to gain public support for the War on Terrorism. One positive outcome of this ill- 
conceived idea was that PSYOP Division personnel were returned to their normal duties, due to 
concerns over violation of the Smith-Mundt Act.'^ 

The IOTF did create an excellent, scientific database to measure and track "Measures of 
Effectiveness" (MOE) for information operations. Effective MOE tracking is a shortcoming in 
PSYOP and information operations. However, many DoD officials questioned the resources 
and effort put into the MOE database when there was not an effective information operations 
program to track. As one official put it, ^we had the Cadillac of MOE databases with the Yugo of 


information operations campaigns." ^ 
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Within the Armed Forces, there is still only one active duty organization, the 4" 
Psychological Operations Group (4^ POG). It is a de facto national asset. This one unit 
provides support to all levels of DoD, from brigade to unified command, to both conventional 
forces and special operations, and to the other Services. 4" POG also frequently provides 
analytical support and PSYOP products directly to national level agencies and organizations. 
Within the 4" POG is the Strategic Studies Detachment — a group of high-quality civilian 
intelligence analysts and area experts who provide detailed PSYOP studies and assessments in 
support of unified commands and national-level agencies. 

In early 2002, Rumsfeld published his Defense Planning Guidance (DPG). The DPG 
directed OSD, JCS and the Services to develop an "Information Operations Roadmap" to 
improve DoD capabilities. The DPG included fourteen separate sub-studies that were to be 
addressed in the Roadmap. These included recommendations for the establishment of a 
strategic PSYOP detachment, for improved education on information operations, and for 
improvements in the information operations career field, including the creation of flag officer 
positions. '** 

The DPG itself and the Information Operations Roadmap developed within DOD remain 
classified. The Roadmap does recommend a significant budget increase for military PSYOP. It 
also recommends the establishment of a strategic PSYOP unit. Officials in DoD are not 
commenting on what the unit will look like, where it will be located or to whom it will report. 
Experts in the field believe that it should be located in the Washington, D.C. area, to properly 
integrate into the interagency strategic influence effort, including providing support to other 
agencies. However, many are afraid that the controversy over OSI would extend to the new unit 
and limit its ability if it were located in the area; alternative sites and command structures are 
being explored. 


THE WAY AHEAD 


“Why is the PSYOP contest so asymmetrical? One might assume that a 
"battle of ideas” should be won by a superpower that has more 
communications consultants, advertising executives, information and media 
specialists, political advisers, public relations professionals, and 


psychologists than the total number of [operatives in Al Qaeda]." ^? 


Originally written about the failure of U.S. "hearts and minds" campaigns during the 
Vietnam War, the quote above is equally valid today. Is the Bush Administration organized 
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effectively to counter the growing anti-American sentiment around the world? What can the 
Bush Administration learn from the past? 

The strongest periods of U.S. strategic influence had several common features: 
permanent, rather than ad hoc organizations; specific charters outlining roles and 
responsibilities for all agencies; top-level interest, guidance and cover; and full-time staffs. 
Further, the various departments had dedicated full-time people who had direct access to key 
policy decision makers. 

It’s ironic that back in Truman's and Eisenhower's Administrations, when the news 
media was extremely slow compared to today, there was better recognition than exists today 
that timeliness of decisions and activities is critical to strategic influence. This is particularly true 
in DoD, where the trained, experienced action officers are buried under layers of staffs levels, 
often headed by people who have little understanding or appreciation of the psychological 
impacts of policy. The 21% century information cycle will not wait while an action officer staffs 
policy decisions through several levels. 

The Bush Administration should re-evaluate how it has organized to conduct strategic 
influence. The current structure is trifurcated, with responsibilities split between three different 
organizations (OGC, CTIS PCC, SC PCC). Additionally, due to their narrow focus and lack of 
participation by all departments involved in strategic influence, gaps exist. Areas available for 
influence are not being exploited. 

One person should be in charge of strategic influence for the President - one person, 
who is a member of NSC, not one of the departments, agencies, PCCs, or OGC; one who can 
direct, coordinate and provide guidance to all. In today's Information Age, the President needs 
a Special Assistant to the President for Information Activities — a National Information Adviser 
(NIA). The NIA should be provided a full-time staff, with experts from all the agencies, as 
Eisenhower did with his second POCC, established in January 1954. 

Both Eisenhower's POCC and Reagan’s SPG, established under NSPD 77, provide 
models to build on. The role of the NIA would not be much different from the POCC Chair, the 
OCB Executive Secretary, or the SPG Chair, the National Security Adviser. The key difference 
is that national psychological strategy was just one of their myriad duties. Appointing an NIA, 
with a dedicated staff, whose sole responsibility would be strategic influence, would greatly 
improve coordination of strategic influence activities and the quality of advice provided to the 
President. The authority invested in the position would also improve implementation of 
activities. Both the PSB and IPICG failed because they lacked sufficient authority to direct the 
coordination and implementation of policy decisions, and because they could not rise above 
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interagency rivalry. Further, having an NIA should improve timeliness of interagency action. It 
has taken Bush's SC PCC nearly two years to develop a vision and charter. 

Additionally, the Bush Administration needs to articulate a national psychological 
strategy, a strategy that is as broad and encompassing as the containment strategy of the Cold 
War. The nuclear threat, combined with other weapons of mass destructions (WMD), is as 
imminent today as ever. And the threat of another attack like 11 September is even greater. 
But now many of the potential perpetrators are non-state actors. Just as in the Cold War, the 
U.S. must use all elements of national power to deter the use of WMD. Strategic influence, as 
defined in the beginning of this paper, will be key to success. Persuasive information alone will 
not be sufficient; messages must be backed up by action or they will be ineffectual. Reagan's 
NSPD 130 provides a starting model, although it needs to be updated. As one writer put it, 
"NSDD 130 should be dusted off and made required reading throughout the executive and 
legislative branches. This landmark document established international information as a major 
instrument of national security policy, and the responsibility of no single agency of the 
government." 

Gordon Gray's priorities upon becoming director of the PSB also provide a good 
example of how to begin addressing a national psychological strategy. The national 
psychological strategy should clearly define national interests and objectives. Goals not clearly 
defined are rarely achieved. Goals specifically defined will guide effective action by the 
departments; generalized statements will lead to continued inaction and interagency rivalry, 
and, ultimately, an ineffective strategic influence program. Objectives should include not just 
adversarial or hostile audiences, but also allies and neutral audiences. The weakening of U.S. 
alliance structures has been a key strategic objective of U.S. opponents in recent years. ^" 

A national psychological strategy should concentrate equally on long-term attitude and 
behavior changes as on explaining U.S. policy to foreign audiences. The feelings that begat the 
acts of 11 September did not occur overnight. Those attitudes had been building for years, and 
they will not change overnight. A national psychological strategy should also incorporate U.S. 
Government actions that help foster positive changes in the social and political conditions that 
continue to create animosity towards the U.S. This may include re-examining U.S. policies 
versus U.S. national interests — is it more in the national interest to continue policies which are 
engendering such hostile attitudes, or would it be more in the U.S. national interest to modify 
that policy to mitigate the negative response? 

The PSB's first report on its assessment of the U.S psychological efforts noted that, "the 
contract between the messages of freedom and democracy that were often broadcast and the 
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actions of the U.S. was often stark. The implication was that the current method of policy 
formulation could be more effective if the message and the actions were more closely 
coordinated." One of the NIA's responsibilities would be to ensure that psychological impact 
of policies when communicated to foreign audiences is considered before the adoption of the 
policy. 

Secretary Rumsfeld needs to reorganize DoD as well. First, DoD needs someone with 
the appropriate position and authority to oversee the policy and to coordinate DoD strategic 
influence activities among DoD public affairs, military PSYOP, and other military information 
activities. Just as the President needs an NIA, so too does Secretary Rumsfeld need an adviser 
who is dedicated to strategic influence. History provides an example — the Deputy for 
Psychological Policy under Truman. Today, however, a "Deputy for Information Policy" would 
best be placed directly under the Under Secretary of Defense for Policy (USDP), "^? so that the 
position would be above that of the several Assistant Secretaries of Defense who are players in 
strategic influence. OIA should then be moved under the new Deputy for Information Policy. 

DoD also needs to formally establish a DoD Committee on strategic influence, as has 
been done several times in the past. The officers and officials within JCS and OSD do a good 
job of communicating and coordinating among themselves. However, formalization lends 
legitimacy and gets attention. Flag officers and senior officials do not perceive ad hoc groups 
and meetings as being important compared to committee meetings which the Secretary of 
Defense or the USDP has declared will occur. 

One area that the Administration should address immediately is the distrust and 
antipathy of the military by other departments involved in strategic influence. PSB was based 
on the false premise that you could separate psychological strategy from national strategy. 
Equally fallacious in today's world of instant, worldwide communications is the notion that you 
can separate military psychological activities from public affairs and public diplomacy. There is 
a prevailing misconception in the State Department and public affairs field that military 
psychological operations are not truthful, and that contact with PSYOP will somehow taint public 
affairs and public diplomacy. While there are valid reasons for keeping the messages and 
activities separated in the eyes of foreign audiences, those reasons do not apply to coordination 
at the U.S. national level. 

The initial strategic influence efforts of the Bush Administration have revealed a typically 
American myopic viewpoint: Americans assume that other people think as they do and want the 
same things that American do — that other people want to be like Americans. For instance, one 
of the first information products developed by Beers was a series of videos showing Muslim life 
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and activities in the U.S. This exemplifies the naiveté that simply showing America to foreign 
Muslims would convince them that they would want to emulate America and shouldn't disagree 
with U.S. policies. It also demonstrated little understanding of how the target audience would 
view the film - Muslims in this country live in luxury compared to most of the Muslims overseas 
that the videos targeted. The target audiences could not identify with the film, there was no 
emotional connection. 

The Administration's efforts also appear to be hampered by "political correctness," 
something that has been a bane for military PSYOP for years. In an effort not to offend 
anybody, products are bland, without emotional impact. On other hand, terrorist propaganda 
does not simply reach for hearts and minds; it activates envy, fear and anger by stirring primal 
emotions.'^? Television provides numerous examples of angry, intense, committed anti- 
American protestors. Seldom do you see equally emotionally committed people protesting for 
the United States. At some point, strategic influence must go beyond simply informing and 
educating and must involve the emotions of the target audiences. 


"Painful as it may be to face squarely the question of American cultural 
inhibitions in the area of psychological-political conflict, the effort is 
necessary — in order not only to develop intelligent approaches to dealing 
with them but also to achieve the cultural self-consciousness essential for 
effective participation in this kind of conflict. It is essential because 
Americans tend to assume that people everywhere are much like 
themselves, with similar fundamental motivations and views of the world. 
But blindness to differences in national characteristics is apt to be a fatal 
handicap for anyone attempting to affect the psychological orientation and 
political behavior of foreign audiences."*' 


The answer to the question, "Why do they hate us?,” is not just that they don't 
understand us. Simply explaining U.S. policy, U.S motives, and the U.S. way of life will not 
change hostile audiences if they perceive our policies as inimical to their way of life. A world- 
class strategic influence campaign will not be the panacea for overcoming the current difficulties 
in world opinion. No wizardry in communications can make bad policy decisions or actions 
palatable. However, having a competent strategic influence campaign is essential to U.S. 
victory in the War on Terrorism. Without one, anti-American sentiment will continue to grow, 
and the U.S will be increasingly vulnerable to more attacks like 11 September 2001. 


WORD COUNT = 15,387 
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Foreword 


This comprehensive list of intelligence abbreviations and acronyms includes 
those used presently, as well as those in use for approximately the last ten years. 
Sources for this list include the last DIA Lexicon published in 1991, numerous 
glossaries from Unified Command and Combat Support Agency documents, and 
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expansion of any item may vary somewhat from one organization to another, 
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or abbreviations by mail to: Defense Intelligence Agency, Joint Military Intelligence 
College, MC Attn: Dr. R. Swenson, Bolling AFB, Washington, DC 20340-5100: 
by Ingternet to AFswerg G dia.osis.gov, or by Fax to (202) 231-2171. 


Dr. Russell G. Swenson, Editor and Director, Office of Applied Research 
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ABBREVIATIONS AND ACRONYMS 


AAA 
AAAOB 
AABNCP 
AAC 
AACB 
AACE 
AACOMS 
AACS 
AAD 
AADC 


AADCCS 
AADP 
AADS 
AAE 
AAF 
AAFES 
AAFIF 
AAG 
AAI 
AAIFF 
AAM 
AAO 
AAR 
AAS 
AASLT 
AATS 
AAVS 
AAW 
AAWC 
AB 
AB2 
ABC 
ABCCC 
ABCOMM 
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Air Force Intelligence Staff Officer (component level) 


(1) Attack Assessment; (2) Attrition Analysis; (3) Antiaircraft; 
(4) Avenue of Approach; (5) Automatic Associator 


(1) Antiaircraft Artillery; (2) Air Avenue of Approach 
Antiaircraft Artillery Order of Battle 

Advanced Airborne National Command Post 
Alaskan Air Command 

Aeronautics and Astronautics Coordinating Board 
Army Alternate Command and Control Element 
Army Area Communications System 

Attitude and Antenna Control Subsystem 

Airborne Assault Division 


(1) Army Air Defense Command; 
(2) Area Air Defense Commander 


Area Air Defense Command and Control System 
Area Air Defense Plan 

Antiaircraft Defense System 

Army Acquisition Executive 

Army Airfield 

Army & Air Force Exchange Service 

Automated Air Facilities Information File 

Army Artillery Group 

Air-to-Air Intercept 

Air-to-Air Identification Friend or Foe 
Air-to-Air Missile 

Analysis of the Area of Operations 

(1) Active Array Radar; (2) After Action Report 
Analyst Automation Segment 

Air Assault 

Automated Architecture Tool Suite 

Aerospace Audiovisual Service 

Anti Air Warfare 

Anti Air Warfare Commander 

Air Base 

Air Battle Command System (ABCS) Brigade and Below 
Airborne Corps 

Airborne Battlefield Command and Control Center 
Alternate/Backup Communications 


ABCS 
ABIC 
ABIT 


ABM 
ABMA 
ABN/Abn 
ABNCP 


ABR 
ABW 
AC 


A/C 

A2C2 
AC-130 
AC2SMAN 


AC2MP 
ACA 


ACAAM 
ACACS 
ACAT 
ACC 


ACCB 
ACCHAN 
ACCIS 
ACCISS 


ACCO 
ACCS 


ACDA 
ACDS 
ACDUTRA 
ACE 


ACES 
ACEVAL 
ACF 
ACFT 
ACI 
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Army Battle Command System 
Army Battlefield Interface Concept 


(1) Airborne Imagery Transmission; 
(2) Airborne Information Transmission Program 


(1) Antiballistic Missile; (2) Automatic Building Machines 
Army Ballistic Missile Agency 
Airborne 


(1) Airborne Command Post; 
(2) Airborne National Command Post 


Available Bit Rate 
Air Base Wing 


(1) Air Crew; (2) Active Component; 
(3) Air Conditioning; (4) Alternating Current 


Aircraft 
Army Airspace Communications and Control 
AFSOF Spectre Gunship 


Alaskan Command and Control System Military 
Automated Network 


Army Command and Control Master Plan 


(1) Alternate Command Authority; 
(2) Airspace Control Authority 


Air Courses of Action Assessment Model 
Army Command and Area Communications System 
Acquisition Category 


(1) Access Control Center; (2) Air Control Center; (3) Aviation 
Component Commander, (4) Air Component Commander, 
(5) Air Combat Command; (6) Army Component Command 


Army Configuration Control Board 
Allied Command Channel 
Allied Command and Control Information System 


(1) Automated Command and Control Intelligence 
Support System; (2) Alaskan C2 Intelligence Support System 


Army Central Control Office 


(1) Airborne Command and Control Squadron; 
(2) Airborne Command and Control System; 
(3) Advanced Communications Control System 


Arms Control and Disarmament Agency 
Advanced Combat Direction system 
Active Duty Training 


(1) Allied Command, Europe; (2) Advance Communications 
Element; (3) Aviation Combat Element; (4) Analysis Control 
Element; (5) Assistant Corps of Engineers; 

(6) Airborne Command Element 


Automated Command and Control Evaluation System 
Air Combat Evaluation 

Alternate Command Facility 

Aircraft 

Airborne Controlled Intercept 


ACINT 
ACIS 
ACL 
ACLANT 
ACO 
ACOC 


ACOM 
ACOS 
ACOS/I 
ACOUSTINT 
ACP 


ACPERS 
ACQ 
ACR 


ACS 


ACS/I 
ACSA 
ACSB 
ACSC 
ACSI 
ACT 


ACTD 
ACTEDS 
ACTS 


ACUS 
ACV 
ACW 
AD 


A/D 
ADA 
ADACP 
ADAPCP 
ADAPT 
ADARS 
ADATS 
ADBT 
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Acoustic Intelligence 

Arms Control Intelligence Staff 

Access Control List 

Allied Commander Atlantic 

(1) Access Control Officer; (2) Airspace Control Officer 


(1) Area Communications Operations Center; 
(2) Air Combat Operations Center 


Atlantic Command 

Assistant Chief of Staff 

Assistant Chief of Staff for Intelligence (Navy) 
Acoustical Intelligence 


(1) Alternate Command Post; (2) Assault CP; (3) Allied Commu- 
nications Publications; (4) Airspace Control Plan 


Army Civilian Personnel System 
Acquisition 


(1) Armored Cavalry Regiment; 
(2) Automated Change Recognition 


(1) Afloat Correlation System; (2) Aerial Common 
Sensor; (3) AUTODIN Switching Center; (4) Airborne 
COMINT System; (5) Assistant Chief of Staff 


Assistant Chief of Staff for Intelligence 

Allied Communications Security Agency 
Amphibious Contingency Support Briefs 

Air Command and Staff College 

Assistant Chief of Staff Intelligence, HQ USAF 


(1) Air Combat Tactics; 
(2) Advanced Concepts and Technology Program 


Advanced Concept Technology Demonstration 
Army Civilian Training, Education, & Development System 


(1) Advanced Communications Technology; 
(2) Advanced Communications Technology Satellite 


(1) Area Common User Systems; 
(2) Army Common User System 


(1) Armored Command Vehicle; (2) Air Cushion Vehicle; 
(3) Armored Combat Vehicle 


(1) Aircraft Control and Warning; (2) Anticarrier Warfare; 
(3) Air Control Wing 


(1) Air Defense; (2) Destroyer Tender; (3) Air Division; 
(4) Artillery Division; (5) Active Duty 


Analog/Digital 

Air Defense Artillery 

Alcohol & Drug Abuse Control Program 

Alcohol & Drug Abuse Prevention & Control Program 
Automated Decisionmaking and Program Timeline 
Army Defense Acquisition Regulation Supplement 
Air Defense Antitank System 

Advanced Data Base Technology 
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ADC (1) Aide-de-Camp; (2) Air Direction Center; 
(3) Assistant Division Commander; 
(4) Air Data Computer; (5) Air Defense Coordinator 


ADCAP Advanced Capability 

ADCC Air Defense Command Center 

ADCCP Advanced Data Communications Control Procedures 

ADCOM (1) Aerospace Defense Command (now SPACECOM); 
(2) Administrative Command 

ADCON Administrative Control 

ADCSOPS Assistant Deputy Chief of Staff for Operations and Plans 

ADD (1) Air Defense District; (2) Assistant Deputy Director (DIA) 

ADDIS Advanced Deployable Digital Imagery System 

ADDISS Advanced Deployable Digital Imagery Support System 

ADDO Associate Deputy Director of Operations 

ADDO(MA) Associate Deputy Director of Operations for Military Affairs 
(DIA) 

ADDO(MS) Associate Deputy Director of Operations for Military Support 
(NSA) 

ADDS Army Data Distribution System 

ADDU Additional Duty 

ADE (1) Audio Deception Emitter; (2) Aerial Delivery Equipment 

ADEW Airborne Directed Energy Weapons 

ADF Automatic Direction Finding 

ADFH Air Deployable Forward Headquarters 

ADG Deperming Ship 

ADI Air Defense Initiative 

ADIC Aerospace Defense Intelligence Center 

ADIEC Army Deployable Imagery Exploitation Capability 

ADIO Additional Duty Intelligence Officer 

ADISS Advanced Defense Intelligence Support System 

ADIZ Air Defense Identification Zone 

ADL (1) Ada Design Language; (2) Armistice Demarcation Line 

ADLP Advanced Datalink Protocol 

ADM (1) Atomic Demolition Munitions; (2) Advanced Development 
Model; (3) Acquisition Decision Memorandum 

Admin Administration/ Administrative 

ADN ACE DGZ Number (NATO) 

ADNET Antidrug Network 

ADOC Air Defense Operations Center 

ADP (1) Automated Data Processing; (2) Airborne Data Processing 

ADP-MIS Automated Data Processing Management Information System 
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ADP-T 


ADPCM 
ADPE 
ADPS 


ADPSSM 
ADPSSO 
ADPSSP 
ADRG 
ADRI 
ADS 


ADSS 
ADSTAR 
ADSW 
ADT 
ADTLP 
ADTOC 
ADTS 
ADV 
ADVAL 
ADVON 
ADW 
ADX 
ADZ 
AE 


AEAO 
AEB 
AEC 
AEDS 
AEELS 


AEICC 
AEM 
AEMS 
AEN 
AEOS 
AEROFLOT 
AES 
AESC 
AETC 
AETCAE 
AEV 
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(1) Automated Data Processing and Associated 
Telecommunications; (2) Automated Data Processing and 
Associated Training 


Adaptive Differential Pulse-Code Modulation 
Automated Data Processing Equipment 


(1) ASARS Deployable Processing Station; 
(2) Automated Data Processing System 


Automated Data Processing Systems Security Manual 
ADP Special Security Officer 

Automated Data Processing System Security Program 
Advanced Digitized Raster Graphics 

Arc Digital Raster Imagery 


(1) Automated Data System; (2) Air Defense Sector; 
(3) Airlift Defensive System; (4) Acoustic SOF Detection 
System; (5) Advanced Distributed Simulation 


Aerospace Defense Systems Subcommittee 
Advanced Document Storage & Retrieval System 
Active Duty for Special Work 

(1) Active Duty For Training; (2) Additional Duty Training 
Army Doctrine and Training Literature Program 
Air Defense Tactical Operations Center 
Adversary Threat Squadron 

Advance(d) 

Air Defense Evaluation Test 

Advanced Echelon 

Air Defense Warning 

Air Defense Exercise 

Air Defense Zone 


(1) Atomic Energy; (2) Assault Echelon; (3) Ammunition Ship; 
(4) Aerial Exploitation; Application Entity 


Airborne Emergency Action Officer 
Aerial Exploitation Battalion 
ASARS Exploitation Cell 

Atomic Energy Detection System 


(1) Automatic ELINT Emitter Location System; 
(2) Airborne ELINT Emitter Location System 


Area Emergency Information Coordination Center 
Missile Tender 

Automated Edge Measurement System 

Arbitrary ELINT Notation 

Advanced Electro-Optical Sensor 

Former Soviet Union Civil Airline 

(1) Atomic Energy Site; (2) Airborne ELINT System 
Aerospace Environmental Support Center 

Air Education and Training Command 

Army Europe Technical Control and Analysis Element 
Armored Engineer Vehicle 


AEW 
AEW&C 
AF 
AFAC 
AF ACSI 
AFAITC 


AFAL 
AFAMPE 
AFAMRL 
AFAP 
AFARN 
AFAS 
AFATDS 
AFB 


AFC 


AFC4A 


AFCA 
AFCC 


AFCEA 
AFCENT 
AFCS 


AFCSC 
AFDB 
AFDD 
AFDIGS 
AFDL 
AFDM 
AFDT 
AFEOC 
AFEWC 
AFFIS 
AFFOR 
AFGCCS 
AFGL 
AFGWC 
AFGWC/FNOC 


AFGWS 
AFIA 
AFIC 
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Airborne Early Warning 

Airborne Early Warning and Control 

(1) Air Force; (2) Armed Forces; (3) Stores Ship 
Airborne Forward Air Controller 

Air Force Chief of Staff Intelligence 


Armed Forces Air Intelligence Training Center 
(Goodfellow AFB, TX). 


Air Force Armament Laboratory 

USAF Automated Message Processing Exchange 
Air Force Aerospace Medical Research Laboratory 
Artillery-Fired Atomic Projectile 

Air Force Air Request Net 

Advanced Field Artillery System 

Advanced Field Artillery Tactical Data System 


(1) Air Force Base; (2) Airframe Bulletin; 
(3) Antifriction Bearing 


(1) Automatic Frequency Control; 
(2) All-source Fusion Center (Marine Corps) 


USAF Command, Control, Communications and 
Computer Agency 


Air Force Collection Assets 


(1) Air Force Communications Command; 
(2) Air ForceComponent Command 


Armed Forces Communications Electronics Association 
Allied Forces Central Europe (NATO) 


(1) Automatic Flight Control System; 
(2) Army Facility Component System 


Air Force Cryptologic Support Center 
Auxiliary Floating Drydock (large) 

Air Force Doctrine Document 

Air Force Digital Graphic Systems 
Auxiliary Floating Drydock (small) 
Auxiliary Floating Drydock (medium) 
AEELS Fixed Downlink Terminal 

Air Force Emergency Operations Center 
Air Force Electronic Warfare Center 
Airfield Facilities Information System 
Air Force (Component) Forces 

USAF Global Command and Control System 
Air Force Geophysics Laboratory 

Air Force Global Weather Central 


Air Force Global Weather Center/Fleet Numerical 
Operations Center 


Air Force Ground Weather Stations 
Air Force Intelligence Agency 


(1) Air Force Information Center; (2) Air Force Intelligence 
Command; (3) Air Force Intelligence Center 


AFNORTH 
AFNORTHWEST 


AFOC 
AFOE 
AFOSI 
AFOSP 
AFOSR 
AFOTEC 
AFR 
AFRES 
AFS 
AFSAA 
AFSAC 
AFSAT 
AFSATCOM 
AFSC 


AFSCOORD 
AFSCF 
AFSCN 
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Air Forces Iceland 

Air Force Intelligence Communications Plan 
Armed Forces Imagery Exploitation System 

Air Force Intelligence Information Systems Plan 
Association of Former Intelligence Officers 

Air Force Intelligence Plan 

Air Force Intelligence Service/Study 

Air Force Intelligence Support Agency 

Air Force Institute of Technology 

Air Force Intelligence Training Center 

Air Force Information Warfare Center 

AFSOC Local/Wide Area Network 

U.S. Air Forces, Atlantic 

Air Force Logistics Command 

Air Force Liaison Element 

Air Force Liaison Office 

Air Force Manual 

Air Forces of the Military District/Group of Forces 
Air Force Materiel Command 

Armed Forces Medical Intelligence Center 

Air Force Military Personnel Center 

Air Force Modeling and Simulation Information System 


Air Force Mission Support System 
(1) Air Force Network; (2) Air Force Data Network 
Allied Forces Northern Europe (NATO) 


(1) Allied Forces Northwest Europe (NATO); 
(2) Air Forces Northwest Region 


Air Force Operations Center 

Assault Follow-On Echelon 

Air Force Office of Special Investigations 

Air Force Office of Security Police 

Air Force Office of Scientific Research 

Air Force Operational Test and Evaluation Center 
(1) Air Force Reserve; (2) Air Force Regulation 
Air Force Reserve 

(1) Air Force Station; (2) Combat Stores Ship 
Air Force Studies and Analyses Agency 

Air Force Special Activities Center 

Air Force Satellite 

Air Force Satellite Communications System 


(1) Air Force Systems Command; (2) Air Force Specialty Code 


(3) Armed Forces Staff College 
Assistant Fire Support Coordinator 
Air Force Satellite Control Facility 
Air Force Satellite Control Network 
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AFSIP Air Force Satellite Intelligence Program 
AFSOB Air Force Special Operations Base 
AFSOC Air Force Special Operations Command 
AFSOD Air Force Special Operations Detachment 
AFSOE Air Force Special Operations Element 
AFSOF Air Force Special Operations Forces 
AFSOS Air Force Special Operations School 
AFSOUTH Allied Forces Southern Europe (NATO) 
AFSOUTHCOM Air Force Southern Command 
AFSPACECOM Air Force Space Command 
AFSPC Air Force Space Command 
AFSPCIP Air Force Space Command Intelligence Plan 
AFSPOC Air Force Space Operations Center 
AFSSE Air Force Space Surveillance Element 
AFSST Air Force Space Support Team 
AFSTC Air Force Space Technology Center 
AFTAC Air Force Technical Applications Center 
AFTACIES Air Force Tactical Imagery Exploitation System 
AFTF Air Force Task Force 
AFTFWC Air Force Tactical Fighter Weapons Center 
AFV Armored Fighting Vehicle 
AF/VC Air Force Vice Chief of Staff 
AFWAL Air Force Wright Aeronautical Laboratory 
AFWARNS Air Force Warning System 
AFWCCS Air Force Wing Command and Control System 
AFWL Air Force Weapons Laboratory 
AG (1) Adjutant General; (2) Miscellaneous Auxiliary Ship 
AGARD Advisory Group for Aerospace Research and 

Development (NATO) 
AGB Icebreaker 
AGC Automatic Gain Control 
AGCCS Army’s Global Command and Control System 
AGDS Deep Submergence Support Ship 
AGE Experimental Auxiliary 
AGEF Frigate Research Ship 
AGEH Experimental Auxiliary (Hydrofoil) 
AGER Intelligence Research Ship 
AGES Advanced Ground Exploitation System 
AGF Miscellaneous Command Ship 
AGHS Patrol Combatant Support Ship 
AGI Intelligence Collection Ship 
AGL (1) Buoy Tender; (2) Above Ground Level 
AGM (1) Air-to-Ground Missile; 

(2) Missile Range Instrumentation Ship 
AGMR Major Communications Relay Ship 
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AGMS 
AGOR 
AGOS 


AGP 
AGR 
AGS 


AGT 
AGZ 

AH 
AHFEWS 
AI 


A3I 
AIA 


AIAA 
AIA/IRD 
AIAWS 
AIB 

AIC 


AICBM 
AID 


AIDES 


AIDS 


AIF 


AIFV 
AIG 
AIIC 
AIIF 
AIIRS 
AIM 


AIMD 
AIMP 
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Armored Ground Mobility System 
Oceanographic Research Ship 


(1) Ocean Surveillance Ship; (2) Air-Ground Operations School 
(NATO); (3) Air-Ground Operations System 


Patrol Craft Tender 
Army Guard Reserve 


(1) Hydrographic Survey Ship; 
(2) FSU Automatic Grenade Launcher 


Agent 

Actual Ground Zero 

(1) Hospital Ship; (2) Alternate Headquarters 
Army High Frequency Electronic Warfare System 


(1) Airborne Intercept; (2) Air Intelligence; (3) Artificial Intelli- 
gence; (4) Air Interdiction; (5) Airborne Interceptors; (6) Area of 
Interest; (7) All-Source Intelligence 


Accelerated Architecture Acquisition Initiative 


(1) Army Intelligence Agency; (2) ACE Intelligence 
Architecture; (3) ACE Interface Architecture; 
(4) Air Intelligence Agency 


American Institute of Aeronautics and Astronautics 

Air Intelligence Agency/Intelligence Reserve Detachment 
Automated Intelligence Analyst Workstation 

Atlantic Intelligence Board 


(1) Atlantic Intelligence Command; 
(2) Afloat Intelligence Center 


Anti-Intercontinental Ballistic Missile 


(1) U.S. Agency for International Development; 

(2) Aerospace Information Digest; (3) Army Information Digest; 
(4) Accident, Incident, Deficiencies; 

(5) Active Integral Defense 


(1) Analyst Intelligence Information Display and 
Exploitation System; (2) Automated Intelligence Display and 
Exploitation System 


(1) Acoustic Intelligence Data System; (2) Advanced Identifica- 
tion System; (3) Acquired Immune Deficiency Syndrome 


(1) Automated Installations Intelligence File; (2) Army Industrial 
Fund; (3) Airfield Installation File; (4) Air Intelligence Flight; 
(5) Automated Installation File 


Armored Infantry Fighting Vehicle 

(1) Address Indicator Group; (2) Air Intelligence Group 
Advanced Imagery Interpretation Course 

Automated Installation Intelligence File 

Automated Intelligence Information Retrieval System 


(1) Air Intercept Missile; (2) Active Inert Missile; 
(3) ADCOM Intelligence Memorandum 


Aircraft Intermediate Maintenance Department 


(1) Army Intelligence Management Plan; 

(2) Army Intelligence Master Plan; 

(3) Advanced Imagery Management Program; 

(4) Automated Information Management Program 


AIMTB 
AIN 
AIO 
AIOEC 
AIP 


AIPR 

AIR 
AIRA 
AIRCENT 


AIRCOM 
AIRCOMTERM 
AIRES 

AIRES II 
AIREW 

AIRK 

AIRLO 
AIRREQRECON 
AIR 

AIRS 


AIRTAPS 
AIS 


AISA 
AISS 
AIST 
AITE 
AIU 
AIWO 
AIWS 
AJ 
AJCC 
AJFP 
AJNPE 
A/JSIC 
AK 


AKA 
AKDC 
AKD/RCU 
AKL 
AKM 
AKMC 
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Artificial Intelligence Module Testbed 
Advanced Intelligence Network 

Air Intelligence Officer 

Association of Iron Ore Exporting Countries 


(1) Architecture Implementation Plan; 
(2) Anti-Surface-Warfare Improvement Program 


Automated Information Processing Request 
American Institute for Research 
Air Attache 


(1) Air Forces Central Region (NATO); 
(2) Allied Air Forces Central Europe 


Air Command 

Airborne Communications Terminal 

Advanced Imagery Requirements and Exploitation System 
Airborne Reconnaissance Electronic System I 

Airborne Infrared Early Warning 

Area Interswitch Rekeying Key 

Air Liaison Officer 

Air Request Reconnaissance 

(1) Replenishment Oiler; (2) American Institute of Research 


(1) Advanced Inertial Reference Sphere; 
(2) Automated Information Retrieval Systems 


Aerial Imagery Reconnaissance Tracking and Plotting System 


(1) Automated Indicator System; (2) Advanced Indications 
Structure; (3) Advanced Indications System; (4) Army 
Intelligence Survey; (5) Automated Information System; 
(6) Air Intelligence Squadron 


Automated Intelligence Support Activity 
Automated Information Systems Security 
Air Intelligence Support Team 

Advanced Indications Technology Experiment 
Army Interrogation Unit 

Air Intelligence Warning Officer 
Advanced Interdiction Weapon System 
Antijamming 

Alternate Joint Communications Center 
Adaptive Joint Force Package 

Airborne Joint Nuclear Planning Element 
Alternate JSIC 


(1) Cargo Ship; (2) FSU Kalashnikov Family of Assault Rifles; 
(3) Automatic Remote Rekeying 


Also Known As 

Automatic Key Distribution Center 

Automatic Key Distribution/Rekeying Control Unit 
Light Cargo Ship 

(1) Apogee Kick Motor; (2) AK-47 Assault Rifle 
Automated Key Management Center 
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AKMS 
AKR 
AKTCAE 
ALAIRCOM 
ALARM 
ALASAT 
ALASCOM 
ALB 
ALBM 
ALC 
ALCATS 
ALCC 
ALCE 
ALCM 
ALCOM 
ALCOP 
ALCOR 
ALCS 

ALD 

ALE 


ALERT 
ALES 
ALF 
ALFA 
ALL 
ALMS 
ALO 
ALOC(S) 
ALPS 
ALRAAM 
ALRP-S 
ALRPG 
ALS 
ALSA 
ALSS 
ALT 
ALTAIR 
ALTREV 
ALUSNA 
ALUSNLO 
ALWT 
ALWTIC 
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Automated Key Management System 

Vehicle Cargo Ship 

Army Korea Technical Control And Analysis Element 
Alaskan Air Command 

Alert, Locate and Report Missiles 

Air-Launched Antisatellite 

Alaskan Communications Inc. 

Air-Land Battle Doctrine (FM 100-5) 

Air-Launched Ballistic Missile 

Accounting Legend Code 

Automated Lines of Communication and Target System 
Airlift Control Center 

Airlift Control Element 

Air-Launched Cruise Missile 

Alaskan Command 

Alternate Command Post 

ARPA Lincoln C-Band Observable Radar 

Airborne Launch Control System 

Airlift Division 

(1) AIRES Lifecycle Extension; 

(2) Automated Link Establishment 

Attack and Launch Early Report to Theater (AF) 
AIRES Life Extension System 

Auxiliary Landing Field 

Advanced Liaison Forward Area 

Airborne Laser Laboratory 

Automated Logistics Management System 

(1) Air Liaison Officer; (2) Authorized Level of Organization 
Air Line(s) of Communication 

Accidental Launch Protection System 

Air-Launched Long-Range Air-to-Air Missile 

Army Long-Range Plan for Space 

Army Long-Range Planning Guidance 

(1) Active Laser Seeker; (2) Airborne Link Segment 
Air-Land-Sea Application (Center) 

Advanced Location Strike System 

(1) Alternate; (2) Altitude 

ARPA Long-Range Tracking and Instrumentation Radar 
Altitude Reservation 

American Legation U.S. Naval Attache 

American Legation U.S. Naval Liaison Officer 
Advanced Lightweight Torpedo 

Annual Land Warfare Technical Intelligence Conference 
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(1) Ante Meridian (Before Noon); 
(2) Amplitude Modulation; (3) Asset Manager; 
(4) Aerographers Mate 


Air Mobile Assault Brigade 


(1) Advanced Marine Airborne SIGINT System; 
(2) Advanced Marine Air Support System 


Automated Map-Based Intelligence Support System 


(1) Airspace Management and Control; (2) Army Materiel 
Command (Formerly DARCOM); (3) Air Mobility Command; 
(4) Air Mission Commander 


(1) Ashore Mobile Contingency Communications; 
(2) Ashore Mobile Command Center 


AMC Deputy Chief of Staff for Intelligence 
American Citizen 

Airborne Mine Countermeasures 

Activated Metal Decoy 

AEELS Mobile Downlink Terminal 

Airspace Management Element 

American Embassy 

Artillery Meteorological System 

Allied Command Europe Mobile Force (NATO) 
Automated Message Handling 

Army Management Headquarters Activity 
Automated Message Handling System 

Airborne Mine Detection System 

Army Modernization Information Memorandum 
Army Model Improvement Plan 

Army Multispectral Imagery Requirements Study 
Advanced Microwave Imaging Sensor 


Army Modernization Memorandum 
Ammunition 


(1) Allowance Material Management System; 
(2) Acquisition Milestone Management System 


Army Mobilization and Operations Planning and Execution 
System 


Army Mobilization Operations and Planning System 
Air Force Maui Optical System 


(1) Amplification; (2) Army Modernization Plan; 
(3) Acquisition Master Plan 


Automated Message Processing Dissemination System 
Automated Message Processing Exchange 

Aerial Mission Photographic Indoctrination 
Amphibious 

Amplitude 


(1) Automated Mission Planning System; (2) Automated Mes- 
sage Processing System; (3) Aim Point System 


Advanced Medium-Range Air-to-Air Missile 
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Advanced Remote Miniaturized Weather Station 


(1) Automated Message System; (2) Auto-Manual System; 
(3) Autonomous Message Switch; 
(4) Advanced Mapping Spectrometer 


Amateur Radio Satellite 

Advanced Military Spaceflight Capability 
Advanced Missile System Heavy 
Assured Mission Support Space Architecture 
Advanced Medium STOL Transport 
ACTS Mobile Terminal 

Airmobile Task Force 

Army Mission Training Plan 

Astronaut Maneuvering Unit 

Amphibious Warfare 

(1) Net Tender; (2) Army/Navy 
Analyst-to-Analyst Message Format 
African National Congress 


(1) Ashore Navy Communications Capability; 
(2) Automated Network Control Center 


Advanced Narrowband Digital Voice Terminal 
Analyst-to-Analyst Exchange Message Format 
Ammonium Nitrate Fuel Oil 

Air National Guard 

Army National Guard Base 

Air and Naval Gunfire Liaison Company 
Net-Laying Ship 

Analysis 

Alternate National Military Command Center 
Alternate National Military Intelligence Center 

(1) Alaskan NORAD Region; (2) Active Noise Reduction 
Association of Natural Rubber-Producing Countries 
American National Standards Institute 

Aviator’s Night Vision Imaging System 

Army Navy Vehicle Radio Communications 
Australia, New Zealand, United States 


(1) Action Officer; (2) Oiler; (3) Authenticator Organization; 
(4) Area of Operations; (5) Aerial Observer 


(1) Amphibious Objective Area; (2) Angle of Attack; 
(3) Angle of Arrival; (4) Airborne Optical Adjunct 


(1) Air Order of Battle; (2) Advanced Operational Base 
Air Order of Battle Textual Summary 


(1) Air Officer Commanding (U.K.); (2) Air Operations Center; 
(3) Army Operations Center 


Area Operations Control Center 

Aviation Officers Candidate School 

Fast Combat Support Ship 

U.S. AID Office for Foreign Disaster Assistance 
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AOG 
AOI 
AOIC 
AOIR 


AOL 
AO&M/NM 


AOO 
AOP 
AOR 
AOS 


AOSG 
AOSS 
AOT 
AOTF 
AP 


AP-I 
APB 


APC 


APCC 
APFSDS 
APHIS 
APL 


APM 
APMS 


APO 
APOD 
APOE 
APORTS 
APP 
APPS 
Appl 
Approx 
APPS 
APS 
APT 
APU 
APVO 
APW 
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Gasoline Tanker 
(1) Area of Influence; (2) Area of Interest 
Assistant Officer in Charge 


(1) ACE Operational Intelligence Requirements; 
(2) Area of Intelligence Responsibility 


Area of Limitation 


Administration, Operations, and Maintenance/Network 
Management 


Air Operations Order 
(1) Area of Probability; (2) Air Operations Plan 
Area of Responsibility 


(1) Special Liquids Tanker; (2) Amphibious Objective Study; 
(3) Area of Separation 


Amphibious Operation Support Graphic 
Automated Office Support System 
Transport Oiler 

Acoustic-Optic Tunable Filter 


(1) Armor-Piercing; (2) Air Police; (3) Transport Ship; 
(4) Associated Press; (5) Ammonium Perchlorate; 
(6) Antipersonnel; (7) Application Processor 


Armor Piercing Incendiary 


(1) Self-Propelled Barracks Ship; (2) All Points Bulletin; 
(3) Antipersonnel Bomb; (4) Acquisition Program Baseline 


(1) Armored Personnel Carrier; (2) Area of Positive Control; 
(3) Adaptive Predictive Coding 


Alternate Processing and Correlation Center 
Armor-Piercing, Fin-Stabilized, Discarding Sabot 
USDA Animal and Plant Health Inspection Service 


(1) Barracks Craft (non self-propelled); 
(2) Applied Physics Laboratory (Johns Hopkins University) 


Army Program Memorandum 


(1) Automated Production Management System; 
(2) Advanced Precision Measurement System 


(1) Army Post Office; (2) Air Post Office 

Aerial Port of Debarkation 

Aerial Port of Embarkation 

Aerial Ports File (JOPES) 

Application 

Applications 

Application 

Approximately 

Analytical Photogrammetric Position System 
(1) ASARS-II Processing Segment; (2) Air Planning System 
(1) Automatic Picture Transmission; (2) Airport 
Auxiliary Power Unit 

FSU Air Defense Aviation 

American Prisoner of War 
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AQF 
AR 


ARABSAT 
ARB 
ARC 


ARCENT 
ARCENT-K 
ARCENT-SA 
ARCH 
ARCOM 
ARDC 
AREC 

ARCS 


ARD 
ARDF 
ARDM 
AREPT 
ARF 
ARFCOS 
ARFOR 
ARG 


ARIS 
ARL 


ARL-I 
ARLANT 
ARLEA 
ARLO 
ARM 


ARMA 
ARMISE 
ARMLO 
ARMS 
ARNG 
ARO 
ARP 
ARPA 
ARPAC 
ARPANET 
ARPS 
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Advanced QUICKFIX 


(1) Advanced Readiness; (2) Army Regulation; 
(3) Action Required; (4) Repair Ship; (5) Agent Report; 
(6) Army Reserve; (7) Army 


Arab Satellite (Communications Organization) 
Battle Damage Repair Ship 


(1) Cable Ship; (2) Acquisition Review Committee; 
(3) Armored Reconnaissance Carrier; 
(4) Air Reserve Component 


U.S. Army Forces Central Command 
USACENT forward element-Kuwait 
USACENT forward element-Saudi Arabia 
Architecture 

Army Command 

Air Research and Development Command 
Air Element Coordinator 


(1) Automated Reproduction and Collating System; 
(2) Acquisition Radar and Control System 


Auxiliary Repair Drydock 
Airborne Radio Direction Finding 
Auxiliary Repair Drydock 

Agent Report 

Airborne Relay Facility 

Armed Forces Courier Service 
Army Force(s) 


(1) Amphibious Readiness Group; 
(2) Internal Combustion Engine Repair Ship 


Advanced Range Instrumentation Ship 


(1) Landing Craft Repair Ship; (2) Airborne Reconnaissance 
Low; (3) Army Research Lab; (4) Aerial Reconnaissance Liaison 


Airborne Reconnaissance Low-Imagery 
U.S. Army Forces, LANTCOM 

Army Logistics Evaluation Agency 

Air Reconnaissance Liaison Officer 


(1) Antiradiation Missile; 
(2) Atmospheric Radiation Measurement 


Army Attache 

Army Reserve Military Intelligence Support Element 
Army Liaison Officer 

Automated Resource Management System 
Army National Guard 

(1) Area Records Officer; (2) Auxiliary Readout 
Alert Response Plan 

Advanced Research Projects Agency 

Army Pacific 

Advanced Research Projects Agency Network 
Advanced Radar Processing System 
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ARPV Advanced Remotely Piloted Vehicle 

ARR Radiological Repair Ship 

ARRC (1) ACE Rapid Reaction Corps; (2) Allied Rapid Reaction Corps 
ARRN Andean Ridge Radar Network 

ARRS Aerospace Rescue and Recovery Service 

ARS (1) Salvage and Rescue Ship; (2) Aerial Reconnaissance and 


Surveillance; (3) Airborne Receiver System; 
(4) Air Rescue Service 


ARSA (1) Annual Reevaluation of Safe Areas; 
(2) Airborne Reconnaissance and Surveillance Architecture 
ARSGS Airborne Reconnaissance SIGINT Ground Systems 
ARSO Assistant Regional Security Officer 
ARSOA Army Special Operations Aviation 
ARSOC Army Special Operations Command 
ARSOF Army Special Operations Forces 
ARSOFE Army Special Operations Forces, Europe 
ARSOFSUPCOM Army Special Operations Forces Support Command 
ARSOTF Army Special Operations Task Force 
ARSP Advanced Reconnaissance Support Program 
ARSPACE Army Space Command 
ARSPACECOM Army Space Command 
ARSPOC Army Space Operations Center 
ARSST Army Space Command Space Support Team 
ARSTAF Army Staff 
ART (1) Aerial Reconnaissance Team; (2) Amateur Radio Transceiver 
ARTADS Army Tactical Data System 
ARTAS-K Army Training and Support-Kuwait 
(former name for ARCENT-K) 
ARTBASS Army Training Battle Simulation Systems 
ARTCC Air Route Traffic and Control Center 
ARTEP (1) Army Readiness Training Evaluation Program; 
(2) Army Training and Evaluation Program 
ARTISS Advanced Requirements Tasking Information and 
Support System 
ARTPP Airborne Reconnaissance Technology Program Plan 
ARTS Automated Remote Tracking Station 
ARTY Artillery 
ARV (1) Armored Recovery Vehicle; (2) Armored Reconnaissance 
Vehicle; (3) Aircraft Repair Ship 
ARW Air Refueling Wing 
16 
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AS 


ASA 
ASA 


ASAB 
ASAC 
ASAP 


ASAR 

ASARC 
ASARS 
ASART 


ASAS 
ASAS-AS 
ASAS-E 
ASAS-SS 
ASAS-W 
ASAT 


ASB 
ASC 


ASCAMP 
ASCII 
ASCC 


ASCII 
ASCM 
ASCON 
ASD 

ASD (C3I) 


ASD (CAI) 


ASD (ISA) 
ASD (S&R) 
ASD (SO/LIC) 


ASDC 
ASDEP 
ASDIA 
ASDIAZ 


ASDIAZO 
ASDIC 
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(1) Submarine Tender; (2) Air Surveillance; (3) Analysis Sub- 
system; (4) Air Station; (5) Anti Spoofing; (6) Advanced Sensors 


Army Space Agency 


(M&RA)Assistant Secretary of the Army (Manpower and 
Reserve Affairs) 


All-Source Analysis Branch 
All-Source Analysis Center 


(1) As Soon As Possible; 
(2) Advanced Sensor Applications Program 


Advanced Synthetic Aperture Radar 
Army Systems Acquisition Review Council 
Advanced Synthetic Aperture Radar System 


(1) AEELS Support Analysis Reporting Terminal; 
(2) Analysis Support and Reporting Terminal 


All-Source Analysis System 

All-Source Analysis System All-Source Workstation 
All-Source Analysis System-Extended 

All-Source Analysis System Single-Source Workstation 
All-Source Analysis System WARRIOR 


(1) Antisatellite; (2) Antisatellite Treaty; 
(3) Advance Satellite Antenna Technology 


(1) Air Surveillance Broadcast; (2) Army Science Board 


(1) AUTODIN Switching Center; (2) Army Service Component; 
(3) Army Space Command; (4) Advanced Systems Course 


Advanced Single-Channel Manpack 
American Standard Code for Information Interchange 


(1) Air Standardization Coordinating Committee; 
(2) Alternate Space Control Center 


American National Standard Code for Information Interchange 
Antiship Cruise Missile 

Automatic Switched Communications Network 

Assistant Secretary of Defense 


Assistant Secretary of Defense (Command, Control, 
Communications, and Intelligence) 


Assistant Secretary of Defense (Command, Control, 
Communications, Computers and Intelligence) 


Assistant Secretary of Defense for International Security Affairs 
Assistant Secretary of Defense for Strategy and Requirements 


Assistant Secretary of Defense for Special Operations and Low 
Intensity Conflict 


Advanced Space Data Corporation 
Army Space Exploitation Demonstration Programs 
All-Source Document Index 


All-Source Document Index Automated 
File-Compartmented 


All-Source Document Index Automated File-ORCON 
Armed Services Documents Intelligence Center 
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ASDS 


ASDV 
ASE 


ASEAN 
ASED 
ASEDP 
ASEMA 
ASF 
ASFC 
ASG 
ASGOBS 
ASI 


ASIC 
ASICC 
ASIDS 
ASIP 
ASIPS 
ASIS 
ASIT 
ASM 


ASMD 
ASMT 
ASN (RDA) 


ASOC 
ASOG 
ASOS 
ASP 
ASPAC 
ASPADOC 
ASPB 
ASPIC 
ASPJ 
ASPO 
ASPS 
ASR 


ASRP 


ASRRS 
ASSC 
ASSET 
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(1) Automated SIGINT Dissemination System; 
(2) Advanced SEAL Delivery System 


Auxiliary SEAL Delivery Vehicle 


(1) Aircraft Survivability Equipment; 
(2) Airborne Support Element 


Association of Southeast Asian Nations 

Army Space Exploitation Demonstration 

Army Space Exploitation Demonstration Program 
Army Special Electronic Mission Aircraft 
All-Source Format 

All-Source Fusion Center 

Area Support Group 

Army Standard Ground Order of Battle System 


(1) Additional Skill Indicator; (2) U.S. Army Space Institute; 
(3) All-Source Intelligence 


All-Source Intelligence Center 

All-Source Intelligence Coordinating Center 
Airborne Secondary Imagery Dissemination System 
All-Source Imagery Processor 

Army Standard Intelligence Plotter System 

Army Space Initiatives Study 

Adaptable Surface Interface Terminal 


(1) Air-to-Surface Missile; (2) Antiship Missile; 
(3) Attache Support Message 


Antiship Missile Defense 
Assessment 


Assistant Secretary of the Navy (Research, Development and 
Acquisition) 


Air Support Operations Center 

Air Support Operations Group 

Air Support Operations Squadron 

Ammunition Supply Point 

Asian and Pacific Council 

Alternate Space Defense Operations Command 
Assault Patrol Support Boat (Riverine Warfare Craft) 
Armed Services Personnel Interrogation Center 
Airborne/Advanced Self-Protection Jammer 
Army Space Program Office 

All-Source Production Section 


(1) Submarine Rescue Ship; (2) Airport Surveillance Radar; 
(3) Adaptive Situation Recognizer 


(1) Airborne SIGINT Reconnaissance Program; 
(2) Airborne SIOP Reconnaissance Plan 


Army Survivable, Recovery and Reconstitution System 
Alternate Space Surveillance Center 
All Source Satellite Evaluation Tool 
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ASSIST 


ASSM 
ASSOTW 
ASSR 
ASST 
ASSW 
ASTAG 
ASTEC 


ASTERIX 
ASTMP 
ASTP 
ASU 


ASUW 
ASU SWA 
ASUWC 
ASV 
ASW 
ASWC 
ASWCCS 
ASWOC 
ASWTF 
AT 


ATA 


ATAC 
ATACC 
ATACMS 
ATACMS ER 
ATACS 


ATAF 
ATARS 
ATAS 
ATB 
ATBM 
ATC 


ATCAE 
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(1) Army System for Standard Intelligence Support 
Terminals; (2) Automated Special Security Terminals; 
(3) Automated Special Security Information System; 
(4) Automated Information System Security Incident 
Support Team 


Antiship Surface Missile 

Airfields and Seaplane Stations of the World 
Autonomous Soviet Socialist Republic 

(1) Antiship Surveillance and Tracking; (2) Assistant 
Antisurface Ship Warfare 

Army Service and Technology Advisory Group 


Advanced Satellite Technology and Extremely High 
Frequency Communications 


Automated Analyst Support Tools 
Army Science and Technology Master Plan 
APOLLO-SOYUZ Test Program 


(1) FSU Airborne Self-Propelled Antitank Gun; 
(2) Approved for Service Use 


Antisurface Warfare 

Administrative Support Unit Southwest Asia 

Antisurface Warfare Commander 

Armored Support Vehicle 

(1) Antisubmarine Warfare; (2) Aircrew Survival Weapon 
Antisubmarine Warfare Commander 

Antisubmarine Warfare Command and Control System 
Antisubmarine Warfare Operations Center 
Antisubmarine Warfare Task Force 


(1) Antitank; (2) Air Transit; (3) Simple Antenna 
(Electronic Component); (4) Air Technician; (5) Awaiting Trans- 
portation; (6) Antiterrorism, (7) Annual Training 


(1) Actual Time of Arrival; (2) Ocean Tug; (3) Air Transport 
Association; (4) Advanced Tactical Aircraft; (5) Air Traffic 
Agency 


ASAP Technical Advisory Committee 
Advanced Tactical Air Command Center 
(U.S.) Army Tactical Missile System 

Army Tactical Missile System Extended Range 


(1) Analyst-to-Analyst Communications Service; 
(2) Army Tactical Communications System 


Allied Tactical Air Force (NATO) 

Advanced Tactical Aerial Reconnaissance System 

(1) Air- To-Air Stinger; (2) Automatic Terrain Avoidance System 
(1) Air Technical Battalion; (2) Advanced Technology Bomber 
Antitactical Ballistic Missile 


(1) Air Traffic Control; (2) Air Training Command, USAF; 
(3) Air Target Chart; (4) Mini-Armored Troop Carrier (Riverine 
Warfare Craft) 


Army Technical Control and Analysis Element 
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ATCC 
ATCCS 
ATCH 
ATCU 
ATD 


ATDB 
ATD/IFD 


ATDL 
ATDS 
ATE 
ATETS 
ATF 


ATFD 
ATGIN 
ATGL 
ATGM 
ATH 
ATI 
ATIC 
ATIMS 
ATL 
ATLIS 
atm 
ATM 


A-TM 
ATMDE 
ATMG 
ATMOS 
ATMP 
ATO 
ATOC 
AFTOCONF 
ATOL 
ATOS 
ATP 


ATP-FO 
ATP/RMBUX 
ATR 

ATRS 


Page 3289 of 3957 


Page 3289 of 3957 


Air Traffic Control Center 

Army Tactical Command and Control System 
ASW Torpedo-Carrying Helicopter 

Airfield Traffic Control Unit 


(1) Actual Time of Departure; 
(2) Advanced Technology Demonstration 


ACE Target Data Base 


Advanced Technology Demonstration/Integrated 
Feasibility Demonstration 


Automated Tactical Data Link 
Airborne Tactical Data System 
Automatic Test Equipment 
Atomic Heat and Powerplant 


(1) Advanced Tactical Fighter; (2) Amphibious Task Force; 
(3) Fleet Ocean Tug; (4) Aviation Turbine Fuel; 
(5) After the Fact 


Automated Tactical Fusion Division 

Atomic Ground Intercept 

Antitank Guided Launcher 

Antitank Guided Missile 

Above The Horizon 

Automated Tactical Intelligence 

Aircraft Technical Intelligence Conference 
Advanced Technical Information Management System 
ACE Threat List 

Airborne Tracking Laser Identification System 
Atmosphere 


(1) Antitank Missile; (2) Air Target Materials; (3) Air 
Target Mosaic; (4) Antitactical Missile; (5) Asynchronous Trans- 
fer Mode; (6) Air Tasking Message 


Alpha Team (Special Forces Operational Detachment) 
Army Theater Missile Defense Element 

Arms Transfer Management Group 

Atmospheric Trace Molecules Spectroscopy 

Air Target Materials Program 

(1) Air Tasking Order; (2) Abort-To-Orbit 

Allied Tactical Operations Center (NATO) 

Air Tasking Order Confirmation 

Assisted Takeoff & Landing 

Atlantic Theater Operational Intelligence System 


(1) Allied Tactical Publication (NATO); (2) Advanced Technol- 
ogy Program; (3) Advanced Tracking Prototype; (4) Advanced 
Tactical Planner 


Automated Tracking Prototype Follow-On 

Advance Tracking Prototype/Rocky Mountain Basic UNIX 
Automatic Target Recognition 

Advanced Tactical Reconnaissance System 
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ATS (1) Salvage and Rescue Ship; (2) Automated Tasking System; 
(3) Audit Trail Server; (4) Applications Technology Satellite 


ATSS Alaskan Transportable Satellite System 

AT&T American Telephone and Telegraph 

ATT Technical Assistance Training Team 

ATTCS Army Tactical Command and Control System 

ATTD Advanced Technology Transition Demonstration 

ATTE Assistant Theater Topographic Engineer 

ATTG Automated Tactical Target Graphic 

ATTN/Attn Attention (to the attention of) 

ATTP ACOM Tactics, Techniques, and Procedures 

ATWC Atmospheric Tactical Warning Connectivity 

AU Air University 

AUD Arbitrary Unit Designator 

AUGTDA Augmentation Table of Distribution and Allowances 

AUM Air-to- Underwater Missile 

AUS Army of the United States 

AUSA Association of the United States Army 

AUSCANUKUS Australia, Canada, United Kingdom, United States 

AUSD Assistant Deputy Under Secretary for Defense 

AutoID Automatic Identification 

AUTODIN Automatic Digital Network 

AUTOSEC Automation Security 

AUTOSEVOCOM Automatic Secure Voice Communications Network 

AUTOVON Automatic Voice Network 

AUTUMN FORGE NATO Exercise 

AUXCP Auxiliary Command Post 

AV (1) Armored Vehicle; (2) Audio-Visual; (3) Air Vehicle; 
(4) Auxiliary Vector 

AVCS Attitude and Velocity Control System 

AVF All-Volunteer Force 

AVGAS Aviation Gasoline 

AVHRR Advanced Very High Resolution Radiometer 

AVIM Aviation Intermediate Maintenance 

AVLB Armored Vehicle-Launched Bridge 

AVMF FSU Naval Aviation 

AVMT Aviation Maintenance Trainer 

AVN Aviation 

AVP Authorized Vendor Program 

AVR Aircraft Rescue Vehicle 

AVSAT Aviation Satellite System 

AVSCOM Aviation System Command 

AVT Auxiliary Aircraft Landing Training Ship 

AVUM Aviation Unit Maintenance 
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AW 


AWACS 
AWADS 
AWARS 
AWC 


AWDS 
AWE 
AWESSI 
AWGN 
AWIS 


AWN 
AWOP 


AWS 


AWSS 
AWT 
AWWIMS 
AWX 
AXAF 
AXP 
AXT 

AZ 
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(1) Air Warning; (2) Automatic Weapon(s); 
(3) Water Tanker; (4) All- Weather 


Airborne Warning and Control System 
Adverse Weather Aerial Delivery System 
All-Weather Reconnaissance System 


(1) Air War College; (2) Army War College; 
(3) Air Warfare Center 


Automated Weather Distribution System 
Advanced Warfighting Experiment 

Automatic Weapon Effect Signature Simulator 
Additive White Gaussian Noise 


(1) Army WWMCCS Information System; 
(2) Aircraft Wireless Intercom System 


Automated Weather Network 


(1) Absent Without Pay; 
(2) Automated Weaponeering Optimization Program 


(1) Air Weather Service; (2) Advance Warning System; 
(3) Analyst Workstation 


Area Weapon Scoring System 

Water Transport 

Automated Worldwide Warning Indicator Monitoring System 
All-Weather 

Advanced X-ray Astrophysics Facility 

Allied Exercise Publication 

Training Ship 

Azimuth 
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BADGE FINDER 
BADGE KEEPER 
BAE 

BAG 

BAI 


BALTAP 
BAN 
BANDIT 
BAO 
BAOR 
BARB 
BARCS 
BAS 


BASIC 
BASOPS 
BASS 
BAT-D 
BATF 
BATO 
BATS 
BAWB 
BB 
BBBG 
BBLS 
BBO 
BBS 
B2C2 
BCA 
BC2A 
BCBL 
BCC 
BCDSS 
BCE 
BCI 
BCR 


BCS 
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(1) Budget Authority; (2) Budget Activity 

Broad Agency Announcement 

(1) Budget Activity Code; (2) Broad Area Coverage 
Baseline Assessment Document 

Proper Name of System 

Proper Name of System 

Battlefield Area Evaluation 

Battalion Artillery Group 


(1) Battlefield Air Interdiction; (2) Backup Aircraft 
Inventory; (3) Battlefield Artificial Intelligence 


Baltic Approaches (NATO Naval Command) 

Base Area Network 

Bragg Area Network for Digital Intelligence Transmission 
Basic Attack Option 

British Army of the Rhine 

Beacon-Aided Radar Bombing 

Battlefield Area Reconnaissance System 


(1) Broad Area Search; (2) Battlefield Automated Systems; 
(3) Billet Access System 


Battle Area Surveillance & Integrated Communications 
Base Operations 

Battlefield Surveillance System 

Battlefield Deception 

Bureau of Alcohol, Tobacco, and Firearms 
Balloon-Assisted Take-Off 

Ballistic Aerial Target System 

Bomber Activity Weekly Brief 

Battleship 

Battleship Battle Group 

Barrels 

Booster Burnout 

Brigade/Battalion Simulation 

Brigade and Below Command and Control System 
Broadcast Control Authority 

Bosnia Command and Control Augmentation 
Battle Command Battle Lab 

Base Communications Center 

Battle Command Decision Support System 
Battlefield Coordination Element 

Bit-Count Integrity 


(1) Battlefield Communications Review; 
(2) Baseline Change Request 


Broadcast Control Station 
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BCT 


BCTP 
BCV 

Bd 

BDA 
BDA/PSA 
BDE/Bde 
BDM 
BDP 

BDS 
BDSP 

BE 
BEMT 
BENELUX 
BER 

BES 
BETA 
BEYOND DUTY 
BF 

BFA 
BFACS 
BF(S)BL 
BFCS 
BFE 

BFI 

BFM 
BFMA 
BFOV 
BG 

BGN 
BGPHES 
BGW 
BGWU 
BH 

B-H 

BI 
BIACC 
BIC 
BICC 
BICES 


BICM 
BIDS 
BIF 


Page 3293 of 3957 


Page 3293 of 3957 


(1) Base Consolidated Telecommunications; 
(2) Betac Command Team 


Battle Command Training Program 

Battle Command Vehicle 

Baud 

(1) Battle Damage Assessment; (2) Bomb Damage Assessment 
Bomb Damage Assessment/Post Strike Assessment 
Brigade 

Budget Decision Memorandum 

Battlefield Development Plan 

(1) Base Development Survey; (2) Bulk Data Service 
Battle Dress System Project 

Basic Encyclopedia 

Basic Electronic Maintenance Trainer 

Belgium, Netherlands, Luxembourg 

Bit Error Rate 

Budget Estimate Submission 

Battlefield Exploitation and Target Acquisition 
Proper Name of System 

Battle Force 

Battlefield Function Area 

BFA Control System 

Battle Focus (Support) Battle Lab 

Ballistic Framing Camera System 

Blacker Front End 

Battlefield Interdiction 

Basic Flight Maneuvers 

Battlefield Functional Mission Area 

Broad Field of View 

(1) Battle Group; (2) Brigadier General 

Board on Geographic Names 

Battle Group Passive Horizon Extension System 
Battlefield Guided Weapon 

Battle Group Workup 

Busy Hour 

Bosnia-Hercegovina 

Background Investigation 

Basic Integrated Aircraft Command and Control 
Battlefield Information Center 

Battlefield Information Coordination Center 


Battlefield Information Collection and Exploitation 
Systems (NATO) 


Battlefield Intelligence Collection Model 
Battlefield Information Distribution System 
Basic Imagery File 
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BIFF 
BIIB 

BIIR 

BIM 
BIOLDEF 
BIOLOPS 
BIOLWPN 
BISS 

BIT 

BITE 
BITS 

BIU 

Bks 

BKS 

BL 

BLDG 
BLEST 
BLEU 
BLIP 
BLOS 
BLSS 
BLT 
BLUE FLAG 
BM 


v vv v yy w yw w 
zzz 
aga 

- 


MDO 


wW www w w 
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Bistatic Identification Friend or Foe 
Basic Imagery Interpretation Brief 
Basic Imagery Interpretation Report 
Ballistic Intercept Missile 

Biological Defense 

Biological Operations 

Biological Weapons 

Baseline Intelligence Summary Supplement 
Binary Digit 

Built-In Test Equipment 

Base Information Transfer System 

Bus Interface Unit 

Barracks 

Broadcast Keying Station 

Bomb Line 

Building 

Berm-Loaded Explosive Simulation Technique 
Belgium-Luxembourg Economic Union 
Background Limited IR Photography 
Beyond Line-of-Sight 

Base Level Self-Sufficiency Spares 
Battalion Landing Team 

ACC command and control exercise 


(1) FSU Truck-Mounted Multiple Rocket Launcher; 
(2) Ballistic Missile 


Briefcase Multi-Mission Advanced Tactical Terminal 

Battle Management/Command and Control 

Battle Management/Command, Control, and Communications 
Battle Management Cell 

Beginning of Morning Civil Twilight 

(1) Ballistic Missile Defense; (2) FSU Airborne Combat Vehicle 


(1) Ballistic Missile Defense Organization; 
(2) Ballistic Missile Defense Office 


U.S. Army Ballistic Missile Defense Systems Command 
Ballistic Missile Early Warning System 

Basic Mission Guidance 

Beginning of Morning Nautical Twilight 

FSU Armored Infantry Combat Vehicle 

Ballistic Missile Systems Subcommittee 

Battalion 


Bundesrepublik Nachrichtendienst 
(German Intelligence Service) 


Broad Ocean Area 
Board for Coordination of Civil Aircraft (NATO) 
Basis of Issue Plan 
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BOMREP 
BOQ 
BOS 

BP 

BPA 


BPE 
BPF 
BPI 
BPPBS 
BPR 
BPS 


BPSK 
BR 
B/R 
BR/Br 
BRAC 
BRDM 
BRET 
BRI 
BRIXMIS 
BRL 
BRP 
BRS 


BRU 
BS 

BSA 
BSD 


BSS 
BSSC 
BSSG 
BST 
BSTS 


BT 
BTA 
BTF 
BTG 
BTI 
BTR 
BTRY 
BTU 
BTW 
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Bombing Report 

Bachelor Officers’ Quarters 

(1) Battlefield Operating System; (2) Base Operating Support 
(1) Battle Position; (2) Bandpass 


(1) Battlefield Psychological Activities; 
(2) Blanket Purchase Agreement 


Beacon Precision Enlarger 

Bandpass Filter 

Bits Per Inch 

Biennial Planning, Programming, and Budgeting System 
Business Process Reengineering 


(1) Basic Psychological Operations Study; (2) Bits Per Second; 
(3) Beachman Processing System 


Burst Pulse Shift Key 

Blade Rate 

Bridge/Router 

Branch 

Base Realignment and Closure (Commission) 

FSU Wheeled Amphibious Armored Reconnaissance Vehicle 
Bistatic Reflected Energy Target 

Basic Rate Interface 

British Commanders-In-Chief Military Liaison Mission 
Bomb Release Line 

Bomb Release Point 


(1) Beachman Reporting System; (2) Backup and Recovery 
System (3) Beach Reconnaissance System 


Bomb Release Unit 
Broadcast Service 
Brigade Support Area 


(1) Battlefield Surveillance Device; 
(2) Battlefield Surveillance Display 


Broadcast Satellite Service 

Battle Staff Support Center 

Brigade Service Support Group 

(1) Battle Staff Team; (2) Betac Support Team 


(1) Boost Surveillance and Tracking System; 
(2) Boost Phase Surveillance and Tracking System 


Basic Training 

Best Technical Approach 
Battalion Task Force 

Basic Target Graphic 

Balanced Technology Initiative 
FSU Armored Personnel Carrier 
(1) Battery; (2) Field Artillery 
British Thermal Unit 

By The Way 
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BUD/S 
BUIC 
BUNT 
BUR 
BVITS 
BVR 
BW 


B&W 
BWC 
BWP 

BZ 
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Basic Underwater Demolition/Sea-Air-Land (SEAL) 
Back-Up Intercept Control 

British Underground Nuclear Test 

Bottom Up Review 

Baseline Video Imagery Transmission System 
Beyond Visual Range 


(1) Biological Warfare; (2) Bandwidth; (3) Beamwidth; 
(4) Bomb Wing 


Black and White 

Biological Weapons Convention 
Basic Working Paper 

Buffer Zone 
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C (1) Crisis; (2) Confidential; (3) Coniferous 

CI Combined Staff Personnel Officer 

C2 (1) Command and Control; (2) Combined or Coalition Forces 
Intelligence Staff 

C2S2LAN Command and Control Support System LAN 

C2W Command & Control Warfare 

C3 Command, Control, and Communications 

C3OB C3 Order of Battle 

C3S Command, Control, and Communications Systems 

C4 Command, Control, Communications, and Computers 

C4ISR Command, Control, Communications, Computers, Intelligence, 
Surveillance and Reconnaissance 

C4S Command, Control, Communications, and Computer System 

C5 Combined Staff Strategic Planning and Policy Officer 

C6 Combined Staff Command, Control and Communications 
Systems Officer 

CA (1) Cryptanalysis; (2) Heavy Cruiser; (3) Civil Affairs; 


(4) Combat Assessment; (5) Controlling Authority; 
(6) COMSEC Account; (7) Command Authority; 
(8) Counterair 

CAA (1) Concepts Analysis Agency (U.S. Army); 
(2) Combined Arms Army (FSU); 
(3) Command Arrangement Agreement 


CAB (1) Current Analysis Branch; (2) Civil Affairs Brigade; 
(3) Civil Affairs Battalion 
CAC (1) Combined Arms Center; (2) Collection Advisory 


Center; (3) Control and Analysis Center; (4) Crisis Action Cen- 
ter; (5) Civil Affairs Command; (6) Civil Applications Commit- 
tee; (7) U.S. Army Combined Arms Command 


CACDA Combined Arms Combat Development Activity 
CACM Central American Common Market 
CACTIS Community/Computer Automated Counterterrorism 
Intelligence System 
CAD (1) Computer-Assisted Design; 
(2) Conceptual Architecture Document 
CADES COMIREX Advanced Exploitation System 
CADIZ (1) Canadian Air Defense Identification Zone; 
(2) Coastal Air Defense Identification Zone 
CADOB Consolidated Air Defense Order of Battle 
CADS Containerized Ammunition Distribution System 
CADST Civil Affairs Direct Support Team 
CAE Computer Aided Engineering 
CAF (1) Crisis Augmentation Facility; (2) Combat Air Forces 
CAFMS Computer-Assisted Force Management System 
CAG (1) Carrier Air Group; (2) Collective Address Group; 
(3) Commander, Air Group 
CAI Computer-Aided Instruction 
CAIF Command Automated Intelligence File 
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CAIMS 
CAJIT 
CaLANdar 
CALS 
CALT 
CAM 


CAMO 
CAMPS 


CAMS 


CANDOB 
CANR 
CAN 
CANT 

CANUK 

CANUS 

CANUS LANDOP 
CAO 


CAO(SOP) 


CAOC 
CAOCC 
CAP 


CAPSULE JACK 
CAR 

CARC 

CARDA 


CARE 
CARG 
CARGRU 
CARIBJIC 
CARIBROC 
CARICOM 
CARIFTA 
CARL 
CARP 
CARS 
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Conventional Ammunition Information Management System 
Central America Joint Intelligence Team 

Da Vinci E-Mail Application 

Computer-Aided Acquisition and Logistics Support 

Civil Affairs Liaison Team 


(1) Computer-Assisted Modeling; 
(2) Computer Aided Manufacturing 


Computer-Aided Manual Operation 


(1) Computer-Aided Management Planning System; 

(2) Computer-Aided Mission Planning System; 

(3) Compartmented All-Source Analysis System Message 
Processing System 


(1) COMIREX Automated Management System; 
(2) Communications Area Master Station 


Consolidated Aerospace Defense Order of Battle 
Canadian NORAD Region 

Coastal Air Navigation Supplement 

Chinese Atmospheric Nuclear Test 

US Canada, United Kingdom, United States 
Canadian - United States 

Canada-United States Land Operations Plan 


(1) Crisis Action Organization; (2) Chief Administrative Officer; 
(3) Central Action Office 


Coordination of Atomic Operations 
(Standard Operating Procedure) 


Combined Air Operations Center 
Combined Air Operations Coordination Center 


(1) Combat Air Patrol; (2) Civil Air Patrol; 
(3) Countermeasures Advisory Panel; (4) Crisis Action Planning; 
(5) Crisis Action Procedures; (6) Capabilities 


Proper Name of System 
(1) Canadian Airborne Regiment; (2) Chief, Army Reserve 
Corrective Action Review Committee 


(1) Continental Airborne Reconnaissance for Damage 
Assessment; (2) CONUS Airborne Reconnaissance for Damage 
Assessment 


Cooperative for American Relief Everywhere, Inc. 
Crisis Action Review Group 

Carrier Group 

Caribbean Joint Intelligence Center 

Caribbean Regional Operations Center 

Caribbean Common Market 

Caribbean Free Trade Association 

Category Assignment Responsibility List 
Computed Air Release Point 


(1) Contingency Airborne Reconnaissance System; 
(2) Common Automated Recovery System 
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CARVE 
CARVER 


CAS 


CASC 
CASE 
CASIC 
CASLAN 
CASS 


CAST 


CAT 


CAT-1 
CATF 


CATIS 
CATIS/IESS 
CATS 


CATSS 
CAV 
CAVU 
CAWS 
CB 
C-band 
CBD 
CBF 
CBI 


CBI/T 
CBJB 
CBM 
CBO 
CBR 


CBRN 
CBRS 
CBS 
CBT 
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Criticality, Accessibility, Recuperability, Vulnerability, and 
Effect 


Criticality, Accessibility, Recuperability, Vulnerability, Effects 
and Recognizability 


(1) Close Air Support; (2) Calibrated Air Speed; 

(3) Collision Avoidance System; (4) Crisis Action System; 

(5) Crisis Action Staff; (6) Combined Arms and Services Staff 
School 


Crisis Action Support Cell 

Computer-Assisted Software Engineering 
Combined All-Source Intelligence Center 
Command Automated Software Local Area Network 


(1) Collection Analysis Support Subsystem; 
(2) Command Activated Sonobuoy System 


(1) Catalogue of Approved Scientific and Technical 
Intelligence Tasks; (2) Canadian Air/Sea Transport Group; 
(3) Computer-Assisted Self Training; (4) Computer Assisted 
Satellite Track 


(1) Conventional Arms Transfer; (2) Crisis Action Team; 
(3) Combined Arms Team; (4) Crisis Augmentation Team; 
(5) Category 


RECategory-1 Receive Equipment 


(1) Commander, Amphibious Task Force; 
(2) Civil Affairs Task Force 


(1) Computer-Aided Tactical Information System; 
(2) Computer-Aided Tactical Intelligence System 


Computer-Aided Tactical Information System/Imagery 
Exploitation Support System 


(1) Combined Arms Training Systems; 
(2) Combat Airlift Tactics’ School 


Cartographic Applications for Tactical and Strategic Systems 
Cavalry 

Ceiling And Visibility Unlimited 

Commercial Analyst Work Station 

Chemical, Biological 

3.9 to 6.2 GHz Communications Band 

Commerce Business Daily 

Common Budget Framework 


(1) Complete Background Investigation; 
(2) Computer Based Instruction 


Computer-Based Instruction/Training 
Congressional Budget Justification Book 
Confidence Building Measure(s) 
Congressional Budget Office 


(1) Chemical, Biological, and Radiological; 
(2) Case Based Reasoning; (3) Constant Bit Rate 


Caribbean Basin Radar Network 

Concept Based Requirements System 

Combat Battle Simulation 

(1) Computer-Based Training; (2) Combating Terrorism 
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CBTDEV 
CBTI 
CBU 
CBW 
CBZ 

CC 


C-C3 
CCA 
CCB 
CCC 


CCD 


CCE 
CCEB 
CCEP 
CCF 
CCF-SS 
CCG 


CCG-NB 
CCGD 
CCGP 
CCHC 
CCI 
CCIC 
CCIP 
CCIR 
CCIRID 
CCIRM 


CCIS 


CCISCMO 


CCISS 
CCITT 


CCJ1 


CCJ2 
CCJ3 
CCJ4/]7 
CCJ5 
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Combat Developer 

Combat Intelligence 

Cluster Bomb Unit 

Chemical and Biological Warfare 
Confidence Building Zone 


(1) Command Center; (2) Command Ship; (3) Cloud Cover; 
(4) Collection Center; (5) Computer Compatible; 
(6) Communications Controller; (7) Commander 


Counter Command, Control, and Communications 
Communications Control Authority 
Configuration Control Board 


(1) CARDA Control Center; (2) Consolidated Command Center; 
(3) Command and Control Center 


(1) Conference of the Committee on Disarmament; 
(2) Charged Coupled Device; (3) Camouflage, 
Concealment, and Deception 


Contingency Communications Element 
Combined Communications Electronic Board 
Commercial COMSEC Endorsement Program 
Collection Coordination Facility 

Collection Coordination Facility-Support System 


(1) Combat Control Group; (2) Crisis Coordination Group; 
(3) Combat Communications Group 


Communications Control Ground-Narrowband 

Commander, Coast Guard District 

Combat Communications Group 

Headquarters Commandant 

Controlled Cryptographic Item 

Concentrated Counterdrugs Intelligence Collection 

Command Center Improvement Program 

International Radio Consultative Committee (French Acronym) 
Charge-Coupled Infrared Imaging Device 


Collection Coordination and Intelligence Requirements 
Management 


(1) Command, Control, and Intelligence Support; 
(2) Common Channel Intelligence Signaling 


Community Counterintelligence and Security Countermeasures 
Office 


Command & Control Intelligence Support Squadron 


Consultative Committee for International Telephone and 
Telegraph 


USCENTCOM Manpower, Personnel, and Administration 
Directorate 


USCENTCOM Intelligence Directorate 

USCENTCOM Operations Directorate 

USCENTCOM Logistics and Security Assistance Directorate 
USCENTCOM Plans and Policy Directorate 
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CCJ6 


CCJA 
CCM 
C3CM 
CCMF 
CCN 
CCO 


CCO/SCO 
CCP 


CCPC 
CCPDS 
CCPDS-R 
CCS 


CCS2 
CCSA 
CCSC 
CCT 
CCTC 
CCTF 


CCTP 
CCTS 
CCTT 
CCTV 
CCTW 
CCWT 
CD 


C&D 
CDA 
CDC 


CD-ROM 
CDAS 
C-Day 
CDB 
CDCS 
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USCENTCOM Command, Control, Communications, and 
Computer Systems Directorate 


USCENTCOM Staff Judge Advocate 

(1) Cross-Country Movement; (2) Counter-Countermeasure 
Command, Control, and Communications Countermeasures 
Consolidated Collection Management Facility 

Crisis Communications Network (CIA) 


(1) Communication Collection Outstation; (2) COMINT 
Collection Outstation; (3) Circuit Control Officer; 
(4) Chief, Combat Operations 


Central Control Office/Sub-Control Office 


(1) Consolidated Cryptologic Program; 
(2) Communications Checkpoint; (3) Contingency 
Communications Package 


Critical Collection Problems Committee 
Command Center Processing and Display System 
Command Center Processing and Display System Replacement 


(1) Collection Capabilities Statement (HUMINT); 

(2) COMINT Collection Subsystem (3) Combat Control Squad- 
ron; (4) Communications Control Set; (5) Command and Control 
Systems; (6) Constellation Control Station 


Command and Control Subordinate System 
USCENTCOM Scientific and Technical Advisor 
Cryptologic Combat Support Console 

(1) Combat Control Team; (2) Combat Coordination Team 
Command and Control Technical Center 


(1) Contingency Communications Test Facility; 
(2) Combined Coalition Task Force 


Continuously Computed Target Point 
Combat Crew Training Squadron 
Close Combat Tactical Trainer 
Closed Circuit Television 

Combat Control Training Wing 
Command Center Watch Team 


(1) Controlled Dissemination; (2) Certificate of Destruction; 
(3) Civil Defense; (4) Coastal Defense; (5) Calendar Day; 
(6) Committee on Disarmament; (7) Collateral Damage; 

(8) Compact Disc; (9) Command Ship; (10) Counter Drug; 
(11) Command Director; (12) Combat Developments; 

(13) Community/Service-Developed 


Cover and Deception 
Congressionally Directed Action 


(1) Career Development Course; (2) Combat Direction Center; 
(3) Combat Development Center 


Compact Disk-Read-Only Memory 

Central Data and Applications Support 

Day in Which Movement From Origin Begins 
Central Data Base 

Communications Distribution Control Segment 
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CDE 


CDEC 
CDF 
CDI 
CDIP 


CDIS 


CDIST 


CDL 

CDLF 

CDM 

CDMA 

CDP 

CDPS 

CDR 

CDRL 
CDRUSAJFKSWC 


CDRUSELEMNORAD 
CDRWESTCOM 
CDS 


CDSE 
CDSORG 
CDST 
CDT 
CDTS 
CDU 
CDV 

CE 


C&E 
C-E 
CEAO 
CEC 


CECOM 
CED 


CEE 
CEI 
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(1) Conference on Disarmament in Europe; 
(2) Compound Damage Expectancy; 
(3) Center of Distance Education 


Captured Document Exploitation Center 
Central Document File 
Compact Disc Interactive 


(1) Consolidated Defense Intelligence Program; 
(2) Council of Defense Intelligence Producers 


(1) Communications Data Interface System; 
(2) Counterdrug Intelligence System 


Canadian Department of Industry, Science, and 
Technology 


Common (high bandwidth) Data Link 

Consolidated Domestic Launch Forecast 

Common Digital Map 

Code Division Multiple Access 

(1) Central Data Processor; (2) Company Distributing Point 
Coherent Data Processing System 

(1) Critical Design Review; (2) Commander 

Contract Data Requirements List 


Commander, United States Army John F. Kennedy 
Special Warfare Center 


Commander, U.S. Element NORAD 
Commander, U.S. Army Western Command 


(1) Chief of Defence Staff (Canadian); (2) Combat 
Delivery System; (3) Cryptographic Device Services; 
(4) Combat Direction System 


Cryptologic Direct Support Element 

Civil Direction of Shipping Organization 

C3CM Data Support Team 

(1) Central Daylight Time; (2) Communications Data Terminal 
Computer-Directed Training System 

Control Display Unit 

Compressed Digital Video 


(1) Circular Error; (2) Cost Effectiveness; (3) Civil Engineer; 
(4) Communications-Electronics; (5) Corps of Engineers 
(U.S. Army); (6) Current Exploitation; (7) Counterespionage; 
(8) Command Element; (9) Collection Emphasis 


Collection and Exploitation 
Communications Electronics 
West African Economic Community 


(1) Cooperative Engagement Capability; 
(2) Consolidated Expenditure Center 


Communications and Electronics Command 


(1) Collection, Exploitation, and Dissemination; 
(2) Captured Enemy Document 


Captured Enemy Equipment 
Communications Electronic Instructions 
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CEL 
CELT 
CEM 
CEMA 
CENTAF 


CENTAG 
CENTAM 
CENTCOM 
CENTJIC 
CENTLANT 
CENTO 
CEO 


CEOI 
CEP 


CEPG 
CEPIR 
CEPR 
CER 


CERP 


CERT 
CES 
CESM 
CEST 
CETA 
CEWI 
CF 
C6F 
C7F 
CFA 


CFB 
CFC 


CCFC 
CFD 
CFE 
CFER 
CFE-U 
CFI&I 
CFIS 
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Celestial 

Current Emitter Location Testbed 
Concepts Evaluation Model 

Council for Mutual Economic Assistance 


(1) Central Region Air Forces (NATO); 
(2) U.S. Air Force Component, USCENTCOM 


Central Army Group (NATO) 

Central America 

U.S. Central Command 

Joint Intelligence Center USCENTCOM 
Central Sub-Area of Eastern Atlantic Area 
Central Treaty Organization 


(1) Communications Electronic Officer (USMC); 
(2) Chief Executive Officer 


Communications Electronics Operations Instructions 


(1) Circular Error Probable; (2) Construction Electrician 
(Power); (3) Common Electronic Parts; (4) Civil Emergency 
Planning; (5) Committee for Energy Policy of OECD; 

(6) Capital Equipment Plan; (7) Concept Evaluation Program 


Combined Exercise Planning Group 
Current Exploitation Photographic Interpretation Report 
Compromising Emanation Performance Requirement 


(1) Cryptographic Equipment Room; 
(2) Communication Equipment Room 


(1) Combined Economic Reporting Program; 
(2) Capital Equipment Replacement Program 


Computer Security Emergency Response Team 
Concept Exploration Studies 

Cryptologic Electronic Warfare Support Measures 
Contingency Exploitation Support Team 
Chinese-English Translation Assistance 

Combat Electronic Warfare Intelligence 

Canadian Forces 

Commander, U.S. Sixth Fleet 

Commander, U.S. Seventh Fleet 


(1) Combined Field Army (Korea); (2) Covering Force Area; 
(3) Combined Force Air Component Commander 


Canadian Forces Base 


(1) Combined Field Command (Korea); (2) Combined Forces 
Command (ROK/US); (3) Combined Federal Campaign 


Commander in Chief, ROK-U.S. Combined Forces Command 
Common Fill Device 

(1) Conventional Forces Europe; (2) Communications Front-End 
CFE Replacement 

Communications Front-End-Upgrade 

Center for Integration and Interoperability 

Combined Forces Command Information System, (CFC) 
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CFL 
CFMS 
CFP 
CFR 
CFSO 
CFSR 
CFV 
cg 

CG 


CGEUSA 
CGF 
CGFMFLANT 
CGM 

CGN 

CGS 


CGSC 
CGUSARPAC 
cGy/hr 

CH 

CHAALS 
CHAALS-X 
CHABNCP 
CHAMPUS 


CHARS 
CHB 
CHBDL 
CHCMSA 
CHCSS 


CHG 

CHGN 

CHIP 

CHJUSMAGK 
CHJUSMAGPHIL 
CHJUSMAGTHAI 
CHMAAGDOMREP 


CHMDO JAPAN 
CHN 

CHODC INDIA 
CHOP 


C-HUMINT 
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(1) Coordinated Fire Line; (2) Cease-Fire Line 

Combat Fuels Management System 

(1) Contingency Force Pool; (2) Concept Formulation Process 
Commander Force Reconnaissance 

Counterintelligence Force Protection Source Operations 
Contract Funds Status Report 

Cavalry Fighting Vehicle 

Center of Gravity 


(1) Guided-Missile Cruiser; (2) Consolidated Guidance; 
(3) Commanding General; (4) Coast Guard; (4) Chairman's 
Guidance 


Commanding General, 8th US Army 

Central Group of Forces (FSU Forces in Czechoslovakia) 
Commanding General, Fleet Marine Forces Atlantic 
Computer Graphics Metafile 

Guided Missile Cruiser Nuclear Powered 


(1) Coast & Geodetic Survey; (2) Common Ground Station; 
(3) CONUS Ground Station 


Command and General Staff College (U.S. Army) 
Commanding General U.S. Army Pacific 

CentiGray hour 

(1) Aviation Cruiser; (2) Channel; (3) Communication Helmet 
Communications High Accuracy Airborne Location System 
CHAALS Exploitation 

Chief, Airborne Command Post 


Civilian Health And Medical Program of the Uniformed 
Services 


Characters 

Cargo Handling Battalion 

Communications High Bandwidth Data Link 
Chief, Cruise Missile Support Activity 


(1) Chief, Central Security Service; 
(2) Chief, Cryptologic Support Service 


Guided-Missile Aviation Cruiser 

Nuclear-Powered Guided-Missile Aviation Cruiser 
Communications Handbook for Intelligence Planners 
Chief, Joint U.S. Military Assistance Group, Korea 
Chief, Joint U.S. Military Assistance Group, Philippines 
Chief, Joint U.S. Military Assistance Group, Thailand 


Chief, Military Assistance and Advisory Group, 
Dominican Republic 


Chief, Military Defense Office, Japan 
Nuclear-Powered Aviation Cruiser 
Chief, Office of Defense Cooperation, India 


(1) Change of Operational Command; 
(2) Change of Operational Control 


Counter Human Resources Intelligence 
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CHUSMLO 
CI 


CAI 
C3I 
CAI 


C412 


CIA 
CIAC 
CIAD 


CIAP 


CIARDSCIA 
CIAS 

CIB 

CIC 


C3IC 
CICAC 
CICC 

CIC Server 
CICWS 
CID 


CIDBS 
CIDC 
CIE 
CIEF 
CIF 


CIFAX 
C4IFTW 
CIG 


CIGSS 
CIHS 
CIK 
CIIC 
CIID 
CILMS 
CILO 
CILOP 
CIM 
CIMAS 
CIMEX 
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Chief, U.S. Military Liaison Office 


(1) Counterintelligence; (2) Counterinsurgency; 
(3) Current Intelligence 


Command, Control, & Intelligence 
Command, Control, Communications, and Intelligence 


Command, Control, Communications, Computers, & 
Intelligence 


Command, Control, Communications, Computers, Intelligence 
and Information 


Central Intelligence Agency 
Computer Incident Assessment Capability 


(1) Combat Intelligence Applications Division; 
(2) Command Intelligence Architecture Document 


(1) CIA Program; (2) Command Intelligence 
Architecture/Planning Program 


Retirement and Disability System 
Counterintelligence Analysis Section 
Combat Infantryman's Badge 


(1) Combat Information Center; (2) Combat Intelligence Center; 
(3) Combined Intelligence Center 


Coalition Coordination and Communications Integration Center 
Counterintelligence Control and Analysis Center 

Consolidated Intelligence Communications Center 

Combined Intelligence Center Server 

Combined Intelligence Center Workstation 


(1) Criminal Investigation Division; 
(2) Combat Intelligence Division 


Combined Intelligence Center Integrated Database Server 
Combined Interview and Debriefing Center 
Communication Intercept and Exploitation 
Consolidated Imagery Exploitation Facility 


(1) Corps Interrogation Facility; 
(2) Consolidated Intelligence Facility 


Enciphered Facsimile 
C4] For The Warrior 


(1) Computer Image Generation; 
(2) Combined Intelligence Group 


Common Imagery Ground Surface System 
Classified Information Handling System 
Crypto-Ignition Key 

Current Intelligence and Indications Center 
Command Intelligence Implementation Document 
Covert Infrared Lighting and Marking System 
Counterintelligence Liaison Office(r) 

Conversion in Lieu of Procurement 

Corporate Information Management 

CENTCOM Iranian Military Activities Summary 
Civil Military Exercise (NATO) 
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Counter Imagery Intelligence 

Civil Military Operations Center 
COMSEC Interoperability Master Plan 
Cargo Increment Number 


(1) Commander in Chief; 
(2) Commander of a Combatant Command 


Commander in Chief, U.S. Atlantic Command 

Commander in Chief, United States Air Forces, Atlantic 
Commander in Chief, Alaska 

Commander in Chief, United States Army Forces, Atlantic 
Commander in Chief, Allied Forces Central Europe (NATO) 
Commander in Chief, Combined Forces Command, Korea 
Commander in Chief, Eastern Atlantic (NATO) 

Commander in Chief, Allied Forces, Central Europe 
Commander in Chief, U.S. Forces Europe 

Commander in Chief, Forces Command 

Commander in Chief, U.S. Army Forces 

Commander in Chief, Channel (NATO) 

Commander in Chief, Iberian Atlantic Area 

Commander in Chief, Atlantic Command 

Commander in Chief, Atlantic Fleet 

Commander in Chief, Atlantic Fleet Detachment SOUTHCOM 
Commander in Chief, Military Airlift Command (archaic) 
Commander in Chief, North American Air Defense Command 
Commander in Chief, Allied Forces Northern Europe (NATO) 
Commander in Chief, Continental Air Defense Command 
Commander in Chief, Pacific Command 

Commander in Chief, Pacific Air Force 

Commander in Chief, Pacific Fleet 

Commander in Chief, Pacific Representative 

Commander in Chief, Strategic Air Command 

Commander in Chief, Special Operations Command 
Commander in Chief, Southern Command 

Commander in Chief, Allied Forces Southern Europe (NATO) 
Commander in Chief, U.S. Space Command 

Commander in Chief, Specified Command, Middle East 
Commander in Chief, Tactical Air Command 

Commander in Chief, Unified Transportation Command 
Commander in Chief, U.S. Transportation Command 


Commander in Chief, United Kingdom Air Defense Region 
(NATO) 


Commander in Chief, United Nations Command 
Commander in Chief, U.S. Atlantic Command 
Commander in Chief, U.S. Air Forces, Europe 


Commander in Chief, United States Army, Europe 
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CINCUSARPAC 
CINCUSNAVEUR 
CINCWESTLANT 
CINF 

CINSGCY 

CIO 

CIOC 


CIOP 


CIP 


CIPE 
CIPEC 
CIPHONY 
CIPL 
CIPMS 
CIPR 


CIPS 
C2IPS 
CIR 


CIRC 
CIRCOL 
CIRIS 
CIRK 
CIRL 
CIRT 
CIRVIS 


CIS 


CISA 
CISC 
C3ISC 
CI/SCM 
CISD 
CISE 


CISO 


CISPOTREP 
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Commander in Chief, United States Army, Pacific 
Commander in Chief, U.S. Naval Forces, Europe 
Commander in Chief, Western Atlantic (NATO) 
Community Imagery Needs Forecast 

Counterinsurgency 

(1) Central Imagery Office; (2) Chief Information Officer 


(1) Combined Intelligence Operations Center (Korea); 
(2) Combat Intelligence Operations Center 


(1) Controlled Intelligence Operational Proposal; 
(2) CIO Program 


(1) Consolidated Intelligence Program; (2) Country 

Information Package; (3) Critical Intelligence Parameter; 

(4) Combined Interoperability Program; (5) Crypto-Ignition Plug; 
(6) Correlation and Integration Processor 


(US) CENTCOM Imagery Production Element 
Intergovernmental Council of Copper Exporting Countries 
Enciphered Telephone 

CINC’s Integrated Priority List 

Career Intelligence Professional Management System 


(1) Consolidated Intelligence Production Requirement; 
(2) Counterintelligence Production Registry 


Counterintelligence Periodic Summary 
C2 Information Processing System 


(1) Central Intelligence Report; 
(2) Continuing Intelligence Requirement 


Central Information Reference and Control 

Central Information Reference and Control On-Line System 
Consolidated Intelligence Resources Information System 
Common Interswitch Rekeying Key 

Current Intelligence Requirements List 

Computer Security Incident Response Team 


Communications Instructions for Reporting Vital 
Intelligence Sightings 


(1) Country Intelligence Study; (2) Communications Intercept 
System; (3) Compensated Imaging System; 

(4) Canadian Intelligence Service; (5) Chief, Intelligence and 
Security (Canadian); (6) Combat Instruction Set; 

(7) Combat Information System; (8) Commonwealth of Indepen- 
dent States; (9) Combat Intelligence System 


C4] Integration Support Activity 
Counterintelligence Support Cell 

C3I Systems Committee 

Counterintelligence and Security Countermeasures 
Command Intelligence Strategy Document 


(1) (US) CENTCOM Intelligence Support Element; 
(2) Corps Intelligence Support Element 


(1) Counterintelligence Support Officer; 
(2) Counterintelligence Staff Officer 


CI Spot Report 
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CISR 
CAISR 


CIT 
CITA 
CITS 
CIV 
CIVC 
CIVIC 
CISION 
CIW 


CIWC 
CIWG 
CIWS 
C&J 

CJB 
CJCS 
CJCSI 
CJIATF-E 
CJIATF-W 
CJIT 
CJTF 
CJTF-AK 
CJTF-FA 
CK 

CKG 

CL 
C-LAMP 
CLASS 
Class 
C&LB 
CLF 
CLMD 
CLNC 
CLO 
CLOCE 
CLS 


CLSC 
CLSP 
CL/TECH 
cm 

CM 
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Communications Intelligence Security Regulation 


Command, Control, Communications, Computers, 
Intelligence, Surveillance, and Reconnaissance 


Counterintelligence Team 

Combat Intelligence and Targeting on Arrival 
CENTCOM Imagery Transmission System 
Civilian 

Carrier Intelligence Center 

Civilian Vulnerability Indicator Code 
Enciphered Television 


(1) Consolidated Intelligence Watch; 
(2) CMOC Intelligence Watch 


CIW Commander 

Cooperative Interaction Working Group 
Close-In Weapon System 

Collection and Jamming 

Congressional Justification Book 

Chairman, Joint Chiefs of Staff 

Chairman, Joint Chiefs of Staff Instruction 
Commander, Joint Interagency Task Force-East 
Commander, Joint Interagency Task Force-West 
Combined Joint Interrogation Team 
Commander, Joint Task Force 

Commander, Joint Task Force-Alaska 
Commander, Joint Task Force-Full Accounting 
Compartment Key 

Cooperative Key Generation 

Light Cruiser 

Community Laser Measurement Program 
Close Air Support System 
Classification/Classified 

Coasts and Landing Beaches 

Commander, Landing Force 

COMSEC Local Management Device 
Clearance 

(1) Counterdrug Liaison Officer; (2) Chief Logistics Officer 
Contingency Lines of Communication, Europe 


(1) Contractor Logistics Support; 
(2) Clandestine Lighting System 


COMSEC Logistics Support Center 
Composite Launch Sequence Plan 
Clear Language Technical Report 
Centimeter 


(1) Memorandum by the Chairman, Joint Chiefs of Staff; 

(2) Collection Management; (3) Countermeasure(s); (4) Cruise 
Missile; (5) Collection Manager; (6) Collection Management 
Division; (7) Countermine; (8) Countermine Activities 
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CMA (1) Countermission Analysis; (2) Collection Management 
Authority; (3) Community Management Account 

CMAA (1) Command Master at Arms; (2) Chief Master at Arms 

CMAFB Cheyenne Mountain Air Force Base 

CMAFS Cheyenne Mountain Air Force Station 

CMAH CINC Mobile Alternate Headquarters 

CMAS Cheyenne Mountain Air Station 

C-MASINT Counter-Measures and Signature Intelligence 

CMB Collection Management Branch 

CMC (1) Cheyenne Mountain Complex; (2) Commandant, U.S Marine 
Corps; (3) Command Master Chief 

C/MC Command Master Chief 

CMCA Cruise Missile Carrier Aircraft 

CMCC (1) Commander in Chief, Mobile Command Center; 
(2) Component Mobile Command Center 

CMCDS Community Multilateral Counterterrorism Database System 

CMCI Computed Mission Coverage Index 

CMCM Commandant, U.S. Marine Corp Memorandum 

CMCS (1) COMSEC Material Control System; 
(2) COMINT Mission Control System 

CMD (1) Collection Management Division; (2) Command 

CMDC Command Cell 

CMDR Commander 

CM&D Collection Management and Dissemination 

CME Communications Monitoring Equipment 

CMEA Council for Mutual Economic Assistance 

CMEC Captured Material Exploitation Center 

CMF Combat Mission Folder 

CMFC Combined Marine Forces Command 

CMIC Combined Military Interrogation Center 

CMISE Corps Military Intelligence Support Element 

CML Chemical 

CMO (1) Collection Management Office; (2) Civil Military 
Operations; (3) Central MASINT Office 

CMOC (1) Cheyenne Mountain Operations Center; (2) Civil Military 
Operations Center; (3) Central MASINT Operations Cell 

CMOS Complementary Metal-Oxide Semiconductor 

CMOTF Civil Military Operations Task Force 

CMP (1) Combat Mission Planning; 
(2) Configuration Management Plan 

CMPF Confidential Military Purpose Funds 

CMPS Compartmented Mode Processing System 

CMR Crisis Management Room 

CMRS Collection Management Requirements System 

CMS (1) Combat Mission Section; (2) Command and Management 


System; (3) Community Management Staff; (4) Collection 
Management System; (5) Common Mapping Standard 
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Community Management Staff, Resource Management Group 


Cruise Missile Support Activity 
Civilian Multi-Spectral Imagery 
Collection Management Support System 


(1) Collection Management Support Terminal; 
(2) Collection Management System Tools 


(1) Crisis Management Team; (2) Critical Mobile Target 
Combat Maneuver Training Center 
CMTC-Instrumentation System 


(1) Critical Mobile Target Server; 
(2) Compliance Monitoring Tracking System 


Compartmented Mode Workstation 
Counternarcotics 


(1) Center for Naval Analysis; (2) Coordinates Not Available; 


(3) Critical Node Analysis 


(1) Customs National Air Command, Oklahoma City; 
(2) Customs National Aviation Center 


Conference on NATO Armament Directors 
Commander, Navy Space Command 


(1) Counternarcotics Center; 
(2) Computerized Numerical Control 


Cryptonet Control Station 
Counternarcotics Command and Management System 


Centre National d'Etudes Spatiales (French National Space 
Agency) 


(1) Chief of Naval Education and Training; 
(2) Centre National d' Etudes Des Telecommunications 


Command, Control, and Communications Networks 
Commander, U.S. Naval Forces Japan 

Commander, U.S. Naval Forces Korea 

Commander, U.S. Naval Forces Marianas 


(1) Communicating NATO Intentions; 
(2) Communications, Navigation, or Identification 


Combined Naval Intelligence Center 

Composite Network, Front-End Internal Network 
Counternarcotics Information Processing System 
Cryptonet Key 

Commonwealth of the Northern Mariana Islands 

Cable News Network 

Chief of Naval Operations 

Ratio of carrier to noise in a 1Hz bandwidth 


(1) Counternarcotics Operations Center; 
(2) Combined Naval Operations Center 


Chief of Naval Operations Memorandum 
Command Not Operationally Ready 

(1) Chief of Naval Research; (2) Combat Net Radio 
Combat Net Radio Interface Unit 

Commercial Network Survivability 
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CNSWTG 
CNTL 
CNVFD 
CNWDI 
CO 

CO3 

CO6 

CO7 

COA 
COB 


COBE 
COBOL 
COC 
COCOM 
COD 
CODIS 
COE 
COEA 
COFIR 
COFs 
CofS 
COG 


COI 
COIC 
COIN 
COINS 


COINS-II 
COIR 

COIS 
COLISEUM 


COLL 
COLLECT 
COLOP 
COLT 
COM 


COMA 
COMACC 
COMAAFCE 
COMAFFOR 
COMAFOSI 
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Commander, Naval Special Warfare Task Group 
Command Nuclear Target List 

Color Night Vision Fusion Device 

Critical Nuclear Weapons Design Information 

(1) Commanding Officer; (2) Company 

Combined Staff Public and Governmental Affairs Officer 
Combined Staff Judge Advocate 

Combined Staff Command Surgeon 

Course of Action 


(1) Close of Business; (2) Collated Operating Base; 
(3) Chief of Base; (4) Command Operating Budget 


Cosmic Background Explorer 

Common Business Oriented Language 

Combat Operations Center 

(1) Coordinating Committee; (2) Combatant Command 
Carrier On-board Delivery 

Continuity of Defense Intelligence Systems 
Common Operating Environment 

Cost and Operational Effectiveness Analysis 
Compendium of Future Intelligence Requirements 
Central Operating Facilities 

Chief of Staff 


(1) Combined Operations Group; 
(2) Continuity of Government; (3) Center of Gravity 


Communities of Interest 
Combat Operations Intelligence Center (USAFE) 
Counterinsurgency 


(1) Consolidated On-Line Intelligence System; 
(2) Community On-Line Intelligence Network Systems 


Community On-Line Intelligence System-II 
Commander's Operational Intelligence Requirements 
Combat Operations Intelligence System 


Community On-Line Intelligence System for End Users and 
Managers 


Collection 

Collection 

Collection Opportunity (messages) 
Combat Observation and Laser Team 


(1) Computer Output to Microform; (2) Chief of Mission 
(U.S. Embassy); (3) Collection Operations Management; 
(4) Commander 


Court of Military Appeals 

Commander, Air Combat Command 

Commander, Allied Air Forces Central Europe 
Commander, Air Force Forces 

Commander, Air Force Office of Special Investigations 
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COMAFSOC Commander, U.S. Air Force Special Operations Command 
COMAFSPACE Commander, Air Force Space Command 

COMALCOM Commander, Alaskan Command 

COMAMC Commander, Air Mobility Command 
COMARSPACECOM Commander, Army Space Command 

COMASPC Commander, Air Force Space Command 

COMAINT Command Maintenance 

COMAIR-BALTAP Commander, Allied Air Forces, Baltic Approaches 
COMAIRSOUTH Commander, Allied Air Forces, Southern Europe 
COMALCOM Commander, Alaskan Command 

COMALF Commander of Airlift Forces 

COMANR Commander, Alaskan NORAD Region 
COMANTDEF-COM Commander, Antilles Defense Command 

COMARFOR Commander, Army Forces 

COMARSOC Commander, U.S. Army Special Operations Command 
COMARSOF Commander, U.S. Army Special Operations Forces 
COMATF Commander, Amphibious Task Force 

COMBALTAP Commander, Allied Forces, Baltic Approaches 

COMBAT DF Combat Direction Finding 

COMBENE-CHAN Commander, Benelux Sub-Area Channel 
COMBISCLANT Commander, Bay of Biscay Submarine Area 
COMCANLANT Commander, Canadian Atlantic Submarine Area 
COMCARGRU Commander Carrier Group 

COMCENTAG Commander, Central Army Group, Central Europe 
COMCENTLANT Commander, Central Submarine Area 

COMCM Communication Countermeasures & Deception 

COMCO Canadian SSO 

COMCRUDESGRU Commander Cruiser Destroyer Group 

COMDT COGARD Commandant, U.S. Coast Guard 

COMECON Council for Mutual Economic Assistance 

COMEDCENT Commander, Central Mediterranean Area 

COMEDEAST Commander, Eastern Mediterranean Area 
COMEDNOREAST Commander, Northeast Mediterranean Area 

COMEDOC Commander, Western Mediterranean Area 

COMEDS CONUS Meteorological Data System 
COMEDSOUEAST Commander, Southeast Mediterranean Area 

COMEX (1) Committee on Exchanges; (2) Communications Exercise 
COMFAIRKEF Commander, Fleet Air Keflavik 

COMFIVEATAF Commander, Fifth Allied Tactical Air Force, Southern Europe 
COMFLDCOMDASA Commander, Field Command, Defense Atomic Support Agency 
COMFOURATAF Commander, Fourth Allied Tactical Air Force Central Europe 
COMGIB Naval Commander, Gibraltar 

COMGIBMED Commander, Gibraltar Mediterranean Command 
COMGTMODEFCOM Commander, Guantanamo Defense Command 
COMICEDEFOR Commander, Iceland Defense Force 
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COMIDEASTFOR 
COMINEWARCOM 
COMINT 
COMINTADTSK 
COMIREX 

COMIS 

COMJAM 

COMJSOC 
COMJSOTF 

COMJTF 
COMJUWATF 

COML 
COMLANDFOR 
COMLANDJUT 
COMLANDNORWAY 
COMLANDSOUTH 
COMLANDZEALAND 
COMLANTAREA 
COMLOGNET 
COMM 

COMM(S) 
COMMAIRCHAN 
COMMAIRNORLANT 
COMMARBASPAC 
COMMARDEZSECAK 
COMMARFOR 
COMMARFORJAPAN 
COMMARFORK 
COMMARFORPAC 
COMMARFORSOUTH 
COMMCEN 
COMMDET 

COMMO 

COMMS CTR 
COMMZ 
COMNAVAIR 
COMNAVAIRLANT 
COMNAVAIRPAC 
COMNAVBALTAP 
COMNAVFOR 
COMNAVFORK 
COMNAVINTCOM 
COMNAVLOG 
COMNAVMARIANAS 
COMNAVNON 
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Commander, Middle East Force (USN) 

Commander, Mine Warfare Command 
Communications Intelligence 

COMINT Advisory Tasking Message 

Committee on Imagery Requirements and Exploitation 
Collection Management Information System 
Communications Jamming 

Commander, Joint Special Operations Command 
Commander, Joint Special Operations Task Force 
Commander, Joint Task Force 

Commander, Joint Unconventional Warfare Task Force 
Commercial 

Commander, Land Forces 


Commander, Allied Land Forces, Schleswig-Holstein & Jutland 


Commander, Allied Land Forces, Norway 
Commander, Allied Land Forces, Southern Europe 
Commander, Allied Land Forces, New Zealand 
Commander, Coast Guard Atlantic Area 

Combat Logistics Network 

(1) Communication; (2) Commercial 
Communication(s) 

Commander, Allied Maritime Air Force, Channel 
Maritime Air Commander, Northern Submarine Area 
Commander, Marine Corps Base, Pacific 


Commander, U.S. Maritime Defense Zone Sector, Alaska 


Commander, 
Commander, 
Commander, 


Marine Forces 
Marine Forces, Japan 
Marine Forces, Korea 


Commander Marine Corps Forces, Pacific 


Commander, Marine Corps Forces, South 
Communications Center 

Communications Detachment 
Communications 

Communications Center 

Communications Zone 

Commander, Naval Air Forces 
Commander, Naval Air Forces, Atlantic 
Commander, Naval Air Forces, Pacific 
Commander, Allied Naval Forces, Baltic Approaches 
Commander, Naval Forces 

Commander, Naval Forces, Korea 
Commander, Naval Intelligence Command 
Commander, Naval Logistics 


Commander, Naval Forces, Marianas 
Commander, Allied Naval Forces, North Norway 
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COMNAVSCAP 
COMNAVSEASYSCOM 
COMNAVSECGRU 
COMNAVSOF 
COMNAVSPACECOM 
COMNAVSPECWARCOM 
COMNAVSURF 
COMNAVSURFLANT 
COMNAVSURFPAC 
COMNORECHAN 
COMNORLANT 
COMNORTHAG 
COMNSWU 
COMOCEANLANT 
COMOCEANSYSLANT 
COMOCEANSYSPAC 
COMOPS 

COMP 

COMPACAF 
COMPASS 
COMPATWINGSLANT 
COMPHIBGRU 
COMPLYMCHAN 
COMPUINT 
COMPUSEC 

COMPW 

COMPWING 

COMS 

COMSAT 

COMSC 

COMSEC 
COMSECONDFLT 
COMSEVENTHFLT 
COMSIXATAF 


COMSIXTHFLT 
COMSOC 
COMSOC-K 
COMSOCEUR 
COMSOCLANT 
COMSOCPAC 
COMSOCSOUTH 
COMSOTFE 
COMSPOT 
COMSTAT 
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Commander, Allied Naval Forces, Scandinavian Approaches 
Commander, Naval Sea Systems Command 
Commander, Naval Security Group 

Commander, Naval Special Operations Forces 
Commander, Naval Space Command 

Commander, Naval Special Warfare Command 
Commander, Naval Surface Forces 

Commander, Naval Surface Force, U.S. Atlantic Fleet 
Commander, Naval Surface Force, Pacific 
Commander, Northern Submarine Area, Channel 
Commander, Northern Submarine Area 

Commander, Northern Army Group, Central Europe 


Commander, Naval Special Warfare Unit 
Commander, Ocean Atlantic 

Commander, Oceanographic Systems Atlantic 
Commander, Oceanographic Systems Pacific Company 
Communications Operations Summary 

Compatible 

Commander, Pacific Air Forces 

Computerized Movement Planning and Status System 
Commander, Patrol Wings Atlantic 

Commander, Amphibious Group 

Commander, Plymouth Submarine Area, Channel 
Computer Intelligence 

Computer Security 

Composite Wing 

Composite Wing 

Collection Operations Management System (HUMINT) 
Communications Satellite 

Commander, Military Sealift Command 
Communications Security 

Commander, U.S. Second Fleet 

Commander, U.S. Seventh Fleet 


Commander, Sixth Allied Tactical Air Force, Southeastern 
Europe 


Commander, U.S. Sixth Fleet 

Commander, Special Operations Command 

Commander, Special Operations Command, Korea 

Commander, Special Operations Command, Europe 
Commander, Special Operations Command, Atlantic 
Commander, Special Operations Command, Pacific 
Commander, Special Operations Command, Southern Command 
Commander, Support Operations Task Force, Europe 
Communications Spot Report 

Communication Status Report 
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COMSTRATCOMWING ONE 
COMSTRICKFLANT 
COMSTRIKFLTLANT 
COMSTRIKFORSOUTH 
COMSTS 

COMSUBACLANT 
COMSUBEASTLANT 
COMSUBGRU 
COMSUBGRU 8/CTF MED 


COMSUBLANT 
COMSUBMED 
COMSUBPAC 
COMSUBWESTLANT 
COMSUPNAVFOR 
COMTAFNORNOR 
COMTAFSONOR 
COMTASKFORNON 
COMTECHREP 
COMTHIRDFLT 
COMTRAPAC 
COMTWOATAF 
COMUKADR 
COMUSAFAK 
COMUSAFFOR 
COMUSAFJ 
COMUSAFK 
COMUSAFTF 
COMUSARAK 
COMUSARCENT 
COMUSARFOR 
COMUSARSO 
COMUSARSPACE 
COMUSARTF 
COMUSASOC 
COMUSFOR KOREA 
COMUSFK 
COMUSFORAZ 
COMUSFORCARIB 
COMUSFORCNTY 
COMUSJ 
COMUSJAPAN 
COMUSJTF 
COMUSJUWTF 
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Commander, Strategic Communications Wing One 
Commander, Striking Fleet Atlantic (Afloat) 
Commander, Striking Fleet, Atlantic 


Commander, Striking Force, South 


Commander, Military Sea Transportation Service 


Commander, Submarine Forces, Allied Command, Atlantic 


Commander, Submarine Force, Eastern Atlantic 


Commander, Submarine Group 


Commander Submarine Group (Mediterranean)/Commander 
Task Force Mediterranean 


Commander, Submarine Force, U.S. Atlantic Fleet 
Commander, Submarines, Mediterranean 


Commander, Submarine Forces, Pacific 


Commander, Submarine Force, Western Atlantic Area 


Commander, Supporting Naval Forces 
Commander, Allied Tactical Air Force, North Norway 


Commander, Allied Tactical Air Force, South Norway 
Commander, Allied Task Force, North Norway 
Complementary Technical Report 

Commander, Third Fleet 

Commander, Training Command, Pacific 


Commander, Second Allied Tactical Air Force, Central Europe 


Commander, U 
Commander, U 
Commander, U 
Commander, U 
Commander, U 
Commander, U 
Commander, U 
Commander, U 
Commander, U 
Commander, U 
Commander, U 
Commander, U 
Commander, U 
Commander, U 
Commander, U 
Commander, U 
Commander, U 


K NATO Air Defense Region 

.S. Air Forces, Alaska 

nited States Air Force Forces 

.S. Air Forces, Japan 

.S. Air Forces, Korea 

nited States Air Force Task Force 

.S. Army Forces, Alaska 

.S. Army Forces Central Command 
nited States Army Forces 

nited States Army Forces Southern Command 
.S. Army Space Command 

nited States Army Task Force 

.S. Army Special Operations Command 
.S. Forces Korea 

.S. Forces, Korea 

.S. Forces, Azores 

.S. Forces, Caribbean 


Commander US Forces Country 


Commander, U 
Commander, U 
Commander, U 


Commander, U 
Force 


.S. Forces, Japan 
.S. Forces, Japan (also COMUSJ) 
nited States Joint Task Force 


nited States Joint Unconventional WarfareTask 
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COMUSKOREA 
COMUSLANDFOR 
COMUSMACTHAI 


COMU 
COMU 
COMU 
COMU 
COMU 
COMU 
COMU 
COMU 
COMU 
COMU 
COMU 
COMU 
COMUSNAVTF 
COMZEALAND 
CON 
CONAD 
CONDECA 
CONF 
CONFIG 
CONG 
CONGEN 
CONGINT 
ConNMJIC 
CONOBJTR 
CONOP(S) 
CONOPS 


MARCENT 
MARDEZLANT 


CONPG 
CONPLAN 
CONR 
CONTEXT 
CONTRA- 
CONUS 
CONUSA 
CONVL 
COOP 
COORD 
COP 
COPG 
COPRA 
COPRL 
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Commander, U.S. Forces, Korea (also COMUSK) 
Commander, United States Land Forces 


Commander, United States Military Assistance Command, 
Thailand 


Commander, U.S. Marine Forces Central Command 
Commander, U.S. Maritime Defense Zone, Atlantic 
Commander, U.S. Maritime Defense Zone, Pacific 
Commander, United States Marine Forces 
Commander, United States Marine Task Force 
Commander, United States Military Group 
Commander, U.S. Naval Forces, Alaska 
Commander, U.S. Naval Forces, Central Command 
Commander, U.S. Naval Forces, Europe 
Commander, United States Naval Forces 
Commander, U.S. Naval Forces, Philippines 
Commander, U.S. Naval Forces South 
Commander, United States Naval Task Force 


Commander, Allied Land Forces, New Zealand 
Control(led) 

Continental Air Defense Command 
Central America Defense Council 
Confidential 

Configuration 

Congress 

Consul General 

Congressional Interest 
Contingency NMJIC 

Conscientious Objector 

Concept of Operation(s) 


(1) United States Army Intelligence Command Continental 
(United States) Operations; (2) Concept of Operations 


Chairman, Operational Nuclear Planning Group 
(1) Concept Plan; (2) Contingency Plan 

CONUS NORAD Region 

Conferencing and Text Manipulation System 
Against, Opposite (Prefix) 

Continental United States 

Continental United States Army 

Conventional 

Continuity of Operations Plan 

Coordination 

(1) Command Observation Post; (2) Crashout Package 
Chairman, Operational Planners Group 
Comparative Postwar Recovery Analysis 
Command Operations Priority Requirements List 
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COPSTRAT 
COR 


CORCEN 
CORE 
CORL 


CORM 
CORPS SAM 
CORTRAIN 
COS 


cos 
COSAL 
COSCOM 
COSIN 
COSA 
COSP 
COSPO 
COTP 
COTR 
COTS 


COUNTERMASINT 
COVCOM 

CoVRT 

CP 


C&P 
C-P 
CPA 


CPAT 
CPB 
CPBS 


CPC 


CPE 
CPFL 
CPI 
CPIA 
CPIC 
CPM 
CPMIEC 
CPNET 
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Continuity of Operations Plan (USSTRATCOM) 


(1) Command Operationally Ready; (2) Central Office of 
Record; (3) Contracting Officer's Representative 


Correlation Center 
Contingency Response (Program) 


(1) Collection Opportunity Requirements List; 
(2) Chief of Receive Location 


Commission on Roles and Missions 
Corps Surface-to-Air Missile 
Corps/Division Training Coordination Program 


(1) Combat Operations Staff; (2) Chief of Station; 
(3) Chief of Staff; (4) Communications Segment 


Cosine 

Consolidated Ship/Squadron Allowance 

Corps Support Command 

Control Staff Instructions 

Commander, Oceanographic Systems, Atlantic 
Commander, Oceanographic Systems, Pacific 
Community Open Source Program Office Cotangent 
Captain of the Port 

Contracting Officer’s Technical Representative 


(1) Commercial Off-the-Shelf; 
(2) Container Offloading Transfer System 


Counter Measurements and Signature Intelligence 
Covert Communications 
Commanders (and Staff) Visualization Research Tool 


(1) Contingency Planning; (2) Command Post; (3) Character 
Position; (4) Communications Processor; (5) Central Processor; 
(6) Career Program; (7) Counterproliferation 


Characteristics and Performance 
Counterproliferation 


(1) Chairman’s Program Assessment; (2) Collection 
Planning Aid; (3) CJCS Preparedness Assessment 


Collection Planning and Targeting 
Charged Particle Beam 


(1) Capabilities Programming and Budgeting System; 
(2) Consolidated Program and Budgeting System 


(1) Coastal Patrol Boat; (2) Collection and Processing Center; 
(3) Central Processing Center 


(1) Circular Probable Error; (2) Central Production Element 
Contingency Planning Facilities List 

Communications Processor and Interface 

Chemical Propulsion Information Agency 

Coastal Patrol and Interdiction Craft 

Cycles Per Minute 

China Precision Machinery Import Export Corporation 
Custom Product Network 
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CPO 
CPP 
CPR 


CPS 


CPSB 
CPSS 
CPSU 
CPT 
CPU 


CPX 
CP OSCAR 
CP TANGO 
CQB 
C-QUIP 
CR 


CRAF 
CRB 
CRBIF 
CRC 


CRDC 
CRDL 
CRE 


CREST 
CRF 
CRIMP 
CRIS 
CRISCON 
C-RISTA 


CRITIC 


CRITICOM 
CRJOIC 
CRL 

CRM 
CRMA 
CRMO 
CRMP 
CRMS 
CRN 
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(1) Command Project Officer; (2) Chief Petty Officer 
Communist Party of the Philippines 


(1) Cardio-Pulmonary Resuscitation; (2) Chairman's 
Program Recommendations 


(1) Collection Problem Set; (2) Correlation Processing Sub- 
system; (3) Characters Per Second; 
(4) COMSEC Parent Switch; (5) Craft Positioning System 


Career Program Selection Board 
Computer Systems Squadron 
Communist Party of the Soviet Union 
Command Post Terminal 


(1) Central Processing Unit; (2) Communications 
Processing Unit; (3) Computer Processing Unit 


Command Post Exercise 

Command Post Operations Support Center and Rear 
Command Post Tactical Air, Naval, Ground Operations 
Close Quarter Battle 

Combined Quarterly Intelligence Production Listing 


(1) Crisis Relocation; (2) Combat Radius; (3) Collection 
Request; (4) Close Range; (5) Collections Requirement 


Civil Reserve Air Fleet 
Contingency Reference Book 
Crisis Basis Imagery File 


(1) Command and Reporting Center; (2) Control and Reporting 
Center; (3) CONUS Replacement Center 


United States Army Chemical Research & Development Center 
Collateral Recurring Document Listing 


(1) Combat Readiness Evaluation; 
(2) Control and Reporting Element 


Covert Reconnaissance/Strike 

(1) Crisis Response Force; (2) Cable Reports File 
Crisis Management Plan 

Command Resources Information System 

Crisis Condition (I&W System) 


Counter-Reconnaissance, Intelligence, Surveillance, and Target 
Acquisition 


(1) Critical Intelligence; (2) Critical Intelligence Message; 
(3) Critical Intelligence Communication 


Critical Intelligence Communications Network 

Central Region Joint Operational Intelligence Center 

Certificate Revocation List 

Collection Requirements Management 

Collection Requirements Management Architecture/A pplication 
Collection Requirements Management Office(r) 

Collection Requirements Management Program or Plan 
Collection Requirements Management System 

Combat Radio Net 
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CROF 
CROM 
CRP 
CRRC 
CRRES 
CRRS 
CRS 


CRT 


CRTA 
CRUDESGRU 
CRWG 
CRYPTO 

CS 


CSI 
CSA 


CSABE 
CSAF 
CSAFM 
CSAM 
CSAR 
CSAW 
CSB 


CSBR 
CSC 


CSCE 
CSCG 
CSCI 


CSCR 
CSDS 
CSCT 
CSE 


CSE-SS 
CSEL 
CSENCNET 
CSF 
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Crete Remote Operating Facility 

Continuous Read-Only Memory 

(1) Control and Reporting Post; (2) COMSEC Resources Program 
Combat Rubber Raiding Craft 

Combined Release and Radiation Effects Satellite 

Customer Requirements Registration System 


(1) COMIREX Requirements Structure; (2) Combined Record- 
ing Site; (3) Comprehensive Retrieval Subsystem; (4) Catholic 
Relief Service; (5) Congressional Research Service; (6) Commu- 
nity Relations Service 


(1) Cathode Ray Tube (Terminal); (2) Combat Readiness 
Training; (3) Crisis Response Team 


Chief of Rocket Troops and Artillery 
Cruiser-Destroyer Group 

Current Requirements Working Group 

(1) Cryptography/Cryptographic; (2) Cryptologic 


(1) Combat Support; (2) Communications Subsystem; 
(3) Constant Source; (4) Chief of Staff; (5) Central Servers; 
(6) Coalition Support 


Critical-Sensitive Level 1 


(1) Chief of Staff, U.S. Army; (2) Central Supplies Agency of 
NATO; (3) Corps Support Activity; (4) Combat Support 
Agency(ies) 


Central and South African Basic Encyclopedia 
Chief of Staff, U.S. Air Force 

Chief of Staff, Air Force Memorandum 

Chief of Staff, Army Memorandum 

Combat Search and Rescue 

Cryptologic Support to Amphibious Warfare 


(1) Close Silo Basing; (2) Collection Support Brief (HUMINT); 
(3) Current Situation Branch 


Commander, Special Boat Squadron 


(1) Community Support Center; (2) Customer Support Center; 
(3) Combat Support Cell 


Conference on Security and Cooperation in Europe 
Communications Security Control Group 


(1) Commercial Satellite Communications Initiative; 
(2) Computer Software Configuration Interface 


Computer System Change Request 
Command Spatial Display System 
Combat Support Coordination Team 


(1) Cryptologic Support Element(s); (2) Command Support 
Element; (3) Client Server Environment; (4) Canadian SIGINT 
Establishment; (5) Communi-cations Security Element 


Client Server Environment-System Services 
Combat Survivor-Evader Locator 

Satellite Education Network 

Command Support Functions 
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CSFOCI 
CSG 


CSG-SOCOM 
CSGN 

CSI 
C-SIGINT 
CSIS 
CSMA/CD 
CSMO 
C3SMP 
CSMR 
CSOC 
CSP 


CSP/HOL 
CSPAR 


CSPO 
CSR 


CSRD 
CSRS 
CSS 


CSSA 
CSSCS 


CSSD 
CSSE 
CSSO 
CSSP 
CSSOC 
CSSR 
CSST 
CST 


CSTC 
CSTIP 
CSTOL 
CSTVRP 
CT 


Page 3320 of 3957 


Page 3320 of 3957 


Force Protection Operations 


(1) Cryptologic Support Group; (2) Chairman’s Staff Group; 
(3) Combat Support Group; (4) Corps Support Group 


Cryptologic Support Group/USSOCOM 

Nuclear Strike Cruiser 

Commercial Satellite Interconnectivity 

Counter Signals Intelligence 

Canadian Security and Investigative Service 

Carrier Sense Multiple Access with Collision Detection 
Cryptologic Support to Military Operations 

Command, Control, Communications System Master Plan 
Coarse Spatial Resolution, Multispectral 

Consolidated Space Operations Center 


(1) Communications Support Processor; (2) Crisis Staffing Pro- 
cedures; (3) Contingency Support Package 


Communications Support Processor/High Order Language 


(1) Central Strategic Processing, Analysis, and Reporting; 
(2) CINC’s Preparedness Assessment Report 


Consolidated SAFE Project Office 


(1) Current Situation Room; (2) Coastal Surveillance Radar; 
(3) Controlled Supply Rate; (4) Collection Support Require- 
ment; (5) Combat Search & Rescue 


Communication-Computer Systems Requirement Document 
Civil Service Retirement System 


(1) Communications Security System; (2) Communications Sup- 
port System; (3) Central Security Service; (4) Combat Service 
Support; (5) Collateral Support System; (6) Contingency Sup- 
port Study; (7) Communications System Segment; (8) Common 
Sensor System; (9) COMSEC Subordinate Switch; (10) Combat 
Surveillance Service; (11) Continuous Signature Service; 

(12) Coded Switch System; (13) Command Specific Server 


Cryptologic Shore Support Activity 


(1) Combat Service Support Control System; 
(2) Combat Service Support Computer System 


Combat Service Support Detachment 
Combat Service Support Element 
Contractor Special Security Officer 
Combined Services Support Program 
Combat Service Support Operations Center 
CSS Replacement 

Combat Service Support Team 


(1) Central Standard Time; (2) Coastal Survey Team; 
(3) Coalition Support Team 


Consolidated Space Test Center 

Combined Strategic Intelligence Training Program 

Cargo Short Take-Off & Landing 

Computer Security Technical Vulnerability Reporting Program 


(1) Training Cruiser; (2) Counterterrorism; (3) Combating 
Terrorism; (4) Cryptologic Technician 


51 


CTA 
CTAI 
CTAK 
CTAPS 
CTB 
CTBT 
CTC 


CTD 
CTDR 
CT&E 
CTE 
CTEA 
CTF/JTF 


CTF-B 
CTF-BM 
CTF-C2 
CTF PC II 
CTG 
CTH 
CTIA 
CTIS 
CTL 
CTLZ 
CTOC 
CTOCSE 
CTOL 
CTP 
CTR 
CTRL 
CTS 


CTSCR 
CTT 


CTTA 
CTT-H 
CTTP 


CTU 
CU 
CUBB 
CUBIC 
CUCV 
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(1) Central Technical Authority; (2) Common Table of Allowances 
Continuous-Tone Aerial Imagery 

Cypher-Text Auto-Key 

Contingency Theater Automated Planning System 
Comprehensive Test Ban 

Comprehensive Test Ban Treaty 


(1) Combat Targeting Center; (2) Counterterrorism Center; 
(3) Combat Training Center 


(1) Collective Training Directorate; (2) Charge Transfer Device 
Commercial Training Device Requirements 

Certification Test and Evaluation 

Coefficient of Thermal Expansion 

Cost and Training Effectiveness Analysis 


(1) Crisis Task Force; (2) Commander Task Force; 
(3) Central Training Flight; (4) Combined Task Force; 
(5) Joint Task Force; (6) Consolidated Training Facility 


Combined Task Force-Bomber 

Combined Task Force-Battle Management 
Combined Task Force Director of Intelligence 
CTF Provide Comfort II 

Commander, Task Group 

Aviation Training Cruiser 

Counter Technical Intelligence Activities 
Commander's Tactical Information System 
Critical Task List 

Control Zone 

Corps Tactical Operations Center 

CTOC Support Element 

Conventional Take-Off and Landing 
Consolidated Telecommunications Program 
Center 

Control 


(1) Course Training Standards; 
(2) Communications Technology Satellite 


Critical Time-Sensitive Collection Requirement 


(1) Commanders' Tactical Terminal; (2) Common Task Test; 
(3) Combat Control Team 


Certified TEMPEST Technical Authority 
Commanders' Tactical Terminal-Hybrid 


(1) USCENTCOM Tactics, Techniques, and Procedures Manual; 
(2) Component Tactics, Techniques, and Procedures Manual 


Commander Task Unit 

Channel Unit 

Collateral Users Bulletin Board 

Common User Baseline for the Intelligence Community 
Commercial Utility Cargo Vehicle 
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C/W 
CWC 


CWG 
CWI 
CWIS 
CWO 
CWS 


CWT 

C2X 

CY 
CYCLOPS 
CZ 
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Common-User Digital Information Exchange System 
Combined User Language 

Current 
Canadian-U.S. Regional Planning Group (NATO) 
Combined Unconventional Warfare Task Force 


(1) Multipurpose Aircraft Carrier; (2) Carrier Vehicle; 
(3) Aircraft Carrier 


COMSEC Utility Program 
Clandestine Vulnerability Analysis 
CINCPAC Voice Alert Network 
Carrier Battle Force 


Carrier Battle Group 

Guided-Missile Aircraft Carrier 

Nuclear-Powered Guided-Missile Aircraft Carrier 
V/STOL Aircraft Carrier 

Guided-Missile V/STOL Aircraft Carrier 
Nuclear-Powered Guided-Missile V/STOL Aircraft Carrier 
Nuclear-Powered V/STOL Aircraft Carrier 
Carrier-Based Intelligence Center 

Light Aircraft Carrier 

Nuclear-Powered Guided-Missile Light Aircraft Carrier 
Nuclear-Powered Light Aircraft Carrier 


Nuclear Powered Aircraft Carrier 
Combat Vehicle (Reconnaissance, Tracked) 


(1) Antisubmarine Aircraft Carrier; 
(2) Commercial Vendor Services 


Continuously Variable-Slope Delta Modulation 
Training Aircraft Carrier 

Compressed Video Transmission Service 
Carrier Air Wing 


(1) Chemical Warfare; (2) Carrier Wave; (3) Continuous Wave; (4) 
CONSTANT WATCH; (5) Composite Wing; (6) Commonwealth 


Crisis/Wartime 

(1) Composite Warfare Commander; 

(2) Conventional Weapons Guide 

Coordinates Working Group 

Conventional Weapons Index 

Crisis Window Information System 

(1) Communications Watch Office; (2) Chief Warrant Officer 


(1) Compartmented Work Station; 
(2) Collateral Workstation (ASAS) 


Chemical Weapons Treaty 

CCTF C2 OBI/CI Support Element 
Calendar Year 

Fleet Support Message 

(1) Combat Zone; (2) Convergent Zone 
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5D Demand-Driven Direct Digital Dissemination 

D (1) Deciduous; (2) Density 

D2 Data Distribution 

DA (1) Department of the Army; (2) Long-Range Aviation (USSR); 
(3) Double Agent; (4) Direct Action 

D/A Digital/Analog 

DAA Designated Approval Authority 

DAB Defense Acquisition Board 

DABM Defense Against Ballistic Missiles (Now SDI) 

DABS Dynamic Air Blast Simulator 

DAC (1) Development Assistance Committee of OECD; 
(2) Department of Army Civilian; (3) Discretionary Access 
Control 

DACCO Department of the Army Central Control Office 

DACCS Digital Access Cross-Connect System/Switch 

DACOM Data Communications 

DACOS Deputy Assistant Chief of Station 

DACOS/I Deputy Assistant Chief of Staff-Intelligence 

DACT Dissimilar Air Combat Tactics 

DACU (1) Device Access Control Unit; 
(2) Device Attachment Control Unit 

DAD Dual Air Density 

DAES Defense Acquisition Executive Summary 

DAF Department of the Air Force 

DAG (1) Defense Special Security Communications Systems Address 
Group; (2) Divisional Artillery Group (FSU) 

DAIRSDIA Advanced Imagery Reproduction System 

DAISY Daily Summary 

DAJDIA Office Symbol for JMITC 

DALASP Defense Advanced Language and Area Studies Program 

DALATS Data Logging and Transmission System 

DAMA Demand Assigned Multiple Access 

DAMI Department of the Army Military Intelligence 

DAMPL Department of the Army Master Priority List 

DAO Defense Attache Office 

DAP Designated Acquisition Program 

DAPA Drug and Alcohol Program Advisor 

DAR Designated Area for Recovery 

DARC District Area Command 

DARO Defense Airborne Reconnaissance Office 

DARP Defense Airborne Reconnaissance Program 

DARPA Defense Advanced Research Projects Agency 

DARS (1) Daily Aerial Reconnaissance and Surveillance; 


(2) Daily Apportionment and Reconnaissance Scheduling; 
(3) Daily Aerial Reconnaissance Syndicate 
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DARSC 
DARSP 
DART 


DARTS 
DAS 
DASC 
DASD 


DASD(I&S) 
DASH 
DASPA 
DASR 
DASVA 
DAT 
DATAINT 
DATEXT 
DATPS 
DATS 
DATT 
DAWN 
DAWS 
DAYLT 
dB 

DB 

DBA 
DBAS 
DBBL 
DBC 
DBCTRL 
DBD 

dBi 
DBIDI 
DBK 
dB/K 
dBm 
DBMAINT 
DBMS 
DBQ 
DBS 


dBSM 
dBw 
DC 


Page 3324 of 3957 


Page 3324 of 3957 


Defense Airborne Reconnaissance Steering Committee 
Defense Academic Research Support Program 


(1) Developmental Air Reports Tracker; 
(2) Deployable Automated Remote Terminal 


Digital Antijam Radio Teletype System 
(1) Defense Attache System; (2) Data Acquisition Segment 
Direct Air Support Center 


(1) Deputy Assistant Secretary of Defense; 
(2) Direct Access Storage Device 


Deputy ASD (Intelligence and Security) 
Deployable Automated Support Host 
Defense Attache System Property Accounting 
Defense Analysis Special Report 

Defense Attache System Vehicle Accounting 
Direct Action Team 

Data Intelligence 

Data Extract 

Diver Active Thermal Protection System 
Data Automated Tower Simulation 
Defense Attache 

Defense Attache Worldwide Network 
Defense Automated Warning System 
Daylight 

Decibel 

Data Base 

Data Base Administrator 

Data Base Applications System 
Dismounted Battlespace Battle Lab 

Data Base Correlation 

Data Base Control 

Data Burst Device 

Decibel (referenced to isotropic radiator) 
Data Base of Imagery-Derived Information 
Dominant Battlefield Knowledge 

Decibels per Degrees Kelvin 

Decibels (referred to 1 milliwatt) 

Data Base Administrator 

Data Base Management System 

Data Base Query 


(1) Data Broadcast System (also known as SCAMPI); 
(2) Direct Broadcast Service 


Decibels Per Square Meter 
Decibels Referenced to One Watt of Power 


(1) District Commissioner; (2) Damage Control; 
(3) Defense Council; (4) Direct Current 
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DCA 


DCAEUR 
DCAOC 
DCAPSS 
DCAS 


DCCC 
DCE 


D-Cell 
DCF 
DCG 
DCGS 
DCI 
DCIA 
DCIB 
DCID 
DCII 
DCI&S 
DCIIS 
DCINC 
DCIP 
DCL 
DCM 
DCMM 
DCMS 
DCN 
DCO 


DCOS 
DCOSIPR 
DCP 


DCR 
DCRSI 
DCS 


DCS/I 

DCS/IN 
DCSCA 
DCSEC 

DCSI 

DCSIM 
DCSI/DCSINT 
DCSINT 
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(1) Defense Communications Agency; (2) Defense 
Cooperation Agreement; (3) Defensive Counter Air 


Defense Communications Agency Europe 
DCA Operations Control Center 
Dual Criteria Aimpoint Selection System 


(1) Deployable Consolidated Applications Server; 
(2) Deployable Communications Applications Shelter 


Defense Collection Coordination Center 


(1) Defensive Counter Espionage; 
(2) Data Communications Equipment 


Deployment Cell 

DOCS Certification Facility 

Deputy Commanding General 

Distributed Common Ground System 
Director of Central Intelligence 

Director, Central Intelligence Agency 
Defense Counterintelligence Board 

Director of Central Intelligence Directive 
Defense Central Index of Investigations 
Director of Counterintelligence and Security 
Defense CI Integrated Information System 
Deputy Commander in Chief 

Defense Counterdrug Intelligence Program 
Direct Communications Link 

Deputy Chief of Mission 

Database Creation and Management Module 
Database Creation and Management Segment 
Defense Communications Network 


(1) Defense Communications Office; (2) Deputy Commander for 
Operations (USAFE); (3) Dial Central Office; (4) Deputy Com- 
manding Officer 


Deputy Chief of Staff 
Deputy Chief of Staff, Intelligence Plans and Requirements 


(1) Disaster Control Plan; (2) Decision Coordinating Paper; 
(3) Defense Cryptologic Program 


Data Change Request 
Digital Cassette Recording System (Improved) 


(1) Defense Communications System; (2) Deputy Chief of Staff; 
(3) Defense Courier Service 


Deputy Chief of Staff Intelligence 

Deputy Chief of Staff for Intelligence 

Defense Communications System Central Area 
Deputy Chief of Staff, Security 

Deputy Chief of Staff, Intelligence 

Deputy Chief of Staff, Information Management 
Deputy Chief of Staff Intelligence (USAREUR) 
Deputy Chief of Staff for Intelligence (U.S. Army) 
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DCSLOG 
DCSO 
DCSOPS 
DCSP 
DCSPER 
DCS/SSI 
DCSTOP 
DCTN 


DD 


D&D 
DDAC 
D/DARO 
D-Day 
DDC 
DDCI 
DDCMP 
DDDDD 
DDG 
DDGN 
DDH 
DDHG 
DDHGN 
DDHN 
DDI 
DDL 
DDN 
DDO 
DDP 
DDPO 
DDR&E 
DDRS 
DDS 


DDS/RL 
DDSP 
DDSS 
DDT 
DDU 
DE 


DE-U 
DE/EW 
DEA 
DEACON 
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Deputy Chief of Staff for Logistics 

Deputy Commander for Space Operations 

Deputy Chief of Staff for Operations & Plans 

Design Controlled Spare Part(s) 

Deputy Chief of Staff for Personnel 

Deputy Chief of Staff for Safety, Security, and Intelligence 
Damage Criteria Study Target Data Base 


Defense Commercial Telecommunications/Teleconferencing 
Network 


(1) Destroyer; (2) Deputy Director; 
(3) Department of Defense; (4) Differential Doppler 


Denial and Deception 

Foreign Denial and Deception Analysis Committee 
Director, DARO 

Day in which a particular operation begins 

(1) Defense Documentation Center; (2) Data Distribution Center 
Deputy Director of Central Intelligence 

Digital Data Communications Message Protocol 
Demand-Driven Direct Digital Dissemination System 
Guided Missile Destroyer 

Nuclear-Powered Guided-Missile Destroyer 

Aviation Destroyer (ASW) 

Guided-Missile Aviation Destroyer 

Nuclear-Powered Guided-Missile Aviation Destroyer 
Nuclear-Powered Aviation Destroyer 

Deputy Director of Intelligence 

Direct Data Link 

(1) Defense Data Network; (2) Defense Dissemination Network 
(1) Deputy Director of Operations; (2) Deputy Duty Officer 
Defense Dissemination Program 

Defense Dissemination Program Office 

Director, Defense Research and Engineering 

Defense Data Repository System 


(1) Defense Dissemination System; (2) Dry Deck Shelter; 
(3) Dual Driver Service (courier) 


Defense Dissemination System/Receive Location 

Defense Development Sharing Project 

Document Dissemination and Storage Segment 

(1) Training Destroyer; (2) Distributed Decision-Aid Terminal 
Distant Device Unit 


(1) Damage Expectancy; (2) Directed Energy; 
(3) Directorate for Estimates (DIA) 


Dissemination Element-Upgrade 

Directed Energy/Electronic Warfare 

Drug Enforcement Administration 

Defense Estimates Analytical Computer On-Line Network 


57 


DEB 


DEC 

DEC (VAX) 
DECCO 
DECM 


DECON 
DEDAC 
DEDDF 
DEF 
DEFCON 
DEFCOS 
DEFPLAN 
DEFSMAC 
Deg 
DEGRAD 
DELORME 
DEMEX 
DEMOD 
DEMONS 
DEMPC 
DENAS 
DEP 


DEPCOMNAVCENT 
DEPCOMUSNAVCENT 
DEPREP 
DEPSECDEF 

DEPT 

DES 

DESA 

DESC 

DESIGN 

DESIST 

DESS 

DESRON 

DET/Det 

DEW 

DEWLINE 

DF 


DFAD 
DFDS 
DFED 
DFH 
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(1) Digital European Backbone; (2) Defense Estimative Brief; 
(3) Debris (Orbital) 


Digital Equipment Corporation 
Digital Equipment Corporation (Virtual Address Extension) 
Defense Commercial Contracting Office (now DITCO) 


(1) Defense Electronic Countermeasures; 
(2) Deceptive Electronic Countermeasures 


Decontaminate(ion) 

Deception and Denial Analysis Committee 

Digital Elevation Data Dubbing Facility 

Defense 

(1) Defense Condition; (2) Defense Readiness Condition 
Defense Courier System 

Defense Plan 

Defense Special Missile and Astronautics Center 
Degree 

Degradation 

a Digital Mapping Computer Program 

Demonstration Exercise 

Demodulator 

Demonstration System 

Data Exploitation, Mission Planning, Communications/Center 
Daily European Naval Activity Summary 


(1) Deflection Error Probable; 
(2) Defense Estimate for Production; (3) Deployed 


Deputy COMNAVCENT 

Deputy Commander, U.S. Naval Forces Central Command 
Deployment Report 

Deputy Secretary of Defense 

Department 

(1) Digital Exploitation System; (2) Data Encryption Standard 
Defense Evaluation Support Activity 

Defense Electronics Supply Center 

Designator (U.S. Navy) 

Decision Support and Information System for Terrorism 
Defense Exploitation Support System 

Destroyer Squadron 

Detachment 

(1) Distant Early Warning; (2) Directed Energy Weapon 
Distant Early Warning Line 


(1) Direction Finding; (2) Disposition Form; 
(3) Deuterium Floride 


Digitized Feature Analysis Data 
Data Facility Dataset Services 
Digitized Features Data 
Deployed Forward Headquarters 
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DFLP 


DFM 
DFOV 
DFRIF 
DFS 
DFT 
DG 
DGCL 
DGCS 
DGCT 
DGIAP 
DGIF 
DGIS 
DGITS 
DGS 
DGU 
DGZ 
DH-7 
DHCA 
DHEN 
DHS 
DI 


DIA 


DIA/CS 
DIAAPR 
DIAC 
DIAI 
DIAIAPPR 
DIAL 
DIAL-J 
DIALO 
DIALOG 
DIAM 
DIAMCP 
DIANM 
DIAOB 
DIAOLS 
DIAPF 
DIAR 
DIATP 
DIATS 
DIB 
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(1) Defense Foreign Language Program; 
(2) Democratic Front for the Liberation of Palestine 


Deterrent Force Modules 

Dual Field of View 

Defense Freight Railway Interchange Fleet 

Direction Finding Subsystem 

(1) Deployed for Training Team; (2) Deployment for Training 
Defense Guidance 

Ground Mobile Forces Control Link 

Downsized Ground Control Station 

Downsized Ground Control Terminal 

Defense General Intelligence Applications Program 
Deployable Ground Intercept Facility 

Director General Intelligence and Security 

Digital Graphics Information Tailoring System 
Deployable Ground Station 

Downgrade to Unclassified 

(1) Desired Ground Zero; (2) Designated Ground Zero 
deHavilland Dash 7 (Drug Interdiction Aircraft) 

Data Handling Capability Analysis 

Direct Hire Foreign National 

Defense HUMINT Service 


(1) Director of Intelligence (USEUCOM); 
(2) Directorate for Foreign Intelligence (DIA) 


(1) Defense Intelligence Agency; 
(2) Defense Intelligence Assessment 


Defense Intelligence Agency/Command Support 
Defense Intelligence Agency Appraisal 
Defense Intelligence Analysis Center 
DIA Instruction 

DIA Intelligence Appraisal 

Defense Intelligence Agency Liaison 
DIA Liaison Office for Japan 

DIA Liaison Office 

DIA Information Retrieval System 
Defense Intelligence Agency Manual 
DIA Master Contingency Plan 

DIA Analytical Memorandum 

Defense Intelligence Air Order of Battle 
DIA On-Line System 

DIA Part File 

DIA Regulation 

DIA Tactical Program 

DIA Terrorism Summary 


(1) Defense Intelligence Board; (2) Defense Intelligence Brief; 
(3) Directory Information Base 
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DIC 


DICBM 
DICP 
DID 


DIDHS 
DIDOP 
DIDS 
DIDSRS 


DIE 
DIEB 
DIEC 
DIEPS 
DIEM 
DIEOB 
DIFAR 


DIFAX 


DIFM 
DIFR 
DIGITS 
DIGOB 
DIH 
DIHEST 
DII 
DIIN 
DIIP 
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(1) Defense Intelligence Community; (2) Difference in Condi- 
tion; (3) Defense Intelligence College (Now JMIC); (4) Defense 
Intelligence Commentary 


Depressed Intercontinental Ballistic Missile 
Defense Intelligence Counterdrug Program 


(1) Data Line Description; (2) Defense Intelligence Digest 
(Now Military Intelligence Digest); 
(3) Data Item Description 


Deployable Intelligence Data Handling System 
Digital Image Data Output Product 
Defense Intelligence Dissemination System 


Defense Intelligence Dissemination, Storage and Retrieval 
System 


Defense Intelligence Estimate 

Defense Intelligence Executive Board 

Deployable Imagery Exploitation Capability 

Digital Imagery Exploitation and Production System 
Defense Intelligence Estimates Memorandum 
Defense Intelligence Electronic Order of Battle 


(1) Directional Frequency Analysis and Recording System; 
(2) Directional Frequency and Ranging 


(1) Defense Intelligence Facsimile; 
(2) Defense Intelligence Security Facsimile Network 


Defense Intelligence Functional Manager 

Defense Intelligence Facility Report 

Digital Geographic Information Tailoring System 
Defense Intelligence Ground Order of Battle 

Daily Intelligence Highlights 

Direct Induced High-Explosives Simulation Technique 
Defense Information Infrastructure 

Defense Imagery Intelligence Notice 

Defense Intelligence Interoperability Panel 

Digital Imagery Interactive Processing System 

DIA Integrated Intelligence System 

Dedicated Intelligence Loop Circuit 

Defense Intelligence Memorandum 

Digital Image Manipulation & Enhancement System 
Diver Integral Magnetic Mine Detector 

Defense Intelligence Missile Order of Battle 

DSN Integrated Management Support System 


(1) Defense Intelligence Notice; 
(2) Defense Intelligence Network; (3) AUTODIN 


Desktop Interface to AUTODIN Host 
Defense Intelligence Naval Order of Battle 
Defense Intelligence Summary 
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DIO 


DIOB 
DIOBS 
DIOP 
DIP 

DIPC 
DIPFAC 
DIPOLES 


DIPP 
DIPS 


DIR 


DIRCM 

DIRES 

DIRINT 
DIRLAUTH 
DIRNSA 
DIRNSA/CHCSS 


DIROI 
DIRS 


DIS 


DISA 

DISA-EUR 
DISA-PAC 

DISA WESTHEM 
DISAM 

DISC 

DISC4 


DISCAS 
DISE 
DISECS 
DISES 
DISIDS 
DISMOB 
DISN 
DISNET 
DISO 
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(1) Defense Intelligence Officer (DIA); (2) District Intelligence 
Officer (U.S. Navy); (3) Defence Intelligence Organisation 
(Australian) 


Defense Intelligence Order of Battle 

Defense Intelligence Order of Battle System 

Defense Intelligence Objectives and Priorities 

(1) Defense Intelligence Plan; (2) Defense Imagery Program 
Defense Intelligence Production Council/Conference 

(1) U.S. Diplomatic Facilities Graphic; (2) Diplomatic Facility 


Defense Intelligence Photoreconnaissance On-Line Exploitation 
System 


Defense Intelligence Projection for Planning 


(1) Defense Intelligence Production Schedule; 
(2) Digital Imagery Processing System; 
(3) Def Intelligence Production Study 


(1) Defense Intelligence Report; (2) Directive; 
(3) Defense Imagery Report; (4) Director; (5) Direction 


Direct Infrared Countermeasures 

Defense Imagery Requirements and Exploitation System 
Director of Intelligence 

Direct Liaison Authorized 

Director, National Security Agency 


Director, National Security Agency/Chief, Central 
Security Service 


Directorate Operating Instruction 


(1) Defense Intelligence Reference Series; 
(2) Defense Imagery Reference Series 


(1) Defence Intelligence Staff (U.K.); (2) Defense Investigative 
Service; (3) Defense Intelligence Summary; (4) Daily Intelli- 
gence Summary; (5) Distributive Interactive Simulation; 

(6) Data Integration System; (7) Defense Information System 


Defense Information Systems Agency 

Defense Information Systems Agency-Europe 
DISA-Pacific 

DISA Western Hemisphere 

Defense Institute of Security Assistance Management 
Daily Intelligence Summary Cable 


Director of Information Systems Command, Control, Communi- 
cations and Computers 


Defense Intelligence Special Career Automated System 
Deployable Intelligence Support Element 

Defense Intelligence Space Exploitation and Correlation System 
Defense Intelligence Senior Executive Service 

Display and Information Distribution System/Subsystem 
Defense Intelligence Strategic Missile Order of Battle 

Defense Information Systems Network 

Defense Integrated Secure Network 

Defense Intelligence Support Office 
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DISOB 
DISP 
DISPEWT 
DISR 


DISS 


DISSEM 
DISSO 
DIST 
DISTAFF 
DISTS 
DISTP 
DISUM 


DIT 
DITB 
DITCO 


DITDS 
DITEQ 
DITFOR 
DITS 
DITSUM 
DIV 
DIVARTY 
DIVISION 
DIW 
DIWO 
DIWS 


DJ2 

DJS 
DJSM 
DJTF 
DJTFAC 
DLA 
DLAB 
DLEA 
DLED 
DLI 
DLIFLC 
DLO 
DLPT 
DLTV 
D&M 
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Defense Intelligence Space Order of Battle 
Defense Industrial Security Program 
Defense Intelligence Space Electronic Warfare Threat Data Base 


(1) Daily Indicator Status Report; 
(2) Defense Indications Status Report 


(1) Digest of Intelligence and Security Services; 
(2) Dissemination 


Dissemination 

Deputy Information Systems Security Officer 
Digital Imagery Support Terminal 

Directing Staff (NATO Commands, JECG) 
Defense Intelligence Secure Telephone System 
Defense Intelligence Special Technologies Program 


(1) Daily Intelligence Summary; 
(2) Defense Intelligence Summary 


Defense Intelligence Thesaurus 
Digital Imagery Test Bed 


Defense Information Technology Contracting Office 
(formerly DECCO) 


Defense Intelligence Threat Data System 

Defense Intelligence Thesaurus Equivalency List 
Defense Intelligence Technical Forum 

Digital Imagery Transmission System 

Defense Intelligence Terrorism Summary 

(1) Division; (2) Defense Intelligence Videocassette 
Division Artillery 

Enciphered Television 

Dead in Water 

Duty Intelligence Watch Officer 


(1) Digital Imagery Workstation Suite; (2) Defense Indications 
and Warning System; (3) DOD Intelligence Warning System 


Deputy Director of Intelligence 
Director, Joint Staff 

DJS Memorandum 

Deployable Joint Task Force 

DJTF Augmentation Cell 

Defense Logistics Agency 

Defense Language Aptitude Battery 
Drug Law Enforcement Agency 
Dedicated Loop Encryption Device 
Defense Language Institute 
Defense Language Institute, Foreign Language Center 
Defense Liaison Office 

Defense Language Proficiency Test 
Daylight Television 

Detection and Monitoring 
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ES 


“8 


Z 
> 
n 


DOC 
DOCC 


DOCEX 
DOCKLAMP 
DOCS 
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(1) Dissemination Manager; (2) Decompression Monitor 
(1) Defense Mapping Agency; (2) Direct Memory Access 
Defense Mapping Agency Aerospace Center 

Defense Mapping Agency Combat Support Center 
DMA Hydrographic and Topographic Center 

Defense Mapping Agency Instruction 

Defense Mapping Agency Liaison 

Deferred Maintenance and Repair 

DODIIS Management Board 

Defense MC&G Program 

Digital Message Device 


Digital Message Device Group 

Distance Measuring Equipment 

Digital Message Entry Device 

DAWS Message Front End 

Directorate of Military Intelligence 

Defensive Missile Order of Battle 

Daily Maritime OPINTEL Summary 

Deployment Media Production Center Project 

Desired Mean Point of Impact 

(1) Data Management System; (2) Defense Message System 
Defense Meteorological Satellite (or Support) Program 
Demilitarized Zone 


(1) Data Net; (2) Duplicate Negative; 
(3) Department of the Navy 


(1) Defense Nuclear Agency; (2) Deoxyribonucleic Acid 


(1) DODIIS Network Access System; 
(2) Data Network Access System 


(1) Director, Naval Communications; (2) Digital Nautical Chart 
Data Network Control Center 

Department of National Defence (Canada) 

Director of Naval Intelligence 

DODIIS Network Security for Information Exchange 

Digital Non-Secure Voice Terminal 

Director of Operations 


(1) Department of the Army; (2) Date of Arrival; 
(3) Director of Administration; (4) Dead on Arrival 


JAC Counterterrorism/Counterintelligence Analysis Branch 
(1) Depth of Burst; (2) Date of Birth; (3) Defense Order of Battle 
Department of Commerce 


(1) Defense Communications Agency Operations Center 
Complex; (2) Deep Operations Coordination Cell; 
(3) DISA Operational Control Complex 


(1) Document Exploitation; (2) Document Exploitation Center 
Defense Attache System Message Channel 
DSCS Operations Control System 


63 


DoD, DOD 


DODCI 
DODCSC 
DODD 

DODEX 
DODFCIP 
DODFDCO 
DODFIP 
DODIIS 
DODIIS SCINET 
DODIMS 
DODIPP 
DODNACC 
DODSATCOM 
DOD SAT COM 
DODSI 
DODSPECREP 
DOD TCSEC 
DOE 

DOF 

DOI 


DOJ 
DOMS 
DOMSAT 
DON 
DOO 
DOPS 
DOS 


DOSCOM 
DoSIP 
DOSTN 
DOT 

DP 


DPAC 
DPAE 
DPAS 


DPC 
DPF 
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(1) Department of Defense; (2) Date of Death; 
(3) Date of Departure 


DoD Computer Institute 

Department of Defense Computer Security Center 

DoD Directive 

DoDIIS Extended 

DoD Foreign Counterintelligence Program 

Department of Defense Foreign Disclosure Coordinating Office 
DoD Futures Intelligence Program 

DoD Intelligence Information System 

DoDIIS Sensitive Compartmented Information Network 
DoD Intelligence Management System 

DoD Intelligence Production Program 

Department of Defense National Agency Check Center 
DoD Satellite Communications Program 

DOD Satellite Communications 

Department of Defense Security Institute 

DoD Special Representative 

DOD Trusted Computer System Evaluation Criteria 
Department of Energy 

Disposition of Forces 


(1) Date of Information; (2) Duration of Illumination; 

(3) Director of Intelligence; (4) Imagery Division (JAC); 

(5) Director of Operations and Intelligence; (6) DSSCS Operat- 
ing Instruction; (7) Date of Intercept 


Department of Justice 
Directorate of Military Support 
Domestic Satellite 

Department of the Navy 

Daily Operations Order (NATO) 
DIA Outline Plotting System 


(1) Department of State; (2) Date of Separation; 
(3) Disk Operating System; (4) Direct Operating System 


Division Support Command 

Department of State Intelligence Program 
Department of State Telecommunications Network 
Department of Transportation 


(1) Duplicate Positive; (2) Development Program; 
(3) Displaced Person; (4) Delegated Production; 
(5) Directorate of Production; (6) Data Processing; 
(7) Decision Point; (8) Director of Personnel 


Defense Program Analysis Center 
Director, Program Analysis and Evaluation 


(1) Digital Patch and Access System; 
(2) Defense Priorities and Allocations System 


Defense Planning Committee (NATO) 
Digital Processing Facility 
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DPG 
DPI 
DPIC 


DPICM 
DPKO 
DPL 
DPM 
DPOB 
DPOM 
DPOMIS 


DPP 


DPPC 
DPPDB 
DPPG 
DPQ 
DPRB 
DPRK 
DPS 


DPSK 
DR 


DRA 
DRAM 
DRASH 
DRB 
DRC 


DR&E 
DRIC 
DRM 
DRO 
DRP 
DRS 


DRSA 
DRSEM 
DRSN 
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Defense Planning Guidance 
Desired Point of Impact 


(1) Decentralized Pacific Imagery Processing and Interpretation 
Center; (2) Defense Photographic Interpretation Center 


Dual-Purpose Improved Conventional Munitions 
Department of Peacekeeping Operations 
Degausser Products List 

Dissemination Program Manager 

Date, Place of Birth 

Directorate of Plans, Operations, and Mobilization 


Directorate of Plans, Operations, Mobilization, 
Intelligence, and Security 


(1) Delegated Production Program; (2) Deliberate Planning Pro- 
cess; (3) Distributed Production Program 


Deployable Print Production Center 
Digital Point Positioning Database 
Defense Policy and Planning Guidance 
Defense Planning Questionnaire (NATO) 
Defense Planning and Resources Board 
Democratic People's Republic of Korea 


(1) Delegated Production System; (2) Data Processing Set; 
(3) Department of Public Safety 


Digital Pulse Shift Key 


(1) Director; (2) Dissemination Requirement; 
(3) Directorate of Resources; (4) Detection Radar 


Defense Research Assessment 
Dynamic Random Access Memory 
Deployable Rapid Assembly Shelters 
Defense Resources Board 


(1) Defense Review Committee (NATO); (2) Defense Research 
Comment; (3) Data Reduction Center 


Defense Research and Engineering 
Defense Resource Identification Code 
Defense Research Memorandum 
Departmental Requirements Officer 
Disaster Relief Program 


(1) Data Relay Satellite; (2) DoD Imagery Requirements 
Structure; (3) Data Retrieval Subsystem; 
(4) Data Reconstruction System 


Defense Reconnaissance Support Activities 
Deployable Receive Segment Engineering Model 
Defense Red Switch Network 
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DRSP (1) Defense Reconnaissance Support Program; 
(2) Defense Red Switched Program 
DRU Direct Reporting Unit 
DRZ Deep Reconnaissance Zone 
DS (1) Defense Suppression; (2) Direct Support 
DS&T Director of Science and Technology 
DSA (1) Defense Supply Agency; (2) Direct Service Activities 


(SIGINT); (3) Directed Search Area; (4) Division Support Area; 
(5) Defense Security Agency (ROK); (6) Digital Signature 


Algorithm 
D&SA Depth & Simultaneous Attack 
DSAA Defense Security Assistance Agency 
D&SABL Depth & Simultaneous Attack Battle Lab 
DSARC Defense Systems Acquisition Review Council 
DSAT (1) Developmental Submarine Analysis Terminal; 
(2) Defense Satellite 
DSB Defense Science Board 
DSC Defense Satellite Communications 
DSCIS Daily Space Command Intelligence Summary 
DSCS Defense Satellite Communications System 
DSC-SLEP Defense Satellite Communications System Service Life 
Enhancement Program 
DSCSOC Defense Satellite Communications System Operations Center 
DSDIO Director, Strategic Defense Initiative 
DSE (1) Direct Support Element; (2) Division Support Element 
DSEC Directorate of Security 
DSFOB Daily Strategic Forces Order of Battle 
DSG Defense Steering Group 
DSI Defense Simulation Internet 
DSIATP Defense Sensor Imagery Application Training Programs 
DSIIB Direct Support Imagery Interpretation Brief 
DSIMS Deployable SouthCom Intelligence Management System 
DSI/TCCS Defense Simulation Internet/Theater Command and 
Control System 
DSM Data Systems Modernization 
DSN (1) Defense Switched Network; (2) Deep Space Network 
DSNET Defense Integrated Secure Network 
DSNET 1 Defense Integrated Secure Network 1 (SECRET level) 
DSNET 2 Defense Integrated Secure Network 2 (TOP SECRET level) 
DSNET 3 Defense Integrated Secure Network 3 (TS/SCI level) 
DSO Direct Support Operator/Operations 
DSP Defense Support Program 
DSPO Defense Special Projects Office 
DSR (1) Defense Source Register; (2) Data Service Request 
DSRA DODSPECREP-Alameda 
DSRP Defense Space Reconnaissance Program 
DSRV Deep Submergence Rescue Vehicle 
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DSS 


DSSCC 
DSSCS 
DSSCS/DIN 


DSSR 
DSSS 
DST 


DSTE 
DSTF 
DSTP 
DSTS 
DSU 


DSV 
DSVT 


DT 


DTA 
DTC 
DTC-2 
DTD 
DT&E 
DTE 
DTED 
DTG 
DTI 
DTIC 
DTIO 
DTIR 
DTLOMS 
DTLS 
DTM 


DTMF 
DTNSRDC 
DTOC 
DTOCSE 
DTOLM 


DTD 
DTP 
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(1) Decision Support System; 
(2) Devices, Simulators and Simulations 


Defense Special Security Communications Center 
Defense Special Secure Communications System 


Defense Special Security Communications System/Digital Intel- 
ligence Network 


Deep Space Surveillance Radar 
Defense Special Security System 


(1) Daylight Savings Time; (2) Decision Support Template; 
(3) Decision Support Tools; (4) Direct Support Team; (5) Digital 
Support Team 


Digital Subscriber Terminal Equipment 
Decision Support Task Force 

Director, Strategic Target Planning 
Deep Space Tracking System 


(1) Direct Support Unit; (2) Disk Storage Unit; 
(3) Data Service Unit (DCTN) 


Deep Submergence Vehicle 


(1) Digital Subscriber Voice Terminal; 
(2) Digital Secure Voice Terminal 


(1) Developmental Test; 
(2) Directorate for Science and Technology 


Directorate of Threat Analysis 

(1) Digital Tape Cassette; (2) Desktop Computer 
Desktop Computer-2 (Navy) 

Digital Terrain Data 

Developmental Test and Evaluation 

Data Terminal Equipment 

Digital Terrain Elevation Data 

Date-Time Group 

Doppler-Time-Intensity 

Defense Technical Information Center 

Deputy Target Intelligence Officer 

Defense Technical Intelligence Report 

Doctrine, Training, Leadership, Organization, Material, Soldiers 
Descriptive Top-Level Specification 


(1) Data Transfer Module; (2) Digital Transfer Module; 
(3) Digital Target Materials 


Dual-Tone Multi-Frequency 

David W. Taylor Naval Ship Research & Development Center 
Division Tactical Operations Center 

Division Tactical Operations Center Support Element 


Doctrine, Training, Organization, Leader Development and 
Material 


Data Transfer Device 
Drug Testing Program 
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DTS (1) Diplomatic Telecommunications System/Service; 
(2) Data Transmission System; (3) Direct Transmission System; 
(4) Dedicated Transmission Service 


DTSA Defense Technology Security Administration 
DTSG Digital Technology Subworking Group 
DTSS Digital Topographic Support System 
DTU Data Transfer Unit 
DTUC Data Transfer Unit Cartridge 
DUCA Distributed Users Coverage Antennas 
DUG Deep Underground 
DUPLEX Simultaneous Transmit and Receive 
DVO Direct View Optics 
DVM Digital Voice Module 
DVTC Digital Voice Transmit Communications 
D/TWP Director, Tactical Warfare Programs 
DTWS Digital Topographic Work Station 
DU (1) Decision Unit; (2) Depleted Uranium 
DUA Directory User Agent 
DUSD(AT) Deputy Under Secretary of Defense (Advanced Technology) 
DUSD(P) Deputy Under Secretary of Defense (Policy) 
DV Distinguished Visitor 
DVI Digital Video Interactive 
DVITS Digital Video Imagery Transmission System 
DVO Defense Visit Offices 
DWIO Duty Watch Intelligence Officer (Canadian) 
DWIP Defense-Wide Intelligence Plan 
DWS Disaster Warning System 
DWT (1) Deadweight Ton; (2) Division Wing Team 
DZ/LZ Drop Zone/Landing Zone 
DZ/LZ/RZ Drop/Landing/Recovery Zone 
DZS Drop Zone Study 
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E3 


EAC 
EACTPC 
EACIC 
EAD 


EADSIM 
EAM 
EAMA 
EAMAS 
EAP 

EAS 
EASTLANT 
EASTPAC 
EATTG 
EBS 

EC 


ECA 


ECAC 
ECB 
ECC 


ECCM 
ECDB 
ECG 
ECI 
ECM 
ECMA 
ECMC 
ECMO 
ECO 
ECOA 
ECOWAS 
ECP 
ECPL 
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Elipticity 
Evaporites (soil type) 


(1) Emergency Action(s); (2) Electronic Attack; 
(3) Executive Agent 


(1) Exploitation and Analysis; 
(2) Engineering and Administration 


(1) End-to-End Encryption; 
(2) Emergency and Extraordinary Expenses 


(1) Emergency Action Console; (2) Echelons Above Corps 
Echelon-Above-Corps Theater Production Center 
Echelon-Above-Corps Intelligence Center 


(1) Echelon Above Division; (2) Earliest Arrival Date; 
(3) Extended Air Defense 


Extended Air Defense Simulation 

(1) Emergency Action Message; (2) Event Analysis Matrix 
African States Associated with the EEC 

Emergency Action Message Authentication System 

(1) Emergency Action Procedure; (2) Emergency Action Plan 
Emergency Action System 

Eastern Atlantic Command (NATO) 

Eastern Pacific 

Enhanced Automated Tactical Target Graphics 

Emergency Broadcast System 


(1) European Community; (2) Expenditure Center; 
(3) Electronic Combat 


(1) Enemy Capability Assessment; (2) Earth Central Angle; 
(3) Enemy Courses of Action 


Electromagnetic Compatibility Analysis Center 
Echelons Corps and Below 


(1) Eurasian Communist Countries; (2) European Communist 
Countries; (3) European Community Commission 


Electronic Counter-Countermeasures 

EISS Consolidated Database 

Emergency Coordination Group 

External Communications Interface 

(1) Electronic Countermeasures; (2) European Common Market 
European Computer Manufacturer's Association 

Enhanced Crisis Management Capability 

European Collection Management Office 

Electronic Collection Outstations 

Enemy Courses of Action 

Economic Community of West African States 

(1) Emergency Communications Plan; (2) Entry Control Point 
Endorsed Data Encryption Standard Products List 
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ECS (1) Electronic Combat Support; (2) European Communications 
Satellite 
ECSC European Coal and Steel Community 
ECSM (1) Special Assistant for Security Matters; 
(2) Enhanced Capability Stand-Off Munition 
ECSO European Command Special Operations 
ECU Environmental Control Unit (GSM) 
ED (1) European Capability Datum; (2) EUCOM Directive 
EDA Emergency Dissemination Authority(ies) 
E-DAY Start Day of an Exercise 
EDI European Defense Initiative 
EDL Electric Discharge Laser 
EDM Engineering Development Model 
EDMS Electronic Dissemination Management System 
EDN Emergency Data Network 
EDP (1) Electronic Data Processing; (2) ELINT Data Processor 
EDPSELINT Data Processing System 
E-DRB Expanded Defense (Planning &) Resources Board 
EDRE Emergency Deployment Readiness Exercises 
E&E Escape and Evasion 
EEA Essential Elements of Analysis 
EEC (1) European Economic Community; (2) East European 
Countries; (3) Enhanced Explosives Charge 
EECT End of Evening Civil Twilight 
EEFI Essential Elements of Friendly Information 
EEI Essential Elements of Information 
EELS Early Entry Lethality and Survivability 
EELV Evolved Expendable Launch Vehicle 
EENT End Evening Nautical Twilight 
EEO Equal Employment Opportunity 
EEOB Enemy Electronic Order of Battle 
EEOC Equal Employment Opportunity Commission 
EES Emergency Evacuation Study 
EFCS Electronic Filmless Camera System 
EFD Electronic Fill Device 
EFS (1) Electronic Filing System; (2) Proper Name of System 
EFTA European Free Trade Association 
EFTO Encrypted for Transmission Only 
EFVS Electronic Fighting Vehicle System 
EGA Enhanced Graphics Adapter 
EGADS Electronic Generation, Accounting, and Distribution System 
EGIS East German Intelligence Service 
EHF Extremely High Frequency 
EI Effectiveness Index 
EIA Electronics Industry Association 
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EIB 
EIC 
EIDB 
EIDS 
EIF 
EIG 
EIP 
EIRP 
EIS 
EISI 


EISS 
EITO 


EKMS 
ELDO 


ELECTRO-OPINT 
ELECTRO-OPTINT 
ELEV 

ELF 

ELI 

Elm 

ELMT 

ELINT 

ELISA 

ELNET 

ELNOT 

ELOS 

ELS 

ELSEC 

ELSET 

ELT 

ELT 3000 

ELV 
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(1) European Investment Bank; (2) External Intelligence Bureau 
Economic Intelligence Committee 

EISS Integrated Database 

Electronic Information Delivery System 

(1) ECMC Interface Facility; (2) Enhanced Interface Facility 
Explosive Incendiary Grenade 

ELINT Improvement Program 

Effective Isotropic Radiated Power 

Enhanced Imagery System 


(1) Electrical Interface-SWPS/IDHS 2000; 
(2) Electrical IDHS-90/SWPS Interface 


EUCOM Intelligence Support System 


EUCOM Intelligence Training Office EKIP Enhanced Korean 
Information Package 


Electronic Key Management System 


(1) European Space Vehicle Launcher Development 
Organization; (2) European Launcher Development 
Organization 


Electro-Optical Intelligence Element 
Electro-Optical Intelligence 

Elevation 

Extremely Low Frequency 

Emitter Location & Identification 

Element 

Element 

Electronic Intelligence 

Electronic Intelligence Search & Analysis 
European Liaison Network 

ELINT Notation 

Extended Line of Sight 

Emitter Location System 

Electronic Security 

(1) Element Set; (2) Proper Name of System 
(1) Emergency Locator Transmitter; (2) Electronic Light Table 
Electronic Light Table for UNIX-based system 
Expendable Launch Vehicle 


(1) Electromagnetic; (2) Enlisted Member; 
(3) Environmental Monitoring 


Electronic Mail 

European Monetary Agreement 

Electromagnetic Analysis Program 

Emergency Message Automatic Transmission System 
Electromagnetic Compatibility 

ELINT Mission Control System 

Emission Control 

Electromagnetic Compatibility Program 
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Engineering and Manufacturing Development 
Engineering and Manufacturing Development 
Equivalent Megatonnage 

EUCOM Message Handling System 
Electromagnetic Interference 

Experiment for Management Information Data Systems 
Emissions Intelligence 

Enhanced MIPE 

Early Mission Identification System 
Emergency Message Initiation Terminal 
Electromagnetic Pulse 

Electromagnetic Reconnaissance 
Emanations/Emissions Security 


(1) Emergency Management Team; (2) Equivalent Megatonnage 


Eastern Missile Test Range 

Enhanced Manpack UHF Terminal 
Enemy 

End Date of an Exercise 

Ethernet 

Engineer 

Enlisted 

Expanded National Military Command Center 
Enemy Situation and Correlation Division 
Enemy Situation Correlation Element 
Enemy Situation 

Entrance National Agency Check 


(1) Electro-Optical; (2) Executive Order; (3) Escape Orbit; 
(4) End Office 


Early Operational Assessment 


(1) Electronic Order of Battle; (2) Executive Office Building; 
(3) Enemy Order of Battle 


Electronic Order of Battle Server 

Emergency Operations Center 

(1) Explosive Ordnance Disposal; (2) Erasable Optical Disks 
Electro-Optical Intelligence 

Emergency Operating Procedures 
Electro-Optical Intelligence 

ELINT Ocean Reconnaissance Satellite 

Earth Observation Satellite 

Earth Observation Satellite 

Electro-Optic Sensor System 

Electro-Optical Tactical Decision Aids 
Electro-Optic Warfare 

(1) ELINT Processor; (2) Electronic Protection 
U.S. Navy Reconnaissance Aircraft 
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EPA 


EPAC 
EPAMS 
EPAT 
EPDS 


EPF 
EPIC 
EPIRB 
EPL 
EPLRS 
EPMO 
EPR 
EPROM 
EPS 


EPW 
EPWG 
EPUU 
EQV 
ER 


ERA 
ERADCOM 
ERAST 
ERBM 
ERCS 
ERADCOM 
ERDAS 
ERF 
ERIN 
ERINT 
ERIR 
ERIS 
EROS 
ERP 
ERPHO 
ERRS 
ERS 
ERSSO 
ERT 
ERTM 
ERTS 
ERTZ 
ERW 
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(1) Environmental Protection Agency; 
(2) Evasion Plan of Action 


Eastern Pacific 
Exercise Planning and Message System 
Earliest Possible Arrival Time 


(1) Electronic Processing and Dissemination System; 
(2) ELINT Processing and Dissemination System 


Exploitation Products File 

El Paso Intelligence Center 

Emergency Position-Indicating Radio Beacon 

(1) ELINT Parameters List; (2) Evaluated Products List 
Enhanced Position Location and Reporting System 

European Production Management Office 

(1) Extended Planning Annex; (2) Enlisted Performance Report 
Erasable Programmable Read-Only Memory 


(1) ELINT Processing System; (2) Electronic Publication Sys- 
tem; (3) Exploitation Problem Set; (4) Encapsulated Postscript 


(1) Earth Penetrator Weapon; (2) Enemy Prisoner of War 
Exploitation Plans Working Group 

Enhanced PLRS User Units 

Equivalent 


(1) Enhanced Radiation; (2) Electronic Reconnaissance; 
(3) Eastern Region; (4) EAGLE REACH 


(1) Extended Range Ammunition; (2) Equal Rights Amendment 
Electronic Research and Development Command 
Environmental Research Aircraft and Sensor Technology 
Extended Range Ballistic Missile 

Emergency Rocket Communications System 

Electronic Research and Development Command 

Earth Resources Data Analysis System 

Early Reinforcing Force 

Electronic Radio Intercept Network (USCS) 

Extended Range Intercept Missile 

Electronic Reconnaissance Intercept Report 
Exo-atmospheric Reentry Vehicle Interception System 
Earth Resources Observational System 

Effective Radiated Power 

Earth Resources Photographic Satellite 

Emergency Regional Reporting System 

(1) Emergency Relocation Site; (2) Earth Resources Satellite 
Emergency Reaction Special Security Officer 

Executive Reference Time 

Electronic Intelligence Request Tasking Message 

Earth Resources Technology Satellite 

Equipment Radiation TEMPEST Zone 

Enhanced Radiation Weapon 
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ES 


ESA 
ESAA 
ESAC 
ESAF 
ESAMS 
ESAR 
ESC 
ESD 


ESF 


ESG 
ESI 
ESIAC 
ESJ 
ESM 


ESMC 
ESMT 
ESP 
ESR 
ESRO 
ESS 


ESSA 


ESSM 
Est 
ESV 
ESW 
ET 


ETA 
ETAC 
ETAP 
ETAWG 
ETC 
ETD 
ETDS 
ETF 
ETHICS 


ETI 
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(1) Emplacement Site; (2) Exploitation Support; 
(3) Electronic Warfare Support; (4) Expert System; 
(5) Electronic Support 


(1) European Space Agency; (2) Electronically Steered Antenna 
European Special Activities Area (U.S. Air Force) 

El Salvador Analysis Cell 

European Special Activities Facility 

Enhanced Surface-to-Air Missile Simulation 

Enhanced Synthetic Aperture Radar 

Electronic Security Command (U.S. Air Force) 


(1) Electronic Systems Division; (2) Ephemeris Support Data; 
(3) Exploitation Support Section (JSIPS) 


(1) Environmental Scale Factor; 
(2) Extended Superframe Formatted 


(1) Electronic Security Group; (2) Exploitation Steering Group 
Extremely Sensitive Information 

Electronic Satellite Image Analysis Center 

Escort Jamming 


(1) Electronic Warfare Support Measures: (2) Electronic Support 
Measures; (3) Electronic Security Measures 


Eastern Space and Missile Center 
External Supply Management Tools 
Emergency Special Measures 

ELINT Summary Report 

European Space Research Organization 


(1) Electronic Security Squadron; (2) ELINT Support System; 
(3) Exploitation Support Segment; (4) Exercise Support Sub- 
system; (5) Electronic Switching System; 

(6) Exploitation Support Section (JSIPS) 


(1) Expert System for Situation Assessment; 
(2) Environmental Satellite Service Administration 


Electronic Shop, Shelter-Mounted 
Estimated 

Earth Satellite Vehicle 

Electronic Security Wing 


(1) Enhanced Terminal; (2) Earth Terminal; 
(3) Embedded Training 


(1) Estimated Time of Arrival; (2) Equivalent Target Area 
Enlisted Terminal Attack Controllers 

Education Training Awareness Program 

ELINT Technical Analysis Working Group 

(1) Estimated Time of Completion; (2) Et Cetera 

(1) Estimated Time of Departure; (2) Effective Transfer Date 
Elapsed Time Distribution System 

Enhanced Tactical Fighter 


European Theater High Capacity Intelligence Communications 
System 


Estimated Time of Impact 
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ETIBS 
ETII 
ETIWCS 


ETL 
ETO 
ETP 
ETPL 
ETR 
ETRAC 
ETRO 
ETS 


ETSC 
ETSS 
ETTP 
ETUT 
EU 
EUCI 
EUCOM 
EUCOM/JIC 


EUDAC 
EUF 

EUL 
EUMETSAT 
EURATOM 
EUSA 
EUSC 
EUTE 
EUTELSAT 
EUV 
EUVE 

EV 

EVA 

EVC 

EVO 

EVR 

EVS 

EW 
EW/GCI 
EWAC 
EWAS 
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Enhanced Tactical Information Broadcast Service 
External-to-Internal Interface 


European Theater Intelligence Warning and Communications 


System 


(1) Endorsed Tools List; (2) Engineer Topographic Laboratories 


(1) European Theater of Operations; (2) Earth-To-Orbit 


(1) Extended Tether Program; (2) Enhanced Thermal Protection 


Endorsed TEMPEST Products List 

(1) Estimated Time of Return; (2) Eastern Test Range 
Enhanced Tactical Radar Correlator 

Estimated Time Return to Operation 


(1) European Telephone System; (2) Estimated Time of Separa- 
tion; (3) Expiration of Term of Service; (4) Earth Technology 


Satellite; (5) Engineer Test Satellite 

Electronic and Telecommunications Subcommittee 
Electronic Telecommunications Switching System 
EUCOM Tactics, Techniques and Procedures 
Enhanced Tactical User Terminal 

Expenditure Unit 

Endorsed for Unclassified Cryptographic Information 
U.S. European Command 


(1) U.S. European Command/Joint Intelligence Command; 
(2) EUCOM Joint Intelligence Center 


European Defense Analysis Center 
ECME User Facility 

Economically Useful Life 

European Meteorological Satellite (Organization) 
European Atomic Energy Community 
Eighth U.S. Army (Korea) 

Effective United States Controlled 

Early User Test & Evaluation 

European Telecommunications Satellite (Organization) 
Extreme Ultraviolet 

Extreme Ultraviolet Explorer 
Enforcement Vector 

Extra- Vehicular Activity 

DoD Evasion Chart 

Event Verification Officer 

Enemy Vulnerability Report 

Electronic Visual Communications 

(1) Electronic Warfare; (2) Early Warning 
Early Warning/Ground Control Intercept 
Electronic Warfare Anechoic Chamber 
Electronic Workorder Accounting System 
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EWC 


EWCC 
EWCM 
EWCS 
EWIR 
EWIRS 
EWMIS 
EWMS 
EWO 
EWOPFAC 
EWR 


EWRL 
EWS 
EWSE 
EWSM 
EWSO 
EXCRIT 
EXDEF 
EXCAP 
EXCOM 
ExDir/ICA 
EXDIS 
EXEC 
EXERTAS 
EXFIL 
EXO 
EXOPLAN 
EXPER 
EXPL 
EXPLAN 
ExPReS 
EXRAND 
EXSCEN 
EXSUBCOM 
EXSUM 
EXTAC 
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(1) Electronic Warfare Center; 
(2) Electronic Warfare Coordinator 


Electronic Warfare Coordination Center 

Electronic Warfare Coordination Module 

Electronic Warfare Control System 

Electronic Warfare Integrated Reprogramming 
Electronic Warfare Integrated Reprogramming System 
Electronic Warfare Management Information System 
EW Mission Summary 

(1) Electronic Warfare Officer; (2) Emergency War Order 
Electronic Warfare Operating Facility 


(1) Early Warning Radar; 
(2) Electronic Warfare Reprogramming 


Electronic Warfare Reprogrammable Library 
Electronic Warfare Support 

EW Support Element 

Electronic Warfare Support Measures 

EW Staff Officer 

Exercise Critique System 

Exercise Deficiency Program 

Exercise Capability (simulator) 

Community Executive Committee 

Executive Director for Intelligence Community Affairs 
Exclusive Distribution (Pneumatic Tube Message Precedence) 
Executive 

Exercise Timeline Analysis System 

Exfiltration 

Exoatmosheric 

Exercise Operations Plan 

Experience 

Exploitation 

Exercise Plan 

Expoitation Process Reengineering Study 
Exploitation Research and Development (COMIREX) 
Exercise Scenario System 

Exploitation Subcommittee (COMIREX) 

Executive Summary 


Experimental Tactics 
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F 
FA 


FAA 


FAAD C3I 


FAADS 
FAAR 
FAARP 
FAAS 
FAC 
FACP 
FACSFAC 
FAD 


FADOC 
FADS 
FAE 
FAF 
FAFIC 
FAI 
FAIO 
FAISA 
FAISS 
FALD 
FAM 
FAME 
FAMP 
FAMS 


FAMSIM 
FANS 
FANT 
FAO 


FAPC 
FARP 
FARRFAA 
FARRP 
FAS 


FAST 


FAST-I 
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(1) Fahrenheit; (2) Frequency 


(1) Frontal Aviation (FSU); (2) Field Artillery; (3) Forward Area; 
(4) Functional Architecture; (5) Frequency Agile; (6) Full 
Accounting; (7) Feasibility Assessment 


(1) Federal Aviation Agency; (2) Federal Aviation Administra- 
tion; (3) Foreign Assistance Act 


Forward Area Air Defense Command, Control, 
Communications and Intelligence 


Forward Area Air Defense System 

Forward Area Alerting Radar 

Forward Area Armament and Refuel Point 

Foreign Affairs Administrative Support 

(1) Forward Air Control (Controller); (2) Facilities 

(1) Forward Air Control Post; (2) Forward Air Control Party 
Fleet Air Control and Surveillance Facility 


(1) Fleet Air Defense; (2) Force Activity Designator; 
(3) Field Arbitrary Designators 


Future Air Defense Operation Concept 

Foreign Area Data System 

Fuel Air Explosive 

Fast Access Format 

Federal Armed Forces Intelligence Center (FRG) 
Fuel Air Incendiary Concussion Bomb 

Field Artillery Intelligence Officer 

FORSCOM Automated Intelligence Support Activity 
FORSCOM Automated Intelligence Support System 
Field Administration and Logistics Division 
Functional Area Model 

FORSCOM Automated Modernization Effort 
Foreign Army Materiel Production 


Fleet Ocean Surveillance Information Center Analytical Mari- 
time Summary 


Family of Simulation 
Friendly Allied Nation Support Network 
French Atmospheric Nuclear Test 


(1) Foreign Area Officer; (2) Forward Area of Operations; 
(3) Food and Agricultural Organization (UN) 


Food and Agriculture Planning Committee (NATO) 
Forward Area Refuel Point 

Air Replacement Radar 

Forward Area Rearming and Refueling Point 


(1) (U.S.) Foreign Agriculture Service; 
(2) Frequency Assignment Subcommittee 


(1) Fleet Antiterrorist Support Teams; (2) Forward Area Support 
Team; (3) Forward Area Support Terminal 


Forward Area SID and TRAP-Improved 
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FAST/D Improved FAST/I 

FASTC Foreign Aerospace Science and Technology Center (archaic, 
now NAIC) 

FASTFAX Tactical Digital Facsimile 

FASTL Future Analytic Strategic Target List 

FAV (1) Field Assistance Visit; (2) Fast Attack Vehicle 

FAX Facsimile 

FB Fighter Bomber 

FBA Fighter Bomber Attack 

FBH Force Beachhead 

FBI Federal Bureau of Investigation 

FBIS Foreign Broadcast Information Service 

FBM Fleet Ballistic Missile 

FBR Fast Breeder Reactor 

FBS (1) Forward-Based Systems; (2) Federal Border Service 

FC (1) Fire Control; (2) Fractional Coverage 

FCA Foreign Counterintelligence Activity 

FCB Functional Control Board 

FCC (1) Fleet Command Center; (2) Federal Communications 
Commission; (3) Fighter Control Center; (4) Fire Coordination 
Center 

FCE Forward Control Element 

FCFS First Come, First Served 

FCG Foreign Clearance Guide (military) 

FCG2 FORSCOM G2 

FCI Foreign Counterintelligence 

FCIAD FORSCOM Component Intelligence Architecture Document 

FCIP Foreign Counterintelligence Program 

FCISD FORSCOM Component Intelligence Strategy Document 

FCITP Foreign Counterintelligence and International Terrorism 
Program (FBI) 

FCITTP FORSCOM Component Intelligence Tactics, Techniques and 
Procedures 

FCLP FORSCOM Command Language Program 

FCO Facility Control Office 

FCRC Federal Contract Research Center 

FCS (1) Fire Control System; (2) Flight Control System; 
(3) (U.S.) Foreign Commercial Service 

FCSE Forward Control Support Element 

FCT Foreign Comparative Test 

FCZ Forward Combat Zone 

FD Functional Design 

F/d Ratio of focal-length to diameter (of reflector type antennas) 

FDB Fleet Database 

FDBM Functional Data Base Manager 

FDBPS Fleet Data Base Production System 
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FDC 
FDDAC 
FDDI 
FDDS 
FDIU 
FDM 
FDMA 
FDO 
FDOA 
FDR 
FDT&E 
FDU 
FDW 
FDX 
FEA 
FEAF 
FEBA 
Fed 
FEDS 
FEDSIM 


FEL 
FEMA 
FEMD 
FEMP 
FEP 
FERS 
FET 
FETVD 
FEWS 
FEWSG 
FF 

FFA 
FFAR 
FFED 
FFG 
FFGH 
FFGN 
FFH 
FFHGN 
FFHN 
FFL 
FFLG 
FFM 
FEN 
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Fire Direction Center 

Foreign Denial and Deception Analysis Committee 
Fiber Distributed Data Interface 

Flag Data Display System 

Fill Device Interface Unit 

Frequency Division Multiplexing 
Frequency Division Multiple Access 
Foreign Disclosure Officer 

Frequency Difference of Arrival 

Foreign Disclosure Representative 

Force Development Test & Experimentation 
Force Design Update 

Forward Deployed Workstation 

Full Duplex 

Front End Analysis 

Far Eastern Air Forces 

Forward Edge of the Battle Area 

Federal Reserve System 

Front End Distribution System 


Federal Computer Performance Evaluation and Simulation 
Center 


Free Electron Laser 

Federal Emergency Management Agency 
Far East Military District 

Front End Message Processors 

(1) Front End Processor; (2) FLTSATCOM EHF Package 
Federal Employees Retirement System 
Field Effect Transistor 

Far East Theater of Military Operations 
Future Early Warning System 

Fleet Electronic Warfare Support Group 
Frigate 

Free-Fire Area 

Folding-Fin Aerial Rocket 
FIREFINDER Elevation Data 
Guided-Missile Frigate 

Guided-Missile Aviation Frigate 
Nuclear-Powered Guided-Missile Frigate 
Aviation Frigate 

Nuclear-Powered Guided-Missile Aviation Frigate 
Nuclear-Powered Aviation Frigate 
Corvette 

Guided-Missile Corvette 

Full Face Mask 

Fleet Flash Net 
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FFR 
FFS 

FFT 
FGHQ 
FGN 

FH 
FH/DS 

FI 

FI&SS 
FIA 

FIC 
FICEURLANT 
FICM 
FICPAC 
FID 

FIDB 

FIE 

FIG 

FIIC 

FIIU 

FIM 

FIN 
FINPLAN 
FIO 

FIP 

FIPC 
FIPS 


FIR 

FIRCAP 

FIRE 

FIRF 

FIRMS 

FIROPS 

FIRST 
FIRSTEURLANT 
FIRSTPAC 

FIS 


FISA 
FISAP 
FISINT 


FISS 
FIST 
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Radar Picket Frigate 

(1) Fixed Field Site; (2) Formatted File System 

Training Frigate 

Fighter Group Headquarters (Canada) 

Foreign 

Frequency Hopping 

Frequency Hopping/Direct Sequence 

(1) Finished Intelligence; (2) Foreign Intelligence 

Foreign Intelligence and Security Service(s) 

Foreign Intelligence Agency 

(1) Fleet Intelligence Center; (2) FORSCOM Intelligence Center 
Fleet Intelligence Center, Europe and Atlantic 

Fleet Intelligence Collection Manual 

Fleet Intelligence Center, Pacific 

(1) Foreign Internal Defense; (2) Force Integration Division 
Fundamental Intelligence Database 

Foreign Intelligence Element 

Figure 

Force Imagery Interpretation Center 

Force Imagery Interpretation Unit 

Force Integration Master Planner 

(1) Fixed-Site Intelligence Network; (2) Financial 
Financial Plan 

Foreign Intelligence Officer 

(1) Force Improvement Plan; (2) Federal Information Processing 
Foreign Intelligence Priorities Committee 


(1) Federal Information Processing Standard; 
(2) Fleet Intelligence Production System 


Field Investigative Region 

Foreign Intelligence Requirement Capabilities and Priorities 
Fused Intelligence Report in Europe 

Future Information Requirements Forecast 

Foreign Intelligence Relations Management System 
Freedom of Air Operations 

Fleet Intelligence Reserve Support Team 

Fleet Intelligence Reserve Support Team, Atlantic 

Fleet Intelligence Reserve Support Team, Pacific 


(1) Foreign Instrumentation Signals; 
(2) Foreign Intelligence Service 


Foreign Intelligence Surveillance Act 
FMFPac Intelligence Sub-Architecture Plan 


(1) Foreign Instrumentation and Signature Intelligence; 
(2) Foreign Instrumentation Signals Intelligence 


Foreign Intelligence and Security Services 
(1) Fleet Imagery Support Terminal; (2) Fire Support Team 


80 


FIST-T 
FITCPAC 

FITD 
FITWING 

FLA 

FLAGE 

FLC 
FLEETSATCOM 
FLENUMOCEANCEN 
FLEX 

FLI 

FLIR 

FLO 

FLOT 

FLR 

FLRA 

FLSG 

FLT 

FLTBCST 
FLTCINC 
FLTSAT 
FLTSATCOM 
FLTSEVOCOM 
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Transportable FIST 

Fleet Intelligence Training Center, Pacific 
FORSCOM Intelligence Training Detachment 
Fighter Wing 

Foreign Launch Assessment 

Flexible Lightweight Agile Guided Experiment 
Foreign Language Committee 

Fleet Satellite Communications 

Fleet Numerical Oceanography Center (U.S. Navy) 
Force-Level Execution System 

Force-Level Information 

Forward-Looking Infrared (Radar) 

Foreign Liaison Office 

Forward Line of Troops 

Forward-Looking Radar 

Federal Labor Relations Authority 

Force Logistics Support Group 

Fleet; Flight 

Fleet Broadcast 

Fleet Commander in Chief 

Fleet Satellite 

Fleet Satellite Communications System 

Fleet Secure Voice 


(1) Frequency Modulation; (2) Foreign Materiel; (3) File Main- 
tenance; (4) Factory Marking(s); (5) Functional Manager; 
(6) Field Manual; (7) From; (8) Comptroller 


(1) Foreign Materiel Acquisition; (2) Foreign Media Analysis 
Foreign Materiel Acquisition Operation 

Foreign Materiel Acquisition Requirement 

Foreign Media Analysis Subsystem 

(1) Field Maintenance Center; (2) Force Mobile Command 
Foreign Materiel Exploitation 

Foreign Materiel Exploitation Catalogue 


Foreign Materiel Exploitation Program 
Fleet Marine Force(s) 

Fleet Marine Force, Atlantic 

Fleet Marine Field Manual 

Fleet Marine Force, Pacific 

Foreign Materiel Intelligence Board 
Foreign Materiel Intelligence Group 

Force Management Information System 
French Military Liaison Mission 

Fleet Mobile Operations Command Center 
Foreign Materiel Program 

Foreign Military Personnel Contact Program 
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FOAMP 
FOAP 
FOB 
FOBS 
FOC 


FOCI 
FOCUS 


FOD 
FOFA 
FofF 

FOG 
FOGM 
FOI 

FOIA 

FOL 
FOLAN 
FOLPEN 
FOM 
FOMA 
FOMCAT 
FOMP 
FONS 

FOP 
FORDTIS 
FORECON 
FORGE 
FORMAT 
FORMDEPS 
FORMICA 
FORMMS 
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Foreign Military Program Review Board 
Foreign Materiel Requirements List 
Defense Intelligence Functional Managers 
Foreign Military Sales 

Foreign Military Sales Financing 

Family of Medium Tactical Vehicles 


Foreign National 

Fleet Numerical Oceanographic Center 

First Name Unknown 

Forward Observer 

Fiber-Optics 

(1) Field Operating Agency; (2) Forward Operating Area 
Foreign Aerospace Materiel Production 

Foreign Aircraft Production 

(1) Forward Operating Base; (2) Foreign Order of Battle 
Fractional Orbital Bombardment System 


(1) Final Operational Capabilities; (2) Full Operational Capabil- 
ity; (3) FORSCOM Operations Center; (4) Full Operating 
Capacity 


Foreign Owned, Controlled or Influenced 


(1) Interagency Review of Defense Attache Offices; 
(2) FORSCOM Objective Communications System 


Foreign Object Damage 

Follow-on Forces Attack 

Field of Fire 

Fiber-Optics Guided 

Fiber-Optic Guided Missile 

Freedom of Information 

Freedom of Information Act 

(1) Forward Operating Location; (2) Family of Loudspeakers 
Fiber-Optic Local Area Network 
Foliage-Penetrating 

Figure of Merit 

Foreign Military Assistance 

Foreign Materiel Catalogue 

Foreign Missile Production 

Fleet Operational Needs Statement for Intelligence 
Forward Observation Post 

Foreign Disclosure Technical Information System 
Force Reconnaissance 

Force Generation 

Foreign Materiel 

FORSCOM Mobilization and Deployment Planning System 
Foreign Military Intelligence Collection Activity 
Foreign Materiel Management System 
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FORSCOM 
FORSTAT 
FORT 
FORTRAN 
FOSCAS 
FOSD 
FOSIC 
FOSIC-E 
FOSICLANT 
FOSICPAC 
FOSIF 
FOSIF Rota 
FOSIF/WESTPAC 
FOTARS 
FOT&E 
FOTELSYS 
FOTRS 
FOUO 

FOV 

FP 

FPA 


FPB 
FPE 
FPF 
FPI 


FPIR 
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U.S. Forces Command 

Force Status and Identity Report 

Force Trends Data Base 

Formula Translator 

Foreign Ship Construction and Shipyards 

Family of Sabotage Devices 

Fleet Ocean Surveillance Information Center 

Fleet Ocean Surveillance Information Center, Europe 
Fleet Ocean Surveillance Intelligence Center, Atlantic 
Fleet Ocean Surveillance Information Center, Pacific 

Fleet Ocean Surveillance Information Facility 

Fleet Ocean Surveillance Information Facility, Rota 


Fleet Ocean Surveillance Information Facility, Western Pacific 


Follow-On Tactical Reconnaissance System 
Follow-On Test and Evaluation 

Foreign Telecommunications Systems 

Follow-On Tactical Reconnaissance System 

For Official Use Only 

Field of View 

(1) Fire Position; (2) Field Post; (3) Force Package 


(1) Federal Preparedness Agency; (2) Focal Plane Array; 
(3) Force Projection Army 


Fast Patrol Boat 
Force Planning Estimate 
Final Protection Fire 


(1) Foreign Positive Intelligence; 
(2) Federal Process Improvement 


Force Protection Information Report 

Fire Protective Line 

Field Post Number 

Fleet Post Office 

Feet Per Second 

Force Projection Tactical Operations Center 
Floating Point Unit 

Flying Qualities and Performance 
Fragmentary Order 

Fragmentary Order 


(1) Federal Research Division (Library of Congress); 
(2) Formerly Restricted Data; 
(3) Functional Requirements Document 


Frequency 

Federal Republic of Germany 

Fast Rope Insertion Extraction System 
Finished Recurring Intelligence File 
Free Rocket Over Ground 

First Republic of Korea Army 
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FROSS 
FRPG 
FRR 
FRS 


FRY 
FRYM 
FS 
F3S 
FSAIS 
FSB 


FSBS 
FSCC 
FSCL 
FSCOORD 
FSD 
FSE 
FSHB 
FSI 
FSIC 
FSK 
FSM 
FSO 
FSOC 
FSOF 
FSP 
FSRS 
FSS 


FSSG 
FSST 
FST 
FSTC 
FSTS 
FSU 
FSV 
FSVS 
FSWDS 
FT 
FT-1 
FTA 
FTAM 
FTC 


FTD 
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Foreign Reliance on Space Systems 
Facility Reference Point Graphic 
Frequency Resource Records 


(1) Fleet Readiness Squadron; (2) Federal Research Service; 
(3) Forward Recording Site 


Former Republic of Yugoslavia 

Former Republic of Yugoslavia-Macedonia 

(1) File Server; (2) Fire Support 

Field Station Support System 

FICEURLANT SCI Analyst Information System 


(1) Fleet Satellite Broadcast (of FLTSATCOM); 
(2) Forward Staging Base; (3) Fire Support Base 


Fleet Submarine Broadcast System 

Fire Support Coordination Center 

Fire Support Coordination Line 

Fire Support Coordinator 

(1) Field Support Division; (2) Forward Support Detachment 
Fire Support Element 

Fallout Safe Height of Burst 

Foreign Service Institute 

Forward Sensor Interface and Control 

(1) Field Station, Korea; (2) Frequency Shift Keying 
Federated States of Micronesia 

(1) Foreign Service Officer; (2) Fire Support Officer 
Fairchild Satellite Operations Center 

Forward Special Operations Facility 

Fire Support Plan 

Functional Security Requirements Specification 


(1) Fast Sealift Ship; (2) FAISS SID System; 
(3) Fixed Satellite Services 


Force Service Support Group (USMC) 

Forward Space Support in Theater 

(1) Future Strategic Targets; (2) Future Soviet Tank 
Foreign Science and Technology Center (archaic; now NGIC) 
Federal Security Telephone Service 

Former Soviet Union 

Fire Support Vehicle 

Future Secure Voice System 

Fixed-Site Warning & Detection System 

(1) Fort; (2) Foot 

Fractional T-1 

(1) Field Training Area; (2) Functions, Tasks, and Activities 
File Transfer Access Management 


(1) Fast Time Constant (ECCM); 
(2) Federal Trade Commission 


Foreign Technology Division (USAF) 
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Foreign Technology Data Base 
Fixed Target Indicator 
Future Target List 


(1) Future Target List-Strategic; 
(2) Formal Top-Level Specification 


Full-Time Manning 

File Transfer Protocol 

FORSCOM Topographic Production System (Facility) 
Fighter 


(1) Fleet Telecommunications System; (2) Federal 
Telecommunications System; (3) Federal Telephone 
System; (4) Flight Training Squadron 


Federal Telephone System 2000 

Fleet Technical Support Center 

Forecast Tactical Unit 

Field Training Exercise 

Forecast Unit 

Full Unit Designator 

First Unit Equipped 

French Underground Nuclear Test 

Fleet Undersea Surveillance System 
Forward Unconventional Warfare Operations Base 
Fighting Vehicle 

Foreign Visits System 

(1) Fighter Wing; (2) Fixed-Wing 
Free-World Air Intelligence Study 
Free-World Air Order of Battle 

Forward 

Foreign Weapons Evaluation 

Fighter Weapon School Intelligence Course 
Fallout Wind Vector Plot 

Fiscal Year 


(1) Fiscal Year Defense Program/Plan; (2) Five-Year Defense 
Program; (3) Future Years Defense Program 


For Your Information 

Five-Year Intelligence Plan 

Five-Year Master Objectives Plan 
Five-Year Plan (FSU) 

Federal Yugoslav Republic of Macedonia 
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G Gain 
Gl Assistant Chief of Staff, G1 (Personnel) 
G2 or G-2 (1) Assistant Chief of Staff, G2 (Intelligence); 


(2) Army or Ground Directorate of Intelligence; 
(3) General Corps Staff Intelligence Officer 


G3 Assistant Chief of Staff, G3 (Operations and Plans) 

G4 Assistant Chief of Staff, G4 (Logistics) 

G5 Assistant Chief of Staff, G5 (Civil Affairs) 

G6 Director(ate) of C4 

G8 Director(ate) of Resource Management 

GA Ground Attack 

GaAs Gallium Arsenide 

GACC Ground Attack Coordination Center 

GAD Guards Artillery Division 

GADT Ground/Air Defense Threat 

GAF Ground Alert Facility (of PAC ABNCP) 

GAFIA German Armed Forces Intelligence Agency 

GALE Generic Area Limitation Environment 

GALS FSU Satellite (“Horizon”) 

GAMO Ground and Amphibious Military Operations 

GAO General Accounting Office 

GAS (1) Gray Area Systems; (2) Getaway Special 

GAT (1) Government Acceptance Test; (2) Guidance, 
Apportionment, and Targeting 

GATT General Agreement on Tariffs and Trade (UN) 

GB (1) Gigabyte; (2) Guardband 

GBCS(-L or -H) Ground-Based Common Sensor (-Light or -Heavy) 

GBI Ground-Based Interceptor 

GBL Ground-Based Laser 

GBMD Global Ballistic Missile Defense 

GBR Ground-Based Radar 

GBS Global Broadcast System 

GBU Guided Bomb Unit 

GC Gun Camera 

GCA Ground Controlled Approach 

GCC (1) Government Control Center; 


(2) Ground Component Commander; (3) Gulf Cooperation 
Council; (4) Global Control Center 


GCCS (1) Ground Command and Control System; 
(2) Global Command and Control System 

GCDCAL Great Circle Distance Calculator 

GCE Ground Combat Element 

GCI Ground-Controlled Intercept 

GCN Ground Communications Network 

GCNTTY Ground Communications Network Teletype 
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GCP 
GCP-E 
GCS 


GCSS 
GDA 
GDBI 
GDBMS 
GDIC 
GDIP 
GDIPP 
GDL 
GDOP 
GDP 


GDPS 
GDRS 
GDS 


GDSS 
GDT 
Gen 
GEM 
GEN 
GENIC 
GENREP 
GENSER 
GEO 
GEODIS 
GEODSS 
GEOFILE 


GEOREF 


GEOSAT 
GEP 
GEPS 
GES 
GFAC 
GFCP 
GFE 
GFTD 
GFR 
GGI&S 
GHz 
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Ground-Controlled Processor 
Ground-Controlled Processor-ELINT 


(1) Graphics Compatibility System; (2) Ground Control Station; 
(3) Global Connectivity Services; (4) Global Communications 
System 


Global Combat Support System 

Gimbaled Dish Antenna 

Generic Data Base Interface 

Generic Data Base Management Server 

General Defense Intelligence Community 
General Defense Intelligence Program 

General Defense Intelligence Proposed Program 
Gas Dynamic Laser 

Geometric Dilution of Precision 


(1) General Defense Plan; (2) Gross Defense Product; 
(3) Ground Defense Position; (4) Gross Domestic Product 


Ground Data Processing System 
Ground Data Reduction System 


(1) General Declassification Schedule; (2) FSU Guards; 
(3) Group Decision Support 


Global Decision Support System 

Ground Data Terminal 

General 

Ground Effects Machine 

(1) Generation; (2) General 

German National Intelligence Cell (NATO) 
General Reports 

General Service (Communications) 
Geosynchronous Earth Orbit 

Geographic Display 

Ground-Based Electro-Optical Deep-Space Surveillance System 


(1) Geographic Locations Code File System; 
(2) Geolocation File (JOPES) 


Global Reference System, a worldwide position reference sys- 
tem that may be applied to any map or chart graduated in latitude 
and longitude regardless of projection. 


Geological Satellite 

Ground Entry Point 

Generic Electronic Publishing System 
Ground Entry Station 

Ground Forward Air Controller 

Generic Front-End Communications Package 
Government Furnished Equipment 

Global Force Trends Data Base 

Gap Filler Radar 

Global Geospatial and Information Services 
Gigahertz 
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GIGSTER NSA Video Teleconferencing System 
GIIPS Geographic Installation Intelligence Production Specifications 
GIITS General Intelligence Imagery Training System 
GIN Greenland-Iceland-Norway 
GIPD (1) General Intelligence Production Detachment; 
(2) General Intelligence Production Division 
GIPMIS General Intelligence Production Management Information 
System 
GIPS Geographic Installation Intelligence Production Specifications 
GIPSY Graphics Information or Presentation System 
GIS Geographical Information System 
GIST Graphical Intelligence Support Terminal 
GITAC General Intelligence Training Advisory Committee 
GITC General Intelligence Training Center 
GITS General Intelligence Training System 
GIUK Greenland-Iceland-United Kingdom 
GKNT State Committee for Science and Technology (FSU) 
GKS Graphics Kernel System 
GL Grenade Launcher 
GLCM Ground-Launched Cruise Missile 
GLLD U.S. Ground Laser Locator Designator (for COPPERHEAD) 
GLMX Geological Multi-Source Exploitation (System) 
GLOBIXS Global Information Exchange System 
GLOMR Global Low-Orbiting Message Relay 
GLONASS Global Navigation Satellite System 
GM Guided Missile 
GMD Global Missile Defense 
GMF Ground Mobile Forces 
GMFP Global Military Force Policy 
GMFSC Ground Mobile Force Satellite Communications 
GMI (1) General Medical Intelligence; 
(2) General Military Intelligence 
GMIPP General Military Intelligence Production Plan 
GMIT Ground Military Intelligence Team (ROK) 
GMRD Guards Motorized Rifle Division (FSU) 
GMS (1) Ground Mobile System; (2) Geostationary Meteorological 
Satellite; (3) Ground Mission Supervisor 
GMT Greenwich Mean Time (Zulu) 
GMTI Ground Moving Target Indicator GNAS Gateway 
Network Access System 
GNC Global Navigation Chart 
GND Ground 
GNP Gross National Product 
GNS Global Network Segment 
GNST Glossary of Naval Ship Types 
GO() Government of (Name of Country) 
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G-O 
G-OINS 
G-OIS 
GOB 
GOC 


GOCO 
GOES 
GOLDS 
GOLDWING 


GOMS 
GOP 

GOR 
GORB 
GOS 
GOSC 
GOSIA 
GOSIP 
GOSPLAN 
GOSSNAB 
GOTS 

GP 
GPALS 
GPEE 
GPF 

gph 

GP NAF 
GPNDS 
GPO 

GPS 


GPSCS 

GR 

GRAD 
GRANITE SENTRY 
GRID 

GRIPF 

GRD 

GREEN FLAG 
GRG 

GRO 

GROFIS 

GRP 

GRT 
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Office of Law Enforcement and Defense Operations (USCG) 
Intelligence Division (USCG/G-O) 

Investigations and Security Division (USCG/G-O) 

Ground Order of Battle 


(1) General Officer Commanding (UK); (2) Government of 
Canada; (3) Global Operations Center 


Government Owned Contractor Operated 
Geostationary Operational Environmental Satellites 
General On-Line Display System 


Army HF Radio; HF communications system for 
meteorological and other operations 


Geostationary Operational Meteorological Satellite 
Generated Option Plan 

General Operational Requirement 

General Officer Review Board 

Grade of Service 

General Officer Steering Committee 

Government Open System Interconnect Architecture 
Government Open Systems Interconnected Profile 
State Planning Committee (FSU) 

State Committee for Material-Technical Supply (FSU) 
Government Off-the-Shelf 

(1) Group; (2) General Purpose 

Global Protection Against Limited Strikes 

General Purpose Encryption Equipment 

(1) General Purpose Forces; (2) Ground Processing Facility 
Gallons Per Hour 

General Purpose Numbered Air Force 

Global Positioning & Nuclear Detection System 
Government Printing Office 


(1) Global Positioning System; (2) Grid Producing Source; 
(3) Geographical Positioning System; (4) Ground Processing 
Stations 


General Purpose Satellite Communications System 
(1) Graphical Reporting; (2) Gateway Router 
Graduate 

Proper Name of System 

Brand of Portable PC 

GUARDRAIL Integrated Processing Facility 
Ground Resolved Distance 

ACC live-fly electronic combat exercise 
Gridded Reference Graphic 

Gamma Ray Observatory 

Ground Forces Intelligence Study 

Glass Reinforced Plastic 

Gross Registered Tonnage 
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GRU FSU General Staff Intelligence Organization 


GS (1) General Staff, (2) General Support; (3) Geological Survey; 
(4) General Schedule; (5) General Service; 
(6) Government Service (Federal Civil Service); 
(7) Ground Station; (8) Government Civilian 


GSA General Services Administration 
GSD (1) Ground Sample Distance; (2) Graphical Situation Display 
GSE Ground Support Equipment 
GSF (1) Ground Support Fighter (FSU); (2) Group of Soviet Forces; 
(3) Ground Station Facility 
GSFC Goddard Space Flight Center 
GSFG Group of Soviet Forces Germany 
GSFM Group of Soviet Forces Mongolia 
GSICS General Support Interim Contractor Support 
GSM (1) Ground Support Module (JSTARS); 
(2) Ground Station Module 
GSOAF GGI&S Special Operations Applications Facility 
GSP General Strike Plan 
GSR (1) General Support Reinforcing; (2) Ground Surveillance Radar 
GSRS U.S. General Support Rocket System 
GSS (1) Global Support System; (2) General System Specification 
GST (1) Ground Sensor Terminal; (2) Ground Station Terminal; 
(3) Ground Support Terminal 
GSTS Ground-Based Surveillance and Tracking System 
GSTN General Switched Telephone Network 
GSU Geographically Separated Unit 
G/T Ratio of Antenna Gain to Noise Temperature 
GTA Government Training Aid 
GTAB Global Transportation Analysis Bulletin 
GTD Guards Tank Division (FSU) 
GTN Global Transportation Network 
GTS Global Telecommunications Service 
GTC Gas Turbine Compressor 
GTTC Goodfellow Technical Training Center 
GUI Graphics User Interface 
GW (1) Guided Weapon; (2) Gateway; (3) Guerrilla Warfare 
G/W Gateway 
GWC Global Weather Control 
GWEN Ground Wave Emergency Network 
GWIC Great Wall Industries Corporation (China) 
GWIP Global Weather Intercept Program 
GWP General Work Plan 
GW/R Gateway/Router 
GWS Gaps, Weaknesses, and Shortfalls (also GW&S) 
GYRO Gyroscope or Gyroscopic 
GZ Ground Zero 
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HAC 


HACC 
HAE 
HAHO 
HAIS 
HAL 
HALE 
HALO 
HANE 
HANG 
HARDLOOK 
HARDS 
HARM 
HARV 
HAS 
HASC 
HATS 
HATMD 
HAV 


HAWS 
HAZCON 
HAZMAT 

HB 

HBWP 

HC 

HCA 

HCC 

HCF 
HCUI/DV/AEX 


HCR 
HCS 
HCU 
HD 
HDL 
HDM 
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Symbol for the magnetic field of the propagated radio wave 
Critical life-essential liquid, commonly known as water 
Humanitarian Assistance 

Helicopter Alighting Area 


(1) High Altitude Burst; (2) High Altitude Bombing; 
(3) High Air Burst; (4) Hardened Aircraft Bunker 


(1) House Appropriations Committee; 
(2) Historical Area Coverage 


Humanitarian Assistance Coordination Center 
High-Altitude Endurance 

High-Altitude High-Opening 

Hawaiian Air Intelligence System 

Helicopter Light Attack 

High-Altitude Long-Endurance 

High-Altitude Low-Opening 

High-Altitude Nuclear Effects 

Hawaii Air National Guard 

Special Data Analysis Product of NAVSPACECOM/N24 
High-Altitude Radiation Detection System 
High-Speed Anti-Radiation Missile (AGM-88A) 
Harassment Vehicle (Drone) 

Hardened Aircraft Shelter 

House Armed Services Committee 

Heuristic Automated Transportation System 
High-Altitude Theater Missile Defense 


(1) High Acceleration Vehicle; 
(2) Heavy Armored Vehicle (non-tactical) 


Hawaii Area Wideband System 
Hazardous Condition 

Hazardous Materials 

High Burst 

Host-Based Word Processing 
HUMINT Committee 
Humanitarian and Civic Assistance 
HUMINT Contingency Cell 

High Command of Forces 


Human-Computer Interface/Data Visualization/Automated 
Expansion 


HUMINT Collection Requirement 
Helicopter Combat/Search and Rescue 
High Capacity Computer Unit 
Horizontal Ground Distance 

Harry Diamond Laboratories 
Hierarchical Development Methodology 
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HDO 
HDX 

HX 

HE 

HEAT 
HEC 
HEDI 
HEF 

HEI 

HEL 
HELIP 
HELRATS 
HELSTF 
HELW 
HELWING 
HEMP 
HEMT 
HEO 

HEP 
HERO 


HERT 
HES 
HESS 
HEST 
HET 
HF 
HFE 
HFA 
HF/DF 
HFE 
HFEA 
HFP 
HH 
HHC 
HHD 
HHS 


HHW 
HIL 
HI-PAR 
HI-RES 
HIC 
HICOM 
HIDSS 
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Humanitarian Demining Operations 

Half Duplex 

Half Duplex 

High Explosive 

High-Explosive AntiTank 

Helicopter Element Coordinator 

High Endoatmospheric Defense Interceptor 
Hostile Establishment File 

High-Explosive Incendiary 

High-Energy Laser 

HAWK European Limited Improvement Program 
High Energy Laser Radar Acquisition & Tracking System 
High-Energy Laser Systems Test Facility 
High-Energy Laser Weapons 

Helicopter Wing 

High-Altitude Electromagnetic Pulse 
High-Electron-Mobility Transistor 

(1) High-Earth-Orbit; (2) Highly Elliptical Orbit 
High-Explosive Plastic 


(1) Hazards of Electromagnetic Radiation To Ordnance; 
(2) Historical Evaluation and Research Organization 


Headquarters Emergency Relocation Team 
Hardcopy Exploitation Systems 

Hangul English Support System 
High-Explosive Simulation Technique 
Heavy Equipment Transporter 

(1) High Frequency; (2) Height Finder; (3) Hydrogen Fluoride 
Human Factors Engineering 
High-Frequency Antenna 

High-Frequency Direction-Finding 
Heavy-Fuel Engine 

Human Factors Engineering Assessment 
Host Front-End Protocol 

Hand-Held 

Headquarters and Headquarters Company 
Headquarters and Headquarters Detachment 


(1) Headquarters and Headquarter Services; 
(2) Hasty Hide Shelter 


Higher High Water 

High Interest List 

High-Performance Precision-Approach Radar 
High-Resolution 

High-Intensity Conflict 

High Command (CINCPACFLT Voice Network) 
Helmet-Integrated Display & Sight System 
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HIFAR 
HIMAD 


HIMS 
HIP 
HIRMS 
HIROCC 
HIS 


HISP 
HIT 
HITS 
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High-Frequency Fixed-Array Radar 


(1) High- to Medium-Altitude Defense; 
(2) High to Medium Altitude Adjustment 


HUMINT Information Management System 

Howitzer Improvement Program 

Human Intelligence Requirements Management System 
Hawaiian Islands Regional Operational Control Center 


(1) Honeywell Information System; 
(2) Hostile Intelligence Services 


Hostile Intelligence Service Profiler System 
High-Interest Track 


(1) Human Intelligence Tasking System; 
(2) Hawaii Information Transfer System 


HONEST JOHN (U.S. Surface-to-Surface Rocket) 
Hand-Launched 

Helicopter Landing Areas 

Helicopter Landing Area/Drop Zone 

Helicopter Landing Area/Drop Zone Study 

Heavy-Lift Launch Vehicle 

Hand-Launched Unmanned Aerial Vehicle 

Higher Low Water 

Helicopter Landing Zone 

Helicopter Mine Warfare 

HUMINT Management Center 

Higher Military Command, Interior and Islands (Greece) 
Handbook of Military Forces 

(1) Host-Message Interface; (2) Human-Machine Interface 
High-Mobility Multipurpose Wheeled Vehicle 

(1) Her Majesty's Ship; (2) HUMINT Management System 
Head-Mounted Thermal Vision 

Host Nation 

Host Nation Armed Forces 

Host Nation Intelligence Support 

Host Nation Support 

House National Security Committee 

Height of Burst 

Homing Optical Bomb 

(1) History of Coverage; (2) HUMINT Operations Cell 
HUMINT Operational Communications Network 
Homing Overlay Experiment 

Hostile Intelligence Service(s) 

Home on Jam 

High-Order Language 

(1) Head of Media; (2) Head of Mission 

HUMINT Operational Tasking Authority 
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HOTOL 


HOTPHOTOREP 


HOTSIT 
how 

HP 

HPA 
HPG 
HPM 
HPT 
HPSC 
HPSCI 
HQ/HQS 
HQDA 
HQJTF 
HQMC 
HQMRHITS 
HQ USAF 
HR 

hr 
HR/MR 
HRC 
HRCS 
HRMS 
HRPT 
HRR 
HRS 
HRTV 
HRU 
HRV 

HS 

HSD 
HSE 
HSE-E 
HSE-SOCOM 
HSI 
H-SIP 
HSLLADS 
HSMS 
HSS 
HTACC 
HTKP 
HTLD 
HTOHL 
HTML 
HUD 
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Horizontal Takeoff & Landing 

Hot Photographic Interpretation Report 

Hot Situation Message 

Howitzer 

(1) Headquarters Pamphlet; (2) Horsepower 
High-Power Amplifier 

Hardcopy Products Group 

High-Power Microwave 

(1) High-Payoff Target; (2) High-Priority Target 
High-Performance Computing Research System 
House Permanent Select Committee on Intelligence 
Headquarters 

Headquarters, Department of the Army 
Headquarters, Joint Task Force 

Headquarters, U.S. Marine Corps 

Quarterly Management Report 

Headquarters, Department of the Air Force 

(1) High Resolution; (2) Humanitarian Relief Service 
Hour 

Human Readable/Machine Readable (Data) 
Human Resources Committee 

High-Resolution Camera System 

Human Intelligence Requirements Management System 
High-Resolution Picture Transmissions 
High-Resolution Radar 

(1) Hours; (2) Humanitarian Relief Service 
High-Resolution Television 

Hardcopy Reconstruction Unit 

High-Resolution Visible Range Instruments 

(1) Helicopter Squadron; (2) Home Station 
HUMINT Support Detachment 

HUMINT Support Element 

HSE-Europe 

HSE-USSOCOM 


(1) Human Systems Integration; (2) Hyperspectral Imagery 


H-Camera Spectral Improvement Program 
High Speed Low Level Aerial Delivery System 
Human Sources Management System 

Health Service Support 

Hardened Tactical Air Control Center 
Hard-Target Kill Potential 

High-Technology Light Division 

Horizontal Take-off and Horizontal Landing 
Hypertext Markup Language 

Heads-Up Display 
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HULTEC 
HUMINT 
HUMMV 
HUMRO 
HUS 
HUSK 

hv 

HVA 
HVAC 
HVAP 
HVAPFSDS 
HVAT 
HVF 
HVIT 
HVT 

HW 
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Hull-to-Emitter Correlation 

Human Resources Intelligence 

High Utility Mobile Mechanized Vehicle 
Humanitarian Relief Operations 
Hardened Unique Storage 

Hardened Unique Storage Key 

Heavy 

High Value Asset 

High-Voltage Air Conditioning 
High-Velocity Armor-Piercing 

High Velocity Armor-Piercing Fin-Stabilized Discarding-Sabot 
High- Velocity Antitank 

Highly Volatile Fuel 

High Volume Information Transfer 
High-Value Target 

(1) High Water; (2) Hardware 

High Wycombe Air Station 

Hobart Walk-in Cooler 


Hardware/Software 
Highway 
Hertz 
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IAS WS 
IASSA 
IAT 
IATA 
IAW 
IAWG 
IAWS 
IBAC 
IBs 
IBBS 
IBD 
IBDTF 
IBE 
IBERLANT 
IBIS 
IBM 
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Inclination 
Intelligence Information 


(1) Imagery Analyst; (2) Intelligence Assistant; (3) Initial 
Assessment; (4) Intelligence Analyst; (5) Intelligence Agent 


Interagency Agreement 
(1) Imagery and Analysis; (2) Identifcation and Authentication 
Imagery Analysis Branch 


(1) Intelligence Analysis Center; (2) Intelligence Advisory 
Committee; (3) Intelligence Analyst Course (DIA); 
(4) Information Analysis Centers 


(1) Intelligence Analysis Division; (2) Integrated Air Defense 
Inter-American Defense Board 

Integrated Air Defense System 

International Atomic Energy Agency 


(1) Intelligence Analysis Group (formerly ITAD); 
(2) Imagery Analysis Group 


Instantaneous Automatic Gain Control 
Inter-American Geodetic Survey 

Integrated Automated Intelligence Processing System 
Imagery Analysis Memorandum 

Imagery Acquisition and Management Plan 
Individual Aerial Mobility System 

Imagery Analysis Notice 

International Airport 

Inter-American Peace Force 

Imagery Analysis Report 


(1) Intelligence Access System; (2) Interactive 
Applications System; (3) Intelligence Analysis System 


IAS Work Station 

INSCOM Automated Systems Support Activity 
Intelligence Augmentation Team 

International Air Transport Association 

In Accordance With 

Interagency Working Group 

Improved Analyst Workstation 

Identity-Based Access Control 

Issue Books 

Interim Brigade/Battalion Simulation 
Intelligence Baseline Document 

IBD Transaction Format 

Field-Initiated BE Number 

Iberian Atlantic Area 

Imaging Background Limited Infrared System 
International Business Machines 
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IBO 
IBOS 
IBS 


IBSSIR 
IBTA 
IBUR 
IC 


IC/EC 
ICA 
ICAF 
ICAO 
ICAP 
ICARIS 


ICBM 
ICC 


ICCC 
ICD 


ICDP 

ICE 
ICEDEFOR 
ICES 

ICF 


ICFTU 
ICIG 
ICITAP 


ICL 
ICM 


ICMC 
ICOD 
ICOM 
ICON 
ICP 


ICPS 
ICR 
ICRC 


ICRS 
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Intelligence Baseline Overview 
Intelligence Battlefield Operating System 


(1) Interactive Beacon System; (2) Integrable Base Station; 
(3) Integrated Broadcast Service; (4) Intelsat Business Service; 
(5) Integrated Bridge System 


Background Signature Survey 
Integrated Battlefield Targeting Architecture 
Intelligence Bottom-Up Review 


(1) Intelligence Community; (2) Intelligence Collection; 
(3) Integrated Circuit; (4) Intelligence Center; (5) Irish Concern 


Intelligence Community/Executive Committee 
Intelligence Center Atlantic 

Industrial College of the Armed Forces 
International Civil Aviation Organization 
Improved Capabilities Program 


Intelligence Communications Architecture and Requirements 
Information System 


Intercontinental Ballistic Missile 


(1) Integrated Communications Center; (2) Intelligence Continu- 
ity Cell; (3) IMINT Coordination Cell; (4) Intelligence Coordi- 
nation Center (Coast Guard); (5) Initial. Connectivity Capability 


International Council for Computer Communication 


(1) Interface Control Document; (2) Intelligence Collection 
Division; (3) Initiative Communications Deception 


Intelligence Career Development Program 

(1) Independent Cost Estimate; (2) Interface Control Element 
Iceland Defense Forces 

International Cooperation in Ocean Exploration 


(1) Intelligence Collection Flight; (2) Intelligence Contingency 
Funds; (3) Interconnect Facility 


International Confederation of Free Trade Unions 
IDHSS CSSR Interface Guard 


International Criminal Investigative Training and Assistance 
Program 


Intelligence Coordination Cell 


(1) Improved Conventional Munitions; (2) Intelligence Correla- 
tion Module; (3) Integrated Common Modules 


Intelligence Collection Management Course 
Intelligence/Information Cut-Off Date 
Integrated COMSEC (SINCGARS) 

Image Communications and Operations Node 


(1) Intelligence Collection Platform; (2) Interface Change 
Proposals; (3) Incremental Change Packages 


Intelligence Communications Processing Shelter 
Intelligence Collection Requirement 


(1) Intelligence Contingency Readiness Center; 
(2) International Committee of the Red Cross 


Imagery Collection Requirements Subcommittee (COMIREX) 
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ICS 


ICTF 
ICTT 


ICU 
ICV 
ICW 
ICWG 


ID 
IDA 
IDAD 
IDB 
IDB-II 
IDBM 
IDBR 
IDBTF 
IDC 
IDCSP 
IDEAS 
IDES 
IDEX 
IDEX II 
IDF 
IDHS 
IDHS 
IDHS-2000 
IDHS-II 
IDHSC 
IDHSC-II 
IDIMS 
IDIQ 
IDIRA 


IDL 
IDM 
IDMS 
IDN 
IDNX 
IDP 
IDPS 


IDS 
IDSCS 
IDSCP 
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(1) Intercommunications System; 
(2) Intelligence Community Staff 


Interagency Crisis Task Force 


(1) Improved Commander's Tactical Terminal; 
(2) Interim Commander's Tactical Terminal 


Interface Control Unit 
Infantry Combat Vehicle 
In Coordination With 


(1) Interface Control Working Group; 
(2) Imagery Coordination Working Group 


(1) Identification; (2) Infantry Division; (3) Intelligence Division 
Institute for Defense Analysis 

Internal Defense and Development 

(1) Integrated Data Base; (2) Inter-American Development Bank 
PC-Based Integrated Data Base 

Integrated Data Base Maintenance 

Integrated Data Base Retrieval 

Intelligence Data Base Transaction Format 

Interagency Defector Committee 

Initial Defense Communications Satellite Program 
Intelligence Data Element Authorization Standards 

Installation Damage Expectancy Summary 

Imagery Data Exploitation System 

Imagery Data Exploitation System II 

(1) Israeli Defense Force; (2) Installation Data File 

Intelligence Data Handling System 

IDHS for the mid-1990s 

Intelligence Data Handling System for the Year 2000 
Intelligence Data Handling System, Second Iteration 
Intelligence Data Handling System Communications 
Intelligence Data Handling System Communications, Version II 
Interactive Digital Image Manipulation System 

Indefinite Delivery, Indefinite Quantity 


Introduction to Defense Intelligence Research and 
Analysis (DIA) 


Interoperable Data Link 

Improved Data Modem 

IPAC Document Management System 
Integrated Data Network 

Integrated Digital Network Exchange 
Intelligence Data Processor 


(1) Imagery Data Processing System; (2) Integrated Deployable 
Processing System; (3) Interim Deployable Processing System 


(1) Intrusion Detection System; (2) Infrared Detection Set 
Initial Defense Satellite Communications System 
Initial Defense Satellite Communication Program 
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IDSF 
IDTT 
IDZ 


IEBL 
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Intelligence Defector Source File 
Inactive Duty Training Travel 
Inner Defense Zone 
International Energy Agreement 
Inter-Entity Boundary Line 


(1) Imagery Exploitation Center; (2) Intelligence Exchange 
Conference 


(1) Improvised Explosive Device; 
(2) Imitative Electronic Deception 


Imagery Exploitation Group 

Improved Emergency Message Automated Transmission System 
Independent Evaluation Plan 

Independent European Program Group 

Information Exchange and Processing Requirements Report 
Independent Evaluation Report 

Imagery Exploitation System 

Imagery Exploitation Support Segment 

Intelligence and Electronic Warfare 

IEW Common Sensor 

Intelligence and Electronic Warfare Directorate 

IEW Functional Area Model 

IEW Support Element 

IEW Technology Assessment Center 

IEW Tactical Proficiency Trainer 


(1) Interrogation Facility; (2) Identification Frequency; 
(3) Intermediate Frequency 


International Federation of Automatic Control 
Identification, Friend or Foe 

Identification, Friend, Foe or Neutral 
Implementation Force (Operation JOINT ENDEAVOR) 
Instantaneous Field-of-View 

Interformation Position System 

Instrument Flight Rules 

International Frequency Registration Board 
Imagery File Server 

Integrated Family Test Equipment 

Infantry Fighting Vehicle 


(1) Interagency Group; (2) Inspector General; 
(3) Intelligence Group (Air Force) 


Intelligence Guidance for COMINT Programming 
Intelligence Guidance Document 

Improved GUARDRAIL 

Improved GUARDRAIL V 

Image Generation System 

Interim Ground Station Module 

Interdepartmental Group on Terrorism 
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IGY International Geophysical Year 
IHC Intelligence Information Handling Committee 
IHE Insensitive High Explosive 
IHFR Improved High Frequency Radio 
IHO (1) International Hydrographic Organization; (2) In Honor of 
IHR In-Extremis Hostage Rescue 
II (1) Imagery Interpretation; (2) Imagery Interpreter 
IIC Imagery Interpretation Center 
IICT Interagency Intelligence Committee on Terrorism 
IID Integrated Information Display 
IIDP Integrated Intelligence Development Plan (USCINCEUR) 
IIE Installation Identification Element 
IIF Imagery Interpretation Facility 
IIG (1) Imagery Intelligence Group (formerly USAIIC); 
(2) Intelligence Inspector General 
IIM Interagency Intelligence Memorandum 
IIN Imagery Interpretation Note 
IINCOMNET Intratheater Intelligence Community Network 
IINS Imagery Information Need Statement 
IIPL Integrated Intelligence Priority List 
IIR (1) Imaging Infrared; (2) Intelligence Information Report; 
(3) Imagery Interpretation Report 
IIRES Imagery Interpretation, Reporting, and Exploitation System 
IIRK Interarea Interswitch Rekeying Key 
IIRS Imagery Interpretability Rating Scale 
IIS (1) Indirect Identification System; (2) IPAC Intelligence 
Summary; (3) Imagery Interpretation Segment 
IISE Intelligence Information System Enhancement 
IISS Intelligence Information Subsystem 
IITLPC Inter/Intra Team Low Power Communications 
IITS (1) Intra- Theater Imagery Transmission System; 
(2) Installation Information Transfer Systems 
IIU (1) Imagery Interpretation Unit; (2) Imagery Interface Unit 
IJMS Interim JTIDS Message Standard 
ILAM Improved Limpet Assembly Modular 
ILC International Lines of Communication 
ILD Injection Laser Diode 
ILE Intelligence Liaison Element 
ILEA International Law Enforcement Academy 
ILO Intelligence Liaison Officer 
ILP Intelligence Liaison Party 
ILS (1) Instrument Landing System; (2) Integrated Logistic Support 
ILSA Improved Lightweight Satellite Antenna 
IM (1) Information Management; (2) Intermodulation 
IM/GD Intelligence Management/Guidance Document 
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(1) Institute for Military Assistance; (2) Intelligence 
Mobilization Augmentee; (3) Information Mission Area 


Interim Medium Altitude Endurance UAV (formerly Tier I) 
1st Marine Amphibious Force 

Interim Mission Assessment Program 

(USCENTCOM) Intelligence Management Board 

The International Medical Corps 

Intergovernmental Maritime Consultative Organization 
Intelligence Management Document 

First Marine Expeditionary Force 


(1) International Military Education and Training; 
(2) Integrated Management Evaluation Team 


Integrated Meteorological System 
International Monetary Fund 
Imagery Intelligence 


(1) Intelligence Management Information System; 
(2) Integrated Management Information System 


International Maritime Law Enforcement Training Team 
Information Management Master Plan 

Imagery Network 

Intelligence Many-on-Many 

International Maritime Officer Course 


(1) Interface Message Processor; (2) Input Message Processor; 
(3) Image Product; (4) Information Management Program 


Imagery Products 

International Military Staff (NATO) 

Imagery Satellite 

Imagery Management Support Element 
International Maritime Satellite Organization 
Intelligence Mobile Training Team 


(1) International Negotiations; (2) Intelligence; (3) Infantry; 
(4) Director of Intelligence (Air Force Component) (also A2) 


Information Not Available 


(1) Intelligence Communications Architecture; 
(2) Integrated Nuclear Communications Assessment 


Intelligence Collection Requirement Nomination 
Intratheater Intelligence Communications Network 
Incidents at Sea 


(1) Indications Communication Network; 
(2) Indications and Warning Communications 


Indications Intelligence Communications 
Integrated Electronic Warfare System 
Infantry 

Intermediate-Range Nuclear Forces 
Infiltration 

Inflight Reports 

Inflight Reports 
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INTELCAST 
INTELCOM 
INTELDATA 
INTELINK 
INTELSAT 
Intelink 


INTELNET 
Internet 
INTI 


Intranet 
INTREP 
INREQ 
INTSUM 
INUT 

IO 


IO 
IOA 
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Information 

(1) Information Security; (2) Information Systems Security 
International Nongovernmental Organizations 

Initiation 

International Narcotics and Law 

International Maritime Satellite 

Integrated Network Management System 

Bureau of Intelligence and Research (State Department) 


(1) Inertial Navigation System; 
(2) Immigration and Naturalization Service 


Indian Satellite 

Integrated Special Intelligence Communications 
U.S. Army Intelligence and Security Command 
Instruction 

Automated Installations File (DIAOLS) 
Installation 

Installation 

Intelligence Summary 

Intelligence 


(1) Integrated Tactical Communications System; 
(2) Integrated Tactical Communications Study 


Intercept 

Intelligence 

Intelligence Broadcast 

Worldwide Intelligence Communication 

Intelligence Data 

Proper Name of System 

International Telecommunications Satellite Organization 


Command server/client system that allows secure SCI connectiv- 
ity to all commands on the network, and access to available files 
without additional log-on. 


Intelligence Network 

International Network 

CI database 

Interrogation 

International Travel by Selected Foreign Officials 
Internet with local scope 

Intelligence Report 

Intelligence Request 

Intelligence Summary 

Indian Nuclear Underground Test 


(1) Indian Ocean; (2) Intelligence Officer; (3) Information 
Objectives; (4) Intelligence Objective; (5) Intelligence Opera- 
tions (Division); (6) Information Operations; 

(7) Information Objectives 


Input/Output 
Indian Ocean Area 
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IOB 
IOC 


IOCTL 
IOD 

IOF 

IOIC 

IOM 
IOMDWG 
IONDS 
IOR 
IONDS 
IOS 


IOSS 


IOT&E 
IP 


IP/MP 
IPA 


IPAT 
IPB 
IPC 


IPCP 
IPCS 
IPD 


IPDB 
IPDS 
IPE 
IPF 


IPG 
IPIR 


IPR 
IPIX 
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Intelligence Oversight Board 


(1) Initial Operational Capability; 
(2) Intelligence Operations Center 


Indian Ocean Conventional Target List 

Intelligence Operations Division (USEUCOM) 
Intelligence Operations Facility 

Integrated Operational Intelligence Center 

Input/Output Module 

Interagency Offensive Missile Deployment Working Group 
Integrated Operational Nuclear Detection System 
Individualized Operational Ration 

Integrated Operational Nuclear Detection System 


(1) Intelligence Operations Specialist; 
(2) International Organization for Standards 


(1) Integrated Operational Support Study; 
(2) Intelligence Organization Stationing Study 


Initial Operational Test and Evaluation 


(1) Initial Point; (2) Imagery Processing; (3) Intelligence Prob- 
lem; (4) Instrumentation Point; (5) Immediate Permanent Inca- 
pacitation Dose; (6) Internet Protocol 


Inphase/Midphase 


(1) Intelligence Production Activity; 
(2) Imagery Product Archive 


Intelligence Planning/Programming Analysis Tool 
Intelligence Preparation of the Battlefield/Battlespace 


(1) Industrial Planning Committee; (2) Intelligence Producers 
Council; (3) Intelligence Production Center 


Intelligence Production Campaign Plan 
Intelligence Producers Council Staff 


(1) Intelligence Planning Document; (2) Intelligence Plans 
Division (USEUCOM); (3) Intelligence Production Division 


Intelligence Production Data Base 
Imagery Processing and Dissemination System 
Intelligence Production Element 


(1) Integrated Processing Facility; 
(2) Intelligence Processing Facility (Guardrail) 


Implementation Planning Group 


(1) Immediate Photo Interpretation Report; 
(2) Initial Photographic Interpretation Report; 
(3) Initial Programmed Interpretation Report; 
(4) Initial Phase Interpretation Report 


Integrated Personal Armor 


Interface Processor for Imagery Exchange 
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IPM (1) Interface Processor for Imagery Exchange; 
(2) Intelligence Programs Management 
IPMA Intelligence Production Management Activity 
IPMO Intelligence Program Management Office 
IPL Integrated Priority List 
IPM Interpersonal Messaging 
IPOIC Interagency Prisoner of War Ad Hoc Committee 
IPOM Intelligence Program Objective Memorandum 
IPP (1) Intelligence Producer Profile; (2) Impact Point Prediction 
IPR (1) Intelligence Production Requirement; (2) In Process Review; 


(3) Impulse Response; (4) Internet Protocol Route 


IPRG (1) Intelligence Priorities Review Group; 
(2) Intelligence Program Review Board 


IPS (1) Integrated Program Summary; (2) Intelligence Production 
System; (3) Imagery Processing Segment (CARS); (4) Intelli- 
gence Production Section; (5) Instructions Per Second; 

(6) Imagery Processing System 


IPSC Information Processing Standards for Computers 

IPSG Intelligence Program Support Group (now CISA) 

IPSO Internet Protocol Security Option 

IPSP Intelligence Priorities for Strategic Planning 

IPT Integrated Product Team 

IPU Inter-Parliamentary Union 

IPW Interrogation of Prisoners of War 

IPWG Intelligence Priorities Working Group 

IPX Internet Packet Exchange 

IR (1) Infrared; (2) Intelligence Information Report; (3) Illumina- 


tion Rate; (4) Impulse Response; (5) Information Requirement; 
(6) Intelligence Requirement; (7) Initial Radiation; (8) Induced 
Radiation; (9) Information Ratio 


DR Imaging Infrared 
IRA Intelligence-Related Activities 
IRAC Interdepartmental Radio Advisory Committee 
IRBM Intermediate-Range Ballistic Missile 
IRC (1) International Red Cross; (2) International Rescue Committee 
IRCM Infrared Countermeasures 
IRCS Improved Radar Calibration System 
IR&D Independent Research & Development 
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IRD 


IRDB 

IRDC 
IRDHS 
IREMBASS 
IRDS 
IREMBASS 
IREPS 

IRF 


IRS 


IRSCOM 
IS 


I&S 
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(1) Independent Research & Development; (2) Intelligence 
Resources Division; (3) Intelligence Reserve Detachment 


Integrated Requirements Data Base 

Intelligence Research and Development Council 
Imagery-Related Data Handling System (see AIRES) 
Improved Remotely Monitored Battlefield Surveillance System 
Infrared Detection System 

Improved-Remotely Monitored Battlefield Sensor System 
Integrated Refractive Effects Prediction System 


(1) Imagery Readiness Facility; 
(2) Intelligence Readiness Facility 


Interdepartmental Regional Group 
Infrared Guidance Module 

Infrared Intelligence 

Infrared Imaging System 

Imagery Report Index Summary 
Intelligence Report Index Summary File 
Interswitch Rekeying Key 

Infrared Line Scanner 


(1) Intelligence Requirements Management; 
(2) Information Resource Management 


Imagery Requirements Management System 
Imagery Reconnaissance Objectives File 
Imagery Reconnaissance Objectives List 

(1) Imagery Reconnaissance Objectives Plan; 
(2) Infrared Optical Intelligence; 

(3) Imagery Requirements Objectives Program 
Installation Reference Points Graphics 


Intelligence Information Report Photo Index 


(1) Individual Ready Reserve; (2) Intelligence Requirement 
Request; (3) Intelligence Readiness Report 


(1) Intelligence Research Specialist; (2) Internal Revenue 
Service; (3) Interface Requirements Specification; 

(4) Intelligence Requirements Subcommittee 

Imagery Requirements Subcommittee 


(1) Information Systems; (2) Intelligence Specialists; 
(3) Intelligence Squadron 


(1) Intelligence and Security; (2) Intelligence and Surveillance 
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ISA 


ISAF 
ISAR 
ISARC 
ISB 


ISC 


ISCO 
ISC/SC 
ISD 


ISDB 
ISDN 


ISEMS 
ISEW 
ISF 
ISG 
ISHMRS 
ISIC 
ISID 
ISIDS 
ISINT 
ISIP 
ISIS 


ISLES 
ISM 
ISMB 
ISO 


ISOFAC 
ISOPREP 
ISOS 

ISP 


ISP DCS 
ISP CPE 
ISPER 
ISPO 
ISPR 
ISPS 
ISPT 
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(1) International Security Affairs; (2) Interservice Support 
Agreement; (3) Intelligence Support Activity; (4) Integration 
Support Activity; (5) International Support Agreement 


Israeli Air Force 
Inverse Synthetic Aperture Radar 
Intelligence, Surveillance, and Reconnaissance Cell 


(1) Initial Staging Base; (2) Intermediate Staging Base; 
(3) Intelligence Systems Board; (4) Intelligence Support Base 


(1) Information Systems Command; (2) Information Science 
Center; (3) Intelligence Support Cell 


Intelligence Support to Combined Operations 
Intelligence Specialist Chief/Senior Chief 


(1) Intelligence Support Detachment; (2) Intelligence Security 
Division; (3) Intelligence Support Division 


Integrated Satellite Data Base 


(1) Integrated Services Data Network; (2) Intelligence Services 
Digital Network ISEIntelligence Support Element 


Improved Spectrum Efficiency Modeling and Simulation 
Intelligence, Security, and Electronic Warfare 
Intelligence Support Facility (U.S. Navy) 

Intelligence Support Group (U.S. Navy) 

Improved SOF High Frequency Manpack Radio System 
Intelligence Support and Indications Center 

Interim Secondary Imagery Dissemination System 
Improved SIDS 

Instrumentation Signals Intelligence 

Intelligence Support Interface Program 


(1) Integrated Signals Intelligence System; 
(2) Interim SOCOM Intelligence Threat Data System 


Information Systems for Law Enforcement Support 
Industrial Security Manual 
Intelligence Systems Management Board 


(1) Information Systems Office; 
(2) International Standards Organization 


Isolation Facility 
Isolated Personnel Report 
Intelligence System of Systems 


(1) Intelligence Support Plan; (2) Industrial Security Program; 
(3) Intelligence Support Processor; (4) Integrated Survey Pro- 
gram; (5) Intelligence Survey Program 


Integrated Survey Program Data Collection System 
Integrated Survey Program Central Production Element 
IPAC Special Reports 

Intelligence Support Program Office 

Information Systems Processing Request 

(1) ISP Server; (2) Improved SOF Power Sources 
Intelligence Support Processor Tool 
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ISR 


ISRD 
ISS 


I&SS 
ISSA 


ISSM 
ISSO 


ISST 
IST 


ISTA 
ISWG 
ISYSCON 
IT 

ITA 


ITAAS 
ITAC 


ITACIES 
ITACS 
ITAR 
ITAS 
ITC 
ITCT 
ITD 


ITDB 
ITDN 
ITEP 


ITF 

ITFN 
ITG 
ITIBS 
ITIC-PAC 
ITH 

ITL 

ITO 


ITOC 
ITP 
ITS 
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(1) Imagery Support Requirement; (2) Inter-Agency Source 
Registry; (3) Intelligence, Surveillance and Reconnaissance 


Information Systems Requirement Document 


(1) Intelligence Support System; (2) Intelligence Support Sub- 
system; (3) Intelligence Support Staff; (4) Information Security 
System; (5) Information Systems Security 


Intelligence and Security Service 


(1) Information Systems Support Activity; 
(2) Inter-service Support Agreement 


Information Systems Security Manager 


(1) Information Systems Security Officer; 
(2) Intelligence Systems Support Office 


ICBM SHF Satellite Terminal 


(1) Imagery Support Terminal; (2) Intelligence Support Team; 
(3) Intelligence System Team 


Intelligence, Surveillance, Target Acquisition 
Intelligence Support Working Group 
Integrated System Control 

Immediate Transient Incapacitation Dose 


(1) Intelligence Terrain Analyzer; 
(2) International Telegraph Alphabet 


Intelligence Training Army Area Schools 


(1) Intelligence and Threat Analysis Center (U.S. Army); 
(2) Intelligence Tracking Analysis and Correlation 


Interim Tactical Imagery Exploitation System (U.S. Army) 
Integrated Tactical Air Control System 

International Traffic in Arms Regulations 

Improved Target Acquisition System 

Interagency Training Center 

Improved Tactical Commander’s Terminal 


(1) Interim Terrain Data; (2) Individual Training Directorate; 
(3) International Training Division 


Intercept Tasking Data Base 
Integrated Tactical Data Network 


(1) Interim Tactical ELINT Processor (U.S. Army); 
(2) Integrated Threat Evaluation Program 


Intelligence Task Force 

Intra-Task Force Network 

Interdiction Target Graphic 

Improved TIBS 

INSCOM Theater Intelligence Center-Pacific 
Internal-to-Internal Interface 

Interagency Telephone Laboratory 


(1) International Trade Organization; 
(2) Integrated Tasking Order 


Interrogation Translation Operations Center 
(1) Intelligence Town Plan; (2) Interrogation/Translation Platoon 
Imagery Transmission System 
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ITSS 
ITT 
ITU 


ITUT 
ITW 


ITW&AA 
IU 
IUG 
IUS 
IUSS 
IVAN 
IVCS 
IVD 
IVIS 
IVSN 
IW 
I&W 
IWC 
IWD 
IWG 
IWO 
IWS 
IWSDB 
IWST 
IWT 
IWTS 
IWW 
IX 
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Integrated Tactical Surveillance System 
Interrogator Translator Team 


(1) Interrogator-Translator Unit; 
(2) International Telecommunications Union 


Interim Tactical Users Terminal 


(1) International Targeting Workstation; 
(2) Integrated Threat Warning 


Integrated Tactical Warning and Attack Assessment 
(1) Interface Unit; (2) Image Understanding 
Intelligence Users' Guide 

Inertial Upper Stage 

Integrated Undersea Surveillance System 
Intelligence Van 

Integrated Vehicle Communications System 
Interactive Video Disk 

Inter- Vehicle Information System 

Initial Voice Switched Network 

(1) Information Warfare; (2) Intelligence Wing 

(1) Indications and Warning; (2) Intelligence & Warning 
Information Warfare Center 

Intermediate Water Depth 

Intelligence Working Group 

Intelligence Watch Officer 

(1) Intelligence Work Station; (2) Information Warfare Squadron 
Integrated Weapon System Data Base 

Information Warfare Support Team 

Intelligence Watch Team 

Indications and Warning Training System 

Inland Waterway 

Unclassified Miscellaneous Ship 
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JAADS 
JAAT 
JAC 
JACC/CP 
JAD 
JAEIC 
JAG 
JAI 
JAIEG 
JAIS 
JAIS-PAC 
JAMIP 
JAN 
JANAF 
JANAP 
JAO 
JAOC 
JAOP 
JAPC 
JAR 
JARCC 
JARIC 


JAROC 
JARP 
JASDF 
JASORS 
JASPO 
JASS 
JAST 
JATCCCS 
JAWS 


JBS 
J2C 
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Director(ate) of Plans, Policy, and Programs 


(1) Director(ate) of Command, Control, Communications; 
(2) Director(ate) of Command, Control, Communications, and 


Computer Systems 
Joint Operational Plans Staff 


Director(ate) of Resource Management 


Judge Advocate (General) 


Joint Allied Air Defense System 


Joint Air Attack Team 
Joint Analysis Center 


Joint Airborne Communications Center/Command Post 


Joint Assessment Data 


Joint Atomic Energy Intelligence Committee 


Judge Advocate General 


Joint Administrative Instruction 


Joint Atomic Information Exchange Group 


Japan Air Intelligence System 


Joint Area Information system-USPACOM 
Joint Analytic Model Improvement Program 


Joint Army-Navy 


Joint Army, Navy, Air Force Publication 


Joint Army/Navy Publication 
Joint Area of Operations 
Joint Air Operations Center 
Joint Air Operations Plan 


Joint Attrition and Penetration Committee 


JIC Analysis Report 


Joint Air Reconnaissance Control Center 


(1) Joint Aerial Reconnaissance Intelligence Center; 
(2) Joint Air Reconnaissance Interpretation Center (UK) 


(B) Joint Allied Refugee Operations Center (Berlin) 
Joint Aerospace Reserve Program 


Japanese Air Self-Defense Forces 


Joint Advanced Special Operations Radio System 
Joint Airborne SIGINT Program Office 


Joint Airborne SIGINT System 


Joint Advanced Strike Technology Program 
Joint Advanced Tactical C3 System 


(1) Joint Analytical Workstation; (2) Joint Advanced Weapons 
System; (3) JDISS-Army Workstation 


(1) Joint Base Station; (2) Joint Broadcast Service 


CIA Liaison 
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JC2WC Joint C2 Warfare Center 
JCAT (1) Joint Crisis Action Team; (2) Joint Crisis Analysis Tool 
JCC Joint Coordination Center 
JCCC Joint Communications Control Center 
JCCOC Joint Communications & Control Operational Concept 
JCCWC Joint Command and Control Warfare Center 
JCET Joint/Combined Exercises for Training 
JCEOI Joint CEOI 
JCF Joint Communications Facility 
JCISB Joint Counterintelligence Support Branch 
JCISOC Joint CI Staff Officer’s Course 
JCMC (1) Joint Crisis Management Capability; 
(2) Joint Crisis Management Center 
JCMEC Joint Captured Materiel Exploitation Center 
JCMO Joint Collection Management Office 
JCMOTF Joint Civil Military Operations Task Force 
JCMPO Joint Cruise Missile Project Office 
JCMST Joint Collection Management Support Tool (renamed JCMT) 
JCMT Joint Collection Management Tool 
JCNJSIC Center Cheyenne Mountain Air Force Base (CMAFB) Node 
JCNICC Joint Counternarcotics Intelligence Coordination Center 
JCP Joint Congressional Committee on Printing 
JCPES Joint Chiefs Planning and Execution System 
JCPX Joint Command Post Exercise 
JCRC Joint Casualty Resolution Center 
JCS Joint Chiefs of Staff 
JCSAN JCS Alert Network 
JCSAR Joint Combat Search and Rescue 
JCSE (1) Joint Communications Support Element; 
(2) Joint Contingency Support Element 
JCSM Joint Chiefs of Staff Memorandum 
JCSS (1) Japan Combat Support System; 
(2) Joint Communications Support Squadron 
JCTG-ME Joint Technical Coordinating Group for Munitions Effectiveness 
J2D DIA Liaison 
JDA (1) Joint Deployment Agency; (2) Japan Defense Agency; 
(3) Joint Duty Assignment 
JDAC Joint District Area Command 
JDAL Joint Duty Assignment List 
JDAM Joint Direct Attack Munition 
JDC Joint Debriefing Center 
J-DEC JICPAC-Detachment Japan 
JDEC Joint Document Exploitation Center 
JDF Joint Development Facility 
JDGW Joint Digital Geopositioning Workstation 
JDIA Joint Digital Intelligence Assessment 
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JDIPC 
JDISS 


JDISS-C 
JDISS-E 
JDISS-S 


JDIVS 
JDMAG 
JDS 
JDSS 
JDSIR 
JDSSC 
JEAP 


JEC 
JECC(G) 
JECG 
JECM 
JEEP 
JEIO 
JEFPROS 
JEIR 
JEL 

JEM 

JES 
JESS 
JET 
JETDS 
JEWC 
JFACC 
JFC 
JFFC 
JFFSC 
JFI 

JFIC 
JFITL 
JFK CTRMA 
JFLCC 
JLOTS 
JFM 
JFMCC 
JFMO 
JFSOCC 
JGITSS 
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Joint Deployable Imagery Production Center 


(1) Joint Deployable Intelligence Support System; 
(2) Joint Defense Intelligence Support Services 


Joint Deployable Intelligence Support System-CENTCOM 
JDISS-EUCOM 


Joint Deployable Intelligence Support System-SOCOM or 
SOCRATES 


Joint Deployable Intelligence Video/Data System 
Joint Deployable Maintenance Analysis Group 

Joint Deployment System 

Joint Decision Support System 

Joint Deployment System Incident Reporting System 
Joint Data System Support Center 


(1) Joint Electronic Analysis Program; 
(2) Joint Electronic Analysis Position 


Joint Economic Committee 

Joint Exercise Control Center (Group) 

Joint Exercise Control Group 

Joint Electronic Countermeasures 

Joint Emergency Evacuation Plan 

Joint Engineering and Interoperability Organization 
JAC EUCOM Force Protection Summary 

JAC EUCOM Intelligence Review 

Joint Electronic Library 

Joint Exercise Manual 

JDISS Embedded Support 

Joint Exercise Support System 

JWICS Earth Terminal 

Joint Electronics Designation System 

Joint Electronic Warfare Center 

Joint Force Air Component Commander 

(1) Joint Fusion Center; (2) Joint Force Commander 
Joint Force Fires Coordinator 

Joint Force Fire Support Coordinator 

Joint Force Integrator 

Joint Force Interdiction Coordinator 

Joint Force Integrator Task List 

John F. Kennedy Center for Military Assistance 
Joint Force Land Component Commander 

Joint Logistics Over the Shore 

Joint Force Memorandum 

Joint Force Maritime Component Commander 

Joint Frequency Management Office 

Joint Force Special Operations Component Commander 
Joint General Intelligence Training System Subarchitecture 
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JGSDF 
JIATF 
JIATF-E 
JIATF-W 
JIB 

JIC 


JIC-E 
JIC-SOUTH 
JIC-2000 
JICEUR 
JICPAC 
JICREP 
JICTRANS 
JIEO 

JIEP 

JIF 

JIFF 

JIIKS 

JIIM 

JILE 

JIM 
JINTACCS 
JINTC 

JIO 

JIOC 

JIPC 
JIPTL 
JISA 
JISAD 
JISC 


JISE 
JISI 
JISS 
JITAP 
JITC 
JITF 
JIVA 
JLA 
JLARG 
JL-COE 
JLD 
JLE 
JLMIS 
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Japanese Ground Self-Defense Forces 

Joint InterAgency Task Force 

Joint InterAgency Task Force - East 

Joint InterAgency Task Force - West 

Joint Intelligence Bureau (Commonwealth Countries) 


(1) Joint Intelligence Center; (2) Joint Interrogation Center; 
(3) Joint Intelligence Cell 


Joint Intelligence Center-Europe 

Joint Intelligence Center-U.S. SOUTHCOM 
Designation of JICSOUTH upon movement to CONUS 
Joint Intelligence Center Europe 

Joint Intelligence Center Pacific 

Joint Intelligence Center Report 

Joint Intelligence Center for Transportation 

Joint Interoperability Engineering Organization (DISA) 
Joint Intelligence Estimate for Planning 

Joint Interrogation Facility 

Joint Interdiction of Follow-on Forces 

Joint Imagery Interpretation Key Structure 

Joint Intelligence Information Management 

Joint Intelligence Liaison Element 

JESS Intelligence Model 

Joint Interoperability of Tactical Command and Control Systems 
Joint Intelligence Task Force 

Joint Intelligence Organization 

Joint Intelligence Operations Center 

Joint Imagery Production Center 

Joint Integrated Prioritized Target List 

Joint Intelligence Support Architecture 

JTF Intelligence Support Architecture Document 


(1) Joint Intelligence Support Center; 
(2) Joint Intelligence Support Concept 


Joint Intelligence Support Element 

Joint Intelligence System Integration 
Japan Intelligence Support System 

Joint Intelligence Training Activity Pacific 
Joint Interoperability Test Center (DISA) 
Joint Integration Testing Facility 

Joint Intelligence Virtual Architecture 
Joint Logistics Assessment 

Joint Logistics Assessment Review Group 
Joint Logistics Center of Excellence 

Joint Liaison Detachment 

Jammer Locator Electronics 

Joint Logistics Management Information System 
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ES 


MICS 
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m 


MINI 


s 
Fd 
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Joint Logistics Over the Shore 

Joint Logistics and Personnel Policy and Guidance 

Joint Logistics Readiness Center 

Joint Logistics Readiness Center 

Joint Long-Range Estimating Intelligence Document (JSPS) 
Joint Long-Range Strategic Appraisal 

Joint Logistics Steering Panel 

Joint Mission 


(1) Joint Mobilization Augmentation; (2) Joint Mission Analysis 


Joint Mobility Assistance Team 
Joint Movement Center 


(1) Joint MC&G Coordination Center; 
(2) Joint Mobile Command Center 


Joint Maritime Command Information System 
Joint Munitions Effectiveness Manual 


Joint Mission Element Needs Statement 


(1) Joint Mission Essential Target List; 
(2) Joint Mission Essential Task List 


JTIDS Modular AOC Integration System 

Joint Military Intelligence College 

JWICS Mobile Integrated Communications System 
Joint Maritime Information Element 

JMIE Support System and Modernization 

Joint UHF MILSATCOM Network Integrated 

Joint Military Intelligence Program 

Joint Military Intelligence Support Element 

Joint Military Intelligence Training Center 

Joint Mission Needs Statement 

Joint Management Office 

Joint Mobile Operations Command Center 

(1) Joint Manpower Program; (2) Joint Mobilization Program 
Joint Material Priorities Allocation Board 

Joint Munitions Production Panel 

Joint Military Readiness Review 

Japan Maritime Self-Defense Force 

Joint Modeling and Simulation Integration Program 
Justification for Major System New Start 

Joint Management Support Tool 

Joint Military Transportation Board 


(1) Joint Military Terminology Group; 
(2) Joint Master Training Guide 


Joint Mapping Tool Kit 


Joint Nuclear Accident Coordinating Center 
Yugoslavia National Air Force 
Jet Navigation Chart 
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JNC-A 
JNIDS 


JNPE 
JOA 
JOC 
JOC/INT 
JOG 
JOG-A 
JOG-C 
JOG-G 
JOG-R 
JOIC 
JOIN 
JOINT REDTRAIN 
Joint STARS 
JOP 
JOPES 
JOPS 
JOS 
JOSE 
JOTS 
JP 
JPAM 
JPAT 
JPD 
JPEA 
JPEC 
JPL 
JPM 
JPMIE 
JPMO 
JPN 
JPO 
JPOTF 
JPOTG 
JPPR 
JPRS 
JPSD 
JPSS 
JPSIO 
JRA 
JRB 
JRC 
JRCB 
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Jet Navigation Chart-Air 


(1) Joint National Intelligence Dissemination System; 


(2) Joint National Intelligence Development Staff 
Joint Nuclear Planning Element 

Joint Operations Area 

Joint Operations Center 

Joint Operations Center/Intelligence Team 
Joint Operations Graphic 

Joint Operations Graphic-Air 

Joint Operations Graphic-Combined 

Joint Operations Graphic-Ground 

Joint Operations Graphic-Radar 

Joint Operational Intelligence Center/Cell 
Joint Operations Intelligence Network 
Joint Readiness Training 

Joint Surveillance Target Attack Radar System 
Joint Operating Procedure 

Joint Operations Planning and Execution System 
Joint Operational Planning System 

Joint Operational Stocks 

Joint Operations Support Element 

Joint Operational Tactical System 

(1) Jet Petroleum; (2) Joint Publication 
Joint Program Assessment Memorandum 
Joint Planning and Assistance Team 

Joint Planning Document 

Joint Planning and Exercise Activity 

Joint Planning and Execution Community 
Jet Propulsion Laboratory 

Joint Program Manager 

Joint Program for Military Intelligence Education 
Joint Program Management Office 

JSIC Peterson Node 

Joint Project Office 

Joint Psychological Operations Task Force 
Joint Psychological Operations Task Group 
Joint Planning and Program Review 

Joint Publications Research Service 

Joint Precision Strike Demonstration 

Joint Planning Staff for Space 

Joint Precision Strike Integration Office 
Joint Rear Area 

Joint Reconnaissance Board 


(1) Joint Reconnaissance Center; (2) Joint Recovery Center 


Joint Reconnaissance Coordination Board 
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JRMB 
JRO 
JROC 
JROC-B 
JRS 
JRSC 
JRTC 


JRTC-IS 
JRX 

JRX MILES 
JS 

J/S 


JSAJAC 
JSAC 
JSAM 
JSAMSA 
JSB 

JSC 
JSCP 
JSCS 
JSDF 
JSEAD 


JSFC 
JSIC 
JSIMS 
JSIOC 
JSIOPC 
JSIP 
JSIPS 
JSIPS-N 
JSMB 
JSO 
JSOA 


JSOACC 
JSOC 
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Joint Rescue Coordination Center 

Joint Readiness Command Program 

Joint Regional Defense Command 

Joint Research and Development Objectives Document 
Joint Restricted Frequency List 

Joint Reserve Intelligence Program 

Joint Requirements and Management Board 
Joint Reconnaissance Office 

Joint Requirements Oversight Council 

Joint Refugee Center, Berlin 

Joint Reporting System/Structure 
Jam-Resistant Secure Communications 


(1) Joint Readiness Training Center; 
(2) Joint Regional Training Center 


JRTC Instrumentation System 
Joint Readiness Exercise 

JRX Milestone System 

Joint Staff 


Ratio of received power level of a jamming signal and a desired 
signal 


Security Activity 

Joint State Area Command 

Joint Security Assistance Memorandum 

Joint Security Assistance Memorandum Supporting Analysis 
Joint Synthetic Battlespace 

(1) Lyndon B. Johnson Space Center; (2) Joint Spectrum Center 
Joint Strategic Capabilities Plan 

Joint Strategic Connectivity Staff 

Japanese Self-Defense Forces 


(1) Joint Surveillance Enemy Air Defense; 
(2) Joint Suppression of Enemy Air Defenses 


Joint Space Fundamentals Course 

Joint SPACECOM Intelligence Center 

Joint Simulation System 

Joint Space Intelligence Operations Course 

Joint Space Intelligence Operations Policy Course 
Joint Services Imagery Processor 

Joint Service Imagery Processing System 

Joint Service Imagery Processing System-Navy 
Joint Space Management Board 

(1) Joint Staff Office; (2) Joint Support Office 


(1) Joint Special Operations Agency; 
(2) Joint Special Operations Area 


Joint Special Operations Air Component Commander 


(1) Joint Special Operations Center; (2) Joint Strategic 
Operations Center; (3) Joint Special Operations Command 
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JSODC Joint Special Operations Deception Course 
JSOFI Joint Special Operations Forces Institute 
JSOIC Joint Special Operations Intelligence Course 
JSOIT Joint Special Operations Intelligence Training 
JSOIO Joint Special Operations Intelligence Orientation 
JSOP Joint Strategic Objectives Plan 
JSOPW Joint Special Operations Planning Workshop 
JSOR Joint Service Operational Requirement 
JSOSOC Joint Special Operations Staff Officer Course 
JSOTF Joint Special Operations Task Force 
JSOTFSO Joint Special Operations Task Force South 
JSOTP Joint Special Operations Training Project 
JSOW Joint Standoff Weapon 
JSPD Joint Strategic Planning Document 
JSPDSA Joint Strategic Planning Document Supporting Analysis 
JSPO Joint System Program Office 
JSPS Joint Strategic Planning System 
JSR (1) Joint Strategy Review; (2) Joint Special Reports 
JSRC Joint Search and Rescue Center 
JSS (1) Joint Surveillance System; (2) JMIE Support System 
JSST (1) Joint Space Support Team; (2) Joint Special Support Team 
JSTARS Joint Surveillance and Target Attack Radar System 
JSTPS Joint Strategic Target Planning Staff 
JSWG (1) J-TENS Special Working Group; 
(2) Joint Service Working Group 
JT Joint 
JTA (1) Joint Task Analysis; (2) Joint Table of Allowances 
JTAGS Joint Tactical Ground Station 
JTAO Joint Tactical Air Operations 
JTARS Joint Tactical Aerial Reconnaissance System 
JTASC Joint Training, Analysis and Simulation Center 
JTB (1) Joint Transportation Board; (2) Joint Targets Board 
JTC (1) Joint Target Committee; (2) Joint Technology Center; 
(3) JFACC Target Cell 
JTC3A Joint Tactical Command, Control, and Communications Agency 
JTCAE Joint Tactical Control and Analysis Element 
JTCB Joint Targets Coordination Board 
JTCG Joint Technical Coordinating Group 
JTCG(ME) Joint Technical Coordinating Group (For Munitions 
Effectiveness) 
JTC/SIL Joint Technology Center/ Systems Integration Laboratory 
JTD Joint Table of Distribution (Manning Authorization for a Joint 
Organization) 
JTDA Joint Table of Distribution and Allowances 
JTEB Joint Test and Evaluation Board 
J-TENS Joint Tactical Exploitation of National Systems 
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JTENS 
JTF 
JTF-6 
JTF-B 
JTFCEM 
JTF-FA 
JTF-LOCE 
JTF-PM 
JTFPO 
JTF-PP 
JTF-SWA 
JTFHQ 
JTFP 
JTFPMO 
JTFSO 
JTG 

JTIC 
JTID 
JTIDS 
JTL 
JTMD 


JTN 
JTOSS 
JTP 
JTR 
JTRU 
JTSC 
JTSG 
JTT 
JTTP 
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Joint-Service Tactical Exploitation of National Systems 
(1) Joint Tactical Fusion; (2) Joint Task Force 

Joint Task Force-6 

USSOUTHCOM JTF in Honduras 

Joint Task Force Contingency Engineer Manager 

Joint Task Force-Full Accounting 

Joint Tactical Fusion-Limited Operational Capability Europe 
Joint Task Force-Panama 

Joint Tactical Fusion Program Office 

Joint Task Force PROVIDE PROMISE 

Joint Task Force-South West Asia 

Joint Task Force Headquarters 

Joint Tactical Fusion Program 

Joint Tactical Fusion Program Management Office 
Joint Task Force South 

Joint Task Group 

Joint Transportation Intelligence Center 

Joint Digital Team Information Device 

Joint Tactical Information Distribution System 

Joint Target List 


(1) Joint Theater Missile Defense; 
(2) Joint Table of Mobilization and Distribution 


Joint Targeting Network 

Joint Task-Organized Software Subsystem 
Joint Training Plan 

Joint Travel Regulation 

Joint Transportation Reserve Unit 

Joint Technology Steering Committee 
Joint Targets Steering Group 

Joint Tactics Terminal 

Joint Tactics, Techniques and Procedures 
Joint Threat Warning System 

Joint Training Exercise 

Joint UAV Training Center 

Joint Universal Data Interpreter 

Joint Universal Lessons Learned 

Joint Universal Lessons Learned System 
Joint Uniform Military Pay System 

Joint United States Military Advisory Group 
Joint Unconventional Warfare Command 


Joint Unconventional Warfare Task Force 
Joint Visual Integrated Display System 
Joint Warfare Analysis Center 

Joint Warfare Simulation 

Joint Whole Blood Control Agency 
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JWC (1) Joint Warfare Center; (2) Joint Working Group 
JWCA Joint Warfighting Capability Assessment 
JWFC Joint Warfighting Center 
JWG Joint Working Group 
JWICS (1) Joint Warning Indications Communications System; 
(2) Joint Worldwide Intelligence Communications System 
JWID Joint Worldwide Interoperability Demonstration 
J2X JTF J2 Support Element 
118 


Page 3387 of 3957 


KIA-BNR 
KIAS 
KIES 
KIEWS 
KILLREP 
KILLSUM 
KILOD 
KIP 
KIPPL 
KISS 
KIWS 

KJ 
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Kelvin (absolute temperature scale) 
Korea Analysis Center 

Korean Air Defense Identification Zone 
Korean Air Intelligence System 
Key-Auto-Key 

Key Asset List 

Korean Airlift Control Center 

Key Asset Protection Program 

Korean Analyst Workstation 

(1) Kilobyte; (2) Knowledgeability Brief 
Kilobits Per Second (also KPS) 
Knowledge-Based System 

Kilobytes 

Korean Consultative Group 

Korean Central Intelligence Agency 
Korean Combat/Combined Operations Intelligence Center 
Korean Combat Support System 

Key Distribution Center 

Key Defense Estimates Issues 

Korean Defense Intelligence Agency 
Key Defense Intelligence Issues 
Kinetic Energy 

Key Encryption Key 

Kaleidoscope Elint Processor 

Kinetic Energy Weapon 

(1) Kilogram; (2) Key Generator 
Committee for State Security (FSU) 
Keyhole 

Killed by Hostile Action 

Kilohertz 

Killed in Action 

Killed in Action, Body Not Recovered 
Knots Indicated Air Speed 

Kodak Imagery Exploitation System 
Kodak Imagery Edit Workstation 

Kill Report 

Kill Summary 

Killed in the Line of Duty 

(1) Key Intelligence Position; (2) Key Indigenous Personnel 
Key Intelligence Program Priorities List 
Korean Intelligence Support System 
KISS Intelligence Workstation 

(1) Kilojoules; (2) Key Judgments 
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KM Kilometer 

KMASE Key Management Application Service Element 
KMC Key Management Center 

KM/HR Kilometers Per Hour 

KMODC Key Management Ordering and Distribution Center 
KMID Key Management Identification Number 
KMP Key Management Protocol 

KMPDU Key Management Protocol Data Unit 

KMR Kwajalein Missile Range 

KMS Key Management System 

KMSA Key Management System Agent 

KMUA Key Management User Agent 

KN Knot 

knots Nautical Miles per hour 

KP Key Processor 

KPH Kilometers Per Hour 

KPK Key Production Key 

KS South Korea (ROK) 

KSA Knowledge, Skills, and Abilities 

KSC Kennedy Space Center 

KSOS Kernelized Secure Operating System 

KT (1) Kiloton; (2) Knot 

KTAS Knots True Airspeed 

KTO Kuwait Theater of Operations 

KTTP Korean Tactics, Techniques, and Procedures 
Ku A Satellite Frequency Band 

KUSLO U.S. Liaison Office-Kenya 

KW Kilowatt 

KWH Kilowatt Hours 

KVG Key Variable Generator 
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L 


LAAIB 
LAAM 
LAB 
LABS 
LAD 
LADD 
LAEO 
LAEWWING 
LAF 
LAFTA 
LAGEOS 
LAI 

LAL 
LALO 
LAM 
LAMM 
LAMP 


LAN 
LANDCENT 
LANDSAT 
LANDSOUTH 
LANFORSIXTHFLT 
LANL 

LANT 

LANTAF 
LANTAREA 
LANTCOM 
LANTCOMDIS 
LANTCOM JIC 
LANTDAC 
LANTDIS 
LANTFLT 
LANTIRN 


LANTIS 
LANUP 
LANWAN 
LAR 
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Latin American Air Intelligence Brief 
Light Anti-Aircraft Missile 

Laboratory 

Laboratories 

Launch Assist Device 

Low Angle Drogue Delivery 
Low-Altitude Electro-Optical 
Light-Airborne Early Warning Wing 
Launch Alert Folder 

Latin America Free Trade Association 
Laser Geodynamic Satellite 

(1) Light Armored Infantry; (2) Look-Down Air Intercept 
Library Accessions List 

Low-Altitude Low-Opening 

Louisiana Maneuvers 

Land Armament and Manpower Model 


Lockwood Analytical Method for Prediction LAMPS 
(1) Light Airborne Multipurpose System; 
(2) LANTCOM Message Processing System 


Local Area Network 

Land Forces Central Region 

Land Satellite (Commercial Multi-Spectral) 

Land Forces Southern Region 

Landing Force Sixth Fleet 

Los Alamos National Laboratory 

Atlantic 

Atlantic Command Air Forces 

Atlantic Area 

Atlantic Command (now ACOM) 

Atlantic Command Deployable Intelligence System 
Atlantic Command Joint Intelligence Center (AIC) 
Atlantic Command Defense Analysis Center 
USACOM Deployable Intelligence System 

U.S. Atlantic Fleet 


Low-Altitude Navigation and Targeting Infrared System for 
Night 


Atlantic Intelligence Supplement 

Local Area Network Upgrades 

Local Area Network/Wide Area Network 
Laser-Aided Rocket 
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LARB 
LARS 
LAS 
LASA 
LASER 
LASERFAX 
LASH 
LASINT 
LASTE 
LAT 
LATAM 
LATIN 
LATS 
LATWING 
LAV 
LAW 
LAWS 
LB 

Lb 
L-BAND 
LBR 

Ibs (LB) 
LBSR 

LC 

LCAC 
LCC 


LCC-IC 
LCD 
LCE 


LCF 
LCM 
LCP 
LCPR 
LCS 
LCSMM 
LCSR 
LCU 
LCW 
LCWS 
LD 
LDC 
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Light Amphibious Reconnaissance Battalion 
Light Artillery Rocket System 

Land Analysis System 

Light Armed Surveillance Attack 

Light Amplification by Stimulated Emission of Radiation 
Secure System for Transmitting Photos 

Lighter Aboard Ship 

Laser Intelligence 

Low-Altitude Safety Targeting Enhancement 
Latitude 

Latin America 

Atlantic Command Theater Intelligence Network 
Large Aperture Tracking System 

Light Attack Wing 

Light Armored Vehicle (non-tactical) 

Light Antitank Weapon 

Long-Range Cruise Missile Analysis and Warning System 
Live Broadcast 

Pound 

1 to 2 GHz 

Laser Beam Recorder 

Pounds 

Lightweight Battlefield Surveillance Radar 

(1) Library of Congress; (2) Line of Contact 
Landing Craft, Air Cushion 


(1) Amphibious Command Ship; (2) Logistics 
Coordination Center; (3) Launch Control Center; 
(4) Land Component Commander 


Amphibious Command Ship-Intelligence Center 
Liquid Crystal Display 


Liaison Coordination Element (Special Operations Liaison Team 
in Coalition Operations) 


Launch Control Facility 

(1) Medium Landing Craft; (2) Life Cycle Management 
(1) Personnel Landing Craft; (2) Launching Control Post 
Ramped Personnel Landing Craft 

Low-Cost Satellite 

Life Cycle Support Management Model 

Swimmer Reconnaissance Landing Craft 

(1) Utility Landing Craft; (2) Launch Correlation Unit 
Special Warfare Support Craft 

Low-Cost Workstation 

(1) Line of Departure; (2) Laser Defense 


(1) Less-Developed Country; (2) Local Data Concentrator; 
(3) Light-Weight Deployable Communication; 
(4) Land Defense of CONUS 
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LDEF 
LDF 
LDIS 
LDM 
LDMX 
LDR 
LDS 
LDSD 
LDT 
LDX 
LEA 
LEAD 


LEAF 
LEASAT 
LED 
LEDS 
LEM 

LEN 
LENSCE 
LEP 
LEPCU 
LEO 

LEO COM 
LERTCON 
LES 


LEW 
LEXIS 
LF 
LF6F 
LFC 
LFICS 
LFM 
LFOC 
LFOV 
LFR 
LFRSV 
LFS 

LG 
LGB 
LHA 
LHA-IC 
LHD 
L-HOUR 
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Long Duration Exposure Facility 
Lightweight Digital Facsimile 
Library Document Inventory System 
Limited Distance Modems 

Local Digital Message Exchange 
Low Data Rate 

Laser Detection System 
Lookdown/Shootdown 

Large Diameter Target 
Long-Distance XEROX 

Law Enforcement Agency 


(1) Low-Cost Encryption/Authentication Device; 
(2) List of Emerging Activations and Dispositions 


Law Enforcement Access Field 

(1) Leased Satellite; (2) Leased System 

Light Emitting Diode 

Link 11 Display System 

Land Engagement Model 

Large Extension Node 

Limited Enemy Situation Correlation Element 
Linear Error Probable 

Lightweight Environmental Protection Combat Uniform 
Low Earth Orbit 

Low Earth Orbit Data Communications 

Alert Condition 


(1) Leading Edge Services; (2) Land Earth Station; 
(3) Limited Effects Submunition 


Limited Effects Weapons 

Meade Data Central Legal Service 

(1) Low Frequency; (2) Launch Facility; (3) Landing Force 
Landing Force 6th Feet 

Large Format Camera 

Landing Force Integrated Communications System 
Landing Force Manual 

Landing Force Operations Center 

Limited Field of View 

Inshore Fire Support Ship 

Launch-Fly-Recover Space Vehicle 

Amphibious Warfare Fire Support Ship 

ACC Director of Logistics 

Laser-Guided Bomb 

Amphibious Assault Ship (General Purpose) 

Amphibious Assault Ship (General Purpose)-Intelligence Center 
Multi-Purpose Amphibious Assault Ship 

Hour on C-Day when deployment begins 
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LHR 
LHW 
LHX 

LIC 
LIDAR 
LIGHTSAT 
LIMDIS 
LIME 
LIMMER 
LIN 
LINCS 
LIR 

LISS 
LITE 
LITES 
LITINT 
LIVID 
LIWA 

LJ 

LKA 
LKG 

LL 
LLLTV/IR 
LLSO 
LLTV 
LLNL 


E pEEBEE BE 
sazz 


xs 


Ep eL rte 
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Low Hop Rate 

Lower High Water 

Lightweight Helicopter 

Low-Intensity Conflict 

Light Detection and Ranging 

Lightweight Satellite 

(1) Limited Dissemination; (2) Limited Distribution 
Laser-Induced Magnetic Emissions 

Limited Control of Merchant Shipping 
LANTCOM Intelligence Network 

Long-Range Intelligence Networked Communications Service 
Launch and Impact Report 

LANTCOM Intelligence Support System 
Laptop Imagery Transmission Equipment 

Laser Intercept and Technical Exploitation System 
Literature Intelligence 

Language Identification and Voice Identification 
Land Information Warfare Activity 

Laser Jet 

Amphibious Cargo Ship 

Loop Key Generator 

(1) Landline; (2) Latent Lethal Dose 
Low-Light-Level TV/Infrared 

Low-Level Source Operations (CI/HUMINT) 
Low-Light-Level Television 

Lawrence Livermore National Laboratory 

Land Liaison Office 

Lower Low Water 

Low-Level Voice Intercept 

GENSER Intelligence Broadcast 

LOCE Mobile Correlation Center 

Local Management Device 

Local Management Device/Key Processor 
Layer Management Entry 

Layer Management Interface 

Land Mobile Radio 


Lightweight Man-Transportable Radio Direction Finding 
System 


(1) Local Monitor Station; (2) Least Means Squared 
Large Medium Speed RO/RO 

Low Noise Amplifier 

Liaison Element 

Liquefied Natural Gas 

Atlantic Command Naval Intelligence Summary 

(1) Limited Nuclear Option; (2) Liaison Officer 
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LNU 
LO 
LO/LO 
LOA 


LOAC 
LOB 
LOC(S) 


LOCD 
LOCE 


LOCK 
LOD 
LOFAR 
LOG 
LOGCAP 
LOGEX 
LOGS 
LOI 
LON 
LONG 
LORAD 
LORAN 
LOROP 
LOROPS 


LOS 
LOTS 
LOW 
LOX 
LP 
LPA 
LPAR 
LPC 
LPD 


LPD/I 
LPF 
LPG 
LPH 
LPI 
LPO 
LPR 
LPS 
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Last Name Unknown 
(1) Liaison Officer; (2) Low Observables 
Lift-On/Lift-Off 


(1) Letter of Agreement; (2) Lead Operational Authority; 
(3) Letter of Assist 


Law of Armed Conflict 
Line of Bearing 


(1) Line(s) of Communication; (2) Library of Congress; 
(3) Launch Operations Center; (4) Liaison Officer Coordinator; 
(5) Location; (6) ILS Localizer 


Lines of Communication Designators 


(1) Limited Operational Capability, Europe; 
(2) Linked Operations-Intelligence Centers Europe 


Logical Co-Processing Kernel 
Low-Observable Demonstrations 
Low-Frequency Analysis and Recording 
Logistics 

Logistics Civil Augmentation Program 
Logistics Exercise 

Logistics 

(1) Letter of Instruction; (2) Location of Interest 
Longitude 

Longitude 

Long-Range Air Defense 

Long-Range Navigation 

Long-Range Oblique Photography 


(1) Long-Range Optical System; 
(2) Long-Range Oblique Photographic Sensor 


(1) Line of Sight; (2) Law of the Sea 

(1) Lighter Over the Shore; (2) Logistics Over the Shore 
(1) Laws of War; (2) Launch on Warning 

Liquid Oxygen 

Listening Post 

Amphibious Personnel Transport 

Large Phased-Array Radar 

Linear Predictive Coding 


(1) Amphibious Assault Transport Dock; 
(2) Low Probability of Detection 


Low Probability of Detection/Intercept 

Low Pass Filter 

Liquefied Natural Gas 

Amphibious Assault Ship (Helicopter) 

(1) Low Probability Intercept; (2) Lines per Inch 

Leading Petty Officer 

Amphibious Transport (Small) 

(1) Logistics Planning Study; (2) Large Processing Station 
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LPSS Amphibious Transport Submarine 

LPT Logistics Preparation of the Theater 

LRA Long-Range Aviation (FSU) 

LRAA Long-Range Air Army (FSU) 

LRAACA Long-Range Air-ASW Capable Aircraft 

LRAAM Long-Range Air-to-Air Missile 

LRC (1) Logistics Readiness Center; (2) Logistics Resupply Center; 


(3) Lesser Regional Contingency; (4) Limited Regional Conflict; 
(5) Limited Regional Contingency 


LRCM Long-Range Cruise Missile 
LRCS Light-Reaction Communications System 
LRE Launch and Recovery Element 
LREO Long Range Electro-Optical 
LRINF Longer Range Intermediate-Range Nuclear Forces 
LRIP Limited/Low-Rate Initial Production 
LRL Low-Cost Receive Location 
LRM Low-Rate Multiplexer 
LRP (1) Low-Rate Production; (2) Long-Range Plan; 

(3) Limited Response Package 
LRR Long-Range Reconnaissance 
LRRP Long-Range Reconnaissance Patrol 
LRSC Long-Range Surveillance Company 
LRSO Long-Range Surveillance Out-Post 
LRSP (1) Long-Range Surveillance Plan; 

(2) Long-Range Systems Plan 
LRSPRAC Long-Range Special Reporting and Coordination 
LRSTIA Long-Range Scientific and Technical Intelligence Assessment 
LRSU Long-Range Surveillance Unit 
LRTNF Long-Range Theater Nuclear Forces 
LRU Line-Replaceable Unit 
LSA (1) Logistics Support Analysis; (2) LAN Systems Administrator 
LSB Lower Sideband 
LSC Linear Shaped Charge 
LSCS Logistics Support Command, Somalia 
LSD (1) Landing Ship, Dock; (2) Lease Separation Distance 
LSDV Swimmer Delivery Vehicle 
LSE Logistic Support Element 
LSG Large-Scale Graphics 
LSI Large-Scale Integration 
LSM Medium Amphibious Assault Landing Ship 
LSP Launch Sequence Plan 
LSS Library Support System 
LSSA Logistic System Support Activity 
LSSC Light Seal Support Craft 
LST (1) Amphibious Vehicle Landing Ship; (2) Local Standard Time 
LST-5C Deployable Satellite Terminal 
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LSV 
LT 
LTAC 
LTAS 
LTBT 
Ltd 
LTDP 
LTDS 
LTI 
LTID 
LTIOV 
LTMS 
LTOE 
LUA 
LUT 
LVDS 
LW 
LWA 
LWIR 
LWM 
LWOP 
LWR 
LWT 
LZ 
LZCT 
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Light Strike Vehicle 

(1) Light Table (2) Light 

Land Terminal Access Control 
Lightweight Tactical Army Satellite Communications System 
Limited Test Ban Treaty 

Limited 

NATO Long-Term Defense Program 
Laser Target Designator System 
Lightweight Thermal Imager 

Laser Target Interface Device 

Latest Time Information of Value 
Light Table Mensuration System 
Living Table of Organization and Equipment 
Launch Under Attack 

Limited User Test 

Low-Volume Dissemination System 
Low Water 

Light Weight Aircraft 
Long-Wavelength Infrared 
Lightweight Motor 

Leave Without Pay 

Lutheran World Relief, Inc 
Amphibious Warping Tug 

Landing Zone 

Landing Zone Control Team 
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MAC-IN 
MACA 
MACCOM 
MACCS 
MACDIS 
MACLO 
MACOM 
MACSAT 
MAD 
MADP 
MAE 


MAEO 
MAE-UAV 
MAF 
MAFC 
MAG 


MAGIC 
MAGIIC 
MAGIS 
MAGR 
MAG Tape 
MAGTF 


MAINT 
MAIS 
MAISRC 
MAJCOM 
MAMS 
MAN 
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Material, Maintenance, Management 
(1) Meter; (2) Mach; (3) Mega (Million) 
M1A1 ABRAMS Tank 

Mission Assessment 

Mission Area Analysis 

Military Assistance Advisory Group 
Master Air Attack Plan 

Marine Amphibious Brigade 


(1) Military Airlift Command (now AMC); (2) Mobile Inshore 
Undersea Warfare Attack Craft; (3) Multi-Array Correlator; 
(4) Missile Analysis Center; (5) Mandatory Access Control; 
(6) Message Authentication Code; (7) Military Areas of 
Coordination 


Military Airlift Command-Director of Intelligence 

Military Assistance to Civil Authorities 

MAC Communications (Network) 

Marine Aviation Command and Control System 

Military Assistance to Civil Disturbances 

MAC Liaison Officer 

(1) Major Army Command; (2) Major Command 

Multiple Access Communications Satellite 

(1) Magnetic Anomaly Detector; (2) Mutual Assured Destruction 
Military Attache for Defense Programs 


(1) Mean Area of Effectiveness; 
(2) Medium Altitude Endurance UAV (formerly Tier II) 


Medium-Altitude Electro-Optical 

Medium-Altitude Endurance Unmanned Aerial Vehicle 
Marine Amphibious Force 

MAGTF All-Source Fusion Center 


(1) Marine Aircraft Group; (2) Military Assistance Group; 
(3) Military Advisory Group; (4) Magnetic 


Maritime Air-Ground Intelligence Cell 

Mobile Army Ground Imagery Interpretation Center 
Marine Air-Ground Intelligence System 

Miniature Airborne GPS Receiver 

Magnetic Tape 


(1) Marine Air-Ground Task Force; 
(2) Marine Amphibious Ground Task Force 


Maintenance 

Military Airlift Intelligence System 

Major Automated Information System Review Council 

(1) Major Air Force Command; (2) Major Command 
MASINT Automated Management System 

(1) Mandatory Modification; (2) Metropolitan Area Network 
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MANPADS 
MANPRINT 
MAO 
MAOC 
MAP 


MAPREQ 
MARAD 

MARC 
MARCENT 
MARCORSYSCOM 
MARE 

MARECS 
MARDEZ 
MARDEZLANT 
MARDIV 
MARFOR 
MARFOREUR 
MARFOR-K 
MARFORCENT 
MARFORLANT 
MARFORPAC 
MARFORSOUTH 
MARG 
MARINETERP 
MARINTSUM 
MARISAT 
Mark-Up 


MARPAC 
MARREP 
MARS 


MART 
MARV 
MAS 


MASDR 
MASH 
MASINT 
MASS 
MASST 
MAST 
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Manportable Air Defense System 
Manpower and Personnel Integration 
Major Attack Option 

Modular Air Operations Center 


(1) Military Assistance Program; (2) Ministry of Aviation 
Industry (USSR); (3) Multiple Aim Point; (4) Master Attack 
Plan; (5) Materiel Acquisition Process 


Map Requisition System 

Maritime Administration 

MAC ALCE Reaction Communications System 
Marine Forces Central Command 

Marine Corps Systems Command 

Mission Analysis Report-Electrical 

Maritime European Communications Satellite 
Maritime Defense Zone 

Maritime Defense Zone, Altantic 

Marine Division 

Marine Forces 

Marine Forces Europe 

Marine Forces Korea 

Marine Forces, Central Command 

Marine Forces Atlantic 

Marine Forces Pacific 

Marine Forces, Southern Command 

(1) Marine Amphibious Readiness Group; (2) Marginal 
Westlant Maritime Intelligence Report 
Maritime Intelligence Summary 

Maritime Satellite (COMSAT) 


Detailed Budget Recommendation from a Congressional 
Committee 


Marine Forces Pacific 


Maritime Report 


(1) Man-hour Accounting and Reporting System; 
(2) Military Affiliate Radio System; (3) Monthly Aerial 
Reconnaissance Summary 


Mobile Autodin Record/Remote Terminal 
Maneuverable Reentry Vehicle 


(1) Military Airlift Squadron; (2) Measurement and Signature; 
(3) Message Analysis Server; (4) Military Agency for 
Standardization 


Measurement and Signature Data Requirements 
Mobile Army Surgical Hospital 
Measurement and Signature Intelligence 


(1) Matrix Analysis Subsystem; (2) Missile and Space Summary 


Major Ship Satellite Terminal 


(1) Mobile Ashore Support Terminal; (2) Manual Acquisition 
Satellite Track; (4) MILSTAR Advanced Satellite Terminals 
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MAT 
MATB 
MATC 
MATDEV 
MATRIX 


MATS 
MATSYM 
MATT 
MATWING 
MAU 
MAVUS 


MAW 
MAWTS 
MAXI 

MB 

Mb 

MBA 

MBB 

MBC 
MBFR 
MBITR 
MBO 
MBMR 
MBPS 
MBRADIO 
MBT 
MBYTES/Mbyte 
MC 


MCA 


MCAR 
MCAS 
MC ASI 
MCB 
MCC 


MCCB 
MCCC 
MCCP 
MCCS 
MCCT 
MCDN 
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Medium Assault Transport 
Multi-Spectral Analyst Test Bed 
Armored Troop Carrier, Mini 
Materiel Developer 


Multi-source Automatic Target Recognition with 
Interactive Exploitation 


Mobile Automatic Telephone System 
Material Symbol 

Multi-Mission Advanced Tactical Terminal 
Medium Attack Wing 

Marine Amphibious Unit 


Maritime Vertical Takeoff and Landing Unmanned Aerial 
Vehicle System 


(1) Military Airlift Wing; (2) Marine Aircraft Wing 
Marine Aviation Weapons and Tactics Squadron 
Modular Architecture for the Exchange of Intelligence 
(1) Megabit; (2) Meteor Burst; (3) Megabits 
Megabyte 

(1) Main Battle Area; (2) Multiple Beam Antennae 
Modular Building Block (of EIF/ECMC) 

Meteor Burst Communications 

Mutual and Balanced Force Reduction 

Multiband Inter Team Radio 

Management by Objective 

Multiband Multimode Radio 

Megabytes per Second 

Multiband Radio 

Main Battle Tank 

Megabytes 


(1) Military Committee; (2) Mobility Corridor; (3) Joint Military 
Intelligence College; (4) Multi-Channel MC&G Mapping, 
Charting and Geodesy 


(1) Maritime Collection Assets; (2) Military Capabilities Assess- 
ment; (3) Military Civil Action; (4) Mission Concept Approval 


Multi-Channel Acoustic Relay 

Marine Corps Air Station 

Marine Corps Assistant Chief of Staff Intelligence 
(1) Markings Center Brief; (2) Marine Corps Base 


(1) Mobile Command Center; (2) Movement Control Center; 
(3) Mission Control Complex; (4) Military Coordination Center; 
(5) Mission Control Cell; (6) Mission Control Center 


Modification/Configuration Control Board 
Mobile Consolidated Command Center (USSPACECOM) 
Marine Corps Campaign Plan 


Mobile Command and Control System 
Mobile Command Communications Team 
Marine Corps Data Network 
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MCDS 
MCE 
MCEB 
MCG 


MCG&I 
MCIA 
MCM 


MCMIP 
MCO 
MCOO 
MCP 
MCR 
MCRB 
MCRC 
MCRD 
MCRP 
MCS 


MCSF 
MCSFBN 
MCSP 
MCST 
MCT 
MCTL 


MCU 
MCW 
MD 
MDA 
MDAP 
MDC 


M-Day 
MDI 
MDCI 
MDCISUM 
MDDS 
MDID 
M-DITDS 
MDJCS 


MDLX 
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Multilateral Counterterrorism Data System 
(1) Mission Control Element; (2) Modular Control Equipment 
Military Communications Electronics Board 


(1) Magneto Cumulative Generator; (2) Minimum Character 
Grid; (3) Monitor Control Group; (3) Mapping, Charting, and 
Geodesy 


Mapping, Charting, Geodesy, and Imagery 
Marine Corps Intelligence Activity 


(1) Mine Countermeasures; (2) Military Committee Memoran- 
dum; (3) Multi-Command Manual; (4) Chairman of the Joint 
Chiefs of Staff Memorandum (Designator) 


Marine Corps Master Intelligence Plan 
MASINT Control Officer 

Modified Combined Obstacles Overlay 
Mobile Command Post 

Military Command Region 

Military Costing Review Board 
Master Control and Reporting Center 
Marine Corps Recruit Depot 


Mobilization Command Readiness Program 


(1) Mine Countermeasures Support Ship; (2) Military Capabili- 
ties Study; (3) Maneuver Control System; (4) Master Control 
Station; (5) Mission Control Segment 


Mobile Cryptologic Support Facility 
Marine Corps Security Force Battalion 
Mobile Communications Support Package 
Magnetic Card Selectric Typewriter (IBM) 
Mobile Communications Terminal 


(1) Mediterranean Contingency Target List; 
(2) Military Critical Technologies List 


Mobile Communications/Command Unit 

Modulated Continuous Wave 

(1) Military District; (2) Map Distance; (3) Mission Director 
Missile Defense Act of 1991 

Major Defense Acquisition Program 


- 


(1) Manipulation Detection Code; 
(2) Message Distribution Center 


Day on which mobilization begins 
Multidiscipline Interaction 

Multidisciplinary Counterintelligence 
Multidisciplinary Counterintelligence Summary 
Modular Digital Dissemination System 

MSE Data Interface Device 

Migration Defense Intel Threat Data System 


Memorandum by the Director, Joint Staff for the Joint Chiefs of 
Staff 


Military Demarcation Line Extended 
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MDPS Mission Data Preparation System 
MDO JAPAN Military Defense Office, Japan 
MDR (1) MASINT Data Request; (2) Medium Data Rate 
MDS (1) Mission Dependent Segment; 
(2) Modular Dissemination System 
MDT Message Distribution Terminal 
MDU (1) Mine Disposal Unit; (2) Mission Data Update 
MDW Military District of Washington 
MDZ Maritime Defense Zone 
ME (1) Middle East; (2) Munitions Effectiveness 
MEA Munitions Effectiveness Assessment 
MEAP Military Economic Advisory Panel 
MEB Marine Expeditionary Brigade 
MEBE Middle East Basic Encyclopedia 
MEC Main Evaluation Center 
MECD Military Equipment Characteristics Document (NATO) 
MECH Mechanized 
MECL Mission Essential Circuits List 
MECO Main Engine Cutoff (Shuttle and Expendable Launch Vehicles) 
MECS Manual ELINT Collection System 
Med Mediterranean 
MED (1) Message Element Dictionary (JINTACCS); 
(2) Manipulative Electronic Deception; (3) Medical 
MED-RES Medium Resolution 
MEDCAP Medical Civic Action Project 
MEDCOM Medical Command 
MEDEVAC Medical Evacuation 
MEDRETE Medical Readiness Training Exercises 
MEDINT Medical Intelligence 
MEECN Minimum Essential Emergency Communications Network 
MEF (1) Marine Expeditionary Force; (2) Maximum Elevation Figure 
MEFCG MEF Command Group 
MEFTL Middle East Force Target List 
MEIF Master ELINT Intercept File 
MECL Mission Essential Circuits List 
MELOS Mediterranean Littoral OPINTEL Summary 
MELT Maximum Efficiency Language Training 
MEM Mission Effectiveness Model 
MENA Middle East (and) North Africa 
MENS Mission Element Needs Statement 
MEO Medium Earth Orbit 
MEP (1) Ministry of Electronics Industry (FSU); 
(2) Mission Enhancement Program (AWACS); 
(3) Management Engineering Plan 


MER (1) Maximum Effective Range; 
(2) Minimum Essential Requirements 
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MERADCOM 


MERCAST 
MERCO 
MERCOSUR/MERCOSUL 


MERIT 


MERSHIP 
MESA 
MET 


METCOM 
METEOSAT 
METL 
METOC 
METSAT 
METT-T 
MEU 
MEU(SOC) 
MEWSS 
MEWSS PIP 
MF 

MFC 

MF IDB 
MFLOPS 
MFO 

MFP 

MFP2 

MFR 

MFS 


MFT 
MG 
MGID 
MGMT 
MGPS 
MGR 
MGRS 
MGS 
MGT 
MHC 
MHD 
MHE 


MHOP 
MHS 
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Mobility Equipment Research and Development Command 
(U.S. Army) 


Merchant Ship Broadcast System 
Merchant Ship Reporting and Control 


Common Market of the South (South American Southern Cone 
Customs Union) 


Military Exploitation of Reconnaissance and Intelligence 
Technology 


Merchant Ship 
Mechanically Steered Antenna 


(1) Mobile Exploitation Team; (2) Meteorology; 
(3) MILSTAR Engineering Development Model Terminal 


Control of Meteorological Information 
Meteorological Satellite 

Mission Essential Task List 

Meteorological and Oceanographic 

Meteorology Satellite 

Mission, Enemy, Terrain, Troops and Time Available 
Marine Expeditionary Unit 

Marine Expeditionary Unit (Special Operations Capable) 
Mobile Electronic Warfare Support System 

Marine Electronic Warfare Support System-Product 
Medium Frequency 

Multinational Force Commander 

Mainframe Integrated Data Base 

Millions of Floating Point Operations per Second 
Multinational Force and Observers 

Major Force Program 


Major Force Program 2 
(1) Memorandum for Record; (2) Mutual Force Reduction 


(1) Ministry of State Security (East German); 
(2) Multifunction Switch 


Mission, Functions and Tasks 

Machinegun 

Military Geographic Information and Documentation 
Management 

Mobile Ground Processing System 

Manager 


Military Grid References System 

(1) Mission Ground Station; (2) Mobile Ground Station 
(1) Mobile Ground Terminal; (2) Management 

Coastal Mine Hunter 

Magnet-to-Hydrodynamic 


(1) Mechanized Handling Equipment; (2) Message Handling 
Enhancement; (3) Materiel Handling Equipment 


Multiple-Hop 
Message Handling System 
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MIBNLI 
MIBWG 
MIC 


MICEP 
MICNS 
MICOM 
MICON 
micro 
MICFAC 
MICS 
MICV 
MID 


MID(S) 


MIDAS 
MIDE 
MIDEASTFOR 
MI DET 
MIDL 
MIDLANT 
MIDPAC 
MIDMS 
MIEF 
MIERS 
MIES 
MIFASS 
MIG 


MIGP 
MIIA 
MIIDS 
MIIDS/IDB 


MIIPS 
MIJI 
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Miniature Homing Vehicle 

Mean High Water 

Megahertz 

Miles 

(1) Military Intelligence; (2) Message Indicator 
Missing in Action 


(1) Military Intelligence Board; (2) Military Intelligence 
Battalion; (3) Management Information Base 


Military Intelligence Battalion, Low Intensity 


Military Intelligence Board Working Group 


(1) Mid-Intensity Conflict; (2) Multinational Intelligence Cell; 
(3) Monolithic Integrated Circuit; (4) Maritime Intelligence 
Center 


Military Intelligence Civilian Excepted Career Program 
Modular Integrated Communications and Navigation System 
Missile Command (U.S. Army) 

Military ICON 

one millionth 

Mobile Integrated Command Facility Ashore Center 
MIIDS/IDB Interface to Client/Server 

Mechanized Infantry Combat Vehicle 


(1) Military Intelligence Detachment (2) Military Intelligence 
Digest MIDB Modernized Integrated Data Base; Migratory 
Integrated Data Base 


(1) Military Intelligence Detachments (Strategic); 
(2) Mobile Imagery Dissemination System 


MAXI Intelligence Desktop Application Software 
Mean Installation Damage Expectancy 

Middle East Force 

Military Intelligence Detachment 

Miniature Interoperable Data Link 

Mid-Atlantic 

Mid-Pacific 

Machine Independent Data Management System 
Master Imagery Exchange Format 

Modernized Imagery Exploitation & Reporting System 
Modernized Imagery Exploitation System 

Marine Integrated Fire and Air Support System 


(1) Mikoyan (FSU) Aircraft; (2) Military Intelligence Guide; 
(3) Military Intelligence Group 


Military Intelligence Group 
Medical Intelligence Information Agency (now AFMIC) 
Military Intelligence Integrated Data System 


Military Intelligence Integrated Data System/Integrated 
Database 


Military Intelligence Information Processor Subsystem 


Meaconing, Intrusion, Jamming, and Interference 
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MIJIFEEDER 
MIL 

MILAN 
MILCOM 
MILCOMSAT 
MILCON 
MILDEP 
MILGP 
MILGRPS 
mili 

MILNET 
MILOBS 
MILPERS 
MILSAT(COM) 
MILSPEC 
MILSTAR 


MILSTD 
MIMES 
MIMI 
MIMIC 
MIMS 


MIRACL 
MIRADCOM 


MIRE 
MIRF 
MIRGS 
MIRS 


Page 3404 of 3957 


Page 3404 of 3957 


Meaconing, Intrusion, Jamming, and Interference Report Feeder 
Military 

International Antitank Guided-Missile System 

Military Communications 

Military Communications Satellite 

Military Construction 

Military Department 

Military Group 

Military Advisory Groups 

one thousandths 

(1) Military Logistics Equipment; (2) Military Network 
Military Observer(s) 

Military Personnel 

Military Satellite (Communications) 

Military Specification 


(1) U.S. Military Communications Satellite Program; 
(2) Military Strategic and Tactical Relay 


Military Standard 

Multi-Spectral Imagery Materials Exploitation System 
Multi-Level Interactive Man/Machine Interface 

Monolithic Microwave/Millimeter Wave Integrated Circuit 
Multiple Independent Maneuvering Submissile 

Minutes 

Minimum Weapon for Damage 

Compact Version of Deployable Intelligence Support Element 
Miniature Terminal 

United Nations Mission for the Referendum in Western Sahara 
Multi-Media Information Exchange 


Mobile Intelligence Processing Element 
(1) Missile Intelligence Officer; (2) Counter-Terrorism Database 


(1) Management Implementation Plan; 
(2) Message Input Processor 


Mobile Intelligence Processing Element 


(1) Multi-Mission Imagery Photographic Interpretation Report; 
(2) Multi-Source Photo Interpretation Report 


Mi 
Million Instructions per Second 

(1) Mission Intercept Report; (2) Morning Intelligence Report 
Medium-Wave Infrared Acquisition Array 

Mid-Infra-Red Advanced Chemical Laser 


United States Army Missile Research & Development 
Command 


= 


litary Interdepartmental Purchase Request 


Mission Intercept Report-Electrical 
Mission Information Recording Facility 
Multi-Intelligence Reconnaissance Ground Station 


Miniaturized Imagery Receive System 
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MIRV 
MIS 


MISE 
MISREP 
MISSI 
MIST 


MISTE 
MIT 
MITASK 
MITS 


MITT 
MITTS 
MIUW 
MIW 
MJCS 
MK-50 
MKV 
MLA 
MLBM 
MLE 
MLLW 
MLM 
MLNIS 
MLO 
MLP 
MLPP 
MLRP 
MLRS 
MLS 


MLSATCOM 
MLST 


z 


EZSZzzzzztz 
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Multiple Independently-Targetable Reentry Vehicle 


(1) Management Information System; (2) Military/Monthly 
Intelligence Summary; (3) Mission Integration Segment 


Military Information Support Element 
Mission Report 
Multilevel Information System Security Initiative 


(1) MCCS Intelligence Support Team; 
(2) Modular Interoperable Support Terminal; 
(3) Military Information Support Team 


Miniature Integrated Satellite Terminal Equipment 
Mobile Interrogation Team (HUMINT) 
Mission Tasking 


(1) Monthly International Terrorism Summary; 
(2) MAC Imagery Transmission System; 
(3) Multimedia-Intelligence Tracking Subsystem 


Mobile Integrated Tactical Terminal 

Mobile Intelligence Tactical Transmission (System) 
Mobile Inshore Undersea Warfare 

Mine Warfare 

Memorandum for the Joint Chiefs of Staff 
Advance Lightweight Torpedo 

Mark V Special Operations Craft 
Multispectral Linear Array 

Modern Large Ballistic Missile 

Mobile Logistics Element 

Mean Lower Low Water 

Military Liaison Mission 

Modified Atlantic Naval Intelligence Summary 
Military Liaison Office 

Multi-Line Phone 

Multilevel Precedence Preemption 

Marine Corps Long-Range Plan 

Multiple Launch Rocket System 


(1) Microwave Landing System; (2) Multi-Level Security; 
(3) Multi-Level Simulcast 


Military Satellite Communications 

Mobile Logistics Support Team 

Mean Low Water 

(1) Millimeter; (2) Million; (3) Manual Morse; (4) Minelayer 
Miniature Multiband Beacon 

Man/Machine Interface 

Monolithic Microwave Integrated Circuit 

Military Man in Space 

MAGTF Master Plan 

Multimission Modular Spacecraft 


Manned Maneuvering Unit 


136 


2 2222 
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MOBDES 
MOBEX 
MOBS 
MOBSTA 
MOBTDA 
MOC 


MOD 
MODA 
MODCOM 
MODEMS 
MODS 
MOE 
MOGAS 
MOICPAC 
MOST 
MOL 
MOLINK 
MOLNIYA 
MOM 
MOMCOMS 
MOOTW 
MOP 


MOPOT 
MOPP 
MOPS 
MORL 
mort 
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Millimeter Wave 

Multinational 

MAXI Network Access System 

Major NATO Command (NATO) 
Multi-National Division 

Multi-National Force 

Multinational Intelligence Cell 
Modernized NMIC 

Mission Needs Statement 

Months 

Middle Name Unknown 
Counter-Terrorism Database 

(1) Memorandum of Agreement; (2) Military Operating Area 
Mission-Oriented Assessment Framework 


(1) Main Operating Base; (2) Missile Order of Battle; 
(3) Mobilization 


Mobilization Designee (now IMA) 
Mobilization Exercise 

Multiple-Orbit Bombardment System 
Mobilization Station 


Mobilization Table of Distribution and Allowances 


(1) Minister of Communications; (2) Mission Operations Center; 
(3) Mission Operations Chief 


(1) Ministry of Defense; (2) Mobile Obstacle Detachment 
Ministry of Defense and Aviation 

Modular Communications 

Modulation/Demodulation Equipment 

Multiple Object Data System 

Measure of Effectiveness 

Motor Gasoline 

Maritime Operational Intelligence Center, Pacific 
Managed On-the-Job Training 

Manned Orbital Laboratory 

Moscow/Washington Emergency Communications Link 
Soviet (FSU) satellite 

Ministry of General Machine Building (FSU) 
Man-on-the-Move Communications System 

Military Operations Other Than War 


(1) JCS Memorandum of Policy; 
(2) Ministry of Defense Industry (FSU) 


Mobile PSYOP Transmitter 
Mission-Oriented Protective Posture 
Million Operations per Second 
Manned Orbital Research Laboratory 
Mortar 
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MORTREP Mortar Bombing Report 


MOS (1) Military Occupational Specialty; 
(2) Maritime Operational Intelligence Summary; 
(3) Marine Observation Satellite 


MOSFET Metal-Oxide Semiconductor Field-Effect Transistor 

MOSS Manned Orbital Space Station 

MOST Mosaic Optical Sensor Technology 

MOSW Military Operations Short of War 

MOT Military Ocean Terminal 

MOTIF Maui Optical Tracking and Identification Facility 

MOU Memorandum of Understanding 

MOUT Military Operations in Urban Terrain 

MOV Military Owned Vehicle 

MP (1) Military Police; (2) Military Personnel 

MP&B Mission Planning and Briefing 

MPA (1) Maritime Patrol Aircraft; (2) Mission and Payload 
Assessment; (3) Mission Planning Agent 

MPARE Mission Planning, Analysis, Rehearsal, and Execution System 

MPC (1) Mobile Processing Center; (2) Manpower and Personnel 
Center; (3) Message Processing Center; (4) Media Production 
Center 

MPDS Message Processing and Distribution System 

MPDT Message Processing Distribution Terminal 

MPEG Motion Picture Experts Group 

MPF (1) Maritime Prepositioned Force; (2) Message Processing Facility; 
(3) Mission Planning Folder; (4) Media Production Center 

MPF-E Maritime Prepositioning Force Enhanced 

MPI Mean Point of Impact 

MPM Mission Planning Module 

MPN MSE Packet Network 

MPP Massively Parallel Processing 

MPRS Mission Planning and Rehearsal Segment 

MPS (1) Maritime Prepositioned Ships; (2) Message Processing 
System; (3) Master Personnel System; (4) Modular Printing 
System 

MPSOC Multi-Purpose Satellite Operations Center 

MPSS Ministry of Communications Equipment Industry (FSU) 

MPWS Mobile Protected Weapon System 

MQS Military Qualification and Standards System 

MR (1) Military Region; (2) Medium Range; (3) Motorized Rifle 

MRB Motorized Rifle Battalion 

MRBM Medium-Range Ballistic Missile 

MRC (1) Movement Report Center; (2) Military Region Command; 


(3) Motorized Rifle Company; (4) Major Regional Contingen- 
cies; (5) Major Regional Conflict 


MRCA Multirole Combat Aircraft 
MRCS Medium-Resolution Camera System 
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MRD 
MRDBS 


MRDFS 
MRDC 

MRF 

MRI 

MRK 

MRL 

MRLS 
MRLOGAEUR 
MROC 


MRP 
MRPE 
MRR 
MRS 
MRT 


Msg 
MSGGEN 
MSH 
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(1) Mission Rehearsal Device; (2) Motorized Rifle Division 


(1) MASINT Requirements Data Base System; (2) Measurement 
and Signature Intelligence Requirements Database 


Man-Transportable Radio Direction-Finding System 

Missile Research and Development Command (U.S. Army) 
Ministry of Radio Industry (FSU) 

Military-Related Intelligence 

Manual Remote (re)Keying 

(1) Multiple Rocket Launcher; (2) Master Requirements List 
Multiple Rocket Launcher System 

Minimum Required Logistics Augmentation Europe 


(1) Multiple-Command Required Operational Capability; 
(2) Minimum Required Operational Capabilities 


Mobilization Readiness Project 

Mobile Receive Processing and Exploitation 

Motorized Rifle Regiment 

Movement and Reinforcement Study 

(1) Mobile Remote Terminal; (2) Miniature Receiver Terminal 
Medium-Range Unmanned Airborne Vehicle 

Multiple Reentry Vehicle 

Multi-Rate Voice Card (Red Switch) 

Millisecond 

(1) Multispectral; (2) Mobilization Station 

Modeling and Simulation 

Meters per Second 

Microsoft Disk Operating System 

(1) Military Strength Assessment; (2) Minimum Safe Altitude 
Medium Surface-to-Air Missile 


Minesweeping Boat 


(1) Military Sealift Command; (2) Coastal Minesweeper; 
(3) Major Subordinate Command (NATO); (4) Military Staff 
Committee 


Military Support to Civil Defense 

Multiple Source Correlation System 

Training Coastal Minesweeper 

(1) Minesweeping Drone; (2) Mensuration Support Data 
Maritime Self-Defense Force (Japan) 

Mobile/Multi Subscriber Equipment (Network) (U.S. Army) 
Master Scenario Events List 


(1) Fleet Minesweeper; (2) Mobile Strike Force; 
(3) Medicines Sans Frontiers 


(1) Marine Security Guard; (2) Military Support Group 
Message 

Message Generator 

Mine Hunter 
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MSI 


MSIC 
MSID 
MSIP 


MSK 
MSL 
MSM 


MSN 
MSO 


MSP 
MSPB 
MSPF 
MSR 


MSRT 


MSS 


MSSC 


MSSI 
MSSP 
MSSS 
MST 


MSTS 


MSU 
MSW 
MT 


MT-LB 
MTA 
MTACCS 


MTAS 
MTB 
MTBF 
MTBSP 
MTCACS 
MTCR 
MTDS 
MTF 
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(1) Inshore Minesweeper; (2) Multi-Spectral Imagery; 
(3) Multisensor Interpretation 


Missile and Space Intelligence Center 
Message Identifier 


(1) Multi-Spectral Image Processor; 
(2) Multisensored Intelligence Processor 


Minimum Shift Keying 
(1) Missile; (2) Mean Sea Level 


(1) Minesweeper (River); 
(2) Ministry of Medium Machine Building (FSU) 


Mission 


(1) Ocean Minesweeper; (2) Marine Safety Office; 
(3) MILSATCOM Systems Office 


Ministry of Shipbuilding Industry (FSU) 
Merit System Protection Board 


Marine Special Purpose Forces 


(1) Patrol Minesweeper; (2) Main Supply Route; 
(3) Missile Site Radar 


(1) Mobile Subscriber Radio Telephone; 

(2) Mobile Subscriber Remote Terminal 

(1) Message Support Subsystem; (2) Specialized Minesweeper; 
(3) Moored Sonobuoy System; (4) Mission-Management Sup- 
port System; (5) Mission Support System; (6) Multispectral 
Scanner 

(1) Medium SEAL Support Craft; (2) Specialized Coastal Mine- 
sweeper; (3) MEU Service Support Group 


Master of Science of Strategic Intelligence 
Multi-Functional Smart Sensor Packages 
Maui Space Surveillance System 


(1) Mutual Security Treaty; (2) Maintenance Support Team; 
(3) Miniature Satellite Transceiver; (4) Multiband Satellite Terminal 


(1) Multisource Tactical System; 
(2) Multisource Transceiver System 


(1) Major Subordinate Unit; (2) Ministry of the Soviet Union 
MASINT Server/Workstation 


(1) Metric Ton; (2) Megaton; (3) Motor Transport; 
(4) Maintenance Trainer; (5) Machine Translation 


Soviet (FSU) Tracked Vehicle 
Maritime Threat Analysis 


(1) Marine Tactical Command and Control System; 
(2) Marine Tactical Air Command Center System 


Multisensor Target Acquisition System 

Motor Torpedo Boat 

Mean Time Between Failures 

Mobilization Troop Basis Stationing Plan 

Marine Corps Tactical Command and Control System 
Missile Technology Control Regime 

Military Tactical Data System 


Message Test Format 
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MTG 
MTH 
MTI 
MTIB 
MTIC 
MTIMS 
MTIT 
MTL 
MTLR 
MTL(S) 
MTMC 
MTN 
MTO 
MTO&E 
MTP 
Mtr 
MTS 


MTST 
MTT 
MTTR 
MTZ 
MULE 
MUSARC 
MUSIC 
MUSE 
MUTES 
MUX 
Mvr 

MV 

MVS 
MVS/XA 
MW 


MW/AA 
MWC 
MWDS 
MWHQ 
MWIR 
MWL 
MWR 
MWS 
MWTGM 
MX 
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Master Training Guide 

Memorandum To Holder 

Moving Target Indicator 

Soviet (FSU) Amphibious Armored Tractor 
Military Target Intelligence Committee 

Military Target Intelligence Management Structure 
Military Technical Intelligence Team 

Mean Tide Level 

Moving Target-Locating Radar 

Material(s) 

Military Traffic Management Command 

(1) Mountain; (2) M22 Tactical Network 

Mission Type Order 

Modified Table of Organization & Equipment 

(1) Mission Training Plan; (2) Master Training Plan 
Motor 


(1) Maritime Tactical Schools (NATO); (2) Man-Transportable 
SOCRATES; (3) Masked Target Sensor 


Magnetic Tape Selectric Typewriter (IBM) 

(1) Military Training Team; (2) Mobile Training Team 
Mean Time To Repair 

Motorized Infantry 


- 


Modular Universal Laser Equipment 

Major United States Army Reserve Command 
Multi-User Special Intelligence Communications 
MC&G Utility Software Environment 

Multiple Threat Emitter System 

Multiplexer 

Maneuver 

Magnetic Variation 

Multiple Virtual Storage 

Multiple Virtual System/Extended Architecture 


(1) Mine Warfare; (2) Millimeter Wave; (3) Microwave; 
(4) Missile Wing 


Missile Warning/Attack Assessment 
Missile Warning Center 

Missile Warning Display Subsystem 
Mobile War Headquarters 

Medium Wavelength Infrared 

Mean Water Level 

Morale, Welfare, and Recreation 

Missile Warning System 

Millimeter Wave Terminal Guided Missile 


(1) Missile, Experimental; (2) Peacekeeper Ballistic Missile; 
(3) Mechanized; (4) Mexico; (5) Mission; (6) Maintenance 
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NAC 


NACA 
NACAA 


NACAM 
NACC 
NACDF 
NACIC 
NACIPB 
NACOB 
NACSI 
NACSIM 
NADGE 
NADS 
NAEW 
NAF 
NAFI 
NAFIS 
NAI 
NAIC 
NAK 
NALE 
NAM 
NAMSO 
nano 
NAOB 
NAOC 
NAOS 
NARA 
NARRS 
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North 


(1) Director of Intelligence (Naval Component); 
(2) Navy Staff Intelligence Officer 


Not Applicable 

Navy 

North Atlantic Alliance 

North American Air Defense Modernization 
Nonacoustic Antisubmarine Warfare 

NATO Antiair Warfare System 


(1) NATO Air Base Satellite (System); 
(2) Naval Amphibious Base; (3) Naval Air Base 


(1) North Atlantic Council (NATO); (2) No Apparent Change; 
(3) National Agency Check; (4) Network Access Controller 


National Advisory Committee for Aeronautics 


National Advisory Committee for Aeronautics and 
Astronautics 


National COMSEC Advisory Memorandum 
Net Assessment Coordinating Committee 
National Area Coverage Data File 

National CI Center 

National CI Policy Board 

National CI Operations Board 

National COMSEC Instruction 

National COMSEC Information Memorandum 
NATO Air Defense Ground Environment 
North Atlantic Defense System 

NATO Airborne Early Warning (System) 

(1) Numbered Air Force; (2) Naval Air Facility 
Non-Appropriated Fund Instrumentality 

Naval Forces Intelligence Study 

Named Areas of Interest 

National Aerospace Intelligence Center 
Negative Acknowledge 

Naval Liaison Element 

(1) Non-Aligned Movement; (2) Naval Armaments Model 
NATO Maintenance and Supply Organization 
one billionth 

Naval Air Order of Battle 

National Airborne Operations Center 

North Atlantic Ocean Station 

National Archives and Records Administration 


NORTHAG Reconnaissance Reporting System 
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NAS 


NASA 
NASACOM 
NASF 

NASIC 

NASP 

NAT 

NAT'L 

NATO 

NATO ASWCS 
NAV 

NAVAIR 

NAVAL AIRSHIP 
NAVASTROGRU 
NAVATAC 
NAVCAMS 
NAVCENT 
NAVCOMDET 
NAVCOMPARS 
NAVCOMTELCOM 
NAVCOMSTA 
NAVDAC 
NAVELEX 
NAVEUR 
NAVFAC 
NAVFOR 
NAVFORK 
NAVIDS/SIS 
NAVINTCOM 
NAVLGRU 
NAVMACS 
NAVMIC 
NAVMAP 
NAVMARINTCEN 
NAVMAT 
NAVNET 
NAVOCEANCOMDET 
NAVOCEANO 
NAVOCFORMED 
NAVOPINTCEN 
NAVPGSCHOOL 
NAVRADSTA 
NAVRES 

NAVS 
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(1) Naval Air Station; (2) Network Access System; 
(3) National Academy of Science 


National Aeronautics and Space Administration 
NASA Communications Network 
NIC Analyst Support Facility 


National Aerospace Plane 

Not Air-Transportable 

National 

North Atlantic Treaty Organization 
Anti-Surface Warfare Combat System 

(1) Navigation; (2) Navy 

Naval Air Systems Command 

Naval AIRSHIP Radar Surveillance System 
Naval Astronautics Group 

Navy Antiterrorist Alert Center 

Naval Communications Area Master Station 
U.S. Naval Forces Central Command 
Naval Communications Detachment 


Naval Computer and Telecommunications Command 
Naval Communication Station 

Naval Data Automation Command 

Naval Electronic Systems Command 

U.S. Naval Forces, Europe 

(1) Naval Facility; (2) Naval Shore Facilities 

Naval Forces 

Naval Forces Korea 

Navigational Aids/Selective Identification System 
Naval Intelligence Command 

Naval Liaison Group 

Navy Modular Automated Communications System 
Naval Maritime Intelligence Command 

Navy Missile Analysis Program 

Naval Maritime Intelligence Center 

Naval Material Command 

Navy Data Network 

Naval Oceanography Command Detachment 

Naval Oceanographic Office 

Naval On-Call Force for the Mediterranean (NATO) 
Naval Operations Intelligence Center 

Naval Postgraduate School 

Naval Radio Station 

Naval Reserve 


Navigators 
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North American Air Sovereignty Intelligence Capability 


Naval Communications Processing and Routing System 


NAVSAT 
NAVSATCOMFAC 
NAVSEA 

NAVSEC 
NAVSECGRU 
NAVSECGRUACT 
NAVSECGRUCOM 
NAVSECSTA 
NAVSO 

NAVSOC 

NAVSOF 
NAVSOUTH 
NAVSPACECOM 
NAVSPASUR 
NAVSPAWAR 
NAVSPECWARCEN 
NAVSPECBOATRON 
NAVSPECWARCOM 
NAVSPECWARDEVGRU 
NAVSPECWARGRU 
NAVSPECWARUNIT 
NAVSPOC 

NAVSTA 

NAVSTAR 
NAVSTAR USER EQUIP 
NAVSUPACT 
NAVTECHINTCEN 
NAVTELCOM 
NAVWARCOL 
NAWAS 

NAWC-AD 


NBCE 
NBCWRS 
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Navigation Satellite 

Naval Satellite Communications Facility 
Naval Sea Systems Command 

Naval Ship Engineering Center 

Naval Security Group 

Naval Security Group Activity 

Naval Security Group Command 

Naval Security Station 

Naval Forces, South 

Naval Special Operations Command 

Naval Special Operations Forces 

Naval Forces, Southern Command 

Naval Space Command 

Naval Space Surveillance Activity 

Naval Space and Warfare Systems Command 
Navy Special Warfare Center 

Navy Special Boat Squadron 

Naval Special Warfare Command 

Naval Special Warfare Development Group 
Naval Special Warfare Group 

Naval Special Warfare Unit 

Naval Space Operations Center 

Naval Station 

Navigation and Satellite Timing and Ranging 
NAVSTAR User Equipment 

Naval Support Activity 

Naval Technical Intelligence Center 

Naval Telecommunications Command 
Naval War College 

National Attack Warning System 

Naval Air Warfare Center-Aircraft Division 
NORAD Attack Warning System 

Naval Base 


(1) Nuclear/Biological/Chemical; 
(2) National Broadcasting Corporation 


Nuclear, Biological, Chemical Element 


NORAD - Nuclear, Biological, and Chemical Warning 
Reporting 


Non-Battle Killed 

National Basic Reference Graphic 

National Bureau of Standards 

(1) No Change; (2) Node Center; (3) Narrow Coverage 
National Command Authority(ies) 

Naval Controls and Protection of Shipping 


Nuclear Contingency Branch 
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NCC 


NCCD 
NCCOSC 
NCCS 
NCDU 
NCEUR 
NCIC 
NCIS 


NCIS-E 

NCISFO 
NCISRA 
NCISRU 


NCSRT 
NCTAMS 
NCTC 
NCTR 
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(1) Naval Component Command; (2) Navy Command Center; 
(3) Net Control Center 


Nuclear Command and Control Document 

Naval Command, Control, and Ocean Surveillance Center 
Naval Command and Control System 

Naval Combat Demolition Unit 

NSA/CSS Europe 

National Crime Information Center 


(1) Non-Communications Intercept System; 
(2) National Counterintelligence Strategy; 
(3) Naval Criminal Investigative Service 


NCIS-Europe 

NCIS Field Office 

NCIS Resident Agent 

NCIS Resident Unit 

National Command and Military Authority 
National Collection Management Cell 
Navy Capabilities and Mobilization Plan 
Non-Commissioned Officer 


(1) Non-Commissioned Officers' Academy; 
(2) Non-Commissioned Officers’ Association 


NORAD Combat Operations Center 
Non-Commissioned Officers' Educational System 
Non-Commissioned Officer in Charge 

Naval Control of Shipping 

Nuclear Contingency Plan 


Nuclear Contingency Planning System 


(1) National Capital Region; (2) NSA/Cryptologic Support 
Service Representative; (3) National Cryptologic Representa- 
tive; (4) NSA/Central Security Service Representative 


(1) National Communications System; (2) NMIC Control Sub- 
system; (3) Naval Control of Shipping; (4) Network Control Sta- 
tion; (5) Node Center Switch; (6) National Cryptologic School; 
(7) Net Control Station 


(1) Navy Command Support Center; 
(2) National Computer Security Center 


NIST Communications Support Element 

Naval Control of Shipping Office 

Non-Communications Signal Recognition Trainer 

Navy Computer and Telecommunications Area Master Station 
Naval Computer and Telecommunications Center 
Non-Cooperative Target Recognition 

Naval Computer and Telecommunications Station 

NATO Civil Wartime Agency 

National Correlation Working Group 


Non-Codeword Reporting 
Deputy CINCNORAD 


145 


NEACP 
NEADS 
NEANMCC 
NEC 


NEIC 
NEMVAC/NISH 


NEO 
NEOPACK 


NESDIS 
NESEA 
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Nondisclosure Agreement 

Non-Developmental Airlift Aircraft 

Days Before D-Day 

Non-Direction Beacon 

National Digital Cartographic Database 

Navy Decision Coordinating Paper 

Nuclear Detection Device 

Nuclear Detonation Detection System 

National Desired Ground Zero 

National Defense Headquarters (Canada) 
Non-Developmental Item 

National Drug Intelligence Center 

(1) Network Data Language; (2) National DGZ List 
National Defense Operations Center 

(1) National Disclosure Policy; (2) Naval Doctrine Publication 
National Disclosure Policy Committee 

National Disclosure Policy Office(r) 

National Defense Reserve Fleet 


(1) Nuclear Detection Satellite; (2) NPIC Data System; 
(3) Nuclear Detection System 


National Defense University 

(1) Northeast Asia; (2) National Education Association 
National Emergency Airborne Command Post 
Northeast Air Defense Sector 


Navy Element Alternate National Military Command Center 


(1) Naval Enlisted Code; (2) Northern European Countries; 
(3) Navy Enlisted Classification 


USAFE NATO Equipment Interpretation Course 


Non-combatant Emergency Evacuation/NEO Intelligence 
Support Handbook 


National Exploitation Laboratory 

Noncombatant Evacuation Operation 

NEO Package 

National Environmental Policy Act 

Nuclear Execution and Reporting Plan 

Network Encryption System 

National Environmental Satellite Data and Information Service 
Naval Electronic Systems Engineering Activity 
NATO English-Speaking Nations 

Navy EHF SATCOM Program 

(1) Not Earlier Than; (2) New Equipment Training 
Nationwide Emergency Telecommunications Service 
New Equipment Training Team 

Meade Data Center News Service 

No Foreign Dissemination, NOFORN 
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NICCIA 
NICKA 
NICOLS 
NICS 
NICSCOA 


NID 
NIDS 
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(1) New Fighter Aircraft; (2) No Forwarding Address; 
(3) No-Fire Area 


National Foreign Assessment Center 

Nuclear Forces Communications Satellite 

No Foreign Dissemination 

National Foreign Disclosure Policy 

Network Front End 

(1) Not Further Identified; (2) No Further Information 
National Foreign Intelligence Board (formerly USIB) 
National Foreign Intelligence Council 

National Foreign Intelligence Program 

New Foreign Launch 

Near-Full-Motion 

Network File System 

NATO French-Speaking Nations 

Navy Fighter Weapons School 

Nuclear Free Zone 

National Guard 

NATO Guidelines Area 

NATO Gazetteer 

National Guard Bureau 

Northern Group of Forces (Soviet Forces in Poland) 
Naval Gunfire Support 

National Ground Intelligence Center 

Natural Gas Liquids 

Non-Governmental Organization(s) 

National Ground Site 

National HUMINT Collection Directive(s) 
National HUMINT Collection Plan 

Naval Hydrographic Office 

National HUMINT Requirements Tasking Center 
National Imagery Agency 


(1) National Information & Analysis Center; 
(2) Naval Intelligence Automation Command 


NATO Industrial Advisory Group 


(1) Naval Intelligence Command; (2) National Intelligence 
Council; (4) Naval Intelligence Cell; (5) National Intelligence 
Cell/Community 


National CI Coordinating Authority 
Nickname and Exercise Term System 

NIC On-Line System 

NATO Integrated Communications System 


NATO Integrated Communications System Central Operating 
Authority 


National Intelligence Daily 
NMCC Information Display System 
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NIE 
NIEO 
NIETB 
NIETS 
NIEX 
NIG 
NIHS 
NII 
NIIC 
NIIDTS 


NIPIR 
NIPRNET 
NIPS 


NIPSSA 
NIPSTRAFAC 
NIS 


NISAC 
NISAM 
NISC 
NISCOM 
NISHQ 
NISO 
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National Intelligence Estimate 

New International Economic Order 

National Imagery Exploitation Target Base 
National Imagery Exploitation Tasking Study 
No-notice Interoperability Exercise 

National Input Group 

NAVEUR Intelligence Highlights Summary 
National Information Infrastructure 

NORAD Intelligence Indications Center 
Naval Intelligence Imagery Data Transmission System 
National Imagery Interpretability Rating Scale 
Naval Intelligence Locating Summary 
NORAD Intelligence Memorandum 

National Imagery and Mapping Agency 
National Intelligence Officer 


(1) Notice of Intelligence Potential; (2) National Intelligence 
Priorities; (3) NATO Interoperability Plan 


Nuclear Immediate Photo Interpretation Report 
Unclassified-but Sensitive (N) Internet Protocol Router Network 


(1) NMCC Information Processing System; 
(2) Naval Intelligence Processing System 


Naval Intelligence Processing Systems Support Activity 
Naval Intelligence Processing Systems Training Facility 


(1) National Intelligence Summary; (2) National Intelligence 
Survey; (3) Naval Investigative Service; (4) NATO Identification 
System; (5) NPIC Information System (former NDS); (6) Newly 
Independent States; (7) National Imagery Segment; (8) National 
Input Segment; (9) NIPCImagery System; (10) Network Infor- 
mation System 


National Industrial Security Advisory Committee 

Naval Intelligence Systems Architecture Manual 

Naval Intelligence Support Center (U.S. Navy) (now NIC) 
Naval Investigative Service Command 

Naval Investigative Service Headquarters 

Naval Investigative Service Office 

Nuclear Weapons Intelligence Support Plan 

National Intelligence Situation Report 


(1) National Intelligence Support Team; 
(2) National Institute of Standards and Technology 


National Intelligence Topic 

National Imagery Transmission Format 
NITF Standard 

Network Interface Unit 

North Korea Installation List 
Nonkernel Security Related Software 
National Logistical Command 


Natural Language Interface 
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NLM Netware Loadable Module 

NLP Natural Language Processing 

NLOS Non-Line-of-Sight Weapon System 

NLS Non-Lethal Submunitions 

NLT Not Later Than 

NLZ No-Loan Zone 

NM Nautical Mile 

NMC (1) Naval Materiel Command; (2) NATO Military Council 

NMCC National Military Command Center 

NMCC(A) National Military Command Center (Alternate) 

NMCS National Military Command System 

NMCSSC National Military Command Systems Support Center 

NMD National Military Defense 

NMI No Middle Initial 

NMIC (1) National Military Intelligence Center (archaic, now NMJIC); 
(2) National Maritime Intelligence Center 

NMICC NATO Maritime Intelligence Coordination Center 

NMICSS NMIC Support System 

NMIS National Military Intelligence Support 

NMIST National Military Intelligence Support Team 

NMITC (1) Navy-Marine Corps Intelligence Training Center; 
(2) National Military Intelligence Training Center 

NMJCC National Military Joint Command Center 

NMJIC National Military Joint Intelligence Center 

NMN No Middle Name 

NMOSS NATO Maritime Operational Support System 

NMRL National MASINT Requirements List 

NMS National Military Strategy 

NMSD National Military Strategy Document 

NMIC National Military Intelligence Center 

NMICC National Military Intelligence Collection Center 

NMJIC National Military Joint Intelligence Center 

NN Neural Network 

NNA Neutral and Non-Aligned 

NNAG NATO Naval Armaments Group 

NNBIS National Narcotics Border Interdiction System 

NNICP National Nuclear Intelligence Collection Plan 

NNWS Non-Nuclear Weapons States 

NOAA National Oceanic and Atmospheric Administration 

NOB (1) Naval Order of Battle; (2) Nuclear Order of Battle 

NOBS Naval Operations Bases 

NOBTS Naval Order of Battle Textual Summary 
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NOC 


NOD 

NOE 
NOFORN 
NOIAN 
NOIC 
NOIWON 
NOK 
NOMS 
NOPF 
NOR 
NORAD 
NORD 
NORIP 
NORLANT 
NORMIB 
NORSAR 
NORSIB 
NORTHAG 
NORTIC 
NOSC 
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(1) Naval Operations Center; (2) Network Operations Center 
NOCONTRACT Not Releasable to Contractors or Contractor 
Consultants 


Night Observation Device 

Nap-of-the-Earth 

Not Releasable to Foreign Nationals 

National Operations and Intelligence Analysts Net 
Naval Operational Intelligence Center 
National Operations and Intelligence Watch Officers Network 
Next Of Kin 

Nuclear Operations Monitoring System 

Naval Ocean Processing Facility 

Norway 

North American Aerospace Defense Command 
Nordic 

NORAD Intelligence For Planning Document 
North Atlantic 

NORAD Missile Intelligence Bulletin 
Norwegian Seismic Array 

NORAD Weekly Space Intelligence Bulletin 
Northern Army Group 

NORAD Tactical Intelligence Cell 

Naval Ocean Systems Center 

Naval Operations Support Group 

Naval Ocean Surveillance Information Center 
Not To All (message distribution restriction) 
New People's Army 

Neutral Particle Beam 

Nuclear Planning and Execution 

Nuclear Planning and Execution System 

Naval Postgraduate School 

National Foreign Intelligence Plan for Human Resources 
National Photographic Interpretation Center 
Nuclear Posture Review 

Nuclear Planning System 

Non-Proliferation (of Nuclear Weapons) Treaty 


(1) Research Submarine (Nuclear); (2) Naval Reserve; 
(3) Non-Recurring; (4) Number 


National Research Council 

NORAD Region Combat Center 

Naval Radiological Defense Laboratory 
Naval Reserve Force 

Non-Recurring Finished Intelligence 


Net Radio Interference 
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NCCOSC Research, Development, Test and Evaluation Division 


NRIP 
NRIS 
NR JOIC 
NRL 


NRO 
NROSS 
NRP 
NRT 
NRTEM 
NRTI 
NRTS 
NSA 


NSAD 
NSA/CSS 
NSAM 
NSARC 
NSC 
NSC/DC 
NSCID 
NSCIG 
NSD 
NSDD 
NSDM 
NSE 
nsec 
NSEP 
NSF 
NSFS 
NSG 
NSGA 
NSGC 
NSGD 
NSI 
NSIC 
NSN 
NSNF 
NSO 
NSOC 


NSOF 
NSP 
NISPC 
NSPG 
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Naval Reserve Intelligence Program 
National Radar Interpretability Scale 
Northwestern Region Joint Operational Intelligence Cell 


(1) Naval Research Laboratory; (2) NUWEP Reconnaissance 
List; (3) National Receive Location 


National Reconnaissance Office 

Navy Remote Ocean Surveillance Satellite 

(1) National Reconnaissance Program; (2) Net Radio Protocol 
(1) Near Real Time; (2) Net Registered Tonnage 
Near-Real-Time Exploitation Module 

Near-Real-Time Information 

Naval Reconnaissance and Technical Support 


(1) National Security Agency; (2) National Shipping Authority; 
(3) National Standards Association; (4) Naval Support Activity 


Network Security Architecture and Design 

National Security Agency/Central Security Service 
National Security Action Memorandum 

Navy Systems Acquisition Review Council 

(1) National Security Council; (2) Naval Supply Center 
Deputies Committee of the NSC 

National Security Council Intelligence Directive 
National Security Council Interdepartmental Group 
National Security Directive 

National Security Decision Directive 

National Security Decision Memorandum 

(1) Naval Support Element; (2) National Support Element 
Nanosecond 

National Security Emergency Preparedness 
National Science Foundation 

National Surface Fire Support 

Naval Security Group 

Naval Security Group Activity 

Naval Security Group Command 

Naval Security Group Detachment 

National Security Information 

Naval Security and Investigative Command 
National Stock Number 

Non-Strategic Nuclear Forces 

(1) Non-SIOP Option; (2) Network Security Officer 


(1) National Security Operations Center 
(formerly National SIGINT Operations Center); 
(2) Naval Special Operations Command 


Naval Status of Forces 
NORAD/USSPACECOM 

National In-Service Production Centers 
National Security Planning Group 
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NSRB 
NSRDB 
NSRDC 
NSRL 
NSRS 
NSS 


NSSD 
NSSM 


NSST 


NSTAC 
NSTD 


NSTG 
NSTGFE 
NSTISSAM 


NSTISSC/D/I/P 


NSTL 
NSTS 
NSV 
NSVN 
NSW 
NSWC 


NSWDG 
NSWG 
NSWP 
NSWTG 
NSWTG/U 
NSWTU 
NSWU 
NTA 
NTB 
NTBS 
NTC 


NTCB 
NTCC 
NTCS-A 
NTDI 
NTDS 
NTF 
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National Security Resources Board 

National SIGINT Requirements Data Base 
Naval Ship Research and Development Center 
National SIGINT Requirements List 

National SIGINT Requirements System 


(1) NMIC Support System; (2) National Seismic Station; 
(3) National Security Strategy; (4) Network Support Server 


National Security Study Directive 


(1) Navy Spread Spectrum Modem; 
(2) National Security Study Memorandum 


(1) Navy Space Command Space Support Team; 
(2) National Special Support Teams 


National Security Telecommunications Advisory Committee 


(1) National Strategic Target Database; 
(2) Non-System Training Device 


Nuclear Strike Target Graphic 
Naval Scientific and Technical Group, Far East 


National Security Telecommunications and Information Systems 
Security Advisory/information Memorandum 


National Security Telecommunications and Information Systems 
Security Committee/Directive/Instruction/Policy 


National Strategic Target List 
NSA/CSS Secure Telephone System 
Netted Secure Voice 

NATO Secure Voice Network 

Naval Special Warfare 


(1) Navy Surface Weapons Center; 
(2) Navy Special Warfare Command 


Naval Special Warfare Development Group 

Naval Special Warfare Group 

Non-Soviet Warsaw Pact 

Naval Special Warfare Task Group 

Naval Special Warfare Task Group/Unit or (Unconventional) 
Naval Special Warfare Task Unit 

Naval Special Warfare Unit 

National Tasking Authority 

(1) National Targeting Base; (2) Nuclear Test Ban 

National Target Base Server 


(1) National Territorial Command; (2) National Tasking Center; 
(3) Naval Training Center; (4) Network Terminal Concentrator; 
(5) National Training Center 


Network Trusted Computing Base 


Naval Telecommunications Center 

Naval Tactical Communications System-Afloat 
NATO Target Data Inventory 

Naval Tactical Data System 

National Test Facility 
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NTI 
NTIA 


NTIB 
NTIC 
NTIS 
NTISSAM 


NTISSC/D/I/P 


NTM 
NTMWG 
NTP 
NTPC 
NTPR 


NURAD 
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(1) National Tactical Interface; (2) Near-Term Initiative 


National Telecommunications & Information Administration/ 
Agency 


NATO Tactical Intelligence Broadcast 
Naval Technical Intelligence Center 
National Technical Information Service 


Advisory/information Memorandum 


Committee/Directive/Instruction/Policy 

National Technical Means 

Nuclear Test Monitoring Working Group 

National Tasking Plan 

National Telemetry Processing Center 

Nuclear Targeting Policy Review 

Near-Term Maritime Pre-Positioning Ships 

(1) Nuclear Test Site; (2) Naval Telecommunications System 
National Television Standard Code/Committee 
National Target/Threat Signatures Data System 
National Time-Sensitive System 

New Threat Upgrade 

No Transgression Zone 

Nicaragua Analysis Cell 

Nuclear Capabilities Data Base 

Nuclear Defense 

Nuclear Detonation Detection & Reporting System 
Nuclear Intelligence 

Nuclear Damage Report 

Nuclear Weapon(s) 


NORAD/USSPACECOM Integrated Command and Control 
System 


(1) Nuclear Detection; (2) Nuclear Detonation 
NORAD/USSPACECOM Intelligence Systems 
Nuclear Radiation Detection 

Nuclear Weapons Report 

Naval Underwater Systems Center 

Naval Upper Tier 

Nuclear Tactical Exercise 

Nuclear Weapons Employment and Acquisition Master Plan 
Nuclear Weapons Employment Policy/Plan (NCA) 
Network Virtual Data Entry Protocol 

Network Virtual Data Entry Terminal 

Night Vision Goggles 


(1) Near- Vertical Incidence Sky wave; 
(2) Night Vision Imaging System 


Night Vision System 


153 


National Telecommunications and Information Systems Security 


National Telecommunications and Information Systems Security 
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(1) Nuclear Warfare; (2) Northwest (region) 
Nuclear Weapons Branch 


(1) National War College; (2) Naval War College; 
(3) Naval Weapons Center; (4) NORAD Weather Center 


Nuclear Weapons Free Zone 

Naval Warfare Information Publication 
Naval Weaponeering Information Sheet 
Naval Weapons Laboratory 

Naval Warfare Publication 

Northwest Region 

Nuclear Weapons Requirement Study 


(1) Nuclear Weapons State; (2) North Warning System; 
(3) National Weather Service 


Nuclear Weapons Storage Site 
Naval Worldwide Command Support System 
Non-Expendable 
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OAD-2 
OADR 
OALAN 
OAMP 

OAP 

OAPEC 

OAS 
OASA(RDA) 


OASD 
OASD(C3I) 
OASIS 


OATS 


OAU 
OB 
OBC 
OBE 
OBI 
OBI-OC 
OBIS 
Obj 
OBP 
OBO 
OBS 


OBSS 


OBSUM 
OBU 
OC 


O&C 
OCA 


OCAC 
OCAM 


Page 3424 of 3957 


Page 3424 of 3957 


On or About 


(1) Office Automation; (2) Operations Analysis; (3) Operational 
Area 


Objective Architecture Center 


(1) Operational Availability Date; 
(2) Objective Architecture Document 


Objective Architecture Document, 2nd Iteration 

Originating Agency's Determination Required 

Office Automation Local Area Network 

Optical Airborne Measurements Program 

(1) Organizational Assessment Package; (2) Offset Aim Point 
Organization of Arab Petroleum-Exporting Countries 

(1) Organization of American States; (2) Offensive Air Support 


Office of the Assistant Secretary of the Army (Research, Devel- 
opment, and Acquisition) 


Office of the Assistant Secretary of Defense 
OASD (Command, Control, Communications, and Intelligence) 


(1) Operational Application of Special Intelligence Systems; 
(2) Office Automation System for Intelligence Support 


(1) Operations Analysis for Tactical Support; 
(2) Online AIF Transaction System 


Organization of African Unity 

Order of Battle 

Optical Bar Camera 

Overtaken By Events 

Observable Human Resources Intelligence 
OBI Operations Center 

Order of Battle Intelligence System 
Object 

On-Board Processing 

Official Business Only 


(1) Ocean Baseline System; (2) Orders of Battle System; 
(3) Observations (Optical Tracking) 


(1) Off-Board Sensor Systems; 
(2) Operational Briefing Support System 


Order of Battle Summary 
OSIS Baseline Upgrade 


(1) Dissemination and extraction of Information Controlled; 
(2) Optical Carrier 


Operations & Control 


(1) Ocean Control Authority; (2) Operational Control Authority; 
(3) Offensive Counterair 


Operational Control and Analysis Center 
Afro-Malagasy and Mauritian Common Organization 
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OCAR 

OCCIS 
OCCULT 
OCEANLANT 
OCJCS 

OCM 

OCMA 
OCMC 

OCNO 
OCOKA 


OCONUS 
OCR 


OCS 

OCS3 
OCSA 
OCSURV 
OCU 

OD 

ODA 

ODC 
ODCSINT 
ODCSLOG 
ODCSPER 
ODECA 
ODIN 
ODISC4 


ODJS 
ODP 
ODRP 
ODS 


OE 
OECD 
OEE 
OEF 
OEG 
OEIC 
OER 


OET 
OFC 
OFCO 
Off 
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Office, Chief of Army Reserve 

Operational Command and Control Information System 
Optical Covert Communications Using Laser Transceivers 
Ocean Atlantic Area (NATO) 

Office of the Chairman, Joint Chiefs of Staff 

Operational Coordination Message 

Objective Collection Management Architecture 

Overhead Collection Management Center 

Office of the Chief of Naval Operations 


Observation and Fields of Fire, Concealment and Cover, Obsta- 
cles, Key terrain, Avenues of Approach, and Mobility Corridors 


Outside CONUS 


(1) Office of Collateral Responsibility; 
(2) Optical Character Reader 


(1) Officer Candidate School; (2) Offensive Counterspace 
Optical Carrier 3 Communications 

Office of the Chief of Staff of the Army 

Ocean Surveillance 

Operational Conversion Unit 

Operating Directive(s) 

Operational Detachment Alpha 

Office of Defense Cooperation 

Office of the Deputy Chief of Staff, Intelligence 
Office of Deputy Chief of Staff for Logistics 
Office of Deputy Chief of Staff for Personnel 
Organization of Central American States 
Operations Dedicated Imagery Network (LOCE) 


Office of Director Information Systems Command, Control, 
Communications, Computers 


Office of the Director, Joint Staff 
(1) Officer Distribution Plan; (2) Office of Defense Planning 
Office of the Defense Representative - Pakistan 


(1) Open Data Server; (2) Operation DESERT STORM; 
(3) Output Data Server 


Operational Effectiveness 

Organization for Economic Cooperation and Development 
Operational ELINT Exploitation 

Operational Exploitation Facility 

Operational Exposure Guide 

Overseas Economic Intelligence Committee 


(1) Officer Evaluation Report; (2) Officer Efficiency Report; 
(3) Operational ELINT Requirements 


Office of Emergency Transportation 
Office 

Offensive Counterintelligence Operation 
Officer 
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Office of Foreign Mission 

Operations Group Operations Officer Intelligence (Air Force) 
Overseas Ground Station 

Operations Group Support Intelligence (Air Force) 
Over-the-Horizon Detection Radar 

Over-the-Horizon Detection Radar-Backscatter 

(1) Operating Instruction; (2) Operational Interest 

Operations & Intelligence 


(1) Office of Imagery Analysis; 
(2) Operations Intelligence Automation 


Officer in Charge 


(1) Operational Intelligence Crisis Center; 
(2) Operational Intelligence Coordination Center 


Operational Intelligence Collection System 
Operations-Intelligence Interface 
Operations Intelligence Liaison Officer 


(1) Offset Instrumentation Point; 
(2) Operator Interface Processor 


Operational Intelligence Requirement 
Operational Intelligence Support System 
OI Workstation 


(1) Organization of the Joint Chiefs of Staff; 
(2) Office of the Joint Chiefs of Staff 


On-the-Job Training 
Operating Location 

Oak Leaf Cluster 
Operations Module 
Operation and Maintenance 


(1) Office of Military Affairs (CIA); 
(2) Operations and Maintenance, Army 


Operations and Maintenance Army Reserve 
Ocean Measurements and Array Technology 
Office of Management and Budget 

Office of Military Cooperation 

Office of Military Cooperation-Kuwait 
Operational Maneuver Group (FSU) 
Operation and Maintenance, National Guard 
Offensive Missile Order of Battle 

Orbital Maneuvering Vehicle 

Original Negative (film) 

Australia Office of National Assessments 
Operational Navigation Chart 

Office of Naval Intelligence 

Overhead Non-Imaging Infrared 

On-Line Five Year Exercise Schedule System 
Outline NATO Operational Objective 
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ONPG 
ONR 
ONS 
ONUC 
ONUMOZ 
ONUSAL 
OOA 
OOB 
OODA 
OOK 
OOP 
OOTW 
OP 

OPA 

OP3 
OPCC 
OPCEN 
OPCODES 
OPCOM 
OPCON 
OPDEC 
OPEC 
OPELINT 
OPF 
OPFAC 
OPFIS 
OPFOR 
OPG 

OPI 

OPIC 


OPIC-A 
OPINT 
OPINTEL 
OPLAN 
OPM 

Opn(s) 
OPNAV 
OPNAVINST 
OPNOTES 
OPORDER/OPORD 
OPPAR 

OPR 

OPREP 
OPREPS 
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Operational Nuclear Planning Group 

Office of Naval Research 

Operational Needs Statement 

United Nations Operations in the Congo 
United Nations Operations in Mozambique 
United Nations Observer Mission in El Salvador 
Out of Area 

Order of Battle 

Observation, Orientation, Decision and Action 
On/Off Keying 

Object Oriented Programming 

Operations Other Than War 

(1) Observation Post; (2) Operation; (3) Operational 
Other Procurement Activity 

Overt Peacetime PSYOP Program 

Offutt Processing and Correlation Center 
Operations Center 

Operational Codes 

Operational Command 

Operational Control 

Operational Deception 

Organization of Petroleum-Exporting Countries 
Operational Electronic Intelligence 

Orbiter Processing Facility 

Operational Facilities 

Operational Foreign Instrumentation Signals 
Opposing Forces 

Operations Planning Group 

Office of Primary Interest 


(1) Overseas Processing and Interpretation Center; 
(2) Overseas Private Investment Corporation 


Overseas Processing and Interpretation Center - Asia 
Optical Intelligence 

Operational Intelligence 

Operations Plan 

Office of Personnel Management 

Operation(s) 

Office of the Chief of Naval Operations 

OPNAV Instruction 

Operational Notes 

Operations Order 

Opposing Army 

Office(r) of Primary Responsibility; Officer Performance Report 
Operations Report 

Operational Reporting System 
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OPS/OPNS/OP 
OPS/INTEL 
OPSDEPS 
OPSCO 
OPSCOM 
OPSCOMM 
OPSEC 
OPSKAN 
OPSNOTE 
OPT 
OPTEMPO 
OPTEVFOR 
OPTINT 
OPTIR 
OPUS 

OR 
ORBINT 
ORBIT 
ORCON 


ORD 
ORE 
ORF 
Org 
ORI 
OS 
O&S 
OSA 
OSAP 
OSAS 
OSC 


OSCAR 
OSCARCP 
OSD 
OSD(C) 
OSF 

OSI 


OSIA 
OSINT 
OSIS 


OSP 
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Operations 

Operations Intelligence 

Operations Deputies (JCS) 

Operations Coordinator 

Operations Committee 

Operations Secure Communications 

Operations Security 

Open Skies Advanced Notice 

Operations Note 

(1) Optional Modification; (2) Operations Planning Team 
Tempo of Operations 

Operational Test and Evaluation Force 

Optical Intelligence 

Optical Infrared 

OBU Program Upgrade System 

(1) Operational Requirements; (2) Operationally Ready 
Orbital Intelligence 

System Development Corporation Data Search Service 


(1) Dissemination and Extraction of Information Controlled by 
Originator; (2) Originator Controlled 


Operational Requirements Document 
Operational Readiness Exercise 

Official Representation Fund 

Organization 

Operational Readiness Inspection 

(1) Operating System; (2) Cryptologic Officer 
Operations & Support 

Open Systems Architecture 

Ocean Surveillance Assessment Program 
Operational Space Application System 


(1) Office of the Security Council; (2) Operational 
Support Company; (3) Operations Support Center; (4) On-Scene 
Commander 


Optical Submarine Communications by Aerospace Relay 
Operations Support Center and Rear Command Post (Korea) 
Office of the Secretary of Defense 

OSD (Comptroller) 

Open Systems Foundation 


(1) Operating Systems Incorporated (Contractor); (2) On-Site 
Inspection; (3) Off-Shore Islands; (4) Office of Special Investi- 
gations; (5) Open System Interconnect; (6) Office of Special 
Investigations; (7) Open System Interconnect 


On Site Inspection Agency 
Open Source Intelligence 


(1) Ocean Surveillance Information System; 
(2) Open Source Information Service 


(1) Ocean Surveillance Product; 
(2) Operational Support Package 
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OSPRA Ocean Surveillance Pattern Recognition Algorithm 

OSO Operational Support Office 

OSP Operational Support Packages 

OSS (1) Operational Storage Site; (2) Operations Support Squadron; 
(3) Operations Support System 

OSSC On-Line System Support Center 

OST Outer Space Treaty 

OSTP Office of Science and Technology Policy 

OT (1) Overseas Territories; (2) Overtime; (3) Operational Test; 
(4) One Time; (5) Operations Team 

OT&E Operational Test and Evaluation 

OTA (1) Operational Tasking Authority; 
(2) Office of Technology Assessment 

OTAD Over-The-Air Key Distribution 

OTAR Over-The-Air Rekeying 

OTAT Over-The-Air Transmission/Transfer 

OTAU Over-The-Air Updating 

OTC (1) Officer in Tactical Command; (2) Over-the-Counter 

OTCIXS (1) Officer in Tactical Command Information Exchange Sub- 
system; (2) OTC Information Exchange System 

OTE See OT&E 

OTEA Operational Test and Evaluation Agency (U.S. Army) 

OTH Over-the-Horizon 

OTH-B Over-the-Horizon Backscatter 

OTH-R Over-the-Horizon Radar 

OTH-T Over-the-Horizon Targeting 

OTIS Operational Targeting Intelligence System 

OTM On the Move 

OTP One-Time Pad 

OTS (1) One-Time Source; (2) Officer Training School; 
(3) Oahu Telecommunications System 

OTT One-Time Tape 

OTU Operational Training Unit 

OUO Official Use Only 

OUSDRE Office of the Under Secretary of Defense, Research & 
Engineering 

OUTS Operational Unit Transportable System 

OVOP Overt Operational Proposal 

OVPF Object-Oriented Vector Product Format 
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PAA 

PA ANG 
PAATS 
PABX 
PAC 
PACAF 
PACCAAT 
PACCS 
PACE 
PACFAST 
PACFLT 
PACOM 
PACOPS 
PACTAIS 
PACTIDS 
PACVTCN 
PAD 
PADAR 
PA&E 
PAE 

PAF 

PAI 
PAIDS 
PAIS 


PAL 
PALAPA 
PALS 
PAM 


PAMIS 


PANAMSAT 
PANMAN 
PAO 

PAOC 
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Peacetime 
Pre-Planned Essential Elements of Information 


Land-Based Anti-Submarine Warfare Patrol Aircraft 
(re-engined) 


Pre-Planned Product Improvement 


(1) Pulse Amplitude; (2) Probability of Arrival; (3) Public 
Affairs; (4) Preliminary Assessment; (5) Proper Authority 


(1) Primary Aircraft Authorized; (2) Peer Access Approval 
Pennsylvania Air National Guard 

Precision Approach Area Tracking System 
Private Access Branch Exchange 

Pacific 

Pacific Air Forces 

USPACOM Command and Control AUTODIN Access Terminal 
Post-Attack Command and Control System 
Portable Acoustic Collection Equipment 
Pacific Forward Area Support Team 

Pacific Fleet 

U.S. Pacific Command 

Pacific Air Force Operations 

Pacific Theater Air Intelligence System 
PACOM Theater Intelligence Data System 
Pacific Video Teleconferencing Network 
Program Action Directive 

Passive Airborne Detection & Ranging 
Program Analysis and Evaluation 

Peer Access Enforcement 

Production Analysis and Fusion 

Project Assignment Instruction 

PACOM Area Imagery Distribution System 


(1) Personnel Authentication Identification System; 
(2) Prototype Advanced Indicator System; (3) Pacific Air 
Intelligence System 


Permissive Action Link 
Indonesian Satellite 
Photo Area & Location System 


(1) Payload Assist Module; 
(2) Penetration Augmented Munition 


Psychological Operations Automated Management Information 
System 


PAN American Satellite (Communications System) 

Panama Metropolitan Area Network 

(1) Product Activity/Operational Code; (2) Public Affairs Officer 
PACAF Air Operations Center 
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PAR 


PARCS 


PARINT 
PARIS 
PARMIS 


PARPRO 


PAS 
PASEP 
PASS 


PASS-E 
PASSEX 
PASS-H 
PASS-J 
PASS-K 
PAT 


PATREP 
PATRIOT 
PATRIOT PAC III 


PATRON 
PATWING 
PAVE 


PAWS 


PAX 

PB 
PB(A)(H) 
PBAC 
PBC 
PBD 
PBEIST 
PBL 
PBN 
PBOS 
PBR 


PBTN 
PBV 
PBW 
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(1) Precision Approach Radar; (2) Perimeter Acquisition Radar; 
(3) Phased-Array Radar; (4) Population at Risk; (5) Program 
Assessment Review 


(1) Perimeter Acquisition Radar Attack; 
(2) Perimeter Acquisition Characterization System 


Partial Intercept 
Pacific Army Intelligence System 


Peacetime Airborne Reconnaissance Management Information 
System 


(1) Peacetime Aerial Reconnaissance Program; 
(2) Preplanned Application of Reconnaissance Programs 


(1) Plans and analysis Staff; (2) Pan American Satellite 
Passed Separately 


(1) Photo Interpretation Analyst Support System; 
(2) PACOM IPAC Intelligence Computer System Analyst Sup- 
port System; (3) PACOM ADP Server Site 


USPACOM ADP Server Site-EASTPAC 
Passing Exercise (Naval) 

USPACOM ADP Server Site, Hawaii 
USPACOM ADP Server Site, Japan 
USPACOM ADP Server Site, Korea 


(1) Payload Associated Transporter; 
(2) Planning Assistance Team; (3) Process Action Team 


Patrol Report 
Phased Array Tracking to Intercept of Target 


Phased Array Tracking to Intercept of Target Advanced 
Capability III 


Patrol Squadron (Navy) 
Patrol Wing 


USAF Programs Connected (Night) Avionics, Target 
Designators, Vision 


(1) Portable Analyst Work Station; (2) Prototype Analytical 
Workstation; (3) Portable ASAS Workstation 


Passengers 

(1) Particle Beam; (2) Patrol Boat 

Patrol Boat (Air Cushion) (Hydrofoil) 

Program Budget Activity Committee 

Program and Budget Committee 

(1) Program Budget Decision; (2) Patrol Boat Drone 
Planning Board for European Inland Surface Transport 
Patrol Boat, Light 

Public Broadcasting Network 

Planning Board for Ocean Shipping 


(1) River/Roadstead Patrol Boat (Navy); 
(2) Precision Bombing Range 


Panama Backbone Transport Network 
Post-Boost Vehicle 
Particle Beam Weapon 
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PBX 
PC 


PCA 
PCAC 
PCC 


PCD 
PCE 
PCF(A)(H) 
PCFS 
PCH 

PC II 

PCL 

PCM 
PCMCIA 
PCN 


PCP 
PCR 
PCS 


PCS/UPT 


PCSF 
PCT 
PCTN 
PCTCS 
PCZ 
PD 


PDA 
PDB 
PDC 
PDD 
PDI 
PDF 
PDL 
PDM 


PDMS 
PDMT 
PDOP 
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Private Branch Exchanges 


(1) Patrol Craft; (2) Positive Control; (3) Production 
Control; (4) Personal Computer; (5) Project Coordinator; 
(6) Parallel Computing; (7) Provide Comfort; (8) Patrol Coastal 


Point of Closest Approach 
Primary Collection and Analysis Center 


(1) POADS Computer Center; 
(2) Program Coordinating Committee 


(1) Program Change Decision; (2) Positive Control Document 
Patrol Escort 

Fast Patrol Craft (Air Cushion) (Hydrofoil) 

Fire Support Patrol Craft 

Patrol Craft (Hydrofoil) 

PROVIDE COMFORT II 

Parallel Communications Link 

Pulse Code Modulation 

Personal Computer Memory Card International Association 


(1) Production Control Number; (2) Packet Switching Node; 
(3) Personal Communications Networking 


(1) Project Concept Proposal; (2) Program Change Proposal 
(1) Performance and Cost Report; (2) Program Change Request 


(1) Publication Control Sheet; (2) Permanent Change of Station; 
(3) Submarine Chaser; (4) Personal Communications System; 
(5) Primary Control Station 


Personal Communications Services/Universal Personal Tele- 
communications 


Fire Support Patrol Craft 

Training Patrol Craft 

Pacific Consolidated Telecommunications Network 
Pentagon Center Telecommunications System 
Protected Communications Zone 


(1) Probability of Damage; (2) Presidential Directive; (3) Pulse 
Duration; (4) Passive Detection; (5) Point Detonation (Fuse) 


Personal Digital Assistant 
PSYOP Dissemination Battalion 
Propaganda Development Center 
Presidential Decision Directive 
Principal Deputy for Intelligence 
Panamanian Defense Force 
Program Design Language 


(1) Program Decision Memorandum; 
(2) Pulse Duration Modulation 


Point Defense Missile Systems 
Pursuit Deterrent Munition Trainer 


Position Dilution of Precision 
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PDP 


PDR 
PDS 


PDSS 
PDU 
PDUSD(A&T) 


PE 


PEAD 
PEAS 


PEC 
PEG 


PEH 
PEI 
PEILS 
PEM 


PEO 
PEOC4I 


PEP 

PER 
PERIGEE 
PERINTREP 
PERINTSUM 
PERM 
PERMCERT 
PERSCON 
PEO 
PEO-CCS 
PERSEC 
PERT 

PES 

PESM 

PF 

PFADS 

PFD 

PFIAB 

PFLP 

PFM 
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(1) Program Decision Paper; 
(2) Programmable Data Processor 


Preliminary Design Review 


(1) Passive Detection System; (2) Power Distribution System; 
(3) Production Deconfliction System; (4) Protected Distribution 
System PDSC PACOM Data Systems Center 


Post-Deployment Software Support 
Protocol Data Unit 


Principal Deputy Under Secretary of Defense 
(Acquisition & Technology) 


(1) Probable Error; (2) Personnel Equipment; (3) Program 
Element; (4) Preliminary Exploitation; (5) Peace Enforcement 


Presidential Emergency Affairs Documents 


(1) Psychological Operations Effectiveness Analysis Subsystem; 
(2) PSYOP Effects Analysis System 


(1) Pacific Command Electronic Intelligence Center; 
(2) Program Element Code 


(1) Photo Exploitation Group; (2) Priority Exploitation Group; 
(3) Priorities for ELINT Guidance; (4) Program Element Group 


Probable Error in Height 
Production Enhancement Initiative 
PACOM Executive Intelligence Summary 


(1) Purchased Equipment Maintenance; 
(2) Program Element Monitor 


Peace Enforcement Operation 


Program Executive Officer for Command, Control, Communica- 
tions, Computers, and Intelligence 


Photographic Exploitation Products 

Personnel 

Perspective Image Generation and Exploitation System 
Periodic Intelligence Report 

Periodic Intelligence Summary 

Processless Electron Recording Media 

Permanent Certification 

Personal Contact 

Program Executive Officer 

PEO Command and Control Systems 

Personnel Security 

Program Evaluation and Review Technique 

Positive Enable System 

Passive Electronic Support Measures 

Protection Factor 

Psychological Operations Foreign Area Data Subsystem 
Power Flux Density 

President’s Foreign Intelligence Advisory Board 
Popular Front for the Liberation of Palestine 
Production Functional Manager 
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PFOD 

PG 

PGDR 
PGF 

PGG 

PGH 
PGIP 
PGM 

PGR 
PGW 
PGSS 
PHD 
PHIBGRU 
PHIBRON 
PHIGS 
PHM 
PHOTOINT 
PHOTORECON 
PHS 
PHYSEC 
PI 


PIAC 
PIB 
PIC 


PICON 
PIF 


PIGS 
PIICS 
PILOT 
PIM 
PIN 


PINES 
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Presumptive Finding of Death 


(1) Patrol Combatant; (2) Persian Gulf; (3) Precision Guidance 


Portable Data Reduction System 
Patrol Ship 

Guided-Missile Patrol Combatant 
Patrol Gunboat (Hydrofoil) 
Postgraduate Intelligence Program 
Precision-Guided Munitions 
Reconnaissance Patrol Combatant 
Precision Guided Weapon 
Publications and Graphics Subsystem 
Phase History Data 

Amphibious Group 

Amphibious Squadron 

Programmer's Hierarchical Interactive Graphics 
Patrol Combatant Missile (Hydrofoil) 
Photographic Intelligence 
Photographic Reconnaissance 

Public Health Service 

Physical Security 


(1) Photographic Interpretation/Interpreter; 
(2) Principal Investigator 


PACOM Intelligence Architecture Committee 


(1) PACOM Intelligence Board; (2) Photo Interpretation Brief 


(1) Pacific Imagery Processing and Interpretation Center; 
(2) Parent Indicator Code; 
(3) Processing and Interpretation Center 


Portable ICON 


(1) Processing and Interpretation Facility; 
(2) Project Investment Fund 


Passive Infrared Guidance System 

PACOM - Intelligence Computer System 

Phased Integrated Laser Optics Technology 

Path of Intended Movement 

(1) Preliminary Imagery Nomination File; (2) Photographic 
Intelligence Note; (3) Personal Increment Number; 


(4) Plan Identification Number; (5) Personal Identification 
Number; (6) PACOM Intelligence Net 


PACAF Interim National Exploitation Segment/System 
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PIP 


PIR 


PIRATE 
PIREP 
Pixel 

PJ 

PK 


PKA 
PKC 
PKK 
PKO 
PKSD 
PL 


PLA 


PLARS 
PLGR 
PLL 
PLNG 
PLRS 
PLO 
PLP 
PLS 
PLSDU 
PLSS 
PLT/PIt 
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(1) Project Implementation Plan; 
(2) Product Improvement Package 


(1) Photo Interpretation Report; 
(2) Priority Intelligence Requirement 


Portable Imagery Receive and Transmission Equipment 
Pilot Report 

Picture Element 

Pararescue Jumper 


(1) Probability of Kill; (2) Soviet (FSU) Light Machinegun; 
(3) Peacekeeping 


Public Key Algorithm 

Public Key Cryptography 
Kurdistan Worker's Party 
Peace-Keeping Operation 
Programmable Key Storage Device 


(1) Phase Line; (2) Plans and Operations Division; 
(3) Public Law 


(1) Plain Language Address; 
(2) People's Liberation Army (China) 


Position Locating and Reporting System 
Precision Lightweight GPS Receiver 
Prescribed Load List 

Planning 

Position Location Reporting System 
Palestinian Liberation Organization 
PSYOP Leaflet Payload 

Pre-Launch Survivability 

Physical Layer Service Data Unit 
U.S. Precision Location Strike System 
Platoon 


(1) Preventive Maintenance; (2) Post Meridian (after noon); 

(3) Prime Mover; (4) Preventive Medicine; (5) Program Man- 
ager; (6) Prime Minister; (7) Provost Marshall; Project Manager; 
(8) Production Manager; (9) Peacemaking 


Program Management Automated Tool Set 
Program Management Board 

Professional Military Education 

Project Management File 

Program Manager's Guidance Memorandum 


(1) Personnel Management Information System; 
(2) PSYOP Management Information Subsystem 


(1) Program Management Office; (2) Project Management Office 
Preproduction Model 

Program Management Plan 

Program Management Performance Tracking System 

Primary Mission Readiness 

Program Manager's Recommended Program 
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AQ 


POL-MIL 
POLAD 
POM 


POMCUS 

POOS 

POP 

POR 

PORTS (JOPES) 


PORTS-1N 
PORTSREP 
Pos 

POSIX 
Pos-Nav 
POST 
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(1) Project Management System; (2) Preventive Maintenance 
System; (3) Precision Mensuration Software 


Preliminary Message Security Protocol 
Pacific Missile Test Center (Navy) 
Packet Network 

Prime Nuclear Airlift Force 

PASS Network Control Center 
Post-Nuclear-Event Key 

Peaceful Nuclear Explosion (Treaty) 
Persona Non Grata 

Prescribed Nuclear Load 

Possible Nuclear Underground Test Site 
Pilot Night Vision System 

(1) Petty Officer; (2) Peace Operations 


(1) Plan of Action and Milestones; 
(2) Plan of Attack and Milestones 


Psychological Operations Automated Data System 
Psychological Operations Automation System 
(1) Place of Birth; (2) Psychological Operations Battalion 


(1) Point of Contact; (2) Program of Cooperation; 
(3) Psychological Operations Company 


Proof of Concept/Experimental Testbed 
Portable Oxygen Charging System 
Port of Debarkation 


(1) Plan of Execution; (2) Point of Entry; 
(3) Port of Embarkation 


Polar Orbiting Environmental Satellite 
Psychological Operations Group 

Program of Instruction 

(1) Petroleum, Oils, and Lubricants; (2) Political 
Political-Military 

Political Advisor 


(1) Program Objective Memorandum; 
(2) Preparation for Overseas Movement 


Prepositioned Organizational Materiel Configured in Unit Sets 
Parachute Offset Oxygen System 

Point of Presence 

Preparation for Oversees Replacement 


(1) Portable Remote Telecommunications System; 
(2) Seaports Files; (3) Portable Receive and Transmit System 


Portable Receive and Transmit System - 1N 
Ports Report File (JCS/J-3) 

Position 

Preliminary Open System Interface Standard 
Positioning and Navigation 

Prototype Ocean Surveillance Terminal 
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POTBI 
POTF 
POV 
POW 
POWERR 
PP 
PPO 
PPBES 
PPBS 
PPC 
PPDB 
PPF 
PPGM 
PPI 
PPIF 
PPL 
PPM 
PPMS 
PPS 
PR 
PRA 


PRAM 
PRB 
PRBAC 
PRC 
PRC(I 
PRCSO 
PRD 


PRDA 
PREMSS 


PREP/RAMP 
PRF 

PRG 

PRGB 

PRI 
PRIMAC 
PRM 

PROC 
PROCOMM 
PROD 
PROG 
PROM 
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Places, Organizations, Things, Biographics, Intangibles 
Psychological Operations Task Force 

Privately Owned Vehicle 

Prisoner of War 

Prototype Workstation for Electronic Warfare and Radio 
Preprogramed 

Pilot and Payload Operator 

Planning, Programming, and Budgeting Execution System 
Planning, Programming, and Budgeting System 
Printing and Publications Center 

Point Positioning Data Base 

Photographic Processing Facility 

Planning and Programming Guidance Memorandum 
Pulse Position Indicator 

Photographic Processing and Interpretation Facility 
Preferred Products List 

(1) Parts Per Million; (2) Pulse Position Modulation 
Power Pattern Measurement System 

Precision and Positioning Service 

(1) Production Requirement; (2) Personnel Recover 


(1) Permanent Restricted Area; 
(2) Population Reception Area (NATO) 


Allied Mine 

Program Review Board 

Partition Rule Base Access Control 

(1) Policy Review Committee; (2) People's Republic of China 
Policy Review Committee (Intelligence) (now SIG(I)) 
Peacetime Reconnaissance and Certain Sensitive Operations 


(1) Production Responsibilities Document; 
(2) Presidential Review Directive 


Photo Reconnaissance Damage Assessment 


Photo Reconnaissance and Exploitation Management Support 
System 


Pre-Edit Processor/Report and Message Processor 
Pulse Repetition Frequency 

Program Review Group 

Point Reference Guild Book 

(1) Pulse Repetition Interval; (2) Primary Rate Interface 
Production and Inventory Management and Control System 
Presidential Review Memorandum 

Processing/Process 

Terminal Emulation Software for DOS Workstations 
Production 

Program 

Programmable Read-Only Memory 
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PROPIN 
PRP 
PRPG 
PRS 
PRSCO 
PRT 
PRTB 
PRU 

PS 


Ps 
PSAA 
PSAC 
PSB 
PSC 
PSDU 
PSI 
PSK 
PSL 
PSN 


Psns 
PSO 


PSP 
PSPS 
PSR 
PSRC 
PSS 
PST 
PSTN 
PSYOP 
PSYOPGP 
PSYWAR 
PT 

Pt 
PTADB 
PTG 
PTGP 
PTIAP 
PTL 

Pt 
PTN 
PTP 
PTR/P 
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Caution — Proprietary Information Involved 

Portable Radio Program 

Preliminary Reference Point Graphic 

PACOM Remote System 

Peacetime Reconnaissance and Sensitive Collection Operations 
Personal Rapid Transit 

Soviet (FSU) Mobile Rocket Technical Base 

Photographic Reconnaissance Unit 


(1) Processing Station; (2) Processing Segmext; 
(3) Policy Support 


Permanent snowfields 

Pacific Special Activities Area 

President's Scientific Advisory Committee 

Harbor Patrol Boat 

Principal Subordinate Command (NATO) 

Physical Layer Service Data Unit 

(1) Pounds Per Square Inch; (2) Personnel Security Investigation 
Phase Shift Keying 

Protected Services List 


(1) Packet Switching Node; (2) Public Switched Network; 
(3) Packet Switched Network 


Positions 


(1) Protective Structure Only; (2) Personnel Security Office; 
(3) Post Security Officer 


(1) Pierced Steel Planking; (2) Planning Support Package 
PSYOP Studies Program Subsystem 

(1) Post-Attack Status Report; (2) Periodic Status Report 
Presidential Selected Reserve Call-Up 

Packet Switched Service 

Pacific Standard Time 

Public Switched Telecommunications Network 
Psychological Operations 

Psychological Operations Group 

Psychological Warfare 

(1) Torpedo Boat; (2) Part Time; (3) Physical Training 
Peat 

Planning Terrain Analysis Data Base 

Missile Attack Boat 

Part-Time Graduate Program 

PACOM Theater Intelligence Architecture Program 
Small Torpedo Boat 

Patrol 

Pacific Tributary Network 

(1) Probability to Penetrate; (2) Point-to-Point 

Paper Tape Reader/Punch 
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PTS 
PTSR 
PTSS 
PTT 


PTTP 
PTTDS 
PTTP 
Pub 
PUG 
PUP 
PV 
PVDS 
PVITS 
PVST 
PVO 
PVTM 
PW 
PWDS 
PWHQ 
PWI 
PWIPS 
PWRS 
PZ 
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Predicasts Terminal System 
Postmobilization Training Support Requirement 
Passive Thermal Suppression Suit 


(1) Training Torpedo Boat; (2) Postal, Telephone, and Telegraph; 
(3) Push to talk 


USPACOM Tactics, Techniques, and Procedures 
Projected Target Trends Data Sheet (FTL) 
USPACOM Tactics, Techniques, and Procedures 
Publication 

Partially Underground 

(1) Performance Upgrade Program; (2) Pop-Up Point 
Physical Vulnerability 

Physical Vulnerability Data Sheets 

Portable Video Imagery Transmission System 

Port Visit 

(1) Air Defense (FSU); (2) Private Voluntary Organization 
Physical Vulnerability Technical Memorandum 

(1) Prisoner(s) of War; (2) Pulse Width 

Protected Wireline Distribution System 

Primary War Headquarters 

PACOM Warning Intelligence 

Pre-Launch Warning Intelligence Processing System 
Prepositioned War Reserve Stock 

Pick-Up Zone 


170 


Q 


QA 
Q&A 

QBE 

QC 

QEA 

QM 
Q-MESSAGE 
QOL 

QPQ 

QPSK 

Q/R 

QRA 

QRC 

QRF 

QRG 

QRLS 
QRMP 
QRP 

QRRC 

QRT 

QRSA 
QRSP 

QSR 
QSTAG 
QUICKSAT 
QUIP 
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Quality Assessment 

Question and Answer 

Query by Example 

Quality Control 

Quick Erect Antenna 

Quartermaster 

Classified Message on Navigational Hazard 
Quality of Life 

Quid Pro Quo 

Quadrature Phase Shift Keying 
Query/Response 

Quick Reaction Alert 

Quick Reaction Capability 

Quick Response Force 

Quick Response Graphic 

Quick Reaction Launch System 

Quick Response Multicolor Printer 
Quick Reaction Package 

Quarterly Readiness Report to Congress 
(1) Quick Reaction Task; (2) Quick Reaction Terminal 
Quick Reaction Satellite Antennae 

Quick Reaction Shuttle Payload 

Quick Strike Reconnaissance 
Quadripartite Standardization Agreement 
Modified AN/FSC-78 

Quarterly Intelligence Production Listing 
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RADAR 
RADAREXREP 
RADAY 
RADBN 
RADC 
RADCM 
RADCOM 
RADCON 
RADIAC 
RADINT 
RADREL 


RAMP 
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(1) Rock Outcrops; (2) Receiver 

(1) Restricted Area; (2) Responsible Agency; (3) Resident Agent 
Royal Australian Air Force 

Rapid Application of Air Power 

Resident Agent in Charge 

Rapid Automatic Cryptographic Equipment 

Royal Air Force 

Radar Beacon Forward Air Controller 

Research and Analysis Company 

Rear Area Combat Operations 

Radiation Absorbed Dose 

Radio Detection and Ranging 

Radar Exploitation Report 

Radio Day 

Radio Battalion 

Rome Air Development Center 

Radar Countermeasures 

Radio Communications 

Radiological Control 

Radioactive Detection, Indication, and Computation 
Radar Intelligence 

Radio Relay 

Royal Air Force (U.K.) 

(1) River Assault Group; (2) Regimental Artillery Group (FSU) 
Rapid Access Imagery Dissemination System 
Relational Analyses of Internetted Linkages System 


(1) Rolling Airframe Missile; (2) Random Access Memory; 
(3) Radar Absorbing Materials; (4) Reliability, Availability, and 
Maintainability 


Rating Maintenance Program 


Radar Advanced Measurement Program for Analysis of Reentry 
Techniques 


(1) Rear Area Operations Center; 
(2) Regional Air Operations Center 


Radar and Optical Intelligence Working Group 

(1) Rocket Assisted Projectile; (2) Remedial Action Projects 
Relocatable Army Processors for IntelligenceData-Europe 
Rapid Emergency Reconstitution 

Responsive Aircraft Program for Theater Operations 


(1) Record Assigned Systems; (2) Replenishmest at Sea; 
(3) Regional Analysis Section; (4) Rear Area Security; 
(5) Remote Access Support 


Required Automated Services Center 
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RASS 
RAST 
RATO 
RATT 
RATV 
RAU 
RAWS 
RAWSII 
RB/ER 
RBIF 
RBS 
RC 


RCA 


RCAF 
RCAS 
RCC 
RCF 
RCM 
RCOC 
RCMP 
RCP 
RCS 
RCSS 
RCST 
RCU 
RCV 
RCW 
RCZ 
RD 


R&D 
RD&A 
RDA 
RDAISA 


RDB 
RDBMS 
RDC 
RDD 
RDE 
RDEC 
RDF 
RDI 
RDIT 
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Random Access Storage System 
Regional Analyst Support Team 
Rocket-Assisted Takeoff 

Radio Teletypewriter/Teleprinter 
Rescue AII Terrain Vehicle 

Radio Access Unit 

RAPIDE Analyst Workstation 

Raw Statement of Intelligence Interest 
Reduced Blast/Enhanced Radiation 
Red Basic Intelligence File 

(1) Regional Broadcast System; (2) Remote Base Server 


(1) Radio-Controlled; (2) Required Capability; 
(3) Reserve Component; (4) Riverine Craft 


(1) Riot Control Agent; (2) Royal Canadian Army; 
(3) Requirements Control Authority 


Royal Canadian Air Force 

Reserve Component Automated System 

(1) Regional Control Center; (2) Rescue Coordination Center 
Remote Collection facility 

Radar Countermeasures 

Regional Communications Operations Center 

Royal Canadian Mounted Police 

Remote Communications Processor 

(1) Radar Cross Section; (2) Remote Collection System 
(1) Reconnaissance Cargo; (2) RC-135 Support Service 
RC-135 Support Team 

Reserve Component Unit 

Receive 

Reconfigurable Workstation 

Rear Combat Zone 


(1) Restricted Data; (2) Radius of Damage; 
(3) Replacement Detachment; (4) Readiness Division 


Research and Development 
Research, Development, and Acquisition 
Research, Development, Acquisition 


United States Army Research, Development & Acquisition 
Information Systems Agency 


Requirements Data Base 

Relational Data Base Management System 

Rapid Deployment Capability 

Required Delivery Date 

Radiation Detection Experiment 

Research Development Engineering Center 

(1) Radio Direction Finding; (2) Rapid Deployment Force 
Reconnaissance, Detection & Identification 

Rapid Deployment Imagery Terminals 
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READ 
READYCAP 
REC 

RECA 
RECA(T) 
RECAP 
RECAS 
RECC 
RECCE 
RECCEXREP 
RECI 
RECLAU 
RECON 
RECONBN 
RECONT 
REDCOM 
REDCON 
RED Cell 
RED FLAG 
RED HORSE 
REDTRAIN 
REFORGER 
RFC 


REGT/Regt 
REL 
RELCAN 
RELROK 
REM 
REMAB 
REMBASS 
REMS 
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Rapid Deployment Joint Task Force 
Recurring Document Listing 
Rapidly Deployable Mobile SIGINT Systems 


(1) Remote Display System; (2) Rapid Dissemination System 


Rapidly Deployed Surveillance System 
Research, Development, Test and Evaluation 
Rapid Deployment Vehicles 

Receive Element 

Readiness 

Fighter Aircraft in Standby Condition 
Radio-Electronic Combat 

Residual Capabilities Assessment 

Residual Capability Assessment (Team) 
Requirements and Capabilities System 
Residual Capabilities Assessment System 
Regional Emergency Communications Coordinator 
Reconnaissance 

Reconnaissance Exploitation Report 

Radar Emitter Classification Identification 
Reconnaissance Launch Report 
Reconnaissance 

Reconnaissance Battalion 

Reconnaissance Intentions Report 
Readiness Command 

Readiness Condition 

Rapid Exploitation and Dissemination Cell 
ACC Combat Flying Exercise at Nellis AFB 
Deployable Civil Engineering Group 
Readiness Training 

Return of Forces to Germany (Exercise) 
Request for Collection 

Regulation 

Regiment 

Releasable 

Releasable to Canada 

Releasable to the Republic of Korea 

Route Evaluation Module 

Remote Marshalling Base 

Remotely Emplaced Battlefield Surveillance System 
Remote Employed Sensors 

Regional Emergency Management Team 


Reconnaissance, Electronic Warfare & Naval Intelligence 


System 


(1) Range Error Probable; 
(2) Reserve Exploitation Program; (3) Representative 
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RES 

Res 
RESDAT 
RESTA 
RETRANS 
RETS 
REUTERS 
REW(S) 
REWSON 


RF 
RF-4 
RFA 
RFC 
RFD 
RFE/RL 
RFI 
RFIS 
RFL 
RFMETS 
RFP 


RFPI 
RFPW 
RFR 
RFS 
RFTB 
RFTL 
RGB 
RGR 
RGS 
RGT 
RHAW 
RHIB 
RI 
RIB 
RIC 
RIF 
RII 
RIM 
RIMPAC 
RIMS 
RINT 
RIO 
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Remote Earth Sensing 

Reserve 

Restricted Data 

Reconnaissance, Surveillance & Target Acquisition 
Retransmission 

Remoted Target System 

A News Service 

Radio Electronic Warfare (Service) 


Reconnaissance, Electronic Warfare, Special Operations & 
Naval Intelligence Processing System 


(1) Radio Frequency; (2) Representative Fraction 

Designator for Reconnaissance Aircraft (USAF/USMC) 
Restricted Fire Area 

Request for Collection 

Radio Frequency Distribution 

Radio Free Europe/Radio Liberty 

(1) Radio Frequency Interference; (2) Request for Information 
Reserve Forces Intelligence School 

Restrictive Fire Line 

Radio Frequency Mobile Electronics Test Set 


(1) Remaining Force Potential; (2) Radio Frequency Pulse; 
(3) Request for Proposal; (4) Request for Production 


Rapid Force Projection Initiative 
Radio Frequency Pulse Weapon 
Request for Requirements 
Request for Service 

Reserve Force Target Base 
Reserve Forces Target List 
Red-Green-Blue 

(1) Ranger; (2) Roger 

Relay Ground Station 

Regiment 

Radar Homing and Warning 
Rubber Hull Inflatable Boat 
Routing Indicator 

Rigid Inflatable Boat 

(1) Regional Intelligence Center; (2) Resource Identification Code 
Reduction in Force 

Request for Intelligence Information 

ROTHR Interface Module 

U.S. Naval Exercise 

Requirements Inventory Management System 
Unintentional Radiation Intelligence 

Radar Intercept Officer 


175 


Page 3445 of 3957 


RIP (1) Register of Intelligence Publications; 
(2) Reconnaissance Information Point 
RIPL Reconnaissance and Interdiction Planning Line (NATO) 
RIPSO Revised IP Security Option 
RISC Reduced Instruction Set Computer 
RISOP Red Integrated Strategic Operations Plan 
RISP Reserve Intelligence Support Project 
RIT Remote Imagery Transceiver 
RITS Remote Imagery Transceiver System 
RJITF Regional Joint Intelligence Training Facility 
RL (1) Rocket Launcher; (2) Radio Liberty; (3) Receive Location 
RLG Ring Laser Gyro 
RM (1) Requirements Management; (2) Resource Management 
RMBUX Rocky Mountain Basic UNIX 
RMEC Regional Military Emergency Coordinator 
RMG Resource Management Group 
RMO (1) Records Management Officer; 
(2) Requirements Management Office 
RMS (1) Requirements Management System; 
(2) Remote Monitoring System 
RNAV Area Navigation 
RNO Regional Nuclear Option 
RNP (1) Radio Navigation Point; (2) Remote Network Processor 
RO (1) Reporting Officer; (2) Radar Operation; 
(3) Receive Only; (4) Resident Office 
RO/RO Roll-On/Roll-Off (Ship) 
ROB Radar Order of Battle 
ROC (1) Required Operational Capability; (2) Republic of China; 
(3) Reconnaissance Operations Center; (4) Required Operational 
Capability; (5) Regional Operations Center 
ROCC Regional Operations Control Center 
ROD Reconnaissance Operations Division 
RODCA (1) Reporting of DoD HUMINT Collection Activities; 
(2) Message Caveat 
ROE Rules of Engagement 
ROF (1) Rate of Fire; (2) Remote Operating Facility 
ROFA Remote Operating Facility Airborne 
ROIPB Rear Operations Intelligence Preparation of the Battlefield 
ROK Republic of Korea 
ROKA Republic of Korea Army 
ROKAF Republic of Korea Air Force 
ROKN Republic of Korea Navy 
ROKUSCFC Republic of Korea and U.S. Combined Forces Command 
ROM Read Only Memory 
RON Remain Overnight 
ROP Remote Operating Position 
RORSAT Soviet (FSU) Radar Ocean Reconnaissance Satellite 
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ROSE 
ROSS 
ROT 
ROTC 
ROTHR 
ROU 
ROW 
RP 
RPA 
RPB 
RPC 


RPE 
RPG 


RPK 
RPM 
RPT 
RPTG 
RPV 
RQS 
RQT 
RQMTS 
RR 
R&R 
RRC 
RRDB 
RRF 
RRG 
RRI 
RRICS 
RRII 
RRM 
RRP 
RRS 
RRT 
RRTP 
RS 
R&S 
RSB 
RSBN 
RSDN 
RSC 


R&SC 


Page 3446 of 3957 


Page 3446 of 3957 


Remote Optical Sensing of the Environment 
Refinement of SIGINT Support 

Rotating Position 

Reserve Officer Training Corps 

Relocatable Over-the-Horizon Radar 
Radius of Uncertainty 

Rest-of-World 

(1) Reference Point; (2) Release Point 
Reserve Personnel Allotment 

Regional Preparedness Board 


(1) Regional Preparedness Committee; (2) Regional Reporting 
Center; (3) Remote Procedure Calls; (4) Rapid Positioning 
Capability 


Reconnaissance Planning Element 


(1) Soviet (FSU) Shoulder-Fired Antitank Grenade Launcher; 
(2) Report Program Generator 


Soviet (FSU) Light Machinegun (similar in design to the AK rifle) 
(1) Revolutions per Minute; (2) Rounds per Minute 
Report 

Reporting 

Remotely Piloted Vehicle 

Rescue Squadron 

(1) Reliability Qualification Tests; (2) Requirement 
Requirements 

(1) Railroad; (2) Radio Relay 

Rest and Recreation 

Regional Reporting Center 

Rapidly Reconfigurable Data Base 

(1) Ready Reserve Force; (2) Rapid Reaction Force (ACE) 
Remote Receive Group 

Response to Request for Information 

Rapid Response Imagery Capability System 
Response to Request for Intelligence Information 
Red Resource Monitoring 

Rapid Reinforcement Plan 

Remote Receive Station 

Radio Receive/Transmitter 

Rail-to-Road Transfer Point 
Reconnaissance/Surveillance 

Reconnaissance and Surveillance 

PSYOP Regional Support Battalion 

Short-Range Navigation System (FSU) 
Long-Range Navigation System (FSU) 


(1) Regional Support Commands; (2) PSYOP Regional Support 
Company 


Reconnaissance and Surveillance Center 
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RSE Ranger Support Element 
RSI, R/S/I Rationalization, Standardization and Interoperability 
RSN Red Switched Network 
RSO (1) Reconnaissance & Survey Officer; 
(2) Regional Security Officer 
RSOC Regional SIGINT Operations Center 
RSOD Remote Satellite Operations Demonstration 
RSOG Reserve Special Operations Group 
RSR (1) Resource Status Report; (2) Required Supply Rate; 
(3) Radar Service Request 
RSSC Regional Space Support Centers 
RSSP Reconnaissance Support Survivability Program 
RST (1) Recovery Support Team; (2) Regional Survey Team 
RSTA Reconnaissance, Surveillance, & Target Acquisition 
RSW Reflected Shockwave 
RT (1) Real Time; (2) Radio Telephone; 
(3) Relocatable Target; (4) Radius of Target 
RTA Residual Threat Assessment 
RTAPS Relocatable Target Adaptive Planning Support 
RTASS Remote Tactical Airborne SIGINT System 
RTCE Rapid Targeting Capability Europe 
RTG Reconnaissance Technical Group (TAC, USAFE, PACAF) 
RTIC (1) Regional Threat Information Cell; 
(2) Real-Time Information to the Cockpit 
RTIP Real-Time Interactive Processor 
RTM Receiver/Transmitter/ Modem 
RTOS Real-Time Optical System 
RTP Rail Transfer Point 
RTS (1) Reconnaissance Technical Squadron; (2) Real-Time Simulator 
RTS-I Regional Training Site(s)-Intelligence 
RTSP Real-Time Signal Processor 
RU (1) Roundup; (2) Resident Unit 
RUNT Russian Underground Nuclear Test 
RURPOP Rural Population File 
RV (1) Reentry Vehicle; (2) Radius of Vulnerability; 
(3) Reconnaissance Vehicle 
RVT Remote Video Terminal 
RW (1) Radiological Warfare; (2) Rotary Wing; 
(3) Reconnaissance Wing 
RWH Radar Warning & Homing 
RWI Radio Wireline Interface/Integration 
RWO Reconnaissance Watch Officer 
RWR Radar Warning Receiver 
RWS Remote Workstation 
RX Receive 
RZ Recovery Zone 
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SAA 
SAAC 
SAAM 
SAASE 


SACC 
SACCS 


SACS 


SAE 
SAB 
SAC 


SACDIN 

SACEUR 
SACLANT 
SACLANTREPEUR 
SACOM 

SACOS 
SACWARNS 


SADARM 
SADF 
SADO 
SADT 
SAEDA 
SAF 


SAFE 


SAFF 
SAF/O/T 
SAG 
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Secret 

Signature 

Personnel Staff Officer 

Intelligence Staff Officer; Brigade, Battalion, and Armored Cavalry 
Operations Staff Officer 


(1) Logistics Staff Officer; (2) Special Access; (3) Situational 
Awareness (4) Signals Analysis; (5) Surface-to-Air; used to iden- 
tify FSU Surface-to-Air Missiles, e.g., SA-7/GRAIL; (6) Situa- 
tion Assessment; (7) Security Assistance; (8) Special Agent; 

(9) Stand Alone; (10) Secretary of the Army; (11) Systems 
Administrator; (12) Strategic Attack 


(1) Special Area Assessments; (2) Strategic Air Army 
Strategic Analysis Applications Center 
Special Assignment Airlift Mission 


Standard Data Element-Based Automated Architecture Support 
Environment 


Supporting Arms Coordination Center 


Strategic Air Command Automated Command & Control Sys- 
tem 


(1) Secure Access Control System; 
(2) STU-III Access Control System 


Service Acquisition Executive 
Subject as Above 


(1) Strategic Air Command; (2) Scientific Advisory Committee; 
(3) Senate Appropriations Committee 


SAC Digital Network 

Supreme Allied Commander, Europe (NATO) 
Supreme Allied Commander, Atlantic (NATO) 
SACLANT Representative in Europe 
Southern Area Command 

SAC Operational Staff 


(1) Strategic Air Command Indications and Warning; 
(2) SAC Warning System 


Sense and Destroy Armor 

South African Defense Force 

Senior Air Defense Officer 

Structured Analysis Design Technique 

Subversion and Espionage Directed Against the Army 


(1) Soviet (FSU) Air Force; (2) Source Acquisitions File; 
(3) Secretary of the Air Force; (4) US Air Force Staff 


(1) Support for the Analysts' File Environment; 
(2) Selected Area for Evasion 


Safing, Arming, Fuzing, and Firing 
Security Assistance Force/Organization/Team 


(1) Study Advisory Group; (2) Surface Action Group; 
(3) Strategic Advisory Group 
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SAGE 
SAI 
SAIB 
SAID 
SAIS 
SAL 


SALT 
SALUTE 


SAM 
SAMOB 
SAMSO 
SAMT 
SAO 


SAOB 
SAOC 


SAOCS 
SAP 
SAPAS 
SAR 


SARC 
SARDA 
SARP 
SARPF 
SARSAT 
SART 
SARV 
SAS 


SASC 
SASM 
SASS 


SAT 
SATCOM 
SATCOMA 
SATKA 
SATRAN 


SATS 
SATVUL 


Page 3449 of 3957 


Page 3449 of 3957 


Semiautomatic Ground Environment (Radar) 
Strategic Command Administrative Instruction 
Safe Area Intelligence Brief 

Safe Area Intelligence Description 

Strategic Aerospace Intelligence System 


(1) Strategic Arms Limitation; 
(2) Submarine Alerting and Locating 


(1) Strategic Arms Limitation Talks; (2) Supporting Arms Liai- 
son Team 


Size, Activity, Location, Unit, Time, Equipment 
(spot report format) 


(1) Surface-to-Air Missile; (2) Summary Assessment Matrix 
Surface-to-Air Missile Order of Battle 

Space And Missile System Organization 

State of the Art Medium Terminals 


(1) Special Access/Activities Office; (2) Select Attack Option; 
(3) Special Access Only; (4) Security Assistance Organization; 
(5) Security Assistance Office 


FSU Air Order of Battle 


(1) Space Actions Officers Course; 
(2) Sector Air Operations Center 


Submarine/Aircraft Optical Communications System 
(1) Special Access Program; (2) System Acquisition Plan 
Semiautomatic Population Analysis System 


(1) Search and Rescue; (2) Synthetic Aperture Radar; 
(3) Special Access Required; (4) Sea-Air Rescue 


Surveillance and Reconnaissance Center 

Secretary of the Army for Research, Development and Acquisition 
Storage and Retrieval Processor 

Strategic Air Relocatable Processing Facility 

Search and Rescue Satellite-Aided Tracking 

Strategic Aircraft Recovery Team 

Strategic Aerospace Reconnaissance Vehicle 


(1) Strategic Area Study; (2) Strategic Aerospace Summary; 
(3) Special Activities Squadron; (4) Support to Analyst Sub- 
system; (5) Survivable Adaptive Systems 


Senate Armed Services Committee 
Strategic Air-to-Surface Missile 


(1) Small Aerostat Surveillance System; 
(2) Systems Acquisition Support Services 


(1) Satellite; (2) Staff Augmentation Team; (3) Satisfactory 
Satellite Communications 

Satellite Communications Agency (U.S. Army) 
Surveillance, Acquisition, Tracking, and Kill Assessment 


(1) Satellite Reconnaissance Advanced Notice; 
(2) Satellite Transmission 


Southwest Asia Telecommunications System 
Satellite Vulnerability 
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SAVE 
SAVI 
SAWC 
SAWG 
SAWIC 
SAWS 
SAWVS 
SB 
S-BAND 
SBB 
SBI 
SBIRS 
SBIS 
SBKKV 
SBL 
SBM 
SBR 
SBS 
SBSS 
SBU 
SBWASS 
SC 


SCA 
SCAD 
SCAMP 
SCAMPI 
SCARE 
SCATANA 
SCC 


SC CAT 
SCC(I) 
SCCP 
SCCS-R 
SCCTV 
SCDL 
SCE 
SCF 
SCF-UK 
SCG 


Page 3450 of 3957 


Page 3450 of 3957 


Situation Analysis and Vulnerability Estimate 
Systems Analysis of Vulnerability to Intrusion 
Special Air Warfare Center 

Simulation and Analysis Working Group 

Strike and Amphibious Warfare Intelligence Center 
Submarine Analyst Work Station 

Satellite Attack Warning and Verification System 
Sentinel Byte 

2 to 4 GHz 

Sustained Bare Base 

(1) Special Background Investigation; (2) Space-Based Interceptor 
Space-based Infrared Radar System 

Sustaining Base Information Services 

Space-Based Kinetic Kill Vehicle 

Space-Based Laser 

Single-Point Mooring Buoy 

(1) Special Boat Squadron; (2) Space-Based Radar 
Site Backbone Segment 

Space-Based Surveillance System 

(1) Special Boat Unit; (2) Sensitive but Unclassified 
Space-Based Wide-Area Surveillance System 


(1) Science Committee (NATO); (2) Signal Corps; 

(3) Security Code; (4) Signal Company; (5) System Center; 

(6) Structural Category; (7) Screen Commander or Coordinator; 
(8) Air Force Communications-Computers Directorate; 

(9) Submarine Conversion 


Service Cryptologic Agency 

Subsonic Cruise Armed Decoy 

Sensor Control and Management Platoon 

SOF C3I Telecommunications System 

Standard Collection Asset Request Format 

Security Control of Air Traffic and Air Navigation Aids 


(1) Special Coordination Committee; (2) Standing Consultative 
Commission (SALT); (3) Surveillance Coordination Center; 
(4) System Control Center; (5) Space Control Center; 

(6) Service Component Commander 


SOUTHCOM Crisis Action Team 

Special Coordination Committee (Intelligence) 
Single-Channel Command Post 
Single-Channel Collection System - Rear 
Secure Closed-Circuit Television 

Surveillance and Control Data Link (JSTARS) 
Service Cryptologic Element 

Satellite Control Facility 

Save the Children Federation-UK 

Special Consultative Group (NATO) 
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SCI 


SCIBS 
SCIC 
SCIF 
SCIM 
SCIMITAR 
SCINET 
SCIP 
SCIPMIS 
SCIPS 
SCIS 
SCISS 
SCI-VTC 
SC J2 
SCL 
SCLNO 
SCM 
SCN 
SCO 
SCOLA 
SCORE 
SCOTT 
SCP 
SCPC 
SCS 
SCSC 
SCSI 
SCT 
SCUBA 
SCUD 
SD 


SDA 
S&DA 
SDB 
SDC 


SDD 
SDF 
SDHS 
SDI 
SDIE 
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(1) Sensitive Compartmented Information or Information 
Programs; (2) Source Code Indicator 


Sensitive Compartmented Information Billet System 

State Crime Information Center 

Sensitive Compartmented Information Facility 

Subject Codes for Intelligence Management 

System for Countering Interdiction Missiles and Target Radars 
Sensitive Compartmented Information Network (DoDIIS) 
Special Communications Intelligence Package 

Standard Civilian Personnel Management Information System 
Sensitive Compartmented Information Processing System 
Survivable Communication Information System 
SOUTHCOM Intelligence Support System 

Sensitive Compartmented Information-Video Teleconferencing 
USSOUTHCOM J2 

Standard Conventional Load 

SOUTHCOM Liaison Officer 

Security Countermeasures 

Satellite Control Network 

(1) Service Cryptologic Organizations; (2) Sub-Control Office 
Satellite Communications for Learning 

Signal Communications by Orbiting Relay Equipment 
Single-Channel Objective Tactical Terminal 

Secure Conferencing Project 

Single Channel per Carrier 

(1) Signal Collection System; (2) Satellite Control Squadron 
SOUTHCOM Support Center 

Small Computer Systems Interface 

(1) Single-Channel Terminal; (2) Single-Channel Transponder 
Self-Contained Underwater Breathing Apparatus 

Nickname of a Missile System 


(1) Space Director; (2) Standard Displacement; (3) Senior 
Director; (4) Security Division; (5) Strategic Command 
Directive 


(1) Ships Destination Authority; (2) Strike Damage Assessment 
Strike and Damage Assessment 
Space Data Base 


(1) Strategic Dissemination Company; 
(2) Strategic Defense Command 


Secure Data Device 

Structured Data Fields 

Satellite Data Handling System 
Strategic Defense Initiative 

Special Defense Intelligence Estimate 
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SDIN 


SDIO 
SDIS 
SDLC 
SDM 
SDMA 
SDMS 
SDNRIU 
SDNS 
SDO 
SDOB 
SDR 
SDS 


SDV 

SDVT 
SDYS 

SE 

SEA 
SEABEE 
SEALANCE 
SEAD 
SEADS 
SEAGA 
SEAL 
SEASTAG 
SEATO 
SEAWATCH 
SEC 
SECAF 
SECARMY 
SECC 
SECCLEAR 
SECDEF 
SECNAV 
SECOM 
SECS 
SECSTATE 
SECTY 
SED 
SEDSCAF 
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(1) Secure Digital Information Network; 
(2) Special Defense Intelligence Notice 


Strategic Defense Initiative Organization 
Switched Digital Integrated Service 
Synchronous Data Link Control 

Standoff Destructive Munition 

Spaced Division Multiple Access 

SINET Data Management System 

Secure Digital Network Radio Interface Unit 
Secure Data Network System 

System Development Office 

Scaled Depth of Burst 

(1) Source-Directed Requirements; (2) System Design Review 


(1) Satellite Data System; (2) SIGINT Direct Support; 

(3) Satellite Dissemination System; (4) Secondary 
Dissemination System; (5) Strategic Defense System; 

(6) Switched Data Services; (7) Spatial Data Server; (8) Small 
Digital Switch 


(1) Swimmer Delivery Vehicle; (2) SEAL Delivery Vehicle 
SEAL Delivery Vehicle Team 

Studies 

Southeastern 

(1) Southeast Asia; (2) Senior Enlisted Advisor 

Navy Construction Battalion Personnel 

Anti-Submarine Warfare Standoff Weapons (ASW/SOW) 
Suppression of Enemy Air Defense 

Southeast Air Defense Sector 

Selective Employment Air Ground Alert Forces 
Sea/Air/Land 

SEATO Standardization Agreement 

Southeast Asia Treaty Organization 

NOSIC On-Line Computer System 

(1) Second; (2) Section; (3) Submarine Element Coordinator 
Secretary of the Air Force 

Secretary of the Army 

Survivable Enduring Command Center 

Security Clearance (Management System) 

Secretary of Defense 

Secretary of the Navy 

Security Committee 

Survivable and Enduring Communications System 
Secretary of State 

Security 

Simulated Electronic Deception 

Standard ELINT Data System Codes and Formats 
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SEE 


SEEI 
SEEK 
SEI 
SEIP 
SEIS 
SELA 
SELORS 
SELMON 
SEMA 
SEMEC 
SEN 
SEOS 
SEP 
SEPA 
SEPS 
SERE 
SERER 
SERNO 
SES 


SESOCC 
SESS 

SET 
SETAF 
SEVOCCS 
SEVOX 
SEWC 
SEWCC 
SEWS 


SF 
SFA 
SFAT 
SFD 
SFEM 
SFG 
SFG-A 
SFG(A) 
SFOA 
SFOB 


SFOD 
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(1) System Engineering and Evaluation; 
(2) Softcopy Exploitation Environment 


Special Essential Elements of Information 

Soviet Emigre Exploitation Kit 

Specific Emitter Identification 

Senior Enlisted Intelligence Program 

Survivable and Enduring Intelligence System 

Latin American Economic System 

Ship Emitter Locating Reports 

Selective Monitoring 

Special Electronic Mission Aircraft 

SOF Enhanced Moldable Explosive Change 

(1) Small Extension Node; (2) Space Engagement Node 
SIGINT/Electronic Warfare Operating System 

(1) Selective Employment Plan (NATO); (2) Separate 
FSU Extended Planning Annex 

NATO Selective Employment Plan 

Survival, Evasion, Resistance, and Escape 

Survival, Evasion, Resistance, Escape, and Recovery 
Serial Number 


(1) Surface Effects Ship; (2) Systems Engineering Study; 

(3) Senior Executive Service; (4) Sensor Employment Squad- 
ron; (5) Softcopy Exploitation System; (6) Societe European Des 
Satellites 


Southeastern Sector Operations Control Center 
Space Environment Sensor Suite 

Sensor Employment Teams 

Southern European Task Force 

Secure Voice Command and Control System 
Secure Voice 

Space and Electronic Warfare Commander 
SIGINT/Electronic Warfare Coordination Center 


(1) Satellite Early Warning System; 
(2) SIGINT Electronic Warfare Subsystem 


(1) Special Forces; (2) Standard Form 
Security Fault Analysis 

Strategic Forces Advisory Team 
Saturated Flux Density 

Space Forces Engagement Model 
Special Forces Group 

Special Forces Group-A 

Special Forces Group (Airborne) 
Special Forces Operations Area 


(1) Special Forces Operating Base; 
(2) Soviet (FSU) Forces Order of Battle 


Special Forces Operational Detachment 
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SFODA 
SFOD-D 
SFOS 
SFQC 
SER 
SFRD 
SFT 
SFTL 
SFUG 
SGB 
SGDPS 
SGEMP 
SGF 


SGS 

SGT 

SHA 
SHAPE 
SHARES 
SHC 

SHF 
SHED 
SHELREP 
SHF 
SHOP 
SHORAD 
SI 

S&IA 
SIAB 
SIAD 
SIAP 

SIB 

SIC 


SICAM 
SICR 
SID 


SID(S) 
SIDA 
SIDAC 
SIDPAC 
SIDS 
SIE 

SIF 
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Special Forces Operational Detachments-A 
First Special Forces Operational Detachment-Delta 
Special Forces Operating System 

Special Forces Qualification Course 
Statement of Functional Requirement 

Safe Functional Requirements Document 
Secure Fault Tolerant 

Strategic Future Targets List 

Security Features Users Guide 
SOUTHCOM Ground Order of Battle 
Second Generation Data Processing System 
System Generated Electromagnetic Pulse 


(1) Southern Group of Forces (Soviet Forces in Hungary); 
(2) Synthetic Aperture Radar Ground Facility 


(1) Secretary to the General Staff; (2) Squadron Ground Station 
(1) Satellite Ground Terminal; (2) Sergeant 

Secure Hast Algorithm 

Supreme Headquarters Allied Powers Europe (NATO) 
Shared HF Resources 

Supreme High Command 

Super High Frequency 

Special Handling and Evaluation Detachment 

Shell Report 

Super High Frequency 

Special Handling for Operations Purposes 
Short-Range Air Defense 

(1) Special Intelligence; (2) Special Instructions 
Security and Investigative Activities 

Senior Imagery Advisory Board 

Strategic Imagery Analysis Detachment 

Strategic Intelligence Architecture Program 

Special Intelligence Brief 


(1) Subject Indicator Code (NATO message code); 
(2) System Integration Configuration 


SIGINT Control and Analysis Module 
Specific Intelligence Collection Requirement 


(1) Secondary Imagery Dissemination; 
(2) Subscriber Identification 


Selective Imagery Dissemination (System) 
Single Integrated Data Base 

Single Integrated Damage Assessment Code 
Strategic Imagery Detachment Pacific 
Secondary Imagery Dissemination System 
Space Intelligence Element 

Special Interrogation Facility 


185 


SIFR 
Sig 
SIGCEN 
SIG-I 
SIGINT 
SIGSEC 
SIGSUM 
SII 

SIIR 

SIL 

SIM 


SIMIR 

SIMM 

SIMNET 

SIMO 

SIMP 

SIMS SOUTHCOM 
SINCGARS 


SINET 
SINTER 
SIO 


SIOP 
SIORI 
SIPE 
SIPRNET 
SIR 


SIRADS 
SIRCS 
SIREP 
SIRVES 


SIS 


SISOCS 
SISR 
SISS 


SISUM 
SIT 
SITAS 
SITDEV 
SITMAP 
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Special Intelligence Functional Requirement 
Signal 

U.S. Army Signal Center 

Senior Interagency Group for Intelligence 
Signals Intelligence 

Signals Security 

SIGINT Summary 

Statement of Intelligence Interest 

Special Imagery Interpretation Report 
Systems Integration Laboratory 


(1) Sensor Interface Module; 
(2) Systems Integration Management 


USSTRATCOM IDHS Monthly Integration Review 
Single Inline Memory Module 

Single Channel Ground/Airborne Radio Sub-Systems 
SIM Office 

Space Intelligence Master Plan 

Intelligence Management System 


(1) Single Integrated Channel Ground and Airborne Radio 
Subsystems; (2) Single Channel Ground-to-Air Radio System 


Strategic Intelligence Network 
SIGINT/IMINT Interaction 


(1) Senior Intelligence Officer; (2) Space Intelligence Officer; 
(3) Ship's Intelligence Officer 


Single Integrated Operational Plan 
Self-Initiated Operational Readiness Inspection 
Strategic Intelligence Processing Element 
Secret Internet Protocol Router Network 


(1) Shuttle Imaging Radar; (2) Specific Information Require- 
ments; (3) Spectrum Interferance Resolution 


Shared Imagery Repository and Dissemination System 
Shipborne Intermediate-Range Combat System 
Sensitive Information Report 


SIGINT Requirements Validation and Evaluation Subcommittee 
(of SIGINT Committee) 


(1) Significant Indications Summary; (2) Space Intelligence 
System; (3) Special Intelligence Support; (4) Selective Inquiry 
System; (5) Special Information System 


Army Logistics/Maintenance Depot Data Network 
SIGINT Security Regulation 


(1) Survivable Intelligence Support to SIOP; (2) Subcommittee 
on Information Systems Security of the NSTISSC 


Sensitive Information Summary 
Specialized Investigations Team 

Strategic Industrial Target Analysis Systems 
Situation Development 

Situation Map 
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SITREP 
SITS 
SITSUM 
SITTP 


SIW 

SJA 

SJCS 
SKCATL 
SKE 
SKYLINK 


SKYNET 
SL 

SLA 
SLAM 
SLAR 
SLAT 
SLBM 
SLC 
SLCM 


SLDCOM 
SLED 
SLEP 
SLF 
SLFCS 
SLGR 
SLIP 
SLMM 
SLO 
SLOC 
SLOC(S) 
SLR 
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Situation Report 
Secondary Imagery Transmission System 
Situation Summary 


(US)STRATCOM Intelligence Tactics, Techniques, and 
Procedures for Strategic Operations 


Strategic Intelligence Wing 

Staff Judge Advocate 

Secretary, Joint Chiefs of Staff 

South Korea Conventional Air Target List 
Station-Keeping Equipment 


Communications System Provided by the Diplomatic 
Telecommunications System 


United Kingdom Military Communications Satellite 
Sea Level 

Special U.S. Liaison Advisor 

Standoff Land Attack Missile (Navy) 

Side-Looking Airborne Radar 

Surface-Launched Air-Targeted 
Submarine-Launched Ballistic Missile 

Space Launch Complex 


(1) Submarine-Launched Cruise Missile; 
(2) Sea-Launched Cruise Missile 


Satellite Launch Dispenser Communications 

Safe Low-Energy Detonators 

Service Life Extension Program 

Super Low Frequency 

Survivable Low Frequency Communications System 
Small Lightweight Global Positioning System Receiver 
Serial Line Interface Protocol 

U.S. Submarine-Launched Mobile Mine 

Space Liaison Officer 

Sea Lines of Communication 

Sea Line(s) of Communication 

Side-Looking Radar 

Space Launch Squadrons 

Submerged-Launched Surface-to-Surface Missile 
Space Launch Vehicle 


(1) Memorandum by the Secretary, JCS; (2) Statute Mile; 
(3) Service Member; (4) Security Monitor; (5) Smart Modules 


Submarine Movement Advisory Authority 
Space/Missile Analyst NCO 

Space/Missile Analyst NCO 

Secure Mobile Antijam Reliable Tactical Terminal 
Survivable Mobile Command Center 

Strategic Mission Data Preparation System 
Subject Matter Expert 
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Significant Military Exercise Brief 
Space/Missile Event Office 

Standard Mail Guard 

Senior Military Intelligence Officers’ Conference 
Soviet (FSU) Military Liaison Mission 


(1) Spatial Model Matching; 
(2) Special Mission Mandatory Modification 


(1) Support to Military Operations; (2) Senior METOC Officer; 
(3) Special Mission Optional Modification 


Strategic Missile Order of Battle 

Special Missions Operational Test and Evaluation Center 
Soviet Military Power (the publication) 

Space Mission Payload Assessment System 

Sources, Methods, and Rationale 

Stand-Alone Analysis Subsystems 

Single Mail Transfer Protocol 

Secure Mobile Unit 

(1) Soviet Naval Aviation; (2) System Network Architecture 
Soviet (FSU) Nuclear Artillery Projectile 

Selected Non-Communist Countries DIPP 

Strategic Nuclear Delivery Vehicles 

Secret/NOFORN 

(1) Short-Range Nuclear Forces; (2) Secret NOFORN 
Soviet (FSU) Naval Infantry 

Special National Intelligence Estimate 

Soviet (FSU) Naval Imagery Panel 

Special Nuclear Materials 

Security and Network Management Segment 

Special Naval Operations 

Signal-to-Noise 

Shared Network Server 

SIGINT Numerical Tasking Register 

Special Operations 

Special Operations/Low Intensity Conflict 


(1) Special Operations Aviation; (2) Special Operations Area; 
(3) Speed of Advance 


(1) Special Operations Aviation Battalion; 
(2) Special Operations Aviation Brigade 


(1) Special Operations Aviation Command; (2) Special Opera- 
tions Aviation Company; (3) Special Operations Acquisition 
Center 


Special Operations Aviation Detachment 

Special Operations Automated Data System 
Deputy for Acquisition and Acquisition Executive 
Special Operations Aviation Group 


(1) Special Operations Aviation Regiment; 
(2) Special Operations Analytical Reports 
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SOARS 
SOB 
SOC 


SOCACOM 
SOCC 


SOCCE 


SOCCENT 


SOCCMO 
SOCCS 
SOCCT 
SOCDSS 
SOCET 
SOCEUR 
SOCJIC 


SOCKOR 
SOC-K 
SOCLANT 
SOCLITE 
SOCOM 
SOCOORD 
SOCOS 
SOCPAC 
SOCRATES 


SOCSIDS 


SOCSO 
SOCSOUTH 
SOD 
SODARS 
SOEAID 
SOF 

SOF-IV 

SOF C4 


SOF-MOSS 
SOFA 
SOFATS 
SOFCOM 
SOF EW 
SOFPAC 
SOFI 
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Satellite On-Board Attack Reporting System 
Space Order of Battle 


(1) Special Operations Command; (2) Special Operations Capable; 
(3) Sector Operations Center; (4) Special Operations Craft 


Special Operations Command-Atlantic Command 


(1) Sector Operational Control Center; (2) Special Operations 
Control Center 


(1) Special Operations Command Communications Element; 
(2) Special Operations Command and Control Element 


(1) Special Operations Command Center; (2) Special Operations 
Command Component, CENTCOM 


Special Operations Command Collection Management Office 
Special Operations Combat Control Squadron 

Special Operations Combat Control Team 

Special Operations Command Deployable Support Set 
Special Operations Command Extraction Tool 

Special Operations Command, Europe 


United States Special Operations Command Joint Intelligence 
Center 


Special Operations Command, Korea 

Special Operations Command, Korea 

Special Operations Command, Atlantic 
Special Operations Command Laptop 

Special Operations Command 

Special Operations Coordination Element 
Special Operations Command Operating Staff 
Special Operations Command, Pacific 


Special Operations Command Research, Analysis, and Threat 
Evaluation System 


Special Operations Command - Secondary Imagery 
Dissemination System 


Special Operations Command, South 

Special Operations Command, South 

Special Operations Detachment 

Special Operations Debriefing and Retrieval System 
Special Operations Executive Aide 

Special Operations Forces 

Special Operations Forces-Intelligence Vehicle 


Special Operations Forces Command, Control, 
Communications, Computers, and Intelligence 


SOF Modular Remote Sensing System 

Status of Forces Agreement 

Special Operations Forces Aircrew Training System 
Special Operations Forces Command 

Special Operations Forces Enhanced Weapons 
Special Operating Forces, Pacific 

Special Operations Forces Improvements 
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SOF IRIS 


SOFIST 


SOFLAM 
SOFPARS 
SOF PLD 
SOFPREP 


SOF PSA 
SOFSA 
SOFTACS 
SOG 

SOH 
SOHFRAD 
SOHI 

SOI 


SOIC 


SOICS 
SOIF 
SOIN 
SOINT 
SOIPS 
SOIS 
SOISUM 
SOIT 
SOIWSD 
SOJ 
SOJTF 
SOLANT 
SOLARS 
SOLE 
SOLIS 
SOLL 
SOLOG 
SOMA 
SOME 
SOMOB 
SOMPF 
SOMS 
SON 
SONAR 
SONET 
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Special Operations Forces Imagery Receiver and Intelligence 
System 


Foreign Instrumentation Signals Requirement 
(a collection management software application) 


Special Operations Forces Laser Acquisition Marker 
Special Operations Forces Planning and Rehearsal System 
Special Operations Forces Protection Laser Defense 


Special Operations Forces Planning, Rehearsal and Execution 
Preparation 


Special Operations Forces Power Supply Assembly 

Special Operations Forces Support Activity 

Special Operations Forces Tactical Assured Connectivity System 
Special Operations Group 

SOF Offensive Handgun 

Special Operations HF Radio 

Seminar on Human Intelligence 


(1) Signal Operating Instructions; (2) Signal of Interest; 
(3) Space Object Identification 


(1) Space Operational Intelligence Center; 
(2) Senior Official of the Intelligence Community; 
(3) Special Operations Intelligence Center 


Special Operations Improved Cryptographic System 
Special Operational Intelligence Folders 

Special Operations Intelligence Notes 

Staff Officer Intelligence 

Special Operations Imagery Production System 
Special Operations Intelligence System 

Space Object Identification Summary 

Seminar on International Terrorism 

Special Operations Information Warfare Support Demonstration 
(1) Sea of Japan; (2) Stand-Off Jamming 

Special Operations Joint Task Force 

South Atlantic 

SAC On-Line Analysis and Retrieval System 
Special Operations Liasion Element 

SIGINT On-Line Intelligence (or Information) System 
Special Operations Low Level 

Special Operations Logistics System 

Status of Mission Agreement 

Satellite Orbit Mission Evaluation 

Strategic Offensive Missile Order of Battle 

Special Operations Mission Planning Folder 
Special Operations Media System 

Statement of Need 

Sound Navigation and Ranging 

Synchronous Optical Network 
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SONI 
SONMET 
SOO 

SOP 
SOPE 
SOPEO 
SOPIF 
SOPM 
SOPPC 
SOPPREP 


SOPS 


SOR 
SORD 
SORDAC 


SORFMS 
SORS 


SORTIEALOT 
SORTIC 
SORTS 

SOS 


SOSC 
SOSS 
SOSST 
SOST 
SOSTI 
SOSOS 
SOT-A 
SOTA 
SOTAS 
SOT-B 
SOTF 


SOTSE 
SOTVS 
SOTW 
SOUTHAM 
SOUTHCOM 
SOVPACFLT 
SOW 
SOW/TE 
SOWG 
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Seminar on National Intelligence 

Special Operations Naval Mobile Environmental Teams 

Space Operations Officer 

(1) Standard Operating Procedure(s); (2) Senior Officer Present 
Special Operations Planning Exercise 

Special Operations Program Executive Officer 

Special Operations Photographic Interpretation Facility 

Special Operations Program Manager 

Special Operations Photo Processing Cell 


Special Operation Forces Planning, Rehearsal, and 
Execution System 


(1) Space Operations Squadron; (2) Special Operations Power 
Sources 


(1) Specific Orders and Requests; (2) Statement of Requirements 
System Operational Requirements Document 


Special Operations Research, Development and Acquisition 
Center 


Special Operations Radio Frequency Management System 


(1) Specific Order or Requests; (2) SIGINT Overhead Recon- 
naissance Subcommittee 


Sortie Allotment 
Seminar on Reconnaissance and Technical Information Collection 
Status of Resources and Training System 


(1) International Distress Signal (2) Squadron Officers’ School; 
(3) Special Operations Squadron 


Special Operations Support Command 

Satellite Ocean Surveillance System 

Special Operations Small Secure Transceiver 
Special Operations Special Technology 

Seminar on Scientific and Technical Intelligence 
U.S. Sound Surveillance System 

Special or Support Operations Team-Alpha 
SIGINT Operational Tasking Authority 
Standoff Target Acquisition System 

Special or Support Operations Team-Bravo 


(1) Special Operations Task Force; 
(2) Security Operations Training Facility 


Special Operations Theater Support Element 
Special Operations Tactical Video System 

Special Operations Training Wing 

South America 

Southern Command 

Soviet Pacific Fleet 

(1) Statement of Work; (2) Special Operations Wing 
Special Operations Weather/Technical Element 
Special Operations Working Group 
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SOWT 

SP 

SPA 
SPACDEFENSE 


SPACC 
SPACEAF 
SPACECOM 
SPACING 
SPAD 
SPADATS 
SPADCCS 
SPADOC 
SPADVOS 
SPAF 
SPAIS 
SPAN 
SPATS 
SPB 

SPC 

SPCL 
SPD 
SPEAR 


SPEC 

Spec Nav 
SPECAT 
SPECBOATRON 
SPECBOATUNIT 
Spectre 
SPECWAR 
SPETSNAZ 
SPF 

SPG 

SPIES 

SPIN 

SPINS 
SPINTCOM 
SPIREP 
SPIRES 
SPIRIT 
SPK 

SPO 

SPOC 
SPOD 
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Special Operations Weather Team 
(1) Self-Propelled; (2) Shore Patrol; (3) Security Police 


(1) Special PSYOP Analysis; (2) Special PSYOP Assessment 
Space Defense and Operations/Anti-Satellite (ASAT) Missile 


System 
Space Command Center 
Space Air Force (14 AF) 


Space Command (See AFSPACECOM and USSPACECOM) 


Space Processing and Collection Internals Group 
Special Advisor 

Space Detection and Tracking System 

Space Defense Command and Control System 
Space Defense Operations Center 

Spaceborne Direct View Optical Scanner 

Special Airfield File 

South Pacific Air Intelligence System 

Security Policy Automation Network 

Strategic Posture and Aerospace Threat Summary 
Special Projects Branch (NATO) 

SIGINT Processing Center 

Special Purpose Communications Link 

Strategic Posture Display 


(1) Signal Processing, Evaluation, Alert and Reporting; 
(2) SOF Personal Equipment Advanced Requirements 


Counterterrorism Database 

Special Navy Program 

Special Category (Pneumatic Tube Message Precedence) 
Special Boat Squadron 

Special Boat Unit 

AC-130 H/U Gunship 

Special Warfare 

Soviet (FSU) Special Purpose Forces 

(1) Special Purpose Forces; (2) Single Point of Failure 
(1) Self-Propelled Gun; (2) Softcopy Products Group 
Special Insertion and Extraction System 

Space Intelligence Notes 

Special Instructions 

Special Intelligence Communications (Network) 

Spot Intelligence Report 

Special Intelligence Reports 

Special Purpose Integrated Remote Intelligence Terminal 
Single Point Key(ing) 

Special Project Officer 

Space Operations Center 

Sea Ports of Debarkation 
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SPOE 
SPOT 
SPOTREP 
SPP 

SPR 
SPRAA 
SPS 

SPS 

SPSS 

SPT 
SPTCONF 
SPTD 
SPTG 
SPTREQ 
SQ 

SQD 
SQDN 
SQL 

SQN 

SR 


SRBM 
SRF 
SRHIT 
SRIG 
SRIS 
SROC 
SRIG 
SRJOIC 
SRAM 
SRAMII 


SRAM-T 
SRB 
SRBM 
SRC 
SRCU 
SRD 


SRF 


SRFTL 
SRI 
SRIG 
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Sea Ports of Embarkation 

Satellite Pour l' Observation de la Terre (French) 
Spot Report 

Shared Production Program 

Strategic Petroleum Reserve 

Strategic Plans and Research Analysis Agency 
Scratch Pad Store 

Special PSYOP Study 

Secured Packet Switched Service 

Support 

Support Confirmation 

Supported 

Supporting 

Support Request 

(1) Square; (2) Squadron 

Squad 

Squadron 

(1) Standard Query Language; (2) Structured Query Language 
Squadron 


(1) Special Reconnaissance; (2) Short Range; 
(3) Southern Region; (4) Senior 


Short-Range Ballistic Missile 

SIGINT Readiness Facility 

Small Radar-Homing Intercept Technology (BMD Missile) 
Surveillance, Reconnaissance, and Intelligence Group 
Surface Range Imaging System 

Southern Region Operations Center 

Surveillance, Reconnaissance, and Intelligence Group 
Southern Region Joint Operations Intelligence Center 

U.S. Short-Range Attack Missile 


U.S. Short-Range Attack Missile 
(XAGM-131A; formerly AASM) 


Short Range Attack Missile - Tactical 
Senior Review Board 

Short-Range Ballistic Missile 
Strategic Reconnaissance Center 
SINCGARS Remote Control Unit 


(1) System Requirements Document; 
(2) Special Research Detachment (U.S. Army) 


(1) Strategic Rocket Forces (USSR); (2) Strategic Reserve 
Forces; (3) Secure Reserve Force (U.S.); (4) Selected Reserve 
Force; (5) SIGINT Readiness Facility; (6) SPIRIT Remote 
Facility (TROJAN) 


Secure Reserve Force Target List 
Surveillance, Reconnaissance and Intelligence 
Surveillance/Reconnaissance Intelligence Group 
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SRINF 
SRJOIC 
SRMIS 
SRO 
SROE 
SRP 
SRR 


SRS 


SRSG 
SRT 
SRW 
SRWG 
SS 
SSA 


SSAN 
SSB 


SSB 
SSBN 
SSBSC 
SSC 


SSCC 
SSCI 
SSD 
SSE 
SSES 
SSF 
SSG 


SSGN 
SSI 


SSIXS 
SSJ 
SSLP 
SSLSM 
SSM 
SSM/I 
SSM/T 
SSMA 
SSME 
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Short-Range, Intermediate-Range Nuclear Forces 

Southern Region Joint Operational Intelligence Center 
Southern Region Maritime Intelligence Summary 

Sensitive Reconnaissance Operations 

Standing Rules of Engagement 

(1) Sealift Readiness Program; (2) SIOP Reconnaissance Plan 


(1) Survival, Recovery and Reconstitution; 
(2) Security Requirements Review 


(1) Strategic Reconnaissance Squadron; 
(2) Software Requirements Specification 


Special Representative to the Secretary-General 

(1) Strategic Relocatable Target; (2) Standard Remote Terminals 
Strategic Reconnaissance Wing 

Standing Requirements Working Group 

Attack Submarine 


(1) Security Supporting Assistance; (2) Diesel-Powered Auxil- 
iary Submarine; (3) Special Support Activity; (4) SIGINT 
Support Activity; (5) Soviet (FSU) Strategic Aviation 


(1) Social Security Account Number; 
(2) Nuclear-Powered Auxiliary Submarine 


(1) Ballistic Missile Submarine; 
(2) Standard Software Base; (3) Single Sideband 


Ballistic Missile Submarine 
Nuclear-Powered Ballistic Missile Submarine 
Single Sideband, Suppress Carrier 


(1) Coastal Submarine; (2) Space Surveillance Center; 
(3) Surface Support Craft 


Special Security Communications Center 

Senate Select Committee on Intelligence 

Strategic Studies Detachment 

Special Security Element 

Ships Signal Exploitation Space 

(1) Software Support Facility; (2) Special Service Force 


(1) Cruise Missile Attack Submarine; 
(2) Special Security Group 


Nuclear-Powered Cruise Missile Attack Submarine 


(1) Specialty Skill Identifier; 
(2) Safety, Security and Intelligence 


Submarine Satellite Information Exchange Subsystem 
Self-Screening Jamming 

Transport Submarine 

Single-Source Logistics Support Manager 

(1) Surface-to-Surface Missile; (2) Midget Submarine 
Sensor System Microwave Imager 

Sensor System Microwave/Temperature 

Spread Spectrum Multiple Access 

Spread Spectrum Modulation Equipment 
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SSMO 
SSMOB 
SSMP 
SSN 


SSO 
SSO-INT 
SSP 


SSP-S 
SSQ 
SSQN 
SSR 


SSS 


SSSP 
SST 


SSTO 

SSTS 

SSUS 

ST 

S&T 

S&TI 

ST&E 

STA 
STACCS 
STAMIS 
STAMP 
STAMPS 
STANAG 
STANAVFORLANT 
STAN-EVAL 
STANS 


STAP 
STAR 


STARC 
STARS 
STAR-T 
START 
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SIGINT Support to Military Operations 
Surface-to-Surface Missile Order of Battle 
Security System Management Plan 


(1) Nuclear-Powered Attack Submarine; 
(2) Social Security Number; 
(3) Space Surveillance Network 


(1) Special Security Office; (2) Special Security Office(r) 
Senior Staff Officer-Intelligence (Canadian) 


(1) SIGINT Support Plan; (2) Scheduled Strike Program 
(NATO); (3) Single-Shot Probability of Damage; 
(4) Single-Source Processor; (5) SIOP Support Program 


Single Source Processor-SIGINT 
Auxiliary Submarine, Communications 
Nuclear-Powered Auxiliary Submarine, Communications 


(1) Radar Picket Submarine; (2) Secondary Surveillance Radar; 
(3) Special Security SSRS Representative SIGINT Surveillance 
and Reporting System 


(1) Staff Summary Sheet; (2) Systems Science and Software; 
(3) System Support Segment; (4) Special Support Section 


Single-Source SIGINT Processor 


(1) Training Submarine; (2) System Specific Threat; 

(3) Supersonic Transport; (4) Single Subscriber Terminal; 
(5) Sate Secure Transport; (6) Strategic Support Team; 
(7) Space Support Team 


Single-Stage-To-Orbit 

Space Surveillance and Tracking System 
Spin-Stabilized Upper Stage 

(1) SEAL Team; (2) Strategic Task; (3) Short Tons 
Scientific and Technical 

Scientific and Technical Intelligence 

Security Test and Evaluation 

Surveillance and Target Acquisition 

Standard Theater Army Command and Control System 
Standard Army Management Information System 
SOUTHCOM Topographic Augmentation Program 
Stand-Alone Message Processing System 
Standardization Agreement (NATO) 

Standing Naval Force, Atlantic (NATO) 
Standardization and Evaluation 


(1) Soviet Tactical Nuclear Study; 
(2) Space Target Analysis and Networking System 


Science and Technology Advisory Panel 


(1) Surface-to-Air Recovery; 
(2) System Threat Assessment Report 


State Area Command 

Surveillance, Target Acquisition & Reporting System 

SHF Tri-Band Advanced Range Extension Tactical Terminal 
Strategic Arms Reduction Talks/Treaty 
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STARTEX 
STASS 
STATDM 
Static RI 
STATS 
STATSIONAR 
STC 


STCFE 
STD 
STEL 
STEP 
STEPS 
STEPS II 
STG 
STEL 
S&TI 
STIC 


STICS 
STIFF 
STIISP 


STINT 

STIR 
STITEUR 
STK 

STO 

STOL 
STON 
STOPS 
STOVL 

STP 

Str 

STRAM 
STRAT 
STRATCOM 
STRATJIC 
STRATLAT 
STRATMAS 
STRATPAT 
STRED 


STRIKFORSOUTH 


S-TRED 
STRUM 
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Start Date of an Exercise 

Submarine-Towed Array Surveillance System 
Statistical Time Division Multiplex 

Static Infrared Workstation 

Strategic Target Analysis and Tracking System 
USSR/Russian COMSAT System 


(1) Sensitivity Time Control; (2) Short Time Constant (ECCM); 
(3) SHAPE Technical Center 


Science and Technology Center Far East 

(1) SIGINT Technical Data; (2) Standard 

Stanford Telecommunications 

Standardized Technical Entry Point 

Scientific and Technical ELINT Processing System 
Scientific and Technical ELINT Processing System II 
Special Tactical Group 

Secure Telephone 

Scientific and Technical Intelligence 


(1) Scientific and Technical Intelligence Committee; 
(2) Scientific and Technical Intelligence Center 


Scalable Transportable Intelligence Communications System 
Strategic Intelligence Forecast File 


Scientific and Technical Intelligence Information Services 
Program 


Science and Technology (S&T) Intelligence 
Scientific and Technical Intelligence Register 
Scientific and Technical Information Team, Europe 
(1) Satellite Took Kit; (2) Strike 

Science and Technology Objectives 

Short Takeoff and Landing 

Short Ton 

Stand-Off Optical System 

Short Takeoff, Vertical Landing 

(1) Space Test Program; (2) Site Transition Plan 
Strength 

Static Random Access Memory 

Strategic 

Strategic Command 

USSTRATCOM Joint Intelligence Center 
Strategic Command Liaison Assistance Team 
Strategic Message Analysis Server 

Strategic Planning and Analysis Tool 


Standard-Tactical Receive Equipment Display STRICOM Simu- 
lations, Training, and Instrumentation Command 


Strike Force South 
Standard Tactical Receive Equipment Display 
Standard Technical Reporting Using Modules 
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STS 


STT 


STU 

STU-III 
STUR 
STVD 

STW 

STWC 

STX 
SUAWACS 
SUBACS 
SUBLANT 
SUBOPAUTH 
SUBORD 
SUBPAC 
SUCCESS 
SUG 

SUM 

SUMS 
SUPCOM 
SUPINTREP 
SUPIR 


SUPNAVFOR 
SUPPLOT 
SUPREMS 
SUPT 
SURAN 
SURFSHIP 
SURFWARDEVGRU 
SURTASS 
SURV 
SUSLAK 
SUSLO 

SV 

SVC 

SVCN 

SVD 

SVGA 

SVIP 

SVOD 

SVS 

SVTC 
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(1) Special Training Standard; (2) Special Tactics Squadron; 
(3) Subcommittee on Telecommunications Security of the 
NSTISSC 


(1) Small Tactical Terminal; (2) Special Tactics Teams; 
(3) Shore Targeting Terminal 


Secure Telephone Unit (STU II & III) 

Secure Telephone Unit III 

Secure Telephone Unit/Remote 

Southern Theater of Military Operations (FSU) 

Strike Warfare 

Strike Warfare Commander 

Situational Training Exercise 

Soviet (FSU) AWACS 

Submarine Advanced Combat System 

Submarine Forces, Atlantic 

Submarine Operating Authority 

Subordinate 

Submarine Forces, Pacific 

Secure UHF Computer Controlled Equipment Subsystems 
SAFE Users Group 

(1) Surface-to-Underwater Missile; (2) Structural Usage Monitor 
Structural Usage Monitor System 

Support Command 

Supplementary Intelligence Report 


(1) Supplemental Photographic Interpretation Report; 
(2) Supplemental Phase Interpretation Report 


Supporting Naval Force 

Supplemental Plot 

Supplemental Preliminary Mission Summary 
Superintendent 

Southeastern Universities 

Surface Ship 

Surface Warfare Development Group 
Surveillance Towed Array Sonar System (U.S.) 
Surveillance 

Special U.S. Liaison Activity Korea 

Special U.S. Liaison Officer 

(1) Secure Voice; (2) Special View 

Service 

Secure Voice Conferencing Network 

Soviet Sniper Rifle 

Super Video Graphics Adapter 

Secure Voice Improvement Program 

Soviet Aircraft Navigation and Landing System 
Secure Voice System 

Secure Voice Teleconferencing 
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SVTS Secure Video Teleconferencing System 
SW (1) Short Wave; (2) Surface Warfare; (3) Software; 
(4) Strategic Wing 
S&W Surveillance and Warning 
SWA (1) Southwest Asia; (2) Southwest Africa; (3) Standoff 


Weapons Assembly; (4) Senior Warning Analyst; (5) Senior 
Weather Analyst; (6) Secure Work Area 


SWADII Southwest Asia Defense Information Infrastructure 

SWAL Shallow-Water Attack Craft, Light 

SWAM Shallow-Water Attack Craft, Medium 

SWAT SOCRATES WS/LAN Analysis Testbed 

SWB Southwest Border 

SWC (1) Special Warfare Center (U.S. Army); (2) Special Warfare 


Craft; (3) Strategic Warfare Center; (4) Strategic Warning Cen- 
ter; (5) Space Warfare Center 


S&WC Surveillance and Warning Center/Control 
SWCL Special Warfare Craft, Light 
SWCM Special Warfare Craft, Medium 
SWCS Special Warfare Center and School 
SWE Sweden 
SWHQ Static War Headquarters 
SWI Special Weather Intelligence 
SWIR Short Wave Infrared 
SWIRTERCAT SWIR Terrain Categorization 
SWIS Survivable Wartime Intelligence System 
SWO (1) Special Weapons Officer; (2) Staff Weather Officer; 
(3) Senior Watch Officer 
SWORD Submarine Warfare Operations Research Department 
SWP Standing Warning Program 
SWPS Space & Weapons Systems SIGINT Working Group 
SWR Southwest Region 
SWRS Slow-Walker Reporting System 
SWSC Space Warning Systems Center 
SWTMO SW Theater of Military Operations 
SYBASE A Collection Requirements Database 
SYDET Sympathetic Detonator 
SYDP Six-Year Defense Plan 
SYG Secretary General 
SYNCOM Synchronous Communications Satellite 
SYRACUSE Systeme de Radio Communication Utilisant un Satellite 
SYRUP System Resource Utilization Package 
SYS System(s) 
SYSADM System Administrator 
SYSADMIN Systems Administration Technical Assistant 
SYSCON Systems Control 
SYSOPR System Operator 
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T&A 
TAA 


TAACOM 
TAB 
TABNR 
TABS 
TAC 


TACAC-D 
TACAIR 
TACAMO 


TACAN 
TACAWS 
TACC 


TACC(A) 
TACCIMS 


TACCP 
TACCS 


TACCSIMS 


TACCS-K 
TACCTA 
TAC-D 
TACE 


TACELINT 
TACFAST 
TACHIRE 

TACIES 
TACINTEL 

TACIT RAINBOW 
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(1) Tank; (2) Training; (3) Transmitter 
1.54 Megabits per Second Throughput 
Technology Transfer 

44.3 Megabits per Second Throughput 


(1) Traffic Analysis; (2) Tank Army; (3) Terrain Avoidance; 
(4) Theater Army; (5) Target Acquisition; (6) Target Analysis 


Transcription and Analysis 


(1) Tactical Air Army (FSU); (2) Total Army Analysis; 
(3) Tactical Assembly Area; (4) Theatre Army Area 


Theater Army Area Command 

(1) Target Acquisition Battery; (2) Theatre Air Base 
Table Number 

Threat Assement Briefing System 


(1) Tactical Air Command; (2) Terrain Analysis Center (U.S. 
Army); (3) Tactical Access Controller; (4) Tri-Service Tactical 
Digital Communication System; (5) Technology Assessment 
Center; (6) Terminal Access Control; (7) Tactical Command Post 


Technical Control and Analysis Center-Division 
Tactical Air 


(1) U.S. Air Relay Communication System; 
(2) Take Charge and Move Out 


Ultrahigh-Frequency Tactical Air Navigation 
The Army Combined Arms Weapons System 


(1) Tactical Air Control Center; (2) Tanker Airlift Control Cen- 
ter; (3) Theater Army Communications Command 


Tactical Air Control Center (A float) 


(1) Theater Army Command and Control Information Manage- 
ment System; (2) Tactical Command and Control Information 
Management System 


Tactical Command Post 


(1) Tactical Airborne Command and Control and Surveillance; 
(2) Tactical Air Control Center System 


Theater Area Command and Control Information 
Management System 


Tactical Automated Command and Control Systems-Korea 
Tactical Commander's Terrain Analysis 
Tactical Deception 


(1) Technical Analysis Cost Estimate; 
(2) Tactical Air Coordination Element 


Tactical Electronic Intelligence (Report) 
Tactical Forward Analysis Support Terminal 
Tactical Artillery Fire Control 

Tactical Imagery Exploitation System 
Tactical Intelligence 

Anti-Radiation Missile 
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TACM 
TACO 
TACO-2 
TACOMM 
TACOMSIM 
TACON 
TACOPS 
TACP 
TACRECCE 
TACREP 
TACRON 
TACS 


TACS/TADS 
TACSAM 
TACSAT 
TACSATCOM 
TACSIM 
TACTAS 
TACTASS 
TACTED 
TACTEL 
TACTERM 
TACW 
TACWINGSLANT 
TAD 

TADIL 
TADIL-J 
TADIX-B 
TADIXS 
TADIXS-B 
TADS 


TADSS 
TADMS 
TAE 
TAF 
TAFIC 
TAFIES 
TAFIIS 
TAFLC 
TAFSM 
TAG 


TAGS 
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Tactical Amphibious Collection Management 
Tactical Command Post 

Tactical Communications-Two 
Tactical Communications 

Tactical Communications Simulator 
Tactical Control 

Tactical Air Combat Operations Staff 
Tactical Air Control Party 

Tactical Reconnaissance 

Tactical Report 

Tactical Air Control Squadron 


(1) Tactical Air Control System; (2) Technology Acquisition 
Coordination Subcommittee; (3) Theater Air Control System 


Tactical Air Control System/Tacticai Air Defense System 
Tactical Surface-to- Air Missile 

Tactical Satellite 

Tactical Satellite Communications 

Tactical Simulation (Simulator) 

Tactical Towed Array System (U.S. Surface Warship) 
Tactical Towed-Array Surveillance System (USN) 
Tactical Trunk Encryption Device 

Tactical Telecommunications 

Tactical Terminal 

Tactical Air Control Wing 

Tactical Wings Atlantic 

(1) Temporary Additional Duty; (2) Theater Air Defense 
Tactical Data Information Link 

Tactical Digital Interface Link-Joint 

Tactical Data Exchange System-B 

Tactical Data Information Exchange Subsystem 

Tactical Data Information Exchange System Broadcast 


(1) Tactical Air Defense System; 
(2) Target Acquisition and Designation System 


Training Aids, Devices, Simulations and Simulators 

TRS ASARS-2 Data Manipulation System 

Transportable Applications Executive 

Tactical Air Forces 

Tactical Air Forces Intelligence Center 

Tactical Air Force Intelligence Exploitation System 
Tactical Air Forces Integrated Information System 

Tactical Air Force Limited Operational Capabilities Europe 
Tactical Fire Support Model 


(1) Target Actions Group; (2) The Adjutant General; 
(3) Theater Army Group; (4) Target Aimpoint Graphic; 
(5) TEMPEST Advisory Group 


Theater Air Ground System 
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TAH 
TAI 
TAISS 
TALM 
TALO 
TALON 
TAOS 
TALP 
TAMPS 


TANGO 
TAO 
TAOC 
TAOR 
TAP 
TAPA 
TAPCOMP 
TAPS 
TAR 
TARBUL 
TARDEV 
TARE 
TAREX 
TARM 
TARPS 
TARRRS 
TARS 
TAS 


TASE 
TASES 
TASM 
TASMO 
TASO 
TASOC 
TASOSC 
TASS 


TAT 


TATERS 
TAV 
TAVR 
TAW 
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Tactical Aviation Headquarters 

Target Areas of Interest 

Telecommunication and Automated Information Systems Security 
Tactical Air-Launched Missile 

Tactical Airlift Liaison Officer 

Theater Applicatiaon-Launch on Notice 

Thrust-Assisted Orbiter System 

Total Army Linguist Program 


(1) Threat Avoidance Mission Planning System; 
(2) Tactical Aircraft Mission Planning System 


Tactical Air, Naval, Ground Operations 

Tactical Air Operations 

Tactical Air Operations Center 

Tactical Area of Responsibility 

(1) Terrain Analysis Program; (2) Theater Analysis and Planning 
Target Analysis Pacific Area 

Targeting and Analysis Program Computers 

Technical Analysis Processing System 

Terrain Avoidance Radar 

Target Bulletin 

Target Development 

Telegraph Automation Relay Equipment 

Target Exploitation 

Tactical Antiradiation Missile 

Tactical Air Reconnaissance Pod System (USN) 
Tactical Air Reconnaissance Results Reporting System 
Tactical Air Reconnaissance System 


(1) Tactical Airlift Squadron; (2) Traffic Analysis Survey; 
(3) Terminal Access System; (4) True Air Speed; (5) Timeline 
Analysis System; (6) Temporal Analysis System 


Tactical Air Support Element 

Tactical Airborne Signals Exploitation System 
Tactical Air-to-Surface Missile 

Tactical Air Support of Maritime Operations 
Terminal Area Security Officer 

Theater Army Special Operations Command 

Theater Army Special Operations Support Command 


(1) Towed Array Surveillance System; (2) Official News Agency 
of the FSU; (3) Tactical Air Support Squadron; (4) Tactical 
Automatic Switching System 


(1) Terrorist Action Team; (2) Tactical Analysis Team; 
(3) Target Area Tactics 


TROJAN Air Transportable Electronic Reconnaissance System 
(1) Total Asset Visibility; (2) Trans-Atmospheric Vehicle 
Territorial and Army Volunteer Reserve 

Tactical Airlift Wing 
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TAWC 
TAWDS 
TAXIS-A 
TB 

TBA 
TBD 
TBM 


TBP 
TC 
TC3 
TCA 


TCAC 
TCAC-C 
TCAC PIP 
TCAE 


TCAE C/D/B 
TC-AIMS II 


TCB 
TCC 
TCCC 
TCCE/CA 
TCCS 
TCD 
TCICA 
TCIM 
TCJ2 
TCM 
TCMS 
TCO 


TCOS 
TCP 


TCP/IP 
TCR 
TCS 
TCSEC 
TCT 


TCU 
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Tactical Air Warfare Center 

Transportable Automated Weather Distribution System 
Tactical Data Information Exchange Subsystem A 

(1) Tank Battalion; (2) Tuberculosis 

To Be Announced 

To Be Determined 


(1) Tactical Ballistic Missile; (2) Theater Battle Management; 
(3) Theater Ballistic Missile 


To be published 
(1) Tank Company; (2) Transportation Corps; (3) Transport Cradles 
Theater Command, Control, and Communications 


(1) Theater Collection Assets; 
(2) Theater Communications Architecture; 
(3) Tactical Communication Augmentation 


Technical Control and Analysis Center 
Technical Control and Analysis Center - Corps 
Technical Control and Analysis Center-Product 


(1) Technical Control and Analysis Element; 
(2) Tactical Control and Analysis Element 


Technical Control and Analysis Element Corps/Division/Brigade 


Transportation Coordinator Automated Information For Move- 
ments Systems II 


Trusted Computing Base 

(1) Telecommunications Center; (2) Tactical Command Center 
Theater Communications Control Center 

Theater Contingency Communications Equipment, Central Area 
Theater Command and Control System 

Time Compliance Data 

Theater Counterintelligence Coordinating Authority 

Tactical Communications Interface Module 

TRANSCOM J2 

Tactical Cruise Missile 

Tactical Communications Management System 


(1) Test Control Officer; (2) Telecommunications Control 
Officer; (3) Telecommunications Contracting Office 


Tactical Combat Operations System 


(1) Technological Coordinating Paper; (2) Tactical 
Cryptologic Program; (3) Transmission Control Protocol; 
(4) Traditional CINC Programs 


Transmission Control Protocol/Internet Protocol 
Time Critical Requirements 

(1) Tactical Computer System; (2) Test/Crisis Service 
DOD Trusted Computer System Evaluation Criteria 


(1) Tactical Commanders Terminal; 
(2) Tactical Computer Terminal(s) 


Tactical Computer Unit 
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TECCE 
TECH 
TECHELINT 
TECHINT 
TECHLIB 
TECHSUM 
TECRAS 
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(1) Tank Destroyer; (2) Tank Division; (3) Time Dominant 
(imagery); (4) Tactical Deception; (5) Training Detachment; 
(6) Target Designator; (7) Transfer Device 


(1) Table of Distribution and Allowances; 
(2) Target Damage Assessment; (3) Tactical Decision Aids 


Training Development and Analysis Directorate 
Tactical Defense Alert Radar 


(1) Tactical Digital Computer; 
(2) Theater Deployable Communications 


Target DBZ Designator 
Tactical Defense Dissemination Program 


(1) Tactical Defense/Data Dissemination System; 
(2) TRAP Data Dissemination System 


Theater Document Exploitation System 
(1) Tactical Data Facsimile; (2) Tactical Digital Facsimile 
Time Delay Firing Device 


(1) Target Data Inventory; (2) Target Data Inventory; 
(3) ETIBS Datalink Interface 


Time Division Multiplex 
Time Division Multiple Access 
Time Difference of Arrival 


(1) Threat Display & Projection; (2) Tactical Display Program- 
mer; (3) Tactical Data Processor 


Tracking and Data Relay Satellite System 


(1) Target Data Sheet; (2) Training Device System; 
(3) Target Development System 


Theater Display Support System 

Tactical Data Terminal 

Temporary Duty 

(1) Tactical Exploitation; (2) Table of Equipment 
Test & Evaluation 

Tactical Exploitation Assessment 

Trend and Error Analysis Methodology System 
Time, Elevation, Azimuth, Range, Range Rate 
Tactical Exploitation Battalion 

Topographic Engineering Center 

Tactical Exploitation Collection and Coordination Element 
Technical 

Technical ELINT 

Technical Intelligence 

Technical Library 

Technical Summary 

Technical Reconnaissance and Surveillance 
Trunk Encryption Device 

Technical ELINT Data Base 

Tactical Expendable Drone System 

Tactical Exploitation Group (JSIPS) 
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TEK 

TEL 
TELAR 
TELCON 
TELECOM 
TELEFAC 
TELINT 
TELNET 
TEMP 
TEMPEST 


TENCAP 
TEOC 
TEP 


TEPP 
TERCAT 
TERCOM 
TEREC 


TERPES 


TERS 


TES 
TESAR 
TESS 
TET 
TEWS 
TEXAS 
TF 
TFAS 
TFC 
TFCICA 
TFCC 
TFJ2 
TFM 
TFR 
TFS 


TFT 
TF/TA 
TFU 
TFW 
TFWC 
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Traffic Encryption Key 
Transporter-Erector-Launcher 
Transporter-Erector-Launcher and Radar 
Telephone Conversation 

Telecommunications 

Telecommunications Facilities Vulnerability Study 
Telemetry Intelligence 

Telecommunications Network 

Test and Evaluation Master Plan 


(1) Unclassified Name for Compromising Emanations; 
(2) Compromising Electronic Emission Control Program; 
(3) Transient Electromagnetic Pulse Emanations 


Tactical Exploitation of National Capabilities 
Technical Objective Camera 


(1) Tactical ELINT Processor; 
(2) TEMPEST Endorsement Program 


Tomahawk Employment Planning Package 
Terrain Categorization 
Terrain Contour Matching 


(1) Tactical Electronic Reconnaissance; 
(2) Tactical ELINT Receiver 


Tactical Electronic Reconnaissance Processing and Evaluation 
System 


(1) Tactical Electronic Reconnaissance System; 
(2) Tactical ELINT Reporting System; 
(3) Tactical Event Reporting System 


(1) Tactical Electronic Squadron; (2) Tactical Event System 
Tactical Endurance Synthetic Aperture Radar 
Tactical Engagement Simulation System 
Transportable Electronic Tower 

Tactical Electronic Warfare System 

Tactical Exchange Automation System 

(1) Task Force; (2) Transaction Format 

Task Force Able Sentry 

Tactical Fusion Center 

Task Force CI Coordinating Authority 
Tactical Flag Command Center 

Task Force Director of Intelligence 

Trusted Facility Manual 

Terrain Following Radar 


(1) Tactical Fighter Squadron; (2) Terrain and Feature Server; 
(3) Traffic Flow Security 


(1) Tri-Band Field Terminal; (2) Tactical Facsimile Terminal 
Terrian Following/Terrain Avoidance 

Tactical Forecast Unit 

Tactical Fighter Wing 

Tactical Fighter Weapons Center 
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TG 

T&G 

TGA 

TGCF 

TGIF 

TGPF 

TGS 

TGT 

TGTINT 
TGTINFOREP 
TGW 
THAAD 
THAAD/GBR 
THEC 

THMT 
THREATCON 
THz 

TI 


TI/TTR 
TIA 
TIAP 
TIAPCO 
TIARA 
TIARRA 
TIAS 
TIB 
TIBS 
TIC 
TICANA 
TICC 
TICON 
TID 
TIDL 
TIDY 
TIEC 
TIES 
TIF(S) 
TIFA 
TIFF 
TIG 
TIHB 
TUF 
TIIMS 
TILO 
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(1) Task Group; (2) Training Group 

Tracking and Guidance 

Target Analysis 

Tactical Ground Control Facility 

Transportable/Tactical Ground Intercept Facility 
Transportable Ground Processing Facility 

(1) Transportable Ground Station; (2) Turkish General Staff 
Target 

Targeting Intelligence 

Target Information Report 

Terminal-Guidance Warhead 

Theater High-Altitude Area Defense 

Theater High-Altitude Area Defense/Ground Based Radar 
Theater HUMINT Exploitation Center 

Tactical High Mobility Terminal 

JCS Terrorist Threat Condition 

Terahertz 


(1) Technical Intelligence (TECHINT); 
(2) Target Intelligence; (3) Transition Increment 


Target Illumination/Target Tracking Radar 
Target Implications Annex 

Theater Intelligence Architecture Program 
TIAP Communications Overlay 

Tactical Intelligence and Related Activities 
Target Identification And Recognition Radar 
Target Identification & Acquisition System 
Target Intelligence Branch 

Tactical Information Broadcast System 


(1) Theater Intelligence Center; (2) Technical Information Center 


Tactical Imagery Communications and Network Alternatives 
Tactical Information Communications Center 
Tight Control 

Theater Intelligence Digest 

Tactical Imagery Data Link 

Teletype Integrated Display System 

Theater Imagery Exploitation Capability 

Tactical Information Exchange System 

Theater Interrogation Facility(ies) 

Theater Intelligence Fusion Architecture 

Tagged Image File Format 

Tactical Intelligence Group 

Target Intelligence Handbook 

Tactical Imagery Interpretation Facility 

Text and Image Information Management System 
Transportation Intelligence Liaison Officer 
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TIM 
TIM-DIS 
TIMS 


TIO 
TIP 


TIPE 
TIPI 

TIPP 
TIPS 


TIR 
TIROS 
TIROS-N 
TIRS 
TIRSAG 


TIRSS 
TIS 


TISD 
TISEO 
TISL 
TISO 
TISP 
TISS 
TITF 
TIU 
TJS 
TK 
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Target Intelligence Material 
Time & Distance 


(1) Tactical Information Management System; 
(2) TFCC Information Management System 


Target Intelligence Officer 


(1) Target Intelligence Package; (2) Theater Intelligence Plan; 
(3) Tracking and Impact Prediction; (4) Tactical Imagery Pro- 
gram 


Tactical Intelligence Product Enhancement 
Tactical Information Processing and Interpretation System 
Target Intelligence Production Plan 


(1) Terrorist Incident Profile System; (2) Tactical Intelligence 
Processing System; (3) Target Intelligence Packages 


Terminal Imaging Radar 

Television Infrared Observation Satellite 
Television Infrared Observation Satellite-National 
Thermal Infrared Scanner 


Tactical Intelligence, Reconnaissance, Surveillance Action 
Group 


Theater Intelligence, Reconnaissance & Surveillance Study 


(1) Tactical Intelligence Squadron; (2) Thermal Imaging Sight; 
(3) Tactical Input Segment 


Tactical (Air Forces) Integrated Situation Display 

Target Identification System, Electro-Optical 

Target Identification System, Laser 

Theater Intelligence Support Officer 

Transition Implementation Support Plan 

Tactical Intelligence Support Staff 

Theater Intelligence Training Facility 

ETIBS Interface Unit 

Tactical Jamming System 

Talent-Keyhole 

Tank 

Tanker 

Tomahawk Land Attack Missile 

Transporter-Launcher and Radar 

(1) Telecommunication Link Controller; (2) Teleconferencing 
(1) TACINTEL Link Control Facility; (2) Teleconferencing 
Target Location Error 

Top-Level Specification 

TACAMO Logistics Support Team 


(1) Tactical Missile; (2) Threat Manager; (3) Target Material; 
(4) Landsat Thematic Mapper; (5) Technical Manual; (6) Team 
Materials; (7) Team 


Theater of Military Action 
Technical Management Board 
Tactical Target Materials Change Notice 
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(1) Theater Missile Defense; (2) Tactical Map Depot 
Test Measurement and Diagnostic Equipment 
Theater Missile Defense/Ground-Based Radar 
Transportable Medium Earth Terminal 

Theater METOC Forecasting Unit 

Trojan Mobile Remote Receiver System 


(1) Technical Management Office; 
(2) Theater of Military Operations 


Training Management Plan 

Theater Mission Planning Center 

Target Materials Producers Group 

Target Materials Program Office 

Theater Mission Planning System 
Terrain-Masked Radar Graphics 

Tactical Meteorological Satellite Receiver 
Target Materials Squadron 

Target Marking Technologies 

Target Materials Users Group 

Target Materials Working Group 

Target Materials Workstation 

Tactical Network Analysis and Planning System Plus 
Teletraining Network 

Theater Nuclear Forces 

Training 

Trusted Network Interpretation 

Trusted Network Interpretation Environment Guideline 
Tanker 

Target Nomination List 

Tunnel Neutralization Team 

Theater Nuclear Option 

Take Off 

Tables of Organization and Equipment 


(1) Total Obligational Authority; (2) Time of Arrival; 
(3) Transportation Operation Agency; (4) Time of Attack; 
(5) Transfer of Authority; (6) Table of Organic Allowance 


(1) Tactical Operations Center; 
(2) Theater of Operations Command 


(1) Table of Organization and Equipment; (2) Time of Entry 
Time of Flight 

Tactical Operations Planner for Collection, Analysis, and Tasking 
Theater Operational Intelligence System 

Topographic 

Tactical Operations Support 


(1) Terms of Reference; (2) Tactical Operations Room; 
(3) Tentative Operational Requirement; (4) Time of Receipt 


Torpedo 
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TORPCM 
TOS 
TOSP 
TOSS 


TOT 
TOVS 
TOW 
T/P 
TPA 
TPAS 
TPC 


TPCS 
TPEP 


TPF 
TPFD 
TPFDD 
TPFD(L) 
TPI 

TPL 
TPN 
TPP 

TPS 


TPSD 


TPU 

TPV 

TQL 

TQM 

TR 

TR 

TRA 

TRAC 
TRADOC 
TRAINS 
TRAM 
TRANSCOM 
TRANSEC 
TRANSIT 
TRANSNAT 
TRAP 
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Torpedo Countermeasures & Deception 
(1) Tactical Ocean Surveillance; (2) Theater Operating System 
Tailored Ocean Surveillance Product 


(1) Tactical Operations Support System; 
(2) Technical Oriented Support System 


(1) Time over Target; (2) Time of Transmission 

TIROS Operational Vertical Sounder 

Tube-Launched Optically-Tracked Wire-Guided Missile 
Terminal/Printer 

Theater Production Assets 

Target Planning and Scheduling 


(1) Tactical Pilotage Chart; (2) Tempest Personal Computer; 
(3) Two-Person Control 


Team Portable COMINT System 


(1) TEREC Portable Exploitation Processor; 
(2) Trusted Products Evaluation Program 


Topographic Production Facility 
Time-Phased Force Deployment 
Time-Phased Force Deployment Data 
Time-Phased Force Deployment (List) 
Two-Person Integrity 

Time-Phased Line 

Tactical Packet Network 

Thermal Powerplant 


(1) Thermal Protection System; 
(2) Telecommunications Prioritization System 


(1) Theater Planning Support Division (J-5); 
(2) Theater Planning Support Document 


Troop Programs Units 

Terrain Perspective Viewing 

Total Quality Leadership 

Total Quality Management 

Transmit-Receive 

(1) Tank Regiment; (2) Transportation Request 
Temporary Restricted Areas 

(1) Tactical Radar Correlator; (2) TRADOC Analysis Center 
U.S. Army Training and Doctrine Command 
Interactive Video Teletraining System 

Target Recognition and Attack-Multisensor 
Transportation Command 

Transmission Security 

Navy Navigation Satellite System 
Transnational 


(1) Threat Research and Analysis Program; (2) TRE and Related 
Applications; (3) Terrorist Research and Analysis Project; 
(4) Tactical Related Applications 


TRAP-Improved 
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TRAPS 
TRB 
TRDL 
TRE 
TRED 
TREDS 


TREE 

TRF 
TRICOMS 
TRI-MEF 
TRI-MEFO 
TRITAC 
TRI-TAC 


TRIES 
TRIGS 
TRIMSS 
TRITAF 
TRIX(S) 
TRL 
TRML 
TRN 
TROFA 
TROJAN 
TROJAN SPIRIT 


TROKA 
TROPO 
TROSCOM 
TRP 

Trp 

TRRIP 


TRS 


TRSS 
TRT 
TRUS 
TRV 
TRW 
TS 


TSAR 
TSART 
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TRE & Related Applications 
Technical Review Board 

Tactical Reconnaissance Data Link 
Tactical Receive Equipment 
Tactical Receive Equipment Display 


(1) Tactical Reconnaissance Exploitation Demonstration Sys- 
tem; (2) Tactical Receive Equipment (TRE) Display System 


Transient Radiation Effects on Electronics 
Topographic Readiness Facility 

Triad Computer System 

Tri-Marine Expeditionary Force 

Tri-Marine Expeditionary Force Order 
Tri-Service Tactical Communications System 


(1) U.S. Joint Tactical Communications Program; 
(2) Tri-Service Tactical Communications 


Tactical Radar Imagery Exploitation System 

TR-1 Ground Station 

TRANSCOM Imagery Management Support System 
Tactical Air Forces of TAC, USAFE and PACAF 
Tactical Reconnaissance Intelligence Exchange System 
Target Recommendation List 

USAFE Target Reference Material List 

(1) Target Reference Number; (2) Target Reference Point 
Temporary Remote Operating Facility, Airborne (NSA) 
Name of Technical Training System 


TROJAN Special Purpose Integrated Remote Intelligence Termi- 
nal 


Third ROK Army 

Tropospheric Scatter Radio 

United States Army Troop Support Command 

(1) Target Reporting Parameters; (2) Theater Response Package 
Troops 


(1) Theater Rapid Response Intelligence Package; 
(2) Tactical Rapid Reaction Intelligence 


(1) Tactical Reconnaissance Squadron; (2) Tactical Reconnais- 
sance System; (3) Trunked Radio System; 
(4) Telecommunications Service Request 


Tactical Remote Sensor System 
TEREC Remote Terminal 
Tilting Wing/Rotor UAV System 
Tank Recovery Vehicle 

Tactical Reconnaissance Wing 


(1) Top Secret; (2) Transaction Services; 
(3) Target Spotting; (3) TROJAN SPIRIT 


Transmission Security Analysis Report 
Test Support and Analysis Report Terminal 
PSYOP Tactical Support Battalion 
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TSC (1) Tactical Support Center; (2) Top Secret Control; 
(3) Technical Support Center; (4) Tactical Support Company; 
(5) TROJAN Switching Center; (6) Training Support Center 


TSC2 Tactical/Strategic Command & Control 

TSCA Time-Sensitive Collection Actions 

TSCE Time-Sensitive Collection Emphasis 

TSCIF Tactical/Temporary Sensitive Compartmented 
Information Facility 

TSCIXS Tactical Support Center Information Exchange System 

TSCM Technical Surveillance Countermeasures 

TSCO Top Secret Control Officer 

TSCR Time-Sensitive Collection Requirement 

TSCS Transportable Satellite Communications System 

TS/SCI Top Secret/Sensitive Compartmented Information 

TSCSI Temporary Surface Cryptologic Support Installation 

TSCW Top Secret Codeword 

TSDS Tactical SIGINT Data Support 

TSE Target Support Element 

TSEC Telecommuncations Security 

TSF Technical Support Facility 

TSG Threat Steering Group 

TSIT Technical Service Intelligence Team 

TSK Transmission Security Key 

TSM Threat Spectrum Model 

TSMA Theater of Strategic/Military Action 

TSOC Theater Support Operations Cell 

TSOR Technical Standards of Readiness 

TSP (1) Transshipment Point; (2) Training Support Base; 
(3) Tactical Sensor Planner 

TSR (1) Time-Sensitive Requirement; (2) Telecommunications 
Support Request; (3) Trans-Siberian Railroad 

TSRS Tactical Support Reconnaissance System 

TSS (1) Telecommunications Security System; 


(2) Time-Sharing System; (3) Target Summary Sheets; 
(4) Target Selection Standards 


TSSAM Tri-Service Standoff Attack Missile 
TSSR Tropo Satellite Support Radio 
TSSS (TS3) (1) Tactical Simulator Study Support; 
(2) Time-Sensitive Support System 
TSSTM Tactical SIGINT Systems Training Module 
TST (1) Tactical Surveillance Technology; (2) Theater Support Team; 
(3) Tactical Support Team 
T-STAR TRANSCOM Situation Transportation Analysis Review 
TS/TM Target Support/Target Materials 
TSWA Temporary Secure Working Area 
TSWG Technical Support Working Group Of IG/T 
TT (1) Technology Transfer; (2) Target Track 
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Telemetry Tracking and Command 
Technology Transfer Analysis Center 
Tactical Terrain Analysis Data Base 
Telemetry Technical Analysis Position 
Threshold Test Ban Treaty 


(1) Transportation Terminal Command; 
(2) Tactical Telephone Central 


Tactical Terrain Data 

Technical Training Group 

Tactical Target Illustration 

Technology Transfer Intelligence Committee 
Tactical Target Materials 

Tactical Target Materials Catalogue 

Tactical Target Materials Program 

Tactical Target Material Production Document 
Tactics, Techniques, and Procedures 

Trust Territory of the Pacific Islands 

Target Tracking Radar 

Theater Tactical Selection Board 

(1) Transportation Terminal Unit; (2) Tape Transport Unit 
(1) Teletypewriter; (2) Teletype 

Task Unit 

Teletype User Display Equipment 

Time Urgent Hard Target Kill Potential 

Third U.S. Army 

Tactical User's Terminal 

Task Unit Van 

(1) Television; (2) Theater of War (FSU); (3) Target Vulnerability 
Target Value Analysis 

Theater of Military Operations (FSU) 

Tactical Video Imagery Transmission System 
TACCIMS VTC Support System 

Targeting and Weaponeering 

Tactical Warning/Attack Assessment 

Tactical Weather Analysis Center 


(1) Tomahawk Weapon Control System; 
(2) Tactical Warfare Control System 


(1) Threat Working Group; (2) Technology Working Group 
Training With Industry 

Two-Way Radio Link 

Topographic Workstation/Imagery Processing System 
Traveling Wave Tube 

Traveling Wave Tube Amplifier 

Tactical Message Central 

(1) Technology Exploitation; (2) Transmission 
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Unclassified 


(1) Designator for a Military Reconnaissance Aircraft; 
(2) AF Reconnaissance Aircraft 


User Agent 

nified Action Armed Forces 

nited Arab Emirates 
nderwater-to-Air-Missile 

SIS Architecture Migration Plan 

niversal Aerial Refueling Receptical 

NIX Advanced Tracking Prototype 

nmanned Aerial Vehicle 

nmanned Aerial Vehicle-Close Range 
nmanned Aerial Vehicle-Endurance 

nmanned Aerial Vehicle-e HUNTER 

nmanned Aerial Vehicle Joint Program Office 
nmanned Aerial Vehicle-Maneuver 

nmanned Aerial Vehicle-Short Range 
nderwater Breathing Apparatus 

nassigned Bit Rate 

nder Construction 

SIS Customer Advisory Board 
LTRA-Compact Camera 

niversal Communications Gateway 

SAFE Command Intelligence Brief 
SAREUR Combat Intelligence Readiness Facility 
niform Code of Military Justice 

nified Command Plan 

eputy USCINCSPACE 

conomic and Customs Union of Central Africa 


Oe ee ee ee cu uuccuudcdcecc duco dcoc.dco.c-co 


ies) 


nited Democratic Front 
SAREUR Daily Intelligence Report 
nderwater Demolition Team 


nit Equipment 

nion of Central African States 

SAREUR Exploitation Center 

1) Unidentified Flying Object; (2) UHF Follow-On Satellites 
nfunded Requirements 


exe G G ee 


— 


nderwater Guided Missile 
nattended Ground Sensors 


c cic 


ltra High Frequency 
(1) Unidentified; (2) Unit of Issue 
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NCIVPOL 
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(1) USAREUR Interrogation Center; 
(2) Unit Identification Code 


USAREUR Imagery Exploitation System 

ser Interface Requirements 

nique Interswitch Rekeying Key 

ser Interface System 

niversal Joint Task List 

nited Kingdom 

nited Kingdom Air Defense Ground Environment 
nited Kingdom Air Defense Ground Environment 
nited Kingdom Air Forces 

nited Kingdom Land Forces 

nknown 

nit Local Area Network 

niversal Location Area Network Architecture 

Itra Large Crude Carrier 

nit-Level Circuit Switch 

ltra Low Frequency 

SAREUR Liaison Office 

nmanned Launch Vehicle 

nit Manning Document 

nconventional Military Forces (NATO) 

SAREUR Modernized Imagery Exploitation System 
nconventional Military Operations 

nintentional Modulation on Pulse 

nited Nations 

nified Action Armed Forces 

nited Nations Assistance Mission for Rwanda 
nited Nations Angola Verification Mission 

nited Nations Command 

nited Nations Civilian Police 

nclassified 

nder Secretary 

nited Nations Department of Humanitarian Affairs 
nited Nations Disaster Management Team 

nited Nations Disengagement Observer Force 
nited Nations Development Program 

nited Nations Emergency Forces 

nited Nations Educational, Scientific & Cultural Organization 
nited Nations Peacekeeping Force in Cyprus 
nited Nations General Assembly 

nited Nations High Commissioner for Refugees 
nited Nations Headquarters 

nited Nations Childrens' Fund 

nited Nations Interim Force in Lebanon 
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U 
U 
U 
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U 
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NOSOM 
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nited Nations Iraq-Kuwait Observer Mission 


National Union for the Total Independence of Angola 


nified Task Force 
nited International Antisubmarine Warfare Exercise 


(Joint U.S.-Latin American Naval Exercise) 


nit Report 
nit Situation Report 


Orginally UNICS, for Uniplex Information and 


omputing System 

nited Nations Mission in Haiti 

nited Nations Military Observers 

nited Nations Military Observer Group in India and Pakistan 
nited Nations Mission in Georgia 

nited Nations Observer Mission in Liberia 

nited Nations Mission for Uganda-Rwanda 

nited Nations Operations in Somalia 


nited Nations Military Staff Committee 
nless Otherwise Directed 

nited Nations Protection Force 

N Peace Plan 

nsatisfactory 

nited Nations Security Council 

nited Nations Truce Supervision Organization 
niversal Query Language 

nited Nations Refugee Fund 

nited Nations Relief & Works Agency 
sing Organization 


nited Press International 
ser Partnership Program 


(1) Uninterruptible Power Supply; 
(2) Universal Polar Stereographic 


Reconnaissance Aircraft (U.S. Air Force) 


Couch c uuu um 


~ 


OG G G 


rban Area Boundary File 

rban Population File 

ser Requirements Document 

nderway Replenishment Group 

ser Readout Simulator 

nited States 

nified and Specified (Archaic, now Unified) Commands 
.S. Military Liaison Office 

SEUCOM/ACE Interface Architecture 


1) U.S. Army; (2) United States of America 


nited States Army Advanced Ballistic Missile Defense Agency 
.S. Army Air Defense Artillery School 


.S. Army Civil Affairs and Psychological Operations 
ommand 
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SACE 
SACID 
SACSLA 
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SAEIS 
SAF 
SAFE 
SAFE/CC 
SAFINTEL 
SAFISA 
SAFJ 
SAFK 
SAFLANT 
SAFR 
SAFRED 
SAFSO 
SAFSOC 
SAFSOS 
SAFSS 
SAFTAC 


SAFWTC 
SAIA 
SAICE 
SAIC 
SAICS 
SAID 
SAIIA 
SAINSCOM 
SAISC 
SAISD 
SAITAC 
SAITFG 
SAJFKWCS 
SAKA 
SAOG 
SAR 
SARAK 
SARC 
SARCENT 
SARCO 
SAREUR 
SARJ 
SARLANT 
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.S. Army Communications Command 

.S. Army Corps of Engineers 

.S. Army Criminal Investigative Division Command 
nited States Army Communications Security Logistics Agency 
.S. Atlantic Command 

nited States Army Electronic Intelligence & Security 
.S. Air Force 

.S. Air Forces, Europe 

ommander, U.S. Air Forces Europe 

nited States Air Force Intelligence 

.S. Army Force Integration Support Agency 

. Air Forces, Japan 

. Air Forces, Korea 

. Air Force, Atlantic 

. Air Force Reserve 

. Air Force Readiness Command 

. Air Force Southern Command 


. Air Force Special Operations Command 
.S. Air Force Special Operations School 
nited States Air Force Security Service 


(1) U.S. Air Force Technical Applications Center; 
(2) U.S. Air Force Tactical Air Command 


.S. Air Force Weapons and Tactics Center 

.S. Army Intelligence Agency 

.S. Army Intelligence Center, Europe 

.S. Army Intelligence Center 

.S. Army Intelligence Center and School 

.S. Agency for International Development 

nited States Army Imagery Interpretation Agency 
.S. Army Intelligence and Security Command 

.S. Army Information Systems Command 

.S. Intelligence School, Fort Devens 

.S. Army Intelligence Threat Analysis Center 
nited States Army Intelligence Threats & Forecasts Group 
.S. Army John F. Kennedy Special Warfare Center and School 
. Army Kwajalein Atoll 

. Army Operational Group 

Army Reserve 

. Army Alaska 

. Army Reserve Command 

. Army Forces, Central Command 

. Army Commercial Communications Office 

. Army, Europe 

. Army, Japan 


. Army, Atlantic 
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SASATCOMA 
SASATEC 
SASEXC 
SASFC 
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SASOC 
SASOF 
SASOSC 
SASSDC 
SASSG 
SATAC 
SATACOM 
SATC 

SATEC 
SATSC 

SB 

SC 

SCENTAF 
SCENTCOM 
SCG 

SCG INT 
SCGNET 
SCINCACOM 
SCINCARRED 


SCINCCENT 
SCINCEUR 
SCINCFOR 
SCINCLANT 
SCINCMEAFSA 


SCINCPAC 
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.S. Army, Pacific 
1) U.S. Army, South; (2) U.S. Army Forces, South 
.S. Army Reserve, Special Operations Command 


~ 


.S. Army Space Command 
.S. Army Space Command 
S Army Security Assistance Agency Latin America 


nited States Army Security Agency Combat 
evelopment Activity 


Ci UO GE CG : 


nited States Army Security Agency Command Data 
ystems Activity 


n 


nited States Army Security Agency, Europe 

nited States Army Security Agency, Pacific 

nited States Army Security Agency Systems Activity 

nited States Army Security Agency Signal Security Activity 
nited States Army Satellite Communications Agency 

nited States Army Security Agency Test & Evaluation Center 
nited States Army Services Exploitation Center 

.S. Army Special Forces Command 

. Army School of the Americas 

. Army, Special Operations Command 

. Army, Special Operations Forces 

. Army Special Operations Support Command 

. Army Space and Strategic Defense Command 

. Army Special Security Group 


. Army Terrain Analysis Center 

.S. Army Tank Command 

nited States Air Target Chart 

.S. Army Topographic Engineering Center 
.S. Army Training Support Center 

pper Sideband 

1) Under Secretaries Committee; (2) United States Code 
.S. Air Forces Central Command 

.S. Central Command 

.S. Coast Guard 

.S. Coast Guard Intelligence 
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.S. Communications Grid Network 
Commander in Chief, U.S. Atlantic Command 


Commander in Chief, United States Army Forces, 
Readiness Command 


Commander in Chief, U.S. Central Command 
Commander in Chief, U.S. European Command 

United States Commander in Chief, US Forces Command 
Commander in Chief, U.S. Atlantic Command 


United States Commander in Chief Middle East, Southern Asia, 
& Africa South of the Sahara 


Commander in Chief, U.S. Pacific Command 
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SCINCRED 
SCINCSO 
SCINCSOC 
SCINCSOINT 
SCINCSPACE 
SCINSTRAT 
SCINCTRANS 
SCMA 
SCOB 
SCOMEASTLANT 
SCS 


SD 
SD(A&T) 
SD(P) 

SDA 

SDAO 

SDE 

SDR 
SELEMNORAD 
SEMB 
SEUCOM 

SFI 

SFK 

SFORAZ 
SFORCARIB 
SFORDOMREP 
SFORSCOM 
SFORSOM 

SG 

SGS 

SI 

SIA 

SIS 


SIC 

SILO 

SIS 

SJTF 
SLANTCOM 
SLO 

SM 

SMAAG 
SMARCENT 
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Commander in Chief, U.S. Pacific Fleet 

United States Commander in Chief, US Readiness Command 
Commander in Chief, U.S. Southern Command 

Commander in Chief, U.S. Special Operations Command 
Commander in Chief, U.S. Special Operations Intelligence 
Commander in Chief, U.S. Space Command 

Commander in Chief, Strategic Command 


Commander in Chief, U.S. Transportation Command 
United States Court of Military Appeals 

United States Command Berlin 

U.S. Commander, Eastern Atlantic 


(1) U.S. Customs Service; (2) Unified Soils Classification 
System; (3) U.S. Cryptologic System 


nder Secretary of Defense 

nder Secretary of Defense (Acquisition & Technology) 
nder Secretary of Defense for Policy 
.S. Department of Agriculture 

.S. Defense Attache Office 

ndesired Signal Data Emanations 
nited States Defense Representative 
.S. Element NORAD 

nited States Embassy 

.S. European Command 

. Forces, Japan 

. Forces, Korea 

. Forces, Azores 

. Forces, Caribbean 

. Forces, Dominican Republic 


. Forces Command 

.S. Forces, Somalia 
nited States Government 
.S. Geological Survey 
.S. Intelligence 

.S. Information Agency 


(1) U.S. Information Service (USIA abroad); 
(2) U.S. Imagery System 

U.S. Intelligence Community 

U.S. Imagery Liaison Officer 

(1) U.S. Information Service; (2) U.S. Imagery System 
nited States Joint Task Force 

.S. Atlantic Command 

nited States Liaison Officer 

nderwater-to-Surface Missile 


.S. Military Assistance Advisory Group 


U 
U 
U 
U 
U 
U.S. Marine Forces Central Command 
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MARDEZLANT 
MARFORK 
MARFORLANT 
MC 

MILGP 


NAVAK 
NAVCENT 
NAVEUR 
NAVFORJAPAN 
NAVFORKOREA 


S 
S 
S 
S 
S 
S 
S 
S 
S 
S 
S 
S 
S 
S 
S 
S 
SNAVSO 
S 

S 

S 


SO 

SODC 

SOMC 
SOUTHAF 
SOS 

SP&FO 
SPACOM 

SR 
SREDCOM 
SREPMILCOMUN 
SRNMC 

SS 

SSID 

SSIS 
SSOCOM 
SSOCPAC 
SSOUTHAF 
SSOUTHCOM 
SSPACECOM 
SSR 


C euedeudo'ucctducciduccocd coco co:usdcozuocc:t: ese eee Se eG eae ie 


SSS 
SSTRATCOM 
STRANSCOM 
STS 


GEACA 
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. Maritime Defense Zone, Atlantic 

. Marine Forces, Korea 

. Marine Forces, Atlantic 

. Marine Corps 

. Military Group 

. Military Liaison Mission 

. Military Observer Group-Washington 


. Marshal Service 
U.S. Message Text Formats; (2) U.S. Message Text Formatter 
. Military Training Mission 


EN 
w- + 


Navy 

. Navy Alaska 

. Naval Forces, Central Command 

. Naval Forces, Europe 

. Naval Forces, Japan (also USNAVFORJ) 

. Naval Forces, Korea (also USNAVFORK) 
. Naval Forces, Southern Command 

. Naval Institute 

. Naval Reserve 

. Naval Ship 

) United Service Organization; (2) Unit Security Officer 


EN 


.S. Office of Defense Cooperation 

.S. Office of Military Cooperation 

nited States Southern Command Air Forces 

SAF Special Operations School 

.S. Property and Fiscal Officer 

.S. Pacific Command 

nit Status Report 

.S. Readiness Command 

nited States Representative, UN Military Staff Committee 
nited States Representative To NATO Military Committee 
) User Support System; (2) U.S. Ship 

. Signals Intelligence Directive 


EN 


. Signals Intelligence System 

. Special Operations Command 

. Special Operations Command Pacific 
. Southern Command Air Forces 

. Southern Command 


Qe euuxgmagccoocuucc'adocuddccoucgcducgoc:u ucc eae 2 Ga 'e Ge ea aie 


ANnnNHADN 


. Space Command 


(1) Union of Soviet Socialist Republics (now FSU); 
(2) Union of Soviet Sovereign Republics 


(1) U.S. SIGINT System; (2) U.S. Secret Service 
U.S. Strategic Command 


U.S. Transportation Command 
UHF Satellite Terminal System 
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ndersea Warfare 
nder-Secretary General 


Ci cic 


sers’ Terminal 

SAFE Tactical Air Intelligence Network 

SAFE Tactical Air Intelligence System 

1) Unit Type Code; (2) Universal Coordinated Time 
SCENTCOM Transportable Communications Backbone 
SAREUR Transportable Host 

SAREUR Tactical Intelligence Center 

niversal Transverse Mercator (Grid) 


KC IC 


tility Tactical Transport Aircraft System 
Itra Violet 

1) Unconventional Warfare; (2) Underwater 
Itra Wide Band 

nconventional Warfare Operational Area 


eC See ae ee 
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V 


V-22 OSPREY 
VA 

VAAP 

VAB 

VAC 

VAN 

VAR 

VAX 

VBR 

VCA 
VCINCNORAD 
VCJCS 

VCR 

VCS 


VCSA 
VDL 
VDP 
VDS 
VDT 
VDU 
VDV 
veh 
VERT 
VF 
VFR 
VGA 
VGK 
VGW 
VHF 
VHS 
VHSIC 
vic 
VICE 
VID 
VIDINT 
VIDS 
VIN 
VIP 


VISINT 
VISTA 
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Joint Advanced Vertical-Lift Aircraft (Formerly JV X) 
Veterans Administration 

Vulnerability Analysis and Assistance Program 
French Front Armored Vehicle 

Volts, Alternating Current 

Value-Added Networks 

Variable 

Virtual Address Extension 

Variable Bit Rate 

Virginia Contracting Activity 

Vice Commander in Chief, NORAD 

Vice Chairman, Joint Chiefs of Staff 

Video Cassette Recorder 


(1) Video Conference Server; (2) VLAN Common Server; 
(3) Voice Communications Services 


Vice Chief of Staff, Army 

Video Down Link 

Video Disk Player 

Variable Depth Sonar 

Video Display Terminal 

(1) Video Display Unit (TV Monitor); (2) Video Docking Unit 
Soviet (FSU) Airborne Forces 
Vehicle 

Vertical 

Voice Frequency 

Visual Flight Rules 

Virtual Graphics Array 

Supreme High Command (FSU) 
Variable-Geometry Wing 

Very High Frequency 

Video Home System 

Very High Speed Integrated Circuit 
Vicinity 

Voice Interceptor Comprehensive Evaluation 
Visual Identification (Canadian) 
Video Intelligence 

Visually Integrated Display System 
Vehicle Identification Number 


(1) Very Important Person; (2) Variable Incentive Payment; 
(3) Visual Input Processor 


Visual Intelligence 
Very Intelligent Surveillance & Target Acquisition 
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<< 
ZRB 


<<< <<<<< 


Og 2 


VORTAC 
VP 


VPCN 
VPF 
VPH 
VPK 
VPN 
VQ 
VR 
VRD 
VRBM 
VRHS 
VRIT 
VSAT 


VSO 

VSS 
V/STOL 
VSWING 
VT 
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Video Information Exchange System 
Very Local Area Network 

Vertical Launch and Recovery 

Very Large Crude Carrier 

Very Large Data Storage 

Very Low Frequency 

Vertical Launch System 

Very Large-Scale Integration 

Virtual Memory 

Vector Product Format 

Marine Tactical Electronic Warfare Squadron 
Marine Tactical Reconnaissance Squadron 


(1) Marine Observation Squadron; 
(2) Tactical Operations Squadron 


Advanced Development Model 
Virtual Memory System 
Vulnerability Number 
Validation Office 
Vertical/Oblique 

Voice of America 

Voice Communications 
Vertical On-Board Delivery 
Volume 

Very High Frequency Omnidirectional Range 
Collocated VOR and TACAN 


(1) Patrol Aircraft (Navy); (2) U.S. Naval Patrol Squadron; 
(3) Maritime Patrol Squadron 


Virtual Personal Communications Networking 
Vector Product Format 

Video Phase History 

Military Industrial Commission (FSU) 

Voice Product Net 

U.S. Naval Fleet Air Reconnaissance Squadron 
Virtual Reality 

Virtual Retinal Display 

Variable-Range Ballistic Missile 

VIDMAR Robotic Hoist System 

Volume Reduced Imagery Transmission 


(1) Very Small Aperture Satellite Terminal; 
(2) Very Small Aperture Terminals 


Vault Security Officer 

VIDMAR STAK System 

Vertical/Short Takeoff & Landing 
Anti-Submarine Wing 

(1) Variable Time (Fuse); (2) Video Terminal 
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VTA 
VTB 
VTC 
VTOL 
VTR 
VTS 
VTT 
VULREP 
VVS 
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Military Transport Aviation (FSU) 

Video Telebroadcasting 

(1) Video Teleconferencing; (2) Video Telegraph 
Vertical Takeoff and Landing 

Tracked Recovery Vehicle 

Vandenberg Tracking Station 

Video Teletraining 

Vulnerability Report 

FSU Air Forces 
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W 


W 


WABNRES 
WAC 
WADS 
WAG 
W-CIOC 
WAM 
WAN 
WARC 
WARLOG 
WARM 
WAS 
WASAS 
WASHFAX 
WASP 
WARSIM 
WASS 
WASSO 
WATCHCON 
WATS 
WAWS 

WB 

WBIS 
WBMS 
WBST 

WC 

WCCS 
WCG 
WDCS 

WE 

WEBE 
WECON 
WEFAX 
WES 
WESS 
WESTLANT 
WESTPAC/WPAC 
WESTLCF 
WETM 
WEU 

WFC 
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(1) AW prefix to any ship type designates it as subordinated to a 


quasi-military force; (2) Watt 
WWMCCS Airborne Resources 


(1) World Aeronautical Chart; (2) World Area Code 


West Air Defense Sector 
World Area Grid 


Wartime Combined Intelligence Operations Center 


WWMCCS ADP Modernization 
Wide-Area Network 

World Administrative Radio Conference 
Wartime Logistics 

Wartime Reserve Mode 

Wide-Area Search 


Weekly All-Source Algerian Situation Report 


Washington Area Secure Facsimile System 
War Air Service Program 

War Simulation 

Wide-Area Surveillance System 
WWMCCS ADP System Security Officer 
Watch Condition 

Wide Area Telecommunications System 
Washington Area Wideband System 
Wideband 

Wideband Intercept System 

Wideband Measurement System 
Wideband Subscriber Terminals 

(1) Weather Center; (2) Weapon Control 
Wing Command and Control System 
Workstation Computer Graphics 
Weapons Data Correlation System 
Weather Element 

Western European Basic Encyclopedia 
Weather Control 

Weather Facsimile 

WWMCCS Entry System 

Weather Environmental Support System 
Western Atlantic Area (NATO) 

Western Pacific 

WES Teleconferencing System 

Cadre Weather Team 

West European Union 

World Food Council 
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WICP 
WICS 
WIDARSURV 
WIFC 


WNA 
WN/WNINTEL 
WNY 
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Wide Field of View 

World Food Program 

(1) Wing; (2) Working Group 

World Geodetic System 

White House 

White House Communications Agency 
Western Hemisphere Defense 

World Health Organization 

War Headquarters 

White House Situation Room 

Wounded in Action 

Worldwide Intelligence Conference 

Wing Initial Communications Package 
Worldwide Intelligence Communications System 
Wide-Area Surveillance 

Wallops Island Flight Center 
Wing-in-Ground Effect 

Warning and Indications Monitoring System 


(1) WWMCCS Intercomputer Network; 
(2) WWMCCS Interconnected Network 


Warning Intelligence Non-Commissioned Officer 
WWMCCS Information Network Communications System 
Warning and Indications in Europe 

Warning in Korea 

Winter Exercise 

Weekly Intelligence Production Listing 

Weekly Intelligence Review 


(1) Weekly Intelligence Summary; (2) WWMCCS Information 
System; (3) Weaponeering Information Sheet 


Warning Indicators System Europe 


(1) Warning Improvement Study Plan; (2) Wartime Information 
Security Program; (3) Worldwide Intelligence Support Program 


WESTCOM Intelligence Support System 

(1) Western Military District; (2) Weapons of Mass Destruction 
Western Missile Test Range 

Warning-Intelligence Sources and Methods Involved 
Would Not Answer 

Warning Notice-Intelligence Sources and Methods Involved 
Washington Navy Yard 

(1) Washington Office; (2) Warrant Officer 

With Offset Aim Point 

Wing Operations Center 

Write Once/Read Many 

(1) Warsaw Pact; (2) Word Processing 

West PAC 
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WPC 


WPM 
Wpn 
WPNS 
WPNVG 
WPRS 
WR 

WRA 
WRM 
WRMS 
WRNC 
WRS 
WRSA 
WRSK 
WS 
WSAP 
WSEP 
WSI 
WSI/L 
WSMC 
WSMR 
WSS 
WSSIC 
WTM 
WTO 
WVRD 
WWABNCP 
WWCT 
WWDMS 
WWHFIBSN 
WWIMS 
WWMCCS 
WWSVCS 
WWW 
WX 
WXFCST 
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(1) Warsaw Pact Countries; (2) Word Processing Center; 
(3) World Peace Council 


Words Per Minute 

Weapon 

Weapons 

Waterproof Night Vision Goggles 

War Powers Reporting System 

(1) Weapon Radius; (2) Western Range 

Weapon Release Authority 

War Reserve Materiel 

War Reserve Materiel Stocks 

Washington National Records Center 

(1) Weapons Recommendation Sheet; (2) War Reserve Stocks 
War Reserve Stocks for Allies 

War Readiness Spares Kits 

(1) Workstation; (2) Weather Squadron; (3) Weapons School 
Weapons System Acquisition Program 

Weapon System Evaluation Program 

Weapons School of Intelligence 

War Supporting Industries and Logistics 

Western Space and Missile Center 

White Sands Missile Range 

Workfile Support System 

Weapon and Space Systems Intelligence Committee 
World Target Mosaic 

Warsaw Treaty Organization 

World Vision Relief and Development, Inc. 
Worldwide Airborne Command Post 

Worldwide Color TV 

WWMCCS Data Base Management System 
Worldwide High Frequency Interlocking Base Station Network 
Worldwide Warning Indicator Monitoring System 
Worldwide Military Command and Control System(s) 
Worldwide Secure Voice Conferencing System 
Worldwide Web 

Weather 


Weather Forecast 
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X 


XDM/X Model 


Xfer 
XIDB 
XMIT 
XMTR 
XO 
XOI 
XOIN 
XOIX 
XP 
XRL 
XTR 
XVIII ABC 
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Experimental Development Model/Exploratory 
Development Model 


Transfer 

Extended Integrated Database 
Transmit 

Transmitter 

Executive Officer 

USAFE Director of Intelligence 
USAFE Combat Operations Division 
USAFE Plans & Systems Division 
Director(ate) of Plans 

X-Ray Laser 

Transmitter 

XVIII Airborne Corps 
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YGN 
YGS 
YGT 
YGTN 
YH 
YM 
YMN 
YNC 
YNG 
YO 
YON 
YOS 
YOSR 
YOSS 
YPD 
YPL 
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Yttrium Aluminum Garnet 
Experimental Service Craft 
Missile Support Craft 
Missile Support Barge 
Open Barge 

Car Barge 

Lighter Open Cargo 
Lighter Aircraft Transport 
Floating Crane 


Deperming/Degaussing Barge 


Diving Tender 
Ammunition Lighter 
Ammunition Barge 
Covered Lighter 

Ferry 

Large Floating Drydock 
Small Floating Drydock 
Medium Floating Drydock 
Launch 

Covered Barge 

Large Covered Barge 
Drydock Companion Barge 
Floating Power Barge 
Refrigerated Lighter 
Refrigerated Barge 

Harbor Utility Transport 
Garbage Lighter 

Garbage Barge 

Survey Craft 

Target Service Craft 
Target Barge 

Ambulance Craft 

Dredge 
Non-Self-Propelled Dredge 
Net Cargo Craft 

Gate Craft 

Fuel Lighter 

Fuel Barge 

Oil Storage Barge 


Nuclear Waste Disposal Barge 
Submersible Oil Storage Barge 


Floating Pile Driver 
Barracks Barge 
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YPT 
YR 

yr 
YRC 
YRD 
YRG 
YRRN 
YRS 
YSR 
YSS 
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Torpedo Retriever 
Floating Workshop Barge 
Year 

Cable Tender 

Auxiliary Repair Dock 
Tank Cleaning Craft 
Radiological Repair Barge 
Salvage Craft 

Sludge Removal Craft 
Service Submersible 
Large Harbor Tug 

Small Harbor Tug 
Medium Harbor Tug 
Fireboat 

Sail Training Craft 
Seaplane Service Craft 
Water Lighter 

Water Barge 

Hulk or Relic 

Training Craft 
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Z 

Z Zulu Time (Greenwich Mean Time) 

ZBB Zero-Based Budget 

ZF Zone of Fire 

ZG Zero Gravity 

ZI Zone of the Interior 

ZICON (1) Zone of the Interior Consumers’ Network; 
(2) Zone of Interior Communication Network 

ZOS Zone of Separation 

ZPU Soviet (FSU) Antiaircraft Machinegun 

ZSU Soviet (FSU) Self-Propelled Antiaircraft Gun 

ZU Soviet (FSU) Towed Antiaircraft Gun 

ZULU Greenwich Mean Time 
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CODES FOR GEOPOLITICAL AREAS 


Abkhazia AB 
Adriatic Sea 8D 
Aegean Sea 8G 
Afghanistan AF 
Albania AL 
Algeria AG 
American Samoa AQ 
Andaman Islands ZQ 
Andorra AN 
Angola AO 
Anguilla AV 
Annobon (Pagulu) YR 
Antarctica AY 
Antigua and Barbuda AC 
Arabian Peninsula A4 
Arabian Sea 6R 
Arctic Ocean SA 
Argentina AR 
Armenia AM 
Aruba AA 
Ashmore and Cartier Islands AT 
Asia A 
Atlantic Ocean Z8 
Atlantic Ocean, North 1A 
Atlantic Ocean, South 2A 
Australia AS 
Austria AU 
Azerbaijan AJ 
Azores Islands AZ 
Bahamas BF 
Bahrain BA 
Baker Island FQ 
Balearic Islands BI 
Baltic Sea 7B 
Bangladesh BG 
Barbados BB 
Barents Sea 5B 
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Bassas Da India BS 
Belarus BO 
Belgium BE 
Belize BH 
Benin BN 
Bering Sea 5D 
Bering Strait 5R 
Bermuda BD 
Bhutan BT 
Black Sea 8B 
Bolivia BL 
Bosnia and Herzegovina BK 
Botswana BC 
Bouvet Island BV 
Brazil BR 
British Indian Ocean Territory IO 
British Virgin Islands VI 
Brunei BX 
Bulgaria BU 
Burkina Faso (formerly Upper Volta) UV 
Burma BM 
Burundi BY 
Belarus BO 
Cabinda VK 
Cambodia (now Kampuchea) CB 
Cameroon CM 
Canada CA 
Canary Islands ZZ 
Cape Verde CV 
Caribbean Islands N5 
Caribbean Sea IX 
Caroline Islands ZL 
Caspian Sea 8C 
Cayman Islands CJ 
Central African Republic CT 
Central America N4 
Chad CD 
Chile CI 
China (Peoples Republic of) CH 
Christmas Island KT 
Chukchi Sea 5C 
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Clipperton Island IP 
Cocos (Keeling Islands) CK 
Colombia CO 
Comoros CN 
Congo CF 
Cook Islands CW 
Coral Sea Islands CR 
Corsica VP 
Costa Rica CS 
Crete VJ 
Croatia HR 
Cuba CU 
Cyprus CY 
Czechoslovakia (former) CZ 
Czech Republic EZ 
Denmark DA 
Diego Garcia YL 
Djibouti DJ 
Dominica DO 
Dominican Republic DR 
Easter Island XZ 
Eastern Europe E5 
Ecuador EC 
Egypt EG 
El Salvador ES 
Elobey, Islas de YU 
Equatorial Guinea EK 
Eritrea ER 
Estonia EN 
Ethiopia ET 
Europa Island EU 
Falkland Islands FK 
Faroe Islands FO 
Fiji FJ 
Finland Fl 
France FR 
French Guiana FG 
French Polynesia FP 
French Southern and Antarctic Lands FS 
Gabon GB 
Gambia GA 
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Gaza Strip GZ 
Georgia GG 
Germany GM 
Germany, Democratic Republic of (former) GC 
Germany, Federal Republic of GE 
Ghana GH 
Gibraltar GI 
Glorioso Islands GO 
Greece GR 
Greenland GL 
Grenada GJ 
Guadeloupe GP 
Guam GQ 
Guatemala GT 
Guernsey GK 
Guinea GV 
Guinea-Bissau PU 
Gulf of Mexico 1M 
Guyana GY 
Haiti HA 
Heard Island and McDonald Islands HM 
Holy See VT 
Honduras HO 
Hong Kong HK 
Howland Island HQ 
Hungary HU 
Iceland IC 
India IN 
Indian Ocean 6A 
Indian Ocean Islands V2 
Indonesia ID 
Iran IR 
Iraq WA 
Iraq/Saudi Arabia Neutral Zone IY 
Ireland El 
Israel IS 
Italy IT 
Ivory Coast IV 
Jamaica JM 
Jan Mayen JN 
Japan JA 
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Japan, Sea of 3J 
Jarvis Island DQ 
Jersey JE 
Johnston Atoll JQ 
Jordan JO 
Juan De Nova Island JU 
Juan Fernandez Archipelago YV 
Kampuchea (formerly Cambodia) CB 
Kazakhstan KZ 
Kenya KE 
Kingman Reef KQ 
Kiribati KR 
Korea, Democratic Peoples Republic of (North Korea) KN 
Korea, Republic of (South Korea) KS 
Kuwait KU 
Kyrgyzstan KG 
Lakshadweep Islands (Laccadive Islands) LD 
Laos LA 
Latin America L7 
Latvia LG 
Lebanon LE 
Lesotho LT 
Liberia LI 
Libya LY 
Liechtenstein LS 
Lithuania LH 
Luxembourg LU 
Macau MC 
Macedonia MK 
Madagascar MA 
Madeira Islands VD 
Malawi MI 
Malaysia MY 
Maldives MV 
Mali ML 
Malta MT 
Man, Isle of IM 
Marshall Islands VH 
Marshall Islands, Republic of RM 
Martinique MB 
Mauritania MR 
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Mauritius MP 
Mayotte MF 
Mediterranean, Eastern 8E 
Mediterranean, Western 8W 
Mediterranean Sea Z9 
Mexico MX 
Micronesia, Federated States of FM 
Middle East F8 
Midway Islands MQ 
Moldova MD 
Monaco MN 
Mongolia MG 
Montenegro MW 
Montserrat MH 
Morocco MO 
Mozambique MZ 
Namibia WA 
NATO Countries N2 
Nauru NR 
Navassa Island BQ 
Nepal NP 
Netherlands NL 
Netherlands Antilles NT 
New Caledonia NC 
New Hebrides (now Vanuatu) NH 
New Zealand NZ 
Nicaragua NU 
Nicobar Island YZ 
Niger NG 
Nigeria NI 
Niue NE 
Norfolk Island NF 
North Africa Fl 
North Africa and Middle East F9 
Northern Island WN 
Northern Mariana Islands CQ 
Norway NO 
Norwegian Sea 5N 
Okhotsk, Sea of 3Q 
Okinawa XG 
Oman MU 
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Pacific Islands (Palau), Trust Territory of the PS 
Pacific Ocean Z7 
Pacific Ocean Islands VI 
Pacific Ocean, North 3A 
Pacific Ocean, South 4A 
Pakistan PK 
Palmyra Atoll LQ 
Panama PM 
Papua New Guinea PP 
Paracel Islands PF 
Paraguay PA 
Pemba Island PB 
Persian Gulf 6P 
Peru PE 
Philippines RP 
Pitcairn Islands PC 
Poland PL 
Portugal PO 
Puerto Rico RQ 
Qatar QA 
Red Sea 6E 
Reunion RE 
Romania RO 
Russia RS 
Rwanda RW 
Sala y Gomez Island WC 
San Ambrosio, Isla YX 
San Felix, Isla YK 
San Marino SM 
Sao Tome and Principe TP 
Sardinia (Sardegna) SD 
Saudi Arabia SA 
Senegal SG 
Serbia SR 
Seychelles SE 
Sierra Leone SL 
Singapore SN 
Slovak Republic LO 
Slovenia SI 
Socotra SJ 
Solomon Islands BP 
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Somalia SO 
South Africa SF 
South America S 
South Asia AS 
South China Sea 3U 
Southeast Asia A6 
South Orkney Islands WG 
South Shetland Islands WH 
Southwest Asia A7 
Spain SP 
Spratly Islands PG 
Sri Lanka CE 
St. Christopher (Kitts) and Nevis SC 
St. Helena SH 
St. Lucia ST 
St. Pierre and Miquelon SB 
St. Vincent and the Grenadines VC 
Sub-Saharan Africa F7 
Sudan SU 
Suriname NS 
Svalbard SV 
Swaziland WZ 
Sweden SW 
Switzerland SZ 
Syria SY 
Taiwan TW 
Tajikistan TI 
Tanzania TZ 
Thailand TH 
Togo TO 
Tokelau TL 
Tonga TN 
Trinidad and Tobago TD 
Tromelin Island TE 
Tunisia TS 
Turkey TU 
Turkmenistan TX 
Turks and Caicos Islands TK 
Tuvalu TV 
Uganda UG 
Ukraine UP 
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Union of Soviet Socialist Republics UR 
United Arab Emirates TC 
United Kingdom UK 
United Nations UN 
United States US 
United States (Miscellaneous Pacific Islands) IQ 
Upper Volta (now Burkina Faso) U 
Uruguay UY 
Uzbekistan U 
Vanuatu (formerly New Hebrides) NH 
Vatican City (Holy See) VT 
Venezuela VE 
Vietnam VM 
Virgin Islands VQ 
Wake Island WQ 
Wallis and Futuna WF 
Walvis Baai YA 
West Bank WE 
Western Europe E6 
Western Sahara WI 
Western Samoa WS 
Worldwide WwW 
Yellow Sea 3Y 
Yemen YM 
Yemen Arab Republic (North Yemen, arch.) YE 
Yemen, Peoples Democratic Republic of (South Yemen, arch) YS 
Yugoslavia (former) YO 
Zaire CG 
Zambia ZA 
Zanzibar ZY 
Zimbabwe ZI 
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Arabian Peninsula 
South Asia 

Southeast Asia 
Southwest Asia 
Atlantic Ocean, North 
Gulf of Mexico 
Caribbean Sea 
Atlantic Ocean, South 
Pacific Ocean, North 
Sea of Japan 

Sea of Okhotsk 

South China Sea 
Yellow Sea 

Pacific Ocean, South 
Arctic Ocean 

Barents Sea 

Chukchi Sea 

Bering Sea 
Norwegian Sea 
Bering Strait 

Indian Ocean 

Red Sea 

Persian Gulf 

Arabian Sea 

Baltic Sea 

Caspian Sea 

Adriatic Sea 
Mediterranean, Eastern 
Mediterranean, Western 
Aegean Sea 

Asia 

Aruba 

Abkhazia 

Antigua and Barbuda 
Afghanistan 

Algeria 

Albania 

Armenia 

Andorra 

Angola 
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AQ 
AR 
AS 
AT 
AU 
AV 
AY 
AZ 
BA 
BB 
BC 
BD 
BE 
BF 
BG 
BH 
BI 
BK 
BM 
BN 
BO 
BP 
BQ 
BR 
BS 
BT 
BU 
BV 
BX 
BY 
CA 
CB 
CD 
CE 
CF 
CG 
CH 
CI 
CJ 
CK 
CM 
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American Samoa 
Argentina 
Australia 
Ashmore and Cartier Islands 
Austria 

Anguilla 
Antarctica 
Azores Islands 
Bahrain 
Barbados 
Botswana 
Bermuda 
Belgium 
Bahamas 
Bangladesh 
Belize 

Balearic Islands 
Bosnia and Herzegovina 
Burma 

Benin 

Belarus 
Solomon Islands 
Navassa Island 
Brazil 

Bassas Da India 
Bhutan 

Bulgaria 

Bouvet Island 
Brunei 

Burundi 


Canada 
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Kampuchea (formerly Cambodia) 


Chad 

Sri Lanka 

Congo 

Zaire 

China (Peoples Republic ofl 
Chile 

Cayman Islands 

Cocos (Keeling Islands) 


Cameroon 
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CN 
CO 
CQ 
CR 
CS 
CT 
CU 
CV 
CW 
Gy 
CZ 
DA 
DJ 
DO 
DQ 
DR 
E5 
E6 
EC 
EG 
El 
EK 
EN 
ER 
ES 
ET 
EU 
EZ 
F1 
F7 
F8 
F9 
FK 
FG 
FI 
FJ 
FM 
FO 
FP 
FQ 
FR 
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Comoros 

Colombia 

Northern Mariana Islands 
Coral Sea Islands 

Costa Rica 

Central African Republic 
Cuba 

Cape Verde 

Cook Islands 

Cyprus 

Czechoslovakia 
Denmark 

Djibouti 

Dominica 

Jarvis Island 

Dominican Republic 
Eastern Europe 

Western Europe 

Ecuador 

Egypt 

Ireland 

Equatorial Guinea 
Estonia 

Eritrea 

El Salvador 

Ethiopia 

Europa Island 

Czech Republic 

North Africa 
Sub-Saharan Africa 
Middle East 

North Africa and Middle East 
Falkland Islands 

French Guiana 

Finland 

Fiji 

Micronesia, Federated States of 
Faroe Islands 

French Polynesia 

Baker Island 


France 
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FS French Southern and Antarctic Lands 
GA Gambia 
GB Gabon 
GC Germany, Democratic Republic of (arch.) 
GE Germany, Federal Republic of 
GG Georgia 
GH Ghana 
Gl Gibraltar 
GJ Grenada 
GK Guernsey 
GL Greenland 
GM Germany 
GO Glorioso Islands 
GP Guadeloupe 
GQ Guam 
GR Greece 
GT Guatemala 
GV Guinea 
GY Guyana 
GZ Gaza Strip 
HA Haiti 
HK Hong Kong 
HM Heard Island and McDonald Islands 
HO Honduras 
HQ Howland Island 
HR Croatia 
HU Hungary 
IC Iceland 
ID Indonesia 
IM Man, Isle of 
IN India 
IO British Indian Ocean Territory 
IP Clipperton Island 
IQ United States (Miscellaneous Pacific Islands) 
IR Iran 
IS Israel 
IT Italy 
IV Ivory Coast 
IY Iraq/Saudi Arabia Neutral Zone 
IZ Iraq 
JA Japan 
JE Jersey 
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JM Jamaica 

JN Jan Mayen 

JO Jordan 

JQ Johnston Atoll 
JU Juan De Nova Island 
KE Kenya 

KG Kyrgyzstan 

KN Korea, Democratic Peoples Republic of (North Korea) 
KQ Kingman Reef 
KR Kiribati 

KS Korea, Republic of (South Korea) 
KT Christmas Island 
KU Kuwait 

KZ Kazakhstan 

L7 Latin America 
LA Laos 

LD Lakshadweep Islands (Laccadive Islands) 
LE Lebanon 

LG Latvia 

LH Lithuania 

LI Liberia 

LO Slovak Republic 
LQ Palmyra Atoll 
LS Liechtenstein 
LT Lesotho 

LU Luxembourg 

LY Libya 

MA Madagascar 

MB Martinique 

MC Macau 

MD Moldova 

MF Mayotte 

MG Mongolia 

MH Montserrat 

MI Malawi 

MK Macedonia 

ML Mali 

MN Monaco 

MO Morocco 

MP Mauritius 

MQ Midway Islands 
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MR 
MT 
MU 
MV 
MW 
MX 
MY 
MZ 
N2 
N4 
N5 
NC 
NE 
NF 
NG 
NH 
NI 
NL 
NO 
NP 
NR 
NS 
NT 
NU 
NZ 
PA 
PB 
PC 
PE 
PF 
PG 
PK 
PL 
PM 
PO 
PP 
PS 
PU 
QA 
RE 
RM 
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Mauritania 
Malta 

Oman 

Maldives 
Montenegro 
Mexico 
Malaysia 
Mozambique 
NATO countries 
Central America 
Caribbean Islands 


New Caledonia 


Niue 

Norfolk Island 
Niger 

Vanuatu (formerly New Hebrides) 
Nigeria 

Netherlands 
Norway 

Nepal 

Nauru 

Suriname 
Netherlands Antilles 
Nicaragua 

New Zealand 
Paraguay 

Pemba Island 


Pitcairn Islands 


Peru 

Paracel Islands 

Spratly Islands 

Pakistan 

Poland 

Panama 

Portugal 

Papua New Guinea 

Trust Territory of the Pacific Islands (Palau) 
Guinea-Bissau 

Qatar 

Reunion 

Marshall Islands, Republic of 
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RO Romania 

RP Philippines 

RQ Puerto Rico 

RS Russia 

RW Rwanda 

S South America 

SA Saudi Arabia 

SB St. Pierre and Miquelon 
SC St. Christopher (Kitts) and Nevis 
SD Sardinia (Sardegna) 
SE Seychelles 

SF South Africa 

SG Senegal 

SH St. Helena 

SI Slovenia 

SJ Socotra 

SL Sierra Leone 

SM San Marino 

SN Singapore 

SO Somalia 

SP Spain 

SR Serbia 

ST St. Lucia 

SU Sudan 

SV Svalbard 

SW Sweden 

SY Syria 

SZ Switzerland 

TC United Arab Emirates 
TD Trinidad & Tobago 
TE Tromelin Island 

TH Thailand 

TI Tajikistan 

TK Turks and Caicos Islands 
TL Tokelau 

TN Tonga 

TO Togo 

TP Sao Tome and Principe 
TS Tunisia 

TU Turkey 

TV Tuvalu 


245 


Page 3514 of 3957 


Page 355 of 3957 


TW Taiwan 

TX Turkmenistan 

TZ Tanzania 

UG Uganda 

UK United Kingdom 

UN United Nations 

UP Ukraine 

UR Union of Soviet Socialist Republics 
US United States 

UV Burkina Faso (formerly Upper Volta) 
UY Uruguay 

UZ Uzbekistan 

V1 Pacific Ocean Islands 
V2 Indian Ocean Islands 
VC St. Vincent and the Grenadines 
VD Madeira Islands 

VE Venezuela 

VH Marshall Islands 

VI British Virgin Islands 
VJ Crete 

VK Cabinda 

VM Vietnam 

VP Corsica 

VQ Virgin Islands 

VT Vatican City (Holy See) 
W Worldwide 

WA Namibia 

WC Sala y Gomez Island 
WE West Bank 

WF Wallis and Futuna 

WG South Orkney Islands 
WH South Shetland Islands 
WI Western Sahara 

WN Northern Island 

WQ Wake Island 

WS Western Samoa 

WZ Swaziland 

XG Okinawa 

XZ Easter Island 

YA Walvis Baai 

YE Yemen Arab Republic (North Yemen, arch.) 
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YK San Felix, Isla 
YL Diego Garcia 
YM Yemen 
YO Yugoslavia 
YR Annobon (Pagulu) 
YS Yemen, Peoples Democratic Republic of (South Yemen, arch.) 
YU Eloby, Islas de 
YV Juan Fernandez Archipelago 
YX San Ambrosio, Isla 
YZ Nicobar Island 
ZI Pacific Ocean 
Z8 Atlantic Ocean 
Z9 Mediterranean Sea 
ZA Zambia 
ZI Zimbabwe 
ZL Caroline Islands 
ZQ Andaman Islands 
ZY Zanzibar 
ZZ Canary Islands 
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GLOSSARY (UNCLASSIFIED) 
9 June 2014 


TERMS & DEFINITIONS OF INTEREST 
FOR COUNTERINTELLIGENCE PROFESSIONALS 


Wisdom begins with the definition of terms 


-- Socrates 


2X. The manager of the counterintelligence and human intelligence missions at various levels of DoD 
structure, including joint, command, service, and task force. The 2X structure includes the 
Counterintelligence Coordinating Authority (CICA) and the Human Intelligence Operations Center (HOC). 
(AR 381-20, Army CI Program, 25 May 2010) Also see J2X. 


-- Also, the counterintelligence and human intelligence advisor to the C/J/G/S-2. Denotes the 2X 
positions at all echelons. The 2X staff conducts technical control and oversight for all counterintelligence 
and human intelligence entities with[in] their operational purview. It coordinates, de-conflicts, and 
synchronizes all counterintelligence and human intelligence activities at each level of command. (Army 
FM 2-22.2, Counterintelligence, Oct 2009) 


Term also refers to the staff section that the 2X leads. 


Interesting historical note: During World War Il the counterintelligence element of the Office of 
Strategic Services (OSS) was known as "X-2" (Counter Espionage Branch). The OSS--predecessor 
to today's Central Intelligence Agency--was established on 13 June 1942 by order of President 
Roosevelt. Also "XX" was the Double-Cross System, a World War ll counterespionage and 
deception operation controlled British military intelligence; see The Double-Cross System, Yale 
University Press (1972) by Sir John Cecil Masterman, 


603 Referral. See Section 603 Referral. 


811 Referral. See Section 811 Referral. 


This Glossary is designed to be a reference for counterintelligence (Cl) professionals within the 
Department of Defense (DoD); however other Cl professionals may find it of use. It provides a 
comprehensive compilation of unclassified terms that may be encountered when dealing with the 
dynamic discipline of counterintelligence and related activities. Where some words may several 
meanings within the counterintelligence or intelligence context, a variety of definitions are included. 


Definitions within this Glossary cite an original source document. The quotes selected, as well as 
the views and comments expressed in the shadow boxes are those of the editor and do not 
necessarily reflect the official policy or position of the Department of Defense, the Office of the 
National Counterintelligence Executive, the Intelligence Community, the Office of National 
Intelligence, or the United States Government. 


This Glossary is periodically updated. Users are encouraged to submit proposed changes, 
corrections, and/or additions. Please provide a source citation for any recommended definitions. 


Editor: COL Mark L. Reagan (USA Ret), mmreagan@msn.com 
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A ee SV 


A-Space (abbreviation for Analytical Soace). A-Space transitioned to i-Space -- see “i-Space.” A-Space 
was a virtual work environment that provided “analysts" from across the Intelligence Community a 
common platform for research, analysis and collaboration. 


Abort. To terminate a mission for any reason other than enemy action. It may occur at any point after the 
beginning of the mission and prior to its completion. (previously in Joint Publication 1-02, DoD Dictionary 
of Military and Associated Terms, hereafter referred to as JP 1-02)* 


Abduction. [One of the four basic types of reasoning applied to intelligence analysis,] it is the process of 
generating a novel hypothesis to explain given evidence that does not readily suggest a familiar 
explanation. (DIA, Intelligence Essentials for Everyone, June 1999) Also see deduction; induction; 
scientific method. 


For additional information see Knowledge Management in the Intelligence Enterprise by Edward 
Waltz (2003) and Critical Thinking and Intelligence Analysis by David T. Moore, JMIC Press (2006). 


Access. In counterintelligence and intelligence use: 1) A way or means of approach to identify a target; 2) 
Exploitable proximity to or ability to approach an individual, facility, or information that enables target to 
carry out the intended mission. (JP 1-02 and JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 201 1 
w/ chg 1 dated 26 Aug 2011) 


-- Also, the ability and opportunity to obtain knowledge of classified sensitive information or to be in a 
place where one could expect to gain such knowledge. (Counterintelligence Community Lexicon, June 
2000, hereinafter referred to as Cl Community Lexicon) 


-- Also, the ability or opportunity to obtain knowledge of classified or sensitive information. (IC 
Standard 700-1, 4 Apr 2008 and DoD Manual 5200.01-Vol 1, Information Security Program, 24 Feb 2012) 


-- Also, the ability and opportunity to obtain knowledge of classified information. (DoD Manual 
S-5240.09-M, OFCO Procedures & Security Classification Guide, 13 Jan 2011 and DSS Glossary) 


Access generally refers to the ability of a human source/asset (either Cl or HUMINT) to perform a 
specific operational task within the limits of acceptable risk. Types of access include direct, 
indirect, first-hand, second-hand, etc. 


Access Agent. An individual used to acquire information on an otherwise inaccessible target. (Human 
Derived Information Lexicon Terms and Definitions for HUMINT, Counterintelligence, and Related 
Activities, April 2008, hereinafter referred to as HDI Lexicon) Also see agent. 


-- Also, an agent whose relationship or potential relationship with a foreign intelligence personality 
allows him or her to serve as a channel for the introduction of another controlled agent for the purpose of 
recruitment of the target. (AFOSI Manual 71-142, OFCO, 9 Jun 2000) 


* Joint Publication 1-02, DoD Dictionary of Military and Associated Terms (JP 1-02), as amended; available online at: 
<http://www.dtic.mil/doctrine/dod_dictionary/> ^ Note: also available online at: «https: //jdeis.js.mil> 
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-- Also, a person who facilitates contact with a target individual or entry into a facility. (Spycraft: The 
Secret History of the CIA's Spytechs from Communism to Al-Qaeda, 2008; hereinafter referred to as 
Spycraft) 


Access Agents 
Another method of identifying and keeping track of suspected intelligence personnel is to recruit 
people close to suspects, known in the jargon as “access agents.” Counterintelligence operators 
can seek out secretaries, janitors, chauffeurs, interpreters, neighbors, or friends and request that 
they pass on information about the target’s predilections and behavior. 
-- Roy Godson, Dirty Tricks or Trump Cards: US Covert and Counterintelligence (1995), pp. 218-219 


Access to Classified Information. The ability and opportunity to obtain knowledge of classified 
information. Persons have access to classified information if they are permitted to gain knowledge of the 
information or if they are in a place where they would be expected to gain such knowledge. Persons do 
not have access to classified information by being in a place where classified information is kept if 
security measures prevent them from gaining knowledge of the information. (JP 1-02) 


Accommodation Address. An address for a person or organization that does not occupy the premises. 
(HDI Lexicon, April 2008) 


-- Also, an address where regular posted mail, or sometimes another type of communication, is 
received and then held for pickup or forwarded, transmitted, or relayed to a member of a intelligence 
service who does not occupy the premises. Sometimes called a mail drop, live letterbox, or cutout. 
(AFOSI Manual 71-142, OFCO, 9 Jun 2000 and Spy Book) 


-- Also, a "safe" address, not overtly associated with intelligence activity, used by an agent to 
communicate with the intelligence service for whom he working. (FBI -- Affidavit: USA vs. Robert Philip 
Hanssen, 16 Feb 2001) 


-- Also, an address with no obvious connection to an intelligence agency, used for receiving mail 
containing sensitive material or information (Spycraft) 


-- Also, a prearranged temporary address or location where an intelligence operative may receive 
mail clandestinely from a third party. (Encyclopedia of the CIA, 2003) 


ACIC. See Army Counterintelligence Center. 


Acknowledged SAP. A SAP [Special Access Program] whose existence is acknowledged but its specific 
details (technologies, materials, techniques, etc.) are classified as specified in the applicable security 
classification guide. (DoDD 5205.07, SAP Policy, 1 July 2010) Also see unacknowledged SAP. 


-- Also, a Special Access Program that is acknowledged to exist and whose purpose is identified 
(e.g., the B-2 or the F-117 aircraft program) while the details, technologies, materials, techniques, etc., of 
the program are classified as dictated by their vulnerability to exploitation and the risk of compromise. 
Program funding is generally unclassified. Note: Members of the four Congressional Defense Committees 
are authorized access to the program. (DSS Glossary) 


Acoustic Intelligence (ACINT). Intelligence derived from the collection and processing of acoustic 
phenomena. (JP 1-02 and JP 2-0, Joint Intelligence, 22 Oct 2013) 


Page 3520 of 3957 


Page 3521of 3957 


Counterintelligence Glossary -- Terms & Definitions of Interest for CI Professionals (9 June 2014) 


Acoustical Security. Those security measures designed and used to deny aural access to classified 
information. (DSS Glossary and AR 381-14, Technical Counterintelligence, 30 Sep 2002) 


Acoustical Surveillance. Employment of electronic devices, including sound-recording, -receiving, 
or -transmitting equipment, for the collection of information. (JP 1-02) 


Acquisition Special Access Program. A special access program established primarily to protect sensitive 
research, development, testing, and evaluation or procurement activities in support of sensitive military 
and intelligence requirements. (DSS Glossary) 


Acquisition Security Database (ASDB). A classified DoD database designed to support Program 
Managers, Research Technology Protection (RTP), Anti-Tamper, Counterintelligence, OPSEC, and 
Security personnel supporting DoD Acquisition Programs with automated tools and functionality to enable 
efficient and cost-effective identification and protection of Critical Technologies (CT) and Critical Program 
Information (CPI). 


-- Also, [proposed definition] the DoD horizontal protection database providing online storage, 
retrieval, and tracking of CPI and supporting Program Protection documents in order to facilitate 
comparative analysis of defense systems' technology and align CPI protection activities across the DoD. 
(Draft DoDI 5200.39, CPI Identification and Protection within RDA Programs) 


All DoD CI personnel providing Cl support to RDA should obtain an ASDB account. 


ASDB is a key database for CI support to Research Development & Acquisition (RDA) which 
provides on-line storage and retrieval of Program Protection Plans (PPPs), Anti-Tamper Plans, 
Technology Assessment/Control Plans, Multi-Disciplined Counterintelligence Threat Assessments, 
Program Protection Implementation Plans, OPSEC Plans and Security Classification Guides 
(SCGs). 


On SIPRNet see «https ://asdb.strikenet.navy.smil.mil- 


Acquisition Systems Protection (ASP). The safeguarding of defense systems anywhere in the acquisition 
process as defined in DoD Directive 5000.1, the defense technologies being developed that could lead to 
weapon or defense systems, and defense research data. ASP integrates all security disciplines, counter- 
intelligence, and other defensive methods to deny foreign collection efforts and prevent unauthorized 
disclosure to deliver to our force uncompromised combat effectiveness over the life expectancy of the 
system. (DoD 5200.1-M, Acquisition Systems Protection Program, Mar 1994) 


Actionable Intelligence. Intelligence information that is directly useful to customers for immediate 
exploitation without having to go through the full intelligence production process. (ICS Glossary and 
JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 201 1) 


Active Cyber Defense. The Department of Defense's real-time capability to discover, detect, analyze, 
and mitigate threats and vulnerabilities to defend networks and systems. (DoD Strategy for Operating in 
Cyberspace, May 2011) 


Active Measures. In Russian, aktivnyye mery or aktivnyye meropriyatiya. ...Soviet KGB tradecraft jargon 
for operation involving disinformation, manipulation of communist-front organizations, agent-of-influence 
operations, forgeries and counterfeiting. (The CIA Insider's Dictionary by Leo D. Carl, 1996) 


-- Also, influence operations organized by the Soviet government. These include white, gray, and 


black propaganda, as well as disinformation. (Encyclopedia of Espionage, Intelligence, and Security by 
The Gale Group, Inc) 
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-- Also, the Soviet term for strategies that in the West would be described as black propaganda. The 
purpose was to denigrate "the main adversary" by using whatever disinformation channels were available 
to spread false stories, plant bogus reports into the media, spread untrue rumors, and support Soviet 
foreign policy objectives by undermining confidence in its opponents. (Historical Dictionary of Cold War 
Counterintelligence by Nigel West) 


-- Also, a form of political warfare conducted by Soviet intelligence and security services to influence 
the course of world events. Active measures ranged "from media manipulations to special actions 
involving various degrees of violence" and included disinformation, propaganda, counterfeiting official 
documents, assassinations, and political repression, such as penetration in churches, and persecution 
of political dissidents. (Extract from Christopher Andrew and Vasili Mitrokhin, The Mitrokhin Archive: The 
KGB in Europe and the West, 2000) 


The scale of the Soviet's active measures campaign, and the KGB's involvement in the 
development and execution of specific items of disinformation was disclosed by a KGB officer, 
Anatoli Golitsyn, following his defection in Helsinki in December 1961. 


Active measures proved highly relevant to the Western counterintelligence community because it 
was in the KGB's interests to subvert the CIA, by suggesting it was driven by corruption and 
influenced by dishonest politicians. The key to successful campaigns proved to be the deliberate 
distortion of known facts, mixed with an element of fabrication. [...] In addition, there is some 
evidence to suggest that the KGB attempted to protect some of its most vital sources by interfering 
in Western mole hunts through the introduction of false or misleading clues to throw the 
investigations onto unproductive lines of inquiry. 

-- Nigel West, Historical Dictionary of Cold War Counterintelligence 


For more information see: Soviet Active Measures in the "Post-Cold War" Era 1988-1991, A 
Report Prepared at the Request of the United States House of Representatives Committee on 
Appropriations by the United States Information Agency, June 1992. Copy available on line at: 
<http://intellit. muskingum.edu/russia_folder/pcw_era/index.htm> 


Also see Deception, Disinformation, and Strategic Communications: How One Interagency Group 
Made a Major Difference by Fletcher Schoen and Christopher J. Lamb, Institute for National 
Strategic Studies, National Defense University, June 2012; copy available on line at: 
<http://www.ndu.edu/inss/news.cfm ?action=view&id=1 60> 


Activity Based Intelligence (ABI). A discipline of intelligence where the analysis and subsequent 
collection is focused on the activity and transactions associated with an entity, a population or an area of 
interest. (NGA) 


ABI is a multi-intelligence approach based on persistent collection of intelligence over a broad area 
from multiple sources. Geospatial Intelligence (GEOINT), coupled with human domain analytics, is 
the foundation of ABI. 


The National Geospatial-Intelligence Agency (NGA) is at the forefront of the ABI push within the 
Intelligence Community. The ubiquitous nature of geo-spatial intelligence (GEOINT), coupled with 
Human Domain Analytics (HDA), forms the true foundation of ABI. 


See “A Brief Overview of Activity Based Intelligence and Human Domain Analytics,” (Sep 2012) by 
Mark Phillips available on line at: 
<http://trajectorymagazine.com/images/winter2012/A_Brief_Overview_of_ABI.pdf> 


ABI is an inherently multi-INT approach to activity and transactional data analysis to resolve 
unknowns, develop object and network knowledge, and drive collection. 


-- Cited by Letitia A. Long, Director NGA, in her article “Activity Based Intelligence: Understanding the 
Unknown,” in The Intelligencer: Journal of U.S. Intelligence Studies, Vol 20 No. 2, Fall/Winter 2013, p. 7 
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ABI is really a new tradecraft that builds on top of something that's been around for awhile called 
‘patterns of life.’ 


-- Jordan Becker, Vice President & General Manger for GEOINT-ISR, BAE Systems, 
Quoted in “GEOINT Tradecraft: Human Geography” by Greg Slabodkin, DefenseSystems, 
Vol 7, No. 6, Oct/Nov 2013, p. 7 


Activity Security Manager. The individual specifically designated in writing and responsible for the 
activity's information security program, which ensures that classified information (except SCI which is the 
responsibility of the SSO appointed by the senior intelligence official) and CUI are properly handled 
during their entire life cycle. This includes ensuring information is appropriately identified, marked, stored, 
disseminated, disposed of, and accounted for, as well as providing guidance on the handling of security 
incidents to minimize adverse effects and ensure that appropriate corrective action is taken. The security 
manager may be assigned responsibilities in other security disciplines such as personnel and physical 
security, etc. (DoD Manual 5200.01-Vol 1, Information Security Program, 24 Feb 2012) 


Ad-Hoc Requirement (AHR). A HUMINT collection requirement with a limited emphasis, based on time or 
other requirements. (Defense HUMINT Enterprise Manual 3301.02, Vol II Collection Operations, 23 Nov 
2010) 


-- Also, an intelligence need that was not addressed in [a] standing tasking. (National HUMINT 
Glossary) 


Adaptive Planning. The joint capability to create and revise plans rapidly and systematically, as 
circumstances require. Also see Adaptive Planning and Execution (APEX); intelligence planning. 


Adaptive Planning and Execution (APEX). A Department of Defense system of joint policies, processes, 
procedures, and reporting structures, supported by communications and information technology, that is 
used by the joint planning and execution community to monitor, plan, and execute mobilization, 
deployment, employment, sustainment, redeployment, and demobilization activities associated with joint 
operations. (JP 1-02 and JP 5-0, Joint Operation Planning, 11 Aug 2011) 


Adequate Security. Security commensurate with the risk and the magnitude of harm resulting from the 
loss, misuse, or unauthorized access to or modification of information. (NIST, Glossary of Key Information 
Security Terms, May 2013) 


Adherents. [In counterterrorism usage] individual who have formed collaborative relationships with, act 
on behalf of, or are otherwise inspired to take action in furtherance of the goals of al-Qa'ida—the 
organization and ideology—including b engaging in violence regardless of whether such violence is 
targeted at the United States, its citizens, or its interests. (National Strategy for Counterterrorism, 

June 2011) 


Ad-hoc HUMINT Requirement (AHR). A HUMINT collection requirement with a limited emphasis, based 
upon time or other requirements. (DHE-M 3301.001, DIA HUMINT Manual, Vol I, 30 Jan 2009 w/ chg 2) 


Adjudication. Evaluation of personnel security investigations and other relevant information to determine 
if itis clearly consistent with the interests of national security for persons to be granted or retain eligibility 
for access to classified information, and continue to hold positions requiring a trustworthiness decision. 
(DSS Glossary) 


Administrative Control (ADCON). Direction or exercise of authority over subordinate or other 
organizations in respect to administration and support. (JP 1, Doctrine for the Armed Forces of the United 
States, 25 Mar 2013) 


Admission. A polygraph examinee's acknowledgement of a fact or a capable statement associated with a 
relevant issue. (AR 381-20, Army CI Program, 25 May 2010) 
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Advanced Persistent Threat (APT). An extremely proficient, patient, determined, and capable adversary, 
including two or more of such adversaries working together. (DoDI 5205.13, Defense Industrial Base 
Cyber Security/Information Assurance Activities, 29 Jan 2010) 


-- Also, an adversary that possesses sophisticated levels of expertise and significant resources which 
allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, 
physical, and deception). These objectives typically include establishing and extending footholds within 
the information technology infrastructure of the targeted organizations for purposes of exfiltrating 
information, undermining or impeding critical aspects of a mission, program, or organization; or 
positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its 
objectives repeatedly over an extended period of time; (ii) adapts to defenders' efforts to resist it; and (iii) 
is determined to maintain the level of interaction needed to execute its objectives. (NIST, Glossary of Key 
Information Security Terms, May 2013) 


-- Also, a cyberattack campaign with specific, targeted objectives, conducted by a coordinated team 
of specialized experts, combining organization, intelligence complexity, and patience. (Cybersecurity and 
Cyberwar) 


-- Also, cyber attacks mounted by organizational teams that have deep resources, advanced 
penetration skills, specific target profiles and are remarkably persistent in their efforts. They tend to use 
sophisticated custom malware that can circumvent most defenses, stealthy tactics and demonstrate good 
situational awareness by evaluating defenders responses and escalating their attack techniques 
accordingly. («www.hackingtheuniverse.com/infosec/isnews/advanced-persistent-threat»; accessed 
5 Jan 2010) 


The technological (cyber) APT has been used by actors in many nations as a means to gather 
intelligence on individuals, and groups of individuals of interest. See additional information at: 
-- <http://www.businessweek.com/magazine/content/08_16/b4080032220668.htm> 
-- <http://www.prometheus-group.com/blogs/36-web-security/152-anatomy-of-apt.html> 
-- <http://en.wikipedia. org/wiki/GhostNet> 


Also see Mandiant Report, APT1: Exposing One of China's Cyber Espionage Units, undated (circa 
Feb 2013); copy available at: <http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf> 


Adverse Information. Any information that adversely reflects on the integrity or character of a cleared 
employee, that suggests that his or her ability to safeguard classified information may be impaired, or that 
his or her access to classified information clearly may not be in the interest of national security. (DoD 
Manual 5220.22-M, National Industrial Security Program Operating Manual, 28 Feb 2006) 


Adversarial Supply Chain Operation (ASCO). ASCOs are the actions taken across the entire supply 
chain life-cycle to attck and exploit the supply chain. ASCOs can include threatening or exploiting the 
supply chains. These operations are carried out through compromise, subversion, and exposure of 
material and components to or through the supply chain. The implications of ASCOs are possible 
adverse effects to mission assurance affecting material, system operations and key capabilities. (DIA) 
Also see supply chain, supply chain risk, supply chain risk management. 


Adversary. An individual, group, organization, or government that must be denied essential information. 
(DoD Manual 5200.1-M, Acquisition Systems Protection Program, Mar 1994) 


-- Also, a party acknowledged as potentially hostile to a friendly party and against which the use of 
force may be envisaged. (JP 1-02 and JP 3-0, Joint Operations, 11 Aug 2011) 


-- Also, any individual, group, organization, or government that conducts or has the intent and 


capability to conduct activities detrimental to the US Government or its assets. Adversaries may include 
intelligence services, political or terrorist groups, criminals, and private interests. (Cl Community Lexicon) 
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-- Also, any foreign individual, group, organizations, or government that conducts or has the intent 
and capability to conduct activities detrimental to the national security or defense of the United States or 
its assets, including foreign intelligence services, political or international terrorist groups, and insurgents. 
(AR 381-20, Army Cl Program, 25 May 2010) 


-- Also, individual, group, organization, or government that conducts or has the intent to conduct 
detrimental activities. (NIST, Glossary of Key Information Security Terms, May 2013) 


Adversary Collection Methodology. Any resource and method available to and used by an adversary for 
the collection and exploitation of sensitive/critical information or indicators thereof. (DSS Glossary) 


Adversary Intelligence Systems. Resources and methods available to and used by an adversary for the 
collection and exploitation of critical information or indicators thereof. (DoDD 5205.02E, DoD OPSEC 
Program, 20 Jun 2013) 


Advisory Tasking. A term used in collection management to refer to collection notices that are 
discretionary rather than directive in nature, with the receiving agency determining whether the 
requirement is relevant to the mission of the agency and whether the agency has the resources to collect 
against it. (AR 381-20, Army Cl Program, 25 May 2010) 


AFOSI. Acronym, see Air Force Office of Special Investigations. 


Agency. In intelligence usage, an organization or individual engaged in collecting and/or processing 
information. (JP 1-02 and JP 2-01, Joint and National Intelligence Support to Military Operations, 5 Jan 
2012) 


Agent. In intelligence usage, one who is authorized and trained to obtain or to assist in obtaining 
information for intelligence or counterintelligence purposes. (JP 1-02 and JP 2-01.2, CI & HUMINT in 
Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) Also see agent of influence; agent of a 
foreign entity; asset; foreign intelligence agent. 


- Also, a person who engages in clandestine intelligence activities under the direction of an 
intelligence organization, but is not an officer, employee, or co-opted worker of that organization. 
(National HUMINT Glossary) 


-- Also, an individual other than an officer, employee, or co-opted worker of an intelligence service to 
whim specific intelligence assignments are given by an intelligence service. An agent in a target country 
can be operated by a legal or illegal residency or directly by the center. An agent can be of any 
nationality. (FBI FCI Terms) 


- Also, 1) A person who engages in clandestine intelligence activity under the direction of an 
intelligence organization but who is not an officer, employee, or co-opted worker of that organization; 2) 
An individual who acts under the direction of an intelligence agency or security service to obtain, or assist 
in obtaining, information for intelligence or counterintelligence proposes; [and] 3) One who is authorized 
or instructed to obtain or assist in obtaining information for intelligence or counterintelligence purposes. 
(ICS Glossary) 


Typically, the aim of an espionage operation is to recruit an agent [emphasis added], usually a 
foreign person, to carry out the actual spying. The person who targets, recruits, trains, and runs the 
agent is, in American parlance, the ‘case officer.’ 


-- Arthur S. Hulnick, “Espionage: Does It Have a Future in the 21* Century?” 
The Brown Journal of World Affairs; v Xl: n 1 (2004). 
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...[T]ypes of agents—singletons, sleepers, illegal spies actively running one or more sources, 
illegal residents running a group of other illegals, and so forth. 


-- Peter Wright, Spycatcher (1987), p. 139 


Espionage is one of the toughest games played. An agent in the right place is hard to find, but 
when he is found he should be regarded as a pearl beyond price. 
-- David Nelligan, The Spy in the Castle (1968) 


Agent-in-Place. A person who remains in a position while acting under the direction of a hostile 
intelligence service, so as to obtain current intelligence information. It is also called a recruitment-in-place. 
(FBI -- Affidavit: USA vs. Robert Philip Hanssen, 16 Feb 2001) Also see recruitment-in-place (RIP). 


Agent of Influence. An agent of some stature who uses his or her position to influence public opinion or 
decision making to produce results beneficial to the country whose intelligence service operates the 
agent. (AFOSI Manual 71-142, OFCO, 9 Jun 2000) [Originally a Soviet term] 


-- Also, a person who is directed by an intelligence organization to use his position to influence public 
opinion or decision-making in a manner that will advance the objective of the country for which that 
organization operates. (ICS Glossary) 


-- Also, an individual who acts in the interest of an adversary without open declaration of allegiance 
and attempts to exercise influence covertly, but is not necessarily gathering intelligence or compromising 
classified material, is known as an agent of influence. (Historical Dictionary of Cold War 
Counterintelligence, 2007) 


-- Also, an agent operating under intelligence instructions who uses his official or public position, and 
other means, to exert influence on policy, public opinion, the course of particular events, the activity of 
political organizations and state agencies in target countries. (KGB Lexicon: The Soviet Intelligence 
Officer's Handbook, edited by KGB archivist Vasiliy Mitrokhin, 2002). 


An agent of influence is a person who uses his or her position, influence, power, and credibility to 
promote the objectives of an alien power..., in ways unattributable to that power, Such agents may 
operate openly or surreptitiously, and their effectiveness depends on their position and the extent to 
which they are prepared to misuse it, but any degree of deliberate support for an adversary power, 
especially if applied in an underhanded way, savours of treachery. 

-- Chapman Pincher, Traitors: The Anatomy of Treason, First U.S. Edition (1999), p. 34 


Agent of a Foreign Entity. A person who engages in intelligence activities under the covert direction of 
a foreign intelligence or security entity, but is not an officer, employee, or co-opted worker of that entity. 
(ONCIX Analytic Chiefs Working Group, Jan 2011) Also see agent; agent of a foreign power; asset. 


Agent of a Foreign Power. Means: (1) any person other than a United States person, who — 

(A) acts in the United States as an officer or employee of a foreign power, or as a member of a foreign 
power as defined in subsection (a)(4) of this section; (B) acts for or on behalf of a foreign power which 
engages in clandestine intelligence activities in the United States contrary to the interests of the United 
States, when the circumstances of such person's presence in the United States indicate that such person 
may engage in such activities in the United States, or when such person knowingly aids or abets any 
person in the conduct of such activities or knowingly conspires with any person to engage in such 
activities; or (C) engages in international terrorism or activities in preparation therefore; or (2) any person 
who - (A) knowingly engages in clandestine intelligence gathering activities for or on behalf of a foreign 
power, which activities involve or may involve a violation of the criminal statutes of the United States; (B) 
pursuant to the direction of an intelligence service or network of a foreign power, knowingly engages in 
any other clandestine intelligence activities for or on behalf of such foreign power, which activities involve 
or are about to involve a violation of the criminal statutes of the United States; (C) knowingly engages in 
sabotage or international terrorism, or activities that are in preparation therefore, for or on behalf of a 
foreign power; (D) knowingly enters the United States under a false or fraudulent identity for or on behalf 
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of a foreign power or, while in the United States, knowingly assumes a false or fraudulent identity for or 
on behalf of a foreign power; or (E) knowingly aids or abets any person in the conduct of activities 
described in subparagraph (A), (B), or (C) or knowingly conspires with any person to engage in activities 
described in subparagraph (A), (B), or (C). (Source: 50 USC 8 1801b) Also see foreign power. 


Agent Handler. An [intelligence] officer or principal agent who directly manages an agent or agent 
network. (National HUMINT Glossary) Also see case officer. 


Agent Net. An intelligence gathering unit of agents supervised by a principal agent who is operating 
under the direction of an intelligence officer. An agent net can operate in either the legal or illegal field. 
(ICS Glossary and FBI FCI Terms) 


Agent Recruitment Cycle (ARC). See recruitment cycle. 


Air Force Office of Special Investigations (AFOSI). U.S. Air Force's major investigative service; a federal 
law enforcement and investigative agency operating throughout the full spectrum of conflict, seamlessly 
within any domain; conducting criminal investigations and providing counterintelligence services. 
(<www.osi.andrews.af.mil>; accessed 27 June 2012) 


AFOSI Mission: Identify, exploit and neutralize criminal, terrorist 
and intelligence threats to the Air Force, Department of Defense 
and U.S. Government. 
AFOSI Capabilities: 

-- Protect critical technologies and information 

-- Detect and mitigate threats 

-- Provide global specialized services 

-- Conduct major criminal investigation 

-- Engage foreign adversaries and threats offensively 
Source: AFOSI web site (accessed 27 June 2012) 


Fact sheet at: <http://www.osi.andrews.af.mil/library/factsheets/factsheet_print.asp?fsID=4848&page=1> 


All-Source Analysis. An intelligence activity involving the integration, evaluation, and interpretation of 
information from all available data sources and types, to include human intelligence, signals intelligence, 
geospatial intelligence, measurement & signature intelligence, and open source intelligence. (DoDD 
5240.01, DoD Intelligence Activities, 27 Aug 2007) Also see analysis; analysis and production; 
counterintelligence analysis. 


-- Also, an intelligence activity involving the integration, evaluation, and interpretation of information 
from all available data sources and types, to include HUMINT, SIGINT, MASINT, GEOINT, OSINT, and 
CI. (DoDI 5105.21, DIA, 18 Mar 2008) (note this definition includes counterintelligence). 


All-source analysis can transform raw intelligence, data, and information into knowledge and 
understanding. 


Integrated all-source analysis should also inform and shape strategies to collect more 
intelligence.... The importance of integrated, all-source analysis cannot be overstated. Without it, 
it is not possible to "connect the dots." 


-- Final Report of the National Commission on Terrorist Attacks Upon the United States (2004) 


All-Source Intelligence. 1) Intelligence products and/or organizations and activities that incorporate all 
sources of information in the production of finished intelligence. 2) In intelligence collection, a phrase that 
indicates that in the satisfaction of intelligence requirements, all collection, processing, exploitation, and 
reporting systems and resources are identified for possible use and those most capable are tasked. 

(JP 2-0, Joint Intelligence, 22 Oct 2013) 
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-- Also, intelligence information derived from several or all the intelligence disciplines, including 
SIGINT, HUMINT, MASINT, OSINT, and GEOINT. (ODNI, U.S. Intelligence — An Overview 2011) 


-- Also, the integration of intelligence and information from all relevant sources in order to analyze 
situations or conditions that impact operations. (ADRP 2-0, Intelligence, Aug 2012)* 


* Note: supersedes the definition in Army FM 2-0, /ntelligence, 23 Mar 2010. 
ADRP = Army Doctrinal Reference Publication. 


ADRPSs are available online at <hhtps://armypubs.us.army.mil/doctrine/index.html> 


Alliance. The relationship that results from a formal agreement between two or more nations for broad, 
long-term objectives that further the common interests of the members. (JP 1-02 and JP 3-0, Joint 
Operations, 11 Aug 2011) 


Alias. A false identity used while carrying out authorized activities and lawful operations. (DoDI S- 
5105.63, Implementation of DoD Cover and Cover Support Activities, 20 Jun 2013) 


-- Also, an alternative name, used for cover purposes. (Defense HUMINT Enterprise Manual 
3301.002, Vol Il, Collection Operations, 23 Nov 2010) 


-- Also, a false name. (National HUMINT Glossary) 


-- Also, a false name assumed by an individual for a specific and often temporary purpose, i.e., to 
conceal a true identity from persons or organizations with whom he or she is in contact. Also called a 
pseudonym or cover name. (AFOSI Manual 71-142, OFCO, 9 Jun 2000) 


-- Also, an assumed name, usually consisting of a first and last name, used by an individual for a 
specific and often temporary purpose. (FBI FCI Terms) 


Alternate Meet. A prearranged meeting that takes place in the event a regularly scheduled meet is 
missed for any reason. (FBI FCI Terms) 


Alternative Analysis. [Analysis that] involves a fairly intensive, though time limited, effort to challenge 
assumptions or to identify alternative outcomes, depending on the technique employed, with the results 
captured, implicitly or explicitly, in a written product delivered to relevant policy-makers.(CIA - Sherman 
Kent Center for Intelligence Analysis) 


Alternative analysis includes techniques to challenge analytic assumptions (e.g., "devil's 
advocacy”), and those to expand the range. 


See article "Rethinking "Alternative Analysis" to Address Transnational Threats" at: 
<https://www.cia.gov/library/kent-center-occasional-papers/vol3no2.htm> 


Alternative Compensatory Control Measures (ACCM). Measures designed to safeguard sensitive 
intelligence and operations when normal security measures are either not sufficient to achieve strict 
controls over access to information, but where strict SAP [Special Access Program] access controls 
are either not required or are too stringent. (AR 381-20, Army Cl Program, 25 May 2010) 


-- Also, used to safeguard sensitive intelligence or operations and support information (acquisition 
programs do not qualify) when normal measures are insufficient to achieve strict need-to-know controls, 
and where Special Access Program controls are not required. (DSS Glossary) 


ACCMs are not Special Access Programs (SAPs). Guidance for ACCMs is contained in DoD 
Manual 5200.01, Vol 3, DoD Information Security Program: Protection of Classified Information, 
24 Feb 2012, 
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Ambassador. Diplomatic official of the highest rank who is accredited to a foreign sovereign or 
government, or to an international organization, as the resident representative of the sending government 
or appointed for a specific diplomatic assignment. (Department of State) Also see Chief of Mission. 


A U.S. ambassador serving abroad symbolizes the sovereignty of the United States and serves as 
the personal representative of the President of the United States. Ambassadorial duties include 
negotiating agreements, reporting on political, economic and social conditions, advising on policy 
options, protecting American interests, and coordinating the activities of all U.S. Government 
agencies and personnel in the country. 


Analysis. [In intelligence usage] the process by which information is transformed into intelligence; a 
systemic examination of information to identify significant facts, make judgments, and draw conclusions. 
(ODNI, U.S. Intelligence — An Overview 2011) Also see analysis and production; all-source analysis; 
counterintelligence analysis; intelligence analysis. 


-- Also, the process by which collected information is evaluated and integrated with existing 
information to produce intelligence that describes the current—and attempts to predict the future—impact 
of the threat, terrain and weather, and civil considerations on operations. (Army FM 2-0, Intelligence, 

23 Mar 2010) 


-- Also, a stage in the intelligence processing cycle whereby collected information is reviewed to 
identify significant facts; the information is compared with and collated with other data, and conclusions, 
which also incorporate the memory and judgment of the intelligence analyst, are derived from it. (Senate 
Report 94-755, Book | — Glossary, 26 Apr 1976) 


INTELLIGENCE ANALYSIS... 


“Joe, you're guessing!” 
Navy Capitan Matthew Garth 
(Charlton Heston) 


“Sir, we like to call it analysis.” 
Naval Intelligence Officer Joseph Rochefort 
(Harold Rowe “Hal” Holbrook, Jr.) 


-- The movie Midway (1976) 


Analysis is the process by which people transform information into intelligence. It includes 
integrating, evaluating, and analyzing all available data -- which is often fragmented and even 
contradictory -- and preparing intelligence products. 


Former DCI Richard Helms noted that despite all the attention focused on the operational 
(collection) side of intelligence, analysis is the core of the process to inform decision makers. 


It is of the highest importance in the art of detection to be able to recognize, 
out of a number of facts, which are incidental and which are vital. 
-- Sherlock Holmes 


From A. Conan Doyle’s “The Reigate Squire” June 1893 
(M. Hardwick, The Complete Guide to Sherlock Holmes, 1986, pp. 86-87) 


Analysis is the thinking part of the intelligence process 
-- James B. Bruce and Roger Z. George 


It is not enough, of course, simply to collect information. 
Thoughtful analysis is vital to sound decisionmaking. 
-- President Ronald Reagan (4 Dec 1981) 
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...[A]nalysis must always be timely, responsive and relevant to... customer's needs. 
-- LTG Michael T. Flynn, USA, Director Defense Intelligence Agency (Jul 2012) 


Intelligence analysts select and filter information; they interpret the resultant evidence, put it into 
context, and tailor it to meet... customers' needs. In short, analysts and analysts only, create 
intelligence. 

-- David T. Moore, "Species of Competencies for Intelligence," American Intelligence Journal (2005) 


Analysis must do more than just describe what is happening and why; it must identify a range of 
opportunities... Analysis is the key to making sense of the data and finding opportunities to take 
action. 

-- DNI 2006 Annual Report of the US Intelligence Community (Feb 2007) 


The primary purpose of analytic effort is “sensemaking” and understanding, not producing reports; 
the objective of analysis is to provide information in a meaningful context, not individual factoids. 


-- Jeffrey R, Cooper, Curing Analytical Pathologies, Center for the Study of Intelligence (Dec 2005), p. 42 


Today, U.S. intelligence analysts spend roughly 80 percent of their time gathering intelligence but 
only 20 percent analyzing it. 
-- LTG Bob Noonan (USA Ret) and Greg Wenzel, "Fixing the ‘I’ in ISR,” DefenseNews, 24 Sep 2012, p. 45 


Analysts are the voice of the Intelligence Community 
-- WMD Report (31 Mar 2005), p. 388 


Analysts must absorb information with the thoroughness of historians, 
organize it with the skill of librarians, and disseminate it with the zeal of journalists. 
--TRADOC Pam 525-2-1, US Army Functional Concept for Intelligence 2016-2028, 13 Oct 2010; p. 66 


Intelligence analysis is inherently an intellectual activity 
that requires knowledge, judgment, and a degree of intuition. 


Selected references for intelligence analysis: 

Richards J. Heuer, Jr., Psychology of Intelligence Analysis (Washington, DC: Center for the Study 
of Intelligence, Central Intelligence Agency), 1999. 

Copy available online at: «http://www.archive.org/details/PsychologyOflntelligenceAnalysis- 

Also at: «https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/books-and- 
monographs/psychology-of-intelligence-analysis/index.html> 


Richards J. Heuer, Jr. and Randolph H. Pherson, Structured Analytical Techniques for Intelligence 
Analysis (Washington, DC; CQ Press), 2010. 


Richards J. Heuer, Jr, /mproving Intelligence Analysis with ACH, 2005. 

This learning aid extracts, revises, and partially updates those portions of the author's book, 
Psychology of Intelligence Analysis [cited above], that deal with Analysis of Competing Hypotheses 
(ACH) and with how and why the ACH software helps intelligence analysts reduce the risk of 
surprise. ACH software is available at: <http:/Awww2.parc.com/istl/projects/ach/ach.html> 


Roger Z. George and James B. Bruce, eds., Analyzing Intelligence: Origins, Obstacles, and 
Innovation (Washington, DC: Georgetown University Press), 2008. 


Robert M. Clark, /ntelligence Analysis: A Target-Centric Approach, rev. ed. (Washington, DC: CQ 
Press), 2007; also paperback 2012 


David A. Schum, Evidence and Inference for the Intelligence Analyst (Lanham, MD: University 
Press of America) 1987. 


Morgan Jones, The Thinker's Toolkit: 14 Powerful Techniques for Problem Solving, rev. ed. (New 
York: Three Rivers Press), 1998. 
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Robert S. Sinclair, Thinking and Writing: Cognitive Science and Intelligence Analysis, revised 
edition (Washington, DC: Center for the Study of Intelligence, Central Intelligence Agency), 2010. 
Copy available at: «https://www.cia.gov/library/center-for-the-study-of-intelligence/csi- 
publications/books-and-monographs/thinking-and-writing.html> 


David T. Moore, Sensemaking: A Structure for an Intelligence Revolution (Washington, DC: 
National Defense Intelligence College, 2011). 
Copy available at <http://ni-u.edu/ni_press/pdf/Sensemaking.pdf> 


A Tradecraft Primer: Structured Analytical Techniques for Improving Intelligence Analysis 
(Washington, DC: U.S. Government), 2009. 

Copy available at: <httos://www.cia.gov/library/ publications/publications-rss-updates/tradecraft- 
primer-may-4-2009.html> 


A Compendium of Analytic Tradecraft Notes, Volume |, Notes 1-10, reprinted (Washington, DC: 
Central Intelligence Agency), 1997. 
Copy available at: <http://www.au.af.mil/au/awc/awcgate/cia/tradecraft_notes/contents.htm> 


The Sherman Kent Center for Intelligence Analysis Occasional Papers, (CIA). 
Available online at: «https://www.cia.gov/library/kent-center-occasional-papers/index.html» 


Frank Watanabe, “Fifteen Axioms for Intelligence Analysts.” Studies in Intelligence, CIA, 
Semiannual Edition, No. 1, 1997, pp. 45-47. 

Copy available on line at: «https://www.cia.gov/library/center-for-the-study-of-intelligence/kent- 
csi/vol40no5/pdf/v40i5a06p.pdf> 


Also see Mark Lowenthal, PhD, Intelligence: From Secrets to Policy, 5" Edition (CQ Press), 2011. 


Analysis and Production. In intelligence usage, the conversion of processed information into intelligence 
through the integration, evaluation, analysis, and interpretation of all source data and the preparation of 
intelligence products in support of known or anticipated user requirements. (JP 1-02 and JP 2-01, Joint 
and National Intelligence Support to Military Operations, 5 Jan 2012) Also see analysis; all-source 
analysis; counterintelligence analysis. 


-- Also, the ability to integrate, evaluate, and interpret information from available sources and develop 
intelligence products that enable situational awareness. (Joint Capability Areas Taxonomy & Lexicon, 
15 Jan 2008) 


Analysis of Competing Hypothesis (ACH). Identification of alternate explanations (hypothesis) and 
evaluation of all evidence that will disconfirm rather that confirm hypotheses. (CIA, A Tradecraft Primer: 
Structured Analytical Techniques for Improving Intelligence Analysis, June 2005) 


ACH a highly effective technique when there is a large amount of data to absorb and evaluate. It 
is particular appropriate for controversial issues when analysts want to develop a clear record that 
shows what theories they have considered and how they arrived at their judgments. 


See Richards J. Heuer, Jr, /mproving Intelligence Analysis with ACH, Nov 2005 (Learning Aid, 
ACH Version 2.0). This learning aid extracts, revises, and partially updates those portions of the 
author's book, Psychology of Intelligence Analysis [cited above], that deal with Analysis of 
Competing Hypotheses (ACH) and with how and why the ACH software helps intelligence analysts 
reduce the risk of surprise. 


ACH software available for download at: <http://www2.parc.com/istl/projects/ach/ach.html> 
Analysis Report. A type of DoD CI analytical product prepared IAW DoDI 5240.18; it may require in- 
depth study and research, but generally is not as involved as an assessment. (DoDI 5240.18, Cl Analysis 


& Production, 17 Nov 2009 with change 1 dated 15 Oct 2013). Also see Counterintelligence Analytical 
Product. 


Analytic Outreach. The open, overt, and deliberate act of an IC [Intelligence Community] analyst 


engaging with an individual outside the IC to explore ideas and alternate perspectives, gain new insights, 
generate new knowledge, or obtain new information. (ICD 205, Analytic Outreach, 16 Jul 2008) 
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Analytic Tradecraft. The practiced skill of applying learned techniques and methodologies appropriate to 
an issue to mitigate, gain insight, and provide persuasive understanding of the issue to members of the 
U.S. Government and its allies. (DIA, A Tradecraft Primer: Basic Structured Analytic Techniques, March 
2008). 


Note: The source document (First Edition) cited above is no longer available online. The current 
version: Tradecraft Primer: Structured Analytic Techniques, 3 Edition (3 March 2010) is now 
Defense Intelligence Reference Document, Analytic Methodologies, DIA-01-1003-001A, and is 
controlled as UNCLASSIFIED//FOR OFFICIAL USE ONLY. 


Anomalies. Foreign power activity or knowledge, inconsistent with the expected norms that suggest prior 
foreign knowledge of US national security information, processes or capabilities. (DoDD O-5240.02, 
Counterintelligence, 20 Dec 2007 with change 1 dated 30 Dec 2010) See anomalous activity; anomaly. 


-- Also, irregular or unusual activities that may cue the analyst on the existence of FISS and ITO 
[international terrorist organizations] activity. (Army FM 2-22.2, Counterintelligence, Oct 2009) 


Cl anomalies differ from Cl indicators (see potential espionage indicators). Cl anomalies surface 
as a result of FIE activities, whereas Cl indictors are manifested in an insider's actions, activities, 
and/or behaviors. 


Recognizing the importance of Cl anomalies in the early detection and neutralization of espionage, 
a White House Memorandum of August 23, 1996 called for a more systematic approach to the 
handling of Cl anomalies. The memorandum emphasized the need for, and value of, timely 
participation of Cl elements in detecting and reporting Cl anomalies indicating threats to U.S. 
national security. 

-- DIA tri-fold, Counterintelligence Anomalies: What are They and Why Should We Look for Them?, Jan 2012 


Look for the anomalies... 
Look for the odd bits that seem to be out of focus, or out of sequence. 
Look for the inexplicable. 


-- Sean Flannery, Crossed Swords, 1989 


Anomalous Activity. Irregular or unusual deviations from what is usual, normal, or expected; activity 
inconsistent with the expected norm. See anomalies; anomaly. 


-- Also, [in DoD cyber usage] network activities that are inconsistent with the expected norms that 
may suggest FIE [Foreign Intelligence Entity] exploitation of cyber vulnerabilities or prior knowledge of 
U.S. national security information, processes, or capabilities. (DoDI S-5240.23, Cl Activities in 
Cyberspace, 13 Dec 2010 with change 1 dated 16 Oct 2013) 


Anomalous Behavior Analysis 
[The Cl] analyst seeks out strange or puzzling behavior pointing to a counterintelligence problem 
even before it is known to exist. There are various kinds of anomalous behaviors that might tip off 
an analyst about a foreign intelligence service’s successful operations. One is strategic behavior. 
When a foreign government starts using the same secret technology as another government, the 
analyst who finds this out may hypothesize that it because such secrets have been stolen. 
-- Roy Godson, Dirty Tricks or Trump Cards: US Covert Action and Counterintelligence (1995), p. 196 


Anomaly. Activity or knowledge, outside the norm, that suggests a foreign entity has foreknowledge of 


U.S. information, processes, or capabilities. (DoDD 5240.06, CIAR, 17 May 2011 with change 1 dated 30 
May 3013) See anomalies, anomalous activity, anomaly-based detection. 
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Anomaly-based Detection. The process of comparing Cl, security, IA [Information Assurance], LE [law 
enforcement], and AT/FP [antiterrorism and force protection] behaviors and activities that are deemed 
normal against other observed events to identify significant deviations and or anomalous behavior. 
(DoDI 5240.26, Countering Espionage, International Terrorism, and Counterintelligence Insider Threat, 
4 May 2012 with change 1 dated 15 Oct 2013) 


-- Also, the process of comparing definitions of what activity is considered normal against observed 
events to identify significant deviations. (NIST, Glossary of Key Information Security Terms, May 2013) 


Anomaly Detection 
The systems and processes used to assess deviant or unscheduled activities or presences which 
may indicate anomalous activities or unauthorized access. This interpretation assumes a baseline 
norm from which deviations are assumed to indicate some type of intrusion. 


-- Julie K. Petersen, Understanding Surveillance Technologies: Spy Devices, Their Origins & 
Applications (2001) 


Anti-Tamper. Systems engineering activities intended to deter and/or delay exploitation of critical 
technologies in a U.S. defense system in order to impede countermeasure development, unintended 
technology transfer, or alteration of a system. (DoDI 5200.39, CPI Protection within DoD, 16 Jul 2008) 


Note: DoDI 5200.39 under revision, proposed revised definition for AT: Systems engineering 
activities intended to prevent, or delay exploitation of CPI in U.S. defense systems to impede 
countermeasure development, unintended technology transfer, or alteration of a system due. 
(Draft circa Feb 2014) 


DoD Anti-Tamper Executive Agent: chartered by the Under Secretary of Defense (Acquisition, 
Technology, and Logistics), and assigned to the Directorate for Special Programs, Office of the 
Assistant Secretary of the Air Force for Acquisition. 


Antiterrorism (AT). Defensive measures used to reduce the vulnerability of individuals and property 
to terrorist acts, to include limited response and containment by local military and civilian forces. 
(JP 1-02; and JP 3-07.2, Antiterrorism, 24 Nov 2010) 


Also see DoDI 2000.12, DoD Antiterrorism Program, 1 Mar 2012 (w/ chg 1) and DoD O-2000.12-H, 
DoD Antiterrorism Handbook, 1 February 2004 


Apportionment. In the general sense, distribution for planning of limited resources among competing 
requirements. (JP 1-02) 


Apprehension. The taking of a person into custody or the military equivalent of "arrest." Under Rule 304, 
Manual for Courts Martial (MCM), the restraint of a person by oral or written order directing him to remain 
within specified limits. (AR 381-20, Army CI Program, 25 May 2010) 


Area of Responsibility (AOR). The geographical area associated with a combatant command within 
which a geographic combatant commander has authority to plan and conduct operations. (JP 1-02) 


Army Counterintelligence Center (ACIC). The Army's counterintelligence analysis and production center. 
ACIC's mission is to provide timely, accurate, effective multidiscipline counterintelligence analysis 
in support of the US Army combating terrorism program, ground systems technologies, and 
counterintelligence investigations, operation, and activities. The ACIC is a subordinate unit of the 


902d Military Intelligence Group, US Army Intelligence and Security Command, located at Fort 
Meade, Maryland. 


Army G-2X. The element which manages and provides technical control of the Cl and HUMINT missions 
in the Army. (AR 380-20, Army CI Program, 25 May 2010) 
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Arrest. The act of detaining in legal custody. An "arrest" is the deprivation of a person's liberty by legal 
authority in response to a criminal charge. (www.ojp.usdoj.gov; accessed 29 Apr 2013) 


ASDB. Acronym, see Acquisition Security Database. 


Assassination. The murder or attempted murder of DoD personnel for political or retaliatory reasons by 
international terrorists or agents of a foreign power. (AR 381-20, Army CI Program, 25 May 2010) 


-- Also, to murder (usually a prominent person) by a sudden and/or secret attack, often for political 
reasons. (Wikipedia; accessed 15 Feb 2010) 


“[The KGB] did everything from plotting ways to poison the capital's 
water systems to drawing up assassination plans for US leaders." 


-- Oleg Kalugin, Former Major General in the KGB 
as cited in Andrew & Mitrokhin, The Mitrokhin Archive (1999) 


Assassination constitutes an act of murder that is prohibited by international law and Executive 
Order 12333. In general, assassination involves murder of a targeted individual for political 
purposes. Example, the 1978 "poisoned-tip umbrella" killing of Bulgarian defector Georgi Markov by 
Bulgarian State Security agents on the streets of London falls into the category of an act of murder 
carried out for political purposes, and constitutes an assassination. 


“Wet Work" — a term originated within the Soviet intelligence — describes the art of assassination. 
In 1965, Peter Deriabin, a KGB defector, testified to a Senate committee — 


"The [KGB] thirteenth department is responsible for assignation and terror. This 
Department is called the department of wet affairs, or in Russian 'Mokrie Dela’.... 
‘Mokrei’ means ‘wet’ and in this case ‘mokrie’ means ‘blood wet’.” 


Unquestionably the most neglected aspect of U.S. counterintelligence. EO 12333 specifically 
provides that “Counterintelligence means information gathered and activities conducted to identify, 
deceive, exploit, disrupt, or protect against... assassinations [emphasis added] conducted for or 
on behalf of foreign powers, organizations, or persons, or their agents, or international terrorist 
organizations or activities.” 


The word assassin is derived from the word Hashshashin (Arabic: ota, hashshashtyin, also 
Hashishin, Hashashiyyin, or Assassins). It referred to the Nizari branch of the Isma'itr Shia founded 
by the Persian Hassan as-Sabbah during the Middle Ages. They were active in Iran from the 8th to 
the 14th centuries, and also controlled the castle of Masyaf in Syria. The group killed members of 
the Muslim Abbasid, Seljug, and Christian Crusader élite for political and religious reasons. 


The important thing to know about any assassination or an attempted 
assassination is not who fired the shot, but who paid for the bullet. 
-- Eric Ambler, A Coffin for Dimitrios (1939) 


Assessment. 1) a continuous process that measures the overall effectiveness of employing joint force 
capabilities during military operations; 2) determination of the progress toward accomplishing a task, 
creating a condition, or achieving an objective; 3) analysis of the security, effectiveness, and potential of 
an existing or planned intelligence activity; and 4) [in human source operations] judgment of the 
motives, qualifications, and characteristics of present or prospective employees or “agents.” 
[emphasis added] (JP 1-02 and JP 3-0, Joint Operations, 11 Aug 2011) 


-- Also, [In Cl analysis usage] a type of DoD CI analytical product prepared IAW DoDI 5240.18; it 
requires in-depth study and research. (DoDI 5240.18, CI Analysis & Production, 17 Nov 2009 with change 
1 dated 15 Oct 2013). Also see Counterintelligence Analytical Product. 
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-- Also, [in intelligence usage], appraisal of the worth of an intelligence activity, source, information, or 
product in terms of its contribution to a specific goal, or the credibility, reliability, pertinence, accuracy, or 
usefulness of information in terms of an intelligence need. (National HUMINT Glossary) 


Assessment--within the human source environment... 


"A process of getting to know and understand people and describing them." 
-- Robert R. Holt, Assessing Personality (1971) 


Effective assessment of human beings is an art 


From an Agent Handler perspective... 


“...[F]inding a likely candidate, getting to know him personally, ascertaining his interests, 
uncovering his vices and possible Achilles' heel." 
-- Victor Cherkashin, KGB Counterintelligence Officer and author of Spy Handler (2005) 


Asset. Any human or technical resource available to an intelligence or security service for operational 
purposes. (FBI FCI Terms) Also see agent; foreign intelligence agent; Intelligence asset; source. 


-- Also, [in human source operations] a recruited source. (Defense HUMINT Enterprise Manual 
3301.002, Vol II Collection Operations, 23 Nov 2010) 


-- Also, any resource—human, technical, or otherwise—available to an intelligence or security service 
for operational use. In U.S. usage, usually a person. (Spy Book) 


-- Also, [in defense critical infrastructure usage] a distinguishable entity that provides a service or 
capability. Assets are people, physical entities, or information located either within or outside the United 
States and employed, owned or operated by domestic, foreign, public, or private sector organizations. 
(DoDD 3020.40, Critical Infrastructure, 14 Jan 2010 w/ chg 2 dated 21 Sep 2012) Also see defense 
critical infrastructure program. 


-- Also, [in critical infrastructure protection] person, structure, facility, information, material, or process 
that has value. (DHS Lexicon, 2010) Also see crucial infrastructure. 


Asset Owner. [In DCIP usage,] the DoD Components with responsibility for a DoD asset, or organizations 
that own or operate a non-DoD asset. (DoDI 3020.45, DCIP Management, 21 Apr 2008) Also see task 
asset, task critical asset. 


Asset Validation. In intelligence use, the process used to determine the asset authenticity, reliability, 
utility, suitability, and degree of control the case officer or others have. (JP 1-02 and JP 2-01.2, CI & 
HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) Also see Source Validation. 


The cardinal rule in tradecraft is: Never, ever fall in love with your agent. 


-- Robert D. Chapman, Retired CIA Operations Officer 
"Patriot or Traitor?" Book review of A Secret Life in International 
Journal of Intelligence and Counterintelligence, Vol 18 No 2 (Summer 2005), p. 367 


Some human intelligence agencies do a poor job of validating human sources. 


The story of 'Curveball —the human source who lied to the Intelligence Community about Iraq's 
biological weapons programs—is an all-too familiar one. Every agency that collects human 
intelligence has been burned in the past by false reporting; indeed, the Intelligence Community has 
been completely fooled several times by large-scale double-agent operations run by, among 
others, the Cubans, East Germans, and Soviets. It is therefore critical that our human intelligence 
agencies have excellent practices of validating and vetting their sources. 

-- WMD Report, Chapter 7 - Collection, p. 367* 


* Available online at: «https://www.fas.org/irp/offdocs/wmd chapter7.pdf» 
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-- Also, the process used to determine the asset authenticity, reliability, utility, suitability, and degree 
of control the case officer or others have. This process continues through the life of the relationship. It 
may be more or less formal depending on the sensitivity of the relationship and the nature of the source. 
For clandestine sources, particularly foreign nationals, the process is usually formal and revalidation is 
required on a periodic basis. Whether or not it is conducted formally, it must be a well-planned and 
thought out activity. (DoD CI Collection IWG Handbook, TTP for Cl Collection, Collection Management, 
and Collection Operations, 8 Aug 2006) 


In the spy trade asset validation is simply 
a system of measures to establish the reliability and veracity of sources. 


-- Michael J. Sulick, American Spies: Espionage Against 
the United States from the Cold War to the Present, 2013, p. 255 


For any organization that collects human intelligence, having an independent 
system for asset validation is critical to producing reliable, well-vetted intelligence. 
-- WMD Report (31 Mar 2005), p. 455 


Every intelligence service has the problem of distinguishing... 
between a bona fide volunteer and a penetration agent who has been sent 
by the other side. This is no easy matter. 

-- Allen W. Dulles, The Craft of Intelligence (2006), p. 121 


See DoDI S-3325.07, Guidance for the Conduct of DoD Human Source Validation (U) and 
National HUMINT Manager Directive 001.008, HUMINT Source Validation. 


Assign. 1) To place units or personnel in an organization when such placement is relatively permanent, 
and/or where such organization controls and administers the units or personnel for the primary function, 
or greater portion of the functions, of the unit or personnel; or 2) To detail individuals to specific duties or 
functions where such duties or functions are primary and/or relatively permanent. (JP 1-02 and JP 5-0, 
Joint Operations Planning, 11 Aug 2011) Also see attach. 


Assumption. A supposition on the current situation or a presupposition on the future course of events, 
either or both assumed to be true in the absence of positive proof, necessary to enable the commander in 
the process of planning to complete an estimate of the situation and make a decision on the course of 
action. (JP 1-02 and JP 5-0, Joint Operations Planning, 11 Aug 2011) 


Asylum. Protection granted by the U.S. Government within the United States to a foreign national who, 
due to persecution or a well-founded fear of persecution on account of his or her race, religion, 
nationality, membership in a particular social group, or political opinion, is unable or unwilling to avail 
himself or herself of the protection of his or her country of nationality (or, if stateless, of last habitual 
residence). (DoDI 2000.11, Procedures for Handling Requests for Asylum and Temporary Refuge, 13 
May 2010) 


Asymmetric Threat. An adversary strength that can be used against a friendly vulnerability. An adversary 
may pursue an asymmetric advantage on the tactical or strategic level by identifying key vulnerabilities 
and devising asymmetric concepts and capabilities to strike or exploit them. To complicate matters, our 
adversaries may pursue a combination of asymmetries. (USD/I Taking Stock of Defense Intelligence 
Report, 22 Jan 2004) 


-- Also, a broad and unpredictable spectrum of military, paramilitary, and information operations, 
conducted by nations, organizations, or individuals or by indigenous or surrogate forces under their 


control, specifically targeting weaknesses and vulnerabilities within an enemy government or armed force. 
(Source: Michael L. Kolodzie, US Army, circa 2001) 
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-- Also, a broad and unpredictable spectrum of risks, actions, and operations conducted by state and 
non-state actors that can potentially undermine national and global security. (Cyber Threats to National 
Security, Symposium Five, 2011) 


Asymmetric Warfare. Combat between two or more state or non-state actors whose relative military 
power, strategies, tactics, resources, and goals differ significantly. (Cyber Threats to National Security, 
Symposium Five, 2011) 


Atmospherics. Information regarding the surrounding or pervading mood, environment, or influence on a 
given population. (DoDD 3600.01, Information Operations, 14 Aug 2006 with Chg 1, 23 May 2011) 


Attach. 1) The placement of units or personnel in an organization where such placement is relatively 
temporary; or 2) The detailing of individuals to specific duties or functions where such functions are 
secondary or relatively temporary. (JP 1-02 and JP 3-0, Joint Operations, 11 Aug 2011) Also see assign. 


Attaché. A diplomatic official or military officer attached to an embassy or legation, especially in a 
technical capacity. Also see Senior Defense Official / Defense Attaché (SDO/DATT). 


Authenticate. A challenge given by voice or electrical means to attest to the authenticity of a message or 
transmission. (JP 1-02) 


Authentication. 1) A security measure designed to protect a communications system against acceptance 
of a fraudulent transmission or simulation by establishing the validity of a transmission, message, or 
originator; 2) A means of identifying individuals and verifying their eligibility to receive specific categories 
of information; 3) Evidence by proper signature or seal that a document is genuine and official; and 4) In 
personnel recovery missions, the process whereby the identity of an isolated person is confirmed. 

(JP 1-02 and JP 3-50, Personnel Recovery, 5 Jan 2007) 


Authenticator. A symbol or group of symbols, or a series of bits, selected or derived in a prearranged 
manner and usually inserted at a predetermined point within a message or transmission for the purpose 
of attesting to the validity of the message or transmission. (JP 1-02) 
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Background Investigation (Bl). An official inquiry into the activities of a person designed to develop 
information from a review of records, interviews of the subject, and interviews of people having 
knowledge of the subject. (IC Standard 700-1, 4 Apr 2008) See personnel security investigation. 


The Office of Personnel Management, Federal Investigative Services (OPM-FIS) provides 
investigative products and services for over 100 Federal agencies to use as the basis for suitability 
and security clearance determinations as required by Executive Orders, et al. OPM provides over 
90% of the Government's background investigations, conducting over two million investigations a 
year. 

See OPM web site at: «http:;//www.opm.gov/investigations/background-investigations/» 


Backdoor. Typically unauthorized hidden software or hardware mechanism used to circumvent security 
controls. (CNSSI No. 4009, National Information Assurance Glossary, 26 April 2010) 


Backstop. Arrangements made to support a cover so that inquiries about the cover will elicit responses 
that make the cover appear to be true. (DoDI S-5105.63, Implementation of DoD Cover and Cover 
Support Activities, 20 Jun 2013) 


-- Also, the arrangement made by documentary or oral means to support a cover story so that 
inquiries about it will elicit responses indicating the story is true. (ICS Glossary & AFOSI Manual 71-142, 
OFCO, 9 Jun 2000) 


-- Also, to make arrangements made through documentary, oral, technical, fiscal, legal, or other 
means to support covers (both individual and organizational). A backstopped cover provides sufficient 
documentation to protect an identity in the immediate area or circumstance and in primary U.S. 
Government and commercial information systems. A backstopped cover is constructed to withstand 
routine scrutiny. (DHE-M 3301.002, Vol II Collection Operations, 23 Nov 2010) 


-- Also, an arrangement made to support a cover story. (FBI FCI Terms) 
Backstopping. Arrangements made to support covers and activities. (HDI Lexicon, April 2008) 


-- Also, arrangements made through documentary, oral, technical, fiscal, physical, or other means 
to support covers (both individual and organizational). A backstopped cover provides sufficient 
documentation to project an identity in the immediate area or circumstance and in primary USG and 
commercial information systems. Backstopping cover may be constructed to withstand scrutiny ranging 
from casual or unwitting general population to a targeted hostile adversary. (DTM 08-050, Defense Cover 
Program Guidance (U), 31 Mar 2009 w/ chg 2 dated 14 Apr 2011) 


-- Also, verification and support of cover arrangements for an agent [case officer or intelligence 
operative] in anticipation of inquiries or other actions that might test credibility of his or her cover. 
(Spy Book) 


-- Also, a CIA term for providing appropriate verification and support of cover arrangements for an agent 
or asset in anticipation of inquiries or other actions which might test the credibility of his or its cover. (Senate 
Report 94-755, Book | — Glossary, 26 Apr 1976) 


Badge. A distinctive official device usually made of cast metal, which is provided by the DoD Component 
and worn or carried by the bearer as a sign of authority. (DoDI 5240.25, Counterintelligence Badges and 
Credentials, 30 Sep 2011 with change 1 dated 15 Oct 2013) Also see credentials. 
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Basic Intelligence. Fundamental intelligence concerning the general situation, resources, capabilities, 
and vulnerabilities of foreign countries or areas which may be used as reference material in the planning 
of operations at any level and in evaluating subsequent information relating to the same subject. 

(JP 1-02) 


Beacon. A device typically fastened to an object or individual that transmits a radio signal in order to 
track its location. The technological discipline is called beaconry. (Spycraft) 


Behavioral Science Consultant. A professional with extensive training in behavioral science, mental 
health, psychiatry, or psychology. (Previously in JP 2-01.2, Cl & HUMINT Support to Joint Operations, 
13 Jun 2006) 


Behavioral Science Consultants are psychologists and forensic psychiatrists, not assigned to 
clinical practice functions, but to provide consultative services to support authorized law 
enforcement, counterintelligence or intelligence activities, including detention and related 
counterintelligence, intelligence, interrogation, and detainee debriefing operations. 


Bilateral Collection. A collection activity run jointly with a foreign intelligence service. (Previously in DoDI 
S-5240.17, Cl Collection, 12 Jan 2009) Also see multilateral. 


Bilateral: Activities conducted with only a single foreign nation. 


Bilateral/BILAT Operation. An operation run jointly with a foreign intelligence service or between two US 
intelligence/Cl services. (Cl Community Lexicon) Also see unilateral operation. 


Bigot Case. An investigation that due to the sensitivity of the subject or the nature of the investigation, 
requires that it be handled on a strict need to know basis. Access to these investigations is controlled by 
maintaining a list of personnel who have been approved for access, called a “bigot list." (AR 381-20, 
Army CI Program, 25 May 2010) Also see bigot list, compartmentation. 


Bigot List. Tradecraft jargon for any list of names of cleared personnel having restricted access 
(need-to-know) to a sensitive operation, investigation or to special access/compartmented intelligence. 
Also see bigot case, compartmentation. 


-- Also, a restrictive list of persons who have access to a particular, and highly sensitive class of 
information. (Senate Report 94-755, Book I — Glossary, 26 Apr 1976) 


In some instances, a case, due to its sensitivity or the sensitivity of the information involved, will 
require that it be handled on a strict need-to-know basis. These cases are often referred to as 
BIGOT cases because access to them is controlled by a BIGOT list. 


-- Army FM 2-22.2, Counterintelligence, October 2009 


According to a variety of sources, the term dates back to World War Il when Allied orders for 
officers were stamped "TO GIB" for those being sent to Gibraltar for preparations for the invasion of 
North Africa; later their orders were stamped "BIG OT" (TO GIB backwards) when they were sent 
back to begin planning Operation OVERLORD, the invasion of Normandy. In WWII, it was 
convenient, in trying to find out if someone had access to highly restricted NEPTUNE and 
OVERLORD planning information, to ask "are you bigoted?" An indignant answer of "no" ended 
that part of classified discussion. 


Biographical Intelligence. That component of intelligence that deals with individual foreign personalities of 
actual or potential importance. (JP 1-02) 


Biometrics. The process of recognizing an individual based on measurable anatomical, physiological, 


and behavioral characteristics. (JP 1-02 and JP 2-0, Joint Intelligence, 22 Oct 2013) Also see biometrics 
enabled-intelligence. 
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-- Also, a general term used alternatively to describe a characteristic or a process. As a characteristic: 
A measurable biological (anatomical & physiological) and behavioral characteristic that can be used for 
automated recognition. As a process: Automated methods of recognizing an individual based on 
measurable biological (anatomical & physiological) and behavioral characteristics. (DoDD 8521.01E, 
DoD Biometrics, 21 Feb 2008) 


-- Also, the measurable biological (anatomical and physiological) and behavioral characteristics 
that can be used for automated recognition; examples include fingerprint, face, and iris recognition. 
(NSPD 59 / HSPD 24, Biometrics for Identification and Screening to Enhance National Security, 

5 Jun 2008) 


-- Also, measurable biological (anatomical and physiological) and behavioral characteristic that 
may be used for automated recognition of the identity of a person or to verify his claimed identity. 
Includes fingerprints, iris/retina, voice, facial, DNA, fingernail, and thermal signature. (AR 381-20, 
Army CI Program, 25 May 2010) 


"Biometrics has become a non-lethal weapons systems in complex, irregular warfare environments. 
When you enroll a person in biometric systems now in use on the battlefield, you take away from 
our enemies the ability to remain anonymous. It's a high impact tool in the ongoing War on Terror 
and gives tactical commanders a decisive edge in today and tomorrow's battlespace." 

-- LTG John F. Kimmons, U.S. Army G-2 


The Secretary of the Army is the DoD Executive Agent for DoD Biometrics. 


The term "biometrics" also describes both a process and a characteristic. As a process, biometrics 
consists of the automated methods of recognizing an individual based on measurable biological 
(anatomical and physiological) and behavioral characteristics. 


Two basic types of biometrics: 1) physical characteristics, e.g., face, hand & finger geometry, iris, 
and vein structure; and 2) behavioral characteristics, e.g., voice, handwriting, typing, rhythm, and 
gait. For general information see «http://www.howstuffworks.com/biometrics.htm- 


See Army TC 2-22.82, Biometrics-Enabled Intelligence, March 201 1 


Also see John Woodward, "Biometrics in the War on Terror," RAND Corporation (Dec 2005); 
available at -- «http:;//www.rand.org/commentary/2005/12/18/UPl.html- 


Biometrics-Enabled Intelligence (BEI). Intelligence information associated with and or derived from 
biometrics data that matches a specific person or unknown identity to a place, activity, device, 
component, or weapon that supports terrorist / insurgent network and related pattern analysis, facilitates 
high value individual targeting, reveals movement patterns, and confirms claimed identity. (DoDD 
8521.01E, DoD Biometrics, 21 Feb 2008) Also see biometric-enabled watch list (BEWL). 


-- Also, the intelligence derived from the processing of biologic identity data and other all-source for 
information concerning persons of interest. (JP 2-0, Joint Intelligence, 22 Oct 2013) 


-- Also, the information associated with and/or derived from biometric signatures and the associated 
contextual information that positively identifies a specific person and/or matches an unknown identity to a 
place, activity, device, component, or weapon. (ADRP 2-0, Intelligence, Aug 2012) 


BEI is a specialized analytical discipline that relies on all-source collections and a distinct 
processing, exploitation, reporting, and dissemination enterprise to integrate the information from 
U.S. and non-U.S. biometric collection and processing capabilities into all-source intelligence 
analysis for the purpose of monitoring or neutralizing the influence and operational capacity of 
individuals, cells, and networks of interest. 

-- TC 2-22.82, Biometrics-Enabled Intelligence, March 2011, p. 1-9 
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Biometrics-Enabled Watch List (BEWL). Any list of interest with individuals identified by biometric sample 
instead of by name, and the desired/recommended disposition instructions for each individual. 
(TC2-22.82, Biometrics-Enabled Intelligence, March 201 1) 


Within DoD, BEWL is a decision aid to help commanders determine what action to take when 
encountering a person of interest. 


Black. 1) tradecraft jargon for inconspicuousness in the sense of being free of hostile surveillance [going 
black: become free of surveillance before conducting an operational act]; and 2) CIA tradecraft jargon for 
clandestine or covert. (Leo D. Carl, The CIA's Insider Dictionary, 1996) 


-- Also, being free of hostile surveillance while on a clandestine mission; also refers to being in place 
undetected or unknown, such as flying in black. (A Spy's Journey) 


-- Also, BLACK: designation applied to encrypted information and the information systems, the 
associated areas, circuits, components, and equipment processing that information. Also see HED. 
(CNSSI No. 4009, National Information Assurance Glossary, 26 April 2010) 


Black Bag Job. [Tradecraft jargon] a surreptitious entry operation usually conducted by the FBI against 
a domestically located foreign intelligence target. (Spy Dust) Also see surreptitious entry. 


Aka Covert Entry... 

Tactical Operations, a supersecret unit of FBI break-in artists who conduct court-authorized 
burglaries [covert entries] in homes, offices, and embassies to plant hidden microphones and 
video cameras and snoop into computers. ...In any given year, TacOps conducts as many as four 
hundred of what the FBI calls covert entries. Eighty percent are conducted in national security 
cases relating to terrorism or counterintelligence. 
Over the years, the FBI has conducted successful covert entries at the Russian and Chinese 
embassies or their official diplomatic establishments, as well as at the homes of their diplomats 
and intelligence officers. 
Going up against foreign intelligence agencies is the biggest challenge because they set traps to 
detect entries. 

-- Ronald Kessler, The Secrets of the FBI (2011), pp 2, 7, 11, & 173 


“Black Bag" -- The term applied to clandestine entries of premises containing information that is 
likely to be of exceptional importance. The material may range from cryptographic data to the 
membership rolls of target organizations. 

-- Nigel West, Historical Dictionary of International Intelligence. 


Black List. [A list that] contains the identities and locations of individuals whose capture and detention 
are of prime importance, or individuals who have been determined to be intelligence fabricators. (Cl 
Community Lexicon) Also see Gray List; White List. 


-- Also, an official counterintelligence listing of actual or potential hostile collaborators, sympathizers, 
intelligence suspects, or other persons viewed as threatening to the security of friendly military forces. 
(Senate Report 94-755, Book | — Glossary, 26 Apr 1976) 


Previous DoD definition in JP 1-02: an official counterintelligence listing of actual or potential 
enemy collaborators, sympathizers, intelligence suspects, and other persons whose presence 
menaces the security of friendly forces. Note: this definition rescinded by JP 2-01.02, 11 Mar 2011. 
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Examples of individuals who may be included on a Black List: 

1) Known or suspected enemy or hostile espionage, sabotage, terrorist, political, and 
subversive individuals. 

2) Known or suspected leaders and members of hostile paramilitary, partisan, or guerrilla groups. 

3) Political leaders known or suspected to be hostile to the military and political objectives of the 
United States and/or an allied nation. 

4) Known or suspected officials of enemy governments whose presence in the theater of 
operations poses a security threat to the U.S. Forces. 

5) Known or suspected enemy collaborators and sympathizers whose presence in the theater 
of operations poses a security threat to the U.S. Forces. 

6) Known enemy military or civilian personnel who have engaged in intelligence, Cl, security, 
police, or political indoctrination activities among troops or civilians. 

7) Other enemy personalities such as local political personalities, police chiefs, and heads of 
significant municipal and/or national departments or agencies. 

-- USMC, MCWP 2-6 (previously 2-14), Counterintelligence, 5 Sep 2000 


Black Swan Event. An event that is rare, predictable only in retrospect, with extreme impacts. 
Blow [Tradecraft jargon] to expose—often unintentionally—personnel, installations or other elements of a 
clandestine activity or organization. (Senate Report 94-755, Book | — Glossary, 26 Apr 1976) Also see 


blown. 


Blown [Tradecraft jargon] to have one's cover exposed; to have an operation become public. (A Spy's 
Journey) 


Bona Fides. The lack of fraud or deceit: a determination that a person is who he/she says he/she is. 
(National HUMINT Glossary) 


Tradecraft jargon for credentials which establishes the credibility of a human source. 


The determination of a defector or agent's bona fides, the verification of their truthfulness, is critical 
to the assessment of the information they provide. 


-- Michael J. Sulick, American Spies: Espionage Against the United States from the Cold War to 
the Present, 2018, p. 77 


-- Also, good faith. In personnel recovery, the use of verbal or visual communication by individuals 
who are unknown to one another, to establish their authenticity, sincerity, honesty, and truthfulness. 
(JP 1-02 and JP 3-50, Personnel Recovery, 5 Jan 2007) 


-- Also. the lack of fraud or deceit: a determination that a person is who he/she says he/she is. 
(JP 1-02 and JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 


-- Also, physical and/or oral exchanges employed by an unknown individual to prove identity and 
foster trust. (HDI Lexicon, April 2008) 


-- Also, documents, information, action, codes, etc., offered by an unknown or otherwise suspected 
individual to establish his or her good faith, identification, dependability, truthfulness, or motivation. 
(ICS Glossary & AFOSI Manual 71-142, OFCO, 9 Jun 2000) 


Border Crosser. An individual, living close to a frontier, who normally has to cross the frontier frequently 
for legitimate purposes. (JP 1-02) 
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Botnet. A collection of zombie PCs [personal computers]. Botnet is short for robot network. A botnet can 
consist of tens or even hundreds of thousands of zombie computers. A single PC in a botnet can 
automatically send thousands of spam messages per day. The most common spam messages come 
from zombie computers. (McAfee Labs - Threat Glossary) Also see zombie. 


-- Also, Botnets, or Bot Networks, are made up of vast numbers of compromised computers that have 
been infected with malicious code, and can be remotely-controlled through commands sent via the 
Internet. (CRS Report PL32114, 29 Jan 2008) 


-- Also, A network of "zombie" computers controlled by a single actor. Botnets are a common tool for 
malicious activity on the Internet, such as denial-of-service attacks and spam, since they provide free 
9stolen) computation and network resources while hiding the identity of the controller. (Cybersecurity and 
Cyberwar) 


Botnets have been described as the 
"Swiss Army knives of the underground economy" 
because they are so versatile. 


Brevity Code. [In intelligence usage] Communications security (COMSEC) term for a code used only for 
shortening the length of a message, but not to conceal its content. (Cited as FBI Glossary in C/A's 
Insider's Dictionary by Leo D. Carl) [Note: although the brevity code does not conceal content (the actual 
words used), it can be used to conceal true meaning] 


-- Also, [non intelligence usage] a code which provides no security but which has as its sole purpose 
the shortening of messages rather than the concealment of their content. (JP 1-02; JP 3-04; and 
FM 1-02.1, Multi-Service Brevity Codes, Jun 2005) 


Brief Encounter. A short and discreet operational contact. (HDI Lexicon, April 2008) Also see brush 
contact; brush pass. 


-- Also, any brief physical contact between a case officer and an agent under threat of surveillance. 
(CI Centre Glossary) 


Brush Contact. A discreet momentary contact, usually prearranged between intelligence personnel, 
during which material or oral information is passed. (ICS Glossary & AFOSI Manual 71-142, OFCO, 
9 Jun 2000) Also see brush pass; brief encounter. 


Such a contact is extremely brief as well as surreptitious, 
and usually it is quite secure if well executed. 


-- Victor Marchetti & John D. Marks, 
The CIA and the Cult of Intelligence, 2'* edition (1980), p 230 


-- Also, a discreet, usually prearranged momentary contact between intelligence personnel when 
information or documents are passed. Also known as a brief encounter. (FBI FCI Terms) 


-- Also, a technique used by case officers to receive [or] exchange information from an agent 
clandestinely without betraying any signs of recognition between participants. The objective is to 
complete the transaction without detection by any hostile surveillance. (Historical Dictionary of Cold 
War Counterintelligence, 2007) 


Brush Contact — credited largely to Haviland Smith, who served as the CIA station chief in Prague 
from 1958 to 1960. See Benjamin Weiser, A Secret Life: The Polish Officer, His Covert Mission, 
and the Price He Paid to Save His Country (2004) 


"He found that if he walked along a street and turned right, he created a gap in which the 
agents [surveillance] trailing him would lose sight of him for a few seconds.... Do not 
elude surveillance, accept it as a way of life." 
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Brush Pass. A brief operational encounter (seconds or less) in which the case officer passes something 
(verbally or physically) to or receives something from the agent, or a two-way exchange takes place. 
(National HUMINT Glossary) Also see brief encounter; brush contact. 


-- Also, a discreet, monetary contact during which something is exchanged. (HDI Lexicon, April 2008) 


-- Also, a brief encounter where something is passed between a case officer and an agent. (CI Centre 
Glossary) 


-- Also, the clandestine, hand-to-hand delivery of items or payments — made as one person walks 
past another in a public place [The Russian Foreign Intelligence Service (SVR) refers to a brush pass 
as a "flash meeting”]. (FBI — Court Affidavit re: Russian Illegals, 25 June 2010) 


Bug. [Tradecraft jargon] 1) Concealed listening device or other equipment used in audio surveillance; 
2) To install such a device; the term “bugged” refers to a room or object that contains a concealed 
listening device. (Spy Book) 


-- Also, a concealed listening device or microphone, or other audiosurveillance device; also to install 
the means for audiosurveillance of a subject or target. (Senate Report 94-755, Book | — Glossary, 26 Apr 
1976) 


Bugging... Electronic Surveillance 


Bugging is a term in common use that refers to the various forms of clandestine electronic 
surveillance, or eavesdropping. See Spycraft, pp. 405-416, for details. 


Bug -- a covert or clandestine listening or viewing device that is noted for its small, inconspicuous 
(bug-like) size. Bugs used to primarily mean primarily listening devices, small microphones that 
could be hidden in plants or phone handsets, but the term now is also used to describe tiny pinhole 
cameras that are as small as audio bugs used to be twenty years ago. A bug may be wired or 
wireless and may or may not be sending information a recording device. 
-- Julie K. Petersen, Understanding Surveillance Technologies: Spy Devices, Their Origins & 
Applications (2001) 


[The FBI’s] Engineering Research Facility at Quantico... makes custom-designed bugging devices, 
tracking devices, sensors, and surveillance cameras to watch and record bad guys. It also 
develops ways to penetrate computers and defeat locks, surveillance Cameras, and alarm and 
access control systems. 

...State-of-the-art FBI bug... a circuit board that is the size of a postage stamp and the thickness of 
two stacked quarters "It's a transmitter and stereo recorder... it records for about twenty-one hours, 
and will transmit to a local receiver in encrypted form.... This is actually big in comparison to some 
of our bugs." 


-- Ronald Kessler, The Secrets of the FBI (2011), pp 8-9 and 227-228 
Bugged. Room or object that contains a concealed listening device. (JP 1-02) 


Burned. [Tradecraft jargon] When a case officer or agent is compromised, or a surveillant has been 
made by a target, usually because they make eye contact. (CI Centre Glossary) 


Burn Notice. Within DoD: None — term removed from JP 1-02 per JP 2-0 Joint Intelligence (22 Oct 2013). 


Previously defined in JP 1-02 as: an official statement by one intelligence agency to other 
agencies, domestic or foreign, that an individual or group is unreliable for any of a variety of 
reasons. 
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Campaign. A series of related military operations aimed at achieving strategic or operational objectives 
within a given time and space. (JP 1-02 and JP 5-0, Joint Operation Planning, 11 Aug 2011) Also see 
DoD Strategic CI Campaign. 


Campaign Plan. A joint operation plan for a series of related military operations aimed at achieving 
strategic or operational objectives within a given time and space. (JP 1-02 and JP 5-0, Joint Operation 
Planning, 11 Aug 2011) Also see Campaign; Campaign Planning; DoD Strategic Cl Campaign. 


Campaign Planning. The process whereby combatant commanders and subordinate joint force 
commanders translate national or theater strategy into operational concepts through the development of 
an operation plan for a campaign. (JP 1-02 and JP 5-0, Joint Operation Planning, 11 Aug 2011) Also see 
campaign; campaign plan. 


Capability. The ability to execute a specified course of action. (A capability may or may not be 
accompanied by an intention.) (JP 1-02) 


Capability Gap. The inability to achieve a desired effect under specified standards and conditions 
through combinations of means and ways to perform a set of tasks. The gap may be the result of no 
existing capability or lack of proficiency or sufficiency in existing capability. 


Captured or Detained Personnel. Any person captured, detained, held, or otherwise under the control of 
DoD personnel (military or civilian). This does not include DoD personnel or DoD contractor personnel 
being held for law enforcement purposes. (DoDD 3115.09, DoD Intelligence Interrogations, Detainee 
Debriefings, and Tactical Questioning, 11 Oct 2012 w/ chg 1 dated 15 Nov 2013) 


Car Pick-Up. A personal meeting wherein the handler picks up the source. (HDI Lexicon, April 2008) 


Car Toss. A form of dead drop using a concealment device thrown to a preselected site from a vehicle 
traveling along a designated route. (HDI Lexicon, April 2008) Also see brief encounter; brush contact, 
brush pass. 


-- Also, the method of conveying information clandestinely by throwing a package into, or out of, 
a vehicle is known as the "car toss." (Historical Dictionary of Cold War Counterintelligence, 2007) 


[PJull just far enough ahead of [surveillance] so that when he turned a curve.... or disappeared over 
a small hill, he was able to create ten- to twenty-second gaps during which he could throw a soda 
can or bottle out the window and in to a ditch by the road. In such "car tosses", beepers might be 
placed inside the object along with a message, so that the agent with a small radio could find it 
easily. 

-- Benjamin Weiser, A Secret Life (2004) pb, p.79 


Carbons. Paper that produces secret writing [SW] through the use of chemicals. (FBI FCI Terms and Spy 
Book) Also see secret writing. 


-- Also, paper invisibly impregnated with chemicals which, when used in accordance with directions, 
will produce secret writing. Illegals and agents often posses carbons which appear as ordinary sheets in 
writing pads that are manufactured in the target country. (AFOSI Manual 71-142, OFCO, 9 June 2000) 


Carve-Out. A provision approved by the Secretary or Deputy Secretary of Defense that relieves DSS 
[Defense Security Service) of its National Industrial Security Program obligation to perform industrial 


security oversight functions for a DoD SAP [Special Access Program]. (DoDD 5205.07, SAP Policy, 
1 Jul 2010) 
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-- Also, a classified contract for which the Defense Security Service (DSS) has been relieved of 
inspection responsibility in whole or in part. (DSS Glossary) 


CARVER. A special operations forces acronym used throughout the targeting and mission planning cycle 
to assess mission validity and requirements. The acronym stands for criticality, accessibility, 
recuperability, vulnerability, effect, and recognizability. (JP 1-02 and JP 3-05.1, Joint Special Operations 
Task Force Operations, 26 Apr 2007) 


Case. The framework which not only acts as the repository for all logically/physically related facts, issues, 
allegations and products (outputs) associated with the investigative process, but also serves to document, 
in a case file, the approvals, authorities, waivers, plans, notes and other artifacts relevant to that particular 
instance of the process. (ONCIX Insider Threat Detection — Glossary) 


-- Also, an intelligence operation in its entirety; the term also refers to a record of the development of an 
intelligence operation, how it will operate, and the objectives of the operation. (Senate Report 94-755, Book I 
— Glossary, 26 Apr 1976) 


Can also be used as a verb, to case, meaning to surreptitiously observe a physical location to 
determine its suitability for possible future operational use. 


Previously defined in DoD (JP 1-02) as: 1) An intelligence operation in its entirety; or 2) Record of 
the development of an intelligence operation, including personnel, modus operandi, and objectives. 
Approved for removal per JP 2-0 Joint Intelligence (22 Oct 2013). 


Case Officer (C/O). A professional employee of an intelligence or counterintelligence organization who is 
responsible for providing directions for an agent operation and/or handling intelligence assets. (JP 1-02; 
JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011; CI Community 
Lexicon; and ICS Glossary) Also see Agent Handler. 


-- Also, [an intelligence employee] who is responsible for managing and directing agents (assets) in 
the field. Case officers are sometimes referred to as "operations officers." (Encyclopedia of the CIA, 2003) 


“_..the case officer's job is to handle operational cases and assets; this is to say the case officer 
recruits and directs foreign indigenous spies who are known as "agents." 
-- Fred Rustmann, Jr., "Debunking the CIA Case Officer Myth," AF/O Newsletter; 25: 1&2 (2002) 


Casing. Reconnaissance of an operating area, whether for surveillance or for personal or impersonal 
communications. (CI Community Lexicon) 


-- Also, a study of a site to determine operational suitability. (HDI Lexicon, April 2008) 

-- Also, covert or clandestine inspection or surveillance of an area, place, or building to determine its 
suitability for operational use or its vulnerability to an intelligence operation. (AFOSI Instruction 71-101, 
6 Jun 2000 and AFOSI Manual 71-142, OFCO, 9 Jun 2000) 
Catastrophic Event. Any natural or man-made incident, including terrorism, which results in extraordinary 
levels of mass casualties, damage, or disruption severely affecting the population, infrastructure, 
environment, economy, national morale, and/or government functions. (JP 1-02 and JP 3-28, Defense 
Support of Civil Authorities, 31 Jul 2013) Also see complex catastrophe. 


Caveat. A designator used with or without a security classification to further limit the dissemination of 
restricted information, e.g., FOUO and NOFORN. (IC Standard 700-1, 4 Apr 2008) 


-- Also, a designator used with a classification to further limit the dissemination of restricted 
information. (JP 1-02 and JP 3-07.4, Joint Counterdrug Operations, 13 Jun 2007) 
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Cell. [In intelligence usage,] a small group of individuals who work together for clandestine or subversive 
purposes. 


CELLEX. See cellular telephone exploitation. 


Cellular Telephone Exploitation (CELLEX). Exploitation of cellular phones at the logical or physical level 
to extract cogent contextual information, includes holistic examinations of mobile devices and associated 
digital media (e.g., SIM cards, media cards). 


Center [British spelling: Centre]. The headquarters site in the home country where control of intelligence 
and espionage operations in foreign countries is maintained. (AFOSI Manual 71-142, OFCO, 9 Jun 2000) 


-- Also, intelligence service headquarters. (FBI FCI Terms) 


Center of Gravity (COG). The source of power that provides moral or physical strength, freedom of action, 
or will to act. (JP 1-02 and JP 5-0, Joint Operation Planning, 11 Aug 2011) 


Central Intelligence Agency (CIA). An independent US Government agency responsible for providing 
national security intelligence to senior US policymakers. Primary mission: collect, analyze, evaluate, and 
disseminate foreign intelligence to assist the President and senior US government policymakers in 
making decisions relating to national security. Major components: National Clandestine Service (NCS), 
Directorate of Intelligence, Directorate of Science & Technology and Directorate of Support. (cia.gov) 
Also see National Clandestine Service. 


We do espionage. That is the nature of what we do. We steal secrets. 


-- DCI George Tenet, 23 June 1998 
Interview in Studies in Intelligence, 42:1 (1998) 


Director CIA is designated the Functional Manager for human intelligence IAW EO 12333; and is 
also the National HUMINT Manager IAW ICD 304, Human Intelligence. 


Director CIA coordinates the clandestine collection of foreign intelligence through human sources 
or through human-enabled means and counterintelligence activities outside the United States (EO 
12333). 


The CIA may engage in covert action at the President’s direction and in accordance with applicable 
law; see covert action. 


The Director CIA serves as the head of the Central Intelligence Agency and reports to the Director 
of National Intelligence. The CIA director's responsibilities include: 


-- Collecting intelligence through human sources and by other appropriate means, except that he 
shall have no police, subpoena, or law enforcement powers or internal security functions; 

-- Correlating and evaluating intelligence related to the national security and providing appropriate 
dissemination of such intelligence; 

-- Providing overall direction for and coordination of the collection of national intelligence outside 
the United States through human sources by elements of the Intelligence Community authorized 
to undertake such collection and, in coordination with other departments, agencies, or elements 
of the United States Government which are authorized to undertake such collection, ensuring 
that the most effective use is made of resources and that appropriate account is taken of the 
risks to the United States and those involved in such collection; and 

-- Performing such other functions and duties related to intelligence affecting the national security 
as the President or the Director of National Intelligence may direct. 


The function of the Central Intelligence Agency is to assist the Director of the Central Intelligence 
Agency in carrying out the responsibilities outlined above. 


Source: https://www.cia.gov/about-cia/index.html (accessed 20 Aug 2012) 
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CFIUS. See Committee of Foreign Investment in the United States. 


Chain of Custody. A chronological written record reflecting the release and receipt of evidence from initial 
acquisition until final disposition. (AR 195-5, Evidence Procedures, 25 Jun 2007) Also see evidence; 
chain of evidence. 


-- Also, a process that tracks the movement of evidence through its collection, safeguarding, and 
analysis lifecycle by documenting each person who handled the evidence, the date/time it was collected 
or transferred, and the purpose for the transfer. (CNSSI No. 4009, National Information Assurance 
Glossary, 26 April 2010) 


-- Also, a process used to maintain and document the chronological history of the evidence. 
(Documents should include name or initials of the individual collecting the evidence, each person or entity 
subsequently having custody of it, dates the items were collected or transferred, agency and case 
number, victim's or suspect's name, and a brief description of the item.) (Crime Scene Investigation: A 
Guide for Law Enforcement, Sep 2013) 


Chain of Custody is a process used to document the chronological history of evidence to maintain 
the security, integrity and accountability of its handling. 


Chain of Evidence. A process and record that shows who obtained the evidence; where and when the 
evidence was obtained; who secured the evidence; and who had control or possession of the evidence. 
The "sequencing" of the chain of evidence follows this order: collection and identification; analysis; 
storage; preservation; presentation in court; return to owner. (CNSSI No. 4009, National Information 
Assurance Glossary, 26 April 2010) Also see evidence; chain of custody 


Chairman's Guidance (CG). Provides a common set of assumptions, priorities, intent, and critical 
planning factors required to develop future strategies and plans. It is an integral part of the strategy 
development process. CG may be established pursuant to conducting a Joint Strategy Review, to 
preparing a Joint Vision, or to Drafting a new National Military Strategy; or it may be provided separately 
if deemed appropriate. (CJCSI 3100.01A, Joint Strategic Planning System, 1 Sep 1999) 


Chancery. The building upon a diplomatic or consular compound which houses the offices of the chief 
of mission or principal officer. (JP 1-02) 


Characterization. [In critical infrastructure protection usage] the analytic decomposition of functions, 
Systems, assets, and dependencies related to supporting DoD operational capabilities and assets. DoDD 
3020.40, ( DoD Policy and Responsibilities for Critical Infrastructure, 14 Jan 2010, w/ chg 2 dated 21 Sep 
2012) 


Chief of Mission (CoM). The principal officer in charge of U.S. Diplomatic Missions and U.S. offices 
abroad, which the Secretary of State has designated as diplomatic in nature. The CoM reports to the 
President through the Secretary of State. Also see Ambassador. 


-- Also, the principal officer (the ambassador) in charge of a diplomatic facility of the United States, 
including any individual assigned to be temporarily in charge of such a facility. The CoM is the personal 
representative of the President to the country of accreditation and is responsible for the direction, 
coordination, and supervision of all US Government executive branch employees in that country (except 
those under the command of a US area military commander). The security of the diplomatic post is the 
CoM's direct responsibility. (JP 1-02 and JP 3-08, Interorganizational Coordination During Joint 
Operations, 24 Jun 2011) 


The U.S. Ambassador to a foreign country, for example, is the Chief of the U.S. Mission (CoM) in 
that country. Other CoMs include the Chiefs of permanent U.S. Missions to international 
organizations (e.g., the U.S. Mission to International Organizations in Vienna), the Principal Officers 
of Consulates General, and the U.S. Interest Section in the Swiss Embassy in Havana. 
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The CoM has full responsibility and authority for the direction, coordination, and supervision of all 
USG executive branch employees in country and at international organizations, regardless of their 
employment categories or location, except those under command of a U.S. area military 
commander or on the staff of an international organization. 


Chief of Station (CoS). The senior United States intelligence officer in a foreign country, and is the direct 
representative of the Director National Intelligence, to whom the officer reports through the Director 
Central Intelligence Agency. Usually the senior representative of the Central Intelligence Agency 
assigned to a US Mission. (JP 1-02 and JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 
1 dated 26 Aug 2011) 


Choke Point. A narrow passage--such as a bridge, tunnel, or Metro station--used as a surveillance or 
countersurveillance tool for channeling the opposing force or monitoring their passage. (CI Centre 
Glossary) 


CHROME. Acronym for Counterintelligence and Human Intelligence Requirements-Reporting and 
Operations Management Environment. Interoperable, synchronized information technology architecture 
to replace and retire legacy software systems to accelerate workflow, increase efficiency, and broaden 
intelligence sharing within DoD and across the IC. (DoD FCIP Strategy FY 2013-2017) 


Church Committee (aka the United States Senate Select Committee to Study Governmental Operations 
with Respect to Intelligence Activities). A U.S. Senate committee chaired by Senator Frank Church (D-ID) 
in 1975. A precursor to the U.S. Senate Select Committee on Intelligence (SSCI), the committee 
investigated intelligence gathering by the CIA, FBI, and NSA after certain activities had been revealed by 
the Watergate affair. (Wikipedia at «http://en.wikipedia.org/wiki/Church Committee») 


In 1975 and 1976, the Church Committee published fourteen reports on the formation of U.S. 
intelligence agencies, their operations, and the alleged abuses of law and of power that they had 
committed, together with recommendations for reform, some of which were put in place. Under 
recommendations and pressure by this committee, President Gerald Ford issued Executive Order 
11905 (ultimately replaced in 1981 by President Reagan's Executive Order 12333). 


Regarding counterintelligence see Book | Foreign and Military Intelligence, pp. 163-178 


Copies of the Church Committee reports at the following two web sites: 
-- <http:/Awww.intelligence.senate.gov/churchcommittee.html> 
-- «http:;//www.aarclibrary.org/publib/contents/church/contents church reports.htm- 


CI. See counterintelligence. 


Cl-21. Counterintelligence for the 21st Century. (See White House Fact Sheet, “The PDD on CI-21: 
Counterintelligence for the 21st Century" — copy at «http://www .fas.org/irp/offdocs/pdd/pdd-75.htm») 


Designed to provide a national counterintelligence system which is predictive and proactive, one 
that includes integrated oversight of national Cl activities across government and the private sector. 
Established: 1) the National CI Policy Board of Directors (Dir FBI, Dep SECDEF, DDCI, and DoJ 
Representative); 2) the National Cl Executive (NCIX); and the Office of the National Cl Executive. 


"The general premise behind CI-21 is to try and determine what are America's true equities, and 
then extend this interagency cooperation in a systematic way to try and better protect those assets 
and deter acts of espionage that target them. We can no longer afford to focus our 
counterintelligence efforts only after an incident has sparked a full criminal case, because at that 
point it's too late. The damage has already been done." 

-- DCI George Tenet quoted in "Anti-Terror Alliance," Government Executive Magazine, 1 Feb 2001 
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“Cl-21 is a manifestation of a process... we all began to realize that the threats to U.S. security 
were changing in a way that our traditional organizations and structures couldn't match... 
Globalization and technology were lowering traditional boundaries between what constitutes an 
international or domestic threat, and terrorists, drug cartels, spies and hackers were all leaping 
those boundaries with impunity." 

-- John MacGaffin, Former ADDO, CIA and Former FBI Consultant who spearhead CI-21 


CI Campaign. See DoD Counterintelligence Campaign. 
CI Mission Tasking Authority. See Counterintelligence Mission Tasking Authority. 


Cipher. Any cryptographic system in which arbitrary symbols (or groups of symbols) represent units of 
plain text of regular length, usually single letters; units of plain text are rearranged; or both, in accordance 
with certain predetermined rules. (JP 1-02) Also see code; cipher pad. 


Cipher Pad. A small thin pad of paper sheets having nonrepetitive key, usually machine printed. A sheet 
is used once for enciphering and another sheet used once for deciphering a communication. Occasionally 
called a one-time pad (OTP). (AFOSI Manual 71-142, OFCO, 9 Jun 2000) 


CISO Acronym for Counterintelligence Staff Officer. Within DoD, term rescinded. 
Note: within DoD this term replaced by “Command CI Coordinating Authority" or CCICA. 
CIR. Acronym for Counterintelligence Incident Report. 


Civil Authorities. Those elected and appointed officers and employees who constitute the government of 
the United States, the governments of the 50 states, the District of Columbia, the Commonwealth of 
Puerto Rico, United States territories, and political subdivisions thereof. 

(JP 1-02 and JP 3-28, Defense Support of Civil Authorities, 31 Jul 2013) 


Civil Aviation Intelligence. Activities undertaken to understand how trends in the global civil aviation 
industry impact U.S. interests; or detect, analyze, monitor, and warn of illicit activity or threats to the 
United States, its allies, or its interests involving civil aviation. (DoDI 3115.14, Civil Aviation Intelligence, 
29 Jul 2011) 


Civil Disturbance. Within DoD: None -- term removed from JP 1-02. 


Previous defined in JP 3-28, Civil Support (14 Sep 2007) as: Group acts of violence and disorder 
prejudicial to public law and order. 


Civilian Internee. A civilian who is interned during armed conflict, occupation, or other military operation 
for security reasons, for protection, or because he or she committed an offense against the detaining 
power. (JP 3-63, Detainee Operations, 30 May 2008) 


Clandestine. Any activity or operation sponsored or conducted by governmental departments or agencies 
with the intent to assure secrecy or concealment. (JP 1-02 and JP 2-01.2, CI & HUMINT in Joint 
Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) See clandestine collection; clandestine 
intelligence; clandestine intelligence activity; clandestine intelligence collection clandestine operation; 
covert. 


-- Also, any HUMINT [Human Intelligence] or other activity or operation sponsored or conducted by 
governmental departments or agencies with the intent to assure secrecy or concealment. (ICD 304, 
HUMINT, 1 Mar 2007 and DoDD S-5200.37, Management & Execution of Defense HUMINT, 9 Feb 2009) 

-- Also, any illicit/illegal activity that is designed not to be detected by anyone, including a local 


security service. Concealed, hidden, secret, or surreptitious operation conducted without the knowledge 
of anyone but the organization conducting the operation or investigation. (Cl Community Lexicon) 
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-- Also, method of conducting operations with secrecy by design. Differs from covert in that covert 
conceals the identity of the sponsor, whereas clandestine conceals the identity of the operation. (National 
HUMINT Glossary) 


-- Also, secret or hidden activity conducted with secrecy by design. (ICS Glossary, 1978) 


Clandestine, from the Latin clam, "secretly, in private." 


Words have meaning... clandestine and covert are not synonymous 


"| don't take lightly the distinction between clandestine and covert... 
It makes all the difference in the world." 


-- Senator Jay Rockefeller, Senate Select Committee on Intelligence 


Clandestine Collection. The acquisition of protected intelligence information in a way designed to protect 
the source, and conceal the operation, identity of operators and sources, and actual methodologies 
employed. (Previously in DoDI S-5240.17, CI collection, 12 Jan 2009) Also see clandestine intelligence; 
clandestine intelligence collection. 


Clandestine Intelligence. Intelligence information collected by clandestine sources. (Senate Report 
94-755, Book I — Glossary, 26 Apr 1976) 


Clandestine Intelligence Activity. An activity conducted by or on behalf of a foreign power for intelligence 
purposes or for the purpose of affecting political or governmental processes if the activity is conducted in 
a manner designed to conceal from the U.S. Government the nature or fact of such activity or the role of 
such foreign power; also, any activity conducted in support of such activity. (AR 381-12, Threat 
Awareness and Reporting Program, 4 Oct 2010) 


Clandestine Intelligence Collection. The acquisition of protected intelligence information in a way 
designed to conceal the nature of the operation and protect the source. (JP 1-02 and JP 2-01.2, CI & 
HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 


-- Also, the acquisition of protected intelligence information in a way designed to protect the source. 
(National HUMINT Glossary) 


Clandestine Operation. An operation sponsored or conducted by governmental departments or agencies 
in such a way as to assure secrecy or concealment. A clandestine operation differs from a covert 
operation in that emphasis is placed on concealment of the operation rather than on concealment of the 
identity of the sponsor. In special operations, an activity may be both covert and clandestine and may 
focus equally on operational considerations and intelligence-related activities. (JP 1-02 and JP 3-05.1, 
Joint Special Operations Task Force Operations, 26 Apr 2007) 


-- Also, activities to accomplish intelligence, Cl, or similar activities in such a way as to maintain 
secrecy or concealment especially for the purpose of deception or subversion. (CI Community Lexicon) 


-- Also, a pre-planned secret intelligence information collection activity, technical operation, or covert 
political, economic, propaganda, or paramilitary action conducted so as to assure the secrecy of the 


operation; encompasses clandestine collection, counterintelligence, and covert action. (National HUMINT 
Glossary) 
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-- Also, any HUMINT or other activity or operation sponsored or conducted by governmental 
departments or agencies with the intent to assure secrecy or concealment. (DHE-M 3301.002, Vol Il, 
Collection Operations, 23 Nov 2010) 


Clandestine operations are sometimes incorrectly referred to as "covert operations." Although both 
are secret and sensitive activities, the terms are not interchangeable. See covert operation. 


Clandestine Nuclear Threat. A nuclear or radiological attack by anyone for any purpose, against the 
United States and/or U.S. military operations, and delivered by means other than (military) missiles or 
aircraft. A large subset of this threat is the smuggling of nuclear weapons, devices, or materials for use 
against the United States. (DSB Report, Jun 2004) 


Today, it would be easy for adversaries to introduce and 
detonate a nuclear explosive clandestinely in the United States. 
-- Defense Science Board Report (June 2004)* 


*Copy of "Report of the Defense Science Board Task Force Report on Preventing and Defending Against 
Clandestine Nuclear Attack," June 2004 available at: <http://www.acq.osd.mil/dsb/reports/ADA429042.pdf> 


Clandestine Service. See National Clandestine Service (NCS); Defense Clandestine Service (DCS). 


Classification. The determination that official information requires, in the interests of national security, a 
specific degree of protection against unauthorized disclosure, coupled with a designation signifying that 
such a determination has been made. (JP 1-02 and JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 
2011 w/ chg 1 dated 26 Aug 2011) 


Classification—Driving Security 
The classification system is designed primarily to protect the confidentiality of certain military, 
foreign policy, and intelligence information. It deals only with a small slice of the government’ 
information that requires protection although it drives the government's security apparatus and 
most of its costs. 


-- Joint Security Commission, Redefining Security: A Report to the Secretary of Defense and the Director 
Central Intelligence, 28 Feb 1994, pp.7 


Classified Information. Official information that has been determined to require, in the interests of 
national security, protection against unauthorized disclosure and which has been so designated. 
(JP 1-02 and JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 


-- Also, information or material designated and clearly represented, pursuant to the provisions of a 
statute or Executive order (or a regulation or order issued pursuant to a statue or Executive order), as 
requiring a specific degree of protection against unauthorized disclosure for reasons of national security. 
(50 USC § 426[1]) 


Classified Information Procedures Act (CIPA). The tool with which the proper protection of classified 
information may be ensured in indicted cases. After a criminal indictment becomes public, the prosecutor 
remains responsible for taking reasonable precautions against the unauthorized disclosure of classified 
information during the case. This responsibility applies both when the government intends to use 
classified information in its case-in-chief as well as when the defendant seeks to use classified 
information in his/her defense. (18 USC, App III, Sec 1-16) Also see graymail. 


Congress enacted CIPA (Public Law 96-456) in 1980. The procedural protections of CIPA protect 
unnecessary disclosure of classified information. The primary purpose was to limit the practice of 
"graymail" by criminal defendants in possession of sensitive government secrets. 


"Gray mail" refers to the threat by a criminal defendant to disclose classified information during the 
course of a trial. The gray mailing defendant essentially presented the government with a 
"Hobson's choice": either allow disclosure of the classified information or dismiss the indictment. 
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CIPA is a procedural statute that balances the right of a criminal defendant with the right of the 
Sovereign to know in advance of a potential threat from a criminal prosecution to its national 
security. CIPA's provisions are designed to prevent unnecessary or inadvertent disclosures of 
classified information and to advise the government of the national security "cost" of going forward. 


See: «http://www.usdoj.gov/usao/eousa/foia reading room/usamfrtitle9/crm02054.htm- 


Classified Military Information (CMI). Information requiring protection in the interest of national security 
and is limited to three classifications: TOP SECRET, SECRET and CONFIDENTIAL as described in 
Executive Order 13526, Classified National Security Information (previously EO 12958 13526) and which 
is under the control or jurisdiction of the DoD or its Departments or Agencies. 


Basic USG policy provided in National Security Decision Memorandum (NSDM) 119 "Disclosure of 
Classified United States Military Information to Foreign Governments and International 
Organizations": CMI is a national security asset which must be conserved and protected and which 
must be shared with foreign governments and international organizations only where there is a 
clearly defined advantage to the U.S. 


Copy of NSDM 119 at: <http:/Awww.nixonlibrary.gov/virtuallibrary/documents/nsdm/nsdm_119.pdf> 


Classified National Intelligence (CNI). National intelligence as defined in 50 USC 401a(5), classified 
pursuant to EO 13526. (ICD 703, Protection of Classified National Intelligence Including Sensitive 
Compartmented Information, 21 Jun 2013) Also see Sensitive Compartmented Information. 


Protection of CNI, including SCI, is also achieved through adherence to counterintelligence (Cl) 
and security practices. 


-- ICD 703, Protection of Classified National Intelligence, including Sensitive Compartmented Information, 
21 Jun 2013, p. 2 


Clean. [Tradecraft jargon] To be free of hostile surveillance. (A Spy’s Journey) 


Clean Phone. Tradecraft jargon which typically refers to a disposable, pre-paid cellular telephone 
that cannot be traced back to the original retail purchaser or subsequent user(s). 


Clearance. Formal security determination by an authorized adjudicative office that an individual is 
authorized access, on a need to know basis, to a specific level of collateral classified information (TOP 
SECRET, SECRET, CONFIDENTIAL). (CNSSI No. 4009, National Information Assurance Glossary, 
26 April 2010) 


Cleared Contractor (CC). A person or facility operating under the National Industrial Security Program 
(NISP), that has had an administrative determination that they are eligible, from a security point of view, 
for access to classified information of a certain level (and all lower levels). There are approximately 8500 
cleared contractors with over 13,000 facilities. (DSS - Glossary to Insider Threat Awareness Course) 


The Defense Security Service (DSS) refers to “cleared contractors” as they support DoD as well as 
other U.S. Government Departments and Agencies. DSS oversees the protection of U.S. and 
foreign classified information and technologies in the hands of industry under the National Industrial 
Security Program (NISP). "The NISP applies to all Executive Branch Departments and Agencies 
and to all cleared contractor facilities located within the United States" (para 1-102, NISPOM). 


Cleared Defense Contractor (CDC). A company or academic institution (i.e., university or college) that 
has entered into a security agreement with the DoD, and was granted a facility (security) clearance 
enabling the entity to be eligible for access to classified information of a certain category, as well as all 
lower categories. (DoDI O-5240.24, Cl Activities Supporting RDA, 8 Jun 2011 with change 1 dated 15 Oct 
2013) 


-- Also, a subset of contractors cleared under the NISP who have contracts with the Department of 
Defense. Therefore, not all cleared contractors have contracts with DoD. (DSS - Glossary to Insider 
Threat Awareness Course) 
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Click-jacking. Concealing hyperlinks beneath legitimate clickable content which, when clicked, causes 
a user to unknowingly perform actions, such as downloading malware, or sending your ID to a site. 
Numerous click-jacking scams have employed "Like" and "Share" buttons on social networking sites. 
(FBI; see <http://www.fbi.gov/about-us/investigate/counterintelligence/internet-social-networking-risks>) 


Coalition. An arrangement between two or more nations for common action. (JP 1-02 and JP 5-0, Joint 
Operation Planning, 11 Aug 2011) Also see alliance; multinational. 


Coast Guard Counterintelligence Service (CGCIS). Component of Coast Guard Intelligence that provides 
full-spectrum counterintelligence support to the U.S. Coast Guard. Office symbol: CG-2-Cl. 


CGCIS preserves the operational integrity of the Coast Guard by shielding its operations, 
personnel, systems, facilities and information from Foreign Intelligence and Security Services 
(FISS), and the intelligence efforts of terrorist organizations, drug trafficking elements and other 
organized crime groups, and adversaries, and insider threats. CGCIS supports the identification, 
understanding, neutralization, and exploitation of the operations of FISS and of non-state actors 
who employ intelligence tradecraft. CGCIS manages the Foreign Visitor Program, providing tailored 
foreign intelligence threat and awareness briefings specific to foreigners visiting Coast Guard 
commands. CGCIS also conducts foreign travel briefs and debriefs, providing tailored foreign 
intelligence threat and awareness briefings on FISS, terrorism, and criminal threats, and health 
concerns to educate Coast Guard personnel traveling to high-threat countries. 


-- Coast Guard Publication 2-0, Intelligence, May 2010 


Code. 1) Any system of communication in which arbitrary groups of symbols represent units of plain text 
of varying length. Codes may be used for brevity or for security; 2) a cryptosystem in which the 
cryptographic equivalents (usually called "code groups"), typically consisting of letters or digits (or both) in 
otherwise meaningless combinations, are substituted for plain text elements which are primarily words, 
phrases, or sentences. (Previously in JP 1-02) Also see cipher. 


-- Also, system of communication in which arbitrary groups of letters, numbers, or symbols represent 
units of plain text of varying length. (CNSSI No. 4009, National Information Assurance Glossary, 26 April 
2010) 


-- Also, a system of communication in which arbitrary groups of symbols represent units of plain text. 
Codes may be used for brevity or for security. (Senate Report 94-755, Book | — Glossary, 26 Apr 1976) 


“There is no sharp theoretical line between codes and ciphers; [a] useful distinction is that code 
operates on linguistic entities, dividing its raw material into meaningful elements and cipher does 
not.” 

-- David Kahn, The Code Breakers (1967) 


Code Book. Document containing plain text and code equivalents in a systematic arrangement, or a 
technique of machine encryption using a word substitution technique. (CNSSI No. 4009, National 
Information Assurance Glossary, 26 April 2010) 


Code Word. A single word assigned a classified meaning by appropriate authority to ensure proper 
security concerning intentions and to safeguard information pertaining to actual, real-world military plans, 
activities or operations classified CONFIDENTIAL or higher. (DoDI 5205.11, Management, Administration, 
and Oversight of DoD Special Access Programs, 6 Feb 2013) 


-- Also, a single classified word assigned to represent a specific SAP or portions thereof. (DoD 
5220.22.22-M-Sup 1, NISPOM Supplement, Feb 1995) 


-- Also, 1) A word that has been assigned a classification and a classified meaning to safeguard 
intentions and information regarding a classified plan or operation; and 2) A cryptonym used to identify 
sensitive intelligence data. (JP 1-02 and JP 3-50, Personnel Recovery, 20 Dec 2011) 
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-- Also, a prearranged word used in communication or conversation to disguise the identity of 
someone or something or to convey a meaning other than its conventional meaning. (AFOSI Manual 
71-142, 9 Jun 2000) Also see nickname. 


Cold Pitch. Recruitment approach without prior development or, in some cases, contact. (National 
HUMINT Glossary) 


The confrontational “cold pitch" was one of the riskiest methods, putting great psychological 
pressure on a target, and often failed. Even when successful, it often produced agents whose 
handlers had to maintain constant pressure on them to stay involved. When such agents had a 
chance to cut their ties—when they were assigned to new posts or when communications with their 
contacts became risky—they often took it. 

-- Victor Cherkashin, KGB Counterintelligence Officer and author of Spy Handler (2005) 


Nobody likes cold pitches because they're the worst technique in the profession of intelligence. It's 
going up to somebody whom you don't know and asking them to do the equivalent of going to bed 

with you. It’s a very intimate, and if you're not developing it from a practical interrelationship human 
kind of way, 99.9 percent of the folks will say no. 


-- Michael T. Rochford, Chief, Espionage Section, Counterintelligence Division, FBI 
as quoted in The Secrets of the FBI (2011) by Ronald Kessler, p. 125 


Cold War. Term generally used to describe the long-term, but nonshooting, conflict or state of tension 
between the United States and the Soviet Union that lasted from the close of World War Il in 1945 until 
the collapse of the Soviet Union in 1991. (Encyclopedia of the CIA, 2003) 


COLISEUM. See Community On-Line Intelligence System for End-Users and Managers. 


Collaborating Analytical Center (CAC). An intelligence organization that has responsibility to support and 
assist a Responsible Analytical Center (RAC) produce an intelligence product to answer a specific 
COCOM Intelligence Task List (ITL) task or sub-task. CACs may provide all-source analysis, application 
of analysis, or single-source analysis, exploitation, or reporting. DoD organizations that may serve as 
CACs include: Combat Support Agencies (DIA, NSA, NGA), the COCOM JIOCs, and the Service 
Intelligence Centers (NGIC, ONI, NASIC & MCIA). (CJCSM 3314.01, Intelligence Planning, 28 Feb 2007) 


Collateral. All national security information classified Confidential, Secret, or Top Secret under the 
provisions of an Executive Order for which special systems of compartmentation (such as SCI or SAPs) 
are not formally required. (DoDI 5200.01, 9 Oct 2008) 


Collation. The organizing of relevant information in a coherent way, looking at source and context. It 
includes evaluating the information for accuracy, completeness, and meaning. (Robert M. Clark, 
Intelligence Analysis: A Target-Centric Approach, 2004) 


Collection. In intelligence usage, the acquisition of information and the provision of this information to 
processing elements. (JP 1-02 and JP 2-01, Joint and National Intelligence Support to Military 
Operations, 5 Jan 2012) Also see counterintelligence collection; clandestine intelligence collection; 
intelligence collection; military counterintelligence collection. 


-- Also, the acquisition of information to meet an intelligence requirement. (ICD 300, 3 Oct 2006) 
ICD 300 (Management, Integration, and Oversight of Intelligence Collection and Cover Action, 3 
Oct 2006) establishes DNI policy to integrate, prioritize, and maximize IC collection capabilities and 


activities to produce timely and useful national intelligence information for policymakers, Defense, 
and other intelligence consumers. 
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-- Also, the identification, location, and recording and storing of information— typically from an original 
source and using both human and technological means—for input into the Intelligence Cycle for the 
purpose of meeting a defined tactical or strategic intelligence goal. (ODNI, U.S. National Intelligence — An 
Overview 2011) 


-- Also, the exploitation of sources by collection agencies, and the delivery of the information obtained 
to the appropriate processing unit for use in the production of intelligence. (National HUMINT Glossary) 


-- Also, the acquisition of information by any means and its delivery to the proper intelligence 
processing unit for use in the production of intelligence. (Senate Report 94-755, Book |, 26 Apr 1976) 


"Collection is the gathering of valued information, much of it by clandestine means." 
-- Roy Godson, Dirty Tricks or Trump Card: US Covert Action and Counterintelligence (1995), p.1 


"The collection of information is the foundation of everything that the Intelligence Community does. 
While successful collection cannot ensure a good analytical product, the failure to collect... turns 
analysis into guesswork." 

-- WMD Report (2005); p. 351 


EO 12333, US Intelligence Activities, directs that IC elements use the least intrusive collection 
techniques feasible within the United States or directed against US persons abroad (para 2.4 - 
Collection Techniques). 


Collection Agency. Any individual, organization, or unit that has access to sources of information and the 
capability of collecting information from them. (JP 1-02 and JP 2-01, Joint and National Intelligence 
Support to Military Operations, 5 Jan 2012) 


Collection Asset. A collection system, platform, or capability that is supporting, assigned, or attached to a 
particular commander. (JP 1-02 and JP 2-01, Joint and National Intelligence Support to Military 
Operations, 5 Jan 2012) 


Collection Emphasis. Identifies new short- to intermediate-term information needs in response to 
unforeseen situations, emerging crises, or contingencies. It can be used to register additional or refined 
requirements in connection with a unique collection opportunity. (DoD CI Collection Integrated Working 
Group Handbook 1-02, 8 Aug 2006) 


Collection Management (CM). In intelligence usage, the process of converting intelligence requirements 
into collection requirements, establishing priorities, tasking or coordinating with appropriate collection 
sources or agencies, monitoring results, and re-tasking, as required. (JP 1-02 and JP 2-0, Joint 
Intelligence, 22 Oct 2013) 


CM has two distinct functions: collection requirements management (CRM) and collection 
operations management (COM). CRM established the collection need and COM provides the “how 
to" for conducting the actual collection. See collection requirements management and collection 
operations management. 


"The matters that interest an intelligence service are so numerous and diverse that some order 
must be established in the process of collecting information." 


-- Allen W. Dulles, The Craft of Intelligence (2006), p.75 
Collection Management Authority (CMA). Within DoD, CMA constitutes the authority to establish, 
prioritize, and validate theater collection requirements, establish sensor tasking guidance, and develop 


theater-wide collection policies. (JP 1-02 and JP 2-01.2, Cl & HUMINT in Joint Operations, 16 Mar 2011 
w/ chg 1 dated 26 Aug 2011) 


39 


Page 3556 of 3957 


Page 3557 of 3957 


Counterintelligence Glossary -- Terms & Definitions of Interest for CI Professionals (9 June 2014) 


Collection Manager. An individual with responsibility for the timely and efficient tasking of organic 
collection resources and the development of requirements for theater and national assets that could 
satisfy specific information needs in support of the mission. (JP 1-02 and JP 2-01, Joint and National 
Intelligence Support to Military Operations, 5 Jan 2012) 


Collection Operations Management (COM). The authoritative direction, scheduling, and control of 
specific collection operations and associated processing, exploitation, and reporting resources. (JP 1-02 
and JP 2-0, Joint Intelligence, 22 Oct 2013) Also see collection management; collection requirements 
management. 


COM is the process by which it is determined “how” a requirement will be answered within an 
intelligence discipline and “who” will execute the collection activity. 


"Essentially, CRM is what gets done in the collection cycle, while COM is how it gets done." 
-- ODNI, U.S. National Intelligence — An Overview 201 1 


Collection Plan. A systematic scheme to optimize the employment of all available collection 
capabilities and associated processing, exploitation, and dissemination resources to satisfy specific 
information requirements. (JP 2-0, Joint Intelligence, 22 Oct 2013) 


The collection plan determines how a collection requirement will be satisfied. 


Collection Planning. A continuous process that coordinates and integrates the efforts of all collection 
units and agencies. (JP 1-02 and JP 2-0, Joint Intelligence, 22 Oct 2013) 


Collection Posture. The current status of collection assets and resources to satisfy identified information 
requirements. (JP 2-0, Joint Intelligence, 22 Oct 2013) 


Collection Requirement. A valid need to close a specific gap in intelligence holdings in direct response to 
a request for information (JP 2-0, Joint Intelligence, 22 Oct 2013) Also see intelligence requirement; 
information requirements. 


-- Also, 1) An intelligence need considered in the allocation of intelligence resources. Within the 
Department of Defense, these collection requirements fulfill the essential elements of information and 
other intelligence needs of a commander, or an agency; or 2) An established intelligence need, validated 
against the appropriate allocation of intelligence resources (as a requirement) to fulfill the essential 
elements of information and other intelligence needs of an intelligence consumer. (JP 2-01.2, Cl & 
HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 


Collection Requirements Management (CRM). The authoritative development and control of collection, 
processing, exploitation, and/or reporting requirements that normally result in either the direct tasking of 
assets over which the collection manager has authority, or the generation of tasking requests to collection 
management authorities at a higher, lower, or lateral echelon to accomplish the collection mission. 

(JP 1-02 and JP 2-0, Joint Intelligence, 22 Oct 2013) Also see collection management; collection 
operations management. 


CRM is the process by which it is determined “what” will be collected and by "which" intelligence 
discipline. CRM defines “what” intelligence systems must collect and focuses on the requirements 
of the customer; it is all-source oriented and advocates "what" information is necessary for 
collection. 


Collection Resource. A collection system, platform, or capability that is not assigned or attached to a 


specific unit or echelon which must be requested and coordinated through the chain of command. 
(JP 1-02 and JP 2-01, Joint and National Intelligence Support to Military Operations, 5 Jan 2012) 
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Collection Strategy. An analytical approach used by collection managers to determine which intelligence 
disciplines can be applied to satisfy information requirements. (JP 2-0, Joint Intelligence, 22 Oct 2013) 


Collection Support Brief (CSB). A supplement to a collection requirement on key country topics, technical 
subjects, and other complex issues. It provides more detailed tutorial information for HUMINT collectors 
regarding technical developments, organizations, facilities, and personalities associated with the 
collection topic. (DHE-M 3301.002, Vol II, Collection Operations, 23 Nov 2010) 


Collector. A person who acquires information or services from a source. (HDI Lexicon, Apr 2008) 


Combat Intelligence. Within DoD: None — term removed from JP 1-02 per JP 2-0 Joint Intelligence 22 Oct 
2013. 


Previously defined in JP 1-02 as: that knowledge of the enemy, weather, and geographical 
features required by a commander in the planning and conduct of combat operations. 


Combat Support Agency (CSA). A Department of Defense agency so designated by Congress or the 
Secretary of Defense that supports military combat operations. (JP 5-0, Joint Operation Planning, 11 Aug 
2011) 


Combatant Command (COCOM) A unified or specified command with a broad continuing mission under a 
single commander established and so designated by the President, through the Secretary of Defense and 
with the advice and assistance of the Chairman of the Joint Chiefs of Staff. (JP 1, Doctrine for the Armed 
Forces of the United States, 25 Mar 2013) 


Combatant Command (command authority). Nontransferable command authority, which cannot be 
delegated, of a combatant commander to perform those functions of command over assigned forces 
involving organizing and employing commands and forces; assigning tasks; designating objectives; giving 
authoritative direction over all aspects of military operations, joint training, and logistics necessary to 
accomplish the missions assigned to the command. (JP 1, Doctrine for the Armed Forces of the United 
States, 25 Mar 2013) Also see Unified Command Plan. 


Combatant Commander (CCDR). A commander of one of the unified or specified combatant commands 
established by the President. (JP 1-02) Also see Unified Command Plan. 


Combating Terrorism (CbT). Actions, including antiterrorism (defensive measures taken to reduce 
vulnerability to terrorist acts) and counterterrorism (offensive measures taken to prevent, deter, and 
respond to terrorism), taken to oppose terrorism throughout the entire threat spectrum. (JP 1-02 and 
JP 3-26, Counterterrorism, 13 Nov 2009) 


-- Also, within DoD, encompasses all actions taken to oppose terrorism throughout the entire 
threat spectrum including terrorist use of CBRNE devices. Actions taken include AT, counterterrorism, 
terrorism consequence management, and intelligence support (collection, analysis, and dissemination of 
terrorism-related information). (DoDI 2000.12, DoD Antiterrorism Program, 1 Mar 2012 with change 1 
dated 9 Sep 2013) 


Combat Support Agency (CSA). A Department of Defense agency so designated by Congress or the 
Secretary of Defense that supports military combat operations. (JP 1-02 and JP 5-0, Joint Operation 
Planning, 11 Aug 2011) 

Command and Control (C2). The exercise of authority and direction by a properly designated 


commander over assigned and attached forces in the accomplishment of the mission. (JP 1, Doctrine for 
the Armed Forces of the United States, 25 Mar 2013) 
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Command Counterintelligence Coordinating Authority (CCICA). The senior command representative to 
conduct and exercise staff coordination authority over CI activities. Develops and implements the 
Combatant Command's Cl strategy and plans, serves as the focal point for Cl issues impacting the 
command, identifies command resource requirements, and coordinates Cl support to the command. 
Formerly known as "CI Staff Officer" [or CISO]. (DoDI 5240.10, Cl in the Combatant Commands and 
Other DoD Components, 5 Oct 2011 with change 1 dated 15 Oct 2013) 


Note: this term is approved for inclusion in the next edition of JP 1-02. 


-- Also, the Combatant Commander’s senior representative for Cl. The CCICA serves as the 
authoritative point of contact for the Combatant Command on Cl issues and activities and assists in 
exercising the command's Cl activities. JP 2-01.2, Cl & HUMINT in Joint Operations, 16 Mar 2011 
w/ chg 1 dated 26 Aug 2011) Also see Counterintelligence Coordinating Authority (CICA). 


The CCICA is a CI subject matter expert and the senior CI adviser to the Combatant Command. 
DoD Instruction 5240.10 directs that the CICCA shall be either a military O5/O6 or civilian 
equivalent, and shall have Cl experience [not further defined]. 


For additional information see JP 2.01.2, CI & HUMINT in Joint Operations, 11 Mar 2011 (para 2a) 


Commander's Critical Information Requirement (CCIR). An information requirement identified by the 
commander as being critical to facilitating timely decision-making. (JP 1-02 and JP 3-0, Joint Operations, 
11 Aug 2011) 


Committee of Foreign Investment in the United States (CFIUS). An interagency committee that serves 
the President in overseeing the national security implications of foreign investments. (Department of 


Treasury website at <http://www.treas.gov/offices/international-affairs/exon-florio/>) 


CFIUS has 12 members under the chairmanship of the Secretary of Treasury consisting of: the 
Secretaries of State, Defense, Commerce, and Homeland Security, the Attorney General, Director 
OMB, Director of the Office of Science and Technology Policy, Assistant to the President for 
National Security Affairs, Assistant to the President for Economic Policy, US Trade Representative, 
and Chairman of the Council of Economic Advisers. 

-- Department of Treasury website (cited above) 


Originally established in 1975 by EO 11858 mainly to monitor and evaluate the impact of foreign 
investment in the United States. In 1988, EO 12661 designated CFIUS to receive notices of 
foreign acquisitions of U.S. companies, to determine whether a particular acquisition has national 
security issues sufficient to warrant an investigation and to undertake an investigation, if necessary, 
and to submit a report and recommendation to the President at the conclusion of an investigation. 


On 26 July 2077, the Foreign Investment and National Security Act of 2007 (PL 110-49) was 
enacted. The act was implemented by EO 13456 and addresses many issues, e.g., Congressional 
notification requirements; more stringent rules for the review and formal investigation of 
transactions, especially those involving foreign governments or critical infrastructure assets; 
requires senior-level involvement in various required certifications and reports, limiting the 
agencies' delegation authority; established the membership of CFIUS by statute; and created a 
defined role for the Director of National Intelligence as an ex-officio member who must evaluate the 
transaction's national security implications. 


Also see CRS Report: <http://www.fas.org/sgp/crs/natsec/RL33388.pdf> 
Common Operational Picture (COP). A single identical display of relevant information shared by more 
than one command. A common operational picture facilitates collaborative planning and assists all 
echelons to achieve situational awareness. (JP 1-02 and JP 3-0, Joint Operations, 11 Aug 2011) 
-- Also, (Army) A single display of relevant information within a commander's area of interest tailored to 


the user's requirements and based on common data and information shared by more than one command. 
(ADRP 6-0, Mission Command, May 2012) 
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Communications Cover. Concealing or altering of characteristic communications patterns to hide 
information that could be of value to an adversary. (CNSSI No. 4009, National Information Assurance 
Glossary, 26 April 2010) 


Communications Intelligence (COMINT). Technical information and intelligence derived from foreign 
communications by other than the intended recipients. (JP 1-02 and JP 2-0, Joint Intelligence, 22 Oct 
2013) Also see signals intelligence. 


-- Also, the capture of information, either encrypted or in “plaintext,” exchanged between intelligence 
targets or transmitted by a known or suspected intelligence target for the purpose of tracking 
communications patterns and protocols (traffic analysis), establishing links between intercommunicating 
parties or groups, or analysis of the substantive meaning of the communication. COMINT is a sub- 
discipline of SIGINT. (ODNI, U.S. National Intelligence — An Overview 2011) 


COMINT is a sub-category of signals intelligence that engages in dealing with messages or voice 
information derived from the interception of foreign communications. It is produced by the 
collection and processing of foreign communications passed by radio, wire or other electromagnetic 
means, and by the processing of foreign encrypted communications, however transmitted. 
Collection comprises search, intercept, and direction finding. 


Communications Intelligence or COMINT: technical and intelligence information derived from 
foreign communications by other than intended recipients. COMINT activities... those activities 
that produce COMINT by the collection and processing of foreign communications passed by radio, 
wire, or other electromagnetic means... and by processing foreign encrypted communications, 
however transmitted. Collection comprises search, intercept and direct finding. Processing 
comprises range estimation, transmitter, operator identification, signal analysis, traffic analysis, 
cryptanalysis, decryption study of plain text, the fusion of these activities and the reporting of 
results. 

-- NSCID 6, Signals Intelligence, 17 Feb 1972 (redacted copy, complete original version is TOP SECRET) 

Available at: http://www2.gwu.edu/~nsarchiv/NSAEBB/NSAEBB23/docs/doc05.pdf 


[T]here ‘is’ something special about communications intelligence... in a nutshell, its special value 
lies in the fact that this kind of intelligence is generally accurate, reliable, 'authentic,' continuous, 
and most of all, ‘timely’. 


-- NSA, A History of U.S. Communications Security (U) [Vol I], revised July 1973, p.9; originally classified 
SECRET/NORFORN//COMINT, declassified by NSA 10 Dec 2008) 


Communications Security (COMSEC). The protection resulting from all measures designed to deny 
unauthorized persons information of value that might be derived from the possession and study of 
telecommunications, or to mislead unauthorized persons in their interpretation of the results of such 
possession and study. (JP 1-02 and JP 6-0, Joint Communications Systems, 10 Jun 2010) 


-- Also, protective measures taken to deny unauthorized persons information derived from 
telecommunications of the U.S. Government related to national security and to ensure the 
authenticity of such communications. Such protection results from the application of security measures 
(including cryptosecurity, transmission security, emissions security, and jamming resistance) to 
telecommunications and to electrical systems generating, handling, processing, or using national security 
or national security-related information. It also includes the application of physical security measures to 
COMSEC information or materials. (DoDD 4640.6 Communications Security Telephone Monitoring and 
Recording, 26 Jun 1981) 


-- Also, measures and controls taken to deny unauthorized individuals information derived from 
telecommunications and to ensure the authenticity of such telecommunications. COMSEC includes 


cryptosecurity, transmission security, emission security, and physical security of COMSEC material. 
(DoDD 5100.20, NSA, 26 Jan 2010) 
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-- Also, a component of Information Assurance that deals with measures and controls taken to deny 
unauthorized persons information derived from telecommunications and to ensure the authenticity of such 
telecommunications. COMSEC includes crypto security, transmission security, emissions security, and 
physical security of COMSEC material. (CNSS Instruction No, 4009, National IA Glossary, 26 Apr 2010) 


Communications Security Monitoring. The act of listening to, copying, or recording transmissions of one's 
own circuits (or when specially agreed, e.g., in allied exercises, those of friendly forces) to provide 
material for communications security analysis in order to determine the degree of security being provided 
to those transmissions. In particular, the purposes include providing a basis for advising commanders on 
the security risks resulting from their transmissions, improving the security of communications, and 
planning and conducting manipulative communications deception operations. (previously in JP 1-02) 


Community On-Line Intelligence System for End-Users and Managers (COLISEUM). The management 
system for production requirements and requests for information. Cl production. (DoDI 5240.18, CI 


Analysis & Production, 17 Nov 2009 with change 1 dated 15 Oct 2013) 


-- Also, an analysis requirements management tool used throughout the DIE for tasking and 
managing requirements for finished intelligence production. (DoDI 3020.51, Intelligence Support to DCIP, 
23 Jun 2011) 


-- Also, the primary production requirements management system for the Defense Intelligence 
Analysis Program (DIAP). It supports the DIAP mission to consolidate and gain synergism of DoD 
intelligence production resources by automating the basic production requirement process defined in 
the DIAP and its key operational concepts. (DIA DIAP) 


-- Also, an analysis requirement management tool used throughout the Defense Intelligence 
Community to register and track requests for information/analytical requirements, search for existing 
intelligence, and manage/account for analytical resources. It is a web-based application available through 
Intelink. (Joint Military Intelligence Training Center, Fundamentals of COLISEUM 5.0, Jun 2008) 


Defense CI Components shall use the Cl-approved electronic archiving system to validate, task, 
and disseminate production requirements for CI analysis. The approved system is the primary 
method to communicate analysis and production requirements within the DoD CI enterprise. 
Defense CI Components without access to the approved system may use COLISEUM. 

-- DoDI 5140.18, CI Analysis & Production, 17 Nov 2009 


Compartmentation. The principle of controlling access to sensitive information so that it is available only 
to those individuals or organizational components with an official "need-to-know" and only to the extent 
required for the performance of assigned responsibilities. (National HUMINT Glossary) Also see Bigot 
List. 


-- Also, establishment and management of an organization so that information about the personnel, 
internal organization, or activities of one component is made available to any other component only to the 
extent required for the performance of assigned duties. (JP 1-02 and JP 3-05.1, Joint Special Operations 
Task Force Operations, 26 Apr 2007) 


- Also, management of an intelligence service so that information about personnel, organization, or 
activities of one component is made available to any other component only to the extent required for the 
performance of assigned duties. (FBI FCI Terms) 


-- Also, the practice of establishing specials channels for handling sensitive intelligence information. 
The channels are limited to individuals with a specific need for such information and who are therefore 


given special security clearances in order to have access to it. (Senate Report 94-755, Book | — Glossary, 
26 Apr 1976) 


44 


Page 3561of 3957 


Page 3562 of 3957 


Counterintelligence Glossary -- Terms & Definitions of Interest for CI Professionals (9 June 2014) 


-- Also, the process of strictly limiting the number of people who are aware of a given intelligence 
operation.... Only personnel with an absolute "need to know" should be admitted into the compartment. 
(James M. Olson, Fair Play: The Moral Dilemmas of Spying, 2006) 


The primary purpose of compartmentation is security, to protect extremely sensitive information 
from compromise. 


An intelligence service that is careless about compartmentation pays the price. 
-- James M. Olson, Former Chief of CIA Counterintelligence 


Effective compartmentation is fundamental to all secret activity... 


-- Richard Helms, Former Director CIA (1966-1973) 
(see Richard Helms with William Hood, A Look Over My Shoulder, 2003, pp.184-185) 


[It's]...essential to practice strict compartmentation in counterintelligence investigations. 


-- Colonel Stuart A. Herrington, US Army (Ret) 
(see Traitors Among Us: Inside the Spy Catcher's World,1999, pp.272-273) 


Compartmented Intelligence. National intelligence placed in a DNI-approved control system to ensure 
handling by specifically identified and access approved individuals. (IC Standard 700-1, 4 Apr 2008) 


-- Also, national intelligence information under a control system and only available to designated 
individuals. (National Intelligence: A Consumer's Guide - 2009). 


Compartmented intelligence became institutionalized during World War II [SIGINT, e.g., ULTRA, 
MAGIC, etc.].... Compartmentalizing information is the way they restrict what is known. 
-- William E. Burrows, Deep Black (1986) 


In the secret operations canon it is axiomatic that the probability of leaks escalates exponentially 
each time a classified document is exposed to another person.... Effective compartmentation is 
fundamental to all secret activity. 

-- Richard Helms (Former DCl), A Look Over My Shoulder (2003) 


Complaint-type Investigation. A counterintelligence investigation in which sabotage, espionage, treason, 
sedition, subversive activity, or disaffection is suspected. (JP 1-02) 


Complex Catastrophe. Any natural or man-made incident, including cyberspace attack, power grid 
failure, and terrorism, which results in cascading failures of multiple, interdependent, critical, life- 
sustaining infrastructure sectors and causes extraordinary levels of mass casualties, damage or 
disruption severely affecting the population, environment, economy, public health, national morale, 
response efforts, and/or government functions. (Deputy Secretary of Defense Memorandum, 19 February 
2013 cited in JP 3-28, Defense Support of Civil Authorities, 31 Jul 2013) Also see catastrophic event. 


Compromise. A communication or physical transfer of classified information to an unauthorized recipient. 
(DoDD 5200.1, DoD Information Security Program, 13 Dec 1996) 


-- Also, an unauthorized disclosure of classified information. (DoDM 5200.01-Vol 1, DoD Information 
Security, 24 Feb 2012 and DoD 5220.22-M, NISPOM, 28 Feb 2006) 


-- Also, the known or suspected exposure of clandestine personnel, installations, or other assets or of 
classified information or material, to an unauthorized person. (JP 1-02 and JP 2-01.2, Cl & HUMINT in 
Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 


-- Also, the disclosure or release of classified information to unauthorized person(s). (IC Standard 
700-1, 4 Apr 2008 
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-- Also, type of incident where information is disclosed to unauthorized individuals or a violation of the 
security policy of a system in which unauthorized intentional or unintentional disclosure, modification, 
destruction, or loss of an object may have occurred. (CNSSI No. 4009, National Information Assurance 
Glossary, 26 April 2010) 


-- Also, a known or suspected exposure of clandestine personnel, installations, or other assets, or of 
classified information or material, to an unauthorized person. (Senate Report 94-755, Book | — Glossary, 
26 Apr 1976) 


Compromised. A term applied to classified matter, knowledge of which has, in whole or in part, passed to 
an unauthorized person or persons, or which has been subject to risk of such passing. (JP 1-02 and 
JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 201 1) 


-- Also, when an operation, asset, or agent is uncovered and cannot remain secret. (CI Centre 
Glossary) 


Compromising Emanations. Unintentional emissions that could disclose information being transmitted, 
received, or handled by any information-processing equipment. (ICS Glossary) Also see TEMPEST; 
TEMPEST Test. 


-- Also, unintentional signals that, if intercepted and analyzed, would disclose the information 
transmitted, received, handled or otherwise processed by information system equipment. (CNSSI No. 
4009, National Information Assurance Glossary, 26 April 2010; also NSTISSI 7002) 


Computer Forensics. The practice of gathering, retaining, and analyzing computer-related data for 
investigative purposes in a manner that maintains the integrity of the data. (CNSSI No. 4009, National 
Information Assurance Glossary, 26 April 2010) 


-- Also, the scientific, systematic inspection and analysis of digital media and its contents to gather 
information on the facts and circumstances which may connect an incident to a threat to national security 
or other computer use that is contrary to security of information systems or may indicative of espionage. 
The objectives are to perform a structured investigation, maintain the proper chain of evidence, 
reconstruct the activities of a computer user, and preserve the integrity of the data. (AR 381-20, Army 
CI Program, 25 May 2010) 


Computer Intrusion. Within DoD: None — term removed from JP 1-02 per JP 3-13, Cyberspace 
Operations, 5 Feb 2013. 


Previously defined in JP 1-02 as: an incident of unauthorized access to data or an automated 
information system. 


Computer Intrusion Detection. Within DoD: None — term removed from JP 1-02 per JP 3-13, Cyberspace 
Operations, 5 Feb 2013. 


Previously defined in JP 1-02 as: the process of identifying that a computer intrusion has been 
attempted, is occurring, or has occurred. 


Computer Network. The constituent element of an enclave responsible for connecting computing 
environments by providing short-haul data transport capabilities, such as local or campus area networks, 


or long-haul data transport capabilities, such as operational, metropolitan, or wide area and backbone 
networks. (DoDI S-5240.23, Cl Activities in Cyberspace, 13 Dec 2010 with change 1 dated 16 Oct 2013) 
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Computer Network Attack (CNA). Operations to manipulate, disrupt, deny, degrade, or destroy 
information resident in computers and computer networks, or the computers and networks themselves. 
(DCID 7/3, Information Operations and IC Related Activities (U), 1 Jul 1999, updated 5 Jun 2003) 


Within DoD: None — term removed from JP 1-02 per JP 3-13, 27 Nov 2012. 

Defined in the previous edition of JP 3-13, Information Operations, dated 13 Feb 2006, as: 
Actions taken through the use of computer networks to disrupt, deny, degrade, or destroy 
information resident in computers and computer networks, or the computers and networks 
themselves. 


Computer Network Defense (CND). Efforts to defend against the computer network operations of others, 
especially that directed against U.S. and allied computers and networks. (DCID 7/3, Information 
Operations and IC Related Activities (U), 1 Jul 1999, updated 5 Jun 2003) 


Within DoD: None — term removed from JP 1-02 per JP 3-13, 27 Nov 2012. 


Previously defined as: Actions taken through the use of computer networks to protect, monitor, 
analyze, detect and respond to unauthorized activity within Department of Defense information 
systems and computer networks. 


Computer Network Exploitation (CNE). Intelligence collection and enabling operations to gather data 
from target or adversary automated information systems or networks. (DCID 7/3, Information Operations 
and IC Related Activities (U), 1 Jul 1999, updated 5 Jun 2003) 


Within DoD: None — term removed from JP 1-02 per JP 3-13, 27 Nov 2012). 


Previously defined as: Enabling operations and intelligence collection capabilities conducted 
through the use of computer networks to gather data from target or adversary automated 
information systems or networks. 


Computer Network Operations (CNO). Within DoD: None — term removed from JP 1-02 per JP 3-13, 
27 Nov 2012. 


Previously defined as: comprised of computer network attack, computer network defense, and 
related computer network exploitation enabling operations. 


Computer Security (COMUSEC). The protection resulting from all measures to deny unauthorized 
access and exploitation of friendly computer systems. (JP 1-02 and JP 6-0, Joint Communications, 10 
Jun 2010) Also see /nformation Security (INFOSEC); Cybersecurity. 


Computer Trespasser. A person who accesses a protected computer without authorization and thus has 
no reasonable expectation of privacy in any communication transmitted to, through, or from the protected 
computer; see 18 USC 2510 (21)(a). (AR 381-20, Army CI Program, 25 May 2010) 

Computer Virus. A software program, script, or macro that has been designed to infect, destroy, modify, 
or cause other problems with a computer or software program. (US Army TRADOC DCSINT Handbook 
1.02, 15 Aug 2007) 


-- Also, a computer program that can copy itself and infect a computer without permission or 
knowledge of the user. (Wikipedia; accessed 2 Oct 2007) 
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Concealed Monitoring. Targeting by electronic, optical, or mechanical devices a particular person or a 
group of persons without their consent in a surreptitious and continuous manner. Monitoring is 
surreptitious when it is targeted in a manner designed to keep the subject of the monitoring unaware of it. 
Monitoring is continuous if it is conducted without interruption for a substantial period of time. (DoD 
5240.1-R, Procedures Governing the Activities of DoD Intelligence Components that Affect US Persons, 
Dec 1982) 


Concealed monitoring includes, but is not limited to the use of microphones, video cameras, 
beepers, beacons, transponders, and GPS locators. 


Within DoD, if there is a reasonable expectation of privacy, a Procedure 6 is required IAW DoD 
5240.1-R. Procedures Governing the Activities of DoD Intelligence Components that Affect United 
States Persons, 


Concealment. The act of remaining hidden. (DSS Glossary) 
Concealment Device (CD). A container designed to hide materials. (HDI Lexicon, April 2008) 


-- Also, innocuous object designed or adapted as a container for secreting any selected material or 
equipment. Also called containers. (AFOSI Manual 71-142, OFCO, 9 Jun 2000) 


-- Also, any one of a variety of innocuous devices used to secretly store and transport materials 
relating to an operation. (CI Centre Glossary) 


-- Also, an object modified or fabricated to contain either a device or intelligence materials for the 
purpose of covert storage, transport, placement within a target, or dead-dropping. (Spycraft) 


Concept of Intelligence Operations. Within the Department of Defense, a verbal or graphic statement, in 
broad outline, of an intelligence directorate's assumptions or intent in regard to intelligence support of an 
operation or series of operations. (JP 2.0, Joint Intelligence, 22 Oct 2013) 


Concept of Operations (CONOPS). A verbal or graphic statement that clearly and concisely expresses 
what the joint force commander intends to accomplish and how it will be done using available resources. 
(JP 5-0, Joint Operation Planning, 11 Aug 2011) 


Concept Plan (CONPLAN). In the context of joint operation planning level 3 planning detail, an operation 
plan in an abbreviated format that may require considerable expansion or alteration to convert it into a 
complete operation plan or operation order. (JP 1-02 and JP 5-0, Joint Operation Planning, 11 Aug 2011) 


Conduits. Within military deception, conduits are information or intelligence gateways to the deception 
target. Examples of conduits include: foreign intelligence and security services, intelligence collection 
platforms, open-source intelligence, news media—foreign and domestic. (JP 3-13.4, Military Deception, 
26 Jan 2012) See military deception. 


Confidential. Security classification that shall be applied to information, the unauthorized disclosure of 
which reasonably could be expected to cause damage to the national security that the original 
classification authority is able to identify or describe. (EO 13526, Classified National Security Information, 
31 Dec 2009) Also see security classification. 


Confidential Source. Any individual or organization that provides information to the U.S. Government on 
matters pertaining to national security and expects, in return, that the information or relationship, or both, 


will be held in confidence. This definition is not to be confused with "intelligence source" as used in the 
Human Intelligence Community. (IC Standard 700-1, 4 Apr 2008) 
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-- Also, any individual or organization that has provided, or that may reasonably be expected to 
provide, information to the United States on matters pertaining to the national security with the 
expectation that the information or relationship, or both, are to be held in confidence. (EO 13526, 
Classified National Security Information, 31 Dec 2009) 


-- Also [within AFOSI], any individual whose identity is being protected, with whom AFOSI establishes 
a formal managed relationship, and whose AFOSI directed activities result in the gathering of information 
or testimonial or physical evidence. This does not include those individuals who provide information as a 
result of their official duties or one time witness to an incident or crime. (AFOSI Manual 71-118, Vol |, 
Confidential Source Management, 3 Oct 2002) 


Confusion Agent. An individual dispatched by his sponsor to confound the intelligence or 
counterintelligence apparatus of another country rather than to collect and transmit information. (Senate 
Report 94-755, Book | — Glossary, 26 Apr 1976) 


-- Within DoD: None — term removed from JP 1-02 (rescinded 11 Mar 201 1). 


Previously defined in JP 1-02 as: an individual who is dispatched by the sponsor for the primary 
purpose of confounding the intelligence or counterintelligence apparatus of another country rather 
than for the purpose of collecting and transmitting information. 


Congressional Intelligence Committees. The Senate Select Committee on Intelligence (SSCI) and the 
House Permanent Select Committee on Intelligence (HPSCI). Also see SSCI; HPSCI. 


The 1980 Intelligence Oversight Act charged the SSCI and HPSCI with authorizing the programs 
of US intelligence agencies and overseeing their activities. 
-- SSCI website at <http://intelligence.senate.gov/> and HPSCI at <http://intelligence.house.gov/> 


Consensual Monitoring. Monitoring of communications for which a court order or warrant is not legally 
required because of the consent of a party to the communication. (Attorney General's Guidelines for 
Domestic FBI Operations, 29 Sep 2008) 


Consolidated Adjudications Facility (CAF). The DoD CAF, under the direction of the Washington 
Headquarters Services (WHS)—a DoD Field Activity—grants, denies, or revokes eligibility for access to 
classified information and eligibility for occupancy of sensitive positions, and supports the use of 
automated and consolidated adjudicative processes to the maximum extent practicable in accordance 
with DoDD 5220.6 (Defense Industrial Personnel Security Clearance Review Program) and DoD 
Regulation 5200.2-R (Personnel Security Program). 


DoD established the DoD CAF to consolidate resources and standardize adjudicative processes. 
On May 3, 2012, the Deputy SECDEF directed a complete consolidation of the functions, 
resources, and assets of the Army Central Clearance Facility, Department of the Navy CAF, Air 
Force CAF, Joint Staff CAF, Washington Headquarters (WHS) CAF, Defense Industrial Security 
Clearance Office (DISCO), and the Defense Office of Hearings and Appeals (DOHA) into a single 
organization under the authority, direction and control of the Director of Administration and 
Management. The DoD CAF is located on Fort Meade, MD. 


Constraint. In the context of joint operation planning, a requirement placed on the command by a higher 
command that dictates an action, thus restricting freedom of action. (JP 5-0, Joint Operation Planning, 
11 Aug 2011) 

Contact Report (CR). A report of an operational event; a format providing the officer the ability to 
document routine aspects of operational activities not otherwise covered by other intelligence or 
operational reporting. (National HUMINT Glossary) 


-- Also, a report used during the conduct of source operations to document the circumstances of, and 
establish a historical report of the operation. (Army FM 2.22-2, Counterintelligence, Oct 2009) 
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Contamination. Type of incident involving the introduction of data of one security classification or security 
category into data of a lower security classification or different security category. (CNSSI No. 4009, 
National Information Assurance Glossary, 26 April 2010) 


Continental United States (CONUS). United States territory, including the adjacent territorial waters, 
located within North America between Canada and Mexico. (JP 1, Doctrine for the Armed Forces of the 
United States, 25 Mar 2013) 


Contingency. A situation requiring military operations in response to natural disasters, terrorists, 
subversives, or as otherwise directed by appropriate authority to protect US interests. (JP 5-0, Joint 
Operation Planning, 11 Aug 2011) 


Contingency Planning Guidance (CPG). Secretary of Defense written guidance, approved by the 
President, for the Chairman of the Joint Chiefs of Staff, which focuses the guidance given in the national 
security strategy and Defense Planning Guidance, and is the principal source document for the Joint 
Strategic Capabilities Plan. (JP 1, Doctrine for the Armed Forces of the United States, 25 Mar 2013) 


Contingency Operation. A military operation that is either designated by the Secretary of Defense as a 
contingency operation or becomes a contingency operation as a matter of law (Title 10, USC 8101[a][13] 
and JP1, Doctrine for the Armed Forces of the United States, 25 Mar 2013) 


Continuity of Government (COG). A coordinated effort within the Federal Government's executive branch 
to ensure that National Essential Functions continue to be performed during a Catastrophic Emergency. 
(NSPD 51, National Continuity Program, 9 May 2007) 


-- Also, a coordinated effort within the Executive Branch that ensures the continuation of minimum 
essential functions in any emergency situation, including catastrophic emergencies that impair or threaten 
day-to-day operations of departments/agencies within the branch. COG activities involve ensuring the 
continuity of minimum essential functions utilizing infrastructures outside the Washington Metropolitan 
Area (WMA) and must be capable of implementation with and without warning. (NIP - FY 2009 
Congressional Budget Justification Book, redacted version)* 


* Copy available at: «http://www.fas.org/irp/dni/cbjb-2009.pdf > (accessed 24 Jan 2013. 


Continuous Evaluation. Means reviewing the background of an individual who has been determined to be 
eligible for access to classified information (including additional or new checks of commercial databases, 
Government databases, and other information lawfully available to security officials) at any time during 
the period of eligibility to determine whether that individual continues to meet the requirements for 
eligibility for access to classified information. (EO 13467, 2 Jul 2008 & DoDI 5200.02, DoD Personnel 
Sceurity Program, 21 Mar 2014) 


All personnel in national security positions shall be subject to continuous evaluation. 
-- DoDI 5200.02, DoD Personnel Security Program, 21 Mar 2014 (encl 3, para 6) 


Control. [As used in intelligence human source operations], the capacity of a case officer (and his 
service) to generate, alter, or halt agent behavior by using or indicating his capacity to use physical or 
psychological means of leverage. (Source: John P. Dimmer, Jr., "Observations on the Double Agent," 
Studies in Intelligence, vol. 6, no. 1 (Winter 1962), pp 57-72. Declassified, originally classified SECRET) 


-- Also, [in intelligence usage,] physical or psychological pressures exerted with the intent to assure 
that an agent or group will respond as directed. (JP 1-02) 
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-- Also, physical or psychological pressure exerted on an agent to ensure that he or she responds to 
directions from an intelligence agency or service. (Spy Book) 


“A case officer does not control an agent the way he controls an automobile [or] the way a 
policeman controls an informer. The intelligence officer who thinks of control in absolutes of 
black and white does his operations a disservice; the areas of gray predominate." 

-- John P. Dimmer, Jr., CIA Operations Officer (1962) 


Control of Compromising Emanations (aka TEMPEST). TEMPEST Countermeasures are designed to 
prevent exploitation of compromising emanations by containing them within the equipment or IS 
[inspectable space] of the facility processing classified information. (AR 381-14, Technical 
Counterintelligence, 30 Sep 2002) 


Controlled Information. 1) Information conveyed to an adversary in a deception operation to evoke 
desired appreciations; or 2) Information and indicators deliberately conveyed or denied to foreign targets 
to evoke invalid official estimates that result in foreign official actions advantageous to US interests and 
objectives. (JP 1-02 and JP 2-01.2, CI & HUMINT in Joint Ops, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 


Controlled Source. In counterintelligence use, a person employed by or under the control of an 
intelligence activity and responding to intelligence tasking. (JP 1-02 and JP 2-01.2, CI & HUMINT in Joint 
Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) Also see source; control; controlled source 
operation. 


Controlled Source Operation (CSO). A type of offensive counterintelligence operation (OFCO); see DoDI 
$-5240.09, OFCO, 29 Oct 2008 (under revision). 


Controlled Technical Services (CTS). The controlled use of technology to enhance counterintelligence 
and human intelligence activities. (JP 1-02 and JP 2-01.2, CI & HUMINT in Joint Ops, 16 Mar 2011 
w/ chg 1 dated 26 Aug 2011) 


CTS include asset communications, validation tools, tailored form factors, and technology or tools 
used with sources or Cl and HUMINT officers to enhance their collection efforts. CTS are a 
support function of Cl and HIMINT and are not independent operations. 

-- JP 2.01.2, CI & HUMINT in Joint Operations, 11 Mar 2011 w/ chg 1 (p. Il-15) 


Controlled Unclassified Information (CUI). Unclassified information that does not meet the standards for 
National Security Classification under Executive Order 12958 but is (1) pertinent to the national interests 
of the United States or to the important interests of entities outside the Federal Government, and (2) 
under law or policy requires protection from unauthorized disclosure, special handling safeguards, or 
prescribed limits on exchange or dissemination. (White House Memo, subj: Designation and Sharing of 
Controlled Unclassified Information, dated 7 May 2008) 


All federal agencies routinely generate, use, store, and share information that, while not 
appropriate for "classification" under EO 12958 or other authority, nevertheless requires some level 
of protection from unauthorized access and release. Currently this information is identified by over 
100 unique markings and handling regimes, such as "Law Enforcement Sensitive," “FOUO,” etc. 


An Interagency Task Force reviewed the CUI framework and recommended that the definition of 
CUI should be simplified to: All unclassified information for which, pursuant to statute, regulation, 
or departmental or agency policy, there is a compelling requirement for safeguarding and/or 
dissemination controls. 


See Heport and Recommendations of the Presidential Task Force on Controlled Unclassified 
Information, 25 August 2009, at «http://www.dhs.gov/xlibrary/assets/cui task force rpt.pdf- 


Cooperative Contact. An asset validation term referring to an individual who wittingly responds to tasking 


in certain areas, but is unwilling to enter into a controlled clandestine relationship. (National HUMINT 
Glossary) 
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Cooperative Detainee. A detainee who has established a pattern of answering all questions truthfully and 
unconditionally and, in fact, answers all questions truthfully and unconditionally. A detainee is not 
cooperative if the detainee refuses to answer, avoids answering, or falsely answers questions, or if the 
detainee is intentionally deceptive. A detainee who fluctuates between cooperation and resistance is not 
cooperative. (DoDD 3115.09, DoD Intelligence Interrogations, Detainee Debriefings, and Tactical 
Questioning, 11 Oct 2012 w/ chg 1 dated 15 Nov 2013) 


Co-Opted Worker or Co-Optee. A national of a country, but not an officer or employee of that country's 
intelligence service, who assists that service on a temporary or opportunity basis. (ICS Glossary & Cl 
Community Lexicon) 


Coordination. The process of sharing information regarding planned activity, affording potentially affected 
parties the opportunity to comment, prior to undertaking action. The process of coordination does not 
infer seeking authorization for action. (DoDD S-5200.37, Management and Execution of Defense 
HUMINT (U), 9 Feb 2009) 


-- Also, the process of sharing operational information and deconflicting activities prior to undertaking 
a proposed action. Coordination does not require approval or disapproval of the proposed action. (DoDD 
$-3325.09, Oversight, Management, and Execution of Defense Clandestine Source Operations (U), 9 Jan 
2013 w/ chg 1, dated 13 Jun 2013) 


DoD Counterintelligence — — — —— — 
Coordination... 


SECDEF shall conduct counterintelligence activities in support of 
Department of Defense components and coordinate activities... 


-- Dir FBI shall coordinate the clandestine collection of foreign intelligence 
collected through human sources or through human-enabled means and 
counterintelligence activities inside the United States. 


-- Dir CIA shall coordinate the clandestine collection of foreign intelligence 
collected through human sources or through human-enabled means and 
counterintelligence activities outside the United States. 


-- EO 12333, U.S. Intelligence Activities 


vÁ Ti a DoD/FBI MOU DCID 5/1 & 
e (Apr 1979) DoD/CIA MOA 
T is 5 under revision Annex 3 


| 
3; 7 / 
f xtA or TE 7 
| 
A 
EANAN.. a] 
6 ©COL Mark L. Reagan (USA Ret) - 26 Jan 2010 UNCLASSIFIED 


EO 12333 directs that the Director FBI coordinates Cl activities inside the U.S. and that Director 
CIA coordinates Cl activities outside the U.S. For coordination of DoD CI activities see: 


-- DoD/FBI MOU: Memorandum of Understanding between the FBI and DoD Governing 
Information Sharing, Operation Coordination, and Investigative Responsibilities, 2 Aug 2011 
+ Annex A - Counterterrorism Information Sharing, 14 Mar 2012 
+ Annex B - Counterintelligence Investigative Information Sharing, 9 Dec 2011 
+ Annex C - To be Published -- Coordinating Counterintelligence Activities 
+ Annex TBD - To be Published -- Joint Terrorism Task Force (JTTF) 


Note: The DoD/FBI MOU (Aug 2011), along with Annexes A, B, and future annexes covering 
Counterintelligence and Counterterrorism Jurisdiction and Operational Activities, when approved, supersede 
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the MOA Between the Attorney General and the Secretary of Defense, "Agreement Governing the Conduct of 
Defense Department Counterintelligence Activities in Conjunction with the Federal Bureau of Investigation 
(U), dated 5 April 1979 and the 1996 supplement thereto, "MOU Regarding Coordination of 
Counterintelligence Matters." 


The DoD/FBI MOU (2011) defines Operational Coordination as: "The solicitation of inputs prior 


to undertaking a proposed action, with the understanding that no such action will be taken until 
any identified objections have been resolved." 


-- DoD/CIA MOA: Annex 3 to the Memorandum of Agreement Between the Central Intelligence 
Agency and the Department of Defense, “MOA Between CIA and DoD Regarding Cl Activities 
Abroad (U),” 6 Dec 2007, classified SECRET//NOFORN 
Note: Annex 3 streamlines the coordination process by assigning primary responsibility for deconfliction to 
DoD CI field elements and the local Chief of Station/Chief of Base and defines "coordination" as the process 
of sharing operational information and deconflicting activities prior to undertaking a proposed action. (USD/I 


Memo, subj: Procedures for Coordination of Counterintelligence Activities Outside the United States, 4 Jan 
2008). 


For coordination regarding HUMINT activities see ICD 304, Human Intelligence, 6 Mar 2008 


Coordinating Authority. The commander or individual who has the authority to require consultation 
between the specific functions or activities involving forces of two or more Services, joint force 
components, or forces of the same Service or agencies, but does not have the authority to compel 
agreement. (JP 1, Doctrine for the Armed Forces of the United States, 25 Mar 2013) 


Counter Surveillance. Measures or actions taken when under verified or suspected surveillance. 
(DoDI S-5240.15, FPRG, 20 Oct 2010) Also see countersurveillance; surveillance; surveillance detection. 


Counter Threat Finance (CTF). Efforts to stop money that funds terrorism, proliferation, narcotics 
networks, espionage, WMD networks, trafficking in persons, weapons trafficking, precursor chemical 
smuggling, and other activities that generate revenue through illicit trafficking networks. (A Guide to 
Counter Threat Finance Intelligence by Marilyn B. Peterson, 2009) Also see threat finance. 


Commander, U.S. Special Operations Command is the DoD CTF lead component for 
synchronizing DoD CTF activities. 


For DoD policy see DoDD 5205.14, DoD Counter Threat Finance Policy, 19 Aug 2010 
(w/ chg 1 dated 16 Nov 2012). 


-- CTF Activities and Capabilities [within DoD]. DoD activities and capabilities, apart from those 
included under DoD CTFI [Counter Threat Intelligence], to deny, disrupt, destroy, or defeat finance 
systems and networks that negatively affect U.S. interests in compliance with all existing authorities and 
procedures. This includes those activities and capabilities undertaken with other Government agencies 
and/or partner nations. DoD CTF counters financing used to engage in terrorist activities and illicit 
networks that traffic narcotics, WMDs, improvised explosive devices, other weapons, persons, precursor 
chemicals, and related activities that support an adversary’s ability to negatively affect U.S. interests. 
(DoDD 5205.14, DoD Counter Threat Finance Policy, 19 Aug 2010) 


-- CTF Intelligence (CTFI) [within DoD]. DoD intelligence actions, including those undertaken with 
other USG agencies and/or coalition partners, that involve the collection, processing, integration, 
evaluation, analysis, interpretation, production, and dissemination of intelligence products in support of 
DoD CTF activities and capabilities. (DoDD 5205.14, DoD Counter Threat Finance Policy, 19 Aug 2010) 


Counterdeception. Efforts to negate, neutralize, diminish the effects of, or gain advantage from a foreign 
deception operation. Counterdeception does not include the intelligence function of identifying foreign 


deception operations. (JP 1-02 and JP 3-13.4, Military Deception, 13 Jul 2006) Also see deception; 
military deception. 
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-- Also, the detection of deception. (Textbook of Political-Military Counterdeception: Basic Principles & 
Methods, August 2007) 


In principle, it should always be possible to unmask a deception. 
-- R.V. Jones, /ntelligence and Deception (1981) 


Ideal counterdeception reveals the truth behind the lie, the face beneath the mask, the reality 
under the camouflage. 
-- Barton Whaley, Textbook of Political-Military Counterdeception: Basic Principles & Methods (2007) 


Counterespionage (CE). That aspect of counterintelligence designed to detect, destroy, neutralize, 
exploit, or prevent espionage activities through identification, penetration, manipulation, deception, and 
repression of individuals, groups, or organizations conducting or suspected of conducting espionage 
activities. (JP 1-02 and JP 2-01.2, Cl & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 

26 Aug 2011) Also see counterintelligence. 


-- Also, actions undertaken to investigate specific allegations or circumstances and to acquire 
information concerning a person or persons involved in the violation of US espionage laws. (National 
HUMINT Glossary) 


-- Also, those aggressive, comprehensive, and coordinated Cl defensive and offensive endeavors 
worldwide designed to detect, identify, assess, and counter, neutralize, penetrate, or exploit the foreign 
intelligence threat to the Department of Defense (AR 381-20, Army CI Program, 25 May 2010) 


-- Also, the act of conducting counterintelligence operations that involve the penetration of an 
opposing intelligence service. (Encyclopedia of the CIA, 2003) 


Wy. 
seek out enemy agents N AM 
conduct espionage ig 


3? 


j you eee 
-- Sun Tzu, The Art of War 
(circa 500 BC) 


Counterespionage is often touted as the aristocratic sector of secret operations. 
-- Harry Rositzke, C/A's Secret Operations (1977) 


Counterespionage... is a widely misunderstood branch of secret operations... CE is an offensive 
operation, a means of obtaining intelligence about the opposition by using—or, more usually, 
attempting to use—the opposition's operations. CE is a form of secret intelligence operation, but it 
is a form so esoteric, so complex and important as to stand by itself. 

-- Christopher Felix (James McCargar), A Short Course in the Secret War, 4" Edition (2001) 
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Counterespionage (CE) is the offensive, or aggressive, side of counterintelligence. It involves the 
identification of a specific adversary and a knowledge of the specific operation he is conducting. 
Counterespionage personnel must then attempt to counter these operations by infiltrating the 
hostile service (called penetration) and through various forms of manipulation. Ideally, the thrust of 
the hostile operation is turned back against the enemy. 

-- Senate Report # 94-755 (aka Church Committee Report), Book I, 26 April 1976, p. 166 


Counterespionage is like putting a virus into the bloodstream of the enemy. 
-- Robin W. Winks, Cloak and Glown: Scholars in the Secret War (1987), p. 422 


Counterfeit Material. An item that is an unauthorized copy or substitute that has been identified, marked, 
or altered by a source other than the item's legally authorized source and has been misrepresented to be 
an authorized item of the legally authorized source. (DoDI 4140.67, DoD Counterfeit Prevention Policy, 
26 Apr 2013) Also see suspect counterfeit. 


For general background information see Senate Armed Services Committee Report 112-167, 
Inquiry into Counterfeit Electronic Parts in the Department of Defense Supply Chain, 21 May 2012. 


Copy at: http;//www.armed-services.senate.gov/imo/media/doc/Counterfeit-Electronic-Parts. pdf 


Counterguerrilla Operations. Operations and activities conducted by armed forces, paramilitary forces, or 
nonmilitary agencies against guerrillas. (JP 1-02 and JP 3-24, Counterinsurgency, 22 Nov 2013) 


Counterinsurgency (COIN). Comprehensive civilian and military efforts designed to simultaneously defeat 
and contain insurgency and address its root causes. (JP 3-24, Counterinsurgency, 22 Nov 2013) 


... the success of a counterinsurgency depends less on defeating the terrorist, guerrilla, or military 
tractics of the insurgents than on uncovering and undermining the secret network and neutralizing 
its violent tactics. ...The pivotal elements of counterinsurgency are intelligence and 
counterintelligence. 

-- Roy Godson, Dirty Tricks or Trump Cards: US Covert Action and Counterintelligence (1995), p. 165 


Counterintelligence (Cl). Information gathered and activities conducted to identify, deceive, exploit, 
disrupt, or protect against espionage, other intelligence activities, sabotage, or assassinations conducted 
for or on behalf of foreign powers, organizations or persons, or their agents, or international terrorist 
organizations or activities. (Executive Order 12333, as amended 30 July 2008 and JP 2-01.2, CI & 
HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) Also see counterespionage. 


Counterintelligence... the core mission simply stated -- 


Combating Adversarial Intelligence Threats 
-- COL Mark L. Reagan (USA Ret) 


For DoD counterintelligence policy, see DoD Directive O-5240.02, Counterintelligence 


-- Also, information gathered, and activities conducted, to protect against espionage, other 
intelligence activities, sabotage, or assassinations conducted by or on behalf of foreign 
governments or elements thereof, foreign organizations, or foreign persons, or international 
terrorist activities. (BO USC §401a) 


Counterintelligence: [noun] intelligence activities concerned with identifying and 


countering the threat to security posed by hostile intelligence organizations or by 
individuals engaged in espionage or sabotage or subversion or terrorism. 


LINER 
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Identify 


Foreign Clandestine & Covert Threats 
> Espionage 
> Other Intelligence Activities 
> Sabotage 
> Assassinations 


Deceive 


Exploit 


Knowledge & Action Disrupt 


...conducted for or on behalf of foreign powers, 
organizations, or persons, or their agents, 


information gathered 
and activities conducted... 


Protect or international terrorist organizations or activities. 


-- Executive Order 12333, U.S. Intelligence Activities, as amended July 2008d 


Mark L Reagan — 1 May 2012 UNCLASSIFIED 


CI “embraces all activities, human and technical, whether at home or abroad, that are 
undertaken to identify, assess, neutralize and exploit foreign intelligence threats... 
counterintelligence is inherently a strategic, national security instrument.” 
-- Hon. Michelle Van Cleave, NCIX, 18 Nov 2004 


-- Also, intelligence activity, with its resultant product, devoted to destroying the effectiveness of 
inimical foreign intelligence activities and undertaken to protect the security of the nation and its 
personnel, information, and installations against espionage, sabotage, and subversion. Includes the 
process of procuring, developing, recording, and disseminating information concerning hostile clandestine 
activity and of penetrating, manipulating, or repressing individuals, groups, or organizations conducting 
such activity. (National Security Council Intelligence Directive [NSCID] No. 5, 17 Feb 1972) 


-- Also, encompasses actions taken to detect and counteract foreign intelligence activity that 
adversely affects U.S. national security interest. (WMD Report, 31 Mar 2005) 


-- Also, counterintelligence involves all those defensive and offensive activities conducted at home 
and abroad to protect against traditional and emerging foreign intelligence and international terrorist 
threats to the national security and to the national defense. (DHE-M 3301.002, Defense HUMINT 
Enterprise Manual, Vol Il: Collection Operations, 23 Nov 2010) 


-- Also, counters or neutralizes foreign intelligence and security services (FISS) and international 
terrorist organizations (ITO) intelligence collection efforts. It does this through collection, CI 
investigations, operations, analysis, production, and functional and technical services. Cl includes all 
actions taken to detect, identify, track, exploit, and neutralize the multidiscipline intelligence activities 
of friends, competitors, opponents, adversaries, and enemies. It is the key intelligence community 
contributor to the protection of U.S. interests and equities. Cl helps identify EEFIs [essential elements 
of friendly information] by identifying vulnerabilities to threat collection and actions taken to counter 
collection and operations against U.S. forces. (Army FM 2-0, Intelligence, 23 Mar 2010) 
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-- Also, the total action taken... by which information is gathered and activities are conducted to 
protect that agency against espionage, theft of materials, sabotage, assignations, or other intelligence 
activities conducted by, or on behalf of, hostile foreign governments or other "threatening" foreign 
organizations (terrorist groups, rogue military units, etc.). (Encyclopedia of the CIA, 2003) 


-- Also, Cl is a discipline and mindset that identifies, analyzes and neutralizes the efforts of others 
who seek to interfere with our [CIA's] ability to collect and analyze intelligence. (CIA/CIC, circa Mar 2010) 


Counterintelligence's core mission can be simply stated as combating adversarial intelligence 
threats. It is the business of identifying and combating foreign intelligence threats through 
knowledge and action -- knowledge of and action in countering global adversarial intelligence 
threats posed by a variety of intelligence entities directed by foreign states, as well as non-state 
actors, such as transnational terrorist groups. 


CI is an integral component of U.S. Intelligence—historically and doctrinally, as well as by statute, 
executive order and policy. Cl is an "intelligence activity" in accordance with the National Security 
Act of 1947 and EO 12333, which both specifically define "intelligence" as including 
counterintelligence and foreign intelligence. CI is intelligence activity focused on undermining the 
effectiveness of -- as well as exploiting -- adversary intelligence activities directed against US 
national security interests. Counterintelligence is one word in the United States -- it is not counter 
intelligence (two words) or counter-intelligence (hyphenated). 


Cl is often confused with the foreign intelligence (FI) collection discipline referred to as human 
intelligence or HUMINT. Although Cl and HUMINT are both intelligence activities that operate in 
the human domain -- they are distinctly different...different missions, different authorities, 
each focused on different content, as well as outcomes. 


The need for Cl knowledge and action is much different from the need for FI collection. FI 
collection values the information above all, whereas CI insists on acting on that information-- 
a totally different operational dynamic. 


FI [foreign intelligence] is the task of producing and analyzing otherwise unobtainable intelligence 
(i.e., “stealing secrets); Cl focuses on preventing others from stealing secrets... 


-- Andre Le Gallo, "Covert Action: A Vital Option in U.S. National Security Policy, International 
Journal of Intelligence and Counterintelligence, Vol 18 No 2 (Summer 2005), p. 354 


[Foreign] intelligence is, in essence, the gathering and analysis of secret information about other 
nations. Its opposite twin, security, is the protection of one’s own secrets. Counterintelligence 
seeks to protect both of the elements from foreign intelligence activities. 

-- American Counterintelligence and Security for the 21st Century, The Institute of World Politics 


Knowledge and Action... 


CI "is a strategic instrument available to states to protect themselves and advance their interests 
in the struggle for power, wealth, and influence. ...But the end product, the mission of 
counterintelligence, is action—action to protect against foreigners and action to manipulate 
foreigners in the service of national goals." 


-- Roy Godson, Dirty Tricks or Trump Cards: US Covert Action and Counterintelligence (1995) 


The primary mission of counterintelligence is to identify, neutralize, and exploit the intelligence or 
secret infrastructure of others. It is by its very nature both a defensive and offensive tool. ... 
Offensively, counterintelligence helps to advance strategy and policy through knowledge about 
adversary intelligence and exploit an adversary's vulnerabilities to weaken or manipulate them to 
advantage. ... But only counterintelligence... has the mission and the capabilities to understand, 
defend against, and exploit an adversary's secret intelligence. 

-- Roy Godson, Dirty Tricks or Trump Cards: US Covert Action and Counterintelligence, with new 

introduction by the author (paperback 2001), p. xxviii 
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CI wages "nothing less than a secret war against antagonist intelligence services." 
-- U.S. Senate Report 94-755, Book |, 26 April 1976, p. 163 


-- Also, Cl encompasses information collections, analysis, investigations and operations conducted 
to identify and neutralize espionage and foreign intelligence activities, the intelligence-related activities 
of terrorists, and adversary efforts to degrade, manipulate or covertly influence U.S. intelligence, political 
processes, policy or public opinion. (NIPF [U], Jul 2006) 


CI works closely with intelligence, security, infrastructure protections and law enforcement to 
ensure an integrated approach to the protection of U.S. forces, our intelligence and national assets, 
U.S. research, development and technology, and the U.S. economy. 


Cl is composed of both offensive and defensive elements. Offensive Cl includes the penetration 
and deception of adversary groups. Defensive Cl involves protecting vital U.S. national security 
related information from being obtained or manipulated by an adversary's intelligence 
organizations, activities and operations. This two-pronged approach forms a comprehensive Cl 
strategy that is informed by collection results and feeds more effective CI operations. 


Counterintelligence is a universal constant that should be factored in whenever U.S. intelligence or 
national security capabilities are deployed or when we are targeted by our adversaries. 'Every' 
U.S. intelligence capability and requirement needs to be protected and 'every' intelligence threat 
deployed against us should be countered by effective offensive and defensive Cl. 


-- NIPF - Intelligence Topic Definitions and Information Needs (U), July 2006 


-- Also, Cl may also be thought of as knowledge needed for the protection and preservation of the 
military, economic, and productive strength of the United States, including the security of the Government 
in domestic and foreign affairs against or from espionage, sabotage, and all other similar clandestine 
activities designed to weaken or destroy the United States. (Report of the Commission on Government 
Security - 1957, as cited in Church Committee Report, 26 April 1976, p. 163, footnote 1) 


Counterintelligence (Cl) is a special form of intelligence activity, separate and distinct 
from other disciplines. Its purpose is to discover hostile foreign intelligence operations 
and destroy their effectiveness. This objective involves the protection of the United 
State Government against infiltration by foreign agents, as well as the control and 
manipulation of adversary intelligence operations. An effort is made to both discern 
and decive [sic] the plans and intentions of enemy intelligence services. 


Defined more formally, counterintelligence is an intelligence activity dedicated to 
undermining the effectiveness of hostile intelligence services. 


-- Senate Report 94-755 (aka Church Committee Report), 26 April 1976 (p. 163) 


Counterintelligence — Senate Report 94-755 


Counterintelligence: Activities conducted to destroy the effectiveness of foreign intelligence 
operations and to protect information against espionage, individuals against subversion, and 
installations against sabotage. The term also refers to information developed by or used in 
counterintelligence operations. See counterespionage, countersabotage, and countersubversion 
[below]. 


Counterespionage: Those aspects of counterintelligence concerned with aggressive operations against 
another intelligence service to reduce its effectiveness, or to detect and neutralize foreign espionage. This 
is done by identification, penetration, manipulation, deception, and repression of individuals, groups, or 
organizations conducting or suspected of conducting espionage activities in order to destroy. Neutralize, 
exploit, or prevent such espionage activities. 


Countersabotage: That aspect of counterintelligence designed to detect, destroy, neutralize, or prevent 
sabotage activities through identification, penetration, manipulation, deception, and repression of 
individuals, groups, or organizations conducting or suspected of conducting sabotage activities. 


Countersubversion: That part of counterintelligence designed to destroy the effectiveness of subversive 
activities through the detection, identification, exploitation, penetration, manipulation, deception, and 
repression of individuals, groups, or organizations conducting or capable of conducting such activities. 


-- Senate Report 94-755 (aka Church Committee Report), Book | — Glossary, 26 April 1976, p. 620. 
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Counterintelligence Activities. [An alternate term for] one or more of the five functions of 
counterintelligence: operations, investigations, collection, analysis & production, and functional services. 
(DoDD O-5240.02, Counterintelligence, 20 Dec 2007; JP 1-02; and JP 2-01.2, Cl & HUMINT in Joint 
Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) Also see counterintelligence functions. 


Counterintelligence Activities in Cyberspace. Cl activities in cyberspace include those forensics 
examinations of DoD affiliated information systems and other approved virtual or on-line activities to 
identify, disrupt, neutralize, penetrate, or exploit FIEs [Foreign Intelligence Entities]. DoD CI activities in 
cyberspace do not include Offensive Computer Operations as defined in NSPD-38 or the collection and 
processing of technical and intelligence information derived from foreign communications by other than 
an intended recipient. (DoDI S-5240.23, Cl Activities in Cyberspace (U), 13 Dec 2010 with chg 1) 


For additional information see -- 

1) JP 2-01.2, Counterintelligence and Human Intelligence in Joint Operations (U), 16 Mar 2011 
w/ chg 1 dated 26 Aug 2011 (para 3f, p. III-17, "CI Activities in Cyberspace"). 

2) The DoD Strategy for Counterintelligence in Cyberspace (28 Aug 2009). 

3) The United States Government-Wide Cyber Counterintelligence Plan - 2008 (classified). 


Cyberspace is a Venue 


Counterintelligence Analysis. The methodical process of examining and evaluating information to 
determine the nature, function, interrelationships, personalities, and intent regarding the intelligence 
capabilities of foreign powers, international terrorists, and other entities. (DoDD O-5240.02, 
Counterintelligence, 20 Dec 2007 with change 1 dated 20 Dec 2010) Also see counterintelligence 
production. 


CI Function: CI Analysis & Production... 


Assimilating, evaluating, interpreting, and disseminating 
Analysis & Production | information of Cl relevancy — a critical enabler providing 
insights into clandestine & covert threats 


Astute analysis is [a] critical enabler... Strategic analysis allows DoD Cl to understand 
today’s risk environment. ...[it] allows the Department to learn and use an adversary’s 
pressure points to influence its actions. 


-- DoD Counterintelligence Strategy - FY 2004 


t t “It is not enough, of course, simply to collect information. 
C. tut, f d iiid i : 

4 Y D] Thoughtful analysis is vital to sound decisionmaking.” 
y t $ á -- President Ronald Reagan (4 Dec 1981) 


"Analysis — Collecting information is one thing. 
Making sense of it and using it to frustrate and exploit foreign services is another." 


-- Roy Godson, Dirty Tricks or Trump Cards: US Covert Action and Counterintelligence (1995), p. 81 


Counterintelligence Analysis — the Queen of the Counterintelligence Chessboard 


Intelligence Community analytical tradecraft standards established in ICD 203, Analytical 
Standards, serve to guide the writing of intelligence analysis and apply to counterintelligence 
analysis. 
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"Effective counterintelligence analysis is a tall order. Good macro-analysis is not synonymous with 
journalism, or narrative description, or even investigations. Macro-counterintelligence analysis is 
meant to be explanatory, systematic, empirical, cumulative, reliable, comprehensive, integrated, 
and policy relevant. Analysis should discover and connect the seemingly disconnected, illuminate 
hidden relationships, identify unseen linkages, reveal patterns of activity and behavior heretofore 
unobserved. Good counterintelligence analysis should provide reliable knowledge and authoritative 
judgments to policymakers and operators. The product of counterintelligence and security analysis 
is understanding and explanation, and if possible, to answer the questions how and why." 

-- Kenneth E, deGraffenreid, Countering Hostile Intelligence Activities as a Strategic Threat (1989) 


CI analysis drives collections, enhances CI investigative activity, 
shapes operations, enables mission execution, and informs decision makers 


- Also, the process of examining and evaluating information to determine the nature, function, 
interrelationships, personalities, and intent regarding the intelligence capabilities of state and non-state 
actors and other entities and activities of Cl interest. (JP 2.01.2, Cl & HUMINT in Joint Operations, 

11 Mar 2011) 


-- Also, a step in the process of producing timely, accurate, and relevant assessments regarding the 
actual and potential foreign intelligence and international terrorist threat to Department of Defense in 
which the collected information is subjected to review to identify significant facts for subsequent 
interpretation. (AR 381-20, Army Cl Program, 25 May 2010) 


DoD CI Analysis 
High Level View... 


[- EO 12333 

[— PDD 24 & PDD 75 
[— ICDs 200, 203, 204, 205, 206 & 208 
[— DoDD O-5240.02, CI 

[— DoDI 5240.18, CI Analysis 


1 
Policy t| 
> 
Strategy E | 
I— National Security Strategy 
+— National Intelligence Strategy 


I— Nat'l Strategy Cbt Terrorism 
[— National & DoD CI Strategies 


CI ANALYSIS: The methodical process of examining 
and evaluating information to determine the nature, 
function, interrelationships, personalities, and intent 
regarding the intelligence capabilities of foreign 
powers, international terrorists, and other entities. 


meÉp------ 


Right information, in the right context, 


1 e.g. Standing CI Collection Requirements 
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z 1 (understand the meaning) | Create CI Knowledge C Intelligence 
o |. Coll aborate Clear, digestible explanation with evidence G c 
z ~ Assemble hypotheses Supports 4 Core 
-- Identify reasonable alternatives - CI Support to Force Protection 
-- Test against available evidence * CI Support to RDA 
-- Explore implications * CI Support to DCIP 
-- Structure argumentation * Countering Espionage 


-- Seek add'tl evidence to: confirm / reinforce / eliminate 
-- Evaluate & Interpret 


Mark L Reagan - 5 Jan 2004 A : , ] m . 
Revised / Updated 1 Dec 2011 See "Analysis - Synthesis Modeling Process" for next level drill down 


Counterintelligence Analysis — the Queen of the Counterintelligence Chessboard 


UNCLASSIFIED 
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Analysis — Collecting information is one thing. 
Making sense of it and using it to frustrate and exploit foreign services is another. 
-- Roy Godson, Dirty Tricks or Trump Cards: US Covert Action and Counterintelligence (1995), p. 81 


CI Analysis... look at the details and see the passion 


I can't possibly overstate the importance of good research. Everyone goes through life dropping 
crumbs. If you can recognize the crumbs, you can trace a path all the way back from your death 
certificate to the dinner and a movie that resulted in you in the first place. But research is an art, not 
a science, because anyone who knows what they're doing can find the crumbs, the wheres, whats, 
and whos. The art is in the whys: the ability to read between the crumbs, not to mix metaphors. For 
every event, there is a cause and effect. For every crime, a motive. And for every motive, a 
passion. The art of research is the ability to look at the details, and see the passion. 

-- Daryl Zero, The Zero Effect (1998) 


Analysis... often raises more questions than it answers. ...remember of the basic principle: All 
action, whether human or physical, disturbs the environment is some way. Find that disturbance 
and you have a key to the action. 
For analysis to play its proper CI role it must be able to survey all of the intelligence data available 
to one's own government, and it must be able to somehow direct the rest of Cl. 

-- Angelo Codevilla, Informing Statecraft: Intelligence for a New Century (1992), pp. 330-331 


For a "snap shot" of CI analysis see Irvin D. Sugg, Jr., Basic Counterintelligence Analysis in a 
Nutshell: Quick Reference Guide, Joint Counterintelligence Training Academy (JCITA), n.d. 
Copy available at: <http://www.ntis.gov/search/product.aspx?ABBR=PB2010105593> 


Counterintelligence Analysis and Production Council (CIAPC). The principal forum for coordinating CI 
analysis and production requirements, discussing Cl analysis and production priorities within the 
enterprise, and discussing other IC issues. (DoDI 5240.18, Cl Analysis & Production, 17 Nov 2009 with 
change 1 dated 15 Oct 2013) 


CIAPC Membership: The Director, Defense CI & HUMINT Center (DCHC), appoints the Chair. 
Core membership includes the DCHC analysis and production enterprise manager and the 
managers of the Defense Cl Component analysis and production elements. The Chair may expand 
membership, to include other full-time or permanent part-time Federal employees. 


Counterintelligence Analysis and Production Element. The element within a Defense Cl Component that 
performs Cl analysis in any form; produces a Cl analytical product in any of the categories of Cl analysis; 
or responds to requests for Cl analysis from an internal organization and/or from organizations external to 
the Defense CI Component. (DoDI 5240.18, Cl Analysis & Production, 17 Nov 2009) 


Counterintelligence Analysis Centers. See ACIC, ICON, MTAC for DoD CI Analysis Centers. . 


Counterintelligence Analysis Report. A document produced by a CI analysis and production element 
stating the results of analysis regarding a relevant Cl topic, event, situation, or development, and 
containing the characteristics outlined in [DoDI 5240.18] Appendix 2 to Enclosure 3. (DoDI 5240.18, Cl 
Analysis & Production, 17 Nov 2009) 


Counterintelligence Analytical Product. Any document that contains the work of, is supported by, 
collaborated on, or produced by a CI analyst at any echelon within a Defense CI Component. It may 
or may not include CI production. (DoDI 5240.18, Cl Analysis & Production, 17 Nov 2009) 


Objectives of Cl analytical products are to: 1) Outline, describe, or illustrate the threat posed by an 
Foreign Intelligence Entity (FIE) to installations, personnel, assets, operations, or resources; 2) 
Identify opportunities to conduct offensive Cl operations (OFCO) targeting a FIE; and 3) Identify Cl 
investigative opportunities. 
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Cl analytical products seek to satisfy a core Cl production requirement to identify people, 
organizations, locations, activities, and resources associated with a FIE or a target of a FIE. 


Within DoD, CI analytical products are categorized based on the purpose of the product, analytical 
effort, the production timeline, and other distinguishing characteristics. The primary categories of 
CI analytical products are: 1) Assessment, 2) Analysis Report, 3) Threat Advisory, and 4) 
Functional Support. Associated analytical products with Cl collections, investigations and 
operations are summarized below. 


-- Analytical products associated with CI collections are: 


Collection Support Brief. Provides near-comprehensive background detail on a collection issue to 
guide and enhance collection efforts. (DoDI 5240.18, 17 Nov 2009) 


Collection Source Evaluation. An evaluation of a source to determine if the information provided is 
valuable and credible and to ascertain the reliability and veracity of the source. (DoDI 5240.18, 
17 Nov 2009) 


Collection Emphasis. Supplements a standing collection requirement and identifies areas of 
emphasis or information gaps to the Cl collector. (DoDI 5240.18, 17 Nov 2009) 


Source-Directed Requirement. Established by a Cl analysts based on knowledge of a source’s 
access and placement to necessary information. (DoDI 5240.18, 17 Nov 2009) 


IIR Evaluation. An analyst's evaluation of how well an IIR satisfied the intelligence requirement for 
which it was collected. (DoDI 5240.18, 17 Nov 2009) 


Analytical products associated with Cl investigations are: 


Investigative Analysis Report. An evaluation of all available information obtained during a Cl inquiry 
to determine if an investigation is warranted; an evaluation of an on-going Cl investigation to develop 
leads, identify trends, patterns, or anomalies in furtherance of the investigative effort; or produced at 
the conclusion of a Cl investigation to identify previously unknown methods of operation, describe 
lessons learned, and to support damage assessments when initiated. (DoDI 5240.18, 17 Nov 2009) 


Investigative Source Evaluation. An evaluation of a source to determine if the information provided is 
valuable and credible, and to ascertain the reliability and veracity of the source. (DoDI 5240.18, 17 
Nov 2009) 


Investigative Support Package. An evaluation of all available information pertaining to an unknown 
subject Cl inquiry or investigation in an effort to identify a person, place, or thing of Cl interest based 
on analysis of the information. (DoDI 5240.18, 17 Nov 2009) 


-- Analytical products associated with Cl operations are: 


Operational Analysis Report. An evaluation of information from a variety of sources to determine if 
favorable conditions are present for initiation of a Cl operation and the report may offer suggestions 
as to the type of asset and/or the access and placement required to meet the foreign essential 
elements of information requirements. (DoDI 5240.18, 17 Nov 2009) 


Operational Asset Evaluation. Evaluates an asset's reliability and veracity in a Cl operation. 
(DoDI 5240.18, 17 Nov 2009) 


Operational Support Package. Comprehensive analysis of all available intelligence on a target of 
interest to a Defense Cl Component or determined to be of interest to DoD CI. It details the 


significance of the target, relates it to strategic objectives, identifies desired effects, and suggests 
methods of engagement to achieve desired results. (DoDI 5240.18, 17 Nov 2009) 
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Counterintelligence Assessment. A document produced by a CI analysis and production element stating 
the in-depth and comprehensive results of analysis regarding a relevant Cl topic, event, situation, or 
development, and contains the characteristics outlined in [DoDI 5140.18] Appendix 2 to Enclosure 3. 
(DoDI 5140.18, CI Analysis & Production, 17 Nov 2009) 


-- Also, an analysis of the actual or potential foreign intelligence and international terrorist threat to 
DoD, with the objective of protecting personnel, plans, information. Research and technology, critical 
infrastructure, and other national security interests. (AR 381-20, Army CI Program, 25 May 2010) 


-- Also, a DoD Component's comprehensive analysis or study of a relevant Cl topic, event, 
situation, issue, or development. When conducted in support of an RDA program with CPI 
[Critical Program Information], the assessment describes the threat a foreign entity (person, 
representative, corporation, government, military, commercial, etc.) represents to the CPl/system 
assessed. (DoDI 5200.39, CPI Protection within DoD, 16 Jul 2008, w/ change 1 dated 28 Dec 
2010) 


The Cl assessment is multidisciplinary as it includes an analysis of the diverse foreign 
collection modalities available, the relative effectiveness of each, and capability of the foreign entity 
to collect information about research efforts, the technology, and/or system under development. 
The assessment may include the impact to the DoD if the technology is compromised and be 
complimentary to, integrated with, or independent of the TTRA provided by the Defense 
Intelligence Community. 

-- DoDI 5200.39, CPI Protection within DoD, 16 Jul 2008, w/ chg 1 dated 28 Dec 2010 


Counterintelligence Awareness. An individual's level of comprehension as to the FIE [foreign intelligence 
entity] threat, methods, indicators, and reporting requirements. (DoDD 5240.06, CIAR, 17 May 2011 with 
change 1 dated 30 May 2013) 


-- Also, a state of being aware of the sensitivity of classified information one possesses, collaterally 
aware of the many modes of operation of hostile intelligence persons and others whose interests are 
inimical to the United States while being able to recognize attempts to compromise one's information, and 
the actions one should take, when one suspects he has been approached, to impart the necessary facts 
to trained counterintelligence personnel. (DoD 5220.22.22-M-Sup 1, NISPOM Supplement, Feb 1995) 


Counterintelligence Awareness Products. A DoD Components analysis of a Cl topic, event, situation, 
issue, or development. These products differ from an assessment in that they are often time sensitive, are 
published as needed or annually, and normally do not require extensive research to produce. Products of 
this nature ensure a consistent flow of appropriately classified or categorized threat information is 
available to the community to increase awareness and action as appropriate. The Defense Security 
Service "Technology Collection Trends in Defense Industry" and the Office of the National 
Counterintelligence Executive "Annual Report to Congress on Foreign Economic Espionage" are 
examples of products meeting this objective. (DoDI 5200.39, CPI Protection within DoD, 16 Jul 2008, w/ 
chg 1 dated 28 Dec 2010) 


Counterintelligence Campaign (CI Campaign). See DoD Counterintelligence Campaign. 
Counterintelligence Collection. The systematic acquisition of intelligence information to answer CI 
collection requirements. (DoDI S-5140.17, CI Collection Activities, 14 Mar 2014) Also see 
Counterintelligence Collection Activities; Military Counterintelligence Collection. 

See "Counterintelligence Collection Methods" addressed in Appendix C, Joint Publication 2-01.2, 


Counterintelligence and Human Intelligence in Joint Operations (U), 16 Mar 2011 w/ chg 1 dated 
26 Aug 2011. 


Director DIA is the Defense CI Collection Manager. 
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-- Also, the systematic acquisition of information (through investigations, operations, or liaison) 
concerning espionage, sabotage, terrorism, other intelligence activities or assassinations conducted by or 
on behalf of foreign governments or elements thereof, foreign organizations, or foreign persons that are 
directed against or threaten Department of Defense interests. (JP 1-02 and JP 2-01.2, Cl & HUMINT in 
Joint Operations (U),16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 


CI Function: Cl Collection... 


Obtaining information about foreign intelligence entities, other 


CI Collection | clandestine & covert threats, as well as international terrorists 


groups/networks 


Counterintelligence Collection: The systematic acquisition of 
intelligence information to answer CI collection requirements. 
-- DoDI S-5140.17, Counterintelligence Collection (U), 12 Jan 2009 


= Cl Collection activities are designed to collect specific information or develop 
leads concerning adversary intelligence collection requirements, capabilities, 
efforts, operations, structure, personalities, and methods of operations 


= Cl Collection can result from ongoing CI investigations or operations or serve 
to initiate Cl investigations and/or operations 


= Types of CI Collection within DoD include: 
* Military Counterintelligence Collection (MCC) 
e Cl Interviews & Debriefings... 
including Debriefing of Enemy POWs, Displaced Persons & Refugees 
* Liaison 
* Open Source & Media Exploitation 
* CI Collection in the Cyberspace Domain 


CI Collection feeds analysis... which in turn informs decision makers, drives additional 
collections, enhances investigative activity, shapes operations, and enables mission execution 


See DoDI S-5240.17, (U) CI Collection Activities, 14 Mar 2014 for DoD policy and additional 
information. 


Counterintelligence Collection Activities (CCA): CI collection activities to include military Cl collection, Cl 
questioning of EPWs and detainees, Cl debriefings, liaison, open source and media exploitation, and Cl 
collection in cyberspace. (DoDI S-5140.17, CI Collection Activities, 14 Mar 2014) Also see 
Counterintelligence Collection; Military Counterintelligence Collection. 


Counterintelligence Collection in Cyberspace. The use of cyber means as the primary tradecraft 
methodology to engage in targeting and collecting cyber based FIE [Foreign Intelligence Entity] activities. 
CI Collection in cyberspace may include the use of authorized non-attributable Internet connections, 
development and use of national cyber personas, use of authorized obfuscation techniques, as well as 
appropriate digital tradecraft and cover. (DoDI S-5240.23, CI Activities in Cyberspace (U), 13 Dec 2010 
with change 1 dated 16 Oct 2013) 


Counterintelligence Collection Operations. Intelligence collection operations that use human sources and 
Cl resources to answer validated Cl requirements. Cl collection operations are deliberate, planned 


activities primarily using human sources to satisfy one or more validated Cl information requirements. 
(DoD CI Collection Integrated Working Group Handbook 1-02, 8 Aug 2006) 
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Counterintelligence Controlled Source Operation (CI CSO). A type of offensive counterintelligence 
operation (OFCO); see DoDI S-5240.09, OFCO, 29 Oct 2008 for detailed information. 


Counterintelligence Coordinating Authority (CICA). A designated Cl representative in country, the CICA 
coordinates, deconflicts, and/or synchronizes all joint Cl issues in the country with the Service Cl 
elements assigned to or operating within that country, and with the US embassy or consulate. (JP 2-01.2, 
Cl & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) Also see Command 
Counterintelligence Coordinating Authority (CCICA). 


Counterintelligence Cyber Investigation. An investigation using techniques that identify and interdict the 
misuse of DoD information systems by a trusted insider or an external intruder. These investigations may 
involve computer intrusions, exceeding authorized network access, denial of service attacks, or the 
introduction of a virus or a malicious code. (Previously defined in DoDI 5240.19, CI Support to the 
Defense Critical Infrastructure Program, 27 Aug 2007 with change 1 dated 28 Dec 2010) 


Counterintelligence Effects-Based Operations (CI EBO). As applied to counterintelligence, effects-based 
operations is a process for obtaining a desired strategic outcome of effect on adversary intelligence 
activities through the synergistic, multiplicative, and cumulative application of the full range of CI 
capabilities at the tactical, operational and strategic levels, to include leveraging non-Cl capabilities. 
Successful Cl effects-based operations rest on an explicit linking of Cl actions to desired strategic 
outcomes. Cl effects-based operations proactively shape the battlespace in our war against adversary 
intelligence activities and terrorist networks through the robust execution of full-spectrum Cl capabilities 
across the entire spectrum of conflict in an orchestrated and synchronized manner to achieve national, 
departmental, and combatant commander objectives. (COL Mark L. Reagan, USA Ret) 


Counterintelligence Enhancement Act of 2002. The act facilitates enhancement of US counterintelligence 
activities by: (1) enabling the counterintelligence community of the US Government to fulfill better its 
mission of identifying, assessing, prioritizing, and countering the intelligence threats to the United States; 
(2) ensuring that the counterintelligence community of the US Government acts in an efficient and 
effective manner; and (3) providing for the integration of all the US Cl activities. The act also established 
the National Counterintelligence Executive (NCIX), the National Cl Policy Board and the Office of the 
National Cl Executive (ONCIX) which replaced the National Counterintelligence Center (NACIC). 

(88 901-904 PL 107-306) 


The act is available at <http://www.ncix.gov/publications/law/index.html> 
Counterintelligence Equity. Facts or circumstances connecting an incident, event, or person to an actual 
or potential intelligence or terrorist threat to Army or DoD personnel, programs, plans, operations, 
installations, systems, technology, or security. (AR 381-20, Army CI Program, 25 May 2010) 
Counterintelligence Flags. Indicators that should alert a source handler to suspicious action that may 
bring the source's bona fides into question. (DoDI S-3325.07, Guidance for the Conduct of DoD Human 
Source Validation (U), 22 Jun 2009.) 


“Cl Flags" are different from reportable Cl indicators and behaviors as addressed in DoD Directive 
5240.06,Cl Awareness and Reporting (CAIR, 17 May 2011 w/ chg 1 dated 30 May 2013; see 
potential espionage indicators. 


Counterintelligence Force Protection Detachment. See Force Protection Detachment (FPD). 
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Counterintelligence Force Protection Source Operations (CFSO). Overt source collection activities of an 
expedient nature intended to identify threats to the command in support of the commander's force 
protection mission. (Marine Corps Doctrinal Publication 2-6 [previously 2-14], Counterintelligence, 5 Sep 
2000, p. 2-3) 


Counterintelligence Functions. The five functions of counterintelligence: operations, investigations, 
collection, analysis & production, and functional services. (JP 1-02) Also see CI Activities. 
CI functions are interrelated, mutually supporting, and can be derived from one another. 


Functions vs. Missions: “Functions differ from Cl missions in that missions focus on end results to 
be accomplished, rather than on the means for accomplishment. " 
-- Mission Area Analysis of DoD Counterintelligence, Institute for Defense Analyses, May 1999, p.7 


CI functions are useful terms of reference to describe “what is done” 
CI missions focus on the "end result" to be accomplished 


CI Functions === 


Operations 


Analysis & Production 


CI Functional Servic 


E ————— M áÓ——s————— M À—n— 
e Mark L Reagan — 13 Mar 2006 UNCLASSIFIED 


1 


Counterintelligence Functional Services (CIFS). CI activities that support other intelligence or DoD 
operations by providing specialized defensive Cl services to identify and counter the intelligence 
capabilities and activities of terrorists, foreign powers, and other entities directed against US national 
security. (DoDD O-5240.02, Counterintelligence, 20 Dec 2007 with change 1 dated 30 Dec 2010) 


-- Also, activities engaged in by personnel trained in Cl and conducted to detect espionage, sabotage, 
terrorism, or related intelligence activities of an FIE directed against the DoD, and that enable one or 


more of the CI functions (investigations, collection, operations, or analysis and production). 
(DoDI O-5240.24, Cl Activities Supporting RDA, 8 Jun 2011 with change 1 dated 15 Oct 2013) 
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-- Also, Cl activities that support other intelligence or DoD operational activities, providing specialized 
defensive Cl services to identify and counter terrorism, espionage, sabotage, and related activities of 
Foreign Intelligence Entities. (JP 2.01.2, Cl & HUMINT in Joint Operations, 11 Mar 2011) 


For DoD Policy see DoD Instruction, Counterintelligence Functional Services (CIFS), 27 Aug 2012. 


For more in-depth information regarding Cl functional services see Department of Defense, Cl 
Functional Services Integrated Working Group Handbook, Doctrine, Tactics, Techniques, and 
Procedures for Counterintelligence Functional Services, 19 Feb 2009. This handbook further 
defines Cl functional services as: those activities that are not unique to other Cl functions and that 
support other CI functions and missions; specialized services, which are not inherently Cl but 
support the CI mission and functions. 


Within DoD, Cl functional services consist of basic Cl activities (including espionage detection and 
CI support to military operations) and specialized services (e.g., polygraph/credibility assessments, 
TSCM, behavioral science support, cyber services). 


Counterintelligence Functional Support Plan (CI FSP). Director Defense CI and HUMINT Center is 
responsible for preparation of Cl FSPs as part of the Intelligence Planning process (CJCSM 3314.01). 
Format for CI FSPS is provided at enclosure E to CJCSM 3314.01, Intelligence Planning, 28 Feb 2008. 


Counterintelligence Inquiry. An examination of the facts surrounding an incident of potential CI interest, 
to determine if a Cl investigation is necessary. (DoDD 5240.02, Cl, 20 Dec 2007 with change 1 dated 30 
Dec 2010) Also see counterintelligence investigation. 


For information regarding Cl inquiries within DoD see: 1) DoDI O-5240.21, Cl Inquires, 14 May 
2009, which provides DoD policy and outlines the procedures for initiating and conducting Cl 
Inquires; and 2) DoD, Cl Functional Services Integrated Working Group Handbook, Doctrine, 
Tactics, Techniques, and Procedures for Counterintelligence Functional Services (U), 19 Feb 2009. 


According to the DoD handbook on CI functional services, "[w]ithin DoD a CI inquiry does not 
require "investigative authority" as it is not a CI investigation." A Cl inquiry is designed to gather 
information, identify and/or verify the credibility of potential sources and subjects(s) of CI interest, 
and to recommend appropriate action if the inquiry does not resolve the matter. The goal is to 
establish or refute a reasonable belief that a particular person is acting for or on behalf of, or an 
event is related to, a foreign power engaged is spying, or committing espionage, sabotage, or 
other national security crimes (e.g., treason), or international terrorist activities. Establishment 

of reasonable belief provides the basis for opening a Cl investigation. Once a reasonable belief is 
established the matter must be referred to the appropriate Military Department Cl organization 
and/or the FBI [see Section 811 referral]. Refer to the definition of reasonable belief. 


The DoD handbook stresses that "Tw]ithin DoD, only Military Department CI organizations have CI 
investigative authority and may, accordingly, use the intrusive techniques provided for in 
Procedures 5 through 13 of DoD 5240.1-R.... It is absolutely vital that CI personnel obtain 
guidance from their own organization's legal counsel as to what specific investigative techniques 
and activities are allowable in their organization and approval from their organization's leadership 
to employ those techniques in the course of CI activity.” 


A CI Inquiry is not a Cl investigation, but it can provide the basis for a CI investigation. 


Counterintelligence Insider Threat (CI InT). A person who uses their authorized access to DoD facilities, 
systems, equipment, information or infrastructure to damage, disrupt operations, compromise DoD 
information or commit espionage on behalf of an FIE [Foreign Intelligence Entity]. (DoDD 5240.06, CIAR, 
17 May 2011 with change 1 dated 30 May 2013) 


-- Also, a person, known or suspected, who uses their authorized access to DoD facilities, personnel, 
systems, equipment, information, or infrastructure to damage and disrupt operations, compromise DoD 
information, or commit espionage on behalf of an FIE [foreign intelligence entity]. (DoDI 5240.26, 
Countering Espionage, International Terrorism, and Counterintelligence Insider Threat, 4 May 2012 with 
change 1 dated 15 Oct 2013) Also see insider, insider threat. 
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Cl is one critical component in countering “insider threats,” the other components are security, 
information assurance (IA), law enforcement, and antiterrorism/force protection. 


CI Insider Threat Program Elements: 
-- CI Analysis of Information Technology Auditing & Monitoring 
-- Cl Insider Threat Awareness & Training 
-- Foreign Travel and Contact Reporting and Analysis 
-- Polygraph & Credibility Assessment 
-- Personnel Security, Evaluation, Analysis, and Reporting 
-- Security Incident Reporting & Evaluation 
-- Proactive Cl Initiatives 


For additional information see DoDI 5240.26, Countering Espionage, International Terrorism, and 
Counterintelligence Insider Threat, 4 May 2012 


Insider threat detection should be a comprehensive US Government (USG) effort dedicated to 
countering potential threats and mitigating damage that could result from unauthorized disclosure 
of information, espionage, terrorism, and other national security crimes. 

-- U.S. Government Threat Detection Guide - 2011 


Counterintelligence Investigation. Formal investigative activities undertaken to determine whether a 
particular person is acting for or on behalf of, or an event is related to, a foreign power engaged in spying 
or committing espionage, sabotage, treason, sedition, subversion, assassinations, or international 
terrorist activities, and to determine actions required to neutralize such acts. (DoDI 5240.04, Cl 
Investigations, 4 Feb 2009 with change 1 dated 15 Oct 2013) Also see counterintelligence inquiry, 
investigation. 


[d m m 
Ci Function: C/ Investigations... 
= " Investigating national security threats... includes catching 
Investigations | traitors who spy for foreign intelligence, or assist international 


| * Espionage * Spying * Treason = Sedition * Subversion if 
Aiding the Enemy by providing intelligence to the enemy 


National Security Crimes 


| * International Terrorist Activities or material support to a 
* Unreported contact with foreign intelligence entities or ITOs - & f elated activities 


disclosure of classi 


FBI 

= Assessments = Cl Inquiry = Limited Cl Assessments 

is Preliminary Investigation = Cl Investigation " Preliminary CI Investigation 

* Full Investigation = Full Field Cl Investigation 
(Cs -- FBI Domestic Investigations & -- DoDI O-5240.21, CI Inquires, -- AR 381-20, Army CI Program (U), 

j Operations Guide, 15 Oct 2011 14 May 2009 25 May 2010 
-- DoDI 5240.04, CI Investigations, 
2 Feb 2009 


By far the hardest part of any CI case is to realize that the case exists— 
that some person, some thing, has the enemy's hidden hand in it. 
-- Angelo Codevilla, Informing Statecraft: Intelligence for a New Century (1992), p. 326 
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Cl investigations are undertaken to determine whether a particular person is acting for or on 
behalf of a foreign power or international terrorist organization or whether an event is related to 
foreign intelligence or international terrorism. 


Cl investigations focus on resolving allegations of known or suspected acts that may constitute 
national security crimes under U.S. law or Uniform Code of Military Justice. 


The agencies responsible for the investigation and ultimate referral for prosecution of violations 
of US espionage law (primarily Sections 792-798, Chap 37 of Title 18) are the FBI and the Cl 
components of the military services that participate in the DoD Foreign CI Program (FCIP). 


DoD Policy: The Secretaries of the Military Departments exercise authority, direction, and 
control over CI investigations and attendant matters for their respective personnel. 
-- Para 5.10.3, DoDD O-5240.02, Counterintelligence, 20 Dec 2007 w/ chg 1 dated 30 Dec 2010 


Cl investigations are conducted following appropriate legal standards and in a manner which will 
not jeopardize the potential for prosecution. 


Within DoD, DIA's Office of Counterintelligence (DXC) exercises administrative and management 
oversight of all DoD national security investigations. All significant Cl activities must be reported 
promptly to the DXC IAW DoDD O-5240.02 (see encl 4 for significant Cl reporting criteria). 


-- Also, inquiries and other activities undertaken to determine whether a particular person is acting 
for or on behalf of, or an event is related to, a foreign power for espionage, treason, spying, sedition, 
subversion, sabotage, assassinations, international terrorist activities, and actions to neutralize such acts. 
(DoDD O-5240.02, Counterintelligence, 20 Dec 2007 with change 1 dated 30 Dec 2010) 


-- Also, includes inquiries and other activities undertaken to determine whether a particular United 
States person is acting for, or on behalf of, a foreign power for the purposes of conducting espionage and 
other intelligence activities, sabotage, assassinations, treason, international terrorist activities, and 
actions to neutralize such acts. (DoD 5240.1-R, Procedures Governing the Activities of DoD Intelligence 
Components that Affect United States Persons, 7 Dec 1982) 


-- Also, an official, systematic search for facts to determine whether a person(s) is engaged in 
activities that may be injurious to U.S. national security or advantageous to a foreign power. (JP 1-02 and 
JP 2.01.2, CI & HUMINT in Joint Operations,11 Mar 2011 w/ chg 1, dated 26 Aug 2011) 


-- Also, the systematic collection of information regarding a person or group which is, or may be, 
engaged in espionage or other clandestine intelligence activity, sabotage, or international terrorist 
activities conducted for, or on behalf of, foreign powers, organizations, or persons. (CI Community 
Lexicon) 


The first priority for all Cl investigative situations is to assess for possible exploitation. 
-- Army FM 2-22.2, Counterintelligence, October 2009 


Cl investigations focus on resolving allegations of known or suspected acts that may constitute 
national security crimes under U.S. law or Uniform Code of Military Justice (UCMJ). Investigative 
actions must preserve the potential for legal action and when appropriate exploit threatening 
intelligence collection directed against DoD. In simple terms, Cl investigations seek to identify 
spies and put them out of business. Cl investigations are about discovering the facts and 
conveying them to decision makers, while maintaining a full range of options, including 
apprehension, prosecution, expulsion, as well as exploitation. 
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"The ultimate objective of... [DoD] CI investigations... is to detect, identify, exploit and neutralize the 
intelligence collection threat posed by foreign intelligence and security services and foreign 
terrorist groups. [...] The most significant objectives of CI investigations are to minimize or prevent 
the loss of sensitive and classified defense information to foreign governments, and to prevent, 
preempt, or disrupt foreign terrorist attacks against... DoD interests" 

-- 902d MI Group Investigations Handbook, Jun 2012, p.19 


“Cl investigation is an art form carried out by experts. It is not science, and throwing money and 
unqualified personnel or helpers at such s problem does not guarantee or even improve the 
chances of success. In many cases, quite the opposite results is achieved—analytical chaos with 
no resolution." 


-- Sandra Grimes and Jeanne Vertefeuille, Circle of Treason: A CIA Account of Traitor Aldrich Ames and 
the Men He Betrayed, 2012, p. 189 


Credentialed Cl Special Agents use specialized investigative techniques and methodologies to 
gather intelligence (facts/evidence) about known and/or suspected acts that may constitute 
National Security crimes, e.g., espionage, treason, spying, etc. All investigative activities are 
conducted within guidelines established in applicable departmental policy/directives, Attorney 
General Guidelines, and U.S. federal statutes. 


DoD Cl investigations are conducted in a manner to “preserve” the potential for prosecution of all 
culpable parties identified. Although all national security investigations are conducted in a manner 
to preserve the potential for prosecution, this purpose is secondary to the Cl mission of detecting, 
identifying, fully determining the extent of, and neutralizing/disrupting national security threats to 
the DoD and U.S. national security. 


Cl investigative results also contribute to the identification and elimination of security vulnerabilities; 
identification of current foreign intelligence tradecraft, agent handlers/operatives and their support 
networks; assessment of damage to DoD and National Security; and improvement of the overall 
DoD security posture, as well as assisting decision makers in risk management decisions. 


DoD Cl investigations are conducted in accordance with DoDI 5240.04, CI Investigations. The 
DoD agencies responsible for Cl investigations and the ultimate referral for prosecution of 
violations of US espionage law (primarily §§ 792-798, Chap 37, Title 18 USC) are the Cl 
components of the military departments, i.e., NCIS, AFOSI, and Army Cl. 


See Stuart A. Herrington, Traitors among Us: Inside the Spy Catcher's World (1999), for an 
excellent unclassified overview of two Cl investigations concerning Clyde Conrad and James Hall. 


Other interesting reads on Cl investigative cases include — 
-- Scott W. Carmichael, True Believer: Inside the Investigation and Capture of Ana Montes, 
Cuba’s Master Spy (2007) 
-- Sandra Grimes and Jeanne Vertefeuille, Circle of Treason: A CIA Account of Traitor Aldrich 
Ames and the Men He Betrayed (2012). 


Spy catching... the surgery of counterintelligence 


The thankless and exhausting task of tracking down 
a traitor always seems much easier in retrospect than in prospect. 
The clues always seem so obvious—but only after the hunt has caught its prey. 


-- Markus Wolf, Former Director HVA, East German Intelligence Service (1958-1987) 
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DoD CI Investigations... 


USD(I) 


" Clinvestigations and attendant matters remain under each Military 
Department's control and supervision (DoDD O-5240.02) 


a Only conducted by Military Department CI organizations? (DoDI 5240.04) 


= “811 Referral” — report to the FBI on information which may indicate that 
classified information is being, or may have been, disclosed in an 
unauthorized manner to a foreign power or agent of a foreign power 


1 Section 811 of the Intelligence Authorization Act of 1995 (50 USC §402a) 
? Significant CI reporting IAW DoDD O-5240.02 & DoDI 5240.04 
3 As identified in Attorney General - SECDEF MOA (1979) & FBI - DoD MOU (1996) 


Counterintelligence Investigative Source Operation. See /nvestigative Source Operation (ISO). 


Counterintelligence Mission. Exploit and defeat adversarial intelligence activities directed against US 
interests; protect the integrity of the US intelligence system; provide incisive, actionable intelligence to 
decision makers at all levels; protect vital national assets from adversarial intelligence activities; and 
neutralize and exploit adversarial intelligence activities targeting the armed forces. (ONCIX website: 
«http://www.ncix.gov/about/mission.html-) 


Counterintelligence Missions. DoD Cl responsibilities to support force protection; research, development, 
and acquisition; defense critical infrastructure; and countering espionage. (DoDD 5240.16, DoD CI 
Functional Services, 27 Aug 2012 with change 1 dated 15 Oct 2013) 


CI Missions vs. Cl Functions 


"Functions differ from Cl missions in that missions focus on end results to be accomplished, rather 
than on the means for accomplishment." 


-- Mission Area Analysis of DoD Counterintelligence, Institute for Defense Analyses, May 1999, p.7 


Missions focus on the "end result" to be accomplished 
Functions are useful terms of reference to describe "what is done" 


DoD Counterintelligence Missions 


+ Countering Espionage 

+ Counterintelligence Support to Force Protection (FP) 

+ Counterintelligence Support to Research, Development, and Acquisition (RDA) 
+ Counterintelligence Support to Defense Critical Infrastructure (DCI) 
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Note: The Army identified four primary Cl mission areas in FM 2-22.2 as: 
+ Counterespionage 

+ CI Support to Force Protection 

+ CI Support to Research, Development, and Acquisition 

* Oyber CI 


See Army FM 2-22.2, Counterintelligence, Oct 2009 and ADRP 2-0, Intelligence, Aug 2012 


Counterintelligence Mission Manager. The National Counterintelligence Executive (NCIX) serves as 
the Mission Manager for Counterintelligence IAW Intelligence Community Directive (ICD) 900. Also 
see mission managers. 


Counterintelligence Mission Tasking Authority (CI MTA). The authority to task a Military Service CI 
organizations’ headquarters or a Defense Agency's organic Cl element to execute a specific Cl mission 
or conduct a Cl function within that organization's CI charter. (DoDD O-5240.02, Cl, 20 Dec 2007) 


Director, Defense Cl & HUMINT Center, exercises CI MTA to ensure the effective integration and 
synchronization of the DoD CI community (para 5.2.3, DoDD O-5240.02). 


Counterintelligence Operational Concept/Proposal. The document used to propose an offensive 
counterintelligence operation (OFCO) which serves as the basis for the planning, review, and approval 
process. (AR 381-20, Army CI Program, 25 May 2010) 


Counterintelligence Operational Leads (CIOLs). Interagency CI referrals from CIA operations; generally 
produced and disseminated by the Counterespionage Group (CEG), Counterintelligence Center (CIC) at 
CIA headquarters. (902d MI Group Investigative Handbook, Jun 2012 2007, p.62) 


Counterintelligence Operational Tasking Authority (CIOTA). The levying of Cl requirements specific to 
joint military activities and operations. Counterintelligence operational tasking authority is exercised 
through supporting components. (JP 1-02) 


Term previously in DoDI 5240.10, dated 14 May 2004 and JP 2-01.2, dated 13 Jun 2006. 


Counterintelligence Operations. Proactive activities designed to identify, exploit, neutralize, or deter 
foreign intelligence collection and terrorist activities directed against the United States. (JP 1-02 and 
JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) Also see 
Offensive Counterintelligence Operation (OFCO); recruitment-in-place (RIP); penetration; penetration 
operation. 


-- Also, operations/efforts intended to negate, confuse, deceive, subvert, monitor, or control the 
clandestine collection operations of foreign governments or agencies. (CI Community Lexicon) 


is laborious and humdrum, its complex and subtle 
operations are very much like a giant chess game 
that uses the whole world as its board." 


-- Allen Dulles. Former DCI 
The Craft of intelligence (1963) 
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CI Function: C/ Operations... 


Wide range of actions to hinder, frustrate, and exploit foreign 
Operations | intelligence efforts and other foreign clandestine & covert 
activities damaging to US national security 
Investigative Source Operations Defensive Source Operations 


Offensive Counterintelligence Operations (OFCO) 
Controlled Source Operations / Double Agent Operations 


Penetrations / Recruitment-In-Place Ops 
Cl Technical Operations 


Counterintelligence operations consist of obtaining and analyzing 
information on the adversary and then using it against him in 
accordance with the requirements of the situation and in light of 
our knowledge of his practices and psychological outlook. 


An ideal counterintelligence system anticipates the enemy's move, notionally 
satisfies his needs, and indeed operates a notional intelligence service for him. 


[7$ 
e5 -- Eric W. Timm in “Countersabotage—A Counterintelligence Function, CIA Studies in Intelligence, V7: 2 (Spring 1963), pg. 67 


Counterintelligence Operations—one of five Cl functions—are conducted to: 

-- manipulate, disrupt, neutralize and or destroy the effectiveness of foreign intelligence activities; 

-- recruit or induce defection of foreign intelligence officers and personnel; 

-- collect threat information on foreign intelligence operations, modus operandi, intelligence 
requirements, targeting, objectives, personalities, communications, capabilities, limitations, 
and vulnerabilities; 

-- provide information and operations databases to support decision makers; 

-- provide Cl support to clandestine human intelligence operations; 

-- identify past, ongoing or planned espionage; 

-- support force protection, operations other than war and peacekeeping; 

-- acquire foreign intelligence espionage equipment for analysis and 
countermeasures development; 

-- develop operational data, threat data and espionage leads for future Cl operations, 
investigations, and projects and develop the potential of these leads to enhance 
DoD security overall; and 

-- support specific [Service], Chairman Joint Chiefs of Staff, DoD and national plans. 


Source: JP 1-02 and SEVNAVINST 3850.2C, Department of Navy Counterintelligence, 20 Jul 2005 


Counterintelligence Production. The process of analyzing all-source information concerning espionage or 
other multidiscipline intelligence collection threats, sabotage, terrorism, and other related threats to US 
military commanders, the DoD, and the US Intelligence Community and developing it into a final product 
that is disseminated. Counterintelligence production is used in formulating security policy, plans, and 
operations. (JP 1-02 and JP 2-01.2, Cl & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 
Aug 2011) 


-- Also, the creation of finished intelligence products incorporating Cl analysis in to known or 
anticipated Cl concerns. (DoDD 5240.02, Cl, 20 Dec 2007 with change 1 dated 30 Dec 2010) 
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-- Also, the creation of finished intelligence products incorporating Cl analysis in response to known 
or anticipated customer Cl concerns. (JP 2.01.2, CI & HUMINT in Joint Operations, 11 Mar 2011) 


-- Also, the conversion of analyzed Cl information into intelligence products in support of known or 
anticipated user requirements. (DIA Instruction 5240.002, DIA CI Activities, 15 Jun 2005) 


Counterintelligence Programs. Capabilities and activities established within an organization for the 
purposes of identifying, deceiving, exploiting, disrupting, or protecting against espionage, other 
intelligence activities, sabotage, or assassinations conducted for or on behalf of FIEs [Foreign Intelligence 
Entities]. (ICD 750, Counterintelligence Programs, 5 Jul 2013) 


Counterintelligence Recruitment Lead (CIRL). An individual being assessed for possible use in a 
counterintelligence operation, investigation, or project as a controlled source. (AR 381-47, Offensive 
Counterintelligence Operations, 17 Mar 2006) 


Counterintelligence-scope Polygraph (CSP). A screening polygraph examination that uses relevant 
questions limited to prescribed Cl issues. (DoDI 5210.91, PCA Procedures, 12 Aug 2010 with change 1 
dated 15 Oct 2013) 


Counterintelligence Screening. A systematic process for obtaining information of Cl interest from a 
specific person or target audience. (FM 2-22.2, Counterintelligence, Oct 2009) 


CI screening normally is non-confrontational — it is NOT an interrogation. See Chapter 4, 
CI Collection Program of FM 2-22.2, Counterintelligence, Oct 2009 (page 4-5 through 4-7). 


CI screening should not use any of the "interrogation methods" defined in FM 2-22.3, Human 
Intelligence Collector Operations. 


Counterintelligence Special Agent. Within DoD, US Government personnel (military and civilian 
employees) who have successfully completed an approved Counterintelligence Special Agent course of 
instruction, who are authorized to be issued CI Badge and Credentials (B&Cs), and who are assigned to 
conduct CI investigations and/or operations. . 


Within the US Army: military personnel holding the military occupational specialty (MOS) 35L, 
351L, or 35E as a primary or additional specialty, and selective civilian employees in the GS-0132 
career field; see AR 381-20, Army CI Program (U). 


Counterintelligence Special Operations Concept (CISOC). The document used to propose a defensive 
counterintelligence operation, special investigative activity. Or counterintelligence source operation which 
serves as the basis for the planning, review, and approval process. (AR 381-20, Army CI Program, 25 
May 2010) 


Counterintelligence Staff Officer (CISO). This term replaced by “Command CI Coordinating Authority’ or 
CCICA; see DoDI 5240.10, Cl in the Combatant Commands and Other DoD Components, 5 Oct 2011. 


Counterintelligence Support. Conducting counterintelligence activities to protect against espionage and 
other foreign intelligence activities, sabotage, international terrorist activities, or assassinations conducted 
for or on behalf of foreign powers, organizations, or persons. (JP 1-02 and JP 2-01.2, Cl & HUMINT in 
Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) Also see counterintelligence. 


-- Also, the application of knowledge regarding the foreign intelligence and international terrorist 
threat to assist commanders, program managers, and agency heads to identify the insider threat and to 


protect information or technology vital to the national defense, including the force, technology, critical 
infrastructure, and information systems. (AR 381-20, Army CI Program, 25 May 2010) 
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Counterintelligence Support Plan (CISP). A formal and living plan describing activities conducted by a 

Defense CI Component in support of a DoD RDA [Research, Development and Acquisition] program or 
activity with CPI [critical program information], at DoD-affiliated RDT&E facilities, and at essential CDCs 
[cleared defense contractor] where CPI resides. (DoDI O-5240.24, CI Activities Supporting RDA, 8 Jun 

2011 with change 1 dated 15 Oct 2013) 


-- Also, a formal plan that outlines and describes the Cl support to be provided to research and 
development facilities, RDA [Research, Development and Acquisition] programs with CPI [critical program 
information], and CPI resident at cleared Defense contractor facilities. CISPs are coordinated with and 
approved by the RDA Director, Program Executive Office, or Program Manager, as appropriate, and are 
an appendix to the PPP. (DoDI 5200.39, CPI Protection within DoD, 16 Jul 2008, with change 1 dated 28 
Dec 2010) 


Defense Cl Components use a CISP to integrate Cl activities into RDA, manage, and document 
non-investigative or non-operational activities conducted. See Appendix 2 to Encl 3 of DoD 
Instruction O-5240.24, CI Activities Supporting RDA, 8 June 2001 (pp. 22-23) for specifics to 
include elements of a CISP. 


Note: A CISP takes precedence over a DCIP CI Coverage Plan at supported locations where a 
CISP is required in accordance with DoD Instruction 5240.24, Counterintelligence Activities 
Supporting RDA. 


Counterintelligence Support to HUMINT. [CI activities which] prevents the detection, neutralization or 
manipulation of strategic U.S. DoD HUMINT collection activities by foreign intelligence or security 
servives. (DIA Instruction 5240.002, DIA Counterintelligence Activities, 15 Jun 2005) 


For additional information see Appendix D, Counterintelligence Support to Human Intelligence (U), 
JP 2-01.2, Cl & HUMINT in Joint Operations (U), 16 Mar 2011 with chg 1 dated 26 Aug 2011 


Counterintelligence Targets. Cl targets include personalities, organizations, and installations 
(PO&I) of intelligence or Cl interest, which must be seized, exploited, neutralized or protected. Also see 
Black List, Gray List, White List. (USMC, MCWP 2-6 [previously 2-14], Counterintelligence, 5 Sep 2000) 


Counterintelligence Technical Services (CITS). Encompasses Technical Surveillance Countermeasures 
(TSCM) and Technical Support to Counterintelligence (TSCI). TSCM is used to detect the presence of 
technical surveillance devices and hazards and to identify technical security vulnerabilities that put the 
surveyed facility at risk. TSCI provides technical surveillance and countersurveillance in support of Cl 
activities. Also see Technical Surveillance Countermeasures. 


Counterintelligence Threat (CI Threat). The capability and intent of one entity to detect and counteract 
another's intelligence activities — the objective is to undermine the effectiveness of opposing intelligence 
activities. 


To date, the term "CI Threat" remains undefined officially by DoD or IC policy. Cl threat is often 
misused when actually referring to the "intelligence collection threat." 


The "CI Threat" includes all activities undertaken by an adversary to identify, disrupt, manipulate, 
exploit, and/or destroy the effectiveness of friendly intelligence operations/activities. Specifically, 
CI threats are actions one country/entity directs against another's intelligence operations and other 
clandestine/covert activities. Hence the CI threat to US intelligence is the capability and intent of 
any entity to detect and counteract U.S. intelligence activities -- separate and distinct from 
intelligence threats. "CI threats" are not analogous to the threats of interest to counterintelligence. 


From the US perspective -- the Cl threat is foreign counterintelligence or security services efforts to 
counter -- detect, disrupt, neutralize, and exploit -- US intelligence activities or other US 
clandestine/covert activities. 
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Counterintelligence Training. Institutional training in knowledge, skills, abilities, and core competencies 
unique to CI missions and functions. (DoDI 3305.11, DoD CI Training, 19 Mar 2007) 


-- Also, instructions and applied exercises offered through various media and methods for the 
acquisition, retention, and enhancement of skills, knowledge, and abilities required to counter or 
neutralize: intelligence collection efforts; other intelligence activities; sabotage; and terrorist activities and 
assassination efforts on behalf of foreign powers. (DoDI 3305.12, Intelligence and Counterintelligence 
Training of Non-US Persons, 25 Oct 2007 w/ chg 2 dated 15 Oct 2013) 


Counterproliferation (CP). Those actions (e.g., detect and monitor, prepare to conduct counter- 
proliferation operations, offensive operations, weapons of mass destruction, active defense, and passive 
defense) taken to defeat the threat and/or use of weapons of mass destruction against the United States, 
our military forces, friends, and allies. (JP 1-02 and JP 3-40, Combating WMD, 10 Jun 2009) 


-- Also, the activity by United States government intended to prevent the proliferation of nuclear, 
chemical and biological capabilities to other nations. (HPSCI Report, 27 Jul 2006) 


Countermeasure. Anything that effectively negates or mitigates an adversary's ability to exploit 
vulnerabilities. (DoD 5205.02-M, DoD OPSEC Program Manual, 3 Nov 2008) 


-- Also, action, device, procedure, technique, or other measure that reduces or eliminates one or 
more vulnerabilities. (DoD Insider Threat IPT Final Report, 24 Apr 2000) 


-- Also, [in TEMPEST usage] action, device, procedure, technique, or other measure that reduces the 
vulnerability of any equipment that electronically processes information (NSTISSI 7002, TEMPEST 
Glossary, 17 Mar 1995). 


Countermeasures. That form of military science that, by the employment of devices and/or techniques, 
has as its objective the impairment of the operational effectiveness of enemy activity. (JP 1-02) 


-- Also, defensive security programs and activities which seek to protect against both foreign 
intelligence collection efforts and unauthorized access to, or disclosure of, protected facilities, information, 
and material. (AR 380-20, Army CI Program, 25 May 2010) 


-- Also, the employment of devices and/or techniques that has as its objective the impairment of the 
operational effectiveness of an adversary's activity. Countermeasures may include anything that 
effectively negates an adversary's ability to exploit vulnerabilities. (DSS Glossary) 


-- Also, the employment of devices or techniques that impair the operational effectiveness of enemy 
activity. Countermeasures may include anything that effectively negates an adversary's ability to exploit 
vulnerabilities. (Draft DoDI 5200.39, CPI Identification and Protection within RDA Programs) 


-- Also, [in polygraph and credibility assessment usage] those strategies employed by examinees to 
affect PCA testing by the intentional application of physical, mental, pharmacological, or behavioral 
tactics. (DoDI 5210.21, PCA Procedures, 12 Aug 2010 w/ chg 1 dated 15 Oct 2013) 

Counterproliferation. Those actions taken to defeat the threat and/or use of weapons of mass destruction 
against the United States, our forces, friends, allies, and partners. (JP 1-02 and JP 3-40, Combating 
WMD, 10 Jun 2009) 


Countersurveillance. All measures, active or passive, taken to counteract hostile surveillance. (JP 1-02 
and JP 3-07.2, Antiterrorism, 24 Nov 2010) Also see counter surveillance; surveillance detection. 


-- Also,...security techniques designed to detect, prevent, or deceive hostile observation of friendly 
operations or activities. (Cl Community Lexicon) 
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-- Also, the total action taken to detect and frustrate hostile surveillance. (Encyclopedia of the CIA, 
2003) 


-- Also, [Counter Surveillance]. Measures or actions taken when under verified or suspected 
surveillance. (DoDI S-5240.15, FPRG, 20 Oct 2010 with change 1 dated 16 Oct 2013) 


-- Also, the process of detecting and mitigating hostile surveillance (Stratfor - Global Intelligence) 


An effective CS [countersurveillance] program depends on knowing two "secrets": first, hostile 
surveillance is vulnerable to detection because those performing it are not always as sophisticated 
in their tradecraft as commonly perceived; and second, hostile surveillance can be manipulated and 
the operatives forced into making errors that will reveal their presence. 


...CS can be performed by a person who is aware of his or her surroundings and who is watching 
for people who violate the principles of TEDD.* At a more advanced level, the single person can 
use surveillance detection routes (SDRs) to draw out surveillance. 


* The U.S. government uses the acronym TEDD to illustrate the principles one can use to identify 
surveillance. So, a person who sees someone repeatedly over Time, in different Environments and 
over Distance, or one who displays poor Demeanor can assume he or she is under surveillance. 
Surveillants who exhibit poor demeanor, meaning they act unnaturally, can look blatantly 
suspicious, though they also can be lurkers -- those who have no reason for being where they are 
or for doing what they are doing. Sometimes they exhibit almost imperceptible behaviors that the 
target senses more than observes. Other giveaways include moving when the target moves, 
communicating when the target moves, avoiding eye contact with the target, making sudden turns 
or stops, or even using hand signals to communicate with other members of a surveillance team. 


-- Fred Burton, “The Secrets of Countersurveillance," Security Weekly, Stratfor, 6 Jun 20007; 
article on line at: <http://www.stratfor.com/secrets_countersurveillance> 


Counterterrorism (CT). Actions taken directly against terrorist networks and indirectly to influence and 
render global and regional environments inhospitable to terrorist networks. (JP 1-02 and JP 3-26, 
Counterterrorism, 13 Nov 2009) Also see antiterrorism; terrorism; combating terrorism. 


-- Also, the practices, tactics, techniques, and strategies adopted to prevent or respond to terrorist 
threats or acts, both real and suspected. (ODNI, U.S. National Intelligence — An Overview 2011) 


Also see National Strategy for Counterterrorism, June 2011 at 
< http://www.whitehouse.gov/sites/default/files/counterterrorism_strategy.pdf > 


Country Clearance. Clearance for official U.S. Government representative travel to a foreign country 
granted through the cognizant U.S. Embassy or U.S. Mission. (DoDD 4500.54E, DoD Foreign Clearance 
Program, 28 Dec 2009) 


Country Team. The senior, in-country, US coordinating and supervising body, headed by the chief of the 
US diplomatic mission, and composed of the senior member of each represented US department or 
agency, as desired by the chief of the US diplomatic mission. (JP 1-02 and JP 3-07.4, Joint Counterdrug 
Operations, 13 Jun 2007) 


Courier. Person who carries an item or information from one person or place to another. The courier 
may or may not be aware of the nature of the item or information being transported. (AFOSI Manual 
71-142, OFCO, 9 Jun 2000) 


-- Also, a messenger responsible for the secure physical transmission and delivery of documents 
and materials. (Senate Report 94-755, Book I — Glossary, 26 Apr 1976) 
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Cover. A protective guise used by a person, organization, or installation to conceal true affiliation with 
clandestine or other sensitive activities. (DoDD S-5105.61, DoD Cover and Cover Support Activities (U), 
6 May 2010) Also see cover for action; cover for status. 


-- Also, the concealment of true identity, purpose, or organizational affiliation with assertions of false 
information as part of, or in support of, official duties to carry out authorized activities and lawful 
operations. (DoDI S-5105.63, Implementation of DoD Cover and Cover Support Activities, 20 Jun 2013) 


-- Also In intelligence usage, those measures necessary to give protection to a person, plan, 
operation, formation, or installation from enemy intelligence effort and leakage of information. (JP 1-02 
and JP 2-01.2, Cl & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 


-- Also, actions to conceal actual friendly intentions, capabilities, operations, and other activities by 
providing a plausible yet erroneous explanation of the observable. (Defense HUMINT Enterprise Manual 
3301.002, Vol II Collection Operations, 23 Nov 2010) 


-- Also, a verifiable and documented protective guise used by a person, organization, or installation to 
conceal true identity or affiliation. (HDI Lexicon, April 2008) 


-- Also, a protective guise used by a person, organization, or installation to prevent identification with 
clandestine activities and to conceal the true affiliation of personnel and the true sponsorship of their 
activities. (Senate Report 94-755, Book | — Glossary, 26 Apr 1976) 


-- Also, protective action taken to mask or conceal an operation or activity from an adversary. (DSS 
Glossary) 

- Also, a protective guise used by an individual, organization, or installation to prevent identification 
with intelligence activities. To hide, conceal, obscure, or otherwise protect the exact identity of an 
individual, unit, or activity. Supported with or without documentation and backstopping depending on the 
sensitivity and scope of the operation. Cover can be anything that masks the true nature of an activity. 
(CI Community Lexicon) 


DoD cover may be used to protect the Department of Defense, its intelligence sources and 
methods, and its clandestine tactics, techniques, and procedures from exposure to the enemy and 
overt association with sensitive activities. The fact that DoD uses cover to protect its activities is 
unclassified. 


For DoD policy see DoDD S-5105.61, DoD Cover and Cover Support Activities (U), 6 May 2010. 


Cover shields secret activities from the opposition 


Good cover ...reaches into the mind of the opponent, thinks as he would think, and then creates 
a combination of fact and fancy, of actual arrangements and contrived impressions, which the 
opposing mind is prepared to believe.... Cover takes an infinite variety of forms. 


The best cover is that which contains the least notional and the maximum possible legitimate 
material.... Perfect cover is an ideal, rarely achieved in practice. 
-- Christopher Felix (James McCargar), A Short Course in the Secret War, 4" Edition (2001) 


Special Cover Measures... 


There are many valid reasons for the special cover measures used by some military and 
intelligence organizations, such as potentially life-threatening, high-risk, covert operations and 
intelligence and counterintelligence investigations or operations. 
-- Joint Security Commission, Redefining Security: A Report to the Secretary of Defense and the Director 
Central Intelligence, 28 Feb 1994, p.19 


Cover for Action. A logical reason for doing the specific action involved. (CI Community Lexicon) 
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-- Also, a verifiable and documented protective guise used to disguise the true intent of an individual, 
organization, or activity and to provide a credible explanation as to participation in a particular activity. 
(Defense HUMINT Enterprise Manual 3301.002, Vol Il Collection Operations, 23 Nov 2010) Also see 
cover for status. 


Cover for Action. This cover, combined with the use of appropriate clandestine tradecraft 
techniques (e.g. alias, disguise, darkness, surveillance detection routes to and from meetings, etc.) 
is what provides cover and security for clandestine meetings. 


-- F.W. Rustmann, Jr., "Debunking the CIA Case Officer Myth," Association of Former Intelligence Officers 
(AFIO) Newsletter (Fall 2003), <http://ctcintl.com/Debunk.htm>; accessed 7 Mar 2011 


Cover for Status. A logical and backstopped reason for being in an area or processing a particular item at 
a particular time. (CI Community Lexicon) Also see cover for action. 


-- Also, a verifiable and documented protective guise used to legitimize an individual's, organization's, 
or activity's extended presence in a particular area. (Defense HUMINT Enterprise Manual 3301.002, 
Vol II, Collection Operations, 23 Nov 2010) 


Cover for Status. This is the cover that permits [a case officer] to live and work in a particular 
country. If the case officer is under official cover, this means he must blend into the environment 
of an embassy or other official US installation abroad. 


-- F.W. Rustmann, Jr., “Debunking the CIA Case Officer Myth,” Association of Former Intelligence Officers 
(AFIO) Newsletter (Fall 2003), <http://ctcintl.com/Debunk.htm>; accessed 7 Mar 2011 


Cover Legend. A contrived scenario or story designed to explain an organizational or personal 
background and past or present activities, in terms intended to protect or conceal involvement in a 
clandestine or otherwise sensitive activity. It incorporates as much truth as possible. It must be plausible. 
(DoDI S-5105.63, Implementation of DoD Cover and Cover Support Activities, 20 Jun 2013) 


-- Also, a contrived scenario, designed to explain an organizational or personal background and past 
or present activities, in terms intended to protect and/or conceal involvement in a clandestine or otherwise 
sensitive activity. It incorporates as much truth as possible. (Defense HUMINT Enterprise Manual 
3301.002, Vol II Collection Operations, 23 Nov 2010) Also see cover story. 


Cover Mechanism. Any documentary, oral, technical, fiscal, logistical, or other means provided to 
backstop a cover. (DoDI S-5105.63, Implementation of DoD Cover and Cover Support Activities, 20 Jun 
2013) 


Cover Stop. A stop made while under surveillance that provides an ostensibly innocent reason for a trip. 
(CI Centre Glossary and Spy Dust) 


Cover Story. Coherent and plausible account of background, residence, employment, activities, access, 
etc., furnished to an individual to substantiate whatever claims are necessary to successfully carry out an 
operation. The difference between a cover story and a legend is that a legend is furnished to an illegal or 
agent by FIS. (AFOSI Manual 71-142, OFCO, 9 Jun 2000) Also see cover legend. 


-- Also, the background legend you have developed to explain who you are and why you are where 
you are. (A Spy's Journey) 


The cover story is most frequently used to explain the visible evidences of a clandestine operation 
or to provide an explanation when an operations encounters difficulties. 


...cover stories in general: they should not be too precise or too detailed, and they should not be 

forthcoming too quickly or all at once. ...To be too precise in a cover story qualitatively increases 

the chances of repudiation of the story; to be too detailed increases those chances quantitatively. 
-- Christopher Felix (aka James McCargar), A Short Course in the Secret War, 4^ Edition (2001) 
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Cover Support Activities. All measures taken to develop, coordinate, approve, activate, operate, and 
terminate cover. (DODD S-5105.61, DoD Cover and Cover Support Activities (U), 6 May 2010) 


Cover Within Cover. A credible confession to an act that is less serious than espionage and will explain 
all actions under suspicion by foreign intelligence services. (Words of Intelligence, 2"? Edition, 2011) 


Covering Agent. [As used within US Army] a CI Agent who provides dedicated full or part time 
counterintelligence support, education, and liaison to an organization, agency, or research, development, 
and acquisition program. (AR 381-20, Army CI Program, 25 May 2010) 


Covert. A method of conducting operations that hides the true intent, affiliation or relationship of its 
participants. Differs from clandestine in that covert conceals the identity of the sponsor, whereas 
clandestine conceals the identity of the operation. (National HUMINT Glossary) See clandestine; covert 
action; covert operation. 


Covert, from the Latin cooperire, "to cover," means "concealed, hidden, under cover, not avowed." 


Covert and clandestine are not synonymous! 


Covert Action. Activity or activities of the United States Government to influence political, economic, or 
military conditions abroad, where it is intended that the role of the United States Government will not be 
apparent or acknowledged publicly. Covert action does not include activities the primary purpose of 
which is to acquire intelligence, traditional counterintelligence activities [emphasis added], traditional 
activities to improve or maintain the operational security of United States Government programs, or 
administrative activities. (Section 503e, National Security Act of 1947 [50 USC §413b]) Also see covert; 
covert operation; finding; special activities. 


Covert action should not be confused with missionary work. 


-- Henry Kissinger 
as cited in James M. Olson, Fair Play: The Moral Dilemmas of Spying (2006), p. 33 


...the overt foreign activities of the US Government 
must be supplemented by covert operations 


NSC Directive 10/2 (dated 18 Jun 1948) 
as cited in Warner, CIA Under Truman (1994) 


Covert actions are designed to avoid revealing the role of the United States in their planning or 
execution. EO 12333 (as amended 30 Jul 2008) directs that no agency except CIA (or the Armed 
Forces of the United States in time of war declared by Congress or during any period covered by a 
report from the President to the Congress consistent with the War Powers Resolution, Public Law 
93-148) may conduct any covert action activity unless the President determines that another 
agency is more likely to achieve a particular objective. 


EO 12333 limits covert action, i.e., “no covert action may be conducted which is intended to 
influence US political processes, public opinion, policies, or media. “ (EO 12333, para 2.13) 


Covert action by DoD must be directed by the President, subsequently approved by the Secretary 
of Defense, and executed in accordance with applicable law. 


Evolution of Covert Action 

[l]In December 1947, the National Security Council issued a series of classified directives specifying 
and expanding the CIA’s covert mission. The first of these directives, NSC-4-A, authorized the 
Director of Central Intelligence (DCI) to conduct covert psychological operations consistent with 
United States policy and in coordination with the Departments of State and Defense. A later 
directive, NSC 10/2, authorized the CIA to conduct covert political and paramilitary operations. [...] 
The United States should ,maintain the option of reacting in the future to a grave, unforeseen threat 
to United States national security through covert means. 

-- Church Committee — 1976 (Senate Report 94-755, Book |, 26 April 1976) 
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Covert action must be consistent with and supportive of national policy and must be placed 
appropriately within a national security policy framework. Covert action must never be used as a 
substitute for policy. 

-- National Security Decision Directive 159, 18 Jan 1985 (originally Top Secret-Sensitive, declassified) 


Covert actions are... legally distinct from clandestine missions: 'clandestine' refers to the tactical 
secrecy of the operation itself, ‘covert’ refers to the secrecy of the sponsor. ...covert action can 
include a wide range of activity, from propaganda and disinformation to political influence 
operations, economic destabilization, and paramilitary operations. Historically, the Central 
Intelligence Agency (CIA) has been the main agent of US covert action... 
-- Jennifer D. Kinne, "Covert Action and the Pentagon," /ntelligence and National Security, Vol. 22 No. 1, 
February 2007, pp. 57-58 


Covert action, or to use the British term, special political action, is the attempt by a government or 
group to influence events in another state or territory without revealing its own involvement. 
...Covert action is really an American term-of-art that came into use after World War II. 

-- Roy Godson, Dirty Tricks or Trump Cards: US Covert Action and Counterintelligence (1995), p. 2 


Typically, covert actions are carried out by the CIA with such assistance as may be necessary by 
other elements of the intelligence Community as directed by the President. U.S. law requires that 
all covert actions be approved prior to their execution by the President in a written ‘finding’ and that 
notification be provided to the two intelligence committees in Congress. Covert actions may involve 
political, economic, propaganda, or paramilitary activities. 

-- WMD Report, 31 Mar 2005 


Covert action is often called the "dirty tricks" side of spying. It consists of sabotage, subversion, 
paramilitary operations, political action, psychological; operations, and black propaganda. It is not 
always pretty. Covert action has historically been a relatively small part of the CIA's overall activity, 
but it is certainly the aspect of U.S. spying that has been the most controversial. 

-- James M. Olson, Fair Play: The Moral Dilemmas of Spying (2006) 


The three basic types of covert action are perception management (historically known as 
propaganda), political action (influencing the actions of a foreign leader or government), and 
paramilitary operations (support to insurgents). 

-- Duane R. Clarridge, A Spy For All Season: My Life in the CIA (1997), p. 410 


Covert action is not intelligence. Rather, CA is the most sensitive technique for implanting national 
security policy. Operating in the space between diplomacy and military force, covert actions are the 
"third way" of accomplishing a nation's goals. 
-- Dr. James E. Steiner (retired CIA), “Restoring the Red Line Between Intelligence and Policy on Cover 
Action," International Journal of Intelligence and Counterintelligence, Vol 19 No 1 (Spring 2006), p. 157 


Covert action can serve as a more subtle and surgical tool 
than forms of acknowledge employment of U.S. power and influence. 
-- WMD Report (31 Mar 2005), p. 33 


Security is indispensable to the successful conduct of covert action. 
...[A]ccess to information on US covert action policies shall be restricted 
to the absolute minimum number of persons possible. 

-- President Ronald Reagan, NSSD 159 (18 Jan 1985) 
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Covert Channel. An unauthorized communication path that manipulates a communications medium in 
an unexpected, unconventional, or unforeseen way in order to transmit information without detection by 
anyone other than the entities operating the covert channel. (CNSSI No. 4009, National Information 
Assurance Glossary, 26 April 2010) 


Covert Channel Analysis. Determination of the extent to which the security policy model and subsequent 
lower-level program descriptions may allow unauthorized access to information. (CNSSI No. 4009, 
National Information Assurance Glossary, 26 April 2010) 


Covert Communication (COVCOM). Clandestine, hidden communication that protects both the 
information being shared and the relationship between the sending and receiving parties. (National 
HUMINT Glossary) 


-- Also, any technique or device used to relay data clandestinely from case officer to agent or agent to 
case officer. (Spycraft) 


-- Also, an agent's spy gear for communicating with his case officer. ( A Spy's Journey) 


Covert Operation. An operation that is so planned and executed as to conceal the identity of or permit 
plausible denial by the sponsor. (JP 1-02 and JP 3-05, Special Operations, 18 Apr 2011) Also see covert; 
covert action, clandestine operation. 


Covert refers to the secrecy of the sponsor 


Clandestine operations are sometimes incorrectly referred to as "covert operations." Although both 
are secret and sensitive activities, the terms are not interchangeable. See clandestine operation. 


"Avowal of a covert operation, however implicit, is a hostile act, and it is wise never to indulge in 
hostile acts unless one is able and prepared to back them up." 
-- Christopher Felix (aka James McCargar), A Short Course in the Secret War, 4" Edition (2001) 


A 1948 National Security Council Intelligence Directive defined covert operations as actions by the 
U.S. against foreign states "which are so planned and executed that any U.S. Government 
responsibility for them is not evident to unauthorized persons and that if uncovered the U.S. 
Government can plausibly disclaim any responsibility for them." 


"Covert action is the term that describes our efforts to influence the course of events in a foreign 
country without our role being known....[it] has always been assigned to the CIA to perform, by 
means of unattributable propaganda, sub rosa political action, or secret paramilitary support." 

-- Stansfield Turner, Former Director Central Intelligence Agency 


CPI. See Critical Program Information. 


Credentials [Counterintelligence]. An official document or set of documents presenting evidence of the 
identity, authority, and status of the bearer and for use in conducting authorized CI activities. (DoDI 
5240.25, Counterintelligence Badge and Credentials, 30 Mar 2011 with change 1 dated 15 Oct 2013) 
Also see badge; special agent. 


-- Also, official documents which identify the bearer as a representative of a specific agency or 
department of the U.S. Government. 


Credible Information. Information disclosed or obtained by a criminal investigator that, considering its 
source and nature and all the circumstances, is believable enough that a trained criminal investigator can 


state the information is true. (DoDI 5505.7, Titling & Indexing Subjects of Criminal Investigations in DoD, 
27 Jan 2012) 
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-- Also, information disclosed to or obtained by an investigator that, considering the source and nature 
of the information and the totality of the circumstances, is sufficiently believable to indicate that criminal 
activity has occurred and would cause a reasonable investigator under similar circumstances to pursue 
further the facts of the case to determine whether a criminal act occurred or may have occurred. 

(AR 195-2, Criminal Investigation Activities, 15 May 2009) 


Credibility Assessment. The multi-disciplinary field of existing, as well as potential, techniques and 
procedures to assess truthfulness that relies on physiological reactions and behavioral measures to test 
the agreement between an individual's memories and statements. (DoDD 5210.48, Polygraph and 
Credibility Assessment Program, 25 Jan 2007 with change 2 dated 15 Nov 2013) 


Criminal Intelligence (CRIMINT). Law enforcement information derived from the analysis of information 
collected through investigations, forensics, crime scene and evidentiary processes to establish intent, 
history, capability, vulnerability, and modus operandi of threat and criminal elements. (DoDI 2000.16, DoD 
Antiterrorism Standards, 2 Oct 2006) 


-- Also, a category of police intelligence derived from the collection, analysis, and interpretation of all 
available information concerning known and potential criminal threats and vulnerabilities of supported 
organizations. (ATTP 3-39.20, Police Intelligence Operations, Jul 2010) 


-- Also, information compiled, analyzed, and/or disseminated in an effort to anticipate, prevent, or 
monitor criminal activity. (National Criminal Intelligence Sharing Plan, Oct 2003) 


For DoD Policy see DoDI 5525.18, Law Enforcement Criminal Intelligence in DoD (Note: does not 
apply to counterintelligence personnel). 


CRIMINT gathering is a fundamental and essential element in the all-encompassing duties of all 
DoD Law Enforcement Agencies. CRIMINT can aid in crime prevention, threat disruption, offender 
pursuit and apprehension, and evidence capture necessary for conviction. 


Criminal Investigation. Investigation into alleged or apparent violations of law undertaken for purposes 
which include the collection of evidence in support of potential criminal prosecution. (DoDI 5505.7, Titling 
& Indexing Subjects of Criminal Investigations in DoD, 27 Jan 2012) 


-- Also, the process of searching, collecting, preparing, identifying, and presenting evidence to prove 
the truth or falsity of an issue of law. (US Army, FM 3-19.13, Law Enforcement Investigations, Jan 2005) 


Criminal investigation is both an art and a science. 


In science, the absolute truth is often achieved. Experience has shown that in criminal 
investigations a less decisive hypothesis may sometimes be all that is possible to achieve. 


A criminal investigation is the process of searching, collecting, preparing, identifying, and 
presenting evidence to prove the truth or falsity of an issue of law. 


Objectives of Criminal Investigations: 

- 1) Determine if a crime was committed; 
- 2) Collect information and evidence legally to identify who was responsible; 
- 3) Apprehend the person responsible; 
- 4) Recover stolen property; 
- 5) Present the best possible case to the prosecutor; and 
- 6) Provide clear, concise testimony. 

-- US Army, FM 3-19.13, Law Enforcement Investigations, Jan 2005 
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A criminal investigation is normally initiated when objective facts and circumstances reasonably 
indicate a crime has been, is being or will be committed. A criminal investigation is normally limited 
to: who committed the act; secure evidence to establish the elements of the offense; and support 
prosecution. 


Also see Crime Scene Investigation: A Guide for Law Enforcement, Sep 3013; available on line at 
<http://www.nist.gov/oles/csiguide.cfm> 


Criminal Investigative Information. Information compiled in the course of a criminal investigation. 
(AR 195-2, Criminal Investigation Activities, 15 May 2009) 


Criminal Investigation Task Force (CITF). The DoD CITF is a strategic-level organization with a mission to 
develop and fuse police intelligence with MI [military intelligence] for the purpose of building criminal 
cases against terrorist criminals that have attacked U.S. interests. (ATTP 3-39.20, Police Intelligence 
Operations, Jul 2010) 


The CITF conducts complicated criminal investigations targeting terrorists and complex criminal 
organizations. These cases typically cross international borders and involve criminals captured as 
a result of military operations, requiring coordination with international police and intelligence 
agencies. The CITF combines USACIDC special agents (and criminal investigators from other 
Services), police and intelligence analysts, and attorneys into teams. These teams synchronize 
and fuse information and intelligence from all available sources to conduct criminal investigations 
that enable criminal prosecution in U.S. or host nation legal systems. 

-- ATTP 3-39.20 (FM 3-19.50), Police Intelligence Operations, July 2010 


Criminal Offense. Any criminal act or omission as defined and prohibited by the Uniform Code of Military 
Justice, the United States Code, State and local codes, foreign law, or international law or treaty. As used 
herein, this term does not include military offenses as defined below. In the case of juveniles, this term 
refers to those acts which, if committed by an adult, would be subject to criminal sanctions. (AR 195-2, 
Criminal Investigation Activities, 15 May 2009) 


Crisis. An incident or situation involving a threat to the United States, its citizens, military forces, 
possessions, or vital interests that develops rapidly and creates a condition of such diplomatic, economic, 
or military importance that commitment of US military forces and resources is contemplated in order to 
achieve national objectives. (JP 1-02 and JP 3-0, Joint Operations, 11 Aug 2011) 


Crisis Action Planning (CAP). The Adaptive Planning and Execution System process involving the time- 
sensitive development of joint operation plans and operation orders for the deployment, employment, and 
sustainment of assigned and allocated forces and resources in response to an imminent crisis. (JP 5-0, 
Joint Operation Planning, 11 Aug 2011) 


Crisis Management (CrM). Measures, normally executed under federal law, to identify, acquire, and plan 
the use of resources needed to anticipate, prevent, and/or resolve a threat or an act of terrorism. (JP 1-02 
and JP 3-28, Defense Support of Civil Authorities, 31 Jul 2013) 


CRITIC. Critical information messages sent over the CRITICOMM System that must be delivered to the 
President within 10 minutes upon recognition. (DoDD 5100.20, NSA, 26 Jan 2010) 


Critical Asset. A specific entity that is of such extraordinary importance that its incapacitation or 
destruction would have a very serious, debilitating effect on the ability of a nation to continue to function 
effectively. (JP 1-02 and JP 3-07.2, Antiterrorism, 24 Nov 2010) 


-- Also, Defense Critical Asset: an asset of such extraordinary importance to DoD operations in 
peace, crisis, and war that its incapacitation or destruction would have a very serious, debilitating effect 


on the ability of the Department of Defense to fulfill its mission. (DoDI 2000.16, DoD Antiterrorism 
Standards, 2 Oct 2006) 
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-- Also, any asset (person, group, relationship, instrument, installation, process or supply at the 
disposition of an organization for use in an operational or support role) whose loss or compromise would 
have a negative impact on the capability of a department or agency to carry out its mission; or may have 
a negative impact the ability of another U.S. Government department or agency to conduct its mission; or 
could result in substantial economic loss; or which may have a negative impact on the national security 
of the U.S. (ICD 750, Counterintelligence Programs, 5 Jul 2013) 


Critical Information (also called CRITIC). Specific facts about friendly intentions, capabilities, and 
activities needed by adversaries for them to plan and act effectively so as to guarantee failure or 
unacceptable consequences for friendly mission accomplishment.(JP 2-0, Joint Intelligence, 22 Oct 2013) 


-- Also, decisions, intentions, or actions of foreign governments, organizations, or individuals that 
could imminently and materially jeopardize vital U.S. policy, economic, informational, or military interests 
to such an extent that the immediate attention of the President and the National Security Council may be 
required. (DoDD 5100.20, NSA, 26 Jan 2010) 


Critical Infrastructure. Systems and assets, whether physical or virtual, so vital to the United States that 
the incapacity or destruction of such systems and assets would have a deliberating impact on the 
security, national economic security, national public health and safety, or any combination of those 
matters. (Critical Infrastructures Protection Act of 2002 and USA Patriot Act $1016) 


-- Physical or virtual systems and assets that if compromised by a physical or cyberspace incident 
negatively impact the national security, economic stability, public confidence, health, or safety of the 
United States. (DoD Strategy for Operating in Cyberspace, May 201 1) 


-- Also, [within DoD] infrastructure deemed essential to DoD operations or the functioning of a critical 
asset. 


Nation's critical infrastructure and key resources, as set forth in the 2006 National Infrastructure 
Protection Plan (NIPP) includes the assets, systems, and networks, whether physical or virtual, so 
vital to the United States that their incapacitation or destruction would have a debilitating effect on 
security, national economic security, public health or safety, or any combination thereof. Key 
resources are publicly or privately controlled resources essential to the minimal operations of the 
economy and government. 

-- Cited in the National Strategy for Homeland Security 


Failure of critical assets degrades or disrupts operations; cascading failures of critical 
infrastructure assets within and across infrastructures may lead to mission failure 
-- DoD Critical Infrastructure Protection Strategy, April 2003 


Copy of the 2009 National Infrastructure Protection Plan (NIPP) at: 
<http://www.dhs.gov/xlibrary/assets/NIPP_Plan.pdf> 


Critical Infrastructure and Key Resources (CI/KR). The infrastructure and assets vital to a nation's 
security, governance, public health and safety, economy, and public confidence. (UP 3-27, Homeland 
Defense, 29 Jul 2013) 


Critical Infrastructure Protection (CIP). Actions taken to prevent, remediate, or mitigate the risks resulting 
from vulnerabilities of critical infrastructure assets. (JP 1-02 and JP 3-28, Defense Support of Civil 
Authorities, 31 Jul 2013) Also see Defense Critical Infrastructure. 


PDD-63 set as a national goal the ability to protect the nation’s critical infrastructure from 
intentional attacks (both physical and cyber). Also see PPD-21, Critical Infrastructure Security and 
Resilience, 12 Feb 2013. PPD-21 identifies 16 critical infrastructure sectors; DoD is the sector- 
specific agency for the Defense Industrial Base (DIB). 


For DoD policy see DoDD 3020.40, DoD Policy and Responsibilities for Critical Infrastructure. 
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Critical Intelligence. Intelligence that is crucial and requires the immediate attention of the 
commander. (JP 2-0, Joint Intelligence, 22 Oct 2013) 


Critical National Asset (CNA). Any information, policies, plans, technologies, or capabilities that, if 
acquired (stolen), modified, or manipulated by an adversary, would seriously threaten US national or 
economic security. (NIP - FY 2009 Congressional Budget Justification Book, redacted version)* 


* Copy available at: «http:;//www.fas.org/irp/dni/cbjb-2009.pdf» (accessed 24 Jan 2013). 


Critical Program Information (CPI). Elements or components of an RDA [research, development & 
acquisition] program that, if compromised, could cause significant degradation in mission effectiveness; 
shorten the expected combat-effective life of the system; reduce technological advantage; significantly 
alter program direction; or enable an adversary to defeat, counter, copy, or reverse engineer the 
technology or capability. (DoDI 5200.39, CPI Protection within DoD, 16 Jul 2008 w/ change 1 dated 28 
Dec 2010) 


Note: DoDI 5200.39 is under revision, proposed revised definition for CPI: U.S. capability 
elements that contribute to the warfigthers' technical advantage throughout the life cycle, which if 
compromised or subject to unauthorized disclosure, decrease the advantage. U.S. capability 
elements may include, but are not limited to, technologies and algorithms residing on the system, 
its training equipment, or maintenance support equipment. 


It is DoD policy (IAW DoDI 5200.39) to provide uncompromised and secure military systems to the 
warfighter by performing comprehensive protection of CPI through the integrated and synchronized 
application of Counterintelligence, Intelligence, Security, systems engineering, and other defensive 
counter-measures to mitigate risk. 


Failure to apply consistent protection of CPI may result in the loss of confidentiality, integrity, or 
availability of CPI, resulting in the impairment of the warfighter's capability and DoD's technological 
superiority. 


CPI includes: information about applications, capabilities, processes, and end-items; elements or 
components critical to a military system or network mission effectiveness; and technology that 
would reduce the US technological advantage if it came under foreign control. 


CPI information shall be identified early in the research, technology development and acquisition 
processes, but no later than when a DoD Agency or military component demonstrates an 
application for the technology in an operational setting, in support of a transition agreement with a 
pre-systems acquisition or acquisition program, or in exceptional cases, at the discretion of the 
laboratory/technical director. 


Critical Technology. Technology or technologies essential to the design, development, production, 
operation, application, or maintenance of an article or service which makes or could make a significant 
contribution to the military potential of any country, including the United States. This includes, but is not 
limited to, design and manufacturing know-how, technical data, keystone equipment, and inspection and 
test equipment. (DoDI 2040.02, International Transfers of Technology, Articles and Services, 10 Jul 2008) 
Also see dual-use, technology. 


DoD Policy - Critical Technology 


Dual-use and defense-related technology shall be treated as valuable national security resources, 
to be protected and transferred only in pursuit of national security and foreign policy objectives. 
Those objectives include ensuring that: critical U.S. military technological advantages are 
preserved; transfers which could prove detrimental to U.S. security interests are controlled and 
limited; proliferation of weapons of mass destruction and their means of delivery are prevented; 
and diversion of defense-related goods to terrorists is prevented. 


See DoDI 2040.02, International Transfers of Technology, Articles and Services, 10 Jul 2008. 
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Critical Thinking. A deliberate meta-cognitive (thinking about thinking) and cognitive (thinking) act 
whereby a person reflects on the quality of the reasoning process simultaneously while reasoning to 
a conclusion. The thinker has two equally important goals: coming to a solution and improving the way 
she or he reasons. (David T. Moore, Critical Thinking and Intelligence Analysis) 

-- Also, intellectual discipline of rigorously weighing evidence and assumptions, and assessing 
multiple hypotheses resulting in accurate, persuasive, and policy-relevant conclusions. (DIA, 2012-2017 
Defense Intelligence Agency Strategy) 


Critical Thinking and Intelligence Analysis, National Defense Intelligence College occasional paper 
no. 14, March 2007. 
Copy available at «http:;//www.au.af.mil/au/awc/awcgate/dia/ndic moore crit analysis hires.pdf- 


Also see The Foundation for Critical Thinking, www.criticialthinking.org, The Thinker's Guide to 
Analytical Thinking, 2007. 


Criticality. [In critical infrastructure usage] a metric used to describe the consequence 

of loss of an asset, based on the effect the incapacitation or destruction of the asset would have 

on DoD operations and the ability of the Department of Defense to fulfill its missions. (DoDI 3020.45, 
DCIP Management, 21 Apr 2008) 


Cross-cuing. The use of one intelligence source to initiate the collection against a particular target with 
another intelligence collector. Also see cueing. 


CI and HUMINT provide unique opportunities for enabling and cross-cuing other intelligence 
disciplines or capabilities. Cl and HUMINT sources can enable other intelligence collection 
disciplines or provide time sensitive "tip off" information to cue other collection capabilities. 

-- JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011, para 3b (p. V-2) 


Cryptanalysis. The steps and operations performed in converting encrypted messages into plain text 
without initial knowledge of the key employed in the encryption. (JP 1-02) 


Cryptography. The art and science concerning the principles, means, and methods for rendering plain 
information unintelligible and for restoring encrypted information to intelligible form. (DoDD 5100.20, NSA, 
26 Jan 2010) 


Cryptology. The science that deals with hidden, disguised, or encrypted communications. It includes 
communications security and communications intelligence. (JP 1-02) 


-- Also, the branch of knowledge that treats the principles of cryptography and cryptanalytics; and the 
activities involved in producing signals intelligence (SIGINT) and maintaining communications security 
(COMSEC). (DoDD 5100.20, NSA, 26 Jan 2010) 


Cryptonym. Code name; crypt or crypto for short, always capitalized. ...prefixes to code names are used 
to identify the nature of the clandestine source, [e.g., GT and CK] prefixes were both "diagraph" identifiers 
for the Soviet and East European program..... The diagraph is used in front of the cryptonym of the 
source as a more formal way of referring to the subject, not unlike putting "Mr." in front of "Smallwood." 
(Spy Dust) 


-- Also, a false name used in official correspondence to hide the identity of the agent, officer, or 
operation. (A Spy’s Journey) 


Cueing. The use of one or more sensor systems to provide data that directs collection by other systems. 
(term previously defined in FM 2-0, Intelligence, May 2004) Also see cross-cuing. 
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Cultivation. A deliberate and calculated association with a person for the purpose of recruitment, 
obtaining information, or gaining control. (AFOSI Instruction 71-101, 6 Jun 2000) 


-- Also, apparently casual but actually deliberate and calculated effort to gain control of an individual, 
induce him to furnish information, and agree to recruitment. Cultivation can extend over a considerable 
periods of time. (FBI FCI Terms) 


Cultural Intelligence. Knowledge resulting from all-source analysis of cultural factors, which assists in 
anticipating the actions of people or groups of people. (National Intelligence: Consumer's Guide - 2009). 


Current Intelligence. Within DoD: None — term removed from JP 1-02 per JP 2-0 Joint Intelligence, 22 
Oct 2013. 


Previously defined as: one of two categories of descriptive intelligence that is concerned with 
describing the existing situation. 


Custodial Interview. Interview conducted of a subject following formal arrest or detention. Subjects are 
made fully aware of their deprivation of freedom or their "in custody" status. (Army FM 2.22-2, Cl, Oct 
2009). 


Cutout. An intermediary or device used to obviate direct contact between members of a clandestine 
organization. (JP 1-02) 


-- Also, an intermediary used to obviate direct linkage between either the origin or destination of an 
intelligence operation or action. (Defense HUMINT Enterprise Manual 3301.002, Vol II Collection 
Operations, 23 Nov 2010) 


-- Also, an individual whose services are used to prevent contact and recognition between specific 
members of an intelligence service with the purpose of providing compartmentation and security. (AFOSI 
Manual 71-142, OFCO, 9 Jun 2000) 


-- Also, a mechanism or person that acts as a compartment between the members of an operation 
but which allows them to pass material or messages securely. (CI Centre Glossary) 


Cyber. 1) Any process, program, or protocol relating to the use of the Internet or an intranet, automatic 
data processing or transmission, or telecommunication via the Internet or an intranet; and 2) any matter 
relating to, or involving the use of, computers or computer networks. (Cybersecurity Act of 2009) 


Cyber Attack. An attack, via cyberspace, targeting an enterprise's use of cyberspace for the purpose of 
disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or 
destroying the integrity of the data or stealing controlled information. (CNSSI No. 4009, National 
Information Assurance Glossary, 26 April 2010) Also see cyber espionage, cyber threat. 


Disruptive and destructive cyber attacks are becoming a part of conflict between states, within 
states, and among nonstate actors. The borderless nature of cyberspace means anyone, anywhere 
in the world, can use cyber to affect someone else. ... The rise of cyber is the most striking 
development in the post-9/11 national security landscape. 
-- General Martin E. Dempsey (USA), Chairman of the Joint Chiefs of Staff, June 2013 
(Quoted in Army Magazine, August 2013, p. 8) 


Cyber attack is a non-kinetic offensive operation intended to create physical effects or to 
manipulate, disrupt, or delete data. It might range from a denial-of-service operation that 
temporarily prevents access to a website, to an attack on a power turbine that causes physical 
damage and an outage lasting for days. 

-- DNI, Worldwide Threat Assessment of the US Intelligence Community, SSCI, 12 Mar 2013 
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Existential Cyber Attack is defined as an attack that is capable of causing sufficient wide scale 
damage for the government potentially to lose control of the country, including loss or damage to 
significant portions of military and critical infrastructure: power generation, communications, fuel 
and transportation, emergency services, financial services, etc. 
-- Defense Science Board, Task Force Report: Resilient Military Systems and the Advanced Cyber 
Threat, Jan 2013; copy at: <http://www.acq.osd.mil/dsb/reports/ResilientMilitarySystems.CyberThreat.pdf> 


Also see P.W. Singer and Allan Friedman, Cybersecurity and Cyberwar: What Everyone Needs To 
Know (2014) 


-- Also, Cyberattack: deliberate disruption of a computer system or network and functions delivered or 
supported by it. (National Research Council - 2009) 


Cyberattacks 


Financial 


Cyber Crime Cyber Spies 
Cyber 


Espionage 


| | 
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Hacktivism 
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Adapted from: Eric Rosenbach and Robert Belk, "U.S. Cybersecurity: The Current Threat and Future Challenges," Nicholas Burns 
and Jonathon Price, Editors., Securing Cyberspace: A New Domain for National Security, 2012, Figure 1, p. 44 


Cyber attacks are growing in frequency, scale, complexity and destructiveness. 
Cyber attacks are a way of life... since 2006, cyber incidents against the USG increased 782% (GPO). 


Cyber Counterintelligence. Counterintelligence, by any means, where a significant target or tool of the 
adversarial activity is a computer, computer network, embedded processor or controller, or the 
information thereon. (The United States Government-Wide Cyber Counterintelligence Plan - 2009 (U)) 
Also see counterintelligence activities in cyberspace; cyberspace. 


* Note: Within DoD the term "cyber counterintelligence “ to be withdrawn from JP 1-02; 
see Counterintelligence Activities in Cyberspace. 


Cyberspace is a venue. 
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Cyber Effect: The manipulation, disruption, denial, degradation, or destruction of computers, information 
or communications systems, networks, physical or virtual infrastructure controlled by computers or 
information systems, or information resident thereon. (PDD-20, US Cyber Operations Policy (U), 16 Oct 
2012) 


Cyber Electromagnetic Activities (CEMA). Activities leveraged to seize, retain, and exploit an advantage 
over adversaries and enemies in both cyberspace and the electromagnetic spectrum, while 
simultaneously denying and degrading adversary and enemy use of the same and protecting the mission 
command system. (Army FM 3-13, Inform and Influence Activities, Jan 2013) 


CEMA consist of cyberspace operations (CO), electronic warfare (EW), and spectrum 
management operations (SMO). 


See Army FM 3-38, Cyber Electromagnetic Activities, 12 Feb 2014. 


Cyber Espionage. Refers to intrusions into networks to access sensitive diplomatic, military, or economic 
information. (DNI, Worldwide Threat Assessment of the US Intelligence Community, SSCI, 12 Mar 2013) 
Also see cyber attack, cyber threat. 


-- Also, the act or practice of obtaining secrets without the permission of the holder of the information 
(personal, sensitive, proprietary or of classified nature), from individuals, competitors, rivals, groups, 
governments and enemies for personal, economic, political or military advantage using illegal exploitation 
methods on internet, networks or individual computers... (Wikipedia at 
<http://en.wikipedia.org/wiki/Cyber_espionage>; accessed 5 Jan 2010) 


"Counterintelligence...is now a concern for every organization that lives on electronic 
networks and has secrets to keep. Information is liquid and liquid leaks." 


-- Joel Brenner (former NCIX), America the Vulnerable,: Inside the New Threat Matrix of Digital Espionage, 
Crime, and Warfare, 2011, p. 64. 


Cyber Exploitation: Penetration of an adversary's computer system or network to seize information 
(National Research Council, 2009) 


Essentially an intelligence-gathering activity, e.g., Ghostnet, Operation Aurora. Technically, 
exploits and attack can be similar, i.e., utilize same access vector and manipulate same 
vulnerability. 


“Distinction between intelligence collection and damage to systems is a few key strokes" 
-- Richard A. Clarke, Author of Cyber War 


Cyber Incident. Any attempted or successful access to, exfiltration of, manipulation of, or impairment to 
the integrity, confidentiality, security, or availability of data, an application, or an information system, 
without lawful authority. (NSPD-54 / HSPD-23) 


Cyber Intrusion Damage Assessment. A managed, coordinated, and standardized process conducted to 
determine the impact on future defense programs, defense scientific and research projects, or defense 
warfighting capabilities resulting from an intrusion into a DIB unclassified computer system or network. 
(DoDD 5505.13E, DoD Executive Agent for the DoD Cyber Crime Center [DC3], 1 Mar 2010) 


Cyber Persona. An identity used in cyberspace to obtain information or influence others, while 
dissociating the actor's true identity or affiliation. (DoDI S-5240.23, Cl Activities in Cyberspace, 13 Dec10 
with change 1 dated 16 Oct 2013) 
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Cyber Power. The ability to use cyberspace to create advantages and influence events in other 
operational environments and across the instruments of power. (Daniel T. Kuehl, “From Cyberspace to 
Cyberpower: Defining the Problem," in Franklin D. Kramer, Stuart Starr, and Larry K. Wentz, eds., 
Cyberpower and National Security, Washington, D.C.: National Defense University, 2009) 


Cyber power can be used to produce preferred outcomes within cyberspace or it can be use cyber 
instruments to produce preferred outcomes in other domains outside cyberspace. 


See "Cyber Power" by Joseph S. Nye, Harvard Kennedy School, May 2010; available online at: 
belfercenter.ksg.harvard.edu/files/cyber-power.pdf 


Cyber Security (or Cybersecurity). Measures taken to protect a computer network, system, or electronic 
information storage against unauthorized access or attempted access. (DoDI 5205.13, Defense Industrial 
Base Cyber Security/Information Assurance Activities, 29 Jan 2010 w/ chg 1 dated 21 Sep 2012) Also 
see computer security; information security (INFOSEC). 


-- Also, includes preventing damage to, unauthorized use of, or exploitation of electronic information 
and communications systems and the information contained therein to ensure confidentiality, integrity, 
and availability; also includes restoring electronic information and communications systems in the event 
of a terrorist attack or natural disaster. (DoDD 3020.40, DoD Policy and Responsibilities for Critical 
Infrastructure, 14 Jan 2010 w/ chg 2 dated 21 Sep 2012) 


- Also, the ability to protect, defend, and maintain availability, confidentiality, authentication, and 
integrity of networks, systems, and the data resident therein. (DoD Strategy for Operating in Cyberspace, 
May 2011) 


-- Also, the ability to protect or defend the use of cyberspace from cyber attacks. (CNSSI No. 4009, 
National Information Assurance Glossary, 26 April 2010) 


Cybersecurity threats represent one of the most serious 
national security, public safety, and economic challenges we face as a nation. 
-- National Security Strategy - 2010 


“Cybersecurity vulnerabilities challenge governments, businesses, and individuals worldwide. 
Attacks have been initiated by individuals, as well as countries. Targets have included government 
networks, military defenses, companies, or political organizations, depending upon whether the 
attacker was seeking military intelligence, conducting diplomatic or industrial espionage, or 
intimidating political activists. In addition, national borders mean little or nothing to cyberattackers, 
and attributing an attack to a specific location can be difficult, which also makes a response 
problematic.” 

-- CRS Report, Cybersecurity: Authoritative Reports and Resources, 25 Oct 2013 

Copy available at: <http://www.fas.org/sgp/crs/misc/R42507.pdf> 


“As long as nations rely on computer networks as a foundation for military and economic power 
and as long as such computer networks are accessible to the outside, they are at risk.” 


-- Rand Report, “Cyberdeterrence and Cyberwar,” by Martin C. Libicki (2009) 


“America is being ‘invaded,’ every hour of every day, by hostile forces using computers...from minor 
annoyances by young computer hackers to those from sophisticated nations and could cost 
American lives...the irony is that this new threat stems from the technical sophistication that helps 
make the US military the strongest in the world.” 


-- John Randle, Voice of America, Future War in Cyberspace 
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U.S. military networks "are constantly under attack. They are probed thousands of times a day. 
They are scanned millions of times a day. And the frequency and sophistication of attacks are 
increasing exponentially." 


"The power to disrupt and destroy, once the sole province of nations, now also rests with small 
groups and individuals, from terrorist groups to organized crime, from hacker activists to teenage 
hackers, from industrial spies to foreign intelligence services." 


-- William Lynn, Deputy Secretary of Defense 
(as quoted in "In Cyber War, Most of U.S. Must Defend Itself," by William Matthews, DefenseNews, 1 Feb 2010, p. 29) 


"Forcing Cybersecurity into a simplified unitary framework limits our choices and underestimates 
the complexity of the most novel and serious disruptive threat to our national security since the 
onset of the nuclear age sixty years ago." 


-- Michael Chertoff, Former US Secretary of Homeland Security & John M. McConnell, Former DNI 
As quoted in Securing Cyberspace: A new Domain for National Security, 2012, p. 192 


Cyber security within the military is daunting — "The Department operates over 15,000 networks 
and 7 million computing devices across hundreds of installations in dozens of countries around 
the globe." 
-- Zachary J. Lemnios, Assistant Secretary of Defense for Research and Engineering, 20 March 2012 
Testimony before the Senate Armed Services Committee hearing on Emerging Threats and Capabilities 


"In the cyber realm, new exploits can render defenses that seemed effective obsolete in a matter of 
seconds. Given the speed with which cyber capabilities can be created and the relatively low cost 
for entry, the potential for possibly far-reaching technological surprise is very high." 
-- Dr. James S. Perry, Director of Information Systems Analysis Center at Sandia National Laboratories, 
20 March 2012. Testimony before the Senate Armed Services Committee hearing on Emerging Threats 
and Capabilities 


*Repeated cyber intrusions into critical infrastructure demonstrate the need for improved 
Cybersecurity. The cyber threat to critical infrastructure continues to grow and represents one of 
the most serious national security challenges we must confront." 

-- EO 13636, Improving Critical Infrastructure Cybersecurity, 12 Feb 2013 


See the "The Comprehensive National Cybersecurity Initiative" at: 
<http:/www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative> 


Also see Committee on National Security Systems, National Information Assurance (IA) Glossary, 
April 2010, <http:/Awww.cnss.gov/Assets/pdf/cnssi_4009.pdf> 


Also see P.W. Singer and Allan Friedman, Cybersecurity and Cyberwar: What Everyone Needs To 
Know (2014) 


Cyberattacks are possible only because systems have flaws. 


Cyber Threat. The cyber threat is characterized in terms of three classes of increasing sophistication: 1) 
those practitioners who rely on others to develop the malicious code, 2) those who can develop their own 
tools to exploit publically known vulnerabilities as well as discovering new vulnerabilities, and 3) those 
who have significant resources and can dedicate them to creating vulnerabilities in systems. (Defense 
Science Board, Task Force Report: Resilient Military Systems and the Advanced Cyber Threat, Jan 2013) 
Also see cyber attack, cyber espionage, cyber threat investigation. 
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Cyber Threat 
Serious & increasing. x 
-———-— 


e D 
^M Insiders... -fo. 
; Terrorists rs 


Traitors 
Disgruntled Employees 


Foreign Corporations N 
l Industrial Spies —— 


Nation States... 


Research Institutes 
1 Foreign Intel Entities 


-— Criminals... 
Drug Cartels 
Organized-Crime 


Cyber Extortionists 


In cyberspace, mnm. a 0 at the speed of light... 


> Cyber spying & attacks against U.S. exponentially increasing every year 
Om > Over 120 nations have some form of computer attack capability! 
— : > Distinction between intel collection and damage to systems is a few key strokes? 
N > Cyber incidents reported by federal agencies increased 782% since 2006? 
> Unauthorized scans & probes of DoD networks... over 3 million every day* 


Hackers... — 


Novice / Recreational 
Activists 


6 E True origins & ultimate purpose of intrusions... 
Criminal, Hacker, Terrorist, or Foreign Intelligence — initially who can tell? 
Mark L Reagan - 26 June 2003 ! Government Accounting Office (GAO) ? According to GAO (FCW.com, 18 Jul 2013) UNCLASSIFIED 
Updated 20 July 2013 ? Richard A. Clarke, author of Cyber War !"Whacking Hackers,” Newsweek, 15 Oct 2007, p. 10 
Cyber Threat 


"In the United States, we define cyber threats in terms of cyber attacks and cyber espionage. A 
cyber attack is a non-kinetic offensive operation intended to create physical effects or to 
manipulate, disrupt, or delete data. It might range from a denial-of-service operation that 
temporarily prevents access to a website, to an attack on a power turbine that causes physical 
damage and an outage lasting for days. Cyber espionage refers to intrusions into networks to 
access sensitive diplomatic, military, or economic information." 
-- James R. Clapper, DNI, Statement for the Record, Worldwide Threat Assessment of the US Intelligence 
Community, Senate Committee on Armed Services, 18 April 2013 


The cyber threat the United States faces is increasing in severity and is accessible to a wide range 
of enemies. "Most of what we see today is exploitation -- that's theft, stealing secrets, either 
commercial or military... we know the tools exist to destroy things, to destroy physical property, to 
destroy networks, to destroy data, maybe even take human lives." 

-- Deputy Defense Secretary William J. Lynn III in a television interview on PBS 14 July 2011 


The FBI has noted three primary categories of cyber threat actors: 


"[1] organized crime groups that are primarily threatening the financial services sector, 
and they are expanding the scope of their attacks; 

[2] state sponsors—foreign governments that are interested in pilfering data, including 
intellectual property and research and development data from major manufacturers, 
government agencies, and defense contractors; and 

[3] increasingly there are terrorist groups who want to impact this country the same way 
They did on 9/11 by flying planes into buildings. They are seeking to use the network 
to challenge the United States by looking at critical infrastructure to disrupt or harm the 
viability of our way of life." 

-- FBI, The Cyber Threat: Part 1: On the Front Lines With Shawn Henry, 27 March 2012, 
http://www. fbi.gov/news/stories/2012/march/shawn-henry_032712/shawn-henry_032712 
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Foreign intelligence and security services have penetrated numerous computer networks of US 
Government, business, academic, and private sector entities. Most detected activity has targeted 
unclassified networks connected to the Internet, but foreign cyber actors are also targeting 
classified networks. 

-- DNI, Worldwide Threat Assessment of the US Intelligence Community, SSCI, 12 March 2013, p. 2 


[C]omputer network 'exploitation' and 'disruption' activities such as denial-of-service attacks will 
continue. ...the likelihood of a 'destructive' attack that deletes information or renders systems 
inoperable will increase as malware and attack tradecraft proliferate. 

-- DNI, Worldwide Threat Assessment of the US Intelligence Community, SSCI, 29 January 2014, p. 1 


Cyber Threat Investigation. Any actions taken within the United States, consistent with applicable law 
and presidential guidance, to determine the identify, location, intent, motivation, capabilities, alliances, 
funding, or methodologies of one or more cyber threat groups or individuals. (NSPD-54 / HSPD-23) 


-- Also, actions taken, consistent with applicable law and Presidential guidance, to determine the 
identify, location, intent, motivation, capabilities, alliances, funding, or methodologies of one or more FIEs 
[Foreign Intelligence Entities], that has attempted to penetrate or has, in fact, penetrated a DoD, IC, or 
DIB [defense industrial base] information system. (DoDI S-5240.23, Cl Activities in Cyberspace (U), 

13 Dec 2010 with change 1 dated 16 Oct 2013) 


Attribution is a major problem in the cyber realm 

"Who: Attribution... blurry lines between various types of malicious activity in cyberspace may 
make it difficult for investigators to attribute an incident to a specific individual or organization. 
Criminal attribution is a key delineating factor between cybercrime and other cyber threats. When 
investigating a given threat, law enforcement is challenged with tracing the action to its source and 
determining whether the actor is a criminal or whether the actor may be a terrorist or state actor 
posing a potentially greater national security threat." 

-- CRS Report R42547, Cybercrime: Conceptual Issues for Congress & U.S. Law Enforcement, 23 May 2012 


"The damage caused by malicious activity in cyberspace is enormous and unrelenting. Every year, 
cyber attacks inflict vast damage on our Nation's consumers, businesses, and government 
agencies. This constant cyber assault has resulted in the theft of millions of Americans' identities; 
exfiltration of billions of dollars of intellectual property; loss of countless American jobs; vulnerability 
of critical infrastructure to sabotage; and intrusions into sensitive government networks." 

-- Senator Sheldon Whitehouse, 14 April 2011 


James Clapper, Director of National Intelligence, noted that “/t]jwo of our greatest strategic 
challenges regarding cyber threats are: (1) the difficulty of providing timely, actionable warning 
of cyber threats and incidents, such as identifying past or present security breaches, definitively 
attributing them [emphasis added], and accurately distinguishing between cyber espionage 
intrusions and potentially disruptive cyber attacks; and (2) the highly complex vulnerabilities 
associated with the IT supply chain for US networks." 
-- Office of the Director of National Intelligence, Unclassified Statement for the Record on the 
Worldwide Threat Assessment of the US Intelligence Community for the Senate Select Committee 
on Intelligence, 31 Jan 2012, p. 8. 


Attribution in cyber is always going to be difficult. 
Missiles come with a return address, cyber attacks do not. 
-- William Lynn, US Deputy Secrete of Defense 
Interview Defense News, 18 July 2011 
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Cyber Threats. Natural or man-made incidents (intentional or unintentional) that would be detrimental 
to the cyber domain, or which are dependent on or operate through cyberspace/cyber domain. (Cyber 
Threats to National Security, Symposium Five, 2011) Also see cyber threat. 


In the United States, we define cyber threats in terms of cyber attacks and cyber espionage. 


-- Hon. James R. Clapper, DNI, Statement for the Record Worldwide Threat assessment of the US 
Intelligence Community, Senate Committee on Armed Services,18 Apr 2013 


Cyber Threat 


Increasing danger... 


Worldwide Internet Users: 
44M in 1995... 1B in 2005... 2B in 2010... 3B by end 2014 


“,-an increasing number of adversaries are developing new 
options for exerting leverage over the United States through 
cyberspace... Creating damage as well as conducting 
espionage against the U.S. Cyberspace provides 
clear avenues and the prospect of anonymity." 


~ National Intelligence Council (June 2003) 


Criminals, terrorists, and foreign governments are exploiting 
the anonymity and global reach of the Internet to — 


> Attack the U.S. information infrastructure 

> Perform reconnaissance for physical attack 
> Conduct hostile information operations 

> Steal money, identities, and secrets 

» Potentially undermine the U.S. economy 


(3 


Source: "Cybersecurity for the Homeland" (Dec 2004), Report of the Activities and Findings by the Chairman and Ranking Member Subcommittee 
on Cybersecurity, Science, and Research & Development, US House of Representatives Select Committee on Homeland Security, pages 3 & 10 


Prepared by Mark L Reagan — 3 Jan 2006 JNCLASSIFIED 
Update 9 Jun 2014 


Cyber-Terrorism. A criminal act perpetrated by the use of computers and telecommunications 
capabilities, resulting in violence, destruction and/or disruption of services, where the intended purpose is 
to create fear by causing confusion and uncertainty within a given population, with the goal of influencing 
a government or population to conform to a particular political, social or ideological agenda. (FBI) 


-- Also, cyberterrorism: the unlawful attacks and threats of attack against computers, networks, and 
the information stored therein when done to intimidate or coerce a government or its people to further 
political or social objectives. Actors who engage in these kinds of activities are commonly referred to as 
Cyber terrorists. (Cyber Threats to National Security, Symposium Five, 2011) 

Cybercrime. Crime involving use of a computer system or network. 


Typically involves data theft (e.g., credit cards, etc.) or transmission (e.g., child porn). 


"Cybercriminals also threaten US economic interests. They are selling tools, via a growing black 
market, that might enable access to critical infrastructure systems or get into the hands of state and 
nonstate actors. In addition, a handful of commercial companies sell computer intrusion kits on the 
open market. These hardware and software packages can give governments and cybercriminals 
the capability to steal, manipulate, or delete information on targeted systems. Even more 
companies develop and sell professional-quality technologies to support cyber operations—often 
branding these tools as lawful-intercept or defensive security research products. Foreign 
governments already use some of these tools to target US systems." 

-- Hon. James R. Clapper, DNI, Statement for the Record, Worldwide Threat Assessment of the US 

Intelligence Community, Senate Committee on Armed Services, 18 April 2013 
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Cyberexploitation. Penetration of an adversary's computer system or network to seize information. 
(National Research Council - 2009) 


Essentially an intelligence-gathering activity, e.g., Ghostnet, Operation Aurora. 


Cyberspace. A global domain within the information environment consisting of the independent networks 
of information technology infrastructures and resident data, including the Internet, telecommunications 
networks, computer systems, and embedded processors and controllers. (JP 1-02 and JP 3-12, 
Cyberspace Operations, 5 Feb 2012) Also see cyberspace domain. 


-- Also, the interdependent network of information technology infrastructures that includes the 
Internet, telecommunications networks, computers, information or communications systems, networks, 
and embedded possessors and controllers. (PPD-20, U.S. Cyber Operations Policy (U), 16 Oct 2012) 


-- Also, the interdependent network of information technology infrastructures, and includes the 
Internet, telecommunications networks, computer systems, and embedded possessors and controllers 
in critical industries. (NSPD-54 / HSPD-23, 8 Jan 2008) 


-- Also, the range of information and resources available through computer networks — especially the 
Internet. (ODNI Cyberspace Initiative) 


-- Also, a global domain within the information environment consisting of the independent network of 
information technology infrastructures, including the Internet, telecommunications networks, computer 
systems, and embedded processors and controllers. (CNSSI No. 4009, National Information Assurance 
Glossary, 26 April 2010) 


CYBERSPACE TODAY 


Land 
domain 


“DoD will treat cyberspace as an operational domain...” 
-- DoD Strategy for Operating in Cyberspace, July 2011 


-- Adapted from RAND Graphic 
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In cyberspace, the war has begun... 


Cyberspace is a decentralized domain characterized by increasing global connectivity, ubiquity, 
and mobility, where power can be wielded remotely, instantaneously, inexpensively, and 
anonymously. This environment presents enormous challenges and unprecedented opportunities... 


Cyberspace is a domain that requires man-made technology to enter and exploit. Effects of 
cyberspace operations can occur simultaneously in many places and they can be precise, broad, 
enduring and transitory. 


Challenges -- Our national security is inextricably linked to the cyberspace domain, where conflict 
is not limited by geography or time. Cyberspace crosses geographic and jurisdictional boundaries. 
The expanding use of cyberspace places United States' interests at greater risk from cyber threats 
and vulnerabilities. Cyber actors can operate globally, within our own borders, and within the 
borders of our allies and adversaries. The complexity and amount of activity in this evolving domain 
make it difficult to detect, interdict, and attribute malicious activities. 


Threats to cyberspace pose one of the most serious economic and national security challenges 
of the 21*' Century for the United States and our allies. On the flip side -- cyberspace offers DoD 
unprecedented opportunities to shape and control the battlespace to achieve national objectives. 


Cyberspace will become a main front in both irregular and traditional conflicts. Enemies in 
cyberspace will include both states and non-states and will range from the unsophisticated amateur 
to highly trained professional hackers. Through cyberspace, enemies will target industry, academia, 
government, as well as the military in the air, land, maritime, and space domains. In much the 
same way that airpower transformed the battlefield of World War Il, cyberspace has fractured the 
physical barriers that shield a nation from attacks on its commerce and communication. Indeed, 
adversaries have already taken advantage of computer networks and the power of information 
technology not only to plan and execute savage acts of terrorism, but also to influence directly the 
perceptions and will of the U.S. Government and the American population. 

-- The Joint Operating Environment 2010, US Joint Forces Command 


"[l]n cyberspace some malicious actors consider that no boundaries 
exist between military and civilian targets." 
-- Congressional Research Service, Report RL32114 (29 Jan 2008) 


* ..the United States will respond to hostile acts in cyberspace, 
as we would to any other threat to our country." 
-- International Strategy for Cyberspace, May 2011 


"Cyberspace is contested every day, every hour, every minute, every second. 
[The internet] lowers the bar for entry to the espionage game, both for 
states and for criminal actors. The threat is complex and not easily 
addressed by just building the security walls higher and higher." 


-- lain Lobban, Chief GCHQ, 13 October 2010 


"The myth persists that the United States hasn't been invaded since 1812. 
I'd like to inform you otherwise. And that is the fact that invasion 
through cyberspace is now a daily occurrence." 


-- Frank Ciffullo, Center for Strategic & International Studies 


“The cyber threat is serious, with potential consequences similar 
in some ways to the nuclear threat of the Cold War" 
-- Defense Science Board, Jan 2013 
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For additional information see: 


-- DoD website at: <http:/Awww.defense.gov/home/features/201 1/0411 cyberstrategy/» 

-- International Strategy for Cyberspace, May 2011 

-- DoD Strategy for Operating in Cyberspace (U), May 2011 (classified version) 

-- DoD Strategy for Operating in Cyberspace, July 2011 (unclassified version) 
Copy available at «http://www.defense.gov/home/features/201 1/0411 
cyberstrategy/docs/DoD Strategy for Operating in Cyberspace July 2011.pdf> 

-- ONCIX, Foreign Spies Stealing US Economic Secrets in Cyberspace: Report to Congress 
on Foreign Economic Collection and Industrial Espionage, 2009-201 1, October 2011 

-- DSS, Targeting US Technologies: A Trend Analysis of Reporting from Defense Industry — 
2012 

-- Defense Science Board, Task Force Report: Resilient Military Systems and the Advanced 
Cyber Threat, Jan 2013 
Copy at: <http://www.acq.osd.mil/dsb/reports/ResilientMilitarySystems.CyberThreat.pdf> 


Cyberspace Domain. A domain characterized by the use of electronics and electromagnetic spectrum 
to store, modify, and exchange data via networked systems and associated physical infrastructures. 
(Previously defined in DoDI S-5240.17, Cl Collection, 12 Jan 2009) 


Cyberspace Operations. The employment of cyber capabilities where the primary purpose is to achieve 
military objectives in or through cyberspace. (JP 1-02; and JP 3-0, Joint Operations, 11 Aug 2011) 


Cybervetting. Checking blogs, social media sites, and other Internet-based sources to identify issues of 
security concern applicable to people holding or seeking positions of trust. (PERSEREC; accessed 9 Jan 
2013) 


PERSEREC’s initial effort regarding cybervetting entailed working with the national security and 
law enforcement communities to identify the primary legal, privacy, policy, and procedural 
considerations that should be taken into account when establishing a cybervetting program. Pilot 
projects are planned to test the efficacy of cybervetting. In addition, a series of CyberPsychology 
studies are exploring how certain types of activities in cyber environments, such as Second Life, 
can spill over into negative affects [sic] on workplace reliability, judgment, and other areas of 
personnel security concern. 

-- PERSEREC at <http://www.dhra.mil/perserec/currentinitiatives.html#Cyber> (accessed 9 Jan 2013) 
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D ee ee nV 


Damage. A loss of friendly effectiveness due to adversary action. Synonymous with harm. (DSS 
Glossary) 


Damage Assessment. [In intelligence usage,] a determination of the effect of a compromise of classified 
information on national security. (JP 1-02 and JP 3-60, Joint Targeting, 18 Apr 2007) 


-- Also, the analysis of the impact on national security of a disclosure of classified information to an 
unauthorized person. (IC Standard 700-1, 4 Apr 2008) 


-- Also, systematic analysis that determines the impact of a compromise of classified information on 
the national security of the United States. (CI Community Lexicon) 


- Also, systematic, comprehensive examination of an intentional and/or inadvertent compromise of 
classified or sensitive information. (ONCIX, Damage Assessment Guide (U), 21 Mar 2008) 


See ONCIX's Damage Assessment Guide - October 2009 (U) for a standardized framework and 
outline of the processes and procedures involved in national-level damage assessment activity. 


Damage to the National Security. Harm to the national defense or foreign relations of the United States 
from unauthorized disclosure of information, taking into consideration such aspects of the information as 
the sensitivity, value, utility, and provenance of that information. (EO 13526, Classified National Security 
Information, 29 Dec 2009) 


Danger Signals. Prearranged signals or marks on walls, posts, etc., [used] as a communication system 
between agents or [case] officers to indicate that the opposition or active enemy is nearby, has been 
tipped off, or has the area under surveillance. (TOP SECRET: The Dictionary of Espionage and 
Intelligence, 2005) 


Dangle. A person controlled by one intelligence service who is made to appear as a lucrative and 
exploitable target to an opposing intelligence service. (HDI Lexicon, April 2008) Also see dangle 
operation; double agent; penetration; provocation. 


-- Also, an asset placed within the professional or personal view of a FIS [Foreign Intelligence 
Service] officer or agent with the intention of observing the actions of and possibly being recruited by the 
FIS. (AFOSI Manual 71-142, OFCO, 9 Jun 2000) 


-- Also, counterespionage terminology for the process of presenting an individual to a foreign 
intelligence service in a manner as to encourage his recruitment as an agent; as "to dangle" or a dangle 
operation. (CIA in D&D Lexicon, 1 May 2002) 


-- Also, an individual who deliberately appears available for recruitment. (Encyclopedia of Espionage, 
Spies, and Secret Operations, 3" Edition, 2012) 


If you wait for the enemy to come to you, you may not know when he does. 
...If the fish do not swim into your net, you have to give them a lure, a provocation, something that 
looks like a juicy worm but that has a hook in it. 
-- William R. Johnson, Thwarting Enemies at Home and Abroad (2009) 


...dangles were a doubled-edged sword, whose specter overshadowed every decision to recruit 
agents we believed to be real. ...Fear of them caused both the KGB and CIA to turn away 
countless volunteers. 

-- Victor Cherkashin, Former KGB Intelligence Officer and author of Spy Handler (2005) 
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Dangle Operation. An operation in which an enticing intelligence target is dangled in front of an 
opposition service in hopes they will think him or her a bona fide recruit. The dangle is really a double 
agent. (Spy Dust) Also see dangle; double agent penetration; provocation 


Database. Within DoD: None — term removed from JP 1-02. 


Previously defined in JP 2-0, Joint Intelligence (22 Jun 2007) as: information that is normally 
structured and indexed for user access and review. Databases may exist in the form of physical 
files (folders, documents, etc.) or formatted automated data processing system data files. 


Data Mining. A program involving pattern-based queries, searches or other analyses of | or more 
electronic databases, where -- (a) a department or agency of the Federal Government. or a non-Federal 
entity acting on behalf of the Federal Government, is conducting the queries, searches, or other analyses 
to discover or locate a predictive pattern or anomaly indicative of terrorist or criminal activity on the part of 
any individual or individuals; (b) the queries, searches, or other analyses are not subject-based and do 
not use personal identifiers of a specific individual. or inputs associated with a specific individual or group 
of individuals, to retrieve information from the database or databases; and (c) the purpose of the queries, 
searches, or other analyses is not solely- (i) the detection of fraud, waste, or abuse in a Government 
agency or program; or (ii) the security of a Government computer system. (Data Mining Reporting Act, 
$804(b)(I)(A)) 


This definition limits covered activities to predictive, pattern-based data mining, which is significant 
because analysis performed within the ODNI and its constituent elements for counterterrorism and 
similar purposes is often performed using various types of "link analysis" tools. 


Unlike "pattern-based" tools, these link analysis tools start with a known or suspected terrorist or 
other subject of foreign intelligence interest and use various methods to uncover links between that 
known subject and potential associates or other persons with whom that subject is or has been in 
contact. The Data Mining Reporting Act does not include such analyses within its definition of "data 
mining" because such analyses are not "pattern-based." 


-- ODNI 2009 Data Mining Report 


Data mining is finding key pieces of intelligence that may be buried in the mass of data available. 
Data mining uses automated statistical analysis techniques to search for the specific data 
parameters that intelligence professionals predetermine will answer their information requirements. 
Data mining can help organize the mass of collected data. 


-- ADRP 2-0, Intelligence, Aug 2012, p. 3-6 

DCAT. See Defense Counterintelligence Anomalies Team. 
DCII. See Defense Central Index of Investigations. 
DCIP. See Defense Critical Infrastructure Program. 
DCIP Assessment. A comprehensive assessment of a Defense Critical Asset consisting of an in-depth 
look based on current DoD DCIP Assessment benchmarks. (CJCSI 3209.01, Defense Critical 
Infrastructure Program, 9 Jan 2012) Also see Defense Critical Infrastructure Program. 
DCIP Cl Coverage Plan. A formally coordinated, comprehensive plan that outlines the Cl support to DCA 
and Tier 1 TCA protection. A DCIP CI coverage plan is prepared by the critical asset manager and 
identifies the appropriate support of DoD, non-DoD, and other Cl elements necessary to the development 
and validation of DoD-wide CI support to the DCIP. (DoDI 5240.19, CI Support to DCIP, 31 Jan 2014). 
Also see Defense Critical Infrastructure Program. 

If a "CI Support Plan (CISP)" has been developed for the DCIP organization and meets the 


requirements of the DCIP CI Coverage Plan IAW DoDI 5240.19 (Table 2) then another plan is not 
required. For CISPs see DoD Instruction 5240.24, Counterintelligence Activities Supporting RDA. 


100 


Page 361/ of 3957 


Page 3618 of 3957 


Counterintelligence Glossary -- Terms & Definitions of Interest for CI Professionals (9 June 2014) 


DCIP Threat Assessment. A compilation of strategic intelligence information incorporating multi-faceted 
threats facing DCAs [Defense Critical Assets] and Tier 1 TCAs [Task Critical Assets]. DCIP threat 
assessments address threats posed to DCAs from domestic and transnational terrorist elements, foreign 
intelligence and security services, and weapons of mass destruction. (DoDI 5240.19, CI Support to DCIP, 
31 Jan 2014) Also see Defense Critical Infrastructure Program. 


Dead Drop. A clandestine location for transferring material to or from an agent or asset. (National 
HUMINT Glossary) 


-- Also, a place where a person might leave communications or material in concealment for another 
person. It serves as a cutout between human elements of a clandestine organization. (AFOSI Instruction 
71-101, 6 Jun 2000) 


-- Also, a place, unattended by witting individuals, to which communications, materials, or equipment 
can be left by one individual and from which they can be taken by another individual without either 
meeting or, ordinarily, seeing one another. Also called a dead letter box, or simply drop. (AFOSI Manual 
71-142, OFCO, 9 Jun 2000) 


-- Also, a prearranged hidden location used for the clandestine exchange of packages, messages, 
and payments, which avoids the necessity of an intelligence officer and an agent being present at the 
same time. (FBI -- Affidavit: USA vs. Robert Philip Hanssen, 16 Feb 2001) 


-- Also, a secret location where materials can be left in concealment for another party to retrieve. 
This eliminates the need for direct contact in hostile situations. (CI Centre Glossary) 


-- Also, a preferred means of covert communications in denied areas, separates the agent and 
handler [case officer] by time, but carries the risk of leaving the package unattended in an environment 
that could change without warning. (Spycraft, p. 61) 


-- Also, pre-cased hiding places used by intelligence services to conduct [clandestine] exchanges with 
agents. (James M. Olson, Fair Play: The Moral Dilemmas of Spying, 2006) 


-- Also, a predetermined secret location where [case] officers and agents leave messages and other 
items for undetected collection by other parties. (Encyclopedia of the CIA, 2003) 


-- Also, a clandestine communications technique, the dead drop allows agents to exchange 
messages and other items without the need for a meeting that might attract the attention of hostile 
surveillance. The dead drop is usually an innocuous, prearranged site where a package or film canister 
can be secreted temporarily so it can be recovered by the addressee. Ideally, the location is sufficiently 
innocent to enable both parties to visit it, at different times, without compromising themselves. The use of 
dead drops is standard tradecraft for espionage professionals, and is usually associated with a remote 
signaling arrangement so both sides can indicate to the other when a particular drop is ready for 
servicing. The objective is to obviate the need for personal contact that in denied areas is high risk. 
(Historical Dictionary of Cold War Counterintelligence, 2007) 


Eliminates the need for direct contact... 


In intelligence usage, dead drops are used as a clandestine cut-out to avoid personal meetings 
which can draw attention to the connection between an intelligence officer/agent handler and an 
agent/asset. As a rule, a dead drop site is not used more than once. 


For a detailed description of dead drops and concealment devices, see Spycraft, pp. 388-400. 
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Debriefing. Systematically covering topics and areas with a voluntary source who consents to a formal 
interview. (Educing Information - Interrogation: Science and Art, Dec 2006) Also see strategic debriefing; 
educing information; elicitation; intelligence interrogation; interrogation; interview. 


-- Also, the systematic questioning of individuals to procure information to answer specific collection 
requirements by direct and indirect questioning techniques. (Defense HUMINT Enterprise Manual 
3301.002, Vol II Collection Operations, 23 Nov 2010; also Army FM 2-22.3, HUMINT Collector 
Operations, 6 Sep 2006) 


-- Also, [in detainee operations] the process of using direct questions to elicit intelligence information 
from a cooperative detainee to satisfy intelligence requirements. (DoDD 3115.09, DoD Intelligence 
Interrogations, Detainee Debriefings, and Tactical Questioning, 11 Oct 2012 w/ chg 1 dated 15 Nov 2013) 


-- Also, interviewing under other than hostile conditions, of an individual who has completed an 
intelligence assignment or who has, through observation, participation, or personal knowledge, 
information of intelligence or counterintelligence value or significance. (AR 381-20, Army Cl Program, 
25 May 2010) 


Counterintelligence debriefings are forms of overt collection entailing the questioning of human 
sources to satisfy Cl requirements. 


Debriefings are conducted to obtain CI information acquired by the Component’s own employees 

in the course of their duties. CI debriefings are also used to exploit the opportunity presented by 

walk-ins and other persons who contact CI elements to provide information of potential Cl interest. 
-- DoDI S-5240.17, (U) CI Collection Activities, 14 Mar 2014 (encl 3, para 2c(1)) 


Also see Appendix C "Counterintelligence Collection Methods (U)’ in JP 2-01.2, Counterintelligence 
and Human Intelligence in Joint operations (U), 16 Mar 2011 w/ chg 1 dated 26 Aug 2011. 


Debriefing Operations. Operations conducted to debrief cooperating sources may include refugees, 
émigrés, displaced persons (DPs), local populace, friendly forces, members of U.S. and foreign 
governmental and non-governmental organizations, as well as U.S. and foreign personnel employed 
within the academic, business, or scientific communities. The source may or may not be in custody, and 
their willingness to cooperate need not be immediate or constant. (DHE-M 3301.002, Vol II Collection 
Operations, 23 Nov 2010) 


Decentralized Execution. Delegation of execution authority to subordinate commanders. (JP 1-02) 


Deception. Those measures designed to mislead the enemy by manipulation, distortion, or falsification 
of evidence to induce the enemy to react in a manner prejudicial to the enemy's interests. (JP 1-02 and 
JP 3-13.4, Military Deception, 13 Jul 2006) Also see counterdeception; deception means; deception in 
support of OPSEC; denial, military deception. 


-- Also, deliberately manipulating information and perceptions in order to mislead. (Foreign Denial & 
Deception Committee, 30 Mar 2006) 


-- Also, an action intended by an actor to influence the perceptions, decisions, and actions of another. 
(CIA, A Tradecraft Primer: Structured Analytical Techniques for Improving Intelligence Analysis, June 
2005) 


-- Also, any attempt—by words or actions—intended to distort another person's or group's perception 
of reality. (Textbook of Political-Military Counterdeception: Basic Principles & Methods, August 2007) 


Deception is a fundamental ingredient of military art. 
All warfare is based on deception. 
-- Sun Tzu (400-320 B.C.) 
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Deception is the distortion of perceived reality 


"Deception is an instrument of policy.... [It] must be orchestrated to succeed." 
-- William R. Johnson, Thwarting Enemies at Home and Abroad (2009) 


Analysts should routinely consider that their information base is susceptible to deception-- the 
distortion of perceived reality. 


Richard Heuer, author of Psychology of Intelligence Analysis, notes that analysts often reject the 
possibility of deception because they see no evidence of it. He then argues that rejection is not 
justified under these circumstances. If deception is well planned and properly executed, one should 
not expect to see evidence of it readily at hand. Rejecting a plausible but unproven hypothesis too 
early tends to bias the subsequent analysis, because one does not look for the evidence that might 
support it. The possibility of deception should not be rejected until it is disproved or, at least, until a 
systematic search for evidence has been made and none has been found. 


See Deception 101 —A Primer on Deception (2004) by Joseph W. Caddell; available online at: 
<http://www.strategicstudiesinstitute.army.mil/pubs/display.cfm?pubID=589> 


Also see Textbook of Political-Military Counterdeception: Basic Principles & Methods (2007) by 
Barton Whaley, published by the National Defense Intelligence College. 
O, what a tangled web we weave, 
When first we practise to deceive! 
-- Sir Walter Scott, Marmion (1808) 


MASKIROVKA 
According to a declassified 1983 White House National Security Decision Directive -- 


The Soviet Union... doctrine of "maskirovka" [called] for the use of camouflage, concealment and 
deception (CC&D) in defense-related programs and in the conduct of military operations. They 
define maskirovka as a set of measures to deceive, or mislead, the enemy with respect to Soviet 
national security capabilities, actions, and intentions. These measures include concealment, 
simulation, diversionary actions and disinformation. 


-- National Security Decision Directive 108, Soviet Camouflage, Concealment and Deception, 12 Oct 1983 
(declassified). Copy available at <http://www.fas.org/irp/offdocs/nsdd/nsdd-108.pdf> 


Deception Channel. A means by which controlled information can be reliably transmitted to the target. 
(CIA in D&D Lexicon, 1 May 2002) 


Feeding the enemy self-destructive information is the oldest of arts.... A successful feed should 
not be considered an operation in and of itself, but rather the fruit of a long fight for control over a 
channel of information. Therein lies the art. 

-- Angelo Codevilla, Informing Statecraft: Intelligence for a New Century (1992), p. 349 


Deception In Support of OPSEC (DISO). A military deception activity that protects friendly operations, 
personnel, programs, equipment, and other assets from FISS [Foreign Intelligence Security Service] 
collection. (DoDI S-3604.01, Department of Defense Military Deception, 11 Mar 2013) Also see 
deception, military deception. 


The intent of DISO is to create multiple false indicators to confuse FISS, make friendly intentions 
harder to interpret by FISS, or to limit the ability of FISS to collect accurate intelligence on friendly 
forces. 


DISOs are not targeted against adversary military, paramilitary, or violent extremist organization 
decision-makers with the intent of eliciting a particular decision or reaction, but are targeted against 
a FISS or an adversary's intelligence collectors to protect friendly forces by masking, simulating, or 
dissimulating signatures and observables needed to ascertain friendly capabilities, intent, or 
vulnerabilities. 
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Deception Means. Methods, resources, and techniques that can be used to convey information to the 
deception target. There are three categories of deception means: 1) physical means -- activities and 
resources used to convey or deny selected information to a foreign power; 2) technical means -- military 
material resources and their associated operating techniques used to convey or deny selected 
information to a foreign power; and 3) administrative means -- resources, methods, and techniques to 
convey or deny oral, pictorial, documentary, or other physical evidence to a foreign power. (JP 1-02 and 
JP 3-13.4, Military Deception, 13 Jul 2006) 


-- Also, the vehicles or resources for conveying the deception story or deception-related information 
directly or indirectly to the target. These generally consist of sources accepted by the target as reliable or 
believable. Deception means have been subdivided into: physical, technical, administrative, and special 
means. (CIA in D&D Lexicon, 1 May 2002) 


Deception Target. The adversary decisionmaker with the authority to make the decision that will achieve 
the deception objective. (JP 1-02 and JP 3-13.4, Military Deception, 13 Jul 2006) 


Decipher. Convert enciphered text to plain text by means of a cryptographic system. (CNSSI No. 4009, 
National Information Assurance Glossary, 26 April 2010) 


Declared. An individual or action whose intelligence affiliation is disclosed. (HDI Lexicon, April 2008) 


-- Also, an officer, asset, agent, or action whose Agency affiliation is formally identified to a foreign 
intelligence or security service, government or organization, or other USG entity. (National HUMINT 
Glossary) 


Declassification. The authorized change in the status of information from classified information to 
unclassified information. (EO 13526, Classified National Security Information, 29 Dec 2009 and DoD IG 
Evaluation Guide, 22 Jan 2013) 


Deconfliction. The process of sharing information regarding collection between multiple agencies to 
eliminate potential duplication of effort, multiple unintended use of the same source, or circular reporting. 
(Previously in DoDI S-5240.17, CI Collection, 12 Jan 2009) 


Decoy. An imitation in any sense of a person, object, or phenomenon which is intended to deceive 
enemy surveillance devices or mislead enemy evaluation. (JP 1-02). 


Decode. Convert encoded text to plain text by means of a code. (CNSSI No. 4009, National Information 
Assurance Glossary, 26 April 2010) 


Decrypt. Generic term encompassing decode and decipher. (CNSSI No. 4009, National Information 
Assurance Glossary, 26 April 2010) 


Deduction. [One of the four basic types of reasoning applied to intelligence analysis,] it is the process of 
reasoning from general rules to particular cases. Deduction may also involve drawing out or analyzing 
premises to form a conclusion. (Cited in (DIA, /ntelligence Essentials for Everyone, June 1999) Also see 
abduction; induction; scientific method. 


For additional information see Knowledge Management in the Intelligence Enterprise by Edward 
Waltz (2003) and Critical Thinking and Intelligence Analysis by David Moore, JMIC Press (2006). 


Deep Cover. A cover for status designed to withstand close scrutiny by the opposition or through due 
diligence. (National HUMINT Glossary) 


Defection. Conscious abandonment of loyalty, duty, and principle to one's country. (AFOSI Manual 
71-142, OFCO, 9 Jun 2000) 
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-- Also, conscious (mental and/or physical) abandonment of loyalty, allegiance, duty, and principle to 
one's country. (ICS Glossary) 


Defector. A person who has consciously abandoned loyalty to his country and who possess intelligence 
information of value to another country or countries. (Cl Community Lexicon) 


-- Also, a person who, for political or other reasons, has repudiated his country and may be in 
possession of information of interest to the US Government. (ICS Glossary) 


-- Also, a person of any nationality, usually from a country whose interests are hostile or inimical to 
the U.S., who has escaped from the control of his or her country, is unwilling to return to that country, and 
is of special value to the U.S. Government because: he or she is able to add valuable new or confirmatory 
information to existing U.S. intelligence knowledge; he or she is, or has been, of operational or political 
value to a U.S. department or agency; or the defection can be psychologically exploited to the advantage 
of the U.S. (Defense HUMINT Enterprise Manual 3301.002, Vol II Collection Operations, 23 Nov 2010) 


“Next to penetrations (moles), defectors are 
your best weapon against alien intelligence services.” 
-- William R. Johnson, Thwarting Enemies at Home and Abroad (2009) 


An act of treason — a “defector is an individual who has committed treason, a person who first 
accepted identification with a regime and then betrayed his allegiance to cooperate with a hostile 
foreign intelligence service." 
-- Wilhelm Marbes, “Psychology of Treason,” in Studies of Intelligence, vol. 30, no. 2 (Summer 1986), 
pp. 1-11. Originally classified "Secret" [declassified]. 


Defectors *...certainly the next best thing to penetration. But defector information was finite: it 
ceased the moment the defector stepped out of his office and crossed to our side." 


-- Richard Helms, A Look Over My Shoulder: A Life in the Central Intelligence Agency(2003) 


"It's the job of intelligence agencies to distinguish between defectors who claim to have something 
to say and defectors who are lying and they obviously didn't do their job. The Germans didn't, and 
we didn't." 

-- Richard Perle regarding the Iraqi defector CURVEBALL, 15 Feb 2011 


"Sometimes the bona fides of a defector remain in dispute for many years, as is the case of Yuri 
Nosenko, who defected from the U.S.S.R. soon after the assignation of President John F. Kennedy 


in 1963.” 
-- Loch K. Johnson and James J. Wirtz, Intelligence and National Security: The Secret World of Spies 
(2008), p.299 


Defector in Place. See recruitment-in-place. 
Defense Attaché. See Senior Defense Official / Defense Attaché (SDO/DATT). 
Defense Attaché Office (DAO). An organizational element of the U.S. diplomatic mission through which 
the Defense Attaché System conducts its mission and to which may be attached or assigned such other 
military detachments or elements as the Secretary of Defense may direct. (DoDI C-5105.32, Defense 
Attaché System, 18 Mar 2009) Also see Senior Defense Official / Defense Attaché (SDO/DATT). 

-- Also, a DoD organization established as part of the U.S. diplomatic mission, through which the 


mission of the Defense Attaché System is accomplished. (DoDI C-5105.81, Implementing Instructions for 
DoD Operations at U.S. Embassies, 6 Nov 2008) 
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Defense Central Index of Investigations (DCII). An automated DoD repository that identifies 
investigations conducted by DoD investigative agencies. DCII does not contain eligibility information. 
(IC Standard 700-1, 4 Apr 2008) 


Effective 26 July 2010, DCII is operated and maintained by the Defense Manpower Data Center 
(DMDC) on behalf of the DoD components and USD(lI). See website at: <https://dcii.dmdc.osd.mil> 


Access to DCII is normally limited to DoD and other federal agencies that have adjudicative, 
investigative and/or counterintelligence missions. Although the DCII database is physically 
maintained by the DMDC the data it contains is the responsibility of the contributing agencies. 


-- Also, a centralized database, organized in a searchable format, of selected unique identifying 
information and security clearance data utilized by security and investigative agencies in the DoD, as well 
as selected other Federal agencies, to determine security clearance status and the existence or physical 
location of criminal and personnel security investigative files. The DCII database is physically maintained 
by the Defense Manpower Data Center; however, the data that it contains is the responsibility of the 
contributing agencies. (DoDI 5505.7, Titling & Indexing Subjects of Criminal Investigations in DoD, 27 Jan 
2012) 


-- Also, an alphabetical index of personal names and impersonal titles that appear as subjects of 
incidents in investigative documents held by the criminal, counterintelligence, fraud, and personnel 
security investigative activities of the Defense Investigative Service (DIS), the Defense Criminal 
Investigative Service (DCIS), and the NSA. DCII records will be checked on all subjects of DOD 
investigations. (AR 380-67, Personnel Security Program, 24 Jan 2014) 


Defense Clandestine Service (DCS). The primary DoD element authorized to conduct clandestine human 
intelligence (HUMINT) operations is response to high priority national-level intelligence requirements as 
identified by the USD(I). DCS shall operate worldwide, to include high CI threat and politically sensitive 
environments. Also see National Clandestine Service. 


See <hitp://www.defense.gov/news/newsarticle.aspx?id=1 16064> 


Also see classified SECDEF memorandum, subj: (U) Established of the Defense Clandestine 
Service, 20 Apr 2012 


-- Also, [a DoD organization that] conducts human intelligence (HUMINT) operations to answer 
national-level defense objectives for the President, the Secretary of Defense, and senior policymakers. 
The civilian and military workforce of the DCS conducts clandestine and overt intelligence operations in 
concert with the Central Intelligence Agency, the Federal Bureau of Investigation, and our Military 
Services to accomplish their mission in defense of the Nation. (www.dia.mil/dcs/; accessed 5 Sep 2013) 


Defense Combating Terrorism Center (DCTC). A functional center with the Defense Intelligence Agency 
focused on terrorism intelligence and related issues within DoD. 


Previously known as the Joint Intelligence Task Force for Combating Terrorism (JITF-CT). In the 
fall of 2012, JITF-CT, the Joint Threat Finance Intelligence Office (JTF), selected elements from 
the Defense CI & HUMINT Center, and DIA elements from the Counternarcotics and Western 
Hemisphere Office (CNW), transitioned into a single center -- the Defense Combating Terrorism 
Center (DCTC). 


DCTC is the lead national-level, all-source international terrorism intelligence effort within DoD. It is 
DoD’s all-source national-level intelligence fusion center responsible for enabling DoD counter- 
terrorism and force protection operations. DCTC analytical assessments address terrorist 
capabilities, activities and intentions, including terrorist finance activity; see DoDD 2000.12 and 
DoDI 2000.12. 


DIA's Office of Counterintelligence(OCl) focuses on the intelligence apparatus and intelligence 
activities of international terrorists. In instances where the two missions intersect, DCTC and OCI 
collaborate and coordinate to ensure that DIA presents a timely, accurate, and consistent picture of 
the threat to U.S. forces and interests around the world. 
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Defense Counterintelligence and Human Intelligence Center (DCHC). Previously a center within the 


Defense Intelligence Agency (DIA) for counterintelligence and human intelligence that was established on 
3 August 2008. DCHC was disestablished 28 Jan 2013 by Dir DIA (DIA Vision2020). 


Defense Counterintelligence Anomalies Team (DCAT). [DoD CI element that] provides analysis and 
deconfliction of anomalies and identifies and shares Cl insider threat trends with the DoD Components. 
The DCAT develops, promotes, expands, and improves upon insider threat detection efforts by reaching 
across organization boundaries and cultivating awareness of anomalies. (DoD Manual 5240.26, CI 
Insider Threat Program, draft 20 Nov 2013) See anomalies. 


DoD Components report and handle “anomalies” in accordance with DoDD O-5240.02 
(Counterintelligence) and DoDI 5240.26 (Countering Espionage, International Terrorism, and the Cl 
Insider Threat). 


Defense Counterintelligence Components. DoD organizations that perform national and DoD 
counterintelligence and counterintelligence-related functions, including the DoD Counterintelligence Field 
Activity and the counterintelligence elements of the Military Departments, the Defense Agencies with 
organic counterintelligence, the Joint Staff, the Office of the Secretary of Defense, and the Combatant 
Commands. (DoDD 5143.01, USD/I, 23 Nov 2005) 


Defense Counterintelligence Enterprise. The collective of DoD organizations authorized to conduct 
counterintelligence and related activities. See Defense Counterintelligence Components, 


Defense Counterintelligence Knowledge Base (DCIKB). Serves the Defense CI enterprise as the web- 
enabled system for collecting observations of Cl best practices and lessons learned, disseminating these 
across DoD CI, conducting triage for further action and facilitating change. 


DCIKB collects, analyzes, manages, and disseminates knowledge gained through operational 
experience, exercises, and supporting activities in order to achieve higher levels of performance 
and to provide information and analysis on emerging issues and trends. 

-- NIPRNet website at: <https//sss.mccll.usmc/dcikb> 

-- SIPRNet website at: «www.mccll.usmc.smil.mil/dcikb- 


Defense Counterintelligence Manager. The official responsible who provides the centralized 
management of Defense Cl Enterprise-wide activities. (DoDD O-5240.02, Cl, 20 Dec 2007 with change 1 
dated 30 Dec 2010) 


Director DIA serves as the Defense CI Manager, with responsibility to provided for central 
management of Defense Cl Enterprise-wide activities (see O-DoDD 5240.02, para 5.3.1). 

This role is a corollary to the Director DIA's role as the Defense HUMINT Manager; see Defense 
HUMINT Manager. 


Defense Courier Service (DCS). A global courier network for the expeditious, cost-effective, and secure 
distribution of highly classified and sensitive material. 


For DoD policy see DoDI 5200.33, Defense Courier Operations (DCO), 30 Jun 2011. 


DCS is under the United States Transportation Command (USTRANSCOM). On 15 November 
2005, the Defense Courier Division (TCJ3-C) assumed operational control of worldwide defense 
courier stations and continues to synchronize the defense courier related activities of the 
USTRANSCOM staff. See web site at: «http://www.transcom.mil/dcd/» Note: DCS was previously 
known as the Armed Forces Courier Service (ARFCOS). 


Defense Criminal Investigative Service (DCIS). The criminal investigative arm of the Inspector General 
(IG) of the Department of Defense responsible for investigating: terrorism; technology/munitions theft & 


diversion; cyber crime; substandard/defective products; and fraud, bribery & corruption. (DCIS — see 
website at <http://www.dodig.mil/INV/DCIS/index.html>) 
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Defense Criminal Investigative Organizations (DCIOs). The Defense Criminal Investigative Service, the 
U.S. Army Criminal Investigation Command, the Naval Criminal Investigation Service, and the Air Force 
Office of Special Investigations. (DoDI 5505.7, Titling & Indexing Subjects of Criminal Investigations in 
DoD, 27 Jan 2012) 


Defense Critical Asset (DCA). An asset of such extraordinary importance to operations in peace, crisis, 
and war that its incapacitation or destruction would have a very serious, debilitating effect on the ability 
of the Department of Defense to fulfill its missions. (DoDD 3020.40, DoD Policy and Responsibilities for 
Critical Infrastructure, 14 Jan 2010 w/ chg 2 dated 21 Sep 2012) Also see defense critical infrastructure 
program (DCIP); task critical asset (TCA). 


Defense Critical Infrastructure (DCI). The composite of DoD and non-DoD assets essential to project, 
support, and sustain military forces and operations worldwide. DCI is a combination of task critical assets 
and defense critical assets. (DoDD 3020.40, DoD Policy and Responsibilities for Critical Infrastructure, 
14 Jan 2010 w/ chg 2 dated 21 Sep 2012) Also see defense critical infrastructure program (DCIP). 


-- Also, Department of Defense and non-Department of Defense networked assets and facilities 
essential to project, support, and sustain military forces and operations worldwide. (JP 3-27, Homeland 
Defense, 29 Jul 2013) 


-- Also, DoD and non-DoD cyber and physical assets and associated infrastructure essential to 
project and support military forces worldwide. (DoD Strategy for Homeland Defense & Civil Support) 


Defense Critical Infrastructure Program (DCIP). A DoD risk management program that seeks to ensure 
the availability of DCI [Defense Critical Infrastructure]. (DoDD 3020.40, DoD Policy and Responsibilities 
for Critical Infrastructure, 14 Jan 2010 w/ chg 2 dated 21 Sep 2012) Also see defense critical asset, 
defense critical infrastructure, task critical asset. 


DCIP is an integrated risk management program designed to support DoD mission assurance. 
The purpose of the DCIP is to ensure the availability of Defense Critical Infrastructure in an all- 
threat and all-hazard environment. 


Key DCIP references include: 
-- DoD, Strategy for Defense Critical Infrastructure, March 2008 
-- DoDD 3020.40, DoD Policy & Responsibilities for Critical Infrastructure, 14 Jan 2010 with Chg 2 
-- DoDI 3020.45, DCIP Management, 21 Apr 2008 
-- DoDI 3020. 51, /ntelligence Support to DCIP, 23 Jun 2011 
-- DoDI 5240.19, CI Support to DCIP, 31 Jan 2014 
-- DoD Manual 3020.45-M, Vol 3, DCIP Security Classification Manual, 15 Feb 2011 
-- CJCSI 3209.01, Defense Critical Infrastructure Program, 9 Jan 2012 
-- USSTRATCOM, Strategic Mission Assurance Data System (SMADS) User Manual, Apr 2013 


DCIP is a evolving program, see web site at: <http://dcip.dtic.mil/> 


Defense Cyber Crime Center (DC3). The Defense Computer Forensics Laboratory and the Defense 
Computer Investigations Training Program comprise the Defense Cyber Crime Center. The forensics 
laboratory provides counterintelligence, criminal, and fraud computer-evidence processing, analysis, 
and diagnosis to DoD investigations. The investigations training program provides training in computer 
investigations and computer forensics to DoD investigators and examiners. AFOSI is the DoD executive 
agent for the Center. (DC3 web site) 


DC3 sets standards for digital evidence processing, analysis, and diagnostics for any DoD 
investigation that requires computer forensic support to detect, enhance, or recover digital media, 
including audio and video. The Center assists in criminal, counterintelligence, counterterrorism, 
and fraud investigations of the Defense Criminal Investigative Organizations (DCIOs) and DoD 
counterintelligence activities. It also supports safety investigations and Inspector General and 
commander-directed inquiries. 


108 


Page 3625 of 3957 


Page 3626 of 3957 


Counterintelligence Glossary -- Terms & Definitions of Interest for CI Professionals (9 June 2014) 


DC3 aids in meeting intelligence community document exploitation objectives from a criminal law 
enforcement forensics and counterintelligence perspective. DC3 provides computer investigation 
training to forensic examiners, investigators, system administrators, and any other DoD members 
who must ensure Defense information systems are secure from unauthorized use, criminal and 
fraudulent activities, and foreign intelligence service exploitation. DC3 remains on the leading edge 
of computer technologies and techniques through research, development, testing, and evaluation 
applied to digital evidence processing and computer forensic analysis; and by partnering with 
governmental, academic, and private industry computer security officials. 

-- DC3 web site at <http://www.dc3.mil/dc3/de3About.php> 


Also see DoDD 5505.13E, DoD Executive Agent for DC3, 1 Mar 2010 


Defense HUMINT Enterprise (DHE). The collective of DoD organizations authorized to conduct HUMINT 
and related activities under the centralized management of the DHM [Defense HUMINT Manager]. 
(DoDD S-3325.09, Oversight, Management, and Execution of Defense Clandestine Source Operations, 
9 Jan 2013 w/ chg 1 dated 13 Jun 2013) Also see Defense Clandestine Service. 


-- Also, the collective of DoD organizations authorized to conduct HUMINT and related activities. 
(DoDD S-5200.37, Management & Execution of Defense HUMINT (U), 9 Feb 2009) 


Defense HUMINT Executor. The senior DoD intelligence official as designated by the head of each of the 
DoD components who are authorized to conduct human intelligence and related intelligence activities. 
(JP 1-02 and JP 2-01.2, Cl & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 


Defense HUMINT Manager (DHM). The Director DIA, as designated by the USD(I), is the official 
responsible for the centralized management of the DoD-wide HUMINT Enterprise. (DoDD S-5200.37, 
Management and Execution of Defense HUMINT (U), 9 Feb 2009) 


-- Also, [Dir DIA] serve as the Defense HUMINT Manager (DHM) responsible for centralized 
management of the DoD-wide HUMINT enterprise, which is based on decentralized execution of HUMINT 
operations and related activities. (DoDD 5105.21, DIA, 18 Mar 2008) 


Defense Industrial Base (DIB). The Department of Defense, government, and private sector worldwide 
industrial complex with capabilities to perform research and development, design, produce, and maintain 
military weapon systems, subsystems, components, or parts to meet military requirements. (JP 1-02 and 
JP 3-27, Homeland Defense, 29 Jul 2013) 


DoD is responsible for critical infrastructure protection within the defense industrial base per PDD-21. 
-- PDD-21, Critical Infrastructure Security and Resilience, 12 Feb 2013 


The DIB Sector consists of government and private sector organizations that can support military 
operations directly; perform R&D; design, manufacture, and integrate systems; and maintain depots 
and service military weapon systems, subsystems, components, subcomponents, or parts—all of 
which are intended to satisfy U.S. military national defense requirements. 


The government component of the DIB consists of certain laboratories, special-purpose 
manufacturing facilities, capabilities for production of uniquely military material such as arsenals and 
ammunition plats, and other services. 


The private sector of the DIB consists of hundreds of thousands of independent, competing domestic 
and foreign companies and supply chains, delivering a vast array of products and services to DoD. 
DIB defense-related products and services equip, inform, mobilize, deploy, and sustain U.S. military 
and allied military forces worldwide. The DIB companies also deliver national security products and 
services to other federal agencies. 
-- Defense Industrial Base Sector-Specific Plan: An Annex to the National Infrastructure Protection Plan, 
2010, p. 15 
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Defense Infrastructure Sector (DIS), A virtual association within the DCIP that traverses normal 
organizational boundaries and encompasses defense networks, assets, and associated dependencies 
that perform similar functions within the Department of Defense and are essential to the execution of the 
National Defense Strategy. (DoDD 3020.40, DoD Policy and Responsibilities for Critical Infrastructure, 
14 Jan 2010 w/ chg 2 dated 21 Sep 2012) 


IAW the DoDD 3020.40, the ten (10) defense infrastructure sectors are: 


DIB Sector. The DoD, U.S. Government (USG), and private sector worldwide industrial complex 
with capabilities to perform research, development, and design and to produce and maintain 
military weapon systems, subsystems, components, or parts to meet military requirements. 


Financial Services Sector. The DoD, USG, and private sector worldwide network and its supporting 
infrastructure that meet the financial services needs of the Department of Defense across the range 
of military operations. 


GIG Sector. The globally interconnected, end-to-end set of information capabilities, associated 
processes, and personnel for collecting, processing, storing, disseminating, and managing 
information on demand to warfighters, policy makers, and support personnel. It includes all owned 
and leased communications (commercial telecommunication infrastructure) and computing systems 
and services, software (including applications), data, security services, and other associated 
services necessary to achieve information superiority. It also includes National Security Systems as 
defined in section 11103 of title 40, U.S.C. (Reference (n)). 


Health Affairs Sector. The DoD, USG, and private sector worldwide healthcare network and its 
supporting infrastructure that meet the healthcare needs of DoD personnel across the range of 
military operations. 


Intelligence Sector. Those DoD, USG, and private sector facilities, networks, and systems (assets) 
located worldwide or extra-terrestrially that conduct and support the collection, production, and 
dissemination of intelligence, surveillance, and reconnaissance information essential to the 
execution of the National Military Strategy. These assets encompass human intelligence, 
geospatial intelligence, measurement and signature intelligence, signals intelligence, open-source 
intelligence, and technical intelligence; counterintelligence collection, processing, and exploitation 
means; and all-source analysis and production, including the networks and means over which 
intelligence information is shared, communicated, and/or disseminated. 


Logistics Sector. The DoD, USG, and private sector worldwide facilities, networks, and systems 
that support the provision of supplies and services to U.S. forces. 


Personnel Sector. The DoD, USG, and private sector worldwide network that coordinates and 
supports personnel and human resource functions of DoD personnel. 


Public Works Sector. The DoD, USG, and private sector worldwide network, including the real 
property inventories (environment, land, buildings, and utilities), that manages the support, 
generation, production, and transport of commodities (e.g., electric power, oil and natural gas, 
water and sewer, and emergency services) for and to the Department of Defense. 


Space Sector. The DoD, USG, and private sector worldwide network, including both space- and 
ground-based systems and facilities, that supports launch, operation, maintenance, specialized 
logistics, and control systems for the space assets relied upon by the Department of Defense. 


Transportation Sector. The DoD, USG, and private sector worldwide network that provides military 
lift support (surface, sea, and air) for U.S. military operations. 


Defense Infrastructure Sector Lead Agents (DISLAs). Designated DoD officials and their respective 
defense sector organizations that perform defense infrastructure sector responsibilities. In coordination 
with their respective PSAs [Principal Staff Assistants], the DISLAs characterize their defense 
infrastructure sectors to identify functions, systems, interdependencies, and, ultimately, sector task critical 
assets that support Combatant Command, Military Department, and Defense Agency missions and sector 
functions. (DoDD 3020.40, DoD Policy and Responsibilities for Critical Infrastructure, 14 Jan 2010 w/ chg 
2 dated 21 Sep 2012) 
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Defense Intelligence. Integrated departmental intelligence that covers the broad aspects of national 
policy and national security and that intelligence relating to capabilities, intentions, and activities of foreign 
powers, organizations, or persons, including any foreign military or military-related situation or activity 
which is significant to Defense policy-making or the planning and conduct of military operations and 
activities. Defense intelligence includes Active and Reserve military, strategic, operational, and tactical 
intelligence. (DODD 5143.01, USD/I, 23 Nov 2005) 


Defense Intelligence Agency (DIA). A Department of Defense combat support agency and a member of 
the United States Intelligence Community responsible for providing timely, objective, and cogent military 
intelligence to warfighters, defense planners, and defense and national security policymakers. DIA is a 
major producer and manager of foreign military intelligence. 


DIA is the nation's premier all-source military intelligence organization, providing the most 
authoritative assessments of foreign military intentions and capabilities to U.S. military 
commanders and civilian policymakers. 


DIA's core mission resides in four intelligence competencies: all-source analysis, 
counterintelligence (CI), human intelligence (HUMINT), and measurement and signature 
intelligence (MASINT). 
-- 2012-2017 Defense Intelligence Agency Strategy 
Copy available at: <http://www.dia.mil/about/strategic-plan/201 2-201 7-DIA-Strategic-Plan.pdf> 


Director DIA serves as the Defense HUMINT Manager responsible for centralized management of 
the DoD-wide HUMINT enterprise. 


-- DoDI 5105.21, DIA, 18 Par 2008, para 6.2.1, p.5 
DIA VISION2020 
(IOC 28 Jan 2013) 


VISION2020 [is] a transformational effort within DIA that redesigns and will fundamentally 
reposition the Agency to better address our nation's challenges. [...] 


VISION2020 aims to build a strong intelligence capability that will integrate and operationalize 
intelligence to ensure the security of the United States well into the 21° Century. 


DIA's new center of gravity will be compromise of four Regional Centers (Asia/Pacific, 
Europe/Eurasia, Middle East/Africa, and the Americas) and one Functional Center (Defense 
Combating Terrorism Center DCTC))... 

-- LTG Michael T. Flynn (USA), Director DIA 


Defense Intelligence Analysis Program (DIAP). The DoD intelligence analysis community's resource 
allocation and prioritization program. The DIAP establishes the policies, procedures, responsibilities, 

and levels of analytic effort required to provide timely, objective, and cogent intelligence to warfighters, 
defense planners, and policymakers. (DoDI 5240.18, Cl Analysis & Production, 17 Nov 2009 with change 
1 dated 15 Oct 2013) 


-- Also, a DIA developed intelligence analysis production plan to enhance the ability of defense 
intelligence to focus on critical areas of national security interest, while maintaining a perspective on 
potential emerging threats. (DIA) 


GDIP Directive No. 006, Subject: Defense Intelligence Analysis Program, 31 Oct 2005, establishes 
the policies, procedures, responsibilities, and levels of analytical effort required for Defense 
intelligence to provide timely, objective, and cogent military intelligence to warfighters, defense 
planners, and defense and national security policymakers. Program guidance and roles and 
responsibilities posted on INTELINK at: «http://www.dia.ic.gov/admin/diap/index.htmz. 


DIAP organizations are responsible for proactively producing intelligence on topics for which they 
are assigned responsibility IAW Defense Intelligence Analysis Program Management Guidance, 
24 Feb 2010. DIA's Office of Counterintelligence is responsible for analyzing foreign intelligence 
activities and threats to US Defense and Service interests. 
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Defense Intelligence Components. All DoD organizations that perform national intelligence, Defense 
Intelligence, and intelligence-related functions, including: the Defense Intelligence Agency; the National 
Geospatial-Intelligence Agency; the National Reconnaissance Office; the National Security Agency/ 
Central Security Service; and the intelligence elements of the Active and Reserve component of the 
Military Departments, including the United States Coast Guard when operating as a service in the United 
States Navy. (DoDD 5143.01, USD/I, 23 Nov 2005) 


Defense Intelligence Enterprise. The Enterprise is comprised of intelligence, Cl, and security 
components of the Joint Staff, Combatant Commands, Military Departments, and other Department 
elements, as well as those organizations under the authority, direction, and control of the Under Secretary 
of Defense for Intelligence (USD(I)). (DIA, 2012-2017 Defense Intelligence Agency Strategy) 


Defense Intelligence Operations Coordination Center (DIOCC). [Defense-level entity that] integrates and 
synchronizes military and National Intelligence capabilities. The DIOCC plans, prepares, integrates, 
directs, manages and synchronizes continuous full-spectrum Defense intelligence operations in support 
of Combatant Commands. (CJCSM 3314.01, Intelligence Planning, 28 Feb 2007) Also see Joint 
Intelligence Operations Center (JIOC). 


To be disestablished per SECDEF memo, subj: Track Four Efficient Initiatives Decision, 14 Mar 
2011 (p.43) which directs the disestablishment the DIOCC and the transfer of its functions to the 
Joint Staff. 


Defense Personnel Security Research Center (PERSEREC). A Department of Defense entity dedicated 
to improving the effectiveness, efficiency and fairness of the DoD personnel security system. 


PERSEREC was established in response to a recommendation by the DoD Security Review 
Commission (known as the Stilwell Commission), set up in the wake of the very damaging Walker 
espionage case, to improve DoD's personnel security system. In its 1985 report, the commission 
called for a personnel security research center to provide policymakers with an objective basis for 
policies and processes related to the security clearance system. 


PERSEREC report entitled, Espionage and Other Compromises of National Security: Case 
Summaries from 1975 to 2008 (11 Aug 2009), provides summaries of 141 publicly reported 
espionage related cases. These cases demonstrate that loyal and conscientious employees 
continue to be the target of attempts by agents of foreign intelligence services to recruit them as 
Sources of sensitive defense and intelligence information. 


Also see Changes in Espionage by American: 1947- 2007, PERSEREC Technical Report 08-5 
(March 2008). PERSEREC reports available at: <http:/Awww.dhra.mil/perserec/index.html> 


Defense Security Enterprise (DSE). The organizations, infrastructure, and measures (to include policies, 
processes, procedures, and products) in place to safeguard DoD personnel, information, operations, 
resources, technologies, and facilities against harm, loss, or hostile acts and influences. This system of 
systems comprises personnel, physical, industrial, information, and operations security, as well as SAP 
security policy, critical program information protection policy, and security training. It addresses, as part of 
information security, classified information, including sensitive compartmented information, and controlled 
unclassified information. It aligns with counterintelligence, information assurance, foreign disclosure, 
security cooperation, technology transfer, export control, cyber security, nuclear physical security, 
chemical and biological agent security, antiterrorism, force protection, and mission assurance policy and 
is informed by other security related efforts. (DoDD 5200.43, Management of the Defense Security 
Enterprise, 1 Oct 2012, w/ chg 1 dated 24 Apr 2013) 
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Defense Security Service (DSS). An agency of the Department of Defense (DoD) located in Quantico, 
Virginia with field offices throughout the United States. The Under Secretary of Defense for Intelligence 
provides authority, direction and control over DSS. DSS provides the military services, Defense Agencies, 
24 federal agencies and approximately 13,000 cleared contractor facilities with security support services. 
(DSS Glossary) Also see industrial security; National Industrial Security Program (NISP). 


DSS is the DoD Cognizant Security Office for industrial security, responsible for the DoD portion of 
the National Industrial Security Program (NISP) and, by mutual agreement, other U.S. Government 
departments and agencies; provides security education & training products and services; 
administers the industrial portion of the DoD Personnel Security Program (PSP); provides 
authorized counterintelligence services; and also supports DoD efforts to improve security 
programs and processes. 

— DoDD 5105.42, Defense Security Service, 3 Aug 2010 (w/ chg 1 dated 31 Mar 2011) 


On behalf of the Department of Defense and other U.S. Government Departments and Agencies, 
the DSS supports national security and the warfighter through our security oversight and education 
missions. DSS oversees the protection of U.S. and foreign classified information and technologies 
in the hands of industry under the National Industrial Security Program (NISP). 

The NISP applies to all Executive Branch Departments and Agencies and to all cleared contractor 
facilities located within the United States (Para 1-102, NISPOM). 


DSS elements include: 


The Center for Development of Security Excellence (CDSE) is located in Linthicum, Md., and 
provides security education and training to DoD security professionals through formal classroom 
and distributed learning methodologies (i.e., computer-based, web-based and tele-training). 


The Defense Industrial Security Clearance Office (DISCO), located in Fort Meade, Md., processes 
requests for industrial personnel security investigations and provides eligibility or clearance 
determinations for cleared industry personnel under the NISP. 


See DSS web site at: «http:;//www.dss.mil/ > ^ (SIPRNet at <https://www.dss.smil.mil>) 


DSS has organic counterintelligence support. The DSS CI Directorate's mission is to identify 
unlawful penetrators of cleared U.S. defense industry and articulate the threat for industry and U.S. 
government leaders. 


The CI Directorate's premier publication, Targeting U.S. Technologies: A Trend Analysis of 
Reporting from Defense Industry, analyzes suspicious contact reports (SCRs) from across the DIB 
describing suspicious foreign activity targeting U.S. personnel, technologies, and export-controlled 
products. This publication is available in both an unclassified and classified version. See DSS CI 
web page at: <http://www.dss.mil/isp/count_intell/index.html> 


Timelines — 

Jan 1972 -the Defense Investigative Service (DIS)—predecessor to DSS—established to 
consolidate DoD personnel security investigations (PSIs) 

May 1993 — DIS established a counterintelligence office 

Nov 1997 — DIS redesignated as the Defense Security Service (DSS) to reflect the agency's 
broader mission and functions, including industrial security, personnel security, 
security education and training missions. 

Feb 2005 — DSS's personnel security investigations functions transferred to the Office of 
Personnel Management (OPM) 

Dec 2007 — Director DSS named the functional manger for DoD security training 


Defense Technology Base. All aspects of basic research plus those portions of applied research and 
technology development devoted to military systems in the generic sense. Prototyping and test and 
evaluation of specific technology enabled capabilities to prove the feasibility of a concept are also 
included. Development and engineering for specific military systems are NOT part of the defense 
technology base. (DoDI 3100.08, The Technical Cooperation Program (TTCP), 7 Aug 2012) 
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Defense Unknown Subject Team (DUST). DoD's Enterprise-level focal point and action center to resolve 
CI leads in which the subject's identity and/or specific affiliation with the DoD is not evident. (DoD FCIP 
Strategy FY 2013-2017) Also see Unknown Subject; Unknown Subject Lead. 


- Also, [DoD element that] serves as the DoD focal point to resolve CI leads in which the subject's 
identity and specific affiliation with DoD is not evident. 


DoD Components will report unknown subject leads to the DUST in accordance with DoD 
Instruction 5240.26, Countering Espionage, International Terrorism, and the Counterintelligence 
Insider Threat (Enclosure 3, paragraph 1) 


Defensive Counterintelligence Activities. Those counterintelligence activities designed to protect... 
personnel, operations, technology, and information against collection or exploitation by a foreign 
intelligence service, as contrasted with offensive counterintelligence activities, which are designed to 
attack the intelligence services of foreign adversaries by penetrating, collaborating, or conspiring with 
them to achieve that purpose. (AR 381-20, Army CI Program, 25 May 2010) 


Defensive Cyberspace Operations (DCO). Passive and active cyberspace operations intended to 
preserve the ability to utilize friendly cyberspace capabilities and protect data, networks, net-centric 
capabilities, and other designated systems. (JP 1-02 and JP 3-12, Cyberspace Operations, 5 Fen 2013) 


Defensive Travel Security Briefing. Formal advisories that alert traveling personnel of the potential for 
harassment, exploitation, provocation, capture, entrapment, or criminal activity. These briefings, based 
upon actual experience when available, include recommended courses of action to mitigate adverse 
security and personal consequences. The briefings also suggest passive and active measures that 
personnel should take to avoid becoming targets or inadvertent victims in hazardous areas. (DSS 
Glossary) 


Deliberate Compromise. The act, attempt, or contemplation of intentionally conveying classified 
documents, information, or material to any unauthorized person, including public disclosure, or the 
intentional misuse or mishandling of classified information, (AR 381-20, Army Cl Program, 25 May 2010) 


Delimitations Agreement. Common term for the DoD/Department of Justice Agreement Governing the 
Conduct of Defense Department Counterintelligence Activities in Conjunction with the Federal Bureau of 
Investigation. (AR 381-20, Army Cl Program, 25 May 2010) 


Demarche. An official protest delivered through diplomatic channels from one government to another. 
(Words of Intelligence, 2"? Edition, 20110 


Denial. Measures taken to block, prevent, or impair US intelligence collection. (Foreign Denial & 
Deception Committee, 30 Mar 2006) 


-- Also, the attempt to block information that could be used by an opponent to learn some truth. 
(Roy Godson and James J. Wirtz, "Strategic Denial and Deception," in Strategic Denial and Deception: 
The 21*' Century Challenge, eds. Roy Godson and James J. Wirtz, 2002) Also see deception. 

- Also, methods used to conceal state and military secrets particularly from foreign 


intelligence collections. (Joseph W. Caddell; Deception 101 — A Primer on Deception, Strategic 
Studies Institute, US Army War College, 2004) 
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-- Also, activities and programs designed to eliminate, impair, degrade, or neutralize the effectiveness 
of intelligence collection within and across any or all collection disciplines, human and technical. 
(Dr. James B. Bruce, "Denial and Deception in the 21st Century: Adaptation Implications for Western 
Intelligence," in Defense Intelligence Journal, Vol 15, No 2, 2006; pp 13-27) 


Denial and Deception — equal parts art and science 


Keeping secrets and negating access conceals the truth from an opponent's acquisition. Denial 
hides the real and deception portrays the fake. 


For additional information see Joint Pub 3-13.4, Military Deception, 13 Jul 2006 
Denial of intelligence collection is a significant impediment to successful analysis 


Denied Area. An area under enemy or unfriendly control in which friendly forces cannot expect to operate 
successfully within existing operational constraints and force capabilities. (JP 1-02 and JP 3-05, Special 
Operations, 18 Apr 2011) 


-- Also, a country with which the US has no official or formal diplomatic relations, or a country in which 
the capabilities and focus of the local Cl services create an operating environment so hostile as to require 
non-traditional tradecraft of the highest order. (National HUMINT Glossary) 


Denied Area Tradecraft. The specialized clandestine methodology used in handling agents in particularly 
difficult and hostile environments. (James M. Olson, Fair Play: The Moral Dilemmas of Spying, 2006) 


Departmental Intelligence. Intelligence that any department or agency of the Federal Government 
requires to execute its own mission. (JP 1-02) 


Department of Defense Components. The Office of the Secretary of Defense, the Military Departments, 
the Chairman of the Joint Chiefs of Staff and the Joint Staff, the combatant commands, the Office of the 
Inspector General of the Department of Defense, the Department of Defense agencies, Department of 
Defense field activities, and all other organizational entities in the Department of Defense. (JP 1, Doctrine 
for the Armed Forces of the United States, 25 Mar 2013) 


Department of Defense Intelligence Information System (DoDIIS). The combination of Department of 
Defense personnel, procedures, equipment, computer programs, and supporting communications that 
support the timely and comprehensive preparation and presentation of intelligence and information to 
military commanders and national-level decision makers. (JP 2-0, Joint Intelligence, 22 Oct 2013) 


-- Also, a DIA-led enterprise that manages the intelligence information technology activities of and 
provides intelligence technology to the Department of Defense, the combatant commands, and other 
national security entities. (National Intelligence: A Consumer's Guide - 2009) 


Department of State / Bureau of Diplomatic Security (DS). The security and law enforcement arm of the 
U.S. Department of State. DS is responsible for providing a safe and secure environment for the conduct 
of U.S. foreign policy; it is involved in international investigations, threat analysis, cyber security, 
counterterrorism, security technology, and protection of people, property, and information. 
(www.state.gov) Also see Hegional Security Officer. 


Every diplomatic mission in the world operates under a security program designed and maintained 
by DS. In the United States, diplomatic security personnel protect the Secretary of State and high- 
ranking foreign dignitaries and officials visiting the United States, investigates passport and visa 
fraud, and conducts personnel security investigations. Operating from a global platform in 25 U.S. 
cities and 159 foreign countries, diplomatic security ensures that America can conduct diplomacy 
safely and securely. DS plays a vital role in protecting U.S. embassies and personnel overseas, 
securing critical information systems, investigating passport and visa fraud, and fighting the war 
on terror. 


-- Department of State website: <http://state.gov/m/ds/index.htm> 
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Department of State / Bureau of Intelligence and Research (INR). State's intelligence component that 
provides analysis of global developments to the State Department and contributes its unique perspectives 
to the community's National Intelligence Estimates. (WMD Report, 31 Mar 2005) 


For additional information: «http://www.state.gov/s/inr/ > 


Department of Homeland Security (DHS) / Directorate of Information Analysis and Infrastructure 
Protection. Monitors, assesses, and integrates terrorist-related information; and assesses and addresses 
the vulnerabilities of the nation's critical infrastructure. (WMD Report, 31 Mar 2005) 


Department of Treasury / Office of Terrorism and Financial Intelligence. Treasury's intelligence 
component that collects and processes information that bears on U.S. fiscal and monetary policy and 
threats to U.S. financial intuitions. (WMD Report, 31 Mar 2005) 


Dependency. [In critical infrastructure protection usage] a relationship or connection in which one entity 
is influenced or controlled by another entity. (DoDD 3020.40, DoD Policy and Responsibilities for Critical 
Infrastructure, 14 Jan 2010 w/ chg 2 dated 21 Sep 2012) 


Derogatory Information. Issue information that adversely reflects on a person's loyalty, reliability and 
trustworthiness. (IC Standard 700-1, 4 Apr 2008) 


Desired Perception. In military deception, what the deception target must believe for it to make the 
decision that will achieve the deception objective. (JP 1-02 and JP 3-13.4, Military Deception, 13 Jul 
2006) 


Detainee. A term used for any person captured or otherwise detained by an armed force. (JP 1-02) 


Within DoD, detainee includes any person captured, detained, or otherwise under the control of 
DoD personnel (military, civilian, or contract employee). It does not include persons being held 
primarily for law enforcement purposes except where the United States is the occupying power. 
As a matter of policy, all detainees will be treated as EPWs until some other legal status is 
determined by competent authority. 


For additional information see JP 3-63, Detainee Operations, 30 May 2008. 


Detection. 1) In tactical operations, the perception of an object of possible military interest but 
unconfirmed by recognition; 2) In surveillance, the determination and transmission by a surveillance 
System that an event has occurred; 3) In arms control, the first step in the process of ascertaining the 
occurrence of a violation of an arms control agreement; and 4) In chemical, biological, radiological, and 
nuclear environments, the act of locating chemical, biological, radiological, and nuclear hazards by use 
of chemical, biological, radiological, and nuclear detectors or monitoring and/or survey teams. (JP 1-02) 


Deterrence. The prevention from action by fear of the consequences. Deterrence is a state of mind 
brought about by the existence of a credible threat of unacceptable counteraction. (JP 1-02) 


Devil's Advocacy. Challenging a single, strongly held view or consensus by building the best possible 
case for an alternative explanation. (CIA, A Tradecraft Primer: Structured Analytical Techniques for 
Improving Intelligence Analysis, June 2005) 


Devil's Advocacy is most effective when used to challenge an analytical consensus or key 
assumption regarding a critically important intelligence question. 


DIAP. Also see Defense Intelligence Analysis Program (DIAP). 
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Digital and Multimedia (D/MM) Forensics. The application of computer science and investigative 
procedures involving the examination of D/MM material. D/MM forensics is derived from a combination 


of definitions as it applies across the spectrum of computer forensics, audio forensics, image analysis, 
and video analysis. Also see digital evidence, digital forensics, and forensic science. 


D/MM forensic sub-disciplines include: 


Computer and Electronic Device Forensics. The scientific examination, analysis, and/or 
evaluation of digital and electronic materials. 


Audio Forensics. The scientific examination, analysis, comparison, and/or evaluation of audio. 


Image Analysis. The application of image science and domain expertise to examine and interpret 
the content of an image and/or the image itself. 


Video Analysis. The scientific examination, comparison, and/or evaluation of video. 


Digital Evidence. Information of probative value stored or transmitted in binary form. (DoDD 5505.13E, 
DoD Executive Agent for the DoD Cyber Crime Center, 1 Mar 2010) 


-- Also, information stored or transmitted in binary form that may be introduced and relied upon in 
court. (DoJ, Electronic Crime Scene Investigation, 2” Edition: A Guide for First Responders, Apr 2008) 


Digital evidence is information and data of value to an investigation that is stored on, received, or 
transmitted by an electronic device. This evidence is acquired when data or electronic devices are 
seized and secured for examination. Digital evidence: 

- Is latent, like fingerprints or DNA evidence. 

- Crosses jurisdictional borders quickly and easily. 

- ls easily altered, damaged, or destroyed. 

- Can be time sensitive. 

-- Electronic Crime Scene Investigation, 2" Edition, April 2008. 
Available online at: www.ncjrs.gov/pdffiles1/nij/219941.pdf 


Also see United States Secret Service, Best Practices for Seizing Electronic Evidence v.3, A 
Pocket Guide for First Responders 


Digital Forensics. In its strictest connotation, the application of computer science and investigative 
procedures involving the examination of digital evidence - following proper search authority, chain of 
custody, validation with mathematics, use of validated tools, repeatability, reporting, and possibly expert 
testimony. Beyond traditional legal purposes, the same techniques, scientific rigor, and procedural 
precision now support the range of military operations and courses of action, e.g., computer network 
operations as well as Cl objectives. (DoDD 5505.13E, DoD Executive Agent for the DoD Cyber Crime 
Center, 1 Mar 2010) Also see digital & multimedia forensics, digital evidence, and forensic science. 


-- Also, the application of science to the identification, collection, examination, and analysis of data 
while preserving the integrity of the information and maintaining a strict chain of custody for the data. 
(NIST, Glossary of Key Information Security Terms, May 2013) 

Digital Tradecraft. The conduct, topics, or techniques of modern espionage or Cl that employ digital or 
cyber means. (DoDI S-5240.23, Cl Activities in Cyberspace, 13 Dec 2010 with change 1 dated 16 Oct 
2013) 


-- Also, digital or cyber tactics, techniques, and procedures designed to obscure or frustrate 
observation by hostile or unfriendly entities. (DoDI S-3325.10, [FOUO title], 6 Jun 2013) 


Digraph and/or Trigraph. A two and/or three-letter acronym for the assigned Codeword or nickname. 
(DoD 5220.22.22-M-Sup 1, NISPOM Supplement, Feb 1995) 
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Diplomatic and/or Consular Facility. Any Foreign Service establishment maintained by the US 
Department of State abroad. It may be designated a "mission" or "consular office," or given a special 
designation for particular purposes, such as "United States Liaison Office." A "mission" is designated as 
an embassy and is maintained in order to conduct normal continuing diplomatic relations between the US 
Government and other governments. A "consular office" is any consulate general or consulate that may 
participate in most foreign affairs activities, and varies in size and scope. (JP 1-02) 


Diplomatic Establishment. A mission, consulate, embassy, residential compound, or other premises 
owned or leased and used by a government for official purposes. (Words of Intelligence, 2™ Edition, 
2011) 


Diplomatic Immunity. A status wherein diplomatic officers accredited to a foreign government as 
ambassadors, or other public ministers, are immune from the jurisdiction of all courts and tribunals of the 
receiving states whether criminal or civil. The status of diplomatic immunity protects the bearer from 
prosecution, civil suit, punishment, or compelled testimony in the country to which he or she is accredited. 
(Words of Intelligence, 2° Edition, 2011) 


Diplomatic Security. The set of measures enacted to ensure that the diplomatic representatives of a 
nation-state, kingdom, or other political entity are able to conduct that entity's foreign affairs in a 
confidential, safe manner. (US State Department) See Department of State / Bureau of Diplomatic 
Security. 


Security is a basic function of diplomacy, and specific components of diplomatic security include 
preserving the confidentiality of diplomatic documents and communications, protecting diplomatic 
personnel, ensuring the integrity of diplomatic personnel through background investigations, and 
safeguarding diplomatic posts overseas and diplomatic facilities at home. 


-- History of the Bureau of Diplomatic Security of the United States Department of State (October 2011) 
Copy at <http://www.state.gov/m/ds/rls/rpt/c47602.htm> 


Direct Access. Descriptor used for sources with firsthand access to the information provided. 
(DoDI S-5200.42, Defense HUMINT and Related Intelligence Activities (U), 8 Dec 2009) Also see 
indirect access. 


Direct Liaison Authorized (DIRLAUTH). That authority granted by a commander (any level) to a 
subordinate to directly consult or coordinate an action with a command or agency within or outside of 
the granting command. (JP 1, Doctrine for the Armed Forces of the United States, 25 Mar 2013) 


Direct Support (DS). A mission requiring a force to support another specific force and authorizing it to 
answer directly to the supported force's request for assistance. (JP 1-02) 


Direction Finding (DF). A procedure for obtaining bearings of radio frequency emitters by using a 
highly directional antenna and a display unit on an intercept receiver or ancillary equipment. (JP 1-02) 


Director Defense Intelligence Agency (Dir DIA). Advises the Secretary of Defense, the Chairman of the 
Joint Chiefs of Staff, and the Combatant Commanders on all matters concerning all-source Defense 
Intelligence. 


Director DIA serves as the Defense Counterintelligence Manager [emphasis added], the 
Defense HUMINT Manager, the Defense Collection Manager..., and the Commander of the Joint 


Functional Component Command-Intelligence, Surveillance, and Reconnaissance (JFCC-ISR). 
See DoDD 5105.21, DIA, 18 Mar 2002. 
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Director of National Intelligence (DNI). Serves as the principal adviser to the President, the National 
Security Council, and the Homeland Security Council for intelligence matters related to the national 
security; oversees the 16 federal organizations that make up the intelligence community (IC); and 
manages the implementation of the National Intelligence Program (NIP). (IRTPA 2004) 


Office of the Director of National Intelligence (ODNI) is charged with: 1) integrating the domestic 
and foreign dimensions of US intelligence so that there are no gaps in our understanding of threats 
to our national security; 2) bringing more depth and accuracy to intelligence analysis; and 3) 
ensuring that US intelligence resources generate future capabilities as well as present results. 


DNI created by Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA) in December 
2004. The Office of the Director of National Intelligence (ODNI) began operations in April 2005. 
It was created to drive strategic integration, ensure better coordination, and provide oversight & 
governance of the Intelligence Community (IC). 


-- See ODNI Fact Sheet (Oct 201 1): <http://www.dni.gov/files/documents/ODNI%20Fact%20Sheet_2011.pdf> 
Dirty Bomb. An explosive-driven radiological dispersal device. 


See NRC fact sheet, “Dirty Bombs,” May 2007(accessed 27 June 201 1); available on line at: 
<http://www.nrc.gov/reading-rm/doc-collections/fact-sheets/dirty-bombs-bg.pdf> 


Also see Congressional Research Service (CRS) report R41890, “Dirty Bombs”: Technical 
Background, Attack Prevention and Response, Issues for Congress,” 24 June 2011. 


Disaffected Person. A person who is alienated or estranged from those in authority or lacks loyalty to the 
government; a state of mind. (JP 1-02) 


Discards. [S]pies supposedly deliberately sacrificed to distract a counterintelligence investigation away 
from a better target. This is a controversial strategy about which there remains much debate within the 
intelligence community... (Historical Dictionary of Cold War Counterintelligence, 2007) 


Discovery. Part of the pre-trial litigation process during which each party requests relevant information 
and documents from the other side in an attempt to "discover" pertinent facts. Generally discovery 
devices include depositions, interrogatories, requests for admissions, document production requests and 
requests for inspection. («http://www.lectlaw.com/def/d058.htm»; accessed 18 Sep 2012) 


Discoverability. Discoverability means users can “discover” selected values (e.g., who, what, where, 
when), but cannot gain access to the underlying information until the user requesting access is authorized 
and authenticated. (Markle Task Force, 1 Sep 2009) 


Discoverability is the first step in an effective system for information sharing, offering users the 
ability to “discover” data that exists elsewhere. Discoverability means users can “discover” selected 
values (e.g., who, what, where, when), but cannot gain access to the underlying information until 
the user requesting access is authorized and authenticated. In many ways, knowing where relevant 
information can be found or who has the information is the essential first step towards information 
sharing as this makes collaboration and analysis possible. A system of discoverability also avoids 
the bulk transfers of data required in large centralized databases, improving security and 
minimizing privacy risks. 


See: <http://www.markle.org/sites/default/files/MTFBrief_Discoverability.pdf> 


Disguise. Concealment or misrepresentation of the physical characteristics or true nature or identity of 
a person or object. (CIA in D&D Lexicon, 1 May 2002) 


Disinformation. Carefully contrived misinformation prepared by an intelligence or CI service for the 
purpose of misleading, deluding, disrupting, or undermining confidence in individuals, organizations, 
or governments. (CI Community Lexicon) 
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Dissemination. The timely distribution of intelligence products (oral, written, or graphic form) to 
departmental and agency intelligence Consumer's is a suitable format. (Cl Community Glossary) 


-- Also, the timely conveyance of intelligence in suitable form to customers. (ICS Glossary) 


Dissemination and Integration. In intelligence usage, the delivery of intelligence to users in a suitable 
form and the application of the intelligence to appropriate missions, tasks, and functions. Also see 
intelligence process. (JP 1-02 and JP 2-01, Joint and National Intelligence Support to Military Operations, 
5 Jan 2012) 


Divided Loyalties. Broadly defined, individuals with intellectual or emotional commitments to another 
country through cultural affinity. (PERSEREC Technical Report 02-5, Espionage Against the United 
States by American Citizens 1947-2001, July 2002) Also see ideology, MICE. 


DNA. The abbreviation for deoxyribonucleic acid, which is the genetic material present in the cells of all 
living organisms. DNA is the fundamental building block for an individual's entire genetic makeup. 
(www.ojp.usdoj.gov; accessed 29 Apr 2013) 


A person's DNA is the same in every cell (with a nucleus). DNA is contained in blood, semen, skin 
cells, tissue, organs, muscle, brain cells, bone, teeth, hair, saliva, mucus, perspiration, fingernails, 
urine, feces, etc. 


Document and Media Exploitation (DOMEX). The processing, translation, analysis, and dissemination 

of collected hard copy documents and electronic media, which are under U.S. Government's physical 
control and are not publicly available; excludes: handling of documents and media during collection, initial 
review, and inventory process; and documents and media withheld from the IC DOMEX dissemination 
system in accordance with DNI-sanctioned agreements and policies to protect sources and methods. 
(ICD 302, Document and Media Exploitation, 6 Jul 2007) Also see Document Exploitation (DOCEX), 
Harmony, and National Media Exploitation Center (NMEC). 


-- Also, the processing, translation, analysis, and dissemination of collected hard-copy documents 
and electronic media that are under U.S. Government physical control and are not publicly available. In 
the Department of Defense this includes the handling of documents and media during their collection, 
initial review, inventory, and input to a database. (DoDD 3300.03, DoD DOMEX, 11 Jan 2011) 


-- Also, the handling and exploitation of documents and/or media for intelligence purposes. (HDI 
Lexicon, April 2008) 


The National Media Exploitation Center (NMEC) is responsible for ensuring the rapid collection, 
processing, exploitation, dissemination and sharing of all acquired and seized media throughout 
the intelligence, counterintelligence, military and law enforcement communities. See ICD 302, 
copy available online at <http:/Awww.fas.org/irp/dni/icd/icd-302.pdf> 


Director DIA is the IC Executive Agent for NMEC (DoDD 3300.03, DoD DOMEX, 11 Jan 2011) 
Document Exploitation (DOCEX). The systematic extraction of information from all media formats is 
response to collection requirements. (Term previously defined in Army FM 2-0, Intelligence, May 2004) 
Also see Document and Media Exploitation (DOMEX); Harmony; and NMEC. 


Doctrine. Fundamental principles by which the military forces or elements thereof guide their actions in 
support of national objectives. It is authoritative but requires judgment in application. (JP 1-02) 


“Doctrine evolves from theory and concepts based on values, beliefs, historical perspective, 
experience, and research.” 
-- AR 600-100, Army Leadership, 8 Mar 2007 
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-- Also, Joint Doctrine: fundamental principles that guide the employment of US military forces in 
coordinated action toward a common objective. Joint doctrine contained in joint publications also 
includes terms, tactics, techniques, and procedures. It is authoritative but requires judgment in 
application. (JP 1-02) 


DoD Cl Campaign (previously referred to as “DoD CI Strategic Campaign). See the FOUO definition in 
O-DoDD 5240.02, Counterintelligence, 20 Dec 2007, with change 1 dated 30 Dec 2010; available on 
SIPRNet at <http://www.dtic.smil.mil/whs/directives/corres/pdf/524002p.pdf> 


DoD Cl Campaigns drive and shape Defense Cl engagement against critical foreign intelligence 
threats globally to achieve strategic outcomes; these Cl Campaigns are managed by DIA’s Office 
of Counterintelligence (OCI-1). 


DoD Criminal Investigative Organizations. The term refers collectively to the United States Army Criminal 
Investigation Command, Naval Criminal Investigative Service, U.S. Air Force Office of Special 
Investigations, and Defense Criminal Investigative Service, Office of the IG DoD. (DoDD 5525.07) 


DoD Functional Manager for Security Training. Director Defense Security Service (DSS). 


DoD Law Enforcement Organizations. Organizations, agencies, entities, and offices of the Military 
Departments and Defense Agencies and the DoD Inspector General that perform a law enforcement 
function for those departments and agencies and are manned by DoD LEOs [Law Enforcement Officers]. 
(DoDI 2000.26, Suspicious Activity Reporting, 1 Nov 2011) 


DoD Personnel Travel Clearance. Travel clearance for DoD and DoD-sponsored personnel performing 
official temporary travel abroad. The three types of clearance are country clearance, theater clearance, 
and special area clearance. (DoDD 4500.54E, DoD Foreign Clearance Program, 28 Dec 2009) 


DoD Strategic Cl Campaign. See FOUO definition in O-DoDD 5240.02, Cl, 20 Dec 2007. 


DoD Unknown Subject. The subject of a DoD Cl investigation whose identity has not been determined. 
(DoDI 5240.04, Cl Investigations, 2 February 2009 with change 1 dated 15 Oct 2013) Also see Defense 
Unknown Subject Team; Unknown Subject. 


An “unknown subject” is commonly referred to as an “UNSUB.” 


DIA’s Office of Counterintelligence (OCI-2) serves as the focal point and central repository for DoD 
unknown subject Cl leads, reports and information. 


Domestic Activities. Activities within the United States that do not involve a significant connection with 
a foreign power, organization, or person. (AR 381-20, Army Cl Program. 25 May 2010) 


Domestic Intelligence. Intelligence relating to activities or conditions within the United States that 
threaten internal security and that might require the employment of troops; and intelligence relating to 
activities of individuals or agencies potentially or actually dangerous to the security of the Department 

of Defense. (JP 1-02 and JP 3-08, Interorganizational Coordination During Joint Operations, 24 Jun 201 1) 


Domestic Terrorism. Terrorism perpetrated by the citizens of one country against persons in that country. 
This includes acts against citizens of a second country when they are in the host country, and not the 
principal or intended target. (DoDI 2000.12, DoD Antiterrorism Program, 1 Mar 2012 with change 1 dated 
9 Sep 2013) 

-- Also, Americans attacking Americans based on U.S.-based extremist ideologies. (FBI) 

-- Also, domestic terrorists: people who commit crimes within the homeland and draw inspiration from 


U.S.-based extremist ideologies and movements. (CRS Report R42536, The Domestic Terrorist Threat: 
Background and Issues for Congress, 15 May 2012) 
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One particularly insidious concern that touches all forms of domestic extremism is the lone 
offender—a single individual driven to hateful attacks based on a particular set of beliefs without a 
larger group's knowledge or support. In some cases, these lone offenders may have tried to join a 
group but were kicked out for being too radical or simply left the group because they felt it wasn't 
extreme or violent enough. We believe most domestic attacks are carried out by lone offenders to 
promote their own grievances and agendas. 

-- FBI at «http://www.fbi.gov/news/stories/2009/september/domterror 090709» (accessed 18 Dec 2012) 


The Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) do not officially list 
domestic terrorist organizations, but they have openly delineated domestic terrorist "threats." These 
include individuals who commit crimes in the name of ideologies supporting animal rights, 
environmental rights, anarchism, white supremacy, anti-government ideals, black separatism, and 
anti-abortion beliefs. 

-- CRS Report R42536, The Domestic Terrorist Threat: Background and Issues for Congress, 15 May 2012 


Dossier. A file consisting of information concerning an individual. (National HUMINT Glossary) 
Double Agent. Agent in contact with two opposing intelligence services, only one of which is aware of the 


double contact or quasi-intelligence services. (JP 1-02 and JP 2-01.2, CI & HUMINT in Joint Operations, 
16 Mar 2011 w/ chg 1 dated 26 Aug 2011) Also see dangle; dangle operation; provocation. 


No term is more misused by amateurs and greenhorns than "double agent." 
-- William R. Johnson, Former Army Intelligence and CIA 


In its simplest form, a double agent works for two intelligence services 
at the same time, with only one of the services understanding this. 
-- Stuart A. Herrington, Traitors Among Us: Inside the Spy Catcher's World (1999), p. 132 


The double agent is the most characteristic tool of 
counterespionage operations, and he comes in many guises. 
-- Allan W. Dulles, The Craft of Intelligence (2006), p. 123 


The first purpose of any double agent program is to engage the enemy. ...The basic use of double 
agents is to keep contact with the enemy. What you use that contact for depends on the state of 
your CI program at any moment. But without contact, there isn't much you can do. 


A double agent operation is a channel in which information moves in both directions. On each end 
of the channel is an intelligence or counterintelligence service. The intelligence service seeks to 
ensure that the flow of material through the channel is beneficial to itself. The CI service seeks to 
ensure that the flow of material is detrimental to its opponent. 

-- William R. Johnson (Former CIA Officer) 


The caviar of the intelligence business. 
-- James M. Olson, Former Chief of CIA Counterintelligence 


N | / The use of double agents... a time- 
honored method both of deception 


THE DOUBLE-CROSS SYSTEM 


d cand of counterespionage. 


The Double-Cross System in the War of 1939 to 1945 
by J.C, Masterman, Yale University Press (1972) 
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- Also, an agent who is cooperating with an intelligence service of one government on behalf of and 
under the control of an intelligence or security service of another government, and is manipulated by one 
to the detriment of the other. (Glossary of Intelligence Terms and Definitions, IC Staff, 1978) 


- Also, a person pretending to work as a spy for one government while actually working as [an asset] 
for another government. (WMD Report, 31 Mar 2005) 


-- Also, an agent working for two opposing agencies; he is loyal to one while betraying the other. 
(TOP SECRET: The Dictionary of Espionage and Intelligence, 2005) 


-- Also, double agents — individuals under the control of one intelligence agency who offer their 
services to an opposing intelligence agency. (“Double Agent Operations,” Espionage, Naval Investigative 
Service Command; nd, circa 1989) 


-- Also, a clandestine operative who works for two opposing espionage organizations but who is loyal 
to one of the organizations and betrays the other. (Encyclopedia of the CIA, 2003) 


-- Also, a person who engages in clandestine activity for two intelligence or security services (or more 
in joint operations), who provides information about one or about each to the other, and who wittingly 
withholds significant information from one on the instructions of the other or is unwittingly manipulated by 
one so that significant facts are withheld from the adversary. (John P. Dimmer - 1962; see below) 


A World of Stratagems 


"To tackle enemy espionage (whoever the enemy may turn out to be) it is therefore of paramount 
importance to keep a firm hold on the enemy's own system of agents and informers. Knowledge of 
his methods, knowledge of his intentions, and knowledge of the personnel of his organization are 
all vitally necessary. Surely all these objects are the best attained by the maintenance of double 
agents! The confession of faith is consequently a simple one. It amounts to this: that in peace as 
well as in war a carefully cultivated double agent system is the safest and surest weapon of 
counterespionage [emphasis added], and the one most easily adaptable to changing conditions, 
changing problems, and even changing enemies." 


-- J.C. Masterman, The Double-Cross System (1972) 


The term "double agents" as used during OSS operations in WWII:  *...captured agents who would 
be persuaded to continue their activities for the enemy, ostensibly in good faith but acting at the 
direction of X-2 [OSS Counterintelligence]...." Also "the case of an agent recruited by X-2 [OSS 
CI] and infiltrated into enemy territory to induce the enemy to employ him as an agent and return 
him to Allied territory." 

-- Kermit Roosevelt, War Report of the OSS (1976) 


"The fact that doubles have an agent relationship with both sides distinguishes them from 
penetrations, who normally are placed with the target service in a staff or officer capacity.... The 
double agent is one of the most demanding and complex counterintelligence activities in which an 
intelligence service can engage. Directing even one double agent is a time-consuming and tricky 
undertaking that should be attempted only by a service having both competence and 
sophistication." 

-- John P. Dimmer, CIA (1962) 


"One side has a agent whom it deliberately tries to work in as an agent on the other side, of course 
without the other knowing anything about it... the most advanced and dangerous kind of work an 
agent can do, both for the agent himself and for the two parties." 


-- Colonel Stig Erik Constans Wennerstróm, Swedish Air Force 
Spy for the GRU -- convicted of treason in 1964 


Note: For a full account of the Wennerstróm affair see An Agent in Place by Thomas 
Whiteside (1966), republished in 1983 in Ballantine Intelligence Library 
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Double Agents "can serve as excellent channels through which misleading information can flow 
to the enemy. So double agents serve both as collectors of positive intelligence and channels for 
deception." 

-- Church Committee (Senate Report 94-755 , 26 April 1976) 


A condoned channel of communication with the enemy 


For additional open source information regarding double agents see: 


William R. Johnson, Thwarting Enemies at Home and Abroad: How to Be a Counterintelligence 
Officer, Georgetown University Press (2009); pp. 91-153. 


Federal Government Security Clearance Programs, Report # 99-166, Hearings before the 
Permanent Subcommittee on Investigations of the Committee on Governmental Affairs, US Senate, 
April 1985, specifically testimony on pp. 63-103 regarding two Army CI controlled double agent 
operations: 1) Chief Warrant Officer Jamos Szmolka against the Hungarian Intelligence Service in 
1977-1981; and 2) Sergeant "Smith" against the KGB for over 10 years starting in the early 1970's. 


"Double Agent Operations," Espionage, Naval Investigative Service Command (nd, circa 1989); 
pp. 24-33. 


John P. Dimmer (aka F.M. Begum), "Observations on the Double Agent," Studies in Intelligence, 
V6: 11, pp 57-72 (1962); declassified, originally classified Secret. Available online at: 
<https://www.cia.gov/library/center-for-the-study-of-intelligence/kent-csi/vol6no1/html/vO6i1a05p_0001.htm> 


J.C. Masterman, The Double-Cross System (1972). Double agent operations against the Germans 
in World War II. Nazi agents in Britain were captured or turned themselves in and were then used 
by the British to broadcast mainly disinformation to their Nazi controllers. 


John Barron, Operation Solo: The FBI's Man in the Kremlin (1996). Operation Solo tells the 
remarkable and true story of FBI run double agent Morris Childs, code named "Agent 58", who, for 
twenty-seven years, provided the FBI with the Kremlin's innermost secrets during fifty-two 
clandestine missions to the Soviet Union, China, and Eastern Europe. 


David Wise, Cassidy’s Run (2000). True-life story of US Army Sgt. Joseph Cassidy who 
successfully pretended to be a traitor to his country. In the eyes of his Soviet handlers, he was a 
mole planted deep inside DoD. This US Army/FBI double agent operation — code named 
Operation SHOCKER -- flushed out 10 Soviet spies including a Russian sleeper agent in the Bronx 
and revealed the lengths to which Soviet intelligence would go to penetrate DoD. 


Andrew Tully, /nside the FBI (1980). Chapter 5 "Spies for Sale” (pp. 70-81) tells the story of a joint 
Naval Investigative Service and FBI double agent operation [Operation LEMONAID] targeting the 
Russian Intelligence Service resulting in the arrest of three Russians working out of the United 
Nations for espionage on 20 May 1978. Also see Jeremy J. Leggatt, "Art Lindberg's Walk in the 
Cold," Reader's Digest, June 1980. 


Downgrade. To determine that classified information requires, in the interests of national security, a lower 
degree of protection against unauthorized disclosure than currently provided, coupled with a changing of 
the classification designation to reflect such a lower degree. (JP 1-02) 

Doxing. [Cyber usage] Publicly releasing a person's identifying information including full name, date of 
birth, address, and pictures typically retrieved from social networking site profiles. (FBl; see 
<http://www.fbi.gov/about-us/investigate/counterintelligence/internet-social-networking-risks-1>) 

Dry Clean. [Tradecraft jargon] Actions taken to determine if one is under surveillance. (Spy Book) 

Dry Cleaning. [Tradecraft jargon] Any technique used to elude surveillance. A usual precaution used by 
intelligence personnel when actively engaged in an operation. (AFOSI Manual 71-142, OFCO, 9 Jun 
2000) 


- Also, any technique used to detect surveillance; a usual precaution engaged in by intelligence 
personnel when actively engaged in an operation. (FBI FCI Terms) 
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Dynamic Threat Assessment (DTA). An intelligence assessment developed by the Defense Intelligence 
Agency that details the threat, capabilities, and intentions of adversaries in each of the priority plans in the 
Joint Strategic Capabilities Plan. (JP 2-0, Joint Intelligence, 22 Oct 2013) 


The DTA is used by the Combatant Commanders and COCOM planning staffs to conduct Mission 
Analysis for Step 1 - Strategic Guidance under Adaptive Planning and Execution (APEX). 


Dual Agent. Within DoD, term rescinded by JP 2-01.2, Cl & HUMINT in Joint Operations, 16 Mar 2011. 


Previously defined in JP 1-02 as “one who is simultaneously and independently employed by two 
or more intelligence agencies, covering targets for both." 


Dual Citizen. Any person who is simultaneously a citizen of more than one country. (DSS Glossary) 


Dual-use. Technology and articles that are potentially used either for commercial/civilian purposes or for 
military, defense, or defense-related purposes. (DoDI 2040.02, International Transfers of Technology, 
Articles, and Services, 10 Jul 2008) See critical technology. 


DUST. See Defense Unknown Subject Team. 
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Economic Espionage. The knowing misappropriation of trade secrets with the knowledge or intent that 
the offense will benefit a foreign government, foreign instrumentality, or foreign agent. Misappropriation 
includes, but is not limited to, stealing, copying, altering, destroying, transmitting, sending, receiving, 
buying, possessing, or conspiring to obtain trade secrets without authorization. (Economic Espionage 
Act of 1996, PL 104-294) 


Economic Espionage... is a fact of life 


I think you have to separate very clearly what are the fields which are covered by the alliance and 
the fields which are not covered by an alliance. It’s clear that when you are allies, you have certain 
sectors, lm speaking of the armaments. I'm thinking of diplomatic matters where normally you 
should not try to gather intelligence. But in all of the other fields, being allied does not prevent the 
states from being competitors. Even during the Cold War, the economic competition existed. Now 
the competition between the states is moving from the political-military level to the economic and 
technological level. In economics, we are competitors, not allies. | think that even during the 
Cold War getting intelligence on economic, technological, and industrial matters from a country with 
which you are allies is not incompatible with the fact that you are allies. 

-- Pierre Marion, Former Director of French Intelligence (DGSE) 

as quoted in Friendly Spies by Peter Schweizer (1993) 


Section 101(a) of the Economic Espionage Act of 1996 criminalizes economic espionage. 
See «http://www.gpo.gov/fdsys/pkg/PLAW -104publ294/content-detail.html- 
Also see «http://www.fbi.gov/about-us/investigate/counterintelligence/economic-espionage» 


The Economic Espionage Act (EEA) of 1996 (18 USC 88 1831-1839) is concerned in particular 
with economic espionage and foreign activities to acquire US trade secrets. In this context, trade 
secrets are all forms and types of financial, business, scientific, technical, economic, or engineering 
information, including patterns, plans, compilations, program devices, formulas, designs, 
prototypes, methods, techniques, processes, procedures, programs, or codes, whether tangible or 
intangible, and whether stored or unstored, compiled, or memorialized physically, electronically, 
graphically, photographically, or in writing, if the owner (the person or entity in whom or in which 
rightful legal or equitable title to, or license in, is reposed) has taken reasonable measures to keep 
such information secret and the information derives independent economic value, actual, or 
potential from not being generally known to, and not being readily ascertainable through, proper 
means by the public. Activities to acquire these secrets include the criminal offenses: economic 
espionage and industrial espionage. 


The Office of the National Counterintelligence Executive submits an annual report to Congress on 
the threat to the United States from foreign economic collection and industrial espionage; see 
annual reports at: <http:/Awww.ncix.gov/publications/reports/fecie_all/index.html> 


“US intelligence officials put the cost of lost sales due to illicit appropriation of 
technology and business ideas at between $US100 billion and $US250 billion a year." 
-- Financial Times, January 2011 


Educing Information (El). The full range of approaches to obtain useful information from sources. 
EI includes elicitation, debriefing, and interrogation. (Educing Information — Interrogation: Science and 
Art, Dec 2006) Also see debriefing; elicitation; interrogation; interview. 


The 2006 Intelligence Science Board report Educing Information — Interrogation: Science and Art 
is available online at <http://www.ndic.edu/press/3866.htm> 


Effect. 1) The physical or behavioral state of a system that results from an action, a set of actions, or 


another effect; 2) The result, outcome, or consequence of an action; 3) A change to a condition, behavior, 
or degree of freedom. (JP 1-02 and JP 3-0, Joint Operations, 11 Aug 2011) 
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Effects-Based Operations (EBO). [Non-doctrinal term] A process for obtaining a desired strategic 
outcome [emphasis added] or effect on the enemy. (JFCOM Glossary at www.jfcom.mil/about/glossary.htm) 


Effects Bases Operations: Coordinated sets of actions directed at shaping the behavior of friends, 
foes, and neutrals in peace, crisis, and war. 

The concept of EBO focuses "coordinated sets of actions" on objectives defined in terms of human 
behaviors in multiple dimensions and on multiple levels, and measures their success in terms of the 
behavior produced.... Effects cannot be isolated. All effects, at each level and in each arena, are 
interrelated and are cumulative over time. And lastly, effects are both physical and psychological in 
nature. 


-- Edward A. Smith, Effects Based Operations: Applying Network Centric Warfare in Peace, Crisis, and War 
(2002) 


eGuardian. The FBI's unclassified, law enforcement-centric threat reporting system. It provides a means 
to disseminate SARs dealing with information regarding a potential threat or suspicious activity rapidly 
throughout the national law enforcement community. (DoDI 2000.26, Suspicious Activity Reporting, 1 Nov 
2011) See suspicious activity report. 


All reports in the eGuardian system Shared Data Repository are viewable through Guardian, the 
FBI’s classified threat reporting system. DoD personnel assigned to Joint Terrorism Task Forces 
(JTTFs) and the National Joint Terrorism Task Force (NJTTF) have access to Guardian. 


For additional information see: <http://foia.foi.gov/eguardian_threat.htm> 


Electronic Intelligence (ELINT). Technical and geolocation intelligence derived from foreign 
noncommunications electromagnetic radiations emanating from other than nuclear detonations or 
radioactive sources. (JP 1-02 and JP 3-13.1, Electronic Warfare, 25 Jan 2007) Also see electronic 
warfare; foreign instrumentation signals intelligence; signals intelligence. 


ELINT is a sub-category of signals intelligence (SIGINT) that engages in dealing with information 
derived primarily from electronic signals that do not contain speech or text (which are considered 
Communications Intelligence aka COMINT). Two major branches of ELINT are Technical ELINT 
(TechELINT) and Operational ELINT (OpELINT) described as follows: 

-- TechELINT describes the signal structure, emission characteristics, modes of operation, 
emitter functions, and weapons systems associations of such emitters as radars, beacons, 
jammers, and navigational signals. A main purpose of TechELINT is to obtain signal 
parameters which can define the capabilities and the role that the emitter plays in the larger 
System, such as a ground radar locating aircraft, and thus lead to the design of radar 
detection, countermeasure, or counterweapons equipment. 

-- OpELINT concentrates on locating specific ELINT targets and determining the operational 
patterns of the systems; these results are commonly called Electronic Order of Battle (EOB). 


For additional information see: Richard L. Bernard, Electronic Intelligence (ELINT) at NSA, 2009. 
On line at: <http:/Awww.nsa.gov/about/_files/cryptologic_heritage/publications/misc/elint.pdf> 


Also see additional background information at: <www.fas.org/irp/nsa/almanac-elint.pdf> 


Electronic Surveillance. The acquisition of a nonpublic communication by electronic means without 
the consent of a person who is party to an electronic communication or, in the case of a nonelectronic 
communication, without the consent of a person who is visibly present at the place of communication. 
(DoD 5240.1-R, Dec 1982) Also see surveillance; foreign intelligence surveillance act (FISA). 


Governed by the Foreign Intelligence Surveillance Act (FISA) of 1978 (B0 USC §1805). 


For DoD CI see Chap 5. Proc 5 — Electronic Surveillance, DoD 5240.1-R, Procedures Governing 
the Activities of DoD Intelligence Components that Affect United States Persons, 7 Dec 1982 
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The Electronic Communications Privacy Act of 1986 (ECPA) prohibits unauthorized electronic 
eavesdropping. ECPA consists of three parts. The first, often referred to as Title IIl, outlaws 
wiretapping and electronic eavesdropping, except as otherwise provided. The second, the Stored 
Communications Act, governs the privacy of, and government access to, the content of electronic 
communications and to related records. The third outlaws the use and installation of pen registers 
and of trap and trace devices, unless judicially approved for law enforcement or intelligence 
gathering purposes. 


-- Also, the use of electronic devices to monitor or record conversations, activities, sound, or 
electronic impulses. (Army FM 2-22.2, Counterintelligence, Oct 2009) 


-- Also, (ELSUR) under Title Ill and FISA is the non-consensual electronic collection of information 
(usually communications) under circumstances in which the parties have a reasonable expectation of 
privacy and court orders or warrants are required. (FBI Domestic Investigations and Operations Guide, 
15 Oct 2011) 


Electronic Tracking Device. Direction finder including electronic tracking devices, such as, radio 
frequency beacons and transmitters, vehicle locator units, and the various devices that use a Global 
Positioning System [GPS] or other satellite system for monitoring non-communication activity. (FBI 
Domestic Investigations and Operations Guide, 16 Dec 2008) 


Electronic Warfare (EW). Military action involving the use of electromagnetic and directed energy to 
control the electromagnetic spectrum or to attack the enemy. Electronic warfare consists of three 
divisions: electronic attack, electronic protection, and electronic warfare support. (JP 1-02 and JP 3-13.1, 
Electronic Warfare, 25 Jan 2007) 


Electronics Security. The protection resulting from all measures designed to deny unauthorized persons 
information of value that might be derived from their interception and study of noncommunications 
electromagnetic radiations, e.g., radar. (JP 1-02 and JP 3-13.1, Electronic Warfare, 25 Jan 2007) 


Elements of Espionage. The fundamentals components in which an intelligence service conducts 
espionage... some or all of the following elements are present in every espionage operation: 1) contact & 
communication; 2) collection; 3) motive / reward; 4 travel; and 5) tradecraft. (Espionage 101: Elements of 
Espionage, US Army AFCITC Course Handout, 3 Dec 1996, authored by CW4 Constance Y. Huff, USA) 
Also see Espionage; Espionage Act; Espionage Against the United States. 


Espionage investigative elements are different than the prosecutorial elements (which are 
addressed in Title 18 USC, 88 792-798 and Article 106, UCMJ). 


Elicitation. In intelligence usage, the acquisition of information from a person or group in a manner that 
does not disclose the intent of the interview or conversation. (JP 2-0, Joint Intelligence, 22 Oct 2013) 
Also see educing information; debriefing; interrogation; interview. 


-- Also, engaging with a source in such a manner that he or she reveals information without being 
aware of giving away anything of value. (Educing Information — Interrogation: Science and Art, Dec 2006) 


-- Also, the strategic use of conversation to extract information from people without giving them the 
feeling they are being interrogated. (FBI) 


-- Also, the use of generalized questions to ascertain someone's knowledge on a particular topic. 
(Army FM 2-22.2, Counterintelligence, Oct 2009 


A casual conversation with a hidden agenda 


The subtle extraction of information during an apparently "normal" and "innocent" conversation. 
A supplemental technique used during interviews, debriefings and interrogations. 
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Elicitation is the practice of obtaining information about a topic from conversations, preferably 
without the source knowing what is happening. 
-- Robert M. Clark, /ntelligence Analysis: A Target-Centric Approach (2004), p. 72 


Elicitation, that is to say, like a lot of other tradecraft techniques, has its Scylla and Charybdis. On 
one hand, the cautious seeker risks concealing his purpose in such general questions or remarks 
that he evokes nothing of value. On the other hand, if the questions are excessively direct, the 
contact may quickly suspect he is being interrogated for intelligence purposes and bring the 
interview to an abrupt and unpleasant end. 
-- George G. Bull, “The Elicitation Interview," Studies in Intelligence, vol. 14 no. 2 (Fall 1970), pp. 115-22. 
Originally classified "Secret" [declassified]. 


Elicitation is a technique used to discreetly gather information. It is a conversation with a specific 
purpose: collect information that is not readily available and do so without raising suspicion that 
specific facts are being sought. It is usually non-threatening, easy to disguise, deniable, and 
effective. The conversation can be in person, over the phone, or in writing. Conducted by a skilled 
collector, elicitation will appear to be normal social or professional conversation. A person may 
never realize she was the target of elicitation or that she provided meaningful information. 


-- Elicitation Techniques, FBI (accessed 20 Aug 2012) 
See pdf available at: <http://www.fbi.gov/about-us/investigate/counterintelligence/elicitation-brochure> 


Emanation Security. Unintentional signals that, if intercepted and analyzed, would disclose the 
information transmitted, received, handled, or otherwise processed by information systems. 
Synonymous with Transient Electromagnetic Pulse Emanation Standard (TEMPEST). (DSS Glossary) 
Also see TEMPEST. 


Emerging Warning Concerns. Newly identified issues relevant to national security of sufficient significance 
to warrant temporary attention by the Defense Intelligence Enterprise. An emerging warning issue may be 
redefined as an enduring warning issue based on national security priorities and operational plans. 

(DoDD 3115.16, The Defense Warning Network,5 Dec 2013) 


Émigré. A person who lawfully departed his or her country with the intention of resettlement elsewhere. 
(Defense HUMINT Enterprise Manual 3301.002, Vol Il Collection Operations, 23 Nov 2010) 


- Also, a person who departs from his country for any lawful reason with the intention of permanently 
resettling elsewhere. (ICS Glossary) 


Emission Security. The component of communications security that results from all measures taken to 
deny unauthorized persons information of value that might be derived from intercept and analysis of 
compromising emanations from cryptoequipment and telecommunications systems. (JP 1-02 and JP 6-0, 
Joint Communications, 10 Jun 2010). Also see also communications security. 


Equipment Exploitation Operations. Intelligence exploitation operations of all types foreign and non- 
foreign material which may have military application or answer a collection requirement. This material 
includes material found on a detainee or on the battlefield (Captured Enemy Equipment (CEE)), or 
purchased through either open or clandestine means (Foreign Military Acquisition). (DHE-M 3301.002, 
Vol II Collection Operations, 23 Nov 2010) 


Enabling Activities. [In Cl and HUMINT usage] Any activity that supports Defense Cl and HUMINT 
operations, functions, and missions, including source validation, collection management, collection 


requirements management, cover, cover support, information systems, production management, source 
communications, targeting, and training. (DoDI O-5100.93, Defense CI & HUMINT Center, 13 Aug 2010) 
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Encipher. To convert plain text into unintelligible form by means of a cipher system. (JP 1-02) 


-- Also, convert plain text to cipher text by means of a cryptographic system. (CNSSI No. 4009, 
National Information Assurance Glossary, 26 April 2010) 


Encode. Convert plain text to cipher text by means of a code. (CNSSI No. 4009, National Information 
Assurance Glossary, 26 April 2010) 


Encrypt. Generic term encompassing encipher and encode. (CNSSI No. 4009, National Information 
Assurance Glossary, 26 April 2010) 


Encryption. The process of changing plaintext into ciphertext for the purpose of security or privacy. 
(CNSSI No. 4009, National Information Assurance Glossary, 26 April 2010) 


End State. Set of required conditions that defines achievement of the commander's objectives. (JP 1-02) 


Enduring Warning Issue. A significant national security issue, usually linked to an operation plan or 
concept plan, that is well defined and are longstanding potential threats to the interests of the U.S. and its 
allies. (DoDD 3115.16, The Defense Warning Network,5 Dec 2013) 


Enemy Combatant (EC). A person engaged in hostilities against the United States or its coalition 
partners during an armed conflict. (DoDD 2310.01E and JP 3-56, Detainee Operations, 6 Feb 2008) 


Esoteric Communications. Public statements whose surface meaning (manifest content) does not reveal 
the real purpose, meaning, or significance (latent content) of the author. (Army Techniques Publication 
2-22.9, Open-Source Intelligence, 10 Jul 2012) 


Espionage. Intelligence activity directed towards the acquisition of information through clandestine 
means. (NSCID 5 and DCID 5/1) Also see Elements of Espionage; Espionage Act, Espionage Against 
the United States. 


“The object of secret intelligence activity [espionage] is to obtain by secret means 
information which cannot otherwise be secured and which is not elsewhere available.” 
-- Kermit Roosevelt, War Report of the OSS (1976) 


“In espionage, two factors are constant. Intelligence officers recruit foreign nationals who can 
provide classified information on their governments’ plans and intentions, and the 
counterintelligence services of those countries try to thwart these operations.” 
-- Brian P. Fairchild (CIA Case Officer for 20 years), “Human Intelligence, Operational Security and the 
CIA’s Directorate of Operations.” Statement before the Joint Economic Committee, United States 
Congress 20 May 1998 


-- Also, 1) Intelligence activity directed toward the acquisition [of] information through clandestine 
means and proscribed by the laws of the country against which it is committed; 2) Overt, cover, or 
clandestine activity designed to obtain information relating to the national defense with an intent or reason 
to believe that it will be used to the injury of the United States or to the advantage of a foreign nation. 

(Cl Community Lexicon) 


-- Also, Clandestine intelligence activity. This term is often interchanged with “clandestine collection.” 
(Senate Report 94-755, Book | — Glossary, 26 Apr 1976) 


-- Also, 1) The art of spying; 2) The act of seeking information for one government that the other 
government wishes to keep secret. (TOP SECRET: The Dictionary of Espionage and Intelligence, 2005) 


Espionage is the clandestine collection of information by people either in a position of trust for the 
targeted entity, or with access to people with such access. The process of recruiting such 
individuals and supporting their operations is the HUMINT discipline of agent handling. 
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"Espionage—the use of spies or secret agents to steal information from enemies, 
adversaries, or competitors—is one of the oldest forms of intelligence gathering." 


-- Arthur S. Hulnick, “Espionage: Does It Have a Future in the 21*' Century?" 
The Brown Journal of World Affairs; Xl: 1 (2004) 


"Espionage is distinguished from other forms of intelligence gathering by its clandestinity 
and its 'illegal means' of acquisition." 


-- Frederick P. Hitz, Former Inspector General of the CIA (1990-1998) 


"Espionage is the theft of information in contravention of another nation's laws by a person known 
as an 'agent.' This act of theft may be direct, as in the secret copying of a classified document, or 
the indirect, as in hiding of an eavesdropping device, or merely oral, but is done by an agent and it 
breaks either a foreign law or the internal regulation of an alien organization. Espionage is not the 
confidential purchase of information where mere embarrassment, rather than illegality, is risked. It 
is not the flattery, bribery, or coercion of a person to influence his actions within legal limits. It is 
not ‘a scuttling, violence-prone business. .. incompatible with democracy.’ But rather a silent, 
surreptitious, violence-shunning business serving the nation." 

-- William R. Johnson, “Clandestinity and Current Intelligence," Studies in Intelligence, vol. 20, no. 3 

(Fall 1976), pp. 15-69. Originally classified "Secret / No Foreign Dissem" [declassified]. 


Espionage, since it is based on human vulnerability, 
can penetrate even the most heavily guarded repositories of national secrets. 


-- Also, [Crime of Espionage] the act of obtaining, delivering, transmitting, communicating, or 
receiving information about the national defense with an intent, or reason to believe, that the information 
may be used to the injury of the United States or to the advantage of any foreign nation. (JP 1-02 and 
JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 201 1) 


Espionage is a national security crime, specifically a violation of Title 18 USC, §§ 792-798 and 
Article 106, Uniform Code of Military Justice (UCMJ). 


See article “Espionage: The American Judicial Response. An in Depth Analysis of the Espionage 
Laws and Related Statues" by Harold W. Bank (45 pages). 
Copy at «http://www.wcl.american.edu/journal/lawrev/21/bank.pdf.» (accessed 31 Oct 2012) 


"The man engaged in espionage on behalf of his own country is committing a patriotic act. 
The man who gives away or sells his own country's secrets is committing treason.” 
-- Allen W. Dulles, The Craft of Intelligence (2006), p. 179 


"Espionage is a crime almost devoid of evidence..." 
-- Peter Wright (Former Asst Director MI5), Spycatcher (1987) 


"The act of espionage is unlike any other criminal act in that it leaves no traces. Indeed, unless the 
agent is caught, the government office that has been penetrated is usually unaware that any crime 
has taken place. The actual detection of espionage is a very specialized task...." 

-- Miles Copeland, Without Cloak or Dagger (1974), p. 160 


"[E]spionage in it's own way is a very unique crime: There are no smoking guns, no battered 
victims, rarely do we have any forensic evidence, no bait money, no exploding dye packs, no bank 
surveillance films. Espionage, in many cases, leaves no footprints." 

-- William H. Webster, Director FBI (12/10/85) 
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"Because it leaves no footprints, espionage is one of the more difficult crimes to uncover. Yet the 
business of catching spies affects profoundly the American way of life. If done well, it protects our 
freedoms by keeping us strong. If done poorly, it can impinge on our liberties just as surely as a 
takeover by a foreign power." 

-- Ronald Kessler, Spy vs. Spy (1988), p. 8 


*... the essence of espionage, even the most innocuous sort, is betrayal of trust. One 
might almost say that is the defining element, because without it, there is no espionage." 


-- Aldrich Ames, CIA Traitor & Convicted Spy 
as quoted in as quoted in Confessions of a Spy by Pete Earley 


"Espionage is a crime of double-edged secrecy. Spies, well experienced in clandestine procedures 
and operating not as individuals but as agents of a nation, are hard to detect by traditional police 
work. And the loot that they seek is not the kind of evidence that can be labeled Exhibit A in the 
courtroom. ...And there is still another kind of secret that a trail reveals: the failings of the secret- 
holder's own security safeguards" 

-- Thomas B. Allen and Norman Polmar, Merchants of Treason: America's Secret for Sale (1988), p. 163 


"No matter how overwhelming the evidence can be, prosecuting espionage cases is never easy." 
-- John L. Martin, Retired Chief Counterespionage Section, US Department of Justice 


Espionage Act. The Espionage Act of 1917 (18 USC § 792 et seq.) is a U.S. federal law passed in June 
1917, shortly after the U.S. entry into World War I. It prohibited any attempt to interfere with military 
operations, to support U.S. enemies during wartime, to promote insubordination in the military, or to 
interfere with military recruitment. The law was further strengthen by the Espionage and Sabotage Act of 
1954, which authorized the death penalty or life imprisonment for espionage or sabotage in peacetime as 
well as during wartime. The Act requires agents of foreign governments to register with the U.S. 
Government. It also suspended the statue of limitations for treason. In 1958, the scope of the act was 
broaden to cover Americans engaged in espionage against the U.S. while overseas. Also see espionage. 


Statues now governing espionage date from the first effort to protect the governments' secrets in 
the Defense Secrets Act of 1911. The Espionage Act of 1917 adopted the approach take in 1911, 
incorporating many of its key phrases. Most of the 1917 act in turn has been incorporated without 
many revisions into 18 U.S. Code 793, the core statute for dealing with espionage. The last 
revisions in wording made to section 793 were in 1950 with the Internal Security Act; also in that 
act 18 U.S. Code 794 was added. 


-- PERSEREC Technical Report 08-05, Changes in Espionage by Americans: 1947-2007, March 2008. 


The Federal Espionage Laws codified in Title 18 Section 793 and 794 US Code along with other 
related crimes date back to the terrorist attack of 1916 on Black Tom Island carried out by the 
German IIIb intelligence service. This event had such an impact on the nation that proposals were 
made to court martial civilians since there were no viable laws to deal with espionage at the time. 


The result was the 1917 Espionage Law of which codified a very restricted definition of the crime 
of Espionage. As you know espionage has four elements: 

- Unauthorized transmittal 

- of national defense information 

- to a foreign power or agent 

- with the intent to harm the US or aid that foreign power. 


As a result of a German espionage case in the early 1940s, that was appealed, and precedence 
was established that the national defense security information transmitted in an espionage case 
had to be protected information. Accordingly, it is essential to prove in an espionage prosecution 
that the information affected the military defense of the United States and was protected 
information not in the public domain at the time it was transmitted. 

-- Prepared Statement of David G. Major, President Cl Centre, before the US House of Representatives, 


Committee on the Judiciary Subcommittee on Crime, Terrorism, and Homeland Security “Enforcement 
of Federal Espionage Laws" Hearing, 29 January 2008 
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Prominent among the statutory offenses enacted by Congress and relating to matters of national 
security are the espionage laws found in title 18, sections 791 through 798.' The activities covered 
therein by these sections go far beyond those limited to any dictionary definition or popular concept 
of the term "espionage." 


The obtaining of national defense information for the benefit or use of foreign nations or its 
subsequent transmittal is the primary target of the espionage laws. However, equally as criminal is 
the conspiracy and attempt to do any of the above as well as the receiving or obtaining of national 
defense information with reason to believe that such information was to be used in violation of the 
espionage laws. In addition, the willful refusal to turn over national defense information upon proper 
demand by lawful authority and the loss or compromise of national defense information through 
gross negligence is also included in the statutory proscription. The penalties prescribed for violation 
of the espionage laws are severe. 

-- Commission on Government Security — 1957, p. 617 


Espionage Indicators. Warning signs that an insider may be working for or is susceptible to control by a 
Foreign Intelligence Entity (FIE). These warning signs are the result of an insider's actions, activities, and 
behaviors that may be indicative of potential espionage-related activity. Also see indicator. 


-- Also, Potential Espionage Indicators: Activities, behavior or circumstances that may, unless 
satisfactorily explained, be indicative of potential espionage activity by an individual who may be acting as 
a witting espionage agent or spy. (DSS CI Report, Potential Espionage Indicators in Personnel Security 
Investigations, undated, circa early 2000) 


Mere exhibition of an espionage indicator does not necessarily indicate spying or a Foreign 
Intelligence Entity (FIE) connection; individuals may exhibit PEI for a variety of legitimate reasons. 
Presence of PEI, especially multiple PEI, warrants further Cl action. 


In CI usage, /ndicators are different from anomalies. Espionage indicators are manifested in an 
insider's actions, activities, and behaviors whereas anomalies surface as a result of FIE actions 
and activities [See anomalies, anomalous activity, anomaly]. 

-- Indicator: an individual's action, activity or behavior 

-- Anomaly: foreign power activity or knowledge 


Potential Espionage Indicators alone do not presuppose that an individual is necessarily working 
on behalf of a FIE... additional Cl follow-up is required. 


DoD Directive 5240.06, Counterintelligence Awareness and Reporting, 17 May 201 1, lists 
reportable contacts , activities, indicators, and behaviors associated with foreign intelligence 
activities (FIEs), a term that includes international terrorists; for specifics see Tables 1-3 at 
Enclosure 4. 


Essential Elements of Information (EEI). The most critical information requirements regarding the 

adversary and the environment needed by the commander by a particular time to relate with other 

available information and intelligence in order to assist in reaching a logical decision. (JP 2-0, Joint 
Intelligence, 22 Oct 2013) 


Essential Elements of Friendly Information (EEFI). Key questions likely to be asked by adversary officials 
and intelligence systems about specific friendly intentions, capabilities, and activities, so they can obtain 
answers critical to their operational effectiveness. (Previously in JP 2-01, Joint and National Intelligence 
Support to Military Operations) 


Essential Task. A specified or implied task that an organization must perform to accomplish the mission 


that is typically included in the mission statement. (JP 5-0, Joint Operation Planning, 11 Aug 2011) 
Also see implied task; specified task. 


133 


Page 3650 of 3957 


Page 3651of 3957 


Counterintelligence Glossary -- Terms & Definitions of Interest for CI Professionals (9 June 2014) 


Estimative Intelligence. Intelligence that identifies, describes, and forecasts adversary capabilities and 
the implications for planning and executing military operations. (JP 1-02 and JP 2-0, Joint Intelligence, 
22 Oct 2013) 


Evaluation. In intelligence usage, appraisal of an item of information in terms of credibility, reliability, 
pertinence, and accuracy. (JP 1-02) 


Evaluation and Feedback. In intelligence usage, continuous assessment of intelligence operations 
throughout the intelligence process to ensure that the commander' intelligence requirements are being 
met. (JP 2-01, Joint and National Intelligence Support to Military Operations, 5 Jan 2012) 


Evidence. Testimony, writings, material object, or other things presented to the senses that are offered 
to prove the existence or nonexistence of a fact. 


"No matter how overwhelming the evidence can be, 
prosecuting espionage cases is never easy." 
-- John L. Martin, Retired Chief of Internal Security at the Department of Justice 


In legal proceedings there are several different types: 1) in terms of their relationship to the crime, 
they are known as “direct” or “circumstantial,” and 2) in terms of their relationship to the world at 
large, they are known as "testimonial" or "physical." 


TESTIMONIAL: statements or the spoken word from the victim(s) or witness(es). 


PHYSICAL: includes such things as hairs, fibers, latent fingerprints, and biological material. 
Physical evidence is objective and when documented, collected, and preserved properly may be 
the only definitive way to reliably place or link someone to a crime scene. This is why Physical 
evidence is known as the "silent witness." 


Physical evidence has the potential to play a critical role in the 
overall investigation and resolution of a suspected criminal act. 


-- US Department of Justice, 
Crime Scene Investigation: A Guide for Law Enforcement, January 2000 


-- Also, anything that helps to ascertain the truth of a matter, or gives proof of a fact. Evidence may 
be physical or testimonial. (AR 195-5, Evidence Procedures, 25 Jun 2007) 


-- Also, the legal data that conclusions or judgments may be based on. It is the documentary or verbal 
statements and material objects admissible as testimony in a court of law. Evidence is the means by 
which any alleged matter of fact is proven or disproved. Evidence includes all matters, except comment 
or argument, legally submitted to a court. Evidence is the source from which a court-martial or jury must 
form its conclusions as to the guilt or innocence of an accused. Testimonial evidence, e.g., sworn 
statements of eyewitness accounts and admissions of guilt, is obtained through communication with 
people. Physical evidence, e.g., identified weapons and fingerprints, is obtained by searching crime 
scenes, tracing leads, and developing technical data. Investigators must always be evidence conscious. 
Both physical and testimonial evidence are vital to the successful prosecution of an investigation. (Army 
FM 3-19.13, Law Enforcement Investigations, Jan 2005) 


Evidence is the source from which a court-martial or jury must form its conclusions as to the guilt or 
innocence of an accused. Evidence is the means by which any alleged matter of fact is proven or 
disproved. Evidence includes all matters, except comment or argument, legally submitted to a 
court. 

-- Army FM 3-19.13, Law Enforcement Investigations, Jan 2005, p. 1-8 
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-- Also, evidence in its broadest sense, refers to anything that is used to determine or demonstrate 
the truth of an assertion; the term has specialized meanings when used with respect to specific fields, 
such as criminal investigations and legal discourse. ...Legal evidence concerns the tight rules governing 
the presentation of facts that tend to prove or disprove the point at issue. ... Testimony (which tells) and 
exhibits (which show) are the two main categories of evidence presented at a trial or hearing. (Wikipedia; 
accessed 1 Aug 2007) 


The law of evidence governs the use of testimony (e.g., oral or written statements, such as an 
affidavit) and exhibits (e.g., physical objects) or other documentary material which is admissible 
(i.e., allowed to be considered by the trier of fact, such as a jury) in a judicial or administrative 
proceeding (e.g., a court of law). Evidence must be acquired/received, processed, safeguarded 
and disposed of properly. 


Military Rules of Evidence are Part Ill of the Manual for Courts-Martial; Appendix 22 of the MCM is 
Analysis of the Military Rules of Evidence. 


Also see "Evidence" in Chapter 8 of Army FM 2-22.2, Counterintelligence, October 2009, pp. 8-5 
through 8-8. 


"Espionage is a crime almost devoid of evidence..." 
-- Peter Wright, Spycatcher (1987) 


"While espionage may be ALMOST devoid of evidence, it is NOT VOID of evidence." 
-- ESPIONAGE 101: Elements of Espionage by CW4 Connie Huff (USA), 3 Dec 1996 


Evidence Identifiers. Tape, labels, containers, and string tags used to identify the evidence, the person 
collecting the evidence, the date the evidence was gathered, basic criminal offense information, and a 
brief description of the pertinent evidence. (Crime Scene Investigation: A Guide for Law Enforcement, 
Sep 2013) 


Execute Order (EXORD). 1) An order issued by the Chairman of the Joint Chiefs of Staff, by the authority 
and at the direction of the Secretary of the Defense, to implement a decision by the President or SECDEF 
to initiate military operations; 2) An order to initiate military operations as directed. (JP 1-02 and JP 5-0, 
Joint Operation Planning, 11 Aug 2011) 


Execution Planning. The Adaptive Planning and Execution System translation of an approved course of 
action into an executable plan of action through the preparation of a complete operation plan or operation 
order. (JP 5-0, Joint Operation Planning, 11 Aug 2011) 

Executive Agent (EA) [within DoD]. A term used to indicate a delegation of authority by the Secretary of 
Defense or Deputy Secretary of Defense to a subordinate to act on behalf of the Secretary of Defense. 
(JP 1, Doctrine for the Armed Forces of the United States, 25 Mar 2013) 


Exfiltration. The removal of personnel or units from areas under enemy control by stealth, deception, 
surprise, or clandestine means. (JP 1-02) 


-- Also, a clandestine rescue operation designed to get a defector, refugee, or operative and his or 
her family out of harm's way. (CI Centre Glossary) 


-- Also, a clandestine operation undertaken to remove an individual from a denied area. (Historical 
Dictionary of Cold War Counterintelligence, 2007) 


-- Also, the surreptitious extraction of operatives in the field. (Encyclopedia of the CIA, 2003) 
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-- Also, an operation to get an individual secretly and illegally [in violation of a foreign country's law] 
out of a hostile area. (James M. Olson, Fair Play: The Moral Dilemmas of Spying, 2006) 


Examples include the escapes of KGB officer Oleg Gordievsky from the Soviet Union in 1985, 
orchestrated by MI6, and KGB officer Victor Sheymov, his wife, and daughter from the Soviet Union 
in 1980, carried out by the CIA. 


Expanded-scope Screening [Polygraph]. (ESS) An examination that includes the questions from a CSP 
polygraph and questions related to falsification of security forms, involvement with illegal drugs, and 
criminal activity. Previously known as full-scope polygraph. (DoDI 5210.91, PCA Procedures, 12 Aug 
2010 with change 1 dated 15 Oct 2013) 


Exploitation. The process of obtaining information from any source and taking advantage of it. (DoDD 
5205.02E, DoD OPSEC Program, 20 Jun 2012) 


-- Also, the process of obtaining intelligence information from any source and taking advantage of it 
for intelligence purposes. (ODNI, U.S. National Intelligence — An Overview 2011) 


Export Enforcement Coordination Center (E2C2). The primary forum within the federal government for 
executive departments and agencies to coordinate and enhance their export control enforcement efforts. 
The Center maximizes information sharing, consistent with national security and applicable laws. This 
helps partner agencies detect, prevent, disrupt, investigate and prosecute violations of U.S. export control 
laws. (www.ice.gov) 


Executive Order 13558 created the Export Enforcement Coordination Center. E2C2 provides a 

venue through which to deconflict technology transfer investigations, 

For additional information see «http://www.ice.gov/export-enforcement-coordination-center/» 
Extremist Activity. As used in this regulation, an activity that involves the use of unlawful violence or the 
threat of unlawful violence directed against the Army, DOD, or the United States based on political, 


ideological, or religious tenets, principals, or beliefs. (AR 381-12, Threat Awareness and Reporting 
Program, 4 Oct 2010) 


Eyewash. [Tradecraft jargon] False entries made in files, usually to protect the security of a source, often 
indicating that a particular target has rejected a pitch, when in fact the offer was accepted. (Historical 
Dictionary of Cold War Counterintelligence, 2007) 


136 


Page 3653 of 3957 


Page 3654 of 3957 


Counterintelligence Glossary -- Terms & Definitions of Interest for CI Professionals (9 June 2014) 


F re 


Fabricator. An individual or group who, usually without genuine resources, invents or inflates information 
for personal or political gain or political purposes. (JP 1-02 and JP 2-01.2, Cl & HUMINT in Joint 
Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 


-- Also, an agent who furnishes false information for financial gain. (A Spy’s Journey) 


False Flag. Development or execution of any imitative or operation under false national sponsorship or 
credentials (aka “false colors”). The Russian term is foreign flag. (CIA in D&D Lexicon, 1 May 2002) 
Also see false-flag approach and false-flag recruitment 


-- Also, occurs when an individual is recruited believing he or she is cooperating with an intelligence 
service of a specific country. In actuality, he or she has been deceived and is cooperating with an 
intelligence service of another country. (AFOSI Manual 71-119, Cl Investigations, 27 Oct 2009) 


-- Also, the technique for misrepresenting an individual's country of origin is a risky but well- 
established tactic adopted by all counterintelligence agencies in the absence of other, safer alternatives. 
Invariably, the strategy is one of last resort when a suspect is known to have engaged in espionage, but 
is thought to be currently inactive. The offer to be reengaged as a spy may be accepted and result in 
sufficient evidence to secure a conviction, or may prompt an incriminating action. (Historical Dictionary of 
Cold War Counterintelligence, 2007) 


-- Also, approach by a hostile intelligence officer who misrepresents himself or herself as a citizen 
of a friendly country or organization. The person who is approached may give up sensitive information 
believing that it is going to an ally, not a hostile power. (Spy Book) 


-- Also, the use of a third country's nationality to effect the recruitment of an agent so they do not 
know an activity's true country of origin. (A Spy's Journey) 


False-Flag Approach. An intelligence officer or agent who represents themselves as a person of another 
nationality in order to foster trust and lessen suspicion about the contact. (AR 381-12, Threat Awareness 
and Reporting Program, 4 Oct 2010) Also see false flag; false-flag recruitment. 


False-Flag Recruitment. A situation that occurs when an individual is recruited believing that he/she is 
cooperating with an intelligence eservice of a specific country, when in actually he/she has been deceived 
and is cooperating with an intelligence service of another country. (Cl Community Lexicon) Also see 
false-flag; false-flag approach. 

“... false flag’ recruitment—when an intelligence service recruits a target while pretending to 
represent another nation—a common piece of tradecraft. When you finally recruit the target, he 
believes he is providing information to some other nation. The Israelis have often used this 
technique by impersonating CIA officers when trying to recruit Arabs." 

-- Duane R. Clarridge, A Spy For All Seasons: My Life in the CIA (1997), p. 97 


-- Also, an individual recruited believing he/she is cooperating with an intelligence service of a specific 


country when, in reality, the individual has been deceived and is working on behalf of an intelligence 
service of another country. (ICS Glossary & AR 381-47, OFCO, 17 Mar 2006) 
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-- Also, recruitment of an individual under the guise of working for one entity when actually working for 
another entity. (HDI Lexicon, April 2008) 


Can also be used as a Cl investigative technique to determine whether a suspected spy intends to 
or has committed espionage or other national security crimes against the United States; in this type 
of false flag a U.S. Cl or law enforcement officer poses as an intelligence operative of a foreign 
power in an undercover operation. The FBI has successfully used this type of false flag operation 
in several espionage cases, e.g., see United States of America v. Stewart Davis Nozette (U.S. 
District Court for the District of Columbia, case number: 09-0565M) 


Faraday Bag. Specialty collection bags for electronic parts with lining to protect the contents from 
electromagnetic forces. (Crime Scene Investigation: A Guide for Law Enforcement, Sep 2013) 


FIE. See Foreign Intelligence Entity. 
FISS. See Foreign Intelligence and Security Service. 


Federal Bureau of Investigation (FBI). The primary investigative arm of the US Department of Justice 
(DoJ) with jurisdiction over violations of more than 200 categories of federal law and also a statutory 
member of the US Intelligence Community. The FBI’s mission is to protect and defend the United States 
against terrorist and foreign intelligence threats, to uphold and enforce the criminal laws of the United 
States, and to provide leadership and criminal justice services to federal, state, municipal, and 
international agencies and partners. (www.fbi.gov) 


"The FBI is unique in having a dual responsibility—to prevent harm to national security as a 
member of the U.S. Intelligence Community and to enforce federal laws as part of the Department 
of Justice. The Bureau reports to both the Attorney General and the Director of National 
Intelligence." 

-- FBI, Today's FBI — Facts and Figures 2010-2011 


The FBI has authority to investigate threats to the national security pursuant to Presidential 
Executive Orders, Attorney General authorities, and various statutory sources. Per EO 12333 (US 
Intelligence Activities) the FBI coordinates the clandestine collection of foreign intelligence 
collected through human sources or through human-enabled means and counterintelligence 
activities inside the United States. 


“We always thought of the FBI highly. We viewed it, this organization, as a formidable one. In the 
intelligence business, it's better to overestimate than underestimate, we never just thought of the 
FBI as incompetent or weak organization. It was an adversary, a formidable adversary, truly." 

-- Oleg Kalugin, Retired KGB General (served in Washington DC and Former Chief of Line KR) 


Federal Grand Jury (FGJ). An independent panel charged with determining whether there is probable 
cause to believe one or more persons committed a particular federal offense. If the FGJ believes 
probable cause exists, it will vote a "true bill" and the person will be indicted. An indictment is the most 
typical way a person is charged with a felony in federal court. (FBI Domestic Investigations and 
Operations Guide, 15 Oct 2011) 


Federal Polygraph Examiner. Military, civilian, or contractor personnel authorized to conduct polygraph 
examinations on behalf of a federal agency. (DoD 5210.48, Polygraph and Credibility Assessment 
Program, 25 Jan 2007 with change 2 dated 15 Nov 2013) 
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Federally Funded Research and Development Center (FFRDC). Research and development-performing 
organizations that are exclusively to substantially financed by the Federal Government and are supported 
by the Federal Government either to meet a particular research and development objective or, in some 
instances, to provide major facilities at either universities or corporate or contractor locations for applied 
research to development purpose. (DoDI O-5240.24, Cl Activities Supporting RDA, 8 Jun 2011 with 
change 1 dated 15 Oct 2013) 


Feed Material. Information that is usually true but unimportant given to an individual to pass to another 
intelligence service to maintain or enhance his value to that service. Sometimes called build-up material. 
(FBI FCI Terms) 


Feedback. Information or intelligence provided to deception planners as to the progress of a deception 
operation and, ultimately, its success or failure. (CIA in D&D Lexicon, 1 May 2002) 


Fifth Columnist. A subversive who acts out of secret sympathy for an enemy of his or her own country. 
(Encyclopedia of the CIA, 2003) 


-- Also, people who clandestinely undermine a larger group such as a nation from within. A fifth 
column can be a group of secret sympathizers of an enemy that are involved in sabotage within military 
defense lines, or a country's borders. A key tactic of the fifth column is the secret introduction of 
supporters into the whole fabric of the entity under attack. (Wikipedia; accessed 9 August 2012) 


The term was coined in 1936, during the Spanish Civil War. It was said then that the Spanish 
rebels had four columns of troops marching on the city of Madrid—and an additional "fifth column" 
of sympathizers within the city itself. Ready to take up arms at a moments' notice. 

-- Encyclopedia of the CIA (2003) 


In the United States at the end of the 1930s, as involvement in the European war seemed ever 
more likely, those who feared the possibility of betrayal from within used the newly coined term 
"fifth column" as a shorthand for sedition and disloyalty. 

-- Wikipedia; accessed 9 August 2012 


The fifth column is "that portion of our population which is ready to give assistance or 
encouragement in any form to invading or opposing ideologies.” 
-- Attorney General Robert H. Jackson, 1940 
(later Associate Justice of the United States Supreme Court, 1941—1954) 


The Communist Party of the United States is a fifth column if there ever was one. 


-- J. Edgar Hoover, Director Federal Bureau of Investigation 
Testimony before Committee on Un-American Activities, 
U. S. House of Representatives, circa 1948 


Financial Crimes Enforcement Network (FinCEN). An element of the Department of Treasury with the 
mission to safeguard the financial system from the abuses of financial crime, including terrorist financing, 
money laundering and other illicit activity. FinCEN administers the Bank Secrecy Act; supports law 
enforcement, intelligence, and regulatory agencies through sharing and analysis of financial intelligence; 
builds global cooperation with counterpart financial intelligence units; and networks people, ideas, and 
information. (website: <http://www.fincen.gov>) 


FinCEN exercises regulatory functions primarily under the Currency and Financial Transactions 
Reporting Act of 1970, as amended by Title Ill of the USA PATRIOT Act of 2001 and other 
legislation, which legislative framework is commonly referred to as the "Bank Secrecy Act" (BSA). 
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The BSA is the nation's first and most comprehensive Federal anti-money laundering and counter- 
terrorism financing (AML/CFT) statute. In brief, the BSA authorizes the Secretary of the Treasury 
to issue regulations requiring banks and other financial institutions to take a number of precautions 
against financial crime, including the establishment of AML programs and the filing of reports that 
have been determined to have a high degree of usefulness in criminal, tax, and regulatory 
investigations and proceedings, and certain intelligence and counter-terrorism matters. 


Financial Record. An original, its copy, or information known to have been derived 

from the original record held by a financial institution that pertains to a customer's relationship 
with the financial institution. (DoDI 5400.15, Guidance on Obtaining Information from Financial 
Institutions, 2 Dec 2004 w/ chg 3 Jul 2007) 


Finding. A written legal determination made by the President of the United States authorizing a particular 
covert action important to US national security, in compliance with the Foreign Assistance Act of 1961, as 
amended by the 1971 Hughes-Ryan Amendment. (National HUMINT Glossary) Also see covert action. 


The President shall approve all covert action Findings in writing. Under Section 662 of the Foreign 
Assistance Act of 1961, as amended, all covert actions undertaken... must be authorized by a 
Presidential Finding that each such operation is important to US national security. 

-- National Security Decision Directive Number 159, 18 Jan 1985 (originally TS-Sensitive, declassified) 


According to the Congressional Research Service, the reference to a *presidential finding" took 
on its current popular meaning when Congress adopted the Hughes-Ryan amendment to the 
Foreign Assistance Act in 1974. Section 662 of the statute prohibits the expenditure of 
appropriated funds by or on behalf of the CIA for covert actions "unless and until the President finds 
that each such operation is important to the national security of the United States and reports, in a 
timely fashion, a description and scope of such operation to the appropriate committees of 
Congress." 


The requirements of this provision subsequently went through a series of transformations, the 
vestiges of which were recently codified in the Intelligence Authorization Act, FY1991, which still 
requires a written presidential finding satisfying certain conditions set forth in the statute for covert 
actions to occur. Such presidential findings, which are classified, are to be "reported to the 
intelligence committees as soon as possible" after being approved "and before the initiation of the 
covert action authorized by the finding." These findings are not published in the Federal Register 
or reproduced in CFR Title 3 compilations. 


Firewall. A hardware/software capability that limits access between networks and/or systems in 
accordance with a specific security policy. . (CNSSI No. 4009, National Information Assurance Glossary, 
26 April 2010) 


FIVE EYES (FVEY). Australia, Canada, New Zealand, United Kingdom and the United States. (CAPCO 
and DoDI C-5240.08, Cl Security Classification Guide, 28 Nov 2011) 


Five Ws (also known as the Five Ws and one H). The formula for getting the "full" story on something. 
The maxim of the Five Ws (and one H) is that in order for a report to be considered complete it must 
answer a checklist of six questions, each of which comprises an interrogative word: Who, What, When, 
Where, Why, and How? (Wikipedia; accessed 20 Feb 2009) 


Flag Officer. A term applied to an officer holding the rank of general, lieutenant general, major general, 
or brigadier general in the US Army, Air Force or Marine Corps or admiral, vice admiral, or rear admiral 
in the US Navy or Coast Guard. (JP 1-02) 


Flaps and Seals. [Intelligence parlance for] the clandestine opening, reading, and resealing of either 
envelopes or packages without the recipient's knowledge. (Spycraft) 
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For or On Behalf of a Foreign Power. The determination that activities are for or on behalf of a foreign 
power shall be based on consideration of the extent to which the foreign power is involved in (a) control 
or policy direction; (b) financial or material support; or (c) leadership, assignments, or discipline. (AFOSI 
Manual 71-119, CI Investigations, 27 Oct 2009) 


Force Multiplier. A capability that, when added to and employed by a combat force, significantly 
increases the combat potential of that force and thus enhances the probability of successful mission 
accomplishment. (JP 1-02 and JP 3-05.1, Joint Special Operations Task Force Operations, 26 Apr 2007) 


Force Protection (FP). Preventive measures taken to mitigate hostile actions against Department of 
Defense personnel (to include family members), resources, facilities, and critical information . (JP 1-02 
and JP 3-0, Joint Operations, 11 Aug 2011) 


Force Protection Detachment (FPD). A Cl element that provides Cl support to transiting and assigned 
ships, personnel, and aircraft in regions of elevated threat. (DoDD O-5240.02, Counterintelligence, 

20 Dec 2007 with change 1 dated 30 Dec 2010; also JP 1-02 and JP 2-01.2, Cl & HUMINT in Joint 
Operations, 16 Mar 2011 w/ change 1 dated 26 Aug 2011) 


The primary focus of FPDs is to provide current and actionable force protection information to the 
commander of "in transit" resources. FPDs were created in the aftermath of the USS Cole (DDG 
67) bombing in the Port of Aden, Yemen on 12 October 2000. 


Service counterintelligence programs are integral to force protection and must be adequately 
manned and funded to meet the dynamic demands of supporting in-transit forces. 
-- Finding 20, DoD USS Cole Commission Report, 8 Jan 2001 (p. 97); p. 7 in the unclassified version. 


The FPD primary mission is to detect and warn of threats to DoD personnel and resources in- 
transit at overseas locations without a permanent DoD CI presence. ... FPDs shall maintain liaison 
contact with host nation officials to assess an operational picture of the local intelligence, terrorist, 
and criminal threat. 

-- DoDI 5240.22, CI Support to Force Protection, 24 Sep 2009, pp. 7-8 (encl 3, para 5) 


The principal responsibility of the FPD is to provide FP [force protection] services to DoD 
personnel, aircraft, ships and resources, as well as coordinate component FP activities. The FPD 
detects and warns of threats to DoD military and civilian assets in-transit at overseas locations that 
do not possess a permanent DoD CI presence. 

-- Erika Triscari, "Force Protection Detachments, the Force Multiplier,” The Guardian, April 2006, pp. 6-9. 


Force Protection Response Group (FPRG). For specifics see DoDI S-5240.15, FPRG (U), 20 Aug 2010. 


Foreign Agents Registration Act (FARA). A disclosure statute, enacted in 1938, that requires persons 
acting as agents of foreign principals in a political or quasi-political capacity to make periodic public 
disclosure of their relationship with the foreign principal, as well as activities, receipts and disbursements 
in support of those activities. Disclosure of the required information facilitates evaluation by the 
government and the American people of the statements and activities of such persons in light of their 
function as foreign agents. (22 USC 8611) 


See more on the FARA at DoJ website: «http:;//www.fara.gov» 


The FARA Registration Unit of the Counterespionage Section in the National Security Division 
(NSD), Department of Justice (DoJ) is responsible for the administration and enforcement of the 
Act. See Dou website at <http://www.usdoj.gov/criminal/fara/index.html> 
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Foreign Collection Threat. Opportunity for a foreign entity or cooperating DoD personnel (an insider) 

to overtly, covertly or clandestinely collect information about RDA programs, technologies, system 
capabilities and employment methods that may enable an adversary to copy, counter, or defeat6 a 
capability, or inhibit, exploit, or sabotage a defense system. Within the context of [DoDI O-5240.24], the 
term collectively refers to threats posed by or form an insider, cyber exploitation, supply chain 
manipulation, an FIE [foreign intelligence entity], a foreign company, international transfers or exports of 
technology, and disposal of export-controlled technology. (DoDI O-5240.24, CI Activities Supporting RDA, 
8 Jun 2011 with change 1 dated 15 Oct 2013) 


Foreign Computer Intrusion. The use or attempted use of any cyber-activity or other means, by, for, or 
on behalf of a foreign power to scan, probe, or gain unauthorized access into one or more U.S.-based 
computers. (AG Guidelines for Domestic FBI Operations, 29 Sep 2008) 


Foreign Contact. Contact with any person or entity that is not a U.S. Person. (IC Standard 700-1, 4 Apr 
2008) 


Foreign Connection. A U.S. person has a foreign connection when a reasonable belief exists that the 
U.S. person is or has been in contact with, or has attempted to contact, a foreign person or representative 
of a foreign power for purposes harmful to U.S. national security interests; or when a reasonable belief 
exists that the U.S. person is acting or encouraging others to act in furtherance of the goals or objectives 
of a foreign person or power for purposes harmful to U.S. national security interests. (DoDD 5148.11, 
ATSD/IO, 24 Apr 2013) 


-- Also, a foreign connection is established by a reasonable belief that a U.S. person is or has been in 
contact with, or has attempted to contact, a foreign person or a representative of a foreign power, or a 
reasonable belief that a U.S. person is acting or encouraging others to act to further the goals or 
objectives of a foreign person or foreign power. (DoDI 2000.12, DoD Antiterrorism Program, 1 Mar 2012 
with change 1 dated 9 Sep 2013) 


Foreign Counterintelligence Program (FCIP). Military component of the National Intelligence Program 
(NIP) that conducts counterintelligence activities in support of the Department of Defense. Also see 
National Intelligence Program (NIP). 


Within the National Intelligence Program (NIP) the two key national-level DoD intelligence 
programs are the General Defense Intelligence Program (GDIP) and the FCIP. 
-- Adapted from Dan Elkins, Financial Management of Intelligence Resources: A Primer (3* Edition), May 1992 


Foreign Cultural Analysis. Analysis of information on the demographics, norms, values, institutions, and 
artifacts of a population used to assist in anticipating the actions of that population within the operating 
environment. (DoDD 3600.01, Information Operations, 14 Aug 2006 with chg 1, 23 May 2011) 


Foreign Denial & Deception. Foreign capabilities and techniques designed to conceal, manipulate, deny, 
deceive, influence, induct uncertainty, and generate gaps in U.S. intelligence capabilities and/or conceal 
intentions. Also see denial; deception, military deception. 


Aggressive foreign D&D efforts erode our intelligence advantage 


Foreign knowledge and understanding of US intelligence capabilities are significant and growing 
problems across all intelligence disciplines and represent serious challenges to US national 
Security. 


"America's toughest adversaries know a great deal about our intelligence system 
and are becoming better at hiding their intentions and capabilities." 
-- The National Intelligence Strategy, October 2005, p.9 


Foreign Denial & Deception Committee (FDDC). An interagency intelligence committee that operates 
under the auspices of the National Intelligence Council (see ICD 204). 
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Foreign Instrumentation Signals Intelligence (FISINT). Technical information and intelligence derived 
from the intercept of foreign electromagnetic emissions associated with the testing and operational 
deployment of non-US aerospace, surface, and subsurface systems. Foreign instrumentation signals 
intelligence is a subcategory of signals intelligence. Foreign instrumentation signals include but are not 
limited to telemetry, beaconry, electronic interrogators, and video data links. (JP 1-02 and JP 2-01, Joint 
and National Intelligence Support to Military Operations, 5 Jan 2012) Also see signals intelligence 
(SIGINT). 


In the early 1980s the term TELINT (telemetry intelligence) was broadened to include other key 
signals that also describe missile/space events and was renamed Foreign Instrumentation Signals 
Intelligence (FISINT). 


Foreign Intelligence (Fl). Information relating to capabilities, intentions, and activities of foreign powers, 
organizations, or persons, but not including counterintelligence, except for information on international 
terrorist activities. (National Security Act §3(2), 50 USC §401a) Also see positive intelligence. 


-- Also, information relating to the capabilities, intentions, or activities of foreign governments or 
elements thereof, foreign organizations, foreign persons, or international terrorist activities. (EO 12333 as 
amended and JP 2-0, Joint Intelligence, 22 Oct 2013) 


FI collection disciplines include: human intelligence (HUMINT); signals intelligence (SIGINT); 
geospatial intelligence (GEOINT), including imagery intelligence (IMINT); and measurement & 
signatures intelligence (MASINT). 


Fl does not include counterintelligence. Flis one of the two components of intelligence, the other 
is counterintelligence (Cl) per Executive Order 12333 US Intelligence Activities as amended and 
the National Security Act of 1947 as amended. 


Foreign Intelligence Agent. A person other than a foreign intelligence officer, who is engaged in 
intelligence activities or sabotage for on the behalf of a foreign power, or international terrorist activity, or 
who knowingly conspires with or aids and abets such a person in these activities. (Cl Community Lexicon) 
Also see agent; and agent net. 


Foreign Intelligence and Security Service (FISS). An organization of a foreign country capable of 
executing all or part of the intelligence cycle. Note: sometimes referred to as FIS (Foreign Intelligence 
Service). Also see foreign intelligence entity. 


-- Also, a foreign government's intelligence and security organization. (DoD FCIP Strategy FY 2013- 
2017) 


Foreign Intelligence Collection Threat. The potential of a foreign power, organization, or person to overtly 
or covertly collect information about U.S. acquisition program technologies, capabilities, and methods of 
employment that could be used to develop a similar weapon system or countermeasures to the U.S. 
system or related operations. (DoD 5200.1-M, Acquisition Systems Protection Program, March 1994) 


Foreign Intelligence Entity (FIE). Any known or suspected foreign organization, person, or group (public, 
private, or governmental) that conducts intelligence activities to acquire U.S. information, block or impair 
U.S. intelligence collection, influence U.S. policy, or disrupt U.S. systems and programs. This term 
includes a foreign intelligence and security service [FISS] and international terrorist organizations. 

(JP 1-02; JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011; DoDD 
5240.06, CIAR, 17 May 2011 with change 1 dated 30 May 2013; and DoDI S-5240.17, Cl Collection 
Activities, 14 Mar 2014) 


FIE is a more encompassing term, which includes but not limited to Foreign Intelligence and 
Security Services (FISS), as well as Foreign Intelligence Services (FIS). 
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-- Also, any known or suspected foreign organization, person, or group (public, private, or 
governmental) that conducts intelligence activities to acquire U.S. information, blocks or impairs U.S. 
intelligence collection, influences U.S. policy, or disrupts U.S. systems and programs. This term includes 
a foreign intelligence and security service and international terrorists. (DoDI 5240.26, Countering 
Espionage, International Terrorism, and Counterintelligence Insider Threat, 4 May 2012 with change 1 
dated 15 Oct 2013) 


- Also, any known or suspected foreign organization, person, or group (public, private, governmental) 
that conducts intelligence activities to acquire U.S. information, blocks or impairs US intelligence 
collection, influence US policy, or disrupts US systems and programs. This term includes foreign 
intelligence and security services and international terrorists. (DoDI S-5240.23, CI Activities in 
Cyberspace, 13 Dec 2010 with change 1 dated 16 Oct 2013) Note: this definition is slightly different than 
the one above. 


-- Also, any foreign organization, person, or group (public, private, governmental) that conducts 
intelligence activities to acquire U.S. information, block or impair U.S. intelligence collection, influence 
U.S. policy, or disrupt U.S. systems and programs. This term includes a foreign intelligence and security 
service as defined in Joint Publication 1-02. (DoDI 5240.18, Cl Analysis & Production, 17 Nov 2009 with 
change 1 dated 15 Oct 2013) 


-- Also, known or suspected foreign state or non-state organizations or persons that conduct 
intelligence activities to acquire U.S. information, block or impair U.S. intelligence collection, influence 
U.S. policy, or disrupt U.S. systems and programs. The term includes foreign intelligence and service 
services and international terrorists. (ICD 750, Counterintelligence Programs, 5 Jul 2013) 


Foreign Intelligence Information. 1) Information that relates to, and if concerning a United States person 
is necessary to, the ability of the United States to protect against— (a) actual or potential attack or other 
grave hostile acts of a foreign power or an agent of a foreign power; (b) sabotage or international 
terrorism by a foreign power or an agent of a foreign power; or (c) clandestine intelligence activities by an 
intelligence service or network of a foreign power or by an agent of a foreign power; or 2) information with 
respect to a foreign power or foreign territory that relates to, and if concerning a United States person is 
necessary to—(a) the national defense or the security of the United States; or (b) the conduct of the 
foreign affairs of the United States. (Foreign Intelligence Surveillance Act of 1978; Public Law 95—51 1, 
25 October 1978) Also see Foreign Intelligence Surveillance Act (FISA). 


Foreign Intelligence Liaison. Activities or relationships between elements of the United States 
Government and elements of foreign governments or international organizations on matters involving 
foreign intelligence, counterintelligence, or clandestine intelligence activity. 


Foreign Intelligence Officer. A member of a foreign intelligence service. (CI Community Lexicon) 
[Also referred to as an IO (intelligence officer)]. Also see agent handler. 


Foreign Intelligence Service (FIS). An organization of a foreign country capable of executing all or part 
of the intelligence cycle. (CI Community Lexicon) Also see Foreign Intelligence and Security Service, 
Foreign Intelligence Entity. 


Foreign Intelligence Entity (FIE) is a more all encompassing term which includes but is not limited 
to FIS. 


The importance of intelligence services in the fortune of nations can't be overstated.... The 
existence or absence of a well-working spy network on the territory of a potential enemy may well 
spell the difference between victory and defeat. 

-- Alexander Orlov in Handbook of Intelligence and Guerrilla Warfare (1963) 
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Foreign Intelligence Surveillance Act (FISA). [BO USC 81801 / Public Law 95-111] ...the legal authority 
authorizing and regulating electronic surveillance within the United States for foreign intelligence or 
counterintelligence purposes and physicals searches within the United States for foreign intelligence 
purposes. The act sets out the application, order, and report process to be followed. (CI Community 
Lexicon) Also see Foreign Intelligence Surveillance Court. 


Primary purpose must be collection of foreign intelligence information. 


FISA prescribes procedures for the physical & electronic surveillance and collection of "foreign 
intelligence information" between or among "foreign powers". Subchapters of FISA provide for: 
electronic surveillance; physical searches; pen registers and trap & trace devices for Foreign 
Intelligence (Fl) purposes; and access to certain business records for FI purposes. FISA does 
not apply to U.S. counterintelligence activities overseas. 


-- FISA, codified in 50 U.S.C. $1801, et seq was amended by the FISA Amendments Act of 2008. 


The Foreign Intelligence Surveillance Act of 1978, P.L. 95-511, 92 Stat. 1783 (25 Oct 1978), 50 
USC 88 1801 et seq., provides a statutory framework for gathering foreign intelligence 
information through the use of electronic surveillance, physical searches, and pen registers or 
trap and trace devices, and access to business records and other tangible things, the 1978 Act 
dealt only with electronic surveillance. 


The provisions passed almost 30 years ago became Title | of FISA. As originally enacted, the 
measure provided a statutory framework for collection of foreign intelligence information through 
the use of electronic surveillance of communications of foreign powers or agents of foreign powers, 
as those terms were defined in the act. The act has been amended repeatedly in the intervening 
years in an effort to address changing circumstances. Then, as now, the Congress sought to strike 
a balance between national security interests and civil liberties. 


FISA consists of seven parts. The first authorizes electronic surveillance in foreign intelligence 
investigations. The second authorizes physical searches in foreign intelligence cases. The third 
permits the use and installation of pen registers and trap and trace devices in the context of a 
foreign intelligence investigation. The fourth affords intelligence officials access to business records 
and other tangible items. The fifth directs the Attorney General to report to Congress on the 
specifics of the exercise of FISA authority. The sixth, scheduled to expire on 30 December 2012, 
permits the acquisition of the communications of targeted overseas individuals and entities. The 
seventh creates a safe harbor from civil liability for those who assist or have assisted in the 
collection of information relating to the activities of foreign powers and their agents. 


Electronic surveillance can provide vital information needed to identify those who are acting or 
preparing to act against U.S. interests for the benefit of foreign powers, including those engaged 
in espionage, sabotage, or terrorist acts or who otherwise pose a threat to the nation or its citizens, 
and to uncover their plans or activities. This information may not be readily uncovered by other 
investigative means. Thus, surveillance can provide a valuable tool for protecting the security of 
the nation and its citizens. 

-- CRS Report RL34279: Foreign Intelligence Surveillance Act: An Overview of Selected Issues, 7 Jul 2008 

Copy available on line at: <http://www.fas.org/sgp/crs/intel/RL34279.pdf> 


Note: Under 50 USC 81801 (e)(1), foreign intelligence information is information that relates 

to U.S. ability to protect against: 1) possible hostile acts of a foreign power or agent of a foreign 
power; 2) sabotage or terrorism by a foreign power or agent, and: 3) . clandestine intelligence 
activities by a foreign power or agent. Foreign intelligence information includes information with 
respect to a foreign power or foreign territory that relates to the national defense, national security, 
or conduct of foreign affairs of the United States. 


145 


Page 3662 of 3957 


Page 3663 of 3957 


Counterintelligence Glossary -- Terms & Definitions of Interest for CI Professionals (9 June 2014) 


Probable cause under FISA: “Ordinarily, probable cause speaks to the probability of the existence 
of a certain fact, e.g., probable cause to believe a crime has been, is, or is about to be committed 
and that the search will result in the discovery of evidence or contraband. FISA authorizes issuance 
of a surveillance or search order predicated upon the probability of a possibility; the probability to 
believe that the foreign target of the order may engage in spying, or the probability to believe that 
the American target of the order may engage in criminal spying activities, 50 U.S.C. 1805(a)(3)(A), 
1824(a)(3)(A), 1801(b)(1)(B), (b)(2)(A).3 But it is the predicate not the standard that is changed. 
The probable cause standard is the same in FISA as in a criminal context: would a prudent 
individual believe that a fact is probably true. It is the focus that is different. Would a prudent 
individual believe that spying may occur." 

-- CRS Memorandum (American Law Division), 30 Jan 2006 


Misc. FISA References& Background 
Foreign Intelligence Surveillance of 1978, 50 USC 81801 (Public Law 95-111) 


Presidential Directive/NSC-19, Electronic Surveillance Abroad and Physical Searches for Foreign 
Intelligence Purposes, 25 Aug 1977 [declassified]; amended by POTUS via 24 Aug 1979 White 
House Memo [declassified] 


Executive Order 12139, FISA, 23 May 1979 
Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008 (PL 110-261), 10 Jul 2008 
Executive Order 12949, Foreign Intelligence Searches, 9 Feb 1995 


A thorough constitutional justification of FISA can be found in United States v. Duggan (743 F.2d 
59[2d Cir. 1984]) where both Fourth and Fifth Amendment challenges to this kind of electronic 
surveillance were addressed by the court. 


US Senate. The Foreign Intelligence Surveillance Act of 1978: The First Five Years, Report 98- 
660, 98" Congress, 2nd Session, Washington, DC, 1984. 


CRS Report R42725, Reauthorization of the FISA Amendment s Act, 2 Jan 2013; copy available 
at: <http://www.fas.org/sgp/crs/intel/R42725.pdf> 


For additional FISA background see FAS website at: «http;//www.fas.org/irp/agency/doj/fisa/» 


Foreign Intelligence Surveillance Court (FISC) [often referred to as the “FISA Court”]. A U.S. federal court 
established in 1978 when Congress enacted the Foreign Intelligence Surveillance Act (FISA)--codified, as 
amended, at 50 USC 88 1801-1885c. The Court entertains applications submitted by the U.S. 
Government for approval of electronic surveillance, physical search, and other investigative actions for 
foreign intelligence purposes. 


Most of the Court's work is conducted ex parte as required by statute, and due to the need to 
protect classified national security information. The FISC sits in Washington D.C. and is composed 
of eleven federal district court judges who are designated by the Chief Justice of the United States. 


Each judge serves for a maximum of seven years and their terms are staggered to ensure 
continuity on the Court. By statute, the judges must be drawn from at least seven of the United 
States judicial circuits, and three of the judges must reside within 20 miles of the District of 
Columbia. No judge may be appointed to this court more than once, and no judge may be 
appointed to both the Court of Review and the FISC. FISC Judges typically sit for one week at a 
time, on a rotating basis. 


For additional information, see the FISC web site at: <http://www.fisc.uscourts.gov/> 
-- FISC Rules of Procedures at: <http://www.fisc.uscourts.gov/rules-procedure> 
-- FISC Public Findings at: <http://www.fisc.uscourts.gov/public-filings> 
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Foreign Intelligence Threat. The all-source intelligence threat posed by foreign intelligence entities to US 
interests. 


Foreign Intelligence Threats 


[T]he leading state intelligence threats to US interests in 2014 will continue to be Russia and 
China, based on their capabilities, intent, and broad operational scope. Sophisticated foreign 
intelligence entities will continue to employ human and cyber means to collect national security 
information. 


-- Hon. James R. Clapper, DNI, Statement for the Record, Worldwide Threat Assessment of the US 
Intelligence Community, SSCI, 29 January 2014 


Foreign intelligence services, along with terrorist groups, transnational criminal organizations, and 
other nonstate actors, are targeting and acquiring our national security information, undermining 
our economic and technological advantages, and seeking to influence our national policies and 
processes covertly. These foreign intelligence efforts employ traditional methods of espionage and, 
with growing frequency, innovative technical means. Among significant foreign threats, Russia and 
China remain the most capable and persistent intelligence threats and are aggressive practitioners 
of economic espionage against the United States. Countering such foreign intelligence threats 
is a top priority for the Intelligence Community for the year ahead [emphasis added]. 


-- Hon. James R. Clapper, DNI, Statement for the Record, Worldwide Threat Assessment of the US 
Intelligence Community, Senate Committee on Armed Services, 18 April 2013, p. 8 


Foreign Liaison Officer (FLO). A foreign government military member or civilian employee who is 
authorized by his or her government to act as an official representative of that government in its dealings 
with the DoD and Military Services in connection with programs, projects, or agreements of mutual 
interest to DoD and the foreign government. (adapted from AR 380-10, 22 Jun 2005) 


Three types of FLOs: 


1) A Security Assistance FLO is a foreign government representative who is assigned to a DoD 
element or contractor facility pursuant to a requirement that is described in an FMS LOA; 


2) An Operational FLO is a foreign government representative who is assigned to a DoD element 
pursuant to a documented requirement to coordinate operational matters, such as combined 
planning or training and education; and 


3) A National Representative FLO is a foreign government representative who is assigned to his or 
her national embassy or legation in Washington, DC (for example, an attaché), to conduct liaison 
activities with DoD / Military Services. 


Foreign Material. Any item of foreign origin including physical possession of, or access to, an item of 
foreign material or technology. (DIAM 58-4, Foreign Material Program, 22 Feb 2002) 


Foreign Material Acquisition (FMA). FMP [Foreign Material Program] activities that include gaining 
physical possession, or access to, an item of foreign material or technology. (DoDD S-3325.01E, Foreign 
Material Program (U), 30 Dec 2011) 


Foreign Material Exploitation (FME). FMP [Foreign Material Program] activities that include analysis, 
testing, evaluation, and documentation of the S&TI [Scientific & Technical Intelligence] characteristics 
of an item of foreign material. (DoDD S-3325.01E, Foreign Material Program (U), 30 Dec 2011) 


Foreign Military Intelligence Collection Activities (FORMICA). Entails the overt debriefing, by trained 
HUMINT personnel, of all U.S. persons employed by the Department of Defense who have access to 
information of potential national security value. (DoDI C-5205.01, FORMICA (U), 22 Jan 2009; also 

JP 1-02 and JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 


Foreign National. Any person other than a US citizen, US permanent or temporary legal resident alien, 
or person in US custody. (JP 1-02) 
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-- Also, any person who is not a citizen of the U.S. (IC Standard 700-1, 4 Apr 2008) 


Foreign Ownership, Control or Influence (FOCI). A U.S. company is considered under foreign ownership, 
control, or influence whenever a foreign interest has the power, direct or indirect, whether or not 
exercised and whether or not exercisable through ownership of the U.S. company's securities, by 
contractual arrangements or other means, to direct or decide matters affecting the management or 
operations of that company in a manner which may result in unauthorized access to classified information 
and/or special nuclear material or may affect adversely the performance of classified matters. 

(ISC 2008-700-1, 4 Apr 2008) 


Within DoD, see DTM 09-019, Policy Guidance for FOCI, 2 Sep 2009 (with chg 6 dated 9 Jan 
2014) 


Foreign Power. Any foreign government (regardless of whether recognized by the United States), 
foreign-based political party (or faction thereof), foreign military force, foreign-based terrorist group, or 
any organization composed, in major part, of any such entity or entities. (DoD 5240.1-R, Dec 1982) 


-- Also, foreign power means: (1) a foreign government or any component thereof, whether or not 
recognized by the United States; (2) a faction of a foreign nation or nations, not substantially composed 
of United States persons; (3) an entity that is openly acknowledged by a foreign government or 
governments to be directed and controlled by such foreign government or governments; (4) a group 
engaged in international terrorism or activities in preparation thereof; (5) a foreign-based political 
organization, not substantially composed of United States persons; or (6) an entity that is directed and 
controlled by a foreign government or governments. (50 USC § 1801a). Also see Agent of a Foreign 
Power. 


Foreign Service National (FSN). Foreign nationals who provide clerical, administrative, technical, fiscal, 
and other support at foreign service posts abroad and are not citizens of the United States. The term 
includes third country nationals who are individuals employed by a US mission abroad and are neither 
a citizen of the US nor of the country to which assigned for duty. (JP 1-02 and JP 3-68, Noncombatant 
Evacuation Operations, 23 Dec 2010) 


Foreign Terrorist Tracking Task Force (FTTTF). A specialized task force that was created pursuant to 
Homeland Security Presidential Directive No. 2 and was consolidated into the FBI pursuant to the 
Attorney General's directive in August 2002. The FTTTF uses innovative analytical techniques and 
technologies that help keep foreign terrorists and their supporters out of the United States or lead to their 
location, detention, prosecution, or removal. The participants include DoD, Department of Homeland 
Security's bureaus of Immigration and Customs Enforcement (ICE) and Customs and Border Protection, 
State Department, Social Security Administration, Office of Personnel Management, Department of 
Energy, and CIA. (FBI website: <http://www.fbi.gov/congress/congress06/mueller120606.htm>) 


Foreign Visits System (FVS). Automated system operated by the Office of the Under Secretary of 
Defense (Policy) that provides staffing and database support for processing requests for visits by foreign 
nationals to DoD activities and defense contractors. FVS consists of an unclassified segment that allows 
the online submission of visit requests from embassies in Washington, DC, and, in some cases, directly 
from foreign governments overseas. FVS also has a classified segment that provides staffing, decision- 
making support, and database capabilities to the military departments and DIA. 


Forensics. [In computer / cyber usage] The practice of gathering, retaining, and analyzing computer- 
related data for investigative purposes in a manner that maintains the integrity of the data. (CNSSI No. 
4009, National Information Assurance Glossary, 26 April 2010) Also see forensic science. 

Forensic Copy. An accurate bit-for-bit reproduction of the information contained on an electronic device 


or associated media, whose validity and integrity has been verified using an accepted algorithm. (CNSSI 
No. 4009, National Information Assurance Glossary, 26 April 2010) 
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Forensic Science (often shortened to forensics). The application of multidisciplinary scientific processes 
to establish facts. (DoDD 5205.15E, DoD Forensic Enterprise, 16 Apr 2011) Also see digital & multimedia 
forensics, digital evidence, and digital forensics. 


The Secretary of the Army is the DoD Executive Agent (EA) for Forensics, specifically for those 
forensic disciplines relating to deoxyribonucleic acid (DNA), serology, firearms and tool marks, 
latent prints, questioned documents, drug chemistry, and trace materials, as well as forensics 
relating to forensic medicine disciplines such as forensic pathology, forensic anthropology, forensic 
toxicology, and DNA analysis to identify human remains. 


The Secretary of the Air Force is the DoD EA for Digital and Multimedia (D/MM) Forensics, 
specifically for those forensics disciplines relating to computer and electronic device forensics, 
audio forensics, image analysis, and video analysis. 


Forensic-Enabled Intelligence (FEI). The intelligence resulting from the integration of scientifically 
examined materials and other information to establish full characterization, attribution, and the linkage of 
events, locations, items, signatures, nefarious intent, and persons of interest. (JP 2-0, Joint Intelligence, 
22 Oct 2013. 


FORMICA. See Foreign Military Intelligence Collection Activities. 
FOUR EYES (ACGU). Australia, Canada, United Kingdom, and the United States. (CAPCO) 


Front. [In intelligence usage] a legitimate operation created by an intelligence organization as a cover for 
its operatives. (Encyclopedia of the CIA, 2003) 


-- Also, Front Company [in law enforcement/criminal investigation usage] a company or business 
entity that is established, used, or co-opted for an illicit purpose; wherein the management, control, 
influence or criminal activities are being directed by a hidden or disguised individual or group. (Colin A. 
May, M.S., CFE, U.S. Department of Commerce, Sep 2010) 


For additional information see Colin A. May, "Front Companies: Challenges and Tools in Criminal 
Investigations," /ALEIA Journal, Vol. 19, No. 1, pp. 101-120, September 2010. The /ALEIA Journal 
is published by the International Association of Law Enforcement Intelligence Analysts, Inc., 


According to Colin May (in his article cited above, p. 102),"many people use the phrase ‘front 
company' when they are really describing the front company's distant cousin—the Shell 
Company. The Financial Crimes Enforcement Network... defines shell companies as ‘limited 
liability companies and other business entities with no significant assets or ongoing business 
activities.' The shell simply is a paper company; they have also been called "International 
Business Corporations (IBCs)" or 'shelf companies,' since in some off-shore jurisdictions, the 
incorporators already have created the companies and simply pull them off the shelf to change 
the beneficial owner. The difference cannot be overstated...." 


"Front companies conduct actual business—shells do not. [Shells] are simply paper 
companies. Front companies have tangible operations, although they may be illicit or 
illegitimate, they are definite business transactions. The main difference that many 
investigators and intelligence analysts seem to miss is the 'action' piece in a front company— 
and that, of course, is highly dependent on the criminal's intended purpose for the front 
company. A shell, used by a criminal, disguises their involvement in the business, but the shell 
has no actual operations, whereas the front company does." 


Also see Defense Security Service (DSS) article "Front Companies: Who is the End User?" at: 
«http://www.dss.mil/isp/count intell/front comp who user.html-» 
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Full Field Counterintelligence Investigation. An investigation which is conducted when there are specific 
and articulable facts giving reason to believe that a person over whom Army counterintelligence has 
jurisdiction may be involved in acts that may constitute threats to national security. (AR 381-20, Army CI 
Program, 25 May 2010) See C! Investigation. 


Within the FBI referred to as "Full Investigation" which may be opened to detect, obtain information 
about, or prevent or protect against federal crimes or threats to the national security or collect 
foreign intelligence. These cases may be opened if there is an "articulable basis" of possible 
criminal or national threat activity. 


The Investigation of threats to the national security can be investigated under FBI’s criminal 

investigation authority or its authority to investigate threats to the national security. A Full 

Investigation solely for the collection of positive foreign intelligence extends the sphere of the FBI's 

information gathering activities beyond federal crimes and threats to the national security and 

permits the FBI to seek information regarding a broader range of matters relating to foreign powers, 

organizations, or persons that may be of interest to the conduct of the United States' foreign affairs. 
-- FBI’s Domestic Investigation and Operations Guide (redacted copy), 15 Oct 2011 


Full-Spectrum Counterintelligence Activities. Full array of Cl activities — both offensive & defensive — that 
can be applied in executing Cl effects-based operations to achieve strategic outcomes in peacetime, 
crisis, war and post conflict activities (e.g., stabilization operations/reconstruction efforts). These activities 
support national security objectives, as well as defense decision-makers and the Combatant 
Commanders. 


Functional Component Command. A command normally, but not necessarily, composed of forces of two 
or more Military Departments which may be established across the range of military operations to perform 
particular operational missions that may be of short duration or may extend over a period of time. (JP 1, 
Doctrine for the Armed Forces of the United States, 25 Mar 2013) 


Functional Managers. Executive Order 12333 designates three Functional Managers: Director CIA for 
human intelligence (HUMINT), Director NSA for signals intelligence (SIGINT), and Director NGA for 
geospatial intelligence (GEOINT), (EO 12333, para 1.3 (b)(12)(A)(i-iiii) See ICD 113, Functional 
Managers. 


Pursuant to EO 12333, Functional Managers report to the DNI concerning the extent of their duties 
as Functional Managers, and may be charged with developing and implementing strategic 
guidance, policies, and procedures for activities related to a specific intelligence discipline or set of 
intelligence activities; setting training and tradecraft standards; and ensuring coordination within 
and across intelligence disciplines and IC elements and with related non-intelligence activities. 


Functional Managers may also advise on resource management; policies and procedures; 
collection capabilities and gaps; intelligence processing and dissemination; technical architectures; 
and other issues or activities, as applicable. 


Note: The National Counterintelligence Executive (NCIX) is the Mission Manager for CI. 


Functional Support [Analytical Product]. A type of Cl analytical product that supports the specific needs 
of a Defense Cl Component. A functional support product is related to the Cl functions of collection, 
investigation, OFCO [Offensive Counterintelligence Operation], and functional services as described in 
DoDI 5240.16. The depth and comprehensiveness varies depending on the requestor's requirements. 

An investment in analytical effort may be significant. The production timeline ranges from hours to weeks, 
but can vary widely depending on the function the analysis supports. (DoDI 5240.18, Cl Analysis & 
Production, 17 Nov 2009 with change 1 dated 15 Oct 2013) Also see Counterintelligence Analytical 
Product. 
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Functional Support Plan (FSP). Annexes to the National Intelligence Support Plan (NISP) [that] describe 
how service intelligence centers and Combat Support Agencies support COCOM plans. (Adaptive 
Planning Roadmap II, 5 Mar 2008) Also see Counterintelligence Functional Support Plan (CI FSP). 


Director DoD Counterintelligence Field Activity (CIFA)* will “fully integrate CI into the intelligence 
campaign planning process by developing and updating the CI functional support plans.” 
-- DUSD (CI&S) memo, subj: Counterintelligence Support to COCOMs, 29 Dec 2006 


* Note: CIFA's mission and functions transitioned into DIA effective 3 August 2008. 


Fusion. In intelligence usage, the process of managing information to conduct all-source analysis and 
derive a complete assessment of activity. (JP 2-0, Joint Intelligence, 22 Oct 2013) 


-- Also, consolidating, combining, and correlating information together. (ADRP 2-0, Intelligence, 
Aug 2012) 


Fusion Center. A State and major urban area focal point for the receipt, analysis, gathering, and sharing 
of threat-related information between the Federal Government, SLTT, and private sector partners. 
(Source: DHS in the National Infrastructure Protection Plan 2013) 
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Gap. See intelligence gap. 


GAMA (G). Unclassified term used to describe a type of sensitive compartmentalized information (SCI). 
(Words of Intelligence, 2" Edition, 2011) 


General Defense Intelligence Program (GDIP). An integrated Defense Intelligence capability that 
includes DIA, the Service technical production centers, and special collection activities. The GDIP 
integrates and produces National Intelligence for Defense and national Consumer's. It represents the 
national Defense Intelligence priorities for operational customers, national and Defense-wide collection 
management, All-Source Analysis, HUMINT, MASINT, IT, and Special Activities. The GDIP is an 
integrated capability, and the Director, DIA, serves as the Program Manager. The GDIP is part of the NIP, 
as defined in EO 12333. The GDIP may include other NIP activities as agreed between the Secretary of 
Defense and the DNI. (DoDI 5105.21, DIA, 18 Mar 2008) Also see National Intelligence Program. 


The GDIP is the broadest-based NIP program within the Department Of Defense and the military 
services. This program funds all national-level military intelligence units and activities that involve 
something other than cryptology, counterintelligence, and certain types of specialized 
reconnaissance, The GDIP funds intelligence production, collection, and infrastructure, which 
includes all defense intelligence production, all national-level DoD Human Source Intelligence 
(HUMINT), etc. 


-- Adapted from Dan Elkins, Financial Management of Intelligence Resources: A Primer (3° Edition), 
May 1982, pp. 13-14 


General Military Intelligence (GMI). Intelligence concerning the military capabilities of foreign countries or 
organizations, or topics affecting potential United States or multinational military operations. (JP 2-0, Joint 
Intelligence, 22 Oct 2013) Also see intelligence; military intelligence. 


General Support (GS). That support which is given to the supported force as a whole and not to any 
particular subdivision thereof. (JP 1-02) Also see direct support. 


Geospatial Information. Information that identifies the geographic location and characteristics of natural 
or constructed features and boundaries on the Earth, including: statistical data and information derived 
from, among other things, remote sensing, mapping, and surveying technologies; and mapping, charting, 
geodetic data and related products. (JP 2-03, GEOINT Support to Joint Operations, 22 Mar 2007) 


See Congressional Research Report (CRS) R41825 (18 May 2011) for an unclassified primer on 
geospatial data & geographic information systems: <http://www.fas.org/sgp/crs/misc/R41825.pdf> 


Geospatial Information and Services (GI&S). The collection, information extraction, storage, 
dissemination, and exploitation of geodetic, geomagnetic, imagery (both commercial and national 
source), gravimetric, aeronautical, topographic, hydrographic, littoral, cultural, and toponymic data 
accurately referenced to a precise location on the Earth’s surface. Geospatial services include tools that 
enable users to access and manipulate data, and also include instruction, training, laboratory support, 
and guidance for the use of geospatial data. (DoDD 5105.60, NGA, 29 Jul 2009 and JP 2-03, GEOINT 
Support to Joint Operations, 22 Mar 2007) 


Geospatial Intelligence (GEOINT). The exploitation and analysis of imagery and geospatial information 
to describe, assess, and visually depict physical features and geographically referenced activities on the 


Earth. Geospatial intelligence consists of imagery, imagery intelligence, and geospatial information. 
(ICD 1, 1 May 2006; also JP 1-02 and JP 2-03, GEOINT Support to Joint Operations, 22 Mar 2007) 
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-- Also, intelligence derived from the exploitation of imagery and geospatial information to describe, 
assess, and visually depict physical features and geographically referenced activities on the earth. 
(ODNI, U.S. National Intelligence — An Overview 201 1) 


The Intelligence Community refers to the use and analysis of geospatial information to assess 
geographically referenced activities on Earth as geospatial intelligence (GEOINT). It is everything 
you can see or know about the earth. GEOINT consists of: Imagery - a likeness of any natural or 
man-made feature, as well as its location; Imagery Intelligence (IMINT) — information derived 
through interpreting imagery; and Geospatial Information — information that identifies a natural or 
constructed feature on Earth by its geographic location and other characteristics. 

-- www.cia.gov (accessed 30 Nov 2010) 


GEOINT collection encompasses all aspects of: literal, infrared (IR), and synthetic aperture radar 
(SAR) imagery; overhead persistent infrared capabilities; and geospatial information and services. 
GEOINT includes the exploitation and analysis of electro-optical, IR, and radar imagery; and of 
geospatial, spectral, laser, IR, radiometric, SAR phase history, polarimetric, spatial, and temporal 
data. It employs all ancillary data, signature information, and fused data products, as necessary. 
Integrated GEOINT products may also include data and information from collateral sources. 

-- DoDD 5105.60, NGA, 29 Jul 2009 


GEOINT is typically gathered from commercial satellites, government satellites, reconnaissance 
aircraft, or by other means such as maps, commercial databases, census information, GPS 
waypoints, utility schematics, or any discrete data that have locations on earth. This data is utilized 
to support our national security, which includes everything from assisting soldiers on the battlefield 
to assisting humanitarian and disaster relief efforts. 

-- www. intelligence.gov (accessed 13 Aug 2012) 


Ghost Surveillance. Extremely discreet and seemingly omnipresent surveillance, working mostly out 
of the view of the target. (CI Centre Glossary) Also see surveillance. 


Global Information Grid (GIG). The globally interconnected, end-to-end set of information capabilities, 
associated processes and personnel for collecting, processing, storing, disseminating, and managing 
information on demand to warfighters, policy makers, and support personnel. The GIG includes owned 
and leased communications and computing systems and services, software (including applications), 
data, security services, other associated services and National Security Systems. (JP 1-02 and JP 6-0, 
Joint Communications, 10 Jun 2010) 


Global Force Management (GFM). The ability to align force apportionment, assignment, and allocation 
methodologies in support of the National Defense Strategy and joint force availability requirements; 
present comprehensive insights into global availability and operational readiness of U.S. military forces; 
globally source joint force requirements; and provide senior decision-makers a vehicle to quickly and 
accurately assess the impact and risk of proposed allocation, assignment, and apportionment changes. 
(Joint Capability Areas Taxonomy & Lexicon, 15 Jan 2008) 


Global Positioning System (GPS). A satellite-based radio navigation system operated by the Department 
of Defense to provide all military, civil, and commercial users with precise positioning, navigation, and 
timing. Also called GPS. (JP 1-02 and JP 3-14, Space Operations, 6 Jan 2009) 


Goldwater-Nichols Act (GNA). The Goldwater-Nichols Department of Defense Reorganization Act of 
1986 (PL 99-433), sponsored by Sen. Barry Goldwater and Rep. Bill Nichols, was a major reorganization 
of U.S. defense institutions and processes. Operational authority was centralized through the Chairman of 
the Joint Chiefs of Staff as opposed to the service chiefs. The Chairman was designated as the principal 
military advisor to the President, National Security Council, and Secretary of Defense. The act 
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established the position of vice-chairman and streamlined the operational chain of command from the 
President to the Secretary of Defense to the Unified Commanders. 


For additional information see <http://www.ndu.edu/library/goldnich/goldnich.html> 
Copy of PL 99-443 at <http:/Avww.au.af.mil/au/awc/awcgate/congress/title_10.htm> 


Gray Literature (aka Grey Literature). Material not well covered by conventional book trade channels. 
Gray literature is intrinsically more difficult to identify, acquire, process, access, and otherwise handle 
than conventional literature. Examples include but are not limited to conference papers, trade literature, 
electronic bulletin boards, and foreign government reports. The information that grey literature contains is 
not available in any kind of source. (Words of Intelligence, 2™ Edition, 2011) 


Gray List. Contains the identities and locations of those personalities whose inclinations and attitudes 
toward the political and military objectives of the United States are obscure. Regardless of their political 
inclinations or attitudes, personalities may be listed on gray lists when they are known to possess 
information or particular skills required by US forces. They may be individuals whose political motivations 
require further exploration before they can be utilized effectively by US forces. (CI Community Lexicon) 
Also see Black List; White List. 


-- Also, a list of those foreign personalities of operational interest whose inclinations and attitudes 
toward the political and military objectives of the United Sates are unknown. (HDI Lexicon, April 2008) 


Regardless of their leanings, personalities may be on gray lists when known to possess information 
or particular skills required by friendly forces. They may be individuals whose political motivations 
require further exploration before they can be used effectively. Examples of individuals who may be 
included in this category are: 
1) Potential or actual defectors from the hostile cause whose credibility has not been established. 
2) Individuals who have resisted, or are believed to have resisted the enemy government and 
who may be willing to cooperate with friendly forces, but whose credibility has not been 
established. 
3) Nuclear, biological, chemical and other scientists and technicians suspected of having been 
engaged in enemy weapons of mass destruction and other programs against their will. 
-- USMC, MCWP 2-6 (previously 2-14), Counterintelligence, 5 Sep 2000 


Graymail. Threat by a defendant in a trail to expose intelligence activities or other classified information 
if prosecuted. (Spy Book) Also see Classified Information Procedures Act (CIPA). 


"Graymail" colloquially refers to situations where a defendant may seek to introduce tangentially 
related classified information solely to force the prosecution to dismiss the charges against him. 


A criminal prosecution involving classified information may cause tension between the 
government's interest in protecting classified information and the criminal defendant's right to a 
constitutionally valid trial. In some cases, a defendant may threaten to disclose classified 
information in an effort to gain leverage. 


Concerns about this practice, referred to as “graymail,” led the 96th Congress to enact the 
Classified Information Procedures Act (CIPA) to provide uniform procedures for prosecutions 
involving classified information. 


Green Door. Slang term for the metaphorical locked door behind which intelligence personnel are said to 
hide their codeword secrets and important information not shared with consumers who need and should 
get it. (Words of Intelligence, 2" Edition, 2001) 


Groupthink. A decision-making flaw that occurs when a group does not consider alternatives and desires 
unanimity at the expense of quality decisions. Groupthink can lead to seeking out few alternative 
solutions because there is an illusion of group invulnerability (“we all can’t be wrong’). Some symptoms of 
groupthink are the absence of critical discussion of information, a sharing of stereotypes to guide 
decisions, a strong moral climate, and the suppression of true feelings among the participants in the 
group. (Words of Intelligence, 2™ Edition, 2011) 
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GRU. Glavnoye Razvedyvatel’noye Upravlenie (Chief Intelligence Directorate of the General Staff); 
aka Russian Military Intelligence. 


Russian military intelligence has a spy network abroad that is believed by 
espionage experts to be several times bigger than that of Russia's Foreign 
Intelligence Service. 

-- Reuters, 24 Apr 2009 


Also see Viktor Suvorov's (alias for GRU defector Vladimir Bogdanovich 
Rezun) books: Aquarium (AkBapuyM), 1985 and Inside Soviet Military 
Intelligence, 1984. 


Guerrilla Force. A group of irregular, predominantly indigenous personnel organized along military lines 
to conduct military and paramilitary operations in enemy-held, hostile, or denied territory. (JP 1-02 and 
JP 3-05, Special Operations, 18 Apr 2011) 
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H eV SV 


Hacker. Unauthorized user who attempts to or gains access to an information system. (CNSSI No. 4009, 
National Information Assurance Glossary, 26 April 2010) 


-- Also, a person who creates and modifies computer software and hardware, including computer 
programming, administration, and security-related items. This can be done for either negative or positive 
reasons. Criminal hackers create malware in order to commit crimes. (McAfee.com; accessed 15 Nov 
2010) 


In computer security usage, a term used for a person who accesses a computer system by 
circumventing its security system. 


Hacktivism. The nonviolent use of ambiguous digital tools in pursuit of political ends; these tools include 
website defacements, redirects, denial-of-service attacks, information theft, website parodies, virtual sit- 
ins, virtual sabotage, and software development. (<en.wikipedia.org/wiki/Hacktivists>; accessed 2 Apr 
2009) Also see hacktivists. 


Hacktivism is the use of cyber instruments for political or ideological purposes. 


Hacktivism is a controversial term. Some argue it was coined to describe how electronic direct 
action might work toward social change by combining programming skills with critical thinking. 
Others use it as practically synonymous with malicious, destructive acts that undermine the 
security of the Internet as a technical, economic, and political platform. 


The term "hackitivism" first appeared in 1998, when members of a hacker group called the Cult of 
the Dead Cow used it as they chatted online about hacking and political liberation while discussing 
ideas to work with Chinese hackers following the Tiananmen Square protests. 


For additional information see McAfee White Paper, "Cybercrime and Hacktivism" (undated), 
available online at: <www.mcafee.com/us/resources/white-papers/wp-cybercrime-hactivism.pdf> 


Hacktivists. Individuals who hack or attack Web sites and computer systems to communicate an 
ideological, social, or political message and further their cause. (FBI, Nov 2012) Also see hacktivism. 


Hacktivists continue to target a wide range of companies and organizations in denial-of-service 
attacks.... Most hacktivists use short-term denial-of-service operations or expose personally 
identifiable information held by target companies, as forms of political protest. However, a more 
radical group might form to inflict more systemic impacts—such as disrupting financial networks— 
or accidentally trigger unintended consequences that could be misinterpreted as a state-sponsored 
attack. 

-- DNI, Worldwide Threat Assessment of the US Intelligence Community, SSCI, 12 March 2013 


Handler. An intelligence officer or co-opted worker directly responsible for the operational activities of an 
agent; also agent handler or case officer. (Cl Community Lexicon) Also see agent handler; case officer. 


-- Also, an intelligence collector directly responsible for the operational activities of an agent, source, 
or asset. (HDI Lexicon, April 2008) 


Hard Target. A person, nation, group, or technical system often hostile to the US or heavily protected, 
with a well-honed counterintelligence capability that presents a potential threat to the US or its interests, 
and provides significant difficulty for agent infiltration or penetration. (National HUMINT Glossary) 
Harmony. The Intelligence Community's centralized database for foreign military, technical and open- 


source documents and their translations. Harmony is managed by the US Army's National Ground 
Intelligence Center (NGIC). Also see DOMEX; DOCEX. 
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Hawala. The word comes originally from the Arabic language and means transfer or remittance. 
(US Department of Treasury) 


Hawala provides a fast and cost-effective method for worldwide remittance of money or value, 
particularly for persons who may be outside the reach of the traditional financial sector. In some 
nations hawala is illegal, in others the activity is considered a part of the “gray” economy. It is 
therefore difficult to accurately measure the total volume of financial activity associated with the 
system, however, it is estimated that the figures are in the tens of billions of dollars, at a minimum. 
Officials in Pakistan, for example, estimate that more than $7 billion flow into the nation through 
hawala channels each year. Other Alternative Remittance or Informal Value Transfer Systems 


include “hundi,” "fei ch ‘ien,” “chit system,” “poey kuan" and the black market peso exchange. 


-- US Department of Treasury web site, accessed 19 Nov 2012 
<http://www.treasury.gov/resource-center/terrorist-illicit-finance/Pages/Hawala-and-Alternatives.aspx> 


Hazard or Hazardous Condition. [In TSCM] a condition, either technical or physical, that could permit the 
exfiltration and exploitation of information. (DoDI 5240.05, TSCM, 3 Apr 2014) 


Hazards. [In critical infrastructure protection usage] non-hostile incidents such as accidents, natural 
forces, and technological failure that cause loss or damage to infrastructure assets. (DoDD 3020.40, 
DoD Policy and Responsibilities for Critical Infrastructure, 14 Jan 2010 w/ chg 2 dated 21 Sep 2012) 


Hello Number. Tradecraft jargon for a cutout telephone where the speaker does not identify himself or 
his/her location. This procedure is used by proprietaries, devised facilities or cover offices of clandestine 
intelligence agencies for certain types of contacts with agents or affiliated personnel, usually in an 
emergency, and only information given by the caller over the phone is a codeword or danger signal to be 
relayed to the appropriate case officer for immediate call-back or other pre-arranged action. (Leo D. Carl, 
The CIA Insider's Dictionary, 1996) 


Heuristics. Normal, intuitive mental shortcuts for processing information. They can be effective aids for 
problem-solving, but can lead to biases and thus to analytic errors. 


High-Payoff Target (HPT). A target whose loss to the enemy will significantly contribute to the success of 
the friendly course of action. High-payoff targets are those high-value targets that must be acquired and 
successfully attacked for the success of the friendly commander's mission. (JP 1-02 and JP 3-60, Joint 
Targeting, 13 Apr 2007) Also see high-value target; target. 


High-Risk Personnel (HRP). Personnel who, by their grade, assignment, symbolic value, or relative 
isolation, are likely to be attractive or accessible terrorist targets. (JP 1-02 and JP 3-07.2, Antiterrorism, 
24 Nov 2010) 


High-Value Detainee Interrogation Group (HIG). The interagency body under the administrative control of 
the Federal Bureau of Investigation that was established to assemble and dispatch mobile interrogation 
teams to interrogate high-value detainees. (DoDD 3115.13, DoD Support to the High-Value Detainee 
Interrogation Group, 9 Dec 2010 w/ chg 1 dated 15 Nov 2013) 


-- Also, an interagency body that collects intelligence from key terror suspects to prevent attacks 
against the United States and its allies. (www.fbi.gov) Also see National Security Branch. 


In response to Task Force recommendations from Executive Order 13491, Ensuring Lawful 
Interrogations, the High-Value Detainee Interrogation Group was created in 2009 to coordinate law 
enforcement, military, and intelligence efforts in interrogating key terror suspects. The HIG is 
housed in the FBI’s NSB [National Security Branch], and staffed with members from various IC 
[Intelligence Community] agencies. 


-- FBI web site at <http://www.fbi.gov/about-us/nsb/national-security-branch-brochure> 
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High-Value Target (HVT). A target the enemy commander requires for the successful completion of 
the mission. The loss of high-value targets would be expected to seriously degrade important enemy 
functions throughout the friendly commander's area of interest. (JP 1-02 and JP 3-60, Joint Targeting, 
13 Apr 2007) Also see high-payoff target and target. 


HOCNet. HUMINT Operational Communication Network (HOCNet) provides information technology, 
communications, and desktop services for DoD HUMINT needs. (National Intelligence: A Consumer's 
Guide - 2009) 


Homegrown Violent Extremist (HVE). A person of any citizenship who has lived and/or operated primarily 
in the United States or its territories who advocates, is engaged in, or is preparing to engage in 
ideologically-motivated terrorist activities (including providing support to terrorism) in furtherance of 
political or social objectives promoted by a foreign terrorist organization, but is acting independently of 
direction by a foreign terrorist organization. (FBI & DHS, cited in CRS Report R42536, 15 May 2012) 


"HVEs are growing threat to the DoD, as evidenced by numerous disrupted plots targeting DoD 
facilities, installations, and personnel since 2009. The majority of HVE plots are unsophisticated, 
use readily available weapons, and target nearby facilities. While they are less likely to generate 
spectacular, mass casualty attacks than transnational terror groups, HVE attacks are considerably 
more difficult for law enforcement and intelligence agencies to detect and disrupt." 

-- LTG Michael Flynn, Director, DIA, Annual Threat Assessment [Unclassified], Statement before the 
Senate Armed Services Committee, 18 April 2013, p.10 


Homegrown Terrorist. As defined by the Congressional Research Service, homegrown describes terrorist 
activity or plots perpetrated within the United States or abroad by American citizens, legal permanent 
residents, or visitors radicalized largely within the United States. (CRS Report R41416, 23 Jan 2013) 


American Jihadist Terrorism: Combating a Complex Threat, CRS Report R41416, 23 Jan 2013 
available online at: <http://www.fas.org/sgp/crs/terror/R41416.pdf> 


The term "homegrown terrorism" means the use, planned use, or threatened use, of force or 
violence by a group or individual born, raised, or based and operating primarily within the United 
States or any possession of the United States to intimidate or coerce the United States 
government, the civilian population of the United States, or any segment thereof, in furtherance of 
political or social objectives. 

-- House Bill 1955, 110" Congress, 24 Oct 2007 


[T]he long war on terrorism is far from over. Most disturbingly, an increasing number of Islamist- 
inspired terrorist attacks are originating within America's borders. The rise of homegrown 
extremism is the next front in the fight against terrorism and should be taken seriously by the 
Administration. 


-- The Heritage Foundation, Special Report No. 137, 60 Terrorist Plots Since 9/11: Continued Lessons 
in Domestic Counterterrorism, 22 July 2013 


Homeland. The physical region that includes the continental United States, Alaska, Hawaii, United States 
territories, and surrounding territorial waters and airspace. (JP 1-02 and JP 3-28, Defense Support of Civil 
Authorities, 31 Jul 2013) 


Homeland Defense (HD). The protection of United States sovereignty, territory, domestic population, and 
critical infrastructure against external threats and aggression, or other threats as directed by the 
President. (JP 1-02 and JP 3-27, Homeland Defense, 29 Jul 2013) 


Homeland Security (HS). A concerted national effort to prevent terrorist attacks within the United States; 
reduce America’s vulnerability to terrorism, major disasters, and other emergencies; and minimize the 


damage and recover from attacks, major disasters, and other emergencies that occur. (JP 3-27, 
Homeland Defense, 29 Jul 2013) 
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-- Also, a concerted national effort to prevent terrorist attacks within the United Sates, reduce 
America's vulnerability to terrorism, and minimize the damage and recover from attacks that do occur. 
(National Strategy for Homeland Security, Oct 2007). 


-- Also, describes the intersection of evolving threats and hazards with traditional governmental and 
civic responsibilities for civil defense, emergency response, law enforcement, customs, border control, 
and immigration. (Quadrennial Homeland Security Review Report, Feb 2010) 


-- Also, defensive efforts to counter terrorist threats. (National Strategy for Counterterrorism, 2011) 


In the years since 9/11, homeland security has become commonly and broadly known as both a 
term and as a Federal department. 


Homeland security is a concerted effort to ensure a homeland that is safe, secure, and resilient 

against terrorism and other hazards where American interests, aspirations, and way of life can 

thrive. Ultimately, homeland security is about effectively managing risks to the Nation's security. 
-- Quadrennial Homeland Security Review Report, Feb 2010 


The Quadrennial Homeland Security Review Report (Feb 2010) is available online at: 
<http://www.dhs.gov/xabout/gc_1208534155450.shtm> 


According a Jan 2013 Congressional Research Service (CRS) report, the U.S. government does 
not have a single definition for “homeland security.” Currently, different strategic documents and 
mission statements offer varying missions that are derived from different homeland security 
definitions. The concept of homeland security has evolved over the last decade. 


-- See CRS Report R42462, 8 Jan 2013 (accessed 9 Jan 2013) 
copy available at: «http://www.fas.org/sgp/crs/homesec/R42462.pdf- 


Homeland Security Information. Any information possessed by a Federal, State, or local agency that: 
a) relates to the threat of terrorist activity; b) relates to the ability to prevent, interdict, or disrupt terrorist 
activity; c) would improve the identification or investigation of a suspected terrorist organization; or d) 
would improve the response to a terrorist act. (Homeland Security Act, § 891) 


Honey Pot. A trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of 
information systems. Generally it consists of a computer, data, or a network site that appears to be part of 
a network, but is actually isolated, (un)protected, and monitored, and which seems to contain information 
or a resource of value to attackers. (JP 1-02 and JP 3-13.4, Military Deception) 


-- Also, a system (e.g., a web server) or system resource (e.g., a file on a server) that is designed to 
be attractive to potential crackers and intruders and has no authorized users other than its administrators. 
(CNSSI No. 4009, National Information Assurance Glossary, 26 April 2010) 


-- Also, in computer terminology, a trap set to detect, deflect, or in some manner counteract attempts 
at unauthorized use of information systems. Generally it consists of a computer, data, or a network site 
that appears to be part of a network but which is actually isolated, (un)protected, and monitored, and 
which seems to contain information or a resource that would be of value to attackers. (Wikipedia; 
accessed 18 Jan 2011) 


Honey Trap. The term universally applied to operations undertaken to ensnare an unwary target in a 
compromising sexual encounter that may leave the victim vulnerable to blackmail that might result in 
espionage. (Historical Dictionary of Cold War Counterintelligence, 2007) 


-- Also, slang for use of men or women in sexual situations to intimidate or snare others. ...[U]se of 
sex to trap or blackmail an individual.... (Spy Book) 
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-- Also, an often-used espionage technique wherein a person is deliberately targeted for sexual 
entrapment. (Encyclopedia of the CIA, 2003) 


Pravda (the Russian news organization) reported on the use of sexual blackmail by the KGB 
(Soviet Foreign Intelligence Service), see "KGB Sex Espionage," Pravda, 7 Aug 2002. 


Honey Trap -- a strategy regularly adopted by the KGB's Second Chief Directorate which routinely 
attempted to entrap Western businessmen, foreign diplomats, and other visitors in Moscow, the 
techniques included the deployment of attractive women, known as "Swallows," and men, referred 
to as “Romeos,” who homed in on vulnerable women, often lonely secretaries with access to 
classified information. 

-- Nigel West, Historical Dictionary of Cold War Counterintelligence, 2007, p. 155 


The use of sex is “a common practice among intelligence services all over the world. This is a tough 
dirty business. We have used that technique against the Soviets. They have used it against us." 


-- Former Assistant FBI Director William C. Sullivan 
Testimony before the Church Committee, United States Senate, 1 November 1975 


Horizontal Identification. [Proposed DoD definition] consistent determination of CPI across two or more 
RDA programs as a result of a former CPI identification process. (Draft 5200.39 CPI Identification and 
Protection within RDA Programs) 


Horizontal Integration. Processes and capabilities to acquire, synchronize, correlate, and deliver National 
Security Community data with responsiveness to ensure success across all policy and operational 
missions. (CJCSI 3340.02, Horizontal Integration of Warfighter Intelligence, 23 Dec 2005) 


Horizontal Protection. The process which ensures that critical program information (CPI) associated with 
two or more acquisition programs is protected to the same degree by all responsible DoD agencies. 
(AR 381-20, Army CI Program, 25 May 2010) Also see critical program information. 


-- Also, [proposed DoD definition] application of a consistent level of protection to similar CPI 
associated with more than one RDA program, including inherited CPI. (Draft DoDI 5200.39, CPI 
Identification and Protection within RDA Programs) 


Horizontal Protection Analysis. The process that determines if critical Defense technologies, to include 
CPI [critical program information], associated with more than one RDA [research, development & 
acquisition] program are protected to the same degree by all involved DoD activities. (DoDI 5200.39, CPI 
Protection within DoD, 16 Jul 2008 with change 1 dated 28 Dec 2010) 


Horizontal protection within DoD is focused on ensuring that research, development and 
acquisition (RDA) information associated with more than one research and technology activity 
or acquisition program is protected to the same degree by all DoD activities, or is adequately 
protected based on the impact of an aggregation of the correlated information. 


Host Country. A nation which permits, either by written agreement or official invitation, government 
representatives and/or agencies of another nation to operate, under specified conditions, within its 
borders. (JP 1-02 and JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011 chg 1 dated 26 Aug 
2011) 


Host Nation (HN). A nation that receives the forces and/or supplies of allied nations, coalition partners, 
and/or NATO organizations to be located on, to operate in, or to transit through its territory. (JP 1-02) 


Host-Nation Support (HNS). Civil and/or military assistance rendered by a nation to foreign forces within 


its territory during peacetime, crises or emergencies, or war based on agreements mutually concluded 
between nations. (JP 1-02 and JP 4-0, Joint Logistics, 18 Jul 2008) 


160 


Page 3677 of 3957 


Page 3678 of 3957 


Counterintelligence Glossary -- Terms & Definitions of Interest for CI Professionals (9 June 2014) 


Hostage Rescue (HR). A personnel recovery method used to recover isolated personnel who are 
specifically designated as hostages. (JP 1-02 and JP 3-50, Personnel Recovery, 5 Jan 2007) 


Hostile Act. An attack or other use of force against the United States, United States forces, or other 
designated persons or property to preclude or impede the mission and/or duties of United States forces, 
including the recovery of United States personnel or vital United States Government property. (JP 1-02 
and JP 3-28, Defense Support of Civil Authorities, 31 Jul 2013) 


Hostile Environment. Operational environment in which hostile forces have control as well as the intent 
and capability to effectively oppose or react to the operations a unit intends to conduct. (JP 1-02) 


Hostile Intent. The threat of imminent use of force against the United States, United States forces, or 
other designated persons or property. (JP 1-02 and JP 3-01, Countering Air and Missile Threats, 23 Mar 
2012) 


HotR. DoD acronym for HUMINT On-Line Tasking and Reporting System. HotR is a web-based software 
application that supports DoD HUMINT, as well as DoD Counterintelligence. 


House Permanent Select Committee on Intelligence (HPSCI). A committee of the US House of 
Representatives, established by House Resolution 658 on July 14, 1977. It is the primary committee in 
the U.S. House of Representatives charged with the oversight of the US Intelligence Community and 
intelligence-related activities of all other government organizations. Also see Senate Select Committee 
on Intelligence. 


The 1980 Intelligence Oversight Act charged the Senate Select Committee on Intelligence and 
HPSCI with authorizing the programs of US intelligence agencies and overseeing their activities. 
Itis IC policy that IC elements shall, in a timely manner, keep the Congressional intelligence 
committees fully informed, in writing, of all significant anticipated intelligence activities, significant 
intelligence failures, significant intelligence activities, and illegal activities. 

-- ICD 112, Congressional Notification, 16 Nov 2011 


Human Derived Information (HDI). Activities related to the conduct of the collection of intelligence 
information by or through humans. It includes the following forms of information: Fl, Cl, Force Protection, 
Research and Technology Protection, and Law Enforcement. (SECNAVINST S3821.1, 19 Nov 2008) 


Human Domain. The presence, activities, social structure or organization, networks and relationships, 
motivation, intent, vulnerabilities and capabilities of individuals or groups. 


The human domain encompasses the totality of the physical, cultural, and social environments that 
influence human behavior. Success in the human domain will depend upon understanding the 
human terrain and establishing trust with those humans who occupy that space. 

-- Navy Adm. William H. McRaven, Commander, US Special Operations Command, 5 June 2013 


The Human Domain, or Human Dimension, which is a vital and integral part of ABI [Activity Based 
Intelligence], is defined as the presence, activities (including transactions - both physical and 
virtual), culture, social structure/organization, networks and relationships, motivation, intent, 
vulnerabilities, and capabilities of humans (single or groups) across all domains of the operational 
environment (Space, Air, Maritime, Ground, and Cyber). 
-- Mark Phillips, “A Brief Overview of Activity Based Intelligence and Human Domain Analytics," (Sep 2012); 
copy at: «http://trajectorymagazine.com/images/winter2012/A Brief Overview of _ABI.pdf> 
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Human Enabled Information (HEI). Activities designed to spot, assess and develop platforms which 
facilitate information collection and other assigned operations. (SECNAVINST S3821.1, 19 Nov 2008) 


Human Factors. The physical, cultural, psychological, and behavioral attributes of an individual or group 
that influence perceptions, understanding, and interactions. (JP 2-0, Joint Intelligence, 22 Oct 2013) Also 
see human domain. 


Human Intelligence (HUMINT). A category of intelligence derived from information collected and provided 
by human sources [includes HUMINT enabling]. (ICD 1, 1 May 2006; JP 1-02; JP 2-0, Joint Intelligence, 
22 Oct 2013; and DoDD S-5200.37, Management and Execution of Defense HUMINT, 9 Feb 2009) 


-- Also, a category of intelligence derived from information collected by USG civilian employees or 
military personnel. Who are trained and certified HUMINT collectors, and assigned to an organization with 
the mission and authority to collect foreign intelligence from human sources in response to validated 
intelligence requirements. (DHE-M 3301.002, Vol II Collection Operations, 23 Nov 2010) 


-- Also, intelligence derived from information collected and provided by human sources. This 
intelligence includes overt data collected by personnel in diplomatic and consular posts, as well as 
otherwise unobtainable information collected via clandestine sources of information, debriefings of foreign 
nationals and U.S. citizens who travel abroad, official contacts with foreign governments, and direct 
observation. (National Intelligence: A Consumer's Guide - 2009) 


-- Also, [from CIA perspective] vital information from human sources acquired by Core Collectors of 
the National Clandestine Service in response to national intelligence requirements. (www.cia.gov, posted 
23 Mar 2009) Also see national clandestine service. 


-- Also, the collection by a trained human intelligence collector of foreign information from people and 
multimedia to identify elements, intentions, composition, strength, dispositions, tactics, equipment, and 
capabilities. (Army FM 2-0, Intelligence 23 Mar 2010 and FM 2-22.2, Cl, Oct 2009) 


-- Also, consists of information obtained from individuals who know or have access to sensitive 
foreign information that has implications for U.S. security interests. (WMD Report, 31 Mar 2005) 


-- Also, a category of intelligence, that which is reported by a government information collector, who 
has obtained it either directly or indirectly from a human source. (IC21, HPSCI Staff Study, 9 Apr 1996) 


HUMINT collection is a science and an art. 
-- Army FM 2-22.3, Human Intelligence Collector Operations 


HUMINT - espionage - is the heart of the spy business 
Core Mission: Collect foreign intelligence through human sources to fill critical intelligence gaps. 


Human Intelligence (HUMINT) is intelligence derived from human beings who may act as both 
sources and collectors, and where the human is the primary collection instrument. It is a foreign 
intelligence (Fl) collection discipline. HUMINT collectors focus on acquiring information from 
individuals with access to vital intelligence on the full range of national security issues. 


There are two basic types of HUMINT: overt and clandestine. Overt HUMINT methods include, 
but are not limited to, debriefing, interrogation, elicitation, and observation. Clandestine HUMINT, 
sometimes referred to as Clan HUMINT, involves intelligence activity using human sources 
directed towards the acquisition of information through clandestine means, i.e., espionage. 


"In overt collection, the collector meets openly with sources as a declared U.S. Government 
representative. ...Clandestine collection is conducted in secret. ...After the source is 
recruited, contact is usually strictly controlled in an effort to elude discovery. The recruitment 
of a clandestine human source can take months or years, but the leak of a source's 
information may immediately eliminate access to that source." 

-- U.S. National Intelligence — An Overview 2011, p, 54 
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The Director CIA serves as the National HUMINT Manager for the Intelligence Community (IC) 
with the authority to coordinate, deconflict, and evaluate HUMINT operations across the IC; 
authorities for clandestine HUMINT delegated to the Director of the National Clandestine Service 
(NCS); see ICD 300 and ICD 304. 


The Director DIA serves as the Defense HUMINT Manager responsible for providing centralized 
management of DoD HUMINT. 


U.S. FI collection priorities are driven by the National Intelligence Priorities Framework (NIPF); 
see NSPD 26 and ICD 204. For DoD HUMINT policy see DoDD S-5200.37, Management and 
Execution of Defense Human Intelligence (HUMINT) (U), 9 Feb 2009 with chg 2. 


Foreign intelligence entities worldwide, as well as a variety of non-state actors, commercial 
enterprises, and regional organizations) use clandestine human intelligence collection to "acquire 
information" (aka conduct espionage). Typically intelligence entities rely upon specially trained or 
designated employees, often referred to as "case officers" or "agent handlers" (aka operations 
officers within CIA) to spot, access, develop, and recruit agents who can provide information that 
is not publicly available. 


Within CIA, Operations Officers (OOs) are certified Core Collectors who collect human intelligence 
of concern to the U.S. President, policymakers, and military by recruiting and handling clandestine 
human sources in a secure manner. OOs clandestinely spot, assess, develop, recruit and handle 

human sources with access to vital intelligence. 


-- See <https://www.cia.gov/offices-of-cia/clandestine-service/careers/careers-operations-officer.html> 


Human-Source Intelligence (HUMINT). The oldest method for collecting information, this is 
intelligence derived from human sources. Collection includes clandestine acquisition of 
photography, documents, and other material; overt collection by personnel in diplomatic and 
consular posts; debriefing of foreign nationals and US citizens who travel abroad; and official 
contacts with foreign governments. To the public, HUMINT is synonymous with espionage and 
clandestine activities. However, most of it is accumulated by overt collectors such as diplomats and 
military attaches. 


The CIA, working closely with the Office of the Director of National Intelligence (ODNI) established 
the National Clandestine Service (NCS) to improve HUMINT throughout the IC. The NCS serves as 
the national authority for coordination, de-confliction, and evaluation of clandestine HUMINT 
operations, both abroad and inside the United States. While the ODNI establishes policy related to 
clandestine HUMINT, the NCS executes and implements that policy across the Intelligence 
Community (IC). 

-- <http://www.intelligence.gov/about-the-intelligence-community/how-intelligence-works/data-gathering.html> 


Human Intelligence is derived from the analysis of foreign positive information collected by a 
trained HUMINT Collector from people and multimedia to identify elements, intentions, composition, 
strength, dispositions, tactics, equipment, personnel, and capabilities. It uses human contacts and 
informants as a tool, and a variety of collection methods to gather information that satisfies the 
commander's critical information requirements (CCIR) and cues other collection resources. 
-- Colonel Jerry W. Jones (USA Retired), "Cl and HUMINT or HUMINT and Cl or CI/HUMINT or TAC 
HUMINT," Military Intelligence Professional Bulletin, vol. 28, no. 2 (April 2002), p 29. 


HUMINT is the oldest collection discipline and a key contributor to the all-source picture of the 
battlefield. HUMINT is the intelligence, to include adversary intentions, derived from information 
collected from people and related documents. It uses human sources acquired both passively and 
actively to gather information to answer intelligence requirements and to cross-cue other 
intelligence disciplines. HUMINT is produced from the collection on a wide range of requirements 
with the purpose of identifying adversary capabilities and intentions. 

-- U.S. Army ST 2-22.7, Tactical Human Intelligence and Counterintelligence Operations, April 2002, p. 7-4. 
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The U.S. will continue to need the capabilities to collect HUMINT, especially as a major insight into 
intentions and plans of hostile states or groups, and to carry out covert action. 
-- IC 21: HPSCI Staff Study, 9 Apr 1996 (Finding, p.18) 


As George Kisevalter, a CIA case officer who handled defector Col. Oleg Penkovsky, stressed, 
HUMINT was as much an art as a science, and that “common sense, and the ability to analyze 
charter quickly and decisively, were the intelligence officer's greatest assets." So too, the mastery 
of intelligence tradecraft is imperative for success. 
-- Julie Anderson, “The HUMINT Offensive from Putin's Chekist State," International Journal of Intelligence 
and Counterintelligence, Vol 20 No 2 (Summer 2007), p. 274 


Note: Mr. Kisevalter handled both Major Pyotr Popov, the first Soviet GRU officer run by the CIA, as well as 
Colonel Oleg Penkovsky. See Clarence Ashley. CIA SpyMaster (2004) for the inside story on a CIA legend. . 


Counterintelligence (Cl) is often mistaken as part of or a subset of HUMINT. Although HUMINT 
and Cl are partners in the Human Domain -- both are intelligence activities that operate in the 
human domain -- they are distinctly different...different missions, different authorities, each 
focused on different content, as well as outcomes. F| collection values the information above 
all, whereas Cl insists on acting on that information--a totally different operational dynamic. See 
counterintelligence. 


Human Intelligence Collector. See HUMINT Collector. 


Human Intelligence Source. People who provide intelligence directly; individuals associated with 
organizations (such as foreign government entities and intelligence services) who willingly share 
intelligence information with the United States; individuals and organizations who facilitate the 
placement or service of technical collection means that could not succeed without their support; and 
foreign citizens who are identified as of an intelligence interest to the United States with a reasonable 
expectation that they will provide information or services in the future. Information that may reveal the 
identities of people upon whom the United States relies for information, access to information, or 
cooperation leading to obtaining information is considered to potentially reveal human intelligence 
sources. (DoD Manual 5200.01-Vol 1, DoD Information Security Program, 24 Feb 2012) Also see 
Human Source, Source. 


Human Source. A person who wittingly or unwittingly conveys by any means information of potential 
intelligence value. (ICS Glossary) Also see Human Intelligence Source; Source. 


-- Also, a person from whom information can be obtained. (Army FM 2-22.3, HUMINT Collector 
Operations, 6 Sep 2006) 


"Every person—friendly, hostile, or neutral—is a potential source of information. The HUMINT 
information collection system uses various methods to collect information from a number of 
sources." 


-- U.S. Army ST 2-22.7, Tactical Human Intelligence and Counterintelligence Operations, Apr 2002 


"[H]uman sources collect the smallest volume of intelligence but generally it is the most difficult to 
obtain and the most useful when we do get it. It is in this area that the best information is acquired 
on the all-important subject of intentions." 


-- General Veron Walters (Former DCI), Silent Missions (1978) 
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Human Source Contact Operations (SCO). HUMINT collection activity directed toward the establishment 
of human sources who have agreed to meet and cooperate with HUMINT collectors for the purpose of 
providing information. (Army FM 2-22.3, HUMINT Collector Operations, 6 Sep 2006) 


SCO sources include: one-time contacts, continuous contacts, and formal contacts from 
debriefings, liaison, and contact operations. The basic goal of all levels of contact is to collect 
information in response to collection tasking. 


-- Army FM 2-22.3, Human Intelligence Collector Operations (2006) 
Human-Source Intelligence. Intelligence obtained from human sources. See Human Intelligence. 


Human Terrain Analysis. A multidisciplinary approach to describe and predict geospatial and temporal 
patterns of human behavior by analyzing the attributes, actions, reactions, and interactions of groups or 
individuals in the context of their environment. (DoDD 3600.01, Information Operations, 14 Aug 2006 with 
chg 1, 23 May 2011) 


HUMINT. See Human Intelligence. 


HUMINT Collection Activities. Categories include: tactical questioning; screening, interrogation; 
debriefing; liaison; human source contact operations (SCOs), documents exploitation (DOCEX); and 
captured enemy equipment (CEE) operations. (Army FM 2-22.3, HUMINT Collector Operations, 6 Sep 
2006) 


DoDD S-5200.37 provides overarching policy for all Defense HUMINT collection operations. Also 
see: DHE-M 3301.001, Vol I, Collection Requirements, Reporting, and Evaluation Procedures (U); 
DHE-M 3301.002, Vol Il, Collection Operations (U); and Army FM 2-22.3, Human Intelligence 
Collector Operations. 


HUMINT Collection Requirement (HCR). A long-term, DoD validated HUMINT collection requirement 
which supports DoD or IC operational planning, policy- and decision making, intelligence production, and 
intelligence databases. (DHE-M 3301.001, DIA HUMINT Manual, Vol |, 30 Jan 2009 w/ chg 2) 


HUMINT Collection Methods. There are two HUMINT collection methods authorized for use within DoD: 
overt and clandestine. (JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 
2011) 


HUMINT Collection Requirement (HCR). A long-term DoD-wide HUMINT collection requirement which 
supports DoD operational planning, policy- and decision-making, intelligence production, and intelligence 
databases. (Defense HUMINT Enterprise Manual 3301.002, Vol II Collection Operations, 23 Nov 2010) 


HUMINT Collection Team (HCT). Element that collects information from human sources. (Army FM 
2-22.3, HUMINT Collector Operations, 6 Sep 2006) 


HUMINT Collector. A person who is specifically trained and certified for, tasked with, and engages in the 
collection of information from HUMINT sources for the purposes of answering intelligence information 
requirements. (DHE-M 3301.001, Vol I: Collection Requirement, Reporting, and Evaluation Procedures, 
30 Jan 2009, w/ chg 2 dated 1 Feb 2012) 


-- Also, a person who is specifically trained and certified for, tasked with, and engages in the 
collection of information from individuals (HUMINT sources) for the purpose of answering intelligence 
information requirements. (Army FM 2-22.3, HUMINT Collector Operations, Sep 2006) 


Within DoD, appropriately trained and certified individuals are the only personnel authorized to 
conduct HUMINT operations beyond tactical questioning. 
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HUMINT Enabling. An operational support function in which non-HUMINT intelligence collection 
operations are facilitated by HUMINT collection platforms. 


HUMINT Operations. Intelligence activities, including military source operations, the primary purpose of 
which is to obtain foreign intelligence information collected and provided by human sources. (DoDD 
$-3325.09, Oversight, Management, and Execution of Defense Clandestine Source Operations, 9 Jan 
2013, with chg 1 dated 13 Jun 2013) Also see human intelligence. 


DoD HUMINT operations are conducted in response to DoD or national requirements based on the 
needs of the originator. 


HUMINT Operations Cell (HOC). Assigned under the J/G2X to track all HUMINT activities in the area 
of intelligence responsibility. It provides technical support to all HUMINT collection operations and 
deconflicts HUMINT collection operations in the AO. (Term previously defined in Army FM 2-0, 
Intelligence, May 2004) 


For additional information on the HOC see: JP 2-01.2, CI & HUMINT in Joint Operations (U), 
16 Mar 2011 (w/ chg 1 dated 26 Aug 2011), p. Il-8 (para 3c). 


HUMINT Source. A person from which services or intelligence information are obtained. The source may 
possess either first or second-hand knowledge normally obtained through sight or hearing and may be 
witting or unwitting. (DHE-M 3301.002, Vol II Collection Operations, 23 Nov 2010) Also see human 
source; source. 


-- Also, a person from whom information can be obtained. (Army FM 2-22.3, HUMINT Collector 
Operations, 6 Sep 2006) 


HUMINT Support Element (HSE). A DIA representative or staff element assigned to support a COCOM. 
An HSE provides liaison and assists the COCOM with HUMINT planning, coordination, collection 
management, training, and operations. (DHE-M 3301.002, Vol II Collection Operations, 23 Nov 2010) 


HUMINT Targeting. The integration of all-source intelligence and systemic analytic methodologies to 
identify and develop relevant HUMINT leads in direct support of HUMINT collection operations. 
(DHE-M 3301.002, Vol II Collection Operations, 23 Nov 2010) 


HUMINT Tasks. Include but not limited to: conducting source operations; liaising with host nation officials 
and allied counterparts; eliciting information from select sources; debriefing US and allied forces and 
civilian personnel including refugees, displaced persons, third-country nationals, and local inhabitants; 
interrogating enemy prisoners of war and other detainees; and initially exploiting documents, media, and 
material. (Army FM 2-22.3, HUMINT Collector Operations, 6 Sep 2006) 


HUMINT Training. Instruction and applied exercises for acquiring and retaining skills and knowledge 
required in the acquisition of foreign intelligence derived from the collection discipline that uses human 
beings as both sources and collectors. (DoDI 3305.15, DoD HUMINT Training, 25 Feb 2008) 


HUMINT Training Joint Center of Excellence (HT-JCOE). An advanced joint HUMINT training activity that 
supports HUMINT activities within the DCHE [Defense Cl and HUMINT Enterprise]. The HT-JCOE is 
comprised of HT-JCOE West and HT-JCOE East. The HT-JCOE West operates with the Department of 
the Army. The JT-JCOE East operates within the [Defense Intelligence Agency]. (DoDI O-5109.95, 
HT-JCOE, 18 Apr 2012) 
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Hybrid Threats. Hybrid threats refer to the ability of adversaries—lone attackers, criminal, transnational 
terrorist organizations, even nation-states—to employ combinations of tactics, technologies, and 
capabilities to gin an asymmetric advantage. (Quadrennial Homeland Security Review Report, Feb 2010) 


-- Also, the diverse and dynamic combination of regular forces, irregular forces, terrorist forces, 
and/or criminal elements unified to achieve mutually benefitting effects. (ADRP 3-0, Unified Land 
Operations, May 2012) 


Hyperspectral Imagery (HSI). Term used to describe the imagery derived from subdividing the 
electromagnetic spectrum into very narrow bandwidths. These narrow bandwidths may be combined with 
or subtracted from each other in various ways to form images useful in precise terrain or target analysis. 
(JP 1-02 and JP 2-03, Geospatial Intelligence Support to Joint Operations, 31 Oct 2012). 
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i-Space (Integrated Space): a U.S. Intelligence Community (IC) social networking and collaboration 
service hosted on JWICS; intended to foster and facilitate collaboration between IC members. Previously 
known as “A-Space,” the transformation to i-Space broadens membership from analyst only to virtually 
any intelligence professional with access and a mission need. (Intellipedia, accessed 1 Nov 2013) 


ICE-mail. Email between organizations over JWICS network. Also referred to as ICE-mail or JWICS 
email. (National Intelligence: A Consumer's Guide - 2009) 


ICON. See /nvestigations, Collections and Operations Nexus. 


Identity. The distinguishing characteristics or personality of an individual or facility. (DoDI S-5105.63, 
Implementation of DoD Cover and Cover Support Activities, 20 Jun 2013) 


Identity Intelligence (I2). The intelligence resulting from the processing of identity attributes concerning 
individuals, groups, networks, or populations of interest. (JP 2-0, Joint Intelligence, 22 Oct 2013) 


Ideology. Commitment to a competing political or economic system such as Communism. (PERSEREC 
1992) Also see divided /oyalties, MICE. 


IDSRS. See /ntegrated Defense Source Hegistry System. 


Illegal. An officer, employee, or agent of an intelligence organization who is dispatched abroad and who 
has no overt relationship with the intelligence service with which he/she is connected or with the 
government operations that intelligence service. Term is derived from the fact that the individual is in the 
host country illegally. (Cl Community Lexicon) 


-- Also, an intelligence officer or a recruited agent who operates in a foreign country in the guise of a 
private person, and is often present under false identity. (FBI -- Affidavit: USA vs. Robert Philip Hanssen, 
16 Feb 2001) 


-- Also, lllegal Intelligence Officers (IIO) — individuals who enter a country either by circumventing 
border controls or by using false documentation. False documents permit the IIO to remain within the 
country for a long time while being able to withstand extensive background checks and leave the country 
with minimum official scrutiny. The very nature of the IIO's covert activity makes it extremely difficult for 
counterintelligence agencies to identify or accurately assess their total strength and potential impact on 
national security. (AFOSI Manual 71-144, Vol 5, CI Program, 15 May 2009) 


“Illegals” have no "easily" detectable contacts with their parent intelligence service. They pose as 
legitimate residents of the target country and operate without benefits of diplomatic cover. 


"In intelligence parlance, an ‘illegal’ is a spy operating without benefit of diplomatic cover. If caught, 
an illegal can be prosecuted, imprisoned, or even executed; by contrast, a diplomat can only be 
declared persona non grata and expelled by the host country." 

-- David Wise, Tiger Trap: America's Secret War with China (2011), p. 208 
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"The illegal is a highly trained specialist in espionage tradecraft. He may be a [foreign] national 
and/or a professional intelligence officer dispatched to the United States under a false identity." 
-- FBI as cited in Senate Report # 94-755 (aka Church Committee Report), Book |, 26 April 1976, p.164 


“Illegal agents—that is, operatives for whom an alias identity has been systemically developed 
which enables them to live in the United States as America citizens or resident aliens without our 
knowledge of their true origins." 

-- Rockefeller Committee Report, June 1975, p. 8 


Illegal Net. An intelligence gathering unit operating under the control of an illegal residency. (AFOSI 
Manual 71-142, OFCO, 9 Jun 2000 and FBI FCI Terms) 


Operation GHOST STORIES -- FBI investigation of a network of Russian sleeper agents under 
non-official cover in the United States. July 2010, the FBI arrest of 10 Russian “illegals” which 
provided a chilling reminder that espionage on U.S. soil did not disappear when the Cold War 
ended. The FBI case against the Russian Intelligence operatives went on for more than a decade. 


The FBI released dozens of still images, surveillance video clips, and documents related to the 
investigation, see «http://www.fbi.gov/news/stories/2011/october/russian 103111/russian 1031112 


Illegal Residency. An intelligence apparatus established in a foreign country and composed of one or 
more intelligence officers, which has no apparent connection with the sponsoring intelligence organization 
or with the government of the country operating the intelligence organization. (ICS Glossary) 


Illegal Support Officer. An intelligence officer assigned to a legal residency whose primary function is to 
support illegal agents by supplying anything needed. A secondary function is the gathering of information 
and documents that will serve as guidance and models for documentation of future illegal agents. (AFOSI 
Manual 71-142, OFCO, 9 Jun 2000) 


Imagery. A likeness or presentation of any natural or man-made feature or related object or activity, and 
the positional data acquired at the same time the likeness or representation was acquired, including: 
products produced by space-based national intelligence reconnaissance systems; and likeness and 
presentations produced by satellites, airborne platforms, unmanned aerial vehicles, or other similar 
means (except that such term does not include handheld or clandestine photography taken by or on 
behalf of human intelligence collection organizations). (JP 1-02 and JP 2-03, GEOINT Support to Joint 
Operations, 22 Mar 2007) 


-- Also, representations of objects reproduced electronically or by optical means on film, electronic display 
devices, or other media. (Senate Report 94-755, Book | — Glossary, 26 Apr 1976) 


Imagery Exploitation. The cycle of processing, using, interpreting, mensuration and/or manipulating 
imagery, and any assembly or consolidation of the results for dissemination. (JP 1-02.and JP 2-03, 
GEOINT Support to Joint Operations, 31 Oct 2012) 


Imagery Intelligence (IMINT). The technical, geographic, and intelligence information derived through the 
interpretation or analysis of imagery and collateral materials. (JP 1-02 and JP 2-03, GEOINT Support to 
Joint Operations, 31 Oct 2012) Also see geospatial intelligence. 


-- Also, IMINT is derived from the exploitation of imagery collected by visual photography, infrared 
sensors, lasers, multispectral sensors, and radar. These sensors produce images of objects optically, 


electronically, or digitally on film, electronic display devices, or other media. (Army FM 2-0, Intelligence, 
23 Mar 2010) 
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-- Also, intelligence that includes representations of objects reproduced electronically or by optical 
means on film, electronic display devices, or other media. Imagery can be derived from visual 
photography, radar sensors, infrared sensors, lasers, and electro-optics. (ODNI, U.S. National Intelligence 
— An Overview 2011) 


Imagery Intelligence (IMINT): The National Geospatial-Intelligence Agency (NGA) manages all 
IMINT activities, both classified and unclassified, within the US Government . This includes 
requirements, collection, processing, exploitation, dissemination, archiving, and retrieval. 

-- www.intelligence.gov (accessed 13 Aug 2012) 


There are two general types of imagery collection platforms: 
* Satellites—compromised of national technical means [NTM] and commercial platforms. 
* Airborne Systems—compromised of national, commercial, theater, and tactical. 


There are two general types of imagery sensors: 
+ Electro-optical: panchromatic (visible); infrared; special (multispectral & hyperspectral); 
and polarmetric. 
+ Radar: synthetic aperture radar systems that collect and display data either as 
representations of fixed targets or as moving target indicators. 


-- Army FM 2-0, Intelligence, 23 Mar 2010, pp. 9-2 & 9-3 


Immigration and Customs Enforcement (ICE). The principal investigative arm of the U.S. Department 
Homeland Security (DHS). Created in 2003 through a merger of the investigative and interior enforcement 
elements of the U.S. Customs Service and the Immigration and Naturalization Service, 


ICE's primary mission is to promote homeland security and public safety through the criminal and 
civil enforcement of federal laws governing border control, customs, trade and immigration. ICE’s 
two principal operating components are Homeland Security Investigations (HSI) and Enforcement 
and Removal Operations (ERO). 


See ICE website at: «http://www.ice.gov/index.htm- 


Impersonal Communication. Communications between a handler and asset which do not involve direct 
contact. (HDI Lexicon, April 2008) 


-- Also, secret communication techniques used between a case officer and a human intelligence 
asset when no physical contact is possible or desired. (CI Centre Glossary) 


Impersonal Communications... 
[C]landestine techniques to avoid risky face-to-face contact that often employed methods such as 
dead drops and elaborate systems of signaling readiness to send and receive those caches of 
information. This system had been used successfully by intelligence services for centuries. 


-- Michael J. Sulick, American Spies: Espionage Against the United States from the Cold War to 
the Present, 2013, p. 10 


Implant. Electronic device or electronic equipment modification designed to gain unauthorized 
interception of information-bearing emanations. (CNSSI No. 4009, National Information Assurance 
Glossary, 26 April 2010) 


Implied Task. In the context of joint operation planning, a task derived during mission analysis that an 
organization must perform or prepare to perform to accomplish a specified task or the mission, but which 


is not stated in the higher headquarters order. (JP 5-0, Joint Operation Planning, 11 Aug 2011) Also see 
essential task; specified task. 
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Improvised Explosive Device (IED). A device placed or fabricated in an improvised manner incorporating 
destructive, lethal, noxious, pyrotechnic, or incendiary chemicals and designed to destroy, incapacitate, 
harass, or distract. It may incorporate military stores, but is normally devised from nonmilitary 
components. (JP 1-02) 


In the Gap. [Tradecraft jargon] Surveillance-free for a few seconds but not as long as a minute. (Spy 
Dust) 


Inadvertent Disclosure. Type of incident involving accidental exposure of information to an individual not 
authorized access. (CNSS Instruction No. 4009) 


-- Also, a set of circumstances or a security incident in which a person has had involuntary access to 
classified information to which the individual was or is not normally authorized. (DoD 5220.22.22-M-Sup 
1, NISPOM Supplement, Feb 1995) 


Indication and Warning. Within DoD, term changed to "warning." See warning. 


Indications. In intelligence usage, information in various degrees of evaluation, all of which bear on the 
intention of a potential enemy to adopt or reject a course of action. (JP 2-0, Joint Intelligence, 22 Oct 
2013) 


Indicator. In intelligence usage, an item of information which reflects the intention or capability of a 
potential enemy to adopt or reject a course of action. (JP 1-02 and JP 2-0, Joint Intelligence, 22 Oct 
2013) Also see espionage indicator. 


-- Also, data derived from friendly detectable actions and open-source information that adversaries 
can interpret and piece together to reach conclusions or estimates of critical or classified information 
concerning friendly intentions, capabilities, or activities. (DoD 5205.02-M, DoD OPSEC Program Manual, 
3 Nov 2008) 


-- Also, "Threat Indicator" any observable action that suggests violent behavior, abnormal 
disgruntlement, radicalization, or an extreme religious or other ideological worldview. (US Army Tactical 
Reference Guide, Radicalization into Violent Extremism: A Guide for Military Leaders, Aug 2011) Also 
see radicalization, terrorism, violent radicalization. 


Indirect Access. Descriptor used for sources who do not have firsthand access to the information 
provided and who have come upon it through one or more sub-sources. (DoDI S-5200.42, Defense 
HUMINT and Related Activities (U), 8 Dec 2009) Also see direct access. 

Indoctrination (or read-on). An initial indoctrination and/or instruction provided each individual approved 
to a SAP prior to his exposure concerning the unique nature of program information and the policies, 
procedures, and practices for its handling. (DoD 5220.22.22-M-Sup 1, NISPOM Supplement, Feb 1995) 


Induced Defection. Tradecraft jargon for developing and encouraging a foreign official's defection from 
his country. (Leo D. Carl, The CIA Insider's Dictionary, 1996) 


“Inducement” is the jargon used for persuading somebody to defect to you. 
-- William R. Johnson, Thwarting Enemies at Home and Abroad (2009) 


Induced Operation. An operation in which a source or agent is established in such a manner as to induce 
the opposition to recruit him as its agent. (CI Community Lexicon) 
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Induction. [One of the four basic types of reasoning applied to intelligence analysis, it is the process] of 
discovering relationships among the phenomena under study. ...[it draws] generalizations on the basis of 
observations or other evidence. (DIA, /ntelligence Essentials for Everyone, June 1999) Also see 
abduction; deduction; scientific method. 


For additional information see Knowledge Management in the Intelligence Enterprise by Edward 
Waltz (2003) and Critical Thinking and Intelligence Analysis by David Moore, JMIC Press (2006). 


Industrial Espionage. The knowing misappropriation of trade secrets related to, or included in, a product 
that is made for or placed in interstate or foreign commerce to the economic benefit of anyone other than 
the owner, with the knowledge or intent that the offense will injure the owner of that trade secret. 


-- Also, the act of seeking a competitive, commercial advantage by obtaining a competitor's trade 
secrets and/or logistics. The acquisition of industrial information through clandestine operations. (DSS 
Glossary) 


Industrial espionage is criminalized under the Economic Espionage Act of 1996, PL 104-294. 
See «http;//www.gpo.gov/fdsys/pkg/PLAW-104publ294/content-detail.html» 


Industrial espionage, or theft of trade secrets, occurs when an actor, intending or knowing that his 
or her offense will injure the owner of a trade secret of a product produced for or placed in 
interstate or foreign commerce, acts with the intent to convert that trade secret to the economic 
benefit of anyone other than the owner by: (1) stealing, or without authorization appropriating, 
carrying away, concealing, or obtaining by deception or fraud information related to that secret; 

(2) copying, duplicating, reproducing, destroying, uploading, downloading, or otherwise transmitting 
that information without authorization; or (3) receiving that information knowing that that information 
had been stolen, appropriated, obtained or converted without authorization (Section 101 of the 
EEA, 18 USC § 1832). 


Industrial Security. That portion of information security which is concerned with the protection of 
classified information in the custody of U.S. industry. (DoD 5220.22-M, NISPOM, 28 Feb 2006) Also 
see Defense Security Service (DSS); National Industrial Security Program (NISP). 


-- Also, a mutli-disciplinary security program concerned with the protection of classified information 
developed by or entrusted to U.S. industry. (IC Standard 700-1, 4 Apr 2008 and DoDD 5200.43, 
Management of the Defense Security Enterprise, 1 Oct 2012 w/ chg 1 dated 24 Apr 2013) 


Infiltrate. Tradecraft jargon for the act of penetrating a country or organization. (Leo D. Carl, The CIA 
Insider's Dictionary, 1996) 


Infiltration. In intelligence usage, placing an agent or other person in a target area in hostile territory. 
Usually involves crossing a frontier or other guarded line. Methods of infiltration are: black (clandestine); 
grey (through legal crossing point but under false documentation); and white (legal). (JP 1-02 and 

JP 3-05.1, Joint Special Operations Task Force Operations, 26 Apr 2007) 


Inform and Influence Activities. The integration of designated information-related capabilities in order to 
synchronize themes, messages, and actions with operations to inform United States and global 
audiences, influence foreign audiences, and affect adversary and enemy decisionmaking. (Army 

FM 3-13, Inform and Influence Activities, Jan 2013) 


Informant. A person who, wittingly or unwittingly, provides information to an agent, a clandestine service, 
or the police. (ICS Glossary and Senate Report 94-755, Book I — Glossary, 26 Apr 1976) 


Information. Facts, data, or instructions in any medium or form. The meaning that a human assigns to 
data by means of the known conventions used in their representation. (JP 3-13.1, Electronic Warfare, 
25 Jan 2007) 


172 


Page 3689 of 3957 


Page 3690 of 3957 


Counterintelligence Glossary -- Terms & Definitions of Interest for CI Professionals (9 June 2014) 


Information and Communications Technology (ICT). 


Includes but is not limited to information technology 


as defined in section 11101 of title 40, U.S.C.. The term reflects the convergence of information 
technology and communications. ICT includes all categories of ubiquitous technology used for gathering, 
storing, transmitting, retrieving, or processing information (e.g., computing systems, software, mobile 
telephony, satellite communications, and networks. (DoDI O-5240.24, CI Activities Supporting RDA, 

8 Jun 2011 with change 1 dated 15 Oct 2013) 


Information Assurance (IA). 


Measures that protect and defend information and information systems by 


ensuring their availability, integrity, authentication, confidentiality, and nonrepudiation. This includes 
providing for restoration of information systems by incorporating protection, detection, and reaction 
capabilities. (DoDD 8500.01E, Information Assurance and CNSSI-4009) Also see Information Operations. 


-- Also, actions that protect and defend information systems by ensuring availability, integrity, 
authentication, confidentiality, and nonrepudiation. (JP 1-02 and JP 3-12, Cyberspace Operations, 


5 Feb 2013) 


-- Also, protecting information’s confidentiality, integrity, and availability. (National Intelligence: A 
Consumer's Guide - 2009). 


-- Also, the protection of systems and information in storage, processing, or transit from unauthorized 
access or modification; denial of service to unauthorized users; or the provision of service to authorized 
users. It also includes those measures necessary to detect, document, and counter such threats. 
Measures that protect and defend information and information systems by ensuring their availability, 
integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of 


information systems by incorporating protection, detection, and reaction capabilities. 


IA is a security 


discipline that encompasses COMSEC, INFOSEC, and control of compromising emanations (TEMPEST). 
(AR 25-2, Information Assurance, 3 Aug 2007) 


Information Collection. An activity that synchronizes and integrates the planning and employment of 
sensors and assets as well as the processing, exploitation, and dissemination of systems in direct support 


of current and future operations. (Army FM 3-55, Information Collection, April 2012) 


Information Environment. The aggregate of individuals, organizations, and systems that collect, process, 
disseminate, or act on information. (JP 1-02 and JP 3-13, Information Operations, 13 Feb 2006) 
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Information Fratricide. The result of employing information-related capabilities in a way that causes 
effects in the information environment that impede the conduct of friendly operations or adversely affect 
friendly forces. (Army FM 3-13, Inform and Influence Activities, Jan 2013) 


Information Protection. Active or passive measures used to safeguard and defend friendly information 
and information systems. (ADRP 6-0, Mission Command, May 2012) 


Information Operations (IO). The integrated employment, during military operations, of information- 
related capabilities in concert with other lines of operations to influence, disrupt, corrupt, or usurp the 
decision-making of adversaries and potential adversaries, while protecting our own. (JP 3-13, Information 
Operation, 27 Nov 2012; approved for inclusion in update to JP 1-02) 


For DoD policy see DoDD 3600.01, /nformation Operations, 2 May 2013 


Counterintelligence investigations, operations, collection, analysis, production, and dynamic 
functional Cl services are employed in support of appropriate IO activities to detect and mitigate 
foreign intelligence, hacker, and insider threats to DoD information and information systems. 


IO will be the principal mechanism used during military operations to integrate, synchronize, 
employ, and assess a wide variety of information-related capabilities (IRCs) in concert with other 
lines of operations to effect adversaries' or potential adversaries' decision-making while protecting 
our own. 

— DoDD 3600.01, Information Operations, 2 May 2013 


Information Related Capability (IRC). A capability that is a tool, technique, or activity employed within a 
dimension(s) of the information environment that can be used to achieve a specific end(s). (DoDD 
3600.01, Information Operations, 2 May 2013) Also see information operations. 


Information Requirements. In intelligence usage, those items of information regarding the adversary and 
other relevant aspects of the operational environment that need to be collected and processed in order to 
meet the intelligence requirements of a commander. (JP 2-0, Joint Intelligence, 22 Oct 2013) Also see 
intelligence requirement; collection requirement. 


The requirements process has traditionally been one of the 
most vexing aspects of intelligence management. 
-- IC 21: HPSCI Staff Study, 6 Apr 1996 


Information Security. The security discipline concerned with implementation of a system of administrative 
policies and procedures for identifying, controlling, and protecting from unauthorized disclosure 
information that is authorized protection by Executive order, statute, or regulation. Information security 
includes protection of classified, controlled unclassified, and sensitive compartmented information. (DoDD 
5200.43, Management of the Defense Security Enterprise, 1 Oct 2012, w/ chg 1 dated 24 Apr 2013) 


-- Also, INFOSEC the system of policies, procedures, and requirements established in accordance 
with Executive Order 13526 to protect information that, if subjected to unauthorized disclosure, could 
reasonably be expected to cause damage to national security. The term also applies to policies, 
procedures, and requirements established to protect unclassified information that may be withheld from 
release to the public pursuant to Executive Order, statute or regulation. (DoD Manual 5200.01-Vol 1, DoD 
Information Security Program, 24 Feb 2012) Also see computer security; cyber security. 
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-- Also, protecting information’s confidentiality, integrity, and availability. (National Intelligence: A 
Consumer's Guide - 2009) 


To be withdrawn from JP 1-02 per JP 3-13, 27 Nov 2012; previously defined as: the protection of 
information and information systems against unauthorized access or modification of information, 
whether in storage, processing, or transit, and against denial of service to authorized users. 
INFOSEC includes those measures necessary to detect, document, and counter such threats. 
INFOSEC is composed of computer security and communications security. 

-- JP 3-13, Information Operations, 13 Feb 2006 


INFOSEC plays a vital role in national security and in the Critical Infrastructure 


The goal of INFOSEC is to ensure that the National Security Community has reliable and secure 
networks to originate, store, manipulate, and make information available to those who need it and 
are authorized to have it. 

-- Joint Security Commission Il Report, 24 Aug 1999, p. 18 


Information Security Oversight Office (ISOO). US Government office that is responsible to the President 
for policy and oversight of the Government-wide security classification system and the National Industrial 
Security Program. 


The ISOO is responsible to the President for policy and oversight of the Government-wide security 
classification system and the National Industrial Security Program. The ISOO is also responsible 
for implementing and overseeing the National Industrial Security Program (NISP) under Executive 
Order 12829, as amended, issued in 1993. 


ISSO web site at: «http:;//www.archives.gov/isoo/» 


Information Superiority. The operational advantage derived from the ability to collect, process, and 
disseminate an uninterrupted flow of information while exploiting or denying an adversary's ability to do 
the same. (JP 1-02 and JP 3-13, Information Operations, 27 Nov 2012) Also see information operations. 


Informer. One who intentionally discloses information about other persons or activities to police or a security 
service (such as the FBI), usually for a financial reward. (Senate Report 94-755, Book | — Glossary, 26 Apr 
1976) 


Infrared Imagery. That imagery produced as a result of sensing electromagnetic radiations emitted or 
reflected from a given target surface in the infrared position of the electromagnetic spectrum 
(approximately 0.72 to 1,000 microns). (JP 1-02 and JP 2-03, Geospatial Intelligence Support to Joint 
Operations, 31 October 2012) 


InfraGard. A partnership between the FBI and the private sector. InfraGard is an association of 
individuals, academic institutions, state and local law enforcement agencies, and other participants 
dedicated to sharing information and intelligence to prevent hostile acts against the United States. 
InfraGard Chapters are geographically linked with FBI Field Office territories. (FBI) 


Infragard a collaboration for infrastructure protection. For more information see 
<http://www.infragard.net/> 


Infrastructure. The framework of interdependent physical and cyber-based systems comprising 
identifiable industries, institutions (including people and procedures), and distribution capabilities that 
provide a reliable flow of products and services essential to the defense and economic security of the 
United States, to the smooth functioning of government at all levels, and to society as a whole. 

(DoDD 3020.40, DoD Policy and Responsibilities for Critical Infrastructure, 14 Jan 2010 w/ chg 2 dated 
21 Sep 2012) 
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Inherited CPI. [Proposed DoD definition] CPI that is owned and generated by one RDA program, 
subsystem, or project that is incorporated into and used by another RDA program. (Draft DoDI 5200.39, 
CPI Identification and Protection within RDA Programs) 


Initial Contact Point (ICP). A physical location where an intelligence officer makes an initial contact or 
brush pass with his source or asset. (AFOSI Manual 71-142, OFCO, 9 Jun 2000) 


Insider. [Within DoD,] anyone who has authorized access to DoD resources by virtue of employment, 
volunteer activities, or contractual relationship with DoD. (DoDI 5240.26, Countering Espionage, 
International Terrorism, and Counterintelligence Insider Threat, 4 May 2012 with change 1 dated 15 Oct 
2013) Also see insider threat, CI insider threat. 


-- Also, any person with authorized access to any U.S. Government (USG) resource, to include 
personnel, facilities, information, equipment, networks, or systems. (U.S. Government Threat Detection 
Guide - 2011) 


- Also, anyone with access, privilege, or knowledge of information systems or services. Malicious 
insider is [a person] motivated to intentionally adversely impact an organization's mission (e.g., deny, 
damage, degrade, destroy). (Rand Study, Understanding the Insider Threat, March 2004) 


Insider Threat (InT). A person with authorized access, who uses that access, wittingly or unwittingly, to 
harm national security interests or national security through unauthorized disclosure, data modification, 
espionage, terrorism, or kinetic actions resulting in loss or degradation of resources or capabilities. 
(DoDI 5240.26, Countering Espionage, International Terrorism, and Counterintelligence Insider Threat, 
4 May 2012 w/ chg 1 dated 15 Oct 2013 and DoDD 5200.43, Management of the Defense Security 
Enterprise, 1 Oct 2012 w/ chg 1 dated 24 Apr 2013) Also see insider, CI insider threat. 


-- Also, a person, known or suspected, who uses their authorized access to Department of Defense 
facilities, systems, equipment, information or infrastructure to damage, disrupt operations, commit 
espionage on behalf of a foreign intelligence entity or support international terrorist organizations. 

(JP 1-02 and JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 


-- Also, the threat that an insider will use their authorized access to harm the security of the United 
States. This threat can include damage to the US through espionage, terrorism, unauthorized disclosure 
of information, or through the loss or degradation of departmental resources or capabilities [sabotage]. 
(U.S. Government Threat Detection Guide - 2011 and IC Standard 700-2, 2 June 2011) 


-- Also, activities conducted by a person with placement and access that intentionally or 
unintentionally compromise an agency's ability to accomplish its mission, including but not limited to 
espionage, other criminal activity, unauthorized disclosure of information and loss or degradation of 
departmental resources or capabilities. (National CI Strategy Operating Plan 2008-2010, 9 Aug 2007) 


-- Also, the ability of a trusted insider to bypass or defeat security safeguards or otherwise adversely 
affect the national security. (IC Standard 700-1, 4 Apr 2008) 


-- Also, an entity with authorized access (i.e., within the security domain) that has the potential to 
harm an information system or enterprise through destruction, disclosure, modification of data, and/or 
denial of service. (CNSSI No. 4009, National Information Assurance Glossary, 26 April 2010) 


-- Also, a person with placement and access who intentionally or unintentionally causes loss or 
degradation of resources or capabilities and compromises the ability of an organization to accomplish its 


mission through espionage, providing support to international terrorism, other criminal activity, or 
unauthorized release or disclosure of information. (AR 381-20, Army CI Program, 25 May 2010) 
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-- Also, any insider with legitimate access to government information, personnel, and facilities may 
intentionally or unintentionally pose a threat. (NSA CI Awareness Pamphlet on Insider Threat, undated) 


-- Also, the insider threat to critical infrastructure is one or more individuals with the access and/or 
inside knowledge of a company, organization, or enterprise that would allow them to exploit the 
vulnerabilities of that entity's security, systems, services, products, or facilities with the intent to cause 
harm. (National Infrastructure Advisory Council's Report, The Insider Threat to Critical Infrastructures, 
8 April 2008) 


Trusted insiders with means, motive, and opportunity pose a major threat 


“Countering insider threats are coordinated Cl, security, information assurance (IA), law 
enforcement (LE), and antiterrorism & force protection (AT/FP) activities...” 
-- DoDI 5240.26, Countering Espionage, International Terrorism, and the Cl Insider Threats, 4 May 2012 


"Insider threats remain the top counterintelligence challenge to our community." 
-- Robert "Bear" Bryant, National Counterintelligence Executive 


“The problem of insider spies has bedeviled intelligence services from time immemorial.” 


-- David L. Charney. M.D., “True Psychology of the Insider Spy,” in Intelligencer: Journal of U.S. 
Intelligence Studies (Fall/Winter 2010), p. 47. 


"[H]istory teaches us to expect spies among us and to anticipate that some of those spies will be 

us.... [W]e cannot eliminate espionage... [but we must] minimize the harm that those who betray 

us can do to our national security and minimize the time between their defection and detection." 
-- Webster Commission Report (A Review of FBI Security Programs), March 2002, pp. 17-18. 


"The Insider Threat is the single-most pervasive and damaging security risk facing global 
organizations and governments today." 
-- www.intrusic.com 


"Malicious insiders may exploit their access at the behest of foreign governments, terrorists groups, 
criminal elements, unscrupulous associates, or on their own initiative. Whether malicious insiders 
are committing espionage, making a political statement, or expressing personal disgruntlement, 
the consequences for DoD, and national security, can be devastating." 

-- DoD Strategy for Operating in Cyberspace, July 2011 


“_..the threat lies in the potential that a trusted employee may betray their obligations and 
allegiances to their employer and conduct sabotage or espionage against them. Insider betrayals 
cover a broad range of actions, from secretive acts of theft or subtle forms of sabotage to more 
aggressive and overt forms of vengeance, sabotage, and even workplace violence. The threat 
posed by insiders is one most owner-operators neither understand nor appreciate." 
-- T. Noonan and E. Archuleta, The Insider Threat to Critical Infrastructures , The National 
Infrastructure Advisory Council, April 6, 2008, p. 32. 


"WikiLeaks represents a somewhat different kind of threat. It's an insider threat, as opposed to a 
remote threat where someone is trying to come across the networks at you." 
-- William Lynn, US Deputy Defense Secretary, Interview reported in DefenseNews, 18 July 2011 
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"In addition to threats by foreign intelligence entities, insider threats will also pose a persistent 
challenge. Trusted insiders with the intent to do harm can exploit their access to compromise vast 
amounts of sensitive and classified information as part of a personal ideology or at the direction of 
a foreign government. The unauthorized disclosure of this information to state adversaries, 
nonstate activists, or other entities will continue to pose a critical threat." 

-- DNI, Worldwide Threat Assessment of the US Intelligence Community, SSCI, 29 January 2014 


See ONCIX classified report, U.S. Government Insider Threat Detection Guide — 2011 (U). 


See Army Directive 2013-18, Army Insider Threat Program, 31 Jul 2013; copy available at: 
<http://www.fas.org/irp/doddir/army/insider.pdf> 


See SECNAV Instruction 5510.37, Department of the Navy Insider Threat Program, 8 Aug 2013; 
copy available at: <http://Awww.fas.org/irp/doddir/navy/secnavinst/5510_37.pdf> 


See NCIS CI & Insider Threat Awareness and Reporting Brief — Briefers Handbook, March 2013 
with DVD (a professionally produced briefing tool for NCIS Agents) 


Also see “True Psychology of the Insider Spy,” in AFIO /ntelligencer: Journal of U.S. Intelligence 
Studies (Fall/Winter 2010), p. 47 -- copy available at < http://www.ncix.gov/issues/ithreat/Charney- 
PsychologyofInsiderSpyAFIO-INTEL Fall-Winter2010.pdf > 


Additional open source information on insider threat issues at <http://www.cert.org/insider_threat/> 


“A nation can survive its fools and even the ambitious. 
But it cannot survive treason from within." 


-- Cicero (106-43 B.C.) 
Speech in the Roman Senate - circa 58 BC 


Instruments of National Power. All of the means available to the government in its pursuit of national 
objectives. They are expressed as diplomatic, economic, informational and military. (JP 1, Doctrine for the 
Armed Forces of the United States, 25 Mar 2013 and JP 1-02) 


Insurgency. The organized use of subversion and violence to seize, nullify, or challenge political control 
of a region. Insurgency can also refer to the group itself. (JP 3-24, Counterinsurgency, 22 Nov 2013) 


-- Also, the organized use of subversion and violence to seize, nullify, or challenge political control of 
a region. (Army FM 3-24, Insurgencies and Countering Insurgencies, May 2014) 


According to FM 3-24, insurgency in the most basic form is a struggle for control and influence, 
generally from a position of relative weakness, outside existing state institutions. Insurgencies can 
exist apart from or before, during, or after a conventional conflict. 


Insurgent. See insurgency. 


Integrated Defense Source Registration System (IDSRS). A DoD-level system to enable the sharing 
of HUMINT source information, meant to ensure Deconfliction of DoD-wide HUMINT sources. 
(Defense HUMINT Enterprise Manual, Vol Il, 23 Nov 2010) 


See USD(I) Memo, 13 August 2005 and IDSRS website on SIPRNet at: <http://dh.dia.smil/idsr/> 


INTELINK. INTELINK is the classified, worldwide intranet for the U.S. Intelligence Community. At its 
most secure level, INTELINK utilizes the Joint Worldwide Intelligence Communications System (JWICS) 
as its communication vehicle. JWICS is a 24 hour a day network designed to meet the requirements for 
secure multi-media intelligence communications worldwide up to the Top Secret/SCI level. 


INTELINK-S. INTELINK-S is similar to INTELINK except that it is accessed through the Secret Internet 


Protocol Router Network (SIPRNet). It is a 24 hour a day network designed to meet the requirements 
for secure multi-media intelligence communications worldwide at the Secret level and below. 
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Intelligence. 1) The product resulting from the collection, processing, integration, evaluation, analysis, 
and interpretation of available information concerning foreign nations, hostile or potentially hostile forces 
or elements, or areas of actual or potential operations. 2) The activities that result in the product. 3) The 
organizations engaged in such activities. (JP 2-0, Joint Intelligence, 22 Oct 2013) Also see foreign 
intelligence; counterintelligence. 


“Intelligence deals with all things which should be known 
in advance of initiating a course of action" 
-- Task Force on Intelligence Activities (Hoover Commission) — 1955 


The term "intelligence" includes foreign intelligence and counterintelligence. 
-- National Security Act of 1947 (as amended), 50 USC §401a, and EO 12333 (as amended 30 Jul 2008) 


The main methods of collecting foreign intelligence (Fl), collectively referred to as "intelligence 
collection disciplines" or the "INTs," are: human intelligence (HUMINT); signals intelligence 
(SIGINT); geospatial intelligence (GEOINT), including imagery intelligence (IMINT); measurement 
& signatures intelligence (MASINT); and open source intelligence (OSINT). 


Recommended: Mark Lowenthal, PhD, Intelligence: From Secrets to Policy (2011, 5" edition) 


- Also, a body of evidence and the conclusions drawn there from that is acquired and furnished in 
response to the known or perceived requirements of Consumer's. It is often derived from information 
that is concealed or not intended to be available for use by the acquirer. (ODNI website www.dni.gov) 


-- Also, information that has been analyzed and refined so that it is useful to policymakers in making 
decisions—specifically, decisions about potential threats to our national security. (FBI at 
<http://www.fbi.gov/about-us/intelligence/defined>) 


-- Also, the product resulting from the collection, processing, integration, analysis, evaluation, and 
interpretation of available information concerning foreign countries or areas. Information and knowledge 
about an adversary obtained through observation, investigation, analysis, or understanding. (TRADOC 
Pam 525-2-1, US Army Functional Concept for Intelligence, 13 Oct 10) 


-- Also, secret, state activity to understand or influence foreign entities. (Michael Warner, “Wanted: 
A definition of Intelligence,” Studies in Intelligence, 46: 3, 2002, pp.15-22) 


A plethora of definitions for intelligence 


Sherman Kent, former Chairman of CIA's Office of National Estimates asserted that intelligence 
can be thought of as a process, a product, as well as an organization. His point is valid, as 
organizations that make up the US Intelligence Community use the term "intelligence" in three 
different ways—product, process, and organization: 


1) Intelligence is a product that consists of information that has been refined to meet the 
needs of policymakers/decision makers; 

2) Intelligence is also a process through which that information is identified, collected, 
Analyzed, and disseminated; and 

3) Intelligence refers to both the individual organizations that shape raw data into a finished 
intelligence product for the benefit of decision makers and the larger community of these 
organizations collected referred to as the Intelligence Community or IC. 


A word of caution about the term "intelligence" is in order. Too often it is used synonymously or 
interchangeably with "information." This is inaccurate and quite misleading. Information until may 
be interesting, amusing, or hitherto unknown to the person receiving it, but by and in itself it is 
inappropriate to call it intelligence. 

-- William R. Corson, The Armies of Ignorance: The Rise of the American Intelligence Empire (1977) 
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Intelligence is the process by which specific types of information important to national security 
are requested, collected, analyzed, and provided to policymakers; the products of that process; 
the safeguarding of these processes and this information by counterintelligence activities; and 
the carrying out of operations as requested by lawful authorities. 

-- Mark M. Lowenthal, Intelligence: From Secrets to Policy. 4^ Edition (2009), p. 8 


[Intelligence is] mainly secret activities---targeting, collection, analysis, dissemination and action— 
intended to enhance security and/or maintain power relative to competitors by forewarning of 
threats and opportunities. 
-- P. Gill, “Theories of Intelligence: Where Are We, Where Should We Go and How Might We Proceed?” 
in Intelligence Theory: Key Questions and Debates, 2009, p. 214 


[l]ntelligence in general can be thought of as the complex process of understanding meaning in 
available information. A typical goal of intelligence is to establish facts and then to develop precise, 
reliable, and valid inferences (hypotheses, estimations, conclusions, or predictions) for use in 
strategic decisionmaking or operational planning. 

-- Robert M. Clark, /ntelligence Analysis: A Target-Centric Approach (2004), p. 13 


By definition, intelligence deals with the unclear, the unknown the deliberately hidden.... In the 
intelligence business, you are almost never completely wrong or completely right. 
-- George J. Tenet, Director CIA (5 Feb 2004) 


For intelligence to have any real value, it must be acted on, sometimes quite promptly and 
decisively; otherwise, it can be about as useful as warm spit, regardless how romantic or 
dramatic it may sound. 

-- LTG Samuel Wilson (Retired), Former Director DIA, April 2009 


"The truth is that there is never enough good intelligence." 
-- R. Jack Smith (Former DDI CIA), The Unknown CIA (1989) 


*Timely intelligence is a critical component of preserving our national security." 
-- Ambassador John D. Negroponte (12 April 2005) 


Intelligence Activities. All activities that elements of the Intelligence Community are authorized to conduct 
pursuant to Executive Order 12333. (EO 12333, as amended 30 Jul 2008) Also see intelligence. 


-- Also, all activities that agencies within the Intelligence Community are authorized to conduct 
pursuant to Executive Order 12333. (DoD 5240.1-R, Procedures Governing the Activities of DoD 
Intelligence Components that Affect Unites States Persons, Dec 1982) 


-- Also, the collection, production and dissemination of foreign intelligence and counterintelligence 
pursuant to DoDD 5143.01 and EO 12333. (DoDD 5240.01, DoD Intelligence Activities, 27 Aug 2007 w/ 
chg 1 dated 27 Aug 2013) 


Note: Executive Order 12333 (United States Intelligence Activities) specifically defines the term 
intelligence as including foreign intelligence (Fl) and counterintelligence (Cl). 


Intelligence Analysis. The process by which collected information is evaluated and integrated with 
existing information to facilitate intelligence production. (ADRP 2-0, Intelligence, Aug 2012) Also see 
analysis. 


Intelligence analysis is an intellectual process. 
-- Mark Lowenthal, PhD 
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Intelligence Analyst. A professional intelligence officer who is responsible for performing, coordinating, 
or supervising the collection, analysis, and dissemination of intelligence. (ODNI, U.S. National Intelligence 
— An Overview 2011) 


Intelligence analysts use critical and creative thinking to conduct intelligence analysis and produce 
timely, predictive intelligence. 


-- ADRP 2-0, Intelligence, August 2012 


Intelligence Asset. Any resource utilized by an intelligence organization for an operational support role. 
(JP 2-0, Joint Intelligence, 22 Oct 2013) Also see asset. 


Intelligence Collection. The acquisition of information or intelligence information and the provision of it to 
processing and/or production elements. (CI Community Lexicon) Also see counterintelligence collection; 
clandestine intelligence collection; intelligence collection. 


The main methods of collecting foreign intelligence (Fl), collectively referred to as "intelligence 
collection disciplines" or the "INTs," are: human intelligence (HUMINT); signals intelligence 
(SIGINT); geospatial intelligence (GEOINT), including imagery intelligence (IMINT); measurement 
& signatures intelligence (MASINT); and open source intelligence (OSINT). 


[I]ntelligence collection is an imperfect process and will rarely be able to provide analysts with 
everything they need to know. 


-- Mark Lowenthal, PhD, "Intelligence Analysis Guide to its Study,” The Intelligencer: Journal of U.S. 
Intelligence Studies, Vol 18, No. 4, Summer/Fall 2011, p. 61 


Intelligence Collection Activities. The collection of foreign intelligence and counterintelligence information. 
(Title 10 USC §431) 


Intelligence Collection Plan. A plan for gathering information from all available sources to meet an 
intelligence requirement. Specifically, a logical plan for transforming the essential elements of information 
into orders or requests to sources within a required time limit. (JP 1-02) 


Intelligence Collector. A phrase sometimes used to refer to an individual, system, organization or agency 
that engages in the collection step of the intelligence cycle. (ICS Glossary) 


Intelligence Community (IC). All departments or agencies of a government that are concerned with 
intelligence activity, either in an oversight, managerial, support, or participatory role. (JP 2-0, Joint 
Intelligence, 22 Oct 2013 and JP 2-01.2, Cl & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 
26 Aug 2011) 


-- Also, the federal agencies and departments that have a legal mandate to collect, analyze, and 
disseminate intelligence. Executive Order 12333 specifically identifies members of the IC. (Cl Community 
Lexicon) 

-- Also, a federation of Executive Branch agencies and organizations that work separately and 


together to conduct intelligence activities necessary for the conduct of foreign relations and the protection 
of U.S. national security. (ODNI, U.S. National Intelligence — An Overview 2011) 
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U.S. Intelligence Community (50 USC §401a and EO 12333) 


-- Office of the Director of National Intelligence 

-- Central Intelligence Agency 

-- National Security Agency 

-- Defense Intelligence Agency 

-- National Geospatial-Intelligence Agency 

-- National Reconnaissance Office 

-- Intelligence & Cl components of the U.S. Army, Navy, Marines, and Air Force 
-- Federal Bureau of Investigation (National Security Branch) 

-- Department of Energy (Office of Intelligence & Counterintelligence) 

-- Drug Enforcement Administration (Office of National Security Intelligence) 
-- Department of Homeland Security (Office of Intelligence & Analysis) 

-- Department of State (Bureau of Intelligence & Research) 

-- Department of Treasury (Office of Intelligence & Analysis) 

-- Intelligence & Cl components of the Coast Guard 


For additional information see “An Overview of the United States Intelligence Community” 
at <http://www.dni.gov/who_what/061222_ DNIHandbook Final.pdf- 


Also see Jeffrey T. Richelson, The US Intelligence Community (2012, 5" Edition) 


Intelligence Community Directives (ICDs). Principal issuances through which the Director of National 
Intelligence (DNI) provides policy direction to the Intelligence Community (IC). (ICD 1, 1 May 2006) 


ICDs are overarching policy documents of the Intelligence Community signed by the DNI and are 
replacing the legacy Director of Central Intelligence Directives (DCIDs). 


Intelligence Contingency Funds (ICF). Appropriated funds to be used for intelligence activities when the 
use of other funds is not applicable or would either jeopardize or impede the mission of the intelligence 
unit. (JP 1-02 and JP 2-01.2, Cl & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dtd 26 Aug 2011) 


Intelligence Cycle. The process by which information is acquired, converted into intelligence, and made 
available to policymakers and Consumer's. (National HUMINT Glossary) Also see intelligence process. 
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-- Also, the steps through which information is converted into intelligence and made available to 
users. The cycle typically includes six steps: planning and direction, collection, processing and 
exploitation, analysis and production, dissemination, and evaluation. (ODNI, U.S. National Intelligence — 
An Overview 2011) [Note: "evaluation" recently added as the sixth step in the cycle.] 


Planning aed 5 


Analysis 
ass Production 


INTELLIGENCE CYCLE 
Source: CIA 
(Note: The sixth step — evaluation — is not captured in the above diagram) 


The /ntelligence Cycle is customarily illustrated as a repeating process consisting of [see graphic 
above]. 

[1] Planning and direction encompasses the management of the entire effort and involves, in 
particular, determining collection requirements based on customer requests. 

[2] Collection refers to the gathering of raw data to meet the collection requirements. These data 
can be derived from any number and type of open and secret sources. 


[3] Processing refers to the conversion of raw data into a format analysts can use. 


[4] Analysis and production describes the process of evaluating data for reliability, validity, and 
relevance; integrating and analyzing it; and converting the product of this effort into a meaningful 
whole, which includes assessments of events and implications of the information collected. 


[5] [Dissemination] the product is disseminated to its intended audience. 
-- Judith Meister Johnston and Rob Johnston., Chapter Four — "Testing the Intelligence Cycle Through 
Systems Modeling and Simulation," in Analytic Culture in the U.S. Intelligence Community, The Center 
for the Study of Intelligence, CIA, 2005, pp 45-46. 


-- Also, the process of developing unrefined data into polished intelligence for the use of policymakers 
(FBI at «http://www.fbi.gov/about-us/intelligence/intelligence-cycle») 


The "Intelligence" Cycle 


[The intelligence cycle is] a series of feedback loops, with analyst at the center. Initial problem 
definition may come from either a policymaker request or an analyst's assessment that an issue 
merits analytic attention. The analyst then looks at the data available and ideally may engage in a 
series of interactions with collectors, a series of feedback loops. While in the collection phase, the 
analyst should be simultaneously engaging with policymakers or the war fighters, as appropriate, to 
refine questions as conditions change. When a finished intelligence product is produced, it should 
generate further questions from the consumer, and the feedback loops continue. The process 
operates on a continuum, as opposed to a discrete series of events with a defined beginning and 
end. 

-- VADM J.M. (Mike) McConnell, USN (Ret) in CISSM, The Future of Intelligence Analysis, 


Volume | Final Report, 10 March 2006 
(CISSM = Center for International and Security Studies at Maryland, University of Maryland) 
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-- Also, an iterative process in which collection requirements based on national security threats are 
developed, and intelligence is collected, analyzed, and disseminated to a broad range of customers. 
Consumers sometimes provide feedback on finished intelligence products, which can be used to refine 
any part of the intelligence cycle to ensure consumers are getting the intelligence they need to make 
informed decisions and/or take appropriate actions. (Congressional Research Service (CRS) Report 
RL33616, 14 Jan 2009) 


The Intelligence Cycle — An /terative Process 


Source: www.intelligence.gov (accessed 27 Jul 2012) 


Intelligence shapes national security policies... 


The successful intelligence process converts acquired information into clear, comprehensible 
intelligence and delivers it to the President, policymakers, and military commanders in a form they 
can utilize to make educated policy decisions. Generating reliable, accurate intelligence is an 
active, never-ending process commonly referred to as the intelligence cycle. 


The process begins with identifying the issues in which policy makers are interested and defining 
the answers they need to make educated decisions regarding those issues. We then lay out a plan 
for acquiring that information and go about collecting it. Once we have the proper intelligence, we 
sort through it, analyze what it means, and prepare summary reports and recommendations, which 
we deliver to national security policy makers. The answers our reports supply often reveal other 
areas of concern, which lead to more questions. In this way, the end of one cycle effectively leads 
to the start of the next. 

-- Intelligence.Gov — How Intelligence Works (accessed 28 April 2011) 

<http://www. intelligence.gov/about-the-intelligence-community/how-intelligence-works/> 


Dynamic Process Fueling Dynamic Solutions 


Intelligence Cycle... still valid???? 


According to Kristan J. Wheaton, Assistant Professor of Intelligence Studies at Mercyhurst 
University, “Intelligence professionals have long known that the traditional way of describing the 
intelligence process, the so called ‘intelligence cycle,’ is flawed.” He concludes the intelligence cycle 
fails on three counts: “We cannot define what it is and what it isn’t, it does not match the way 
intelligence actually works in the 21st Century, and it does not help us explain our processes to the 
decision-makers we support. Efforts to fix these flaws have not worked and, furthermore, this is all 
widely recognized by those who have studied the role and impact of the cycle.” 

-- See Kristan J. Wheaton, "Let's Kill the Intelligence Cycle," Competitive Intelligence, Vol 15 No 2, 

April/June 2012, pp. 9-24. See article at «http://mciis.org/files/Wheaton LetsKillThelntelligenceCycle.pdf- 
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Intelligence Database. The sum of holdings of intelligence data and finished intelligence products at a 
given organization. (JP 1-02 and 2-01, Joint and National Intelligence Support to Military Operations, 
5 January 2012) 


Intelligence Discipline. A well-defined area of intelligence planning, collection, processing, exploitation, 
analysis, and reporting using a specific category of technical or human resources. (JP 2-0, Joint 
Intelligence, 22 Oct 2013) Also see human intelligence (HUMINT); geospatial intelligence (GEOINT); 
measurement and signature intelligence MASINT); signals intelligence (SIGINT); open-source intelligence 
(OSINT); technical intelligence (TECHINT); counterintelligence (CI). 


Intelligence Enterprise. The sum total of the intelligence efforts of the entire U.S. intelligence community. 
(ADRP 2-0, Intelligence, Aug 2012, p. 2-6) 


Intelligence Estimate. The appraisal, expressed in writing or orally, of available intelligence relating to 
a specific situation or condition with a view to determining the courses of action open to the enemy or 

adversary and the order of probability of their adoption. (JP 1-02 and JP 2-0, Joint Intelligence, 22 Oct 
2013) 


Intelligence Federation. A formal agreement in which a combatant command joint intelligence center 
receives preplanned intelligence support from other joint intelligence centers, Service intelligence 
organizations, Reserve organizations, and national agencies during crisis or contingency operations. 
(JP 1-02 and JP 2-01, Joint and National Intelligence Support to Military Operations, 5 Jan 2012) 


Intelligence Gap. Information that is needed to inform intelligence analysis but is absent from reporting— 
what we know we don't know. 


-- Also, a missing element that, if found, allows one to choose among alternatives with greater 
confidence. (Robert M. Clark, /ntelligence Analysis: A Target Centric Approach, 2004) 


Identifying [intelligence] gaps is a continuous and iterative process... 
-- Robert M. Clark, /ntelligence Analysis: A Target Centric Approach (2004), p. 143 


Intelligence Information Need. A need, expressed by users of intelligence, for information necessary to 
support their mission. (Intellipedia) 


Intelligence Information Report (IIR). The primary vehicle used to provide HUMINT information to the 
consumer. It utilizes a message format structure that supports automated data entry into the Intelligence 
Community databases. (JP 1-02 and JP 2-01.2, Cl & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 
dated 26 Aug 2011) 


IIRs contain raw intelligence—unevaluated intelligence information, generally from a single source, 
that has not been fully evaluated, integrated with other information, or interpreted and analyzed. 


-- Also, a report used to provide information collected via HUMINT to DoD and IC customers. The IIR 
utilizes a message format to support automated data entry into IC databases. (DHE-M 3301.001, Vol I: 
Collection Requirement, Reporting, and Evaluation Procedures, 30 Jan 2009, w/ chg 2 dated 1 Feb 2012) 


Intelligence Interrogation. The systematic process of using approved interrogation approaches to 
question a captured or detained person to obtain reliable information to satisfy intelligence requirements, 
consistent with applicable law. (JP 1-02 and JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011 
w/ chg 1 dated 26 Aug 2011) Also see educing information; elicitation; debriefing; interrogation; 
intelligence interviewing; interview. 
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-- Also, the systematic process of using interrogation approaches to question a captured or detained 
person to obtain reliable information to satisfy foreign intelligence collection requirements. (DoDD 
3115.09, DoD Intelligence Interrogations, Detainee Debriefings, and Tactical Questioning, 11 Oct 2012 w/ 
chg 1 dated 15 Nov 2013) 


DoD Policy: No person in the custody or physical control of DoD or detained in a DoD facility shall 
be subject to cruel, inhuman, or degrading treatment or punishment as defined in title XIV of Public 
Law 109-163, also known as, "The Detainee Treatment Act of 2005." Acts of physical or mental 
torture are prohibited. 


All intelligence interrogations, debriefings, or tactical questioning to gain intelligence from captured 
or detained personnel shall be conducted humanely, in accordance with applicable law and policy, 
including Army FM 2-22.3 (Human Intelligence Collector Operations, 6 Sep 2006). 


Intelligence interrogations and tactical questioning will be conducted only by personnel trained 
and certified IAW DoDD 3115.09. All DoD interrogations will operate using US Army Field Manual 
2-22.3, Human Intelligence Collector Operations. 

-- JP 2-01.2, CI & HUMINT in Joint Operations (U), 16 Mar 2011 w/ chg 1 dated 26 Aug 2013, p. IV-9 


For DoD policy see DoDD 3115.09, DoD Intelligence Interrogations, Detainee Debriefings, and 
Tactical Questioning, 11 Oct 2012 with change 1 dated 15 Nov 2013. 


Also see Interrogation: World War II, Vietnam, and Iraq (Washington, DC: National Intelligence 
College, Sep 2008); available online at <http://www.ndic.edu/press/12010.htm> 


Intelligence Interviewing. The [non-coercive] gathering of useful and accurate information by 
professionals questioning detainees. (Intelligence Science Board, /ntelligence Interviewing: Teaching 
Papers and Case Studies, April 2009) Also see educing information; elicitation; debriefing; interrogation; 
interview. 


See the 2009 Intelligence Science Board report, Intelligence Interviewing: Teaching Papers and 
Case Studies, available online at <www.fas.org/irp/dni/isb/interview.pdf> -- the emphasis of this 
report is on non-coercive intelligence interviewing. 


This report may be of interest to the full range of intelligence professionals involved with 
interrogation and intelligence interviewing. In particular to those who focus on strategic 
interrogation and/or “high-value” detainees. 


Intelligence Liaison. [Activity which] includes official contacts between a component of the US 
Intelligence Community and a foreign intelligence or security service which are directly related to 
espionage or counterintelligence, or other intelligence activities. (DCID 5/1P) Also see liaison. 


Intelligence Mission Management (IMM). A systematic process by a joint intelligence staff to proactively 
and continuously formulate and revise command intelligence requirements, and track the resulting 
information through the processing, exploitation, and dissemination process to satisfy user requirements. 
(JP 1-02 and JP 2-01, Joint and National Intelligence Support to Military Operations, 5 Jan 2012) 


Intelligence Officer (IO). A professionally trained member of an intelligence service. He or she may be 
serving in the home country or abroad as a member of a legal or illegal residency. (AFOSI Manual 
71-142, 9 Jun 2000 and FBI FCI Terms) 


-- Also, a professional employee of an intelligence organization engaged in intelligence activities. 
(ODNI, U.S. National Intelligence — An Overview 201 1) 
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Intelligence Operations. The variety of intelligence and counterintelligence tasks that are carried out by 
various intelligence organizations and activities within the intelligence process. Intelligence operations 
include planning and direction, collection, processing and exploitation, analysis and production, 
dissemination and integration, and evaluation and feedback. (JP 1-02 and JP 2-01, Joint and National 
Intelligence Support to Military Operations, 5 Jan 2012) 


-- Also, the tasks undertaken by military intelligence units and Soldiers to obtain information to satisfy 
validated requirements. (ADRP 2-0, Intelligence, Aug 2012) 


Note: Intelligence consists of two components: foreign intelligence (Fl) and counterintelligence 
(Cl). Intelligence operations is a broad term with broad application, whereas “Cl operations" is a 
specific term with a precise application. 


Intelligence operations are conducted to provide intelligence in support of all missions. 
Intelligence operations gain and maintain contact with threat forces; collect signatures and 
observables to identify, locate, and provide intentions of threat forces and threat networks. 
Intelligence operations are not solely accomplished from airborne platforms or standoff surveillance 
sites. They are often executed in and amongst local populations and in close proximity to threat 
forces and/or groups. Intelligence operations also facilitate understanding of the terrain and civil 
considerations within an area of operations. 

-- U.S. Army TRADOC Pam 525-2-1, US Army Concept for Intelligence 2016-2028, 13 Oct 2010, p. 9 


Intelligence Oversight. The process of independently ensuring all DoD intelligence, counterintelligence, 
and intelligence-related activities are conducted in accordance with applicable U.S. law, E.O.s, 
Presidential directives, and DoD issuances designed to balance the requirement for acquisition of 
essential information by the IC, and the protection of Constitutional and statutory rights of U.S. persons. 
Intelligence Oversight also includes the identification, investigation, and reporting of questionable 
intelligence activities and S/HS matters involving intelligence activities. (DoDD 5148.11, ATSD/IO, 24 Apr 
2013) 


Intelligence Planning (IP). The intelligence component of the Adaptive Planning and Execution system, 
which coordinates and integrates all available Defense Intelligence Enterprise capabilities to meet 
combatant commander intelligence requirements. (JP 2-0, Joint Intelligence, 22 Oct 2013) Also see 
Counterintelligence Functional Support Plan (CI FSP). 


-- Also, the intelligence portion of Adaptive Planning and Execution (APEX). Intelligence planning 
provides a process that effectively integrates, synchronizes, prioritizes and focuses Defense intelligence 
(both Theater and National) on achieving the supported commander's operational objectives and desired 
effects during all phases of the plan. Additionally, the process identifies knowledge gaps and capability 
shortcomings within the DoD intelligence community (IC). (CJCSM 3314.01, Intelligence Planning, 28 Feb 
2008) 


Note: the term "Intelligence Campaign Planning" or “ICP” is no longer in use; the process is now 
referred to as "Intelligence Planning." 


Intelligence Planning Process. The intelligence component of Adaptive Planning. It is a process that 
integrates, synchronizes, prioritizes, and focuses DoD Intelligence (both theater and national) on 
achieving the supported commander's operational objectives and desired effects during all phases of 
an OPLAN or concept plan. Additionally, the process identifies knowledge gaps and capability shortfalls 
within DoD Intelligence. (DoDI 5105.21, DIA, 18 Mar 2008) 


Intelligence Preparation of the Battlespace (IPB). The analytical methodologies employed by the 
Services or joint force component commands to reduce uncertainties concerning the enemy, 


environment, time, and terrain. Intelligence preparation of the battlespace supports the individual 
operations of the joint force component commands. (JP 1-02 and JP 2-01.3, Joint Intelligence Preparation 
of the Operational Environment) Also see Joint Intelligence Preparation of the Operational Environment. 
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Intelligence Process. The process by which information is converted into intelligence and made available 
to users. The process consists of six interrelated intelligence operations: planning and direction, 
collection, processing and exploitation, analysis and production, dissemination and integration, and 
evaluation and feedback. (JP 1-02 and JP 2-01, Joint and National Intelligence Support to Military 
Operations, 5 Jan 2012) Also see intelligence cycle. 


-- Also, the Army refers to the intelligence cycle as the "intelligence process,” which it defines as: 
intelligence operations are conducted by performing four steps that constitute the intelligence process: 
Plan, Prepare, Collect, and Produce. Additionally, there are four continuing activities that occur across 
the four intelligence process steps: Generate intelligence knowledge, Analyze, Assess, and Disseminate. 
(See Chapter 4, "Intelligence Process in Full Spectrum Operations," Army FM 2-0, Intelligence, Mar 2010) 


-- Also, those steps by which information is collected, converted into intelligence, and disseminated. 
(Senate Report 95-755, Book | — Glossary, 26 Apr 1976) 


Intelligence Processing. Conversion of collected information and/or intelligence into a form more suitable 
for the production of intelligence. (Cl Community Glossary and ICS Glossary) 


Intelligence Product. An intelligence report disseminated to customers by an intelligence agency or 
element. The report contains information and/or analysis of potential intelligence value to meet the 
intelligence needs of users within and outside the Intelligence Community. It may involve current or 
future developments or capabilities, intentions, and activities of entities of interest. (ICD 208, 17 Dec 
2008) 


Intelligence Production. The integration, evaluation, analysis, and interpretation of information from single 
or multiple sources into finished intelligence for known or anticipated military and related national security 
consumer requirements. (JP 2-0, Joint Intelligence, 22 Oct 2013) Also see production. 


-- Also, conversion of material into finished intelligence through the integration, analysis, evaluation, 
and/or interpretation of all available data and the preparation of intelligence products is support of known 
or anticipated customer requirements. (CI Community Glossary and ICS Glossary) 


Intelligence Reach. The activity by which intelligence organizations proactively and rapidly access 
information from, receive support from, and conduct direct collaboration and information sharing with 
other units and agencies, both within and outside the area of operations, unconstrained by geographic 
proximity, echelon, or command. (ADRP 2-0, Intelligence, Aug 2012)* 


* Note: Supersedes the definition in Army FM 2-0, /ntelligence, 23 Mar 2010 


Three important aspects of intelligence reach 
are searches and queries, data mining, and collaboration. 
-- ADRP 2-0, Intelligence, Aug 2012 


Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA). An act to reform the intelligence 
community and the intelligence and intelligence-related activities of the United States Government, and 


for other purposes. IRTPA established both the position of Director of National Intelligence (DNI) and the 
National Counterterrorism Center (NCTC). (PL 108-458, 17 Dec 2004) 


Link to the IRTPA: <http:/Awww.ncix.gov/publications/law/index.html> 
Intelligence-Related Activities. Those activities outside the consolidated defense intelligence program 
that: respond to operational commanders' tasking for time-sensitive information on foreign entities; 
respond to national intelligence community tasking of systems whose primary mission is support to 


operating forces; train personnel for intelligence duties; provide an intelligence reserve; or are devoted to 
research and development of intelligence or related capabilities. (Specifically excluded are programs that 
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are so closely integrated with a weapon system that their primary function is to provide immediate-use 
targeting data.) (JP 1-02 and JP 2-01, Joint and National Intelligence Support to Military Operations, 
5 Jan 2012) 


Intelligence Report (INTREP). A specific report of information, usually on a single item, made at any level 
of command in tactical operations and disseminated as rapidly as possible in keeping with the timeliness 
of the information. (JP 1-02 and JP 2-01, Joint and National Intelligence Support to Military Operations, 

5 Jan 2012) 


-- Also, a product of the production step of the intelligence cycle. (ICS Glossary) 


Intelligence Reporting. The preparation and conveyance of information by any means. More commonly, 
the term is restricted to reports as they are prepared by the collector and as they are transmitted by the 
collector to the latter's headquarters and by this component of the intelligence structure to one or more 
intelligence-producing components. Thus, even in this limited sense, reporting embraces both collection 
and dissemination. (JP 1-02 and JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 
dated 26 Aug 2011) 


Intelligence Requirement (IR). 1) Any subject, general or specific, upon which there is a need for the 
collection of information, or the production of intelligence; 2) A requirement for intelligence to fill a gap in 
the command's knowledge or understanding of the operational environment or threat forces. (JP 2-0, 
Joint Intelligence, 22 Oct 2013) Also see information requirements; collection requirement. 


The articulation of the requirement is the most important 
part of the process, and it seldom is as simple as it might seem. 
— DIA, Intelligence Essentials for Everyone, June 1999 


-- Also, a requirement for intelligence to fill a gap in the command's knowledge or understanding of 
the operational environment or threat forces. (DoDD S-3325.09, Oversight, Management, and Execution 
of Defense Clandestine Source Operations (U), 9 Jan 2013 w/ chg 1 dated 13 Jun 2013) 


-- Also, [intelligence] requirement: a general or specific validated request for intelligence information 
made by a user. (National HUMINT Glossary) 


-- Also, a type of information requirement developed by subordinate commanders and the staff 
(including subordinate staffs) that requires dedicated ISR collection for the elements of threat, terrain 
and weather, and civil considerations. (Army FM 2-0, Intelligence, 23 Mar 2010) 


-- Also, the need to collect intelligence information or to produce intelligence, either general or 
specific, on a particular subject. (ODNI, U.S. National Intelligence — An Overview 201 1) 


Intelligence Sensemaking. Encompasses the processes by which specialized knowledge about 
ambiguous, complex, and uncertain issues is created. This knowledge is generated by professionals 
who in this context become known as Intelligence Sensemakers. (Sensemaking: A Structure for an 
Intelligence Revolution by David T. Moore) Also see sensemaking. 


Copy of Sensemaking: A Structure for an Intelligence Revolution by David T. Moore available at 
<http://ni-u.edu/ni_press/pdf/Sensemaking.pdf> 


Intelligence Source. The means or system that can be used to observe and record information relating 


to the condition, situation, or activities of a targeted location, organization, or individual. (JP 2-0, Joint 
Intelligence, 22 Oct 2013) 


An “intelligence source” can be people, documents, equipment, or technical sensors. 
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Intelligence Sources and Methods. 1) Sources: Persons, images, signals, documents, data bases, and 
communications media capable of providing intelligence information through collection and analysis 
programs, e.g., HUMINT, IMINT, SIGINT, and MASINT; and 2) Methods: Information collection and 
analysis strategies, tactics, operations and technologies employed to produce intelligence products. 

If intelligence sources and methods are disclosed without authorization their effectiveness may be 
substantially negated or impaired. (IC Standard 700-1, 4 Apr 2008) 


The terms "intelligence sources and methods" are used in legislation and executive orders to 
denote specific protection responsibilities of the Director of National Intelligence (DNI). 


Intelligence, Surveillance, and Reconnaissance (ISR). An activity that synchronizes and integrates the 
planning and operation of sensors, assets, and processing, exploitation, and dissemination systems in 
direct support of current and future operations; this is an integrated intelligence and operations function. 
(DoDD 5143.01; JP 1-02; and JP 2-01, Joint and National Intelligence Support to Military Operations, 

5 Jan 2012) 


Intelligence Synchronization. The "art" of integrating information collection and intelligence analysis with 
operations to effectively and efficiently support decisionmaking. (ADRP 2-0, Intelligence, Aug 2012) 


Intelligence System. Any formal or informal system to manage data gathering, to obtain and process the 
data, to interpret the data, and to provide reasoned judgments to decision makers as a basis for action. 
(JP 1-02 and JP 2-01, Joint and National Intelligence Support to Military Operations, 5 Jan 2012) 


Intelligence Task List (ITL). A compilation of the specified and implied intelligence tasks required to 
satisfy the information needs to support the successful achievement of the Combatant Command's 
operational objectives. The ITL is developed by the Combatant Command J2 and Defense Intelligence 
Operations Coordination Center (DIOCC). Assignment of roles and responsibilities for the specific 
collection, analysis and production is accomplished during the development of the [COCOM's IPLAN] 
and the NISP. The end state is a synchronized collection, analysis and production effort, from tactical to 
national level that will support the successful achievement of the Combat Command's operational 
objectives. (CJCSM 3314.01, Intelligence Planning, 28 Feb 2007) 


Intelligence Threat. The intention and capability of any adversary to acquire and exploit critical 
information. The purpose of the acquisition is to gain a competitive edge or diminish the success of a 
particular U.S program, operations, or industrial activity. (IOSS Intelligence Threat Handbook - Jun 2004) 
Also see threat; threat to national security; transnational threat; foreign intelligence collection threat. 


Foreign intelligence services, along with terrorist groups, transnational criminal organizations, and 
other nonstate actors, are targeting and acquiring our national security information, undermining 
our economic and technological advantages, and seeking to influence our national policies and 
processes covertly. These foreign intelligence efforts employ traditional methods of espionage and, 
with growing frequency, innovative technical means. 


Among significant foreign threats, Russia and China remain the most capable and persistent 
intelligence threats and are aggressive practitioners of economic espionage against the United 
States. 

-- DNI, Worldwide Threat Assessment of the US Intelligence Community, SSCI, 12 March 2013 


Intellipedia. The Intelligence Community's version of the famous encyclopedia. It is used by analysts, 
working groups, and engineers throughout the IC. (CIA news release March 2008) 


Interagency. United States Government agencies and departments, including the Department of 
Defense. (JP 1-02 and JP 3-08, Interorganizational Coordination During Joint Operations, 24 Jun 201 1) 
Also see interagency coordination. 

Interagency Coordination. Within the context of DoD involvement, the coordination that occurs between 


elements of DoD, and engaged US Government agencies and departments for the purpose of 
accomplishing an objective. (JP 1-02 and JP 3-0, Joint Operations, 11 Aug 201 1) 
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Inter-dependency. [In critical infrastructure usage] relationships or connections between entities of 
different DoD Components and defense infrastructure sectors. (DoDD 3020.40, DoD Policy and 
Responsibilities for Critical Infrastructure, 14 Jan 2010 w/ chg 2 dated 21 Sep 2012) Also see intra- 
dependency. 


Interdiction. 1) An action to divert, disrupt, delay, or destroy the enemy's military surface capability before 
it can be used effectively against friendly forces, or to otherwise achieve objectives; and 2) In support of 
law enforcement, activities conducted to divert, disrupt, delay, intercept, board, detain, or destroy, as 
appropriate, vessels, vehicles, aircraft, people, and cargo. See also air interdiction. (JP 1-02 and JP 3-03, 
Joint Interdiction, 3 May 2007) 


Intergovernmental Organization (IGO). An organization created by a formal agreement (e.g., a treaty) 
between two or more governments. It may be established on a global, regional, or functional basis for 
wide-ranging or narrowly defined purposes. Formed to protect and promote national interests shared by 
member states. Examples include the United Nations, North Atlantic Treaty Organization, and the African 
Union. (JP 1-02 and JP 3-08, Interorganizational Coordination During Joint Operations, 24 Jun 2011) 


-- Also, an organization comprised primarily of sovereign states (referred to as member states), or 
of other IGOs. ( w/ chg 2 dated 21 Sep 2012, DoD Policy and Responsibilities for Critical Infrastructure, 
14 Jan 2010) 


Internal Security. The state of law and order prevailing within a nation. (JP 1-02 and JP 3-08, Inter- 
organizational Coordination During Joint Operations, 24 Jun 201 1) 


International Terrorist Activities. Activities undertaken by or in support of terrorists or terrorist 
organizations that occur totally outside the United States, or that transcend national boundaries in terms 
of the means by which they are accomplished, the persons they appear intended to coerce or intimidate, 
or the locale in which the perpetrators operate or seek asylum. (DoD 5240.1-R, 7 Dec 1982) 


International Terrorism. Activities that involve violent acts or acts dangerous to human life that violate 
federal, state, local, or tribal criminal law or would violate such law if committed within the United States or 
a state. Local, or tribal jurisdiction; appear to be intended to intimidate or coerce a civilian population; to 
influence the policy of a government by intimidation or coercion; or to affect the conduct of a government 
by assassination or kidnapping; and occur totally outside the United States, or transcend national borders 
in terms of the means by which they are accomplished, the persons they appear to be intended to coerce 
or intimidate, or the locale in which their perpetrators operate or seek asylum. (50 USC 1810 Section 
101(c) and FBI Domestic Investigations and Operations Guide, 15 Oct 201 1) 


International Traffic in Arms Regulations (ITAR). A set of United States government regulations that 
control the export and import of defense-related articles and services on the United States Munitions List 
(USML). (Wikipedia, accessed 10 Sep 2013) 


ITAR implements the provisions of the Arms Export Control Act (AECA), and are described in Title 
22 (Foreign Relations), Chapter | (Department of State), Subchapter M of the Code of Federal 
Regulations. The Department of State Directorate of Defense Trade Controls (DDTC) interprets 
and enforces ITAR. Its goal is to safeguard U.S. national security and further U.S. foreign policy 
objectives. 


The related Export Administration Regulations are enforced and interpreted by the Commerce 
Department. DoD is also involved in the review and approval process. Physical enforcement of 
import and export laws at border crossings is performed by Customs and Border Protection, an 
agency of the Department of Homeland Security. 


See State Department web site at: http://www.pmddtc.state.gov/regulations laws/itar official.html 
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INTERPOL. The world's largest international police organization, with 188 member countries. Created in 
1923, it facilitates cross-border police co-operation, and supports and assists all organizations, authorities 
and services whose mission is to prevent or combat international crime. (www.interpol.int/) 


INTERPOL aims to facilitate international police co-operation even where diplomatic relations do 
not exist between particular countries. Action is taken within the limits of existing laws in different 
countries and in the spirit of the Universal Declaration of Human Rights. INTERPOL's constitution 
prohibits "any intervention or activities of a political, military, religious or racial character." 


Interpretation. A part of the analysis and production phase in the intelligence process in which the 
significance of information is judged in relation to the current body of knowledge. (Previously in JP 2-0, 
Joint Intelligence, 22 Jun 2007) 


Interrogation. Systematic effort to procure information by direct questioning of a person under the control 
of the questioner. (JP 1-02; JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 
Aug 2011; and Senate Report 94-755, Book | - Glossary, 26 Apr 1976) Also see educing information; 
elicitation; debriefing; intelligence interrogation; intelligence interviewing; interview; strategic intelligence 
interrogation. 


-- Also, interaction and conversation with a source who appears initially unwilling to provide 
information. (Educing Information — Interrogation: Science and Art, Dec 2006) 


-- Also, systematic effort to procure information to answer specific collection requirements by direct 
and indirect questioning techniques of a person who is in the custody of the forces conducting the 
questioning. (Army FM 2-22.3, HUMINT Collector Operations, 6 Sep 2006 and FM 2-0, Intelligence, 
23 Mar 2010) 


-- Also [law enforcement interrogation], the systematic effort by law enforcement investigators to 
prove, disprove, or corroborate information relevant to a criminal investigation using direct questioning 
in a controlled environment. (FM 19-10 / ATTP 3-39, Law and Order Operations, June 2011) 


-- Also, a methodology employed during the interview of a person to obtain information that the 
source would not otherwise willingly disclose. A typical purpose is not necessarily to force a confession, 
but rather to develop, playing on the source's character, sufficient rapport as to prompt the source to 
disclose information valuable to the interrogator. (Wikipedia; accessed 1 Aug 2007) 


Within DoD: Intelligence interrogation is the systematic process of using approved techniques, 
consistent with applicable law, to question a captured or detained person to obtain reliable 
information responsive to intelligence requirements. Interrogation is considered an overt HUMINT 
collection method but is regulated separately from other DoD HUMINT activities. 


For DoD policy see DoDD 3115.09, DoD Intelligence Interrogation, Detainee Debriefings, and 
Tactical Questioning, 11 Oct 2012. 


Per Executive Order 13491, Ensuring Lawful Interrogations (22 Jan 2009), only those interrogation 
approaches and techniques addressed in U.S. Army FM 2-22.3 are authorized. 


U.S. Army FM 2-22.3, Human Intelligence Collector Operations (Sep 2006), available online at: 
«http://www.fas.org/irp/doddir/army/fm2-22-3.pdf- 


Interrogation Approach. [In detainee operations] an interrogation technique as identified in U.S. Army 
Field Manual 2-22.3 that is used by trained and certified interrogators to establish and maintain control 
over and rapport with a detainee in order to gain the detainee's cooperation to answer the interrogator's 
questions. (DoDD 3115.09, DoD Intelligence Interrogations, Detainee Debriefings, and Tactical 
Questioning, 11 Oct 2012 w/ chg 1 dated 15 Nov 2013) 
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Interview. [In intelligence usage,] to gather information from a person who is aware that information is 
being given although there is ignorance of the true connection and purposes of the interviewer. Generally 
overt unless the collector is other than purported to be. (JP 1-02) Also see educing information; 
elicitation; debriefing; intelligence interrogation; intelligence interviewing; interrogation. 


-- Also, a nonstructured discussion, where open-ended questions are asked to determine facts about 
an incident or crime. (FM 19-10 / ATTP 3-39, Law and Order Operations, June 2011) 


-- Also, a dynamic human interaction to collect facts to be used for decision-making and/or action- 
taking. Interviewing is the gathering of facts/information; it is non-accusatory and less structured than 
an interrogation. 


-- Also, a conversation between two or more people (the interviewer and the interviewee) where 
questions are asked by the interviewer to obtain information from the interviewee. Interviews can be 
divided into two rough types, interviews of assessment and interviews for information. (Wikipedia) 


Investigative interview is the process whereby an investigator verbally obtains information from 
people associated with direct knowledge relevant to the investigation. 


Intra-dependency. Relationships or connections between entities of a DoD Component and a defense 
infrastructure sector. (DoDD 3020.40, DoD Policy and Responsibilities for Critical Infrastructure, 14 Jan 
2010 w/ chg 2 dated 21 Sep 2012) Also see inter-dependency. 


Intrusion. [In cyber usage], unauthorized access to a DoD, DIB [defense industrial base], or critical 
infrastructure network, information system, or application. (DoDI S-5240.23, Cl Activities in Cyberspace 
(U), 13 Dec 2010 with change 1 dated 16 Oct 2013) 


-- Also, unauthorized act of bypassing the security mechanisms of a system. (CNSSI No. 4009, 
National Information Assurance Glossary, 26 April 2010) 


-- Also. movement of a unit or force within another nation's specified operational area outside of 
territorial seas and territorial airspace for surveillance or intelligence gathering in time of peace or tension. 
(JP 1-02) 


Investigation. The systematic inquiry into an allegation of unfamiliar or questionable activities, wherein 
evidence is gathered to substantiate or refute the allegation or questionable activity. An investigation is 
initiated when there are articulable facts that indicate a possible violation of law or policy. Some 
investigations may be conducted unilaterally by an agency (depending on their authorities), jointly with an 
external investigate body, or referred to an external investigate body for unilateral investigation. (ONCIX 
Insider Threat Detection — Glossary) Also see counterintelligence investigation. 


-- Also, the application of law enforcement and/or counterintelligence authorities and methodologies 
to conduct a detailed, sustained, structured, and objective inquiry to ascertain the truth about an event, 
situation, or individual. (SECNAVINST 5430.107, Mission & Functions of the NCIS, 28 Dec 2005) 


-- Also, the act of investigating; the process of inquiring into or following up; research; study; inquiry, 
especially patient or thorough inquiry or examination.... (Wiktionary; accessed 28 June 2012) 


Conducting a successful investigation is often the result of having a wide range of knowledge and 
using common sense in its application. There are certain actions that apply to all investigations. 
Investigators follow these intelligent and logical steps to ensure that an investigation is conducted 
systematically and impartially. There are certain actions that, over time, have proven useful for 
specific investigations. It is a wise investigator who understands and applies the knowledge, skills, 
and techniques learned for a particular investigation and uses them wherever they are most useful 
in any investigation. 

- FM 3-19.13, Law Enforcement Investigations, Jan 2005, p. 1-15 
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Investigations, Collections & Operations Nexus (ICON). The Air Force's central counterintelligence 
and counterterrorism analysis center of excellence; an element of the Air Force Office of Special 
Investigations (AFOSI). 


The ICON is AFOSI's primary stop for analytical and specialist support for all criminal and 
counterintelligence investigations and operations. It is the home to AFOSI's 24/7 Global Watch 
Center and the current Intelligence Desk which produces AFOSI’S flagship publication, the "AFOSI 
Blue Line." Additionally, the ICON is responsible for acting as the key liaison and interface with 
National Intelligence and Law Enforcement organizations for AFOSI's CI, CT, criminal, economic 
crime, and cyber operational issues. 

-- Air Force Office of Special Investigations 


Investigative Jurisdiction. Term for the jurisdiction of an investigative agency over a particular crime 
or over the locus of where the crime was committed. (Leo D. Carl, The CIA Insider's Dictionary, 1996) 


Investigative Lead. A person who possesses information about or was a witness to an incident under 
investigation or a record which contains information of value to the investigation. (AR 381-20, Army CI 
Program, 25 May 2010) Also see /ead. 


Investigative Plan (IP). A detailed plan for the conduct of a Cl investigation to ensure that all investigative 
activity is conducted in a properly sequenced, coordinated, coherent, timely and efficient manner. The 
plan should outline the actions to be accomplished to resolve an allegation, a report, or information 
relating to matters under investigation. (AR 381-20, Army CI Program, 25 May 2010) 


-- Also, a document used to plan proposed investigative activities, including special investigative 
techniques, to support counterintelligence investigation. (Army FM 2-22.2, Cl, Oct 2009) 


Blueprint for a CI Investigation — a tool to describe the purpose & objectives 


The IP is the equivalent of an operations order for the conduct of a CI investigation. 
-- 902d MI Group Investigations Handbook, Jun 2012, p.94 


CI investigations will vary is scope, objective, and resources to successfully resolve the incident 
under investigation. The IP is the document that provides a detailed road map on the conduct of 
CI investigations including all investigative participants, all investigative activities required, all 
resources and external support required, and all interagency or legal coordination required to 
successfully resolve the incident. IPs are living documents and may require revision due to 
information development and case direction. 


— Army FM 2-22.2, Counterintelligence, Oct 2009 (Chapter 2 - Cl Investigations, pp. 2-1 thru 2-47) 
Investigative Source. See FOUO definition in AR 381-20, Army Cl Program (U), 25 May 2010. 


Investigative Source Operation (ISO). A controlled counterintelligence operation that may be used in 
counterintelligence investigations. Also see counterintelligence investigation. 


Three types of CI Investigative Source Operations are: role players; collaborative sources; and 
investigative access sources. 


Proposals for the use of an ISO require proper legal review and formal approval. For detailed 
information see classified Army Regulation 381-20, Army Counterintelligence Program (U), 
25 May 2010, Chapter 10 - Counterintelligence Operations, paragraph 10 -2 (pp. 44-47). 


Irregular Warfare (IW) A violent struggle among state and non-state actors for legitimacy and influence 
over the relevant population(s). (JP 1, Doctrine for the Armed Forces of the United States, 25 Mar 2013) 
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-- Also, a violent struggle among state and non-state actors for legitimacy and influence over the 
relevant population(s). Irregular warfare favors indirect and asymmetric approaches, though it may 
employ the full range of military and other capacities, in order to erode an adversary's power, influence, 
and will. (DoD 3000.07, Irregular Warfare, 1 Dec 2008) 


-- Also, [as defined by Army] a violent struggle among state and nonstate actors for legitimacy and 
influence over a population. (FM 3-0, Operations, Feb 2008) 


ITAR. See International Traffic in Arms Regulations. 
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J ee ee eS 


J-2X. The staff element of the intelligence directorate of a joint staff that combines and represents the 
principal authority for counterintelligence and human intelligence support. (JP 1-02 and JP 2-01.2, Cl & 
HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) Also see 2X. 


-- Also, a J-2 staff element normally associated with a deployed joint force, consisting basically of the 
HUMINT operations cell (HOC) and the task force counterintelligence coordinating authority (TFCICA), 
and the Operational Support Element (OSE). The J-2X is responsible for coordination and deconfliction 
of all human source-related activity. (DHE-M 3301.002, Vol II Collection Operations, 23 Nov 2010) 


Jack-in-the-Box (JIB). A dummy—sometimes inflatable—placed in a car to deceive [surveillance] about 
the number of persons in the vehicle. (Spy Book) 


“A three-dimensional human torso sitting atop a spring-activated scissor-lift mechanism fitted with 
a rotating head, which collapse[s] into a small portable briefcase or duffel bag. “ Can be used to 
effectively elude surveillance by “controlling the location of the event (an empty street...), the 
lighting (an unlit area), the audience (the trailing surveillance car), the timing (when the cars were 
a sufficient distance apart), and the sight line (visible only from the rear).” 

-- H. Keith Melton and Robert Wallace, The Official CIA Manual of Trickery and Deception (2009) 


“It is used in an automobile to evade surveillance, by deceiving (a) surveillant(s) that a person being 
tailed is still in the automobile, when, in fact, the jib has replaced him or her. The FBI was allegedly 
thus deceived while staking out Edward Lee Howard, the former CIA case officer who escaped and 
subsequently defected to the former USSR.“ 

-- Leo D. Carl, The CIA Insider's Dictionary (1996), p. 319 


"A jib is an inflatable man-sized dummy first employed by the CIA in the early 1980s. It was 
designed to replace an operative escaping from the inside of a moving vehicle. As the escapee 
rolls from the passenger side of the vehicle, the jib is employed. Thus, the jib serves as a decoy for 
pursuers [trailing surveillance team]." 

-- W. Thomas Smith, Jr., Encyclopedia of the CIA, 2003 


Jihad. Arabic word derived from a verb that means “to struggle, strive, or exert oneself." Violent 
extremists understand the concept jihad as a “religious call to arms." Also see jihadist. 


Historically, key Sunni and Shia religious texts most often referred to jihad in terms of religious 
approved fighting on behalf of Islam and Muslims. Most Al Qaeda-produced ideological material 
reflects Al Qaeda supporters’ shared view of jihad as an individual duty to fight on behalf of Islam 
and Muslims, and, in some case, to offensively attack Muslims and non-Muslims who are deemed 
insufficiently pious or who oppose enforcement of Islamic principles and religious law. 


The terms jihadist, violent Islamist, and militant Islamist refer to groups and individuals whose 
statements indicate that they share such an understanding of jihad and who advocate or use 
violence against the United States or in support of transnational Islamist agendas. 

-- Congressional Research Service (CRS) Report R41674, 8 Mar 2011 


...[J]ihad is a complex term that can be understood in a number of different ways. Traditional 
Islamic jurisprudence distinguishes between two major levels of jihad. The Greater Jihad refers to 
the inner struggle of the individual believer to affirm his or her commitment to the requirements of 
Islam, and is also called jihad of the heart. It is the Lesser Jihad, or jihad of the sword (often 
translated "holy war," a translation the author scrupulously avoids) that is the central concern of his 
study. 
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Sometimes called the "sixth pillar of Islam," there is no question that jihad is a required commitment 
of the Muslim. Moreover, although most Qur'anic verses define it as the collective responsibility all 
Muslims to defend the community against non-Muslim aggressors, there are a few verses, as well 
as hadith (authentic traditions ascribed to the Prophet Muhammad), that can be interpreted to 
justify wars of imperial conquest. It is also certainly true that at various times in Islamic history 
conquerors have used the concept of jihad to justify imperial expansion. 


-- Max L. Gross, Dean of the School of Intelligence Studies, Joint Military Intelligence College, 
and Middle East scholar and intelligence analyst. (As quoted in Joint Military Intelligence College, 
Discussion Paper 13, entitled Global War Terrorism: Analyzing the Strategic Threat, Nov 2004, p. viii-ix). 


Jihadist. Term describes radicalized individuals using Islam as an ideological and/or religious justification 
for their belief in the establishment of a global caliphate, or jurisdiction governed by a Muslim civil and 
religious leader known as a caliph. (CRS Report R41416, 23 Jan 2013) Also see jihad. 


Jihadists draw on Salafi Islam—the fundamentalist belief that society should be governed by 
Islamic law based on the Quran and following the model of the immediate followers and 
companions of the Prophet Muhammad. 


The CRS Report points out there is an important distinction between the terms "radicalization" and 
"violent extremism" as it relates to the threshold of U.S. law enforcement interest and action. This is 
because Americans have the right under the First Amendment to adopt, express, or disseminate 
ideas, even hateful and extremist ones. But when radicalized individuals mobilize their views, i.e., 
they move from a radicalized viewpoint to membership in a terrorist group, or to planning, materially 
supporting, or executing terrorist activity, then the nation's public safety and security interests are 
activated. Thus, the terms may be differentiated as follows: 


-- “Radicalization” describes the process of acquiring and holding radical, extremist, or jihadist 
beliefs. 


-- *Violent Extremism" describes violent action taken on the basis of radical or extremist 
beliefs. For many, this term is synonymous with "violent jihadist" and "jihadist terrorist." 


The term “violent jihadist" characterizes jihadists who have made the jump to illegally supporting, 
plotting, or directly engaging in violent terrorist activity. 


See CRS Report R41416, American Jihadist Terrorism: Combating a Complex Threat. For more 
on Salafi Islam, see CRS Report RS21695, The Islamic Traditions of Wahhabism and Salafiyya. 


For more on Al Qaeda's global network, see CRS Report R41070, A/ Qaeda and Affiliates: 
Historical Perspective, Global Presence, and Implications for U.S. Policy. 


Joint. Connotes activities, operations, organizations, etc., in which elements of two or more Military 
Departments participate. (JP1, Doctrine for the Armed Forces of the United States, 25 Mar 2013 and 
JP 1-02) 


Joint Base. For purposes of base defense operations, a joint base is a locality from which operations of 
two or more of the Military Departments are projected or supported and which is manned by significant 
elements of two or more Military Departments or in which significant elements of two or more Military 
Departments are located. (JP 1-02 and JP 3-10, Joint Security Operations in Theater, 03 February 2010) 


Joint Captured Materiel Exploitation Center (JCMEC). A physical location for deriving intelligence 
information from captured enemy materiel. It is normally subordinate to the Joint Force/J-2. (JP 2-01, 
Joint and National Intelligence Support to Military Operations, 5 Jan 2012) 


Joint Counterintelligence Unit (JCIU). An organization composed of Service and Department of Defense 
agency counterintelligence personnel, formed under the authority of the Secretary of Defense and 
assigned to a combatant commander, which focuses on the combatant command strategic and 
operational counterintelligence missions. (JP 1-02 and JP 2-01.2, Cl & HUMINT in Joint Operations, 

16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 


197 


Page 3714 of 3957 


Page 3715 of 3957 


Counterintelligence Glossary -- Terms & Definitions of Interest for CI Professionals (9 June 2014) 


-- Also, an organization composed of Service and Defense agency Cl personnel, formed under the 
authority of a Secretary of Defense-approved operation order, which focuses on combatant command 
strategic and operational Cl missions within an area of conflict. This unit is under the command authority 
of the Combatant Commander, or his or her duly designated subordinate joint force commander, for the 
duration of the operation, or as otherwise specified in the operation plan or order. (DoDI S-5240.09, 
OFCO, 29 Oct 2008) 


For more detailed discussion of the JCIU see Appendix B, Joint Counterintelligence Unit (U), 
JP 2-01.2, Cl & HUMINT in Joint Operations (U), 16 Mar 2011 w/ chg 1 dated 26 Aug 2011. 


Also see the Joint Counterintelligence Unit Handbook (U), published June 2010 by the Defense 
Cl & HUMINT Center (D2X-ES-C Lessons Learned Branch). 


For lessons learned see the following classified reports — 
-- (U) Strategic CI Directorate Iraq (SCID-I) Lesson Learned Report, 5 Jun 2009 
-- (U) Strategic CI Directorate Afghanistan (SCID-A) Lesson Learned Report, undated 
circa Jun 2010) 


Note: The transition of Strategic CI Directorates (SCIDs) to Joint Cl Units (JCIUs) was not merely 
a change in title—it fundamentally changed the SCID from a Cl organization with no clear chain of 
command to a Cl unit that is directed, controlled, and focused by the Combatant Commander at 
the operational level of war. 


Joint Counterintelligence Training Academy (JCITA). Professional training and education institution for 
advanced joint DoD CI training. (DoDI 3305.11, DoD CI Training, 19 Mar 2007) See counterintelligence 
training. 


-- Also, the primary professional training and education center for advanced and joint Cl training 
within DoD and is known as the DoD Center of Excellence for CI training. (DoDI JCITA, 13 Nov 2013) 


JCITA provides advanced counterintelligence training to the Department of Defense and 
other national security stakeholders agencies within the federal government. 


JCITA SIPRNet website at: <https://jcita.dia.smil.mil> 
JCITA ...training counterintelligence today to protect our nation tomorrow. 


Joint Deployable Intelligence Support System (JDISS). A transportable workstation and communications 
suite that electronically extends a joint intelligence center to a joint task force or other tactical user. 
(JP 1-02 and JP 2-0, Joint Intelligence, 22 Oct 2013) 


Joint Doctrine. Fundamental principles that guide the employment of US military forces in coordinated 
action toward a common objective. Joint doctrine contained in joint publications also includes terms, 
tactics, techniques, and procedures. It is authoritative but requires judgment in application. (JP 1-02) 


Joint Document Exploitation Center (JDEC). A physical location for deriving intelligence information from 
captured adversary documents including all forms of electronic data and other forms of stored textual and 
graphic information. It is normally subordinate to the joint force intelligence directorate. (JP 1-02 and 

JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 


-- Also, a joint center established to receive, inventory, catalogue, selectively translate, and 
disseminate captured or acquired documents and media. (DHE-M 3301.002, Vol II Collection Operations, 
23 Nov 2010) 
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Joint Force. A general term applied to a force composed of significant elements, assigned or attached, 
of two or more Military Departments operating under a single joint force commander. (JP 1-02) 


Joint Force Commander (JFC). A general term applied to a combatant commander, subunified 
commander, or joint task force commander authorized to exercise combatant command (command 
authority) or operational control over a joint force. (JP1, Doctrine for the Armed Forces of the United 
States, 25 Mar 2013 and JP 1-02) Also see joint force. 


Joint Intelligence. Intelligence produced by elements of more than one Service of the same nation. 
(JP 1-02 and JP 2-0, Joint Intelligence, 22 Oct 2013) 


Joint Intelligence Operations Center (JIOC). An interdependent, operational intelligence organization 
at the Department of Defense, combatant command, or joint task force (if established) level, that is 
integrated with national intelligence centers, and capable of accessing all sources of intelligence 
impacting military operations planning, execution, and assessment. (JP 1-02 and JP 2-0, Joint 
Intelligence, 22 Oct 2013) 


-- Also, those centers, below the Defense-level (COCOM and specified Unified Commands) 
established by the Secretary of Defense on 3 April 2006, to plan, prepare, integrate, direct, synchronize, 
and manage continuous, full-spectrum defense intelligence operations within their respective AORs. The 
J2 of each command is designated as the respective JIOC Director. (DIA HUMINT Manual, Vol |, 
DHE-M 3301.001, 30 Jan 2009 w/ chg 2 dated 1 Feb 2012) 


Joint Intelligence Preparation of the Operational Environment (JIPOE). The analytical process used by 
joint intelligence organizations to produce intelligence estimates and other intelligence products in support 
of the joint force commander's decision-making process. It is a continuous process that includes defining 
the operational environment; describing the impact of the operational environment; evaluating the 
adversary; and determining adversary courses of action. (JP 1-02 and JP 2-01.3, Joint Intelligence 
Preparation of the Operational Environment) 


Joint Intelligence Support Element (JISE). A subordinate joint force element whose focus is on 
intelligence support for joint operations, providing the joint force commander, joint staff, and components 
with the complete air, space, ground, and maritime adversary situation. (JP 1-02 and JP 2-01, Joint and 
National Intelligence Support to Military Operations, 5 Jan 2012) 


Joint Intelligence Task Force-Combating Terrorism (JITF-CT). See Defense Combating Terrorism Center 
(DCTC). 


In the fall of 2012 the JITF-CT transitioned to the Defense Combating Terrorism Center (DCTC). 


Joint Intelligence Training (JIT). Fundamental training that guides the development and utilization of 
intelligence professionals and organizations designed to support two or more Services employed in 
coordinated action. (DoDI 3305.14, JIT, 28 Dec 2007) 


Joint Inter-Agency Cyber Task Force (JIACTF). Joint inter-agency task force created by the Director of 
National Intelligence (DNI) to execute DNI responsibilities in monitoring and coordinating the CNCI and 
to report to the President on Comprehensive National Cybersecurity Initiative (CNCI) implementation, 
together with recommendations as deemed appropriate. (Securing Cyberspace for the 44^ Presidency, 
Dec 2008) 
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Joint Interrogation and Debriefing Center (JIDC). Physical location for the exploitation of intelligence 
information from detainees and other sources. (JP 1-02 and JP 2-01.2, CI & HUMINT in Joint Operations, 
16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 


JIDCs are established under the direction of the joint force commander within the joint operations 
area and are normally collocated with detainee holding facilities. The mission of the JIDC is to 
conduct screening and interrogation of detainees, questioning of walk-in sources, and translation 
and exploitation of documents associated with detainees. The JIDC coordinates exploitation of 
captured equipment with the joint captured material exploitation center, captured documents with 
the joint document exploitation center, and high-value human sources with the joint strategic 
exploitation center. 


For additional information see JP 3-63, Detainee Operations, 30 May 2008 


Joint Interrogation Operations (JIO). 1) Activities conducted by a joint or interagency organization to 
extract information for intelligence purposes from enemy prisoners of war, dislocated civilians, enemy 
combatants, or other uncategorized detainees; or 2) Activities conducted in support of law enforcement 
efforts to adjudicate enemy combatants who are believed to have committed crimes against US persons 
or property. (JP 1-02 and JP 2-01, Joint and National Intelligence Support to Military Operations, 5 Jan 
2012) 


Joint Investigation. An investigation in which more than one investigative agency has established 
investigative authority over an offense and/or subject of the investigation, and the agencies involved 
agree to pursue the investigation in concert, with agreements reached detailing investigative 
responsibilities, procedures, and methods. (CI Community Lexicon) 


Joint Operational Planning. Planning activities associated with joint military operations by combatant 
commanders and their subordinate joint force commanders in response to contingencies and crises. 
(JP 5-0, Joint Operation Planning, 11 Aug 2011) 


Joint Operation Planning and Execution System (JOPES). An Adaptive Planning and Execution system 
technology. (JP 5-0, Joint Operation Planning, 11 Aug 2011) 


Joint Operation Planning Process (JOPP). An orderly, analytical process that consists of a logical 
set of steps to analyze a mission, select the best course of action, and produce a joint operation plan or 
order. (JP 5-0, Joint Operation Planning, 11 Aug 2011) 


Joint Operations. A general term to describe military actions conducted by joint forces and those Service 
forces employed in specified command relationships with each other, which of themselves, do not 
establish joint forces. (JP 1-02 and JP 3-0, Joint Operations, 11 Aug 2011) 


Joint Operations Area (JOA). An area of land, sea, and airspace, defined by a geographic combatant 

commander or subordinate unified commander, in which a joint force commander (normally a joint task 
force commander) conducts military operations to accomplish a specific mission. (JP 1-02 and JP 3-0, 
Joint Operations, 11 Aug 2011) 


Joint Personnel Adjudication System (JPAS). The centralized database of standardized personnel 
security processes; virtually consolidates the DoD Central Adjudication Facilities by offering real time 
information concerning clearances, access, and investigative statuses to authorized DoD security 
personnel and other interfacing organizations. (IC Standard 700-1, 4 Apr 2008) 


-- Also, the centralized Department of Defense database of standardized personnel security 
processes; virtually consolidates the DoD Central Adjudication Facilities by offering real time information 
concerning clearances, access, and investigative statuses to authorized DoD security personnel and 
other interfacing organizations (e.g., Defense Security Service, Defense Manpower Data Center, Defense 
Civilian Personnel Management, and the Air Force personnel Center). (DSS Glossary) 
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Joint Personnel Recovery Center (JPRC). The primary joint force organization responsible for planning 
and coordinating personnel recovery for military operations within the assigned operational area. 
(JP 1-02 and JP 3-50, Personnel Recovery, 5 Jan 2007) 


Joint Strategic Capabilities Plan (JSCP). A plan that provides guidance to the combatant commanders 
and the Joint Chiefs of Staff to accomplish tasks and missions based on current military capabilities. 
(JP 5-0, Joint Operation Planning, 11 Aug 2011) 


Joint Strategic Exploitation Center (JSEC). Theater-level physical location for an exploitation facility that 
functions under the direction of the joint force commander and is used to hold detainees with potential 
long-term strategic intelligence value, deemed to be of interest to counterintelligence or criminal 
investigators, or who may be a significant threat to the Unites States, its citizens or interest, or US allies. 
(JP 1-02 and JP 2-01.2, Cl & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 


The JSEC is a theater-level exploitation facility and is normally collocated with a rear area 
collection and holding center for detainees. The JSEC's mission is the conduct of interrogations 
and debriefings to generate intelligence information responsive to theater and national 
requirements, and to identify detainees with potential long-term strategic intelligence value, 
deemed to be of interest to counterintelligence or criminal investigators, or who may be a 
significant threat to the United States, its citizens or interests, or US allies. 


Joint Task Force (JTF). A joint force that is constituted and so designated by the Secretary of Defense, 
a combatant commander, a subunified commander, or an existing joint task force commander. (JP 1-02) 


Joint Task Force Counterintelligence Coordinating Authority. See Task Force Counterintelligence 
Coordinating Authority (TFCICA). 


Joint Terrorism Task Forces (JTTFs). Small cells of highly trained, locally based, investigators, analysts, 
linguists, SWAT experts, and other specialists from dozens of U.S. law enforcement and intelligence 
agencies. It is a multi-agency effort led by the Justice Department and FBI designed to combine the 
resources of federal, state, and local law enforcement. (DoJ website: <http://www.usdoj.gov/jttf/>) Also 
see National Joint Terrorism Task Force. 


-- Also, a coordinated "action arm" for federal, state, and local government response to terrorist 
threats in specific U.S. geographic regions. The FBI is the lead agency that oversees the JTTFs. 
(ODNI, U.S. National Intelligence — An Overview 201 1) 


-- Also, an FBl-led task force whose primary mission is to collect intelligence of actual, suspected, or 
planned acts of terrorism directed against U.S. persons and property. (DoD FCIP Strategy FY 2013-2017) 


JTTFs were established by the FBI to conduct operations to predict and disrupt terrorist plots. 
JTTFs are in over 100 cities nationwide; in addition, there is at least one in each of the FBI’s 56 
field offices. The National Joint Terrorism Task Force (NJTTF), in Washington, D.C., coordinates 
all the JTTFs. 

-- ODNI, U.S. National Intelligence — An Overview 2011, p. 30 


Joint Terrorism Task Forces (JTTFs) are based in 103 cities nationwide, with at least one in each 
of the FBI’s 56 field offices. They include more than 4,400 members nationwide and represent 
some 600 state and local agencies and 50 federal agencies. 

-- FBI, Today's FBI: Facts & Figures 2013-2014 


DoD CI personnel participating on JT TFs work in partnership with other JTTF members to detect 
and neutralize terrorists, terrorist-enabling individuals, and organizations threatening DoD interest. 
-- DoDI 5240.22, CI Support to Force Protection, 24 Sep 2009, p. 6 
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Joint Worldwide Intelligence Communications System (JWICS). The sensitive compartmented information 
portion of the Defense Information Systems Network, which incorporates advanced networking 
technologies that permit point-to-point or multipoint information exchange involving voice, text, graphics, 
data, and video teleconferencing. (JP 2-0, Joint Intelligence, 22 Oct 2013) 


-- Also, the Intelligence Community's TS-SCI global network; a communications network that delivers 
secure information services to national and defense intelligence components around the world. All U.S. 
Government TS-SCI networks run off of JWICS. (National Intelligence: A Consumer's Guide - 2009) 


Judgment. [As used in intelligence analysis] Judgment is what analysts use to fill gaps in their 
knowledge. It entails going beyond the available information and is the principal means of coping with 


uncertainty. It always involves an analytical leap, from the known into the uncertain. Judgment is an 
integral part of all intelligence analysis. (Psychology of Analysis by Richards J. Heuer, Jr, 1999) 


202 


Page 3719 of 3957 


Page 3720 of 3957 


Counterintelligence Glossary -- Terms & Definitions of Interest for CI Professionals (9 June 2014) 


K ee ee eS 


Key. A numerical value used to control cryptographic operations, such as decryption, encryption, 
signature generation, or signature verification. (CNSSI No. 4009, National Information Assurance 
Glossary, 26 April 2010) 


Key Enabler. That crucial element that supplies the means, knowledge, or opportunity that allows for the 
success of an assigned task or mission. (USJFCOM Glossary) 


Key Facilities List. A register of selected command installations and industrial facilities of primary 
importance to the support of military operations or military production programs. It is prepared under the 
policy direction of the Joint Chiefs of Staff. (JP 1-02) 


Keystroke Monitoring. The process used to view or record both the keystrokes entered by a computer 
user and the computer's response during an inactive session. (NIST, Glossary of Key Information 
Security Terms, May 2013) 

Khobar Towers Bombing. A terrorist [truck] bombing of the residence of U.S. military personnel at the 
Khobar Towers complex in Dhahran, Saudi Arabia, on 25 June 1996 killed 19 American military 
personnel and wounded hundreds more. (Words of Intelligence, 2° Edition, 2011) 


Knowledge. In the context of the cognitive hierarchy, information analyzed to provide meaning and value 
or evaluated as to implications for the operation. (FM 6-0, Mission Command, 11 Aug 2003). 


Knowledge Management. The process of enabling knowledge flow to enhance shared understanding, 
learning, and decisionmaking. (ADRP 6-0, Mission Command, May 2012) 


Knowledgeability Brief (KB). A document used to notify consumers of the availability and background of 
an overt source for debriefing. (DHE-M 3301.002, Vol II Collection Operations, 23 Nov 2010) 
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L ee 


Laundering. In counterdrug operations, the process of transforming drug money into a more manageable 
form while concealing its illicit origin. Foreign bank accounts and dummy corporations are used as 
shelters. (JP 1-02 and JP 3-07.4, Joint Counterdrug Operations, 13 Jun 2007) 


-- Also, a process of hiding sources, transmittal, and people involved in financial matters and transfers 
of money for intelligence and today more commonly for criminal purposes, primarily associated with 
terrorist activity and narcotics trafficking. (Words of Intelligence, 2"? Edition, 2011) 


Law Enforcement. Activities to protect people, places and things from criminal activity resulting from non- 
compliance with laws, includes patrols, emergency responses, undercover operations, arrests, raids, etc. 


-- Also, the generic name for the activities of the agencies responsible for maintaining public order 
and enforcing the law, particularly the activities of prevention, detection, and investigation of crime and 
the apprehension of criminals. (www.ojp.usdoj.gov; accessed 29 Apr 2013) 


Counterintelligence is part art, part science, a discipline 
aimed at identifying and exploiting or stopping foreign spies. 
Law enforcement is easier: You identify the bad guys and arrest them. 
-- Bill Gertz, "Enemies," The Washington Times, 18 Sep 2006 


Traditional law enforcement activities aim at apprehending and prosecuting perpetrators of criminal 
activity after the commission of their crimes. In most circumstances, the primary responsibility of 
law enforcement is to determine whether a crime has been committed, conduct an investigation to 
identify and apprehend the perpetrator, and gather evidence to assist prosecutors in a criminal trial. 


Law Enforcement is police work waging a war against crime—it’s evidence-prosecution centric. 
Whereas counterintelligence is national security work waging a war against foreign intelligence 
threats—it's information-exploitation centric. 


Each operates in fundamentally dissimilar manners... different legal authorities, oversight 
structures, governing paradigms, cultures, etc. These two disciplines merge or intersect when 
hidden intelligence activity is also criminal, i.e., national security crimes (espionage, treason, 
Spying, etc.). 


"Effective enforcement of U.S. espionage statues and Articles 104 and 106 of 
the Uniform Code of Military Justice is essential to national security.... Services 
have different approaches to counterintelligence due to their unique missions. ... 
NCIS and AFOSI counterintelligence doctrine holds that counterintelligence 
primarily is a law enforcement issue. ...under Army counterintelligence doctrine, 
counterintelligence is, first and foremost, an intelligence mission.... 
Considerable intersection exists between law enforcement, counterintelligence, 
and intelligence in the areas of espionage, terrorism, and low-intensity conflict. . .. 
The law enforcement, counterintelligence, and intelligence collection disciplines 
must complement one another." 
-- "Report of the Advisory Board on the Investigative Capability in the Department of Defense - Vol. |,” 


Department of Defense, January 1995, pp. 67-75. 
Copy available online at: <http://nandle.dtic.mil/100.2/ADA299523> 


The goals of law enforcement and intelligence collection conflict... 


"Law enforcement agencies collect information solely to put criminals in prison—a onetime, 
short-term goal; pay the informant, make a bust, go to trial with the informer as witness. 
Espionage is conducted for long-term production of intelligence: recruit the agent, collect the 
information, hopefully for years or decades." 

-- Duane R. Clarridge, A Spy For All Seasons: My Life in the CIA (1997), p. 409 
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Law Enforcement Agency (LEA). Any of a number of agencies (outside the Department of Defense) 
chartered and empowered to enforce US laws in the United States, a state or territory (or political 
subdivision) of the United States, a federally recognized Native American tribe or Alaskan Native Village, 
or within the borders of a host nation. (JP 1-02 and JP 3-28, Defense Support of Civil Authorities, 31 Jul 
2013) 


Law Enforcement Officer. An employee, the duties of whose position are primarily the prevention, 
investigation, apprehension, or detention of individuals suspected or convicted of offenses against the 
criminal laws, including an employee engaged in this activity who is transferred to a supervisory or 
administrative position; or serving as a probation or pretrial services officer. (Cited as 18 USC at 
<http://www.lectlaw.com/def/l008.htm>) 


Law of War. That part of international law that regulates the conduct of armed hostilities. Also called the 
law of armed conflict. (JP 1-02 and JP 1-04, Legal Support to Military Operations,17 August 2011) 


Lawful Search. An examination, authorized by law, of a specific person, property, or area for specified 
property evidence, or a specific person, for the purpose of seizing such property, evidence or person. 
(AR 190-30, Military Police Investigation, 1 Nov 2005) 


Lead. In intelligence usage, a person with potential for exploitation, warranting additional assessment, 
contact, and/or development. (JP 1-02 and JP 2-01.2, Cl & HUMINT in Joint Operations, 16 Mar 2011 w/ 
chg 1 dated 26 Aug 2011) Also see Counterintelligence Operational Lead (CIOL). 


-- Also, an identified potential source. (HDI Lexicon, April 2008 and Defense HUMINT Enterprise 
Manual 3301.002, Vol II Collection Operations, 23 Nov 2010) 


-- Also, [for investigative purposes,] single investigative element of a case requiring action. (IC 
Standard 2008-700-01, 4 Apr 2008) 


-- Also, any source of information that, if exploited, may reveal information of value in the conduct of 
a counterintelligence investigation. (AR 381-20, Army Cl Program, 25 May 2010) 


-- Also, for Cl collection purposes, any person who has the potential to provide information of value 
to the supported command. (DoD, Cl Functional Services IWG Handbook, 19 Feb 2009) 


Lead Agency. The US Government agency designed to coordinate the interagency oversight of the day- 
to-day conduct of an ongoing operation. (JP 1-02 and JP 3-08 Interorganizational Coordination During 
Joint Operations, 24 June 2011) 


-- Also, in Cl usage concerning an investigation, the agency in a joint investigation that has primary 
authority concerning the offense committed or is designated as such by agreement of the investigative 
agencies involved. The lead agency is ultimately responsible for determination of investigative 
responsibilities, procedures, and methods. Also see joint investigation. 


Lead Federal Agency (LFA). The federal agency that leads and coordinates the overall federal response 
to an emergency. Designation and responsibilities of a lead federal agency vary according to the type of 
emergency and the agency's statutory authority. (JP 1-02 and JP 3-41, CBRNE Consequence 
Management, 2 Oct 2006) 


Leaks. See unauthorized disclosure. 


National Security Leaks 


"| am deeply disturbed by the continuing leaks of classified information to the media..., disclosures 
of this type endanger American lives and undermine America's national security." 
-- Senator Dianne Feinstein, Chairman of the Senate Intelligence Committee, 5 June 2012 
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Least Intrusive Means. See Rule of Least Intrusive Means. The collection of information about US 
persons shall be accomplished by the /east intrusive means. 


Legal Attaché (LEGAT). The FBI has offices around the globe. These offices—called legal attachés 
or legats—are located in U.S. embassies. (fbi.gov) -- See <http://www.fbi.gov/contact-us/legat> 


-- Also, the title of FBI special agents deployed abroad to liaison posts in overseas diplomatic 
missions... (Historical Dictionary of Cold War Counterintelligence, 2007) 


Legal Residency. An intelligence apparatus in a foreign country composed of intelligence officers 
assigned as overt representatives of their government, but not necessarily identified as intelligence 
officers. (ICS Glossary) 


Legal Traveler. Any individual traveling with legitimate documentation to perform a specific collection 
or support mission. (National HUMINT Glossary) 


-- Also, any individual traveling with legal documentation to perform specified intelligence collection 
or support missions, or any individual who may be selected for debriefing on legal travel to or through 
geographical areas of interest. (AR 381-20, Army Cl Program, 25 May 2010) 


Legend. The complete cover story developed for an operative. (CI Centre Glossary) 


-- Also, a coherent and plausible account of an individual's background, living arrangements, 
employment, daily activities, and family given by a foreign intelligence service by an illegal or agent. 
Often the legend will be supported by fraudulent documents. (FBI FCI Terms) 


-- Also, false identify that an agent builds up through forged documents and other means such as 
living under the name of the person whose identify he assumes. (Spy Book) 


-- Also, a carefully constructed cover for an intelligence officer. (Spycraft) 


-- Also, a spy's fictional identity and a complete cover story developed for operatives. (Encyclopedia 
of Cold War Espionage, Spies, and Secret Operations, 3" edition, 2012) 


Liaison. That contact or intercommunication maintained between elements of military forces or other 
agencies to ensure mutual understanding and unity of purpose and action. (JP 1-02 and JP 3-08, 
Interorganizational Coordination During Joint Operations, 24 Jun 2011) Also see intelligence liaison. 


-- Also, [activity] conducted to obtain information and assistance, to coordinate or procure material, 
and to develop views necessary to understand counterparts. Liaison contacts are normally members of 
the government, military, law enforcement, or other member of the local or coalition infrastructure. The 
basic tenet of liaison is quid pro quo. An exchange of information, services, material, or other assistance 
is usually a part of the transaction. (Army FM 2-22.3, HUMINT Collector Operations, 6 Sep 2006) 


A basic tenet of liaison is quid pro quo (something for something exchange. 
-- FM 222.2, Counterintelligence , October 2009, p. 4-8 


"A crucial but often overlooked part of U.S. intelligence efforts is liaison with foreign intelligence 
services.... A productive liaison relationship does not necessarily preclude spying on each other— 
but it does mean both sides try to be especially careful not to get caught at it." 

-- James M. Olson, Fair Play: The Moral Dilemmas of Spying (2006) 
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"Liaison is not explicitly spelled out in the theoretical approaches [regarding] intelligence. If one 
looks to the intelligence cycle paradigm, one will even discover that liaison has no fixed location in 
the cycle... it is actually a mode of activity in every point in the intelligence cycle [and] shares this ... 
with counter-intelligence." 

-- Dutch Analysts Bob De Graaf and Cees Wiebes in Jeffreys-Jones, External Vigilance (1997) 


"Answering questions about the costs and benefits of foreign intelligence liaison requires a thorough 
understanding of the subject in theory and in U.S. practice. Although sometimes equated with 
intelligence sharing, intelligence liaison is actually better understood as a form of subcontracted 
intelligence collection based on barter." 
-- Dr. Jennifer E. Sims, "Foreign Intelligence Liaison: Devils, Deals, and Details," /nternational Journal 
of Intelligence and Counterintelligence, Vol 19 No 2 (Summer 2006), p. 196 


"Liaison has a number of associated risks, one being the problem of false corroboration. It is not 
uncommon for several intelligence services to unwittingly use the same agent." 
-- Robert M. Clark, /ntelligence Analysis: A Target-Centric Approach (2004), p. 72 


Liaison Operations. Operations to coordinate activities and exchange information with foreign military, 
governmental, and non-governmental civilian agencies. (DHE-M 3301.002, Vol II Collection Operations, 
23 Nov 2011) 


According to Army FM 2-22.3 (HUMINT Collector Operations), "liaison operations" are programs 
to coordinate activities and exchange information with host country and allied military and civilian 
agencies and NGOs. CI liaison activities are designed to ensure a cooperative operating 
environment for Cl elements and/or to obtain information, gain assistance, develop Cl leads for 
further exploitation, procure material, etc. 


Lie. Any statement made with the intent to deceive. (Textbook of Political-Military Counterdeception: 
Basic Principles & Methods, August 2007) 


Light Cover [aka shallow cover]. A type of cover that will not withstand close scrutiny or due diligence. 
(National HUMINT Glossary) 


Line of Operations. 1) A logical line that connects actions on nodes and/or decisive points related in time 
and purpose with an objective(s). 2) A physical line that defines the interior or exterior orientation of the 
force in relation to the enemy or that connects actions on nodes and/or decisive points related in time and 
space to an objective(s). (JP 1-02) 

-- Also, a line that defines the directional orientation of a force in time and space in relation to the 
enemy and links the force with its base of operations and objectives. (Army FM 3-0, Operations, Feb 
2008) 

Link. A behavioral, physical, or functional relationship between nodes. (JP 1-02) 
Link Analysis. Subset of network analysis, exploring associations between objects. 


Listening Post. A secure site at which signals from an audio operation are monitored and/or received. 
(Spycraft) 


Load. Tradecraft jargon... to put something in a dead drop; to service a dead drop. (Leo D. Carl, The CIA 
Insider’s Dictionary, 1996) 
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Load Signal. A visual signal to indicate the presence of an individual or object at a given location. (HDI 
Lexicon, April 2008) 


-- Also, ...a visual signal displayed in a covert manner to indicate the presence of an individual or 
object at a given location. (JP 1-02 and JP 3-50, Personnel Recovery, 5 Jan 2007) 


Local Agency Check (LAC). A review of the appropriate criminal history and court records in jurisdictions 
over areas where the Subject has resided, attended school, or been employed during a specific period of 
time. (IC Standard 700-1, 4 Apr 2008) Also see Military Agency Check; National Agency Check. 


-- Also, a records or files check of official or publicly available information retained by any local office 
or government agency within the AO [area of operation] of the field element conducting the check. (FM 2- 
22.2, Counterintelligence, October 2009) 


-- Also, a records or files check of official or publicly available information conducted at any local 
office or government agencies within the operational area of the [CI] field element conducting the check. 
These records may include holdings and databases maintained by local and state law agencies, local 
courts, and local offices of federal agencies. (902d MI Group Investigations Handbook, Jun 2012) 


-- Also, an investigative check of local police departments, courts, etc., to determine whether the 
subject has been involved in criminal conduct. The LAC is a part of all Personnel Security Investigations 
(PSIs) except the Entrance National Agency Check (ENTNAC). (DSS Glossary) 


Logic Bomb. A piece of code intentionally inserted into a software system that will set off a malicious 
function when specified conditions are met. (NIST, Glossary of Key Information Security Terms, May 
2013) 


- Also, computer jargon for programmed instructions clandestinely inserted into software, where they 
remain inactive and undetected until the computer reached a certain point in its operations, at which time 
the instructions take over. (Leo D. Carl, The CIA Insider's Dictionary, 1996) 


-- Also, [in cyber usage] also known as a “time bomb,” a program that allows a Trojan to lie dormant 
and then attack when the conditions are just right. Triggers for logic bombs include a change in a file, a 
particular series of keystrokes, or a specific time or date. (McAfee Labs - Threat Glossary) 


Lone Wolf. A lone wolf or lone-wolf fighter is someone who commits violent acts in support of some 
group, movement, or ideology, but does so alone, outside of any command structure. (Wikipedia; 
accessed 28 Jun 2011) 


The lone wolf — one of the biggest challenges 


Individuals who sympathize with or actively support al-Qa'ida may be inspired to violence and 
can pose an ongoing threat, even if they have little or no formal contact with al-Qa'ida. 
-- National Strategy for Counterterrorism, June 2011, p. 4 


Lone wolf terrorism involves terrorist attacks carried out by persons who (a) operate individually, 
(b) do not belong to an organized terrorist group on network, and (c) whose modi operandi are 
collected are conceived and directed by the individual without any direct outside hierarchy. 

-- Flükiger, "The Radical," pp. 111-119. 
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"Inspire" magazine -- al Qaeda of the Arabian Peninsula's English-language magazine -- has a 
regular feature called "Open Source Jihad" ...that is intended to train... lone wolves and small cells 
in the West to conduct attacks and to provide them with the tools necessary to do attacks. [This 
magazine seeks to encourage] .. jihadists to conduct lone wolf attacks. Lone wolf assailants are 
really the most difficult type for government intelligence and security agencies to gather intelligence 
about. Really to find a lone wolf assailant, you need to monitor his activities closely and understand 
what's going on inside his head if he doesn't communicate to other people. Because of this, the 
lone wolf really presents a challenge to Western security and intelligence agencies. 

-- Stratfor.com (4 April 2010) 

<http://www.stratfor.com/analysis/201 10404-dispatch-al-qaedas-inspire-magazine> 


A Lone Wolf is characterized by the following operational strengths and weaknesses. First, it is 
difficult to anticipate who a Lone Wolf is because there is no longer any need for physical contact 
with extremists for radicalization to occur. As Raffaello Pantucci puts it in his article on Lone 
Wolves: “The increasing prevalence of the Internet and the easy availability of extremist material 
online have fostered the growth of the autodidactic extremist.” Second, the Lone Wolf actor is 
the most difficult terrorist to detect, deter, or capture, because his planning takes place 
almost entirely within his own mind [emphasis added]. 


-- Thomas F. Ranieri with Spencer Barrs, “Internet and Ideology: The Military Counterintelligence 
Challenges of the Net Wolf,” American Intelligence Journal, Vol 29, No 2, 2011, p. 82 


Lookout. Stationary position from which a fixed surveillance is conducted and is ostensibly hidden from 
view or knowledge of the target of the surveillance. (Words of Intelligence, 2™ Edition, 201 1) 


Low Visibility Operations. Sensitive operations wherein the political-military restrictions inherent in covert 
and clandestine operations are either not necessary or not feasible; actions are taken as required to limit 
exposure of those involved and/or their activities. Execution of these operations is undertaken with the 
knowledge that the action and/or sponsorship of the operation may preclude plausible denial by the 
initiating power. (JP 1-02 and JP 3-05.1, Joint Special Operations Task Force Operations, 26 Apr 2007) 
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M3. Acronym for "Multimedia Message Manager” within the DoD Intelligence Information System 
(DoDIIS). M3 provides automated text message handling to the military and civilian intelligence 
community in a classified environment. 


M3 is the standard message handler for the DoDIIS community which provides: real-time 
dissemination of incoming message traffic based on user interest profiles; retrospective search of 
archive message database; and message composition, co-ordination, release and validation. M3 
software automatically filters and delivers personalized information to individuals and groups, 
based on their content and delivery preferences. The search software also enables users to search 
through more than 20 years' worth of stored messages. 


Mail Cover. The process by which a record is made of any data appearing on the outside cover of 
any class of mail matter as permitted by law, other than that necessary for the delivery of mail or 
administration of the Postal Service. (DoD 5240.1-R, Dec 1982) 


-- A record of information on the outside (cover) of any mail piece. It is kept to locate a fugitive, 
protect national security, or obtain evidence of a crime punishable by a prison term exceeding 1 year. 
This record is one of the few ways information on mail may be disclosed outside the USPS, and its use 
is lawful only if authorized by postal regulations. (USPS Pub 32, Glossary of Postal Terms, May 1997) 


-- Also, an investigative tool used to record information on the outside container, envelope, or 
wrapper of mail, including the name and address of the sender and the place and date of postmarking. 
(USPS Publication 146, A Law Enforcement Guide to the U.S. Postal Service, Sep 2008) 


Postal Service Regulation 39 CFR § 233.3 is the sole authority and procedure for opening a mail 
cover and for processing, using and disclosing information obtained from a mail cover. 


See USPS Pub 146, A Law Enforcement Guide to the U.S. Postal Service (Sep 2008)* and USPS 
Pub 55, USPS Procedures: Mail Cover Requests, available from the US Postal Service by request 
to authorized users. 


* USPS Pub 146 also available at: «www.hsdl.org/?view&doc-1 12575&coll-limited- 


Make (aka made). Tradecraft jargon... surveillance term for the surveillant being detected by the subject 
of a surveillance. (Leo D. Carl, The CIA Insider's Dictionary, 1996) 


Malicious Code. Software or firmware intended to perform an unauthorized process that will have 
adverse impact on the confidentiality, integrity, or availability of an information system. A virus, worm, 
Trojan horse, or other code-based entity that infects a host. (NIST, Glossary of Key Information Security 
Terms, May 2013) Also see malware, Trojan Horse. 


Malicious Cyber Activity. Activities, other than those authorized by or in accordance with U.S. law, that 
seek to compromise or impair the confidentiality, integrity, or availability of computers, information or 
communications systems, networks, physical or virtual infrastructure controlled by computers or 
information systems, or information resident thereon. (PPD-20, US Cyber Operation (U), 16 Oct 2012) 


Malware. A program that is inserted into a system, usually covertly, with the intent of compromising the 
confidentiality, integrity, or availability of the victim's data, applications, or operating system or of 


otherwise annoying or disrupting the victim. (NIST, Glossary of Key Information Security Terms, May 
2013) 
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-- Also, a generic term used to describe malicious software such as viruses, Trojan horses, spyware, 
and malicious active content. (McAfee.com; accessed 15 Nov 2010) 


-- Also, malicious or malevolent software, including viruses, worms, and Trojans, that is 
preprogrammed to attack, disrupt, and/or compromise other computers and networks. A packaged 
exploitation of vulnerability, there is often a "payload" of instructions detailing what the system should do 
after it has been compromised. (Cybersecurity and Cyberwar) 


-- Also, malicious software that secretly accesses a computer system without the owner's informed 
consent. A general term to mean a variety of forms of hostile, intrusive, or annoying software or program 
code, including computer viruses, worms, trojan horses, spyware, most rootkits, and other malicious 
software or program. (Wikipedia) 


Malware -- an acronym that stands for MALicious softWARE -- comes in many forms. Generally 
speaking, malware is software code or snippets of code designed with malice in mind and usually 
performs "undesirable actions" on a host system. 


According to Kevin Coleman, Defense Systems, "...in 2009, there were 25 million new strains of 
malware. That equals a new strain of malware every 0.79 seconds." Recently he blogged that 
*...in the past month [Sep 2012] there were more than 2,166,000 new strains of malware 
introduced into our operational environment." 


-- Source: «http://defensesystems.com/blogs/cyber-report/2012/09/cyber-threats.aspx?sc lang-en > 
(accessed 15 Dec 2012) 


According to an article in the Journal of Homeland and National Security Perspectives, In 2008, 
"a service member in the Middle East inserted a flash drive with malware known as 
agent.biz into a classified government computer. The worm infected the classified 
intranets titled Secret Internet Protocol Router Network (SIPRNET) and Joint Worldwide 
Intelligence communication System (JWICS). The worm had been designed to execute 
a predetermined search once on the targeted computer system, upon finding the 
desired data it would transfer it covertly to the thumb drive, and once reinserted into 
a machine connected to the internet the data immediately transferred from the thumb 
drive back to the creators of the malware. The foreign intelligence agency that designed 
this worm, suspected of being Russian Intelligence, created a highly sophisticated worm 
in agent.btz that could think for itself, morphing when threatened and capable of 
identifying and using multiple exfiltration paths. Agent.btz is probably not the only 
malware that has successfully accessed classified American systems. Foreig 
intelligence agencies are constantly working to develop more advanced intrusion 
sets, at the same time the U.S. attempts to detect intrusions. It would be irresponsible 
to assume that U.S. networks are fully secure, and the U.S., and every other nation, 
will have to deal with that reality for the foreseeable future." 

-- Ashley Tanner, “Examining the Need for a Cyber Intelligence Discipline," Journal of Homeland 
and National Security Perspectives 1:1, 2014 


Manipulation. The mixing of factual and fictitious or exaggerated evidence (one of the four deception 
means for conveying deception information to a target). (CIA, D&D Lexicon, 1 May 2002) 


Maritime Domain. All areas and things of, on, under, relating to, adjacent to, or bordering on a sea, 
ocean or other navigable waterway, including all maritime-related activities, infrastructure, people, cargo, 
and vessels and other conveyances. (NSPD-41/HSPD-13, Maritime Security Policy, 21 Dec 2004) 


-- Also, the oceans, seas, bays, estuaries, islands, coastal areas, and the airspace above these, 
including the littorals. (JP 3-32, Command and Control for Joint Maritime Operations, 8 Aug 2006) 
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Marine Corps Intelligence Activity (MCIA). MCIA provides tailored intelligence and services to the Marine 
Corps, other services, and the IC based on expeditionary mission profiles in littoral areas. (DoD FCIP 
Strategy FY 2013-2017) 


For Marine Corps doctrine, tactics, techniques, and procedures on counterintelligence see Marine 
Corps Warfighting Publication (MCWP) 2-14, Counterintelligence, 5 Sep 2000. 


Maskirovka. Soviet term -- a set of measures to deceive, or mislead, the enemy with 

respect to Soviet national security capabilities, actions, and intentions. These measures include 
concealment, simulation, diversionary actions and disinformation. The Soviet Union doctrine of 
maskirovka calls for the use of camouflage, concealment and deception (CC&D) in defense-related 
programs and in the conduct of military operations. (NSSD 108, 12 Oct 1983) Also see deception. 


Maskirovka is actually a very broad concept that encompasses many English terms. These 
include: camouflage, concealment, deception, imitation, disinformation, secrecy, security, feints, 
diversions, and simulation. While terms overlap to a great extent, a complication is that the Russian 
term is greater than the sum of these English terms. Thus, those in the West should attempt to 
grasp the entire concept rather than its components. 

Maskirovka is not a new concept in the USSR. Its roots can be traced to the Russian Imperial 
Army. Several Soviet authors trace it back to Dmitry Donskoy's placing a portion of his mounted 
forces in an adjacent forest at the Battle of Kulikovo Field in 1380. Seeing a smaller force than 
anticipated, the Tatars attacked, only to be suddenly overpowered by the concealed force. 


-- Charles Smith,"Soviet Maskirovko," Airpower Journal, Spring 1988 
Copy available at <http://www.airpower.au.af.mil/airchronicles/apj/apj88/spr88/smith.html> 


MCC. See Military Counterintelligence Collection. 


McCarthyism. The practice of making accusations of disloyalty, subversion, or treason without proper 
regard for evidence. (<http://en.wikipedia.org/wiki/McCarthyism>; accessed 29 Aug 2012) 


The term has its origins in the period in the United States known as the Second Red Scare, lasting 
roughly from 1950 to 1954 and characterized by heightened fears of communist influence on 
American institutions and espionage by Soviet agents. Originally coined to criticize the anti- 
communist pursuits of Republican U.S. Senator Joseph McCarthy of Wisconsin, "McCarthyism" 
soon took on a broader meaning, describing the excesses of similar efforts. The term is also now 
used more generally to describe reckless, unsubstantiated accusations, as well as demagogic 
attacks on the character or patriotism of political adversaries. 

-- Source: Wikipedia at <http://en.wikipedia.org/wiki/McCarthyism> (accessed 29 Aug 2012) 


Meaconing. A system of receiving radio beacon signals and rebroadcasting them on the same frequency 
to confuse navigation. The meaconing stations cause inaccurate bearings to be obtained by aircraft or 
ground stations. (JP 1-02 and JP 3-13.1, Electronic Warfare, 25 Jan 2007) 


Measurement and Signature Intelligence (MASINT). Information produced by quantitative and qualitative 


analysis of physical attributes of targets and events in order to characterize, and identify them. 
(ICD 1, Intelligence Community Leadership, 1 May 2006) 


-- Also, technically derived intelligence data other than imagery and SIGINT. The data results in 
intelligence that locates, identifies, or describes distinctive characteristics of targets. It employs a broad 


group of disciplines including nuclear, optical, radio frequency, acoustics, seismic, and materials 
sciences. (ODNI, U.S. National Intelligence — An Overview 2011) 
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-- Also, information produced by quantitative and qualitative analysis of physical attributes of targets 
and events in order to characterize, locate, and identify them. MASINT exploits a variety of 
phenomenolgies to support signature development and analysis, to perform technical analysis, and to 
detect, characterize, locate, and identify targets and events. MASINT is derived from specialized, 
technically-derived measurements of physical phenomenon intrinsic to an object or event and it includes 
the use of quantitative signatures to interpret the data. (DoDI 5105.58, MASINT, 22 Apr 2009) 


-- Also, information produced by quantitative and qualitative analysis of physical attributes of targets 
and events to characterize, locate, and identify targets and events, and derived from specialized, 
technically derived measurements of physical phenomenon intrinsic to an object or event. (JP 2-0, Joint 
Intelligence, 22 Oct 2013) 


-- Also, describes a category of technically derived information that provides distinctive characteristics 
of a specific event such as a nuclear explosion, or locates, identifies, and describes distinctive 
characteristics of targets through such means as optical, acoustic, or seismic sensors. (WMD Report) 


MASINT will become increasingly important in providing unique scientific or highly technical 
information contributions to the IC. It can provide specific weapon identifications, chemical 
compositions and material content, and a potential adversary's capability to employ weapons. 

-- IC21: HPSCI Staff Study, 6 Apr 1996 (p. 40) 


MASINT is scientific and technical intelligence information used to locate, identify, or describe 
distinctive characteristics of specific targets. It employs a broad group of disciplines including 
nuclear, optical, radio frequency, acoustics, seismic, and materials sciences. For example, MASINT 
can identify distinctive radar signatures created by specific aircraft systems or the chemical 
composition of air and water samples. 


The Central MASINT Organization, a component of the Defense Intelligence Agency, is the focus 
for all national and Department of Defense MASINT matters. 


-- www.intelligence.gov (accessed 13 Aug 2012) 


An excellent open source book on MASINT see: Robert M. Clark, The Technical Collection of 
Intelligence. Washington, DC: CQ Press, 2011. 


Measures of Effectiveness (MOE). A criterion used to assess changes in system behavior, capability, 
or operational environment that is tied to measuring the attainment of an end state, achievement of an 
objective, or creation of an effect. (JP 1-02 and JP 3-0, Joint Operations, 11 Aug 2011) 


Media Exploitation. The receipt, cataloging, duplication, screening/prioritizing, gisting, initial evaluation, 
translating key pieces of media, uploading data into appropriate data bases, identifying the need for 
further detailed exploitation of pieces of media, tracking the requested detailed exploitation efforts, and 
disseminating selected media for further use/analysis by the Intelligence Community. (National Media 
Exploitation Center CONOPS, Jan 2004) 


MI5. British Security Service is responsible for "protecting the UK against threats to national security from 
espionage, terrorism and sabotage, from the activities of agents of foreign powers, and from actions 
intended to overthrow or undermine parliamentary democracy by political, industrial or violent means." 
(www.mi5.gov.uk/) 


MI6. British Secret Intelligence Service (SIS) is responsible for foreign intelligence. MI6 collects secret 


intelligence and mounts covert operations overseas in support of British Government objectives IAW the 
UK's Intelligence Services Act of 1994. (www.sis.gov.uk/) 
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MICE. The commonly used acronym to explain the motivation of traitors. MICE stands for “money, 
ideology, coercion, and ego," a combination of which may prompt an individual to betray his/her country. 
(Historical Dictionary of Cold War Counterintelligence, 2007) Also see motivation. 


EN TE 


— 


LLLI 
Ba 
EL 


CEET) 


Motivations for espionage vary 
If you add “revenge” to the list above, then the acronym is “CRIME” 


“MALICE” is another acronym for Money, Anger, Lust, Ideology, Compromise, and Ego. 


“Spies, being human, often invent a better-sounding motive if their sole reason for 
betraying their country is money.” 
-- General Frantisek Moravec, Former head of Czech Military Intelligence 


Microdot. Photographic reduction of documents to three by six millimeters. (FBI FCI Terms) See Mikrat. 


-- Also, the photographic reduction of writing or other material to facilitate transfer from one location 
to another without detection. (Spy Book) 


-- Also, an optical reduction of a photographic negative to a size that is illegible without magnification, 
usually 1mm or smaller in area. (Spycraft) 
Microdots are another method of surreptitious communication between an agent in the field and his 
controller. Photographs are reduced down to microscopic size, so that they are practically invisible 
to the naked eye. Microdots are generally concealed under stamps, on top of punctuation marks in 
typewritten letters, or under the lips of envelopes. 
— Peter Wright, Spycatcher (1987), p. 119 


Mikrat. Smaller than a microdot. (FBI FCI Terms) See microdot. 


-- Also, the product of microphotography, as used in microdots. (Spy Book) 
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Military Agency Check (MAC). A records or files check conducted at any military agency with the AO 
[area of operations] of the field element conducting the check. (FM2.22-2, Counterintelligence, Oct 2009). 
Also see local agency check; national agency check. 


Military Assistance Advisory Group (MAAG). A joint Service group, normally under the military command 
of a commander of a unified command and representing the Secretary of Defense, which primarily 
administers the US military assistance planning and programming in the host country. (JP 1-02 and 

JP 3-22, Foreign Internal Defense, 12 Jul 2010) 


Militarily Critical Technology. See critical technology; militarily critical technologies list; technology. 


Militarily Critical Technologies List (MCTL). A technical reference for the development and 
implementation of DoD technology security policies on international transfers of defense related goods, 
services, and technologies as administered by the Director, Defense Technology Security Administration 
(DTSA). (DoDI 3020.46, MCTL, 24 Oct 2008) 


-- MCTL website at <http://www.dtic.mil/mctl/> 
-- Also see «http://www.acq.osd.mil/rd/tech security/mctp/mctl.html- 


-- Also see «http:;//www.dhra.mil/perserec/csg/tlthreat/mctl.htm- 


Military Counterintelligence Collection (MCC). An CI collection activity using recruited or non-recruited 
sources to collect information responsive to operational, tactical, and strategic Cl requirements, to include 
those of the Military Departments. (DoDI S-5240.17, Cl Collection Activities, 14 Mar 2014) Also see 
collection; counterintelligence collection; counterintelligence collection activities. 


Military Deception (MILDEC). Deception that is conducted to deliberately mislead adversary and potential 
adversary decision makers and commanders in order to cause the adversary to take specific actions or 
inactions that will contribute to the accomplishment of the friendly mission. [This definition is proposed for 
inclusion in the next edition of JP 1-02]. (DoDI S-3604.01, Department of Defense Military Deception, 

11 Mar 2013) Also see deception, deception in support of OPSEC. 


-- Also, actions executed to deliberately mislead adversary military decision makers as to friendly 
military capabilities, intentions, and operations, thereby causing the adversary to take specific actions (or 
inactions) that will contribute to the accomplishment of the friendly mission. (JP 1-02 and JP 3-13.4, 
Military Deception, 13 Jul 2006) 


-- Also, those actions executed to deliberately mislead adversary decisionmakers as to friendly 
military capabilities, intentions, and operations, thereby causing the adversary to take specific actions 
(or inactions) that will contribute to the accomplishment of the friendly mission. (Army FM 3-0, Operations, 
with Chg 1, 2011) 


In war-time, truth is so precious that she should always be attended by a bodyguard of lies 


-- Winston Churchill (November 1943) 
as cited in Anthony Cave Brown, Bodyguard of Lies: The Extraordinary True Story Behind D-Day (1975) 


MILDEC is conducted to deliberately mislead adversary and potential adversary decision makers 
and commanders in order to cause the adversary to take specific actions or inactions that will 
contribute to accomplishment of the friendly mission. 


MILDEC can mask, protect, reinforce, exaggerate, minimize, distort, or otherwise misrepresent 
U.S. technical and operational capabilities, intentions, operations, and associated activities. 
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According to JP 3-13.4, Counterintelligence provides the following for MILDEC planners: 


1) Identification and analysis of adversary intelligence systems to determine the best deception 
conduits; 

2) Establishment and control of deception conduits within the adversary intelligence system, 
also known as offensive Cl operations; 

3) Participation in counterdeception operations; 

4) Identification and analysis of the adversary's intelligence system and its susceptibility to 
deception and surprise; and 

5) Feedback regarding adversary intelligence system responses to deception operations. 


For additional information see Joint Pub 3-13.4, Military Deception, 13 Jul 2006 


It was Desert Storm that | became convinced of the power of deception in warfare, 
it truly is a force multiplier. 
-- Tommy Franks (General, USA Ret), American Solider (2004) 


Military Department (MILDEP). One of the departments within the Department of Defense created by 
the National Security Act of 1947, which are the Department of the Army, the Department of the Navy, 
and the Department of the Air Force. (JP 1, Doctrine for the Armed Forces of the United States, 25 Mar 
2013) 


Military Department Counterintelligence Organization (MDCO). Elements of the Military Departments 
authorized to conduct Cl investigations, i.e., Army Cl, Naval Criminal Investigative Service [NCIS], and 


the Air Force Office of Special Investigations [AFOSI]. (DoDD 5240.06, CIAR, 17 May 2011 w/ chg 1 and 
DoDI 5240.10, CI in the Combatant Commands and Other DoD Components, 5 Oct 2011 w/ chg 1) 


MDCO, formerly known as “Cl Lead Agencies," approved for inclusion in next edition of JP 1-02. 


Military Information Support Operations (MISO). Planned operations to convey selected information and 
indicators to foreign audiences to influence their emotions, motives, objective reasoning, and ultimately 
the behavior of foreign governments, organizations, groups, and individuals. The purpose of 
psychological operations is to induce or reinforce foreign attitudes and behavior favorable to the 
originator's objectives. (JP 1-02 and JP 3-13.2, Psychological Operations, 7 Jan 2010) 


Previously known as Psychological Operations or PSYOP; this change directed by SECDEF 
Memo, subject: Changing the Term Psychological Operations (PSYOP) to Military Information 
Support Operations (MISO), dated 3 Dec 2010. Also FY2012 National Defense Authorization Act 
(P.L.112-81) Section 1086, re-designates "psychological operations" as "military information 
support operations" in Title 10, United States Code, to conform to DoD usage. 


Military Intelligence (MI). The collection, analysis, production, and dissemination of information relating to 
any foreign military or military-related situation or activity that is significant to military policy-making or the 
planning and conduct of military operations and activities. (DoDD 5143.01, USD/I, 23 Nov 2005) 


Military intelligence appears in three basic forms: strategic, operational, and tactical. 


-- Strategic Intelligence: intelligence that is required for the formulation of strategy, policy, and 
military plans and operations at the national and theater levels. 


-- Operational Intelligence: intelligence that is required for planning and conducting campaigns 
and major operations to accomplish strategic objectives within theaters or operational areas. It 
focuses on narrower, but significant theater-oriented military responsibilities. 


-- Tactical Intelligence: intelligence that is required for planning and conducting tactical military 
operations at the local level. It concerns information about the enemy that is designed to help 
locate the enemy and decide which tactics, units, and weapons will most likely contribute to 
victory in an assigned area, and when properly applied, it can be a significant force multiplier. 
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Military Intelligence Board (MIB). A decision-making forum which formulates Department of Defense 
intelligence policy and programming priorities. (JP 1-02 and JP 2-0, Joint Intelligence, 22 Oct 2013) 


Military Intelligence Program (MIP). The MIP consists of programs, projects, or activities that support 

the Secretary of Defense's intelligence, counterintelligence, and related intelligence responsibilities. 

This includes those intelligence and counterintelligence programs, projects, or activities that provide 
capabilities to meet warfighters' operational and tactical requirements more effectively. The term excludes 
capabilities associated with a weapons system whose primary mission is not intelligence. The term “MIP” 
replaces the terms "Joint Military Intelligence Program (JMIP)" and *Tactical Intelligence and Related 
Activities (TIARA)." (DoDD 5205.12, MIP, 14 Nov 2008) 


The Joint Military Intelligence Program (JMIP) and the Tactical Intelligence and Related Activities 
(TIARA) were combined in 2005 to form the MIP. 


"The MIP was established to improve management of Defense Intelligence capabilities and 
resources. USD/I is the Program Executive for the MIP." 
-- USD/I Memo, subj: Establishment of the MIP, 1 Sep 2005 


Military Service. A branch of the Armed Forces of the United States, established by act of Congress, 

in which persons are appointed, enlisted, or inducted for military service, and which operates and is 
administered within a military or executive department. The Military Services are: the United States Army, 
the United States Navy, the United States Air Force, the United States Marine Corps, and the United 
States Coast Guard. (JP 1-02) 


Military Source Operations. The collection, from, by and/or via humans, of foreign, military and military- 
related intelligence. (JP 1-02 and JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 
dated 26 Aug 2011) 


-- Also, DoD HUMINT collection and operations focused on foreign military and military-related 
intelligence conducted under the authorities of the Secretary of Defense. Military source operations are 
conducted by appropriately trained and certified personnel under the control of a Defense HUMINT 
Executor. (DoDD S-3325.09, Oversight, Management, and Execution of Defense Clandestine Source 
Operations, 9 Jan 2013, with chg 1 dated 13 Jun 2013) 


-- Also, the collection from, by, and/or via humans, of foreign military and military-related intelligence 
conducted under SecDef authorities to satisfy DoD needs. (HDI Lexicon, April 2008) 


-- Also, DoD HUMINT activity or operation which is conducted to specifically respond to, and satisfy, 
DoD intelligence collection requirements. These operations directly support the execution of the 
Secretary's responsibilities, commanders in the field, military operational planners, and the specialized 
requirements of the military departments (e.g., research and development process, the acquisition of 
military equipment, and training and doctrine) and span the entire HUMINT operational continuum, 
utilizing varying degrees of tradecraft to ensure the safety and security of the operation. (Defense 
HUMINT Enterprise Manual 3301.002, Vol II Collection Operations, 23 Nov 2010) 


Military Source Operations are conducted by trained personnel under the control of Defense 
HUMINT Executors. See DoDD S-5200.37, Management and Execution of Defense HUMINT (U), 
9 Feb 2009 for specifics. 


Misdirection. A classic conjurer's trick, misdirection is the term applied in the counterintelligence 
community for the tactic of supplying an ostensibly plausible explanation for an event actually caused by 
something quite different, probably by an individual or an operation, deemed sufficiently valuable to 
require protection. Invariably a human asset may produce some information which requires action that 
could compromise him or her, so misdirection is intended to divert attention elsewhere. (Historical 
Dictionary of Cold War Counterintelligence, 2007) 
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Misperception. The formation of an incomplete or inaccurate image or perception of some aspect of 
reality. The faulty image may be formed due to a lack of information or intentionally erroneous information 
provided to the perceiver. (CIA, D&D Lexicon, 1 May 2002) 


Mission. 1) The task, together with the purpose, that clearly indicates the action to be taken and the 
reason therefore; 2) in common usage, especially when applied to lower military units, a duty assigned to 
an individual or unit; a task. (JP 1-02 and JP 3-0, Joint Operations, 11 Aug 2011) 


Mission Assurance. A process to protect or ensure the continued function and resilience of capabilities 
and assets—including personnel, equipment, facilities, networks, information and information systems, 
infrastructure, and supply chains—critical to the execution of DoD mission-essential functions in any 
operating environment or condition. (DoDD 3020.40, DoD Policy and Responsibilities for Critical 
Infrastructure, 14 Jan 2010 w/ chg 2 dated 21 Sep 2012) 


-- Also, the process or state of ensuring the survival of an organization's essential missions and 
operating capability when confronted by natural or man-made emergencies and disasters. (DoD Strategy 
for Operating in Cyberspace, May 2011) 


Mission Critical Functions. Any function, the compromise of which would degrade the system 
effectiveness in achieving the core mission for which it was designed. (DoDI 5200.44, Protection of 
Mission Critical Functions to Achieve Trusted Systems and Networks, 5 Nov 2012) 


Mission Manager. A position with the [Intelligence] Community for an individual, operating with the 
Director's [DNI] authorities, who coordinates all intelligence activities against a specific country or topic 
[e.g., counterterrorism counterproliferation, counterintelligence]. (HPSCI Report 27 Jul 2006) 


-- Also, Mission Managers are the principal Intelligence Community officials overseeing all aspects 
of national intelligence related to their respective mission areas. Mission Managers are designated for 
counterintelligence, counterterrorism, Counterproliferation, Iran, North Korea, and Cuba & Venezuela. 
(ICD 900, Mission Management, 21 Dec 2006) 


The NCIX serves as the Mission Manger for Counterintelligence. 
The Director NCTC serves as the Mission Manager for Counterterrorism. 


Mission Need. A requirement for access to specific information to perform or assist in a lawful and 
authorized governmental function. Mission needs are determined by the mission and functions of an IC 
element or the roles and responsibilities of particular IC personnel in the course of their official duties. 
(ICD 501, 21 Jan 2009) 


Mission Statement. A short sentence or paragraph that describes the organization's essential task(s), 
purpose, and action containing the elements of who, what, when, where, and why. (JP 1-02 and JP 5-0, 
Joint Operation Planning, 11 Aug 2011) Also see mission. 


Mission Tasking Authority (MTA). See Counterintelligence Mission Tasking Authority. 

Mitigation. Actions taken in response to a warning or after an incident occurs that are intended to lessen 
the potentially adverse effects on a given military operation or infrastructure. (DoDD 3020.40, DoD Policy 
and Responsibilities for Critical Infrastructure, 14 Jan 2010 w/ chg 2 dated 21 Sep 2012) 

-- Also, ongoing and sustained action to reduce the probability of or lessen the impact of an adverse 
incident. Includes solutions that contain or resolve risks through analysis of threat activity and vulnerability 
data, which provide timely and accurate responses to prevent attacks, reduce vulnerabilities, and fix 
systems. (DSS Glossary) 


-- Also, capabilities necessary to reduce loss of life and property by lessening the impact of disasters. 
( PPD-8, 2011) 
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Modus Operandi (MO). A distinct pattern or method of procedure thought to be characteristic of or 
habitually followed by an individual or an organization involved in criminal or intelligence activity. 
(AR 381-20, Army CI Program, 25 May 2010) 


Modus Operandi--a Latin phrase--approximately translated as "method of operating." The term is 
used to describe someone's habits or manner of working, their method of operating or functioning. 
In English, it is frequently shortened to M.O. 


Mole. A member of an organization who is spying and reporting on his/her own organization on behalf 
of a foreign country; also called a penetration. (National HUMINT Glossary) Also see mole hunt; 
penetration. 


-- Also, a human penetration into an intelligence service or other highly sensitive organization. Quite 
often a mole is a defector who agrees to work in place. (CI Centre Glossary) 


-- Also, literary and media term for penetration agent infiltrated into an opposition government agency. 
(Leo D. Carl, The CIA Insider's Dictionary, 1996) 


-- Also, the opposing faction's insert, or penetration, into an intelligence apparatus. (TOP SECRET: 
The Dictionary of Espionage and Intelligence, 2005) 


In 1622, Sir Francis Bacon used the term "mole" in the History of the Reign of King Henry VII: 


He was careful and liberal to obtain good Intelligence from all parts abroad.... As 

for his secret spials, which he did employ both at home and abroad, by them to 
discover what practices and conspiracies were against him, surely his care required 

it; he had such moles [emphasis added] perpetually working and casting to undermine 
him. (p. 216) 


In modern times, the term was popularized by John le Carré (penname for David Cornwell, a 
British author of espionage novels) who used the term "mole" to mean a "penetration" of a 
adversary intelligence service. In le Carré's 1974 novel, Tinker, Tailor, Soldier, Spy, Smiley is 
recalled to hunt down a Soviet "mole" in the Circus (British Secret Intelligence Service, aka MI6). 
Also a title of a book by William Hood, Mole: The True Story of the First Russian Spy to Become 
an American Counterspy about Pyotr Semyonovich Popov, a Major in Soviet Military Intelligence 
(the GRU); see <http://en.wikipedia.org/wiki/Pyotr_Semyonovich_Popov>. 

Hood’s book, Mole, is one of the best publicly available descriptions of a penetration of an 
intelligence service and provides a detailed and highly personal account of how intelligence 
tradecraft is practiced, the mental and psychological toll this takes, and the risks involved (for 
both agent and case officer). 


Mole Hunt. The term popularized by John le Carré for a counterintelligence investigation conducted into 
hostile penetration. (Historical Dictionary of Cold War Counterintelligence, 2007) Also see mole. 


-- Also, the search for moles in one’s own service. (Encyclopedia of Cold War Espionage, Spies, and 
Secret Operations, 3" edition, 2012) 


Also the title of a book by David Wise, Molehunt: The Secret Search for Traitors That Shattered 
the CIA (1992). 


Money Laundering. Generally refers to financial transactions in which criminals, including terrorist 


organizations, attempt to disguise the proceeds, sources or nature of their illicit activities. (US Department 
of Treasury) 
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Moscow Rules. The ultimate tradecraft methods for use in the most hostile of the operational 
environments. During the Cold War, Moscow was considered the most difficult of operating 
environments. (Spy Dust) 


Once, an accident. Twice, a coincidence. Three times, an enemy action. 
-- lan Fleming, Goldfinger (1959) 
Auric Goldfinger mentions this rule to James Bond in Goldfinger's warehouse in Geneva. 


“Moscow rules” ...the precepts we all understand for conducting our operations in the most difficult 
of operating environments: the Soviet capital. ...They were dead simple, and all full of common 
sense: 
-- Never make surveillance mad or embarrassed—they will shut you down. 
-- Never look over your shoulder or steal free looks in store windows when on the street. 
-- Make them think it was their fault that they had lost you, not vice versa, because KGB 
officers knew better than to report their own mistakes. 


...a mantra that could guide them in determining whether they were the subject of hostile 
surveillance: Once, an accident. Twice, a coincidence. Three times, an enemy action. 


-- Antonio and Jonna Mendez, Spy Dust: Two Masters of Disguise Reveal the Tools and 
Operations that Helped Win the Cold War (2002), p. 36 


Motivation. The complex of reasoning and emotional or other drives that induces a person to accept 
employment or cooperate with an agency for a particular assignment. (AFOSI Instruction 71-101, 
6 Jun 2000) Also see "MICE." 


-- Also, broadly defined, is a feeling or state of mind that influences one's choices and actions. 
(PERSEREC Technical Report 05-10, May 2005) 


-- Also, tradecraft jargon for bases for agent recruitment that are usually (1) ideological; (2) financial; 
(3) coercion or blackmail; (4) sexual; (5) ego satisfaction; (6) familial; (7) love of adventure or excitement; 
(8) a combination of two or more of the preceding. (Leo D. Carl, The CIA Insider's Dictionary, 1996) 


Motivation for espionage results from a complex interaction 
between personality characteristics and situational factors 
-- PERSEREC Technical Report 05-10, May 2005 (p.1) 


Psychological portraits of the major spies show complex motivations, which often include 
dissatisfaction with the job. ...The profile of a traitor may not be significantly different from that of 
many sociopaths or felons. ...Spies also usually have two other characteristics: They relish the 
secret world of intrigue and they enjoy the chance to show others as fools. ...The typical spy enjoys 
deception and may have a personality bordering on, or well into, the psychotic. 

-- Thomas B. Allen and Norman Polmar, Merchants of Treason: America's Secrets for Sale (1988), pp.51-52 


Espionage Motivations 


Motives by which spies are driven are highly individualized—simple motives often conceal deeper 
and more complicated motivations. Motivation for espionage is often elusive and frequently 
involves multiple reasons. According to a 2008 PERSEREC study, assigning the motivation for 
committing espionage is often most accurate when motivation is inferred from evidence available 
while the crime was being committed, rather than from the self justifications after the fact. Like most 
criminals, once caught, spies see their own past intentions and the pressures that may have 
affected their behavior in a changed light. Motives for espionage can also change over the course 
of espionage activities. 


MONEY: Historically a leading motivation -- the primacy of money as a motive is a common 
observation in studies of espionage. Money (financial gain) also appears frequently in combination 
with other motives. Americans most consistently have cited money as the dominant motive for 
espionage, especially in the 1980s—the decade of the spy. This motivation reflects a person's 
need for money (e.g., indebtedness, financial pressures), or simple greed, or some combination 
thereof. Often seen in people who see themselves as underpaid (whether real or perceived). Many 
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cases involved indebtedness. Being in debt or having a history of insolvency, bankruptcy, or late 
payments is a major component of the financial considerations scrutinized in a personnel security 
investigation for a security clearance. Among the typical financial motives of debt or greed, debt 
continues to motivate espionage more than just greed. Although no recent cases, several past 
Spies were frequent gamblers. Money remains one of multiple motives in many recent cases. 


"Spies, being human, often invent a better-sounding motive if their sole reason 
for betraying their country is money." 
-- General Frantisel Moravec, Former Head of Czech Military Intelligence 


IDEOLOGY/DIVIDED LOYALTIES: This motivation encompasses both ideological driven motives 
(commitment to a competing political or economic system, e.g. Communism or Jihadism) and/or 
those with competing allegiances (i.e., intellectual or emotional commitments to another country 
through birth, family ties or cultural affinity). Ideology was the dominant motive in the 1940s, 
whereas divided loyalties has increased over time of all motives for espionage. Divided loyalties— 
holding and acting on an allegiance to a foreign country or cause in addition to or in preference to 
allegiance to the United States—has dramatically increased since 1990. PERSEREC studies 
indicate that spying prompted by divided loyalties has become the most common motive for 
American espionage, replacing spying for money as the primary motive. Additionally this trend has 
been accelerating since 2000. 


COMPROMISE/COERCION: Being forced to commit espionage through blackmail or threat to 
relatives in a foreign country. Used to recruit spies most often in the early period before 1980, when 
foreign intelligence services engaged in occasional blackmail using relatives overseas, or 
entrapped Americans in sexual blackmail scams. Has not been seen in recent cases. 


EGO/THRILLS: Some spies commit espionage for thrills or to make themselves feel important— 
ego-boosting. Some have a fascination with spying and find espionage a thrilling enterprise that 
allows them to enact fantasies of secret lives and heroic deeds they have read about in popular spy 
novels. Includes the related ego-boost of getting away with it, as well as the thrill of successfully 
maintaining a secret life parallel to the spy's professional career, and thereby cleverly 
demonstrating that his competence surpasses his colleagues. Although rarely the primary motive, 
there have been several cases involving individuals who spied for the thrill of getting away with 
espionage, or from their need to stroke their egos. 


DISGRUNTLEMENT/REVENGE: In recent cases, disgruntlement was the second most common 
cause. This motive takes many different forms: disenhancement, extreme unhappiness with 
people and employment, disaffection, bitterness, frustration, anger, disillusionment, and alienation. 
Usually directly related to employment/work-related issues caused by the person's relationships or 
treatment in the workplace, and associated desire to take revenge. Disappointment, anger, 
frustration, or alienation can arise from interactions among coworkers or between employees and 
supervisors. Feelings of disgruntlement often lead to efforts to get revenge and espionage is one 
way to get bak at the offending individual, organization, or at the whole government they represent. 
A common motivation among those who volunteer. 


INGRATIATION: The desire to help or please someone else motive some to commit espionage. 
Most often through an emotional, personal relationship or attachment. This motivation can also 
manifest when trying to impress a potential future employer. Most spies who committed espionage 
to please others tended to be successful. 


RECOGITION: Usually a secondary motive of spies seeking recognition, approval and/or attention 
from those to whom they provided information. Individuals often feel overworked and 
underappreciated and espionage allows them to connect or bond with an agent handler and seek 
the approval and attention of the handler. 


For more information, see following Defense Personnel Security Research Center (PERSEREC) Reports: 


-- Americans Who Spied Against Their Country Since World War Il, Rpt PERS-TR-92-005, May 1992 

-- Espionage Against the United States by American Citizens 1947-2001, Rpt 02-5, Jul 2002 

-- Changes in Espionage by Americans: 1947-2007, Tech Rpt 08-05, Mar 2008 

-- Espionage and Other Compromises of National Security: Case Summaries from 1975 to 2008, 2 Nov 2009 
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MTAC. See Multiple Threat Alert Center. 


Multiple Threat Alert Center (MTAC). Department of Navy's fusion, analysis and dissemination center 
for terrorist, criminal, counterintelligence and security information; operated by the Naval Criminal 
Investigative Service (NCIS). 


The terrorist attack on the World Trade Center in New York and the Pentagon in Washington, DC 
on September 11, 2001 led NCIS to transform the Antiterrorist Alert Center (ATAC) into the MTAC 
in 2002. 


-- NCIS «http://www.ncis.navy.mil/AboutNCIS/History/Pages/default.aspx» 


Multilateral Collection. A collection activity conducted with two or more cooperating foreign intelligence 
services against a mutually targeted foreign intelligence, security service, or international terrorist entity. 
(Previously in DoDI S-5240.17, Cl Collection, 12 Jan 2009) Also see bilateral. 


Multilateral: activities conducted with more than one nation. 
Multilateral OFCO. An OFCO [Offensive Counterintelligence Operation] conducted by a U.S. Cl agency 
with two or more cooperating foreign intelligence services against a mutually targeted FISS, foreign entity, 
or terrorist element. (DoDI S-5240.09, 29 Oct 2008) 
Multilevel Security (MLS). Concept of processing information with different classifications and categories 
that simultaneously permits access by users with different security clearances and denies access to users 
who lack authorization. (CNSSI No. 4009, National Information Assurance Glossary, 26 April 2010) 


Multinational. Between two or more forces or agencies of two or more nations or coalition partners. 
Also see also alliance; coalition. (JP 1-02) 


Multinational Force (MNF). A force composed of military elements of nations who have formed an 
alliance or coalition for some specific purpose. (JP 1-02) Also see multinational operations. 


Multinational Operations. A collective term to describe military actions conducted by forces of two or 
more nations, usually undertaken within the structure of a coalition or alliance. (JP 1-02 and JP 3-16, 
Multinational Operations, 7 Mar 2007) Also see alliance; coalition; coalition action. 


Multispectral Imagery (MSI). The image of an object obtained simultaneously in a number of discrete 
spectral bands.(JP 1-02 and JP 3-14, Space Operations, 6 Jan 2009) 
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Narcoterrorism. Terrorism that is linked to illicit drug trafficking. (JP 1-02 and JP 3-07.4, Joint 
Counterdrug Operations, 13 Jun 2007) 


Name Trace. A search of available recorded data to find information about a person, normally conducted 
to determine the presence or absence of derogatory information about the person, as a first step in 
judging his suitability or intelligence value. (DHE-M 3301.002, Vol II Collection Operations, 23 Nov 2010) 


-- Also, a search of data for information about an individual, organization, or subject. (National 
HUMINT Glossary) 


National Agency Check (NAC). An in-depth name trace consisting of Federal Bureau of Investigation 
Name and Criminal History Fingerprint Checks, Defense Clearance Investigation Index (DCII) search, 
and can include checks on military personnel records, citizenship, selective service, Central Intelligence 
Agency records, State Department records, and other US Government agencies. Also see /ocal agency 
check; military agency check. 


-- Also, [part of a] personnel security investigation consisting of a review of: investigative and criminal 
history files of the Federal Bureau of Investigation, including a technical fingerprint check; Office of 
Personnel Management Security/Suitability Investigations Index; DoD Central Index of Investigations 
(DCII) and Joint Personnel Adjudication System (JPAS); and such other national agencies (e.g., CIA, 
DNI) as appropriate to the individual's background. (IC Standard 700-1, 4 Apr 2008) 


-- Also, formal request to federal agencies for searches of their records and supporting databases 
and files for information of investigative [/CI] interest. (FM 2-22.2, Counterintelligence, Oct 2009 and 902d 
MI Group Investigations Handbook, Jun 2012) 


-- Also, an integral part of all background investigations, the NAC consists of searches of OPM's 
Security/Suitability Investigations Index (SII); the Defense Clearance and Investigations Index (DCII); the 
FBI Identification Division's name and fingerprint files, and other files or indices when necessary. (Army — 
see below) 


National Agency Check and Inquiries (NACI) - This is the basic and minimum investigation required 
on all new Federal employees. It consists of a NAC with written inquiries and searches of records 
covering specific areas of a person's background during the past five years. Those inquiries are 
sent to current and past employers, schools attended, references, and local law enforcement 
authorities. 


Access NACI (ANACI) - This is a new investigation designed as the required initial investigation for 
Federal employees who will need access to classified national security information at the 
Confidential or Secret level. The ANACI includes NACI and Credit coverage with additional local 
law enforcement agency checks. 


NAC with Local Agency Check and Credit (NACLC) - This is a new investigation which is the same 
as the ANACI without the written inquiries to past employers, schools attended, etc. It is designed 
as the initial investigation for contractors at the Confidential and Secret national security access 
levels. The NACLC also is to be used to meet the reinvestigation requirement for all individuals 
(including contractors) who have Confidential or Secret clearances. 

-- US Army at: «http;//www.dami.army.pentagon.mil/site/PerSec/InvTypes.aspx» (accesses 24 Sep 2013) 


National Capital Region (NCR). A geographic area encompassing the District of Columbia and eleven 
local jurisdictions in the State of Maryland and the Commonwealth of Virginia. (JP 1-02 and JP 3-28, 
Defense Support of Civil Authorities, 31 Jul 2013) 
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National Center for Credibility Assessment (NCCA). A federally funded institution providing graduate 
and continuing education courses in psychophysiological detection of deception (PDD). 
(www.ncca.mil/mission.htm) 


-- Also, an interagency training institute that provides polygraph education and training, conducts 
credibility assessment research and development, and manages the Polygraph Quality Assurance 
Program. (DoD FCIP Strategy FY 2013-2017) 


For DoD policy see DoDD 5210.48, Polygraph and Credibility Assessment Program. NCCA is under 
the operational control of the Defense Counterintelligence and Human Intelligence Center (DCHC), 
DIA. It was previous known as the Defense Academy for Credibility Assessment (DACA) and before 
that as the DoD Polygraph Institute (DoDPI). 


National Clandestine Service (NCS). The NCS operates as the clandestine arm of the CIA, and serves 
as the national authority for the coordination, deconfliction, and evaluation of clandestine human 
intelligence operations across the Intelligence Community. The NCS supports our country's security and 
foreign policy interests by conducting clandestine activities to collect information that is not obtainable 
through other means. The NCS also conducts counterintelligence and special activities as authorized by 
the President. (CIA at «https://www.cia.gov/offices-of-cia/clandestine-service/index.html») 


-- Also, the NCS serves as the national authority for the integration, coordination, deconfliction, and 
evaluation of human intelligence operations across the entire Intelligence Community, under authorities 
delegated to the Director of the CIA who serves as the National HUMINT Manager. The Director of the 
NCS reports directly to the Director of the CIA and will work with the Office of the Director of National 
Intelligence to implement all of the DNI's statutory authorities. (ODNI News release 3-05, 13 Oct 2005) 
Also see Defense Clandestine Service. 


Formerly known as CIA Directorate of Operations or DO (in 2005, the DO transitioned to the NCS). 
The NCS was established in response to recommendations made in March 2005 by the 
President's Commission on the Intelligence Capabilities of the United States Regarding Weapons 
of Mass Destruction. 


Collecting foreign intelligence — finding someone who has protected information and convincing 
that person to share it — is the “bread and butter" of what the clandestine service does, although 
"if we succeed, we'd rather not talk about it." 

-- Thomas Twetten, Former Chief of CIA Clandestine Operations, 27 Jan 2011 


Clandestine Service... 

A clandestine service does much more than simply collect "HUMINT" clandestinely, that is secretly 
exploit agents for the purpose of collecting intelligence. A clandestine service also works in liaison 
with other spy services to run all types of operations; it taps telephones and installs listening 
devices; it breaks into or otherwise gains access to the contents of secured facilities, safes, and 
computers; it steals, compromises, and influences foreign cryptographic capabilities so as to make 
them exploitable by US SIGINT; it protects its operations and defends the government from other 
intelligence services by engaging in a variety of counterespionage activities, including the 
aggressive use of double agents and penetrations of foreign services; and it clandestinely 
emplaces and services secret SIGINT and MASINT sensors. It also has the capability of using its 
techniques and access to run programs at the President's direction to influence foreign 
governments and developments, that is, "covert action." The unifying aspect of these activities is 
not some connection to HUMINT; rather, they are highly diverse but interdependent activities that 
are best conducted by a clandestine service. 

-- IC 21: Intelligence Community in the 21st Century, Chap. IX — Clandestine Service; available on line at: 

«http://www.gpo.gov/fdsys/pkg/GPO-IC21/html/GPO-IC21-9.html» 
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National Counterintelligence Executive (NCIX). Performs duties provided in the Cl Enhancement Act of 
2002 and such other duties as may be prescribed by the Director of National Intelligence or specified by 
law. NCIX serves as Mission Manager of Counterintelligence and the Chairperson of the National CI 
Policy Board. Resides within the Office of the Director of National Intelligence (ODNI). (CI Enhancement 
Act of 2002) Also see Office of the National Counterintelligence Executive. 


-- Also, the NCIX serves as the head of national counterintelligence for the U.S. Government, per the 
Cl Enhancement Act of 2002. (National Intelligence: A Consumer's Guide - 2009) 


Additional information on NCIX at «http://www.ncix.gov/about/index.html» 


National Counterintelligence Policy Board (NACIPB). Special board established by statue within the 
executive branch of Government; reports to the President through the National Security Council. The 
Board serves as the principal mechanism for developing policies and procedures for the approval of the 
President to govern the conduct of counterintelligence activities; and upon the direction of the President, 
resolving conflicts that arise between elements of the Government conducting such activities. The Board 
also acts as an interagency working group to ensure the discussion and review of matters relating to the 
implementation of the Counterintelligence Enhancement Act of 2002 and provides advice to the National 
Counterintelligence Executive on priorities in the implementation of the National Counterintelligence 
Strategy. (Extracted from 50 U.S.C. §402a) 


NACIPB is chaired by the National Counterintelligence Executive and consists of senior USG 
personnel appointed by the head of the department or element concerned, as follows: Department 
of Justice, including the Federal Bureau of Investigation (FBI); Department of Defense, including 
the Joint Chiefs of Staff; Central Intelligence Agency (CIA); Department of State; Department of 
Energy; and any other department, agency, or element of the US Government specified by the 
President. 


National Counterproliferation Center (NCPC). Coordinates strategic planning within the Intelligence 
Community (IC) to enhance intelligence support to United States efforts to stem the proliferation of 
weapons of mass destruction and related delivery systems. It works with the IC to identify critical 
intelligence gaps or shortfalls in collection, analysis or exploitation, and develop solutions to ameliorate or 
close these gaps. It also works with the IC to identify long-term proliferation threats and requirements and 
develop strategies to ensure the IC is positioned to address these threats and issues. NCPC will reach 
out to elements both inside the IC and outside the IC and the U.S. Government to identify new methods 
or technologies that can enhance the capabilities of the IC to detect and defeat future proliferation threats. 
(ODNI News release 9-05, 21 Dec 2005) 


-- Also, the NCPC, which resides in the ODNI, is the bridge from the IC to the policy community for 
activities within the U.S. Government associated with countering the proliferation of weapons of mass 
destruction (WMD). (National Intelligence: A Consumer's Guide - 2009) 


National Counterterrorism Center (NCTC). The primary center for US government analysis of terrorism. 
It falls under the Office of the Director of National Intelligence (ODNI). One of its primary missions is "to 
serve as the central and shared knowledge bank on known and suspected terrorists and international 
terrorist groups, as well as their goals, strategies, capabilities, and networks of contacts and support." 
(EO 13354, National Counterterrorism Center, 27 Aug 2004) 


In August 2004, the President established the NCTC to serve as the primary USG organization for 
integrating and analyzing all intelligence pertaining to terrorism and counterterrorism and to 
conduct strategic operational planning by integrating all instruments of national power. In 
December 2004, Congress codified the NCTC in the Intelligence Reform and Terrorism Prevention 
Act (IRTPA) and placed the NCTC in the Office of the Director of National Intelligence (ODNI). 
NCTC is a multi-agency organization dedicated to eliminating the terrorist threat to US interests at 
home and abroad. 

-- NCTC website: «http://www.nctc.gov/about us/about nctc.html > 
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NCTC was established in 2004 to ensure that information from any source about potential terrorist 
acts against the U.S. could be made available to analysts and that appropriate responses could be 
planned. Investigations of the 9/11 attacks had demonstrated that information possessed by 
different agencies had not been shared and thus that disparate indications of the looming threat 
had not been connected and warning had not been provided. 


NCTC prepares studies ranging from strategic assessments of potential terrorist threats to daily 
briefings and situation reports. It is also responsible, directly to the President, for planning (but not 
directing) counterterrorism efforts. The NCTC received a statutory charter in the Intelligence 
Reform and Terrorism Prevention Act of 2004 (P.L. 108-458); it currently operates with a staff of 
more than 500 personnel from its headquarters in northern Virginia. 

-- Congressional Research Service (CRS) Report R41022, 19 Dec 2011 


National Crime Information Center (NCIC). A computerized system of crime records and data, 
maintained by the Federal Bureau of Investigation, that can be tapped into by virtually every criminal 
justice agency nationwide. (Cyber Threats to National Security, Symposium Five, 2011) 


See <hitp://www.fbi.gov/about-us/cjis/ncic/ncic > 


National Critical Infrastructure and Key Assets (NCI & KA). Within DoD: None — term removed from 
JP 1-02. 


Previously defined in JP 3-28, Civil Support (14 Sep 2007) as: The infrastructure and assets vital 
to a nation’s security, governance, public health and safety, economy, and public confidence. They 
include telecommunications, electrical power systems, gas and oil distribution and storage, water 
supply systems, banking and finance, transportation, emergency services, industrial assets, 
information systems, and continuity of government operations. 


National Critical Systems and Technology Joint Task Force (NCST-JTF). A collaborative forum to lead 
USIC and federal agency counterintelligence efforts for the protection of critical technologies. 


(NCST-JTF tri-fold, undated, circa 2012) 


NCST-JTF Mission 


Leverage the collective Cl resources of the Task Force member agencies to prevent, preempt, 
deter, and investigate attempts to acquire, proliferate and transfer critical US technologies to 
foreign powers. 


Apprehend and prosecute individuals who may commit or plan such acts negatively affecting U.S. 
National Security interest. 


National Cyber Investigate Joint Task Force (NCIJTF). The focal point for all government agencies to 
coordinate, integrate, and share information related to all domestic cyber threat investigations. The FBI 
is responsible for developing and supporting the joint task force, which includes 19 intelligence agencies 
and law enforcement, working side by side to identify key players and schemes. Its goal is to predict and 
prevent what’s on the horizon and to pursue the enterprises behind cyber attacks. (www.fbi.gov; 
accessed 18 Jun 2013) 


On 8 January 2008, the President signed Presidential Directive NSPD-54/HSPD-23 which 
mandated the National Cyber Investigative Joint Task Force to be the focal point for all government 
agencies and to coordinate, integrate, and share information related to all domestic cyber threat 
investigations. 


NCIJTF Mission: Ensure the U.S. Government is coordinating all its efforts to address national 
security cyber intrusions, including intelligence operations and investigations. The NCITF’s 
functions are structured in three groups: the Information Operations Group, the Analysis Group, 
and the Law Enforcement Group. 


For more information on the NCIJTF see <http://www.fbi.gov/about-us/investigate/cyber/ncijtf> 
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National Cyber Investigative Joint Task Force - Analytical Group (NCIJTF-AG) 
The Defense Cyber Crime Center (DC3) resources and manages the Analytic Group of the 
NCIJTF, which operates under overall FBI stewardship, joined by other national LE/CI 
organizations. Focused on nation-state threat actors, AG leads a collaborative analytical and 
technical exchange with subject matter experts from LE/CI, CND, IC, and IA agencies to build a 
threat picture to enable proactive LE/CI cyber operations. 


National Defense Strategy (NDS). A document approved by the Secretary of Defense for applying the 
Armed Forces of the United States in coordination with Department of Defense agencies and other 
instruments of national power to achieve national security strategy objectives. (JP 1, Doctrine for the 
Armed Forces of the United States, 25 Mar 2013) 


National Detainee Reporting Center (NDRC). National-level center that obtains and stores information 
concerning enemy prisoners of war, civilian internees, and retained personnel and their confiscated 
personal property. May be established upon the outbreak of an armed conflict or when persons are 
captured or detained by U.S. military forces in the course of the full range of military operations. Accounts 
for all persons who pass through the care, custody, and control of the U.S. Department of Defense. 

(JP 1-02 and JP 3-63, Detainee Operations, 30 May 2008) 


National Disclosure Policy (NDP-1). A document that promulgates national policy and procedures in the 
form of specific disclosure criteria and limitations, definition of terms, release arrangements, and other 
guidance required by U.S. departments and agencies having occasion to disclose classified information 
to foreign governments and international organizations. NDP-1 establishes and provides for management 
of interagency mechanisms and procedures required for effective implementation of the national policy. 


National Disclosure Policy Committee. Central authority for formulation, promulgation, administration, 
and monitoring of the NDP-1. 


National Emergency. A condition declared by the President or the Congress by virtue of powers 
previously vested in them that authorize certain emergency actions to be undertaken in the national 
interest. (JP 1-02 and JP 3-28, Defense Support of Civil Authorities, 31 Jul 2013) 


National Essential Functions. That subset of Government functions that are necessary to lead and 
sustain the Nation during a catastrophic emergency. (PDD-21, 12 Feb 2013) 


National Foreign Intelligence Program. All programs, projects, and activities of the intelligence 
community, as well as any other programs of the intelligence community designated jointly by the Director 
of Central Intelligence and the head of a United States department or agency or by the President. Such 
term does not include programs, projects, or activities of the military departments to acquire intelligence 
solely for the planning and conduct of tactical military operations by US Armed Forces. (50 USC §401a) 


National Geospatial-Intelligence Agency (NGA). A member of the US Intelligence Community, as well as 
a Combat Support Agency of the Department of Defense, that provides timely, relevant and accurate 
geospatial intelligence in support of national security objectives. 


The term "geospatial intelligence" or "GEOINT" means the exploitation and analysis of imagery and 
geospatial information to describe, assess and visually depict physical features and geographically 
referenced activities on the Earth. Geospatial intelligence consists of imagery, imagery intelligence 
and geospatial (e.g., mapping, charting and geodesy) information. 

-- See NGA website at <https://www1.nga.mil/> 


The National Imagery and Mapping Agency (NIMA) transitioned to the National Geospatial- 
Intelligence Agency (NGA) in 2003. NIMA established its internal Cl element on 1 April 2002. 
See the official history of the NGA and predecessors, Advent of the National Geospatial- 
Intelligence Agency, September 2011, by the Office of the NGA Historian, available at 
«www.ngal1 .mil- 
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National HUMINT Collection Directive (NHCD). A set of national-level strategic collection requirements for 
a particular country, geographic area, or transnational issue, prepared by the NHRTC in coordination with 
IC and other organizations. (DHE-M 3301.001, Vol I: Collection Requirement, Reporting, and Evaluation 
Procedures, 30 Jan 2009, w/ chg 2 dated 1 Feb 2012) 


-- Also, an integrated inter-agency mechanism for tasking human intelligence requirements to 
members of the Intelligence Community that have the best capability and probability of acquiring that 
information at the least cost and least risk. A standing / enduring intelligence requirement. (National 
HUMINT Glossary) 


National HUMINT Requirements Tasking Center (NHRTC). Congressionally mandated to integrate all 
HUMINT collection and reporting capabilities within the US Government. [Staffed by] senior officers from 
the Department of State, Department of Defense, and CIA; the center produces National HUMINT 
Collection Directives (NHCDs) and Collection Support Briefs (CSBs). (National HUMINT Glossary) 


The NHRTC reports to the National HUMINT Manager. See DCID 3/7, National HUMINT 
Requirements Center (U), 1 Jun 1992 (classified CONFIDENTIAL). 


National Industrial Security Program (NISP). National program established by EO 12829 for the 
protection of information classified under EO 12958 as amended, or its successor or predecessor orders, 
and the Atomic Energy Act of 1954, as amended. The National Security Council is responsible for 
providing overall policy direction for the NISP. The Secretary of Defense is the Executive Agent for the 
NISP. The Information Security Oversight Office (ISOO) is responsible for implementing and monitoring 
the NISP and for issuing implementing directives that shall be binding on agencies. (DoD 5220.22-M, 
NISPOM, 28 Feb 2006) Also see the Defense Security Service (DSS); industrial security. 


The Defense Security Service (DSS) is designated as the DoD Cognizant Security Office (CSO) 
for cleared contractors within the NISP. 


For additional information see Information Security Oversight Office (ISSO) website at: 
«http://www.archives.gov/isoo/policy-documents/» 


National Infrastructure Coordinating Center. The national physical critical infrastructure center, as 
designated by the Secretary of Homeland Security, which coordinates a national network dedicated to the 
security and resilience of critical infrastructure of the United States by providing 24/7 situational 
awareness through information sharing, and fostering a unity of effort. (www.dhs.gov) 


National Infrastructure Protection Center (NIPC). The FBI's NIPC is charged with detecting, preventing 
and responding to cyber and physical attacks on US critical infrastructure and overseeing computer crime 
investigation conducted by FBI field offices. 


National Infrastructure Protection Plan (NIPP). A plan developed by the Department of Homeland 
Security [DHS] to provide the unifying structure for the integration of a wide range of efforts for the 
enhanced protection and resiliency of the nation's critical infrastructure and key resources into a single 
national program. (Cyber Threats to National Security, Symposium Five, 2011) 


See <hittp://www.dhs.gov/xlibrary/assets/NIPP_Plan.pdf> 

Copy of the NIPP 2013 also available at: <https:/Awww.hsdl.org/?view&did=747827> 
National Infrastructure Sector. One of the 18 national CI/KR [critical infrastructure and/or key resource] 
sectors identified in Homeland Security Presidential Directive 7, "Critical Infrastructure Identification, 


Prioritization, and Protection," 17 December 2003. (DoDD 3020.40, DoD Policy and Responsibilities for 
Critical Infrastructure, 14 Jan 2010 w/ chg 2 dated 21 Sep 2012) 
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National Insider Threat Task Force (NITTF). National Task Force focused on Insider Threat issues under 
joint leadership of the Attorney General and the Director of National Intelligence; established IAW EO 
13587, October 2011 The NCIX and FBI co-direct the daily activities of the NITTF. 


The NITTF assists federal agencies develop insider threat programs to help prevent, deter, and 

detect compromises of classified information by malicious insiders. Its goals is to prevent classified 

information from getting into the hands of people who can harm the national security of our country. 
-- NITTF Fact Sheet, subj: NITTF External Communications Guidance, undated 


National Insider Threat Working Group (NISTWG). Interagency, cross-discipline working group 
established by the National Counterintelligence Policy Board to focus exclusively on insider threat issues. 


National Intelligence. All intelligence, regardless of the source from which derived and including 
information gathered within or outside of the United States, which pertains, as determined consistent with 
any guidelines issued by the President, to the interests of more than one department or agency of the 
Government; and that involves (a) threats to the United States, its people, property, or interests; (b) the 
development, proliferation, or use of weapons of mass destruction; or (c) any other matter bearing on 
United States national or homeland security. (Intelligence Reform and Terrorism Prevention Act of 2004, 
81012; also JP 1-02 and JP 2-01, Joint & National Intelligence Support to Military Operations, 5 Jan 
2012) 


-- Also, intelligence which pertains to the interest of more than one department or agency of the US 
Government. (50 USC §401a) 


The US Government uses intelligence to improve and understand the consequences of its national 
security decisions. 


National Intelligence Board. Serves as the senior Intelligence Community advisory body to the Director of 
National Intelligence (DNI) on the analytic judgments and issues related to analysis of national 
intelligence; functions include: production, review, and coordination of national intelligence; interagency 
exchanges of national intelligence information; sharing of IC intelligence products with foreign 
governments; protection of intelligence sources and methods; activities of common concern and other 
matters as may be referred to it by the DNI. (ICD 202, National Intelligence Board, 16 Jul 2007) 


National Intelligence Council (NIC). The Intelligence Community's center for mid-term and long-term 
strategic thinking. Its primary functions are to: 1) Support the DNI in his role as head of the Intelligence 
Community; 2) Provide a focal point for policymakers to task the Intelligence Community to answer their 
questions; 3) Reach out to nongovernmental experts in academia and the private sector to broaden the 
Intelligence Community's perspective; 4) Contribute to the Intelligence Community's effort to allocate its 
resources in response to policymakers' changing needs; and 5) Lead the Intelligence Community's effort 
to produce National Intelligence Estimates (NIEs) and other NIC products. (ODNI website) 


The NIC is responsible for the US Intelligence Community's most authoritative assessments of 
major issues affecting the national security. By law [50 USC §403-3b(b)(1)], the NIC is to consist of 
"senior analysts within the intelligence community and substantive experts from the public and 
private sector, who shall be appointed by, report to, and serve at the pleasure" of the DNI. The 
senior analysts are known as National Intelligence Officers (NIOs). 


NIC responsibilities are set forth in ICD 207, National Intelligence Council, 9 June 2008. 
National Intelligence Coordination Center (NIC-C). Provides a mechanism to strategically manage and 


direct collection across defense, foreign and domestic realms. [Interfaces with the Defense Intelligence 
Coordination Center (DIOCC]. (National Intelligence: A Consumer's Guide - 2009) 
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National Intelligence Estimate (NIE). The DNI's most authoritative written judgment concerning national 
security issues. NIEs contain the coordinated judgments of the Intelligence Community regarding the 
likely course of future events. (ODNI website) 


-- Also, a strategic estimate of the capabilities, vulnerabilities, and probable courses of action of 
foreign nations produced at the national level as a composite of the views of the intelligence community. 
(JP 1-02 and JP 2-01, Joint and National Intelligence Support to Military Operations, 5 Jan 2012) 


National Intelligence Priorities Framework (NIPF). The Director of National Intelligence's guidance to the 
IC on the national intelligence priorities approved by the President. (ODNI, U.S. National Intelligence — 
An Overview 201 1) 


-- Also, the DNI’s sole mechanism for establishing national intelligence priorities. The NIPF consists 
of: intelligence topics approved by the President; a process for assigning priorities to countries and non- 
state actors relevant to the approved intelligence topics; and a matrix showing those priorities. It is 
updated semi-annually. The NIPF is used by the ODNI and IC elements in allocating collection and 
analytical resources. (ICD 204, 13 Sep 2007) 


A key instrument for keeping the IC attentive to both policymaker concerns and potential shocks... 
The NIPF process gathers the needs of senior decision makers across the US government on a 
semi-annual basis to support prudent allocation of both collection and analytical resources for the 
following 6-to-12 months. 

— DNI 2006 Annual Report of the US Intelligence Community (Feb 2007) 


National Intelligence Program (NIP). All programs, projects, and activities of the IC, as well as any other 
programs of the IC designated jointly by the DNI and the head of a US department or agency or by the 
President. It does not include programs, projects, or activities of the military departments to acquire 
intelligence solely for the planning and conduct of tactical military operations by US Armed Forces. 
(National Security Act §3(6) and ICD 1, 1 May 2006) 


Formerly known as the National Foreign Intelligence Program (NFIP), the NIP provides the 
resources needed to develop and maintain intelligence capabilities that support national priorities. 
The DoD Foreign Counterintelligence Program or FCIP is part of the NIP. 


The Federal Budget (FY 2012) disclosed for the first time the aggregate funding for NIP — $55 
billion in 2012. However, detailed funding requests for intelligence activities remain classified. See 
White House Factsheet at: «http:;//www.whitehouse.gov/omb/factsheet department intelligence» 


National Intelligence Strategy. A strategy document prepared by the ODNI in consultation with the 
relevant departments that establishes the strategic objectives for the Intelligence Community (IC); it sets 
forth the framework for a more unified, coordinated and effective IC [and] guides IC policy, planning, 
collection, analysis, operations, programming, acquisition, budgeting, and execution. (ODNI News 
release 4-05) 


The National Intelligence Strategy (NIS) sets forth the framework for a more unified, coordinated, 
and effective US Intelligence Community (IC) and guides IC policy, planning, collection, analysis, 
operations, programming, acquisition, budgeting, and execution. The strategy outlines strategic 
objectives that are referred to as either mission or enterprise objectives. The unclassified National 
Intelligence Strategy (Aug 2009) is available at <http://www.dni.gov/reports/2009_NIS.pdf> 


Cl is one of six mission objectives of the NIS (Mission Objective 4 is Integrate Counterintelligence). 
This is the first time that CI was identified as a mission objective within the NIS; see NIS pp 8-9. 


230 


Page 3747 of 3957 


Page 3748 of 3957 


Counterintelligence Glossary -- Terms & Definitions of Interest for CI Professionals (9 June 2014) 


National Intelligence Support Plan (NISP). The NISP, in conjunction with the Combatant Command's 
Annex B: [Intelligence Plan or IPLAN] supports COCOM operational plans directed by the President and 
the Secretary of Defense. The NISP defines the national Intelligence Community (IC) agencies' and 
related organizations' intelligence collection, and analysis & production support roles and responsibilities 
within the COCOM area of responsibility and the national IC to ensure integrated intelligence operations, 
synchronized with the COCOM operational plan. The NISP supports the COCOM’s operational objectives 
during all phases of the operation and contributes to the achievement of the COCOM's desired 
operational effects. (CJCSM 3314.01, Intelligence Planning, 28 Feb 2007) Also see Counterintelligence 
Functional Support Plan (CI FSP). 


National Joint Terrorism Task Force (NJTTF). The NJTTF was established in July 2002 to serve as a 
coordinating mechanism with the FBI's partners on terrorism issues. Over 40 agencies are represented 
in the NJTTF, which has become a focal point for information sharing and the management of large-scale 
projects that involve multiple partners. Also see Joint Terrorism Task Force (JTTF). (DoJ website: 
<http://www.usdoj.gov/jttf/>) 


-- Also, the NUTTF was created to act as a liaison and conduit for information on threats and leads 
from FBI Headquarters to the local JTTFs and to 40 participating agencies including representatives from 
members of the Intelligence Community; components of the departments of Homeland Security, Defense, 
Justice, Treasury, Transportation, Commerce, Energy, State, and Interior; NYPD; Nuclear Regulatory 
Commission; Railroad Police; U.S. Capitol Police; and others. (FBI) 


See FBI web site at: <http://www.fbi.gov/news/stories/2008/august/njttf_081908> 


National Media Exploitation Center (NMEC). A Director of National Intelligence (DNI) Center composed 
of DIA, CIA, FBI, NSA, and Defense Cyber Crime Center (DCCC) as partner organizations; DIA is the 
Executive Agent. NMEC acts as a DOMEX [document and media exploitation] service of common 
concern and ensures prompt and responsive DOMEX support to meet the needs of intelligence, defense, 
homeland security, law enforcement, and other US Government Consumers, to include provision of 
timely and accurate collection, processing, exploitation, and dissemination consistent with the protection 
of intelligence sources and methods. (ICD 302, Document and Media Exploitation, 6 Jul 2007) 


Director DIA is the IC Executive Agent for the NMEC (para 2d, DoDD 3300.03). 


National Military Strategy (NMS). A document approved by the Chairman of the Joint Chiefs of Staff for 
distributing and applying military power to attain national security strategy and national defense strategy 
objectives. (JP 1, Doctrine for the Armed Forces of the United States, 25 Mar 2013) Also see national 
security strategy. 


The NMS defines the national military objectives, establishes the strategy to accomplish these 
objectives, and addresses the military capabilities required to execute the strategy. The Chairman 
develops the NMS by deriving overall security policy guidance from the President's NSS, and 
through consulting with the other JCS members and combatant commanders. The NMS describes 
the strategic landscape and includes a discussion of the potential threats and risks. 

-- CUCSI 3100.01A, Joint Strategic Planning System, 1 Sep 1999 


National Policy. A broad course of action or statements of guidance adopted by the government at the 
national level in pursuit of national objectives. (JP 1, Doctrine for the Armed Forces of the United States, 
25 Mar 2013) 

National Reconnaissance Office (NRO). Responsible for integrating unique and innovative space-based 
reconnaissance technologies, and the engineering development, acquisition, and operation of space 
reconnaissance systems and related intelligence activities. (JP 2-0, Joint Intelligence, 22 Oct 2013) 


The NRO is responsible for research and development (R&D), acquisition, launch, deployment, 
and operation of overhead reconnaissance systems, and related data-processing facilities to collect 
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intelligence and information to support national and DoD missions and other United States 
Government (USG) needs (DoD Directive 5105.23, NRO, 28 June 2011). 


The NRO designs, builds and operates the nation's reconnaissance satellites. According to the 
NRO, their satellites provide constant global access to critical information otherwise unavailable 
to the President, his cabinet, other national leaders and numerous customers in the Defense and 
Intelligence communities. These satellites provide services in three broad categories: GEOINT, 
SIGINT, and Communications. 


In recent years, the NRO has implemented a series of actions declassifying some of its operations. 
The existence of the organization was declassified in September 1992. 

On 6 Sep 1961, the NRO was established as a joint CIA-Air Force operation. Throughout the 
1960s, U.S. operation of reconnaissance satellites was officially classified. It was not until Jan 
1971 that the NRO's existence was first disclosed by the media, when it was briefly mentioned in a 
New York Times article. A more extensive discussion of the NRO appeared in the Washington 
Post (9 Dec 1973) as a result of the inadvertent disclosure in a Congressional report. 


In September 1992 DoD acknowledged the existence of the NRO, an agency established in 1961 
to manage the development and operation of the nation's reconnaissance satellite systems. 


See NRO website at «www.nro.gov/ > For additional information see Jeffrey T. Richelson, 
"Undercover in Outer Space: The Creation and Evolution of the NRO," /nternational Journal of 
Intelligence and Counterintelligence, 13, 3 (Fall 2000): pp. 301-344. 


National Security. A collective term encompassing both national defense and foreign relations of the 
United States with the purpose of gaining: a) a military or defense advantage over any foreign nation or 
group of nations; b) a favorable foreign relations position; or c) a defense posture capable of successfully 
resisting hostile or destructive action from within or without, overt or covert. (JP 1, Doctrine for the Armed 
Forces of the United States, 25 Mar 2013) 


-- Also, the national defense or foreign relations of the United States. (EO 13526, Classified National 
Security Information, 29 Dec 2009) 


National Security Act. The National Security Act of 1947 realigned and reorganized the United States' 
armed forces, foreign policy, and Intelligence Community apparatus in the aftermath of World War Il. 
The Act merged the Department of War and the Department of the Navy into the National Military 
Establishment (NME) headed by the Secretary of Defense. It was also responsible for the creation of a 
separate Department of the Air Force from the existing United States Army Air Forces. Initially, each of 
the three service secretaries maintained quasi-cabinet status, but the act was amended in 1949 to assure 
their subordination to the Secretary of Defense. At the same time, the NME was renamed as the 
Department of Defense. Aside from the military reorganization, the act established the National Security 
Council, a central place of coordination for national security policy in the Executive Branch, and the 
Central Intelligence Agency, the United States' first peacetime intelligence agency. (Public Law No. 235, 
80 Cong., 61 Stat. 496) 


The cornerstone of the current national security system is the National Security Act of 1947 as 
amended, designed to meet the challenges of the post-WWII, Cold War world. That legislation laid 
the foundations of a new national security regime, including the creation of the National Security 
Council, the Central Intelligence Agency, the Department of Defense, a separate Department of the 
Air Force, and a permanent Joint Chiefs of Staff. See National Security Act of 1947, P.L. 80-235. 


The National Security Act has been amended numerous times since its enactment. Reference to 
the "National Security Act of 1947, as amended" indicates the legal authority cited is legislation 
passed after 1947 that replaced one or more provisions of the original act. 

-- See <http://www.intelligence.gov/0-natsecact_1947.shtml> 


National Security Agency (NSA). The U.S.’s cryptologic organization, with responsibility for protecting 
U.S. National Security information systems and collecting and disseminating foreign signals intelligence. 


Areas of expertise include cryptanalysis, mathematics, computer science, and foreign language analysis. 
(National Intelligence: A Consumer's Guide - 2009) 
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-- Also, a member of the US Intelligence Community, as well as a Combat Support Agency of the 
Department of Defense. NSA/Central Security Service leads the community in delivering responsive, 
reliable, effective, and expert Signals Intelligence (SIGINT) and Information Assurance (IA) products 
and services, and enables Network Warfare operations to gain a decisive information advantage for the 
Nation and our allies under all circumstances. (www.nsa.gov) 


NSA is the U.S. Government lead for cryptology, and its mission encompasses both Signals 
Intelligence (SIGINT) and Information Assurance (IA) activities. The Central Security Service (CSS) 
conducts SIGINT collection, processing, analysis, production, and dissemination, and other 
cryptologic operations as assigned by the Director, NSA/Chief, CSS. NSA/CSS provides SIGINT 
and IA guidance and assistance to the DoD Components, as well as national customers. 


-- DoDD 5100.20, NSA/CSS, 26 Jan 2010 


The Central Security Service (CSS) oversees the function of the military cryptologic system, 
develops policy and guidance on contributions of military cryptology to the Signals Intelligence / 
Information Security (SIGINT/INFOSEC) enterprise, and manages the partnership of NSA and the 
Service Cryptologic Components. NSA as a whole is known as “NSA/CSS.” 


-- National Intelligence: A Consumer's Guide — 2009. p. 43 


The U.S. SIGINT effort... employs space and airborne collection ground stations, covert listening 
posts, surface ships, and submarines. 
-- Jeffrey T. Richelson, The US Intelligence Community (2012, Sixth Edition) 


| think it's fair to say that the demands on the Agency approach infinity. 
Everybody wants to know everything about everything. 


-- Louis Tordella, a longtime deputy director of NSA (1995) 


See 60 Years of Defending Our Nation, National Security Agency, 2012; available at : 
«http://www.nsa.gov/about/cryptologic heritage/60th/book/NSA 60th Anniversary.pdf» 


Also see — 


Matthew M. Aid, 7he Secret Sentry: The Untold History of the National Security Agency. New 
York: Bloomsbury, 2009. 


James Bamford, The Shadow Factory: The Ultra-Secret NSA from 9/11 to the Eavesdropping on 
America. New York: Anchor Book, 2008. 


National Security Branch (NSB). Major element of the FBI that executes the FBI’s national security mission 
to lead and coordinate intelligence efforts that drive actions to protect the United States. The NSB is composed 
of the Counterterrorism Division (CTD), Counterintelligence Division (CD), Directorate of Intelligence (DI), 
Weapons of Mass Destruction Directorate (WMDD), Terrorist Screening Center (TSC), and High-Value 
Detainee Interrogation Group (HIG). (www.fbi.gov; accessed 31 Jul 2013) 


The FBI’s national security and intelligence missions are unified under the authority of the 
Executive Assistant Director (EAD) who reports to the Deputy Director FBI. The EAD-NSB has 
full operational and management authority over all FBI Headquarters and field national security 
programs, including the authority to initiate, terminate, or reallocate any of the investigations or 
other activities within the NSB. 


The EAD-NSB is also responsible for the continued development of a specialized national security 
workforce and is the lead FBI official responsible for coordination and liaison with the Director of 
National Intelligence (DNI) and the Intelligence Community (IC). 


-- See <http://www.fbi.gov/about-us/nsb/national-security-branch-brochure> 
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National Security Council (NSC). A governmental body specifically designed to assist the President in 
integrating all spheres of national security policy. (JP 1, Doctrine for the Armed Forces of the United 
States. 25 Mar 2013) 


The NSC was established by the National Security Act of 1947 as the principal forum to consider 
national security issues that require presidential decision. Congress envisioned that the NSC would 
allow military and civilian government departments and agencies to work more effectively together 
on national security matters. 


The National Security Council (NSC) is the President's principal forum for considering national 
security and foreign policy matters with the senior national security advisors and cabinet officials. 
For DOD, the President's decisions drive strategic guidance promulgated by the Office of the 
Secretary of Defense (OSD) and refined by the Joint Strategic Planning System (JSPS). To carry 
out Title 10, United States Code (USC), statutory responsibilities, the Chairman of the Joint Chiefs 
of Staff (CJCS) utilizes the JSPS to provide a formal structure in aligning ends, ways, and means, 
and to identify and mitigate risk for the military in shaping the best assessments, advice, and 
direction of the Armed Forces for the President and SecDef. 

-- JP 5-0, Joint Operation Planning (11 Aug 2011) 


National Security Council Intelligence Directive (NSCID). A formal statement of policy by the National 
Security Council, binding upon those US Government agencies within the purview of NSC authority. 
(National HUMINT Glossary) 


Regarding counterintelligence, see NSCID 5, US Espionage and Counterintelligence Activities 
Abroad, 17 Feb 1972. 


National Security Crimes. Crimes likely to impact upon the national security, defense, or foreign relations 
of the United States, including but not limited to espionage, spying, sabotage, treason, and sedition. 


National Security Division (NSD). Element of the Department of Justice (DoJ) created by the 
reauthorization of the USA PATRIOT Act in March 2006, the Division merges the primary national security 
elements of DoJ, fulfilling a key recommendation of the March 2005 report of the Commission on the 
Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction (WMD 
Commission). The Division consists of the Counterterrorism and Counterespionage Sections; the Office of 
Intelligence Policy and Review; and a Law & Policy Office. (DoJ website at <http://www.usdoj.gov/nsd/>) 


The Counterespionage Section (CES), NSD, DoJ, supervises the investigation and prosecution of 
cases affecting national security, foreign relations, and the export of military and strategic 
commodities and technology. 


CES has executive responsibility for authorizing the prosecution of cases under criminal statutes 
relating to espionage, sabotage, neutrality, and atomic energy. It provides legal advice to U.S. 
Attorney's Offices and investigative agencies on all matters within its area of responsibility, which 
includes 88 federal statutes affecting national security. It also coordinates criminal cases involving 
the application of the Classified Information Procedures Act (CIPA). In addition, the Section 
administers and enforces the Foreign Agents Registration Act of 1938 (FARA) and related 
disclosure statutes. 


The Office of Intelligence Policy and Review (OIPR), NSD, DoJ, prepares and files all applications 
for electronic surveillance and physical search under the Foreign Intelligence Surveillance Act of 
1978 (FISA). The Office also advises the National Security Division and various client agencies, 
including the CIA, FBI, and the Defense and State Departments, on questions of law, regulation, 
and guidelines, as well as on the legality of domestic and overseas intelligence operations. 


National Security Emergency. Any occurrence, including natural disaster, military attack, technological, 


or other emergency, that seriously degrades or threatens the national security of the United States. 
(DoDD 5111.13, ASD(HD&ASA), 16 Jan 2009) 
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National Security Information (NSI). Any information that has been determined, pursuant to Executive 
Order 12958, as amended, or any predecessor order, to require protection against unauthorized 
disclosure and that is so designated. (IC Standard 700-1, 4 Apr 2008) 


Note: EO 12958 superseded by EO 13526, Classified National Security Information, 29 Dec 2009. 
For additional information see Information Security Oversight Office (ISSO) website at: 
«http://www.archives.gov/isoo/policy-documents/ > 


National Security Interests. The foundation for the development of valid national objectives that define 
United States goals or purposes. (JP 1, Doctrine for the Armed Forces of the United States, 25 Mar 2013) 


National Security Letter (NSL). An administrative demand for documents or records that are relevant to 
an authorized investigation to protect against international terrorism or clandestine intelligence activities. 
(FBI Domestic Investigations and Operations Guide, 15 Oct 2011) 


-- Also, a NSL seeks customer and consumer transaction information in national security 
investigations from communications providers, financial institutions, and credit agencies. Five statutory 
provisions vest government agencies responsible for foreign intelligence investigations with authority to 
issue written commands comparable to administrative subpoenas. (CRS Report RS22406, 27 Sep 2010) 


National security letters, which are analogous to administrative subpoenas and are authorized by 
five federal statutes. They are only available for authorized national security investigations 
(international terrorism or foreign intelligence/Cl investigations), not general criminal investigations 
or domestic terrorism investigations. NSLs are issued directly by federal agency officials. 


NSLs can only be used to seek certain transactional information permitted under the five NSL 
provisions, and cannot be used to acquire the content of any communications. The scope of 
documents which may be obtained pursuant to a national security letter is more limited than that 
which might be authorized in a FISA order. Statutory provisions at 18 USC 82709, 12 USC 83414, 
15 USC 81681u, 15 USC §1681v and 50 USC 8436; as amended by PL 109-177 and PL 109-178. 


“FBI currently issues an average of nearly 60 NSLs per day." 
-- CRS Report RL 33320 (3 Jan 2014), p. 22, footnote 139 


For additional information see <http:/Awww.fbi.gov/pressrel/pressrel07/nsl_faqs030907.htm> 


Also see CRS Report RS22406 at <http://www.fas.org/sgp/crs/intel/RS22406.pdf> and 
CRS Report RL33320 at «https://www.fas.org/sgp/crs/intel/RL33320.pdf- 


National Security Strategy (NSS). A document approved by the President of the United States for 
developing, applying, and coordinating the instruments of national power to achieve objectives that 
contribute to national security. (JP 1, Doctrine for the Armed Forces of the United States, 25 Mar 2013) 


National Special Security Event (NSSE). A designated event that, by virtue of its political, economic, 
social, or religious significance, may be the target of terrorism or other criminal activity. (JP 1-02 and 
JP 3-28, Defense Support of Civil Authorities, 31 Jul 2013) 


-- Also, major event considered to be nationally significant as designated by the President or his 
designated representative, the Secretary of the Department of Homeland Security. Some events 
categorized as NSSE include presidential inaugurations, major international summits held in the United 
States, major sporting events, and presidential nominating. NSSE designation factors include: anticipated 
attendance by U.S. officials and foreign dignitaries; size of the event; and significance of the event. 

(CRS Report RS22752, updated 19 Mar 2008) 


The US Secret Service is the lead federal agency responsible for coordinating, planning, 
exercising, and implementing security for NSSEs. Designated the lead agency in PL 106-544. 
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National Threat Identification and Prioritization Assessment (NTIPA). A strategic threat assessment 
produced by the Office of the National Counterintelligence Executive (ONCIX) that defines and prioritizes 
threats to the US posed by traditional and emerging foreign intelligence activities. It is designed to assist 
senior policymakers and officials with Cl responsibilities focus on the current and emerging foreign 
intelligence threats that could cause unacceptable damage to US national security. The NTIPA fulfills the 
reporting requirement outlined in the Counterintelligence Enhancement Act of 2002. (ONCIX) 


“The NTIPA informs the President if the United States of the gravest threats to our nation." 
-- National Counterintelligence Strategy of the United States of America — 2012 


"The NTIPA is a compendium of foreign intelligence threat data, mandated by statute to be 
produced annually by the Office of the National Counterintelligence Executive and submitted to the 
President for approval.... Community work on the NTIPA (the first of which submitted in 2004 and 
approved in 2005) revealed broad challenges in collection and analysis on these difficult targets. 
Prioritizing foreign intelligence threats is an even more demanding analytical task, depending as it 
does on the consumer's interests (for example, foreign threats to [CIA] DO operations in country X 
or to deployed forces in country Y may be far different from the rank ordering of country threats to 
U.S. national security information at home) and the national security context in which they arise 
(that is, threat priorities do not directly correlate to foreign intelligence capability alone but must be 
measured against the potential for harm or disruption to U.S. national security concerns and 
objectives, as prioritized by policy leadership). " 

-- Michelle K. Van Cleave (former NCIX), Counterintelligence and National Strategy, School for National 
Security Executive Education, National Defense University, April 2007, footnote 36, pp. 33-34 


The NTIPA does not go into effect until approved by the President. The NCIX submits each 
approved NTIPA or modification thereof to the congressional intelligence committees. 


NTIPA versus NIPF — Cl action is driven by the approved NTIPA and foreign intelligence (Fl) 
collection is driven by the NIPF (National Intelligence Priorities Framework). Each has different 
focus and priorities, as well as a totally different operational dynamic. 


Need for CI action is much different from the need for FI collection. 


National Virtual Translation Center (NVTC). Provides timely and accurate translations of foreign 
intelligence for all elements of the IC. Its mission includes acting as a clearinghouse for facilitating 
interagency use of translators; partnering with elements of the U.S. Government, academia, and private 
industry to identify translator resources and engage their services; building a nationwide team of highly 
qualified, motivated linguists and translators, connected virtually to the program office in Washington, 
D.C.; and applying state-of-the-art technology to maximize translator efficiency. (National Intelligence: 
A Consumer's Guide - 2009) 


The NVTC is a DNI Center and the FBI is the IC Executive Agent. 


Naval Criminal Investigative Service (NCIS). The federal law enforcement agency charged with 
conducting investigations of felony-level offenses affecting the Navy and Marine Corps - that is, crimes 
punishable by confinement for more than one year. NCIS also performs investigations and operations 
aimed at identifying and neutralizing foreign intelligence, international terrorist, and cyber threats to the 
Department of the Navy. In addition, it provides warning of threats and specialized defensive force 
protection support to U.S. naval forces around the world. Criminal investigation is at the foundation of 
virtually all the organization does, but the NCIS mission is broad. Transnational terrorism has been and 
remains a key focus area for the agency. Today, NCIS' mantra is: Prevent Terrorism, Protect Secrets, 
and Reduce Crime. (www.ncis.navy.mil; accessed 28 Jun 2012) 


Mission: NCIS is a federal law enforcement agency that protects and defends the DON 
[Department of Navy] against terrorism and foreign intelligence threats, investigates major criminal 
offenses, enforces the criminal laws of the United States and the UCMJ, assists commands in 
maintaining good order and discipline, and provides law enforcement and security services to the 
Navy and Marine Corps on a worldwide basis. 
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Director NCIS reports directly to the Secretary of the Navy and is the senior official for criminal 
investigations, counterintelligence, and security with the DON. Additionally, the Director NCIS is 
the senior official within DON for terrorism investigations and related operations designed to 
identify, detect, neutralize, or prevent terrorist planning and activities, and provides antiterrorism 
expertise and services to DON components. 


-- SECNAV Instruction 5430.107, Mission and Functions of the NCIS, 28 Dec 2005 
Also see SECNAV Instruction 3850.2C, Department of the Navy Counterintelligence, 20 Jul 2005 


"Criminal investigation is at the foundation of virtually all the organization does..." 
-- <http://www.ncis.navy.mil/AboutNCIS/Pages/default.aspx> (accessed 28 June 2012) 


NCIS. Acronym, see Naval Criminal Investigative Service. 


Near Real Time. Pertaining to the timeliness of data or information which has been delayed by the time 
required for electronic communication and automatic data processing. This implies that there are no 
significant delays. (JP 1-02 and TRADOC Pam 525-2-1, US Army Functional Concept for Intelligence, 
13 Oct 2010) Also see real time. 


Need-to-know. A criterion used in security procedures that requires the custodians of classified 
information to establish, prior to disclosure, that the intended recipient must have access to the 
information to perform his or her official duties. (JP 1-02 and JP 2-01.2, Cl & HUMINT in Joint Operations, 
16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 


-- Also, a determination that a prospective recipient requires access to specific classified information 
in order to perform or assist in a lawful and authorized governmental function. (DoD Manual 5200.01- 
Vol 1, DoD Information Security Program, 24 Feb 2012) 


-- Also, a determination within the executive branch in accordance with directives issued pursuant 
to this order [EO 13526] that a prospective recipient requires access to specific classified information 
in order to perform or assist in a lawful and authorized governmental function. (EO13526, Classified 
National Security Information, 29 Dec 2009) 


* The need-to-know principle is fundamental to the intelligence business." 
-- Duane R. Clarridge, A Spy For All Seasons: My Life in the CIA (1997), p. 310 


The *need-to-know" principle, simply put, is that a person in authorized possession of classified 
information must determine that another person requires access to that information in order to 
perform a specific and authorized function and that such person has appropriate clearances and 
access approvals. 


...A major tightening up of the *need-to-know" practice is in order. It is particularly disturbing to 
see the proliferation of detailed knowledge about intelligence sources and methods. 


-- HPSCI Report (1100-5), "United States Counterintelligence and Security Concerns — 1986,” 
100" Congress 1* session, 4 Feb 1987, p. 9 


Net-Centric. The ability to provide a framework for full human and technical connectivity and 
interoperability that allows all DoD users and mission partners to share the information they need, when 
they need it, in a form they can understand and act on with confidence, and protects information from 
those who should not have it. (Joint Capability Areas Taxonomy & Lexicon, 15 Jan 2008) 


Network. [In critical infrastructure protection usage] a group or system of interconnected or cooperating 
entities, normally characterized as being nodes (assets), and the connections that link them. (DoDD 
3020.40, DoD Policy and Responsibilities for Critical Infrastructure, 14 Jan 2010 w/ chg 2 dated 21 Sep 
2012) 


Network Operations (NetOps). Activities conducted to operate and defend the Global Information Grid. 
(JP 1-02 and JP 6-0, Joint Communications, 10 Jun 2010) 
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Neutralize. 1) As pertains to military operations, to render ineffective or unusable. 2) To render enemy 
personnel or material incapable of interfering with a particular operation. 3) To render safe mines, 
bombs, missiles, and booby traps. 4) To make harmless anything contaminated with a chemical agent. 
(JP 1-02) 


Neutrality. In international law, the attitude of impartiality during periods of war adopted by third states 
toward a belligerent and subsequently recognized by the belligerent, which creates rights and duties 
between the impartial states and the belligerent. (JP 1-02 and JP 3-0, Joint Operations, 11 Aug 2011) 


Neutral State. In international law, a state that pursues a policy of neutrality during war. (JP 1-02) 


Nickname. A combination of two separate unclassified words that is assigned an unclassified meaning 
and is employed only for unclassified administrative, morale, or public information purposes. (JP 1-02) 
Also see codeword. 


Non Attributable Internet Access. Use of a commercial internet service provider to access publicly 
available information on the internet while protecting the unit's U.S. government affiliation, disclosing 
essential elements of friendly information, or exposing U.S. government information systems to intrusion 
or manipulation. (AR 381-20, Army CI Program, 25 May 2010) 


Noncustodial Interview. Interview conducted when subjects are interviewed without depriving them of 
their freedom in any significant manner (e.g., arrest or detention). Subjects voluntarily consent to the 
interview and are advised that they may depart at any time. (Army FM 2-22.2, Cl, Oct 2009) 


Non-Disclosure Agreement (NDA). An official authorized contract between an individual and the United 
States (U.S.) Government signed by an individual as a condition of access to classified national 
intelligence. The NDA specifies the security requirements for access and details the penalties for non- 
compliance. (DSS Glossary) 


Nongovernmental Organization (NGO). A private, self-governing, not-for-profit organization dedicated to 
alleviating human suffering; and/or promoting education, health care, economic development, 
environmental protection, human rights, and conflict resolution; and/or encouraging the establishment of 
democratic institutions and civil society. (JP 1-02 and JP 3-08, Interorganizational Coordination During 
Joint Operations, 24 Jun 2011) 


-- Also, a legally-constituted organization created by persons having the legal authority to do so with 
no participation or representation of any government. (DoDD 3020.40, DoD Policy and Responsibilities 
for Critical Infrastructure, 14 Jan 2010 w/ chg 2 dated 21 Sep 2012) 


Non-Official Cover (NOC). Term used by case officers who operate overseas outside the usual 
diplomatic cover. (Spy Book) 


-- Also, NOC, pronounced as “knock,” an acronym for “nonofficial cover." Primarily a CIA term used 
where one is operating without cover of diplomatic protection or US government employment. (TOP 
SECRET: The Dictionary of Espionage and Intelligence, 2005) 


Case officers that have no visible affiliation with the U.S. government. NOCSs, as they are called, 
might typically operate as business executives, students, writers, or in some other 
nongovernmental capacity. They perform those jobs in addition to doing their espionage. If they are 
caught in the act of spying, they do not have diplomatic immunity and are subject to the full force of 
the local law, including prosecution for espionage and imprisonment. NOCs usually receive less 
scrutiny and surveillance from the local authorities than their official colleagues. 

-- James M. Olson, Fair Play: The Moral Dilemmas of Spying (2006) 
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According a Congressional Research Service report, placing U.S. intelligence officials in foreign 
countries under "nonofficial cover" (NOC) in businesses or other private capacities is possible, but 
it presents significant challenges to U.S. agencies. Administrative mechanisms are vastly more 
complicated [than those] for officials formally attached to the embassy; special arrangements have 
to be made... The responsibilities of operatives under nonofficial cover to the parent intelligence 
agency have to be reconciled with those to private employers, and there is an unavoidable potential 
for conflicts of interest... 

-- CRS Report RL33539, Intelligence Issues for Congress, 14 Sep 2011, p. 6 


Non-Permissive Environment. An operational environment in which host government forces, whether 
opposed to or receptive to operations that a unit intends to conduct, do not have effective control of the 
territory and population in the intended operational area (Uncertain Environment); or an operational 
environment in which hostile forces have control as well as the intent and capability to oppose or react 
effectively to the operations a unit intends to conduct (Hostile Environment). (National Military Strategy 
to Combat Weapons of Mass Destruction, Feb 2006) 


Non-Title 50 (NT50). Refers to those federal departments and organizations whose authorities derive 
from portions of United States Code other than Title 50, which addresses U.S. intelligence activities. 
NT50s are involved in many activities that affect national security, such as conducting foreign affairs; 
combating pandemic diseases; halting illicit trafficking; conducting scientific and medical research; 
regulating finance, commerce, and transportation; and protecting food, water and nuclear infrastructures. 


Notice of Intelligence Potential (NIP). A document alerting consumers of a potential collection opportunity 
involving sources, It is often associated with travel by the source or attendance at some event. (DHE-M 
3301.002, Vol II Collection Operations, 23 Nov 2010) 


Notional. Fictitious; most commonly used to refer to a nonexistent agent but also used to refer to fictitious 
organizations, individuals, or sources of information. (FBI FCI Terms) 


-- Also, fictitious, imaginary, existing only in the perception of the target. Antonym of real, true, 
genuine, or legitimate. (CIA, D&D Lexicon, 1 May 2008) 


-- Also, Notionals: fictious [sic], private commercial entities which exist on paper only. They serve as the 
ostensible employer of intelligence personnel, or as the ostensible sponsor of certain activities in support of 
clandestine operations. (Senate Report 94-755, Book I — Glossary, 26 Apr 1976) 


Notorious Individual. Someone who is widely known and has an unfavorable public reputation. 
(DoDD S-5200.37, Management and Execution of Defense HUMINT (U), 9 Feb 2009 w/. chg 2) 
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OFCO. Acronym, see Offensive Counterintelligence Operation. 


Offensive Counterintelligence Operation (OFCO). A clandestine CI activity conducted for military, 
strategic, DoD, or national Cl and security purposes against a target having suspected or known affiliation 
with FISS [Foreign Intelligence & Security Service], international terrorism, or other foreign persons or 
organizations, to counter terrorism, espionage, or other clandestine intelligence activities that threaten the 
security of the Department or the United States. The two types of OFCO are double agent operations and 
Counterintelligence Controlled Source Operations (CSO). (DoDI S-5240.09, OFCO, 29 Oct 2008) 


If defensive counterintelligence is checkers, then offensive counterintelligence is chess. 
-- Steven Aftergood, "DIA Takes on Offensive Counterintelligence," Secrecy News (12 Aug 2008) 


An ideal counterintelligence system anticipates the enemy's move, notionally 
satisfies his needs, and indeed operates a notional intelligence service for him. 
-- Eric W. Timm, “Countersabotage--A Cl Function" Studies in Intelligence, V7:2 (Spring 1963), p. 67 


Offensive CI operations — Cl folks call OFCO — are clandestine Cl activities run in support of DoD 
military national security objectives and programs against individuals known or suspected to be 
foreign intelligence officers with connections to foreign intelligence or international terrorist 
activities. And they're run to counter the foreign intelligence operations, espionage, against DoD 
national activities and, of course, terrorist operations against DOD or national. These are very 
tightly controlled departmental activities run by a small group of specially selected people within 
DoD. There are only four organizations in the department that can run these operations — Army 
Counterintelligence, Naval Criminal Investigative Service, Air Force Office of Special 
Investigations, and now DIA with the center [Defense CI & HUMINT Center]. 


-- Toby Sullivan, Director of Counterintelligence for USD/I, 5 Aug 2008; 
see Federal News Service transcript at <http://www.fas.org/irp/news/2008/08/dia-dchc.pdf> 


Offensive counterintelligence could exploit knowledge of secret adversary infrastructures to 
keep adversaries off-balance and to force them to divert critical resources to defend against 
the offensive thrusts of well-informed enemies. Offensive counterintelligence can also deceive 
and manipulate the leaders of hostile coalitions, as Western governments did repeatedly in 
WWII, and in the Gulf War. 


-- Roy Godson, Dirty Tricks or Trump Cards: US Covert Action and Counterintelligence, with new 
introduction by the author (paperback 2001), p. xxx 


For detailed information concerning DoD OFCO see DoDI S-5240.09, OFCO (U), 29 Oct 2008 


Many... offensive operations have changed history, 
but remain a misunderstood, and even unappreciated, CI penetration methodology. 
-- CI Centre (www.cicentre.com) 
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-- Also (previously defined in DoDD O-5240.02, dated 20 Dec 2007), an approved CI operation 
involving a formally recruited human source conducted for DoD or national purposes against a target 
having suspected or known foreign intelligence and security services affiliation, international terrorist 
affiliation, or other foreign persons or organizations, to counter terrorism, espionage, or other clandestine 
intelligence activities that threaten the security of the Department and/or the United States. 

Note: this definition was deleted from DoDD O-5240.02 with change 1 dated 30 Dec 2010. 


Offensive Cyber Operations (OCO). Cyberspace operations intended to project power by the application 
of force in or through cyberspace. (JP 1-02 and JP 3-12, Cyberspace Operations, 5 Feb 2013) 


-- Also, includes all US Government programs and activities that, through the use of cyberspace, 1) 
actively gather information from computers, information systems or networks or 20 manipulate, disrupt, 
deny, degrade, or destroy targeted adversary computers, information systems, or networks. (NSPD-38) 


-- Also, offensive operations to destroy, disrupt, or neutralize adversary cyberspace capabilities both 
before and after their use against friendly forces, but as close to their source as possible. The goal of 
Offensive Cyberspace Operations (OCO) is to prevent the employment of adversary cyberspace 
capabilities prior to employment. This could mean preemptive action against an adversary. (DSS 
Glossary) 


Official Information. Information that is owned by, produced for or by, or is subject to the control of the 
United States Government. (JP 1-02 and JP 3-61, Public Affairs, 25 Aug 2010) 


Office of Foreign Missions (OFM). An office in the Department of State, Bureau of Diplomatic Security 
that has three missions: 1) Protecting the interests of the US and its citizens from foreign diplomats' 
abuses of privileges and immunities; 2) Improving the treatment of US- personnel assigned abroad by 
imposing reciprocal treatment on foreign diplomats assigned to the US; and 3) Services to the foreign 
diplomatic community in a variety of areas. Programs include the review of all notifications by foreign 
missions of any intent to acquire property in the US and monitoring of foreign diplomatic travel. 


Office of the National Counterintelligence Executive (ONCIX). [The U.S. Government agency] charged 
with integrating the activities of all Cl programs to make them coherent and efficient, coordinating CI 
policy and budgets to the same end, and evaluating the performance of the Cl community against the 
[National CI] strategy. (National Intelligence: A Consumer's Guide - 2009) Also see National 
Counterintelligence Executive. 


-- Also, ONCIX provides effective leadership and support to the counterintelligence and security 
activities of the US Intelligence Community, the US Government, and US private sector entities who are 
at risk of intelligence collection or attack by foreign adversaries. (www.ncix.gov; accessed 9 Jun 2014) 


The ONCIX is part of the Office of the Director of National Intelligence and is staffed by senior 
counterintelligence (CI) and other specialists from across the national intelligence and security 
communities. The ONCIX develops, coordinates, and produces: 

Annual foreign intelligence threat assessments and other analytic Cl products 

An annual national Cl strategy for the US Government 

Priorities for Cl collection, investigations, and operations 

Cl program budgets and evaluations that reflect strategic priorities 

In-depth espionage damage assessments 

Cl awareness, outreach, and training standards policies. 

-- www.ncix.gov (accessed 9 Jun 2014) 


Office of Special Investigations (OSI). See Air Force Office of Special Investigations (AFOSI). 
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One-Time Pad (OTP). Sheets of paper or silk printed with random five-number group ciphers to be used 
to encode and decode enciphered messages. (Cl Centre Glossary) 


-- Also, groups of random numbers or letters arranged in columns, used for encoding and decoding 
messages. Since the codes are only used once, a properly employed OTP is theoretically unbreakable. 
(Spycraft) 


-- Also, sheets of randomly generated numbers, usually formatted into four- or five-digit groups. Each 
party to the secret communication... uses the same one-time pad. By a simple process of alphabetic 
substitution, along with “false subtraction” and “false addition,” the two sides can securely communicate 
with each other. (James M. Olson, Fair Play: The Moral Dilemmas of Spying, 2006) 


-- Also, manual one-time cryptosystem produced in pad form. (CNSSI No. 4009, National Information 
Assurance Glossary, 26 April 2010) 


An unbreakable cipher when used properly 
One-time pad (OTP), also called Vernam-cipher or the perfect cipher, is a crypto algorithm where 
plaintext is combined with a random key. It is the only known method to perform mathematically 
unbreakable encryption. See <http://users.telenet.be/d.rijmenants/en/onetimepad.htm> 


One-Time Source. A source who, may not reasonably be expected to provide information on a regular 
or continuing basis by reason of limited knowledgeability or circumstances of contact. (HDI Lexicon, April 
2008) 


-- Also, a source of information of value that was, and will be, encountered only once. (US Army 
FM 2-22.3, HUMINT Collector Operations, 6 Sep 2006) 


A one-time source cannot be tasked to collect information, but can be sensitized to information in 
which the collector is interested. 


For more information see: <http://users.telenet.be/d.rijmenants/en/onetimepad.htm> 


One-Way Radio Link (OWRL). The method of transmitting over radio (by voice, key, or impulses) 
messages to intelligence personnel who, by prearrangement, are in possession of a time schedule, 
signal, code, or cipher that enables them to receive and decipher messages. (AFOSI Manual 71-142, 
OFCO, 9 Jun 2000) 


One-Way Voice Link (OWVL). One-way radio link that transmits a coded voice message to intelligence 
personnel who, by prearrangement, are in possession of a time schedule, signal, code, or cipher that 
enables them to receive and decipher messages. (AFOSI Manual 71-142, OFCO, 9 Jun 2000) 


-- Also, shortwave radio link used to transmit prerecorded enciphered messages to an operative, who 
is usually working in place in a hostile area. (CI Centre Glossary) 


Open. Not classified or concealed. (CIA, D&D Lexicon, 1 May 2002) 


Open Source. Any person or group that provides information without the expectation of privacy—the 
information, the relationship, or both is not protected against public disclosure. (Army Techniques 
Publication 2-22.9, Open-Source Intelligence, 10 Jul 2012) 


Open Source Acquisition. The act of gaining possession of, or access to open source information 
synonymous with "open source collection." The preferred term is acquisition because by definition, open 
sources are collected and disseminated by others[,] open source exploiters acquire previously collected 
and publicly available information second-hand. (ICD 301, National Open Source Enterprise, 11 Jul 2006) 
Also see open source information and open source intelligence. 
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Open Source Center (OSC). Advances the Intelligence Community's exploitation of openly available 
information to include the Internet, databases, press, radio, television, video, geospatial data, photos and 
commercial imagery; functions include collection, analysis and research, training and information 
technology management to facilitate government-wide access and use. The Director CIA will administer 
the Center on behalf of the DNI. (ODNI News Release 6-05, 8 Nov 2005) 


-- Also, the OSC acts as a service of common concern to advance the IC's exploitation of open 
source material and nurtures acquisition, procurement, analysis, dissemination, and sharing of open 
source information, products, and services throughout the USG; established at CIA and builds on the 
former Foreign Broadcast Information Service and will include personnel from across the IC and other 
USG organizations; Dir CIA serves as the DNI’s Executive Agent for the Center. (ICD 310, National Open 
Source Enterprise, 11 Jul 2006) 


Open Source Collection. See Open Source Acquisition. 


Open Source Information. Publicly available information which anyone can lawfully obtain by request or 
observation. (ICD 301, National Open Source Enterprise, 11 Jul 2006) 


-- Also, information that any member of the public could lawfully obtain by request or observation as 
well as other unclassified information that has limited public distribution or access. (JP 2-0, Joint 
Intelligence, 22 Oct 2013) 


We have no need for spies. We have the Times. 
-- Tsar Nicholas | cited in Haswell, Spies and Spymasters (1977) 


Open Source Intelligence (OSINT). Intelligence produced from publicly available information that is 
collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of 
addressing a specific intelligence requirement. (PL109-163 § 931 and ICD 1, 1 May 2006) 


“Ninety percent of intelligence comes from open sources. The other ten percent, the clandestine 
work, is just the more dramatic. The real intelligence hero is Sherlock Holmes, not James Bond.” 


-- Lieutenant General Samuel V. Wilson, USA (Ret.), Former Director, Defense Intelligence Agency 


-- Also, relevant information derived from the systematic collection, processing, and analysis of 
publicly available information in response to known or anticipated intelligence requirements. (JP 2-0, Joint 
Intelligence, 22 Oct 2013) 


-- Also, publicly available information appearing in print or electronic form, including information from 
radio, television, newspapers, journals, the Internet, commercial databases, and videos, graphics, and 
drawings used to enhance intelligence analysis and reporting. (ODNI, U.S. National Intelligence — An 
Overview 2011) 


-- Also, relevant information derived from the systematic collection, processing, and analysis of 
publicly available information in response to intelligence requirements. (Army FM 2-22.9, Open Source 
Intelligence, Dec 2006) 


-- Also, the discipline that pertains to intelligence produced from publicly available information that is 
collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of 
addressing a specific intelligence requirement. (Army FM 2-0, Intelligence, 23 Mar 2010) 


OSINT generally falls into four categories: 1) widely available data and information; 2) targeted 
commercial data; 3) individual experts; and 4) “gray” literature, which consists of written information 
produced by the private sector, government, and academe that has limited availability, either 
because few copies are produced, existence of the material is largely unknown, or access to 
information is constrained. 
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OSINT can include: media such as newspaper, magazines, radio, television, and computer-based 
information; public data such as government reports, and official data such as budgets and 
demographics, hearings, legislative debates, press conferences, and speeches; information 
derived from professional and academic sources such as conferences, symposia, professional 
associations, academic papers, dissertations and theses, and experts; commercial data such as 
commercial imagery; gray literature such as trip reports, working papers, discussion papers, 
unofficial government documents, proceedings, preprints, research reports, studies, and market 
surveys; and information, which although unclassified, could be considered company proprietary, 
financially sensitive, legally protected, or personally damaging, as well as information derived from 
Internet blogs. 


-- CRS Report RL34270, 5 Dec 2007 


Clandestine technical and humint sources can be used to confirm this kind of special take from 
open sources—and open sources can be used to confirm the information from clandestine sources. 
-- Roy Godson, Dirty Tricks or Trump Cards: US Covert Action and Counterintelligence (1995), p. 204 


Operation Order (OPORD). A directive issued by a commander to subordinate commanders for the 
purpose of effecting the coordinated execution of an operation. (JP 5-0, Joint Operation Planning, 11 Aug 
2011) 


Operation Plan (OPLAN). 1) Any plan for the conduct of military operations prepared in response to 
actual and potential contingences; 2) A complete and detailed joint plan containing a full description of the 
concept of operations, all annexes applicable to the plan, and a time-phased force and deployment data. 
(JP 5-0, Joint Operation Planning, 11 Aug 2011) 


Operational Control (OPCON). The authority to perform those functions of command over subordinate 
forces involving organizing and employing commands and forces, assigning tasks, designating objectives, 
and giving authoritative direction necessary to accomplish the mission. (JP 1, Doctrine for the Armed 
Forces of the United States, 25 Mar 2013) 


Operational Cycle (Ops Cycle). See recruitment cycle. 


Operational Environment. A composite of the conditions, circumstances, and influences that affect the 
employment of capabilities and bear on the decisions of the commander. (JP 1-02 and JP 3-0, Joint 
Operations, 11 Aug 2011) 


Operational Intelligence. Intelligence that is required for planning and conducting campaigns and major 
operations to accomplish strategic objectives within theaters or operational areas. (JP 1-02 and JP 2-0, 
Joint Intelligence, 22 Oct 2013) Also see strategic intelligence; tactical intelligence. 


Operational Interest (Ol). [Within HUMINT usage] exclusive contact with a source, as established by a 
HUMINT organization. Within DoD, established for all sources upon IDSRS Deconfliction and assignment 
of a NFN. Between DoD and other national agencies, granted for clandestine leads and sources by the 
Interagency Source Registry (ISR). (DHE-M 3301.002, Vol II Collection Operations, 23 Nov 2010) 

-- Also, see classified definition in AR 381-20, Army Cl Program (U), 25 May 2010. 
Operational Level of War. The level of war at which campaigns and major operations are planned, 
conducted, and sustained to achieve strategic objectives within theaters or other operational areas. 
(JP 1-02 and JP 3-0, Joint Operations, 11 Aug 2011) Also see tactical level of war; strategic level of war. 


Operational Proposal. A formal document prepared by DoD collection elements to outline a proposed 
activity or operation. (HDI Lexicon, April 2008) 


Operational Testing. A continuing process of evaluation that may be applied to either operational 
personnel or situations to determine their validity or reliability. (JP 1-02) 
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-- Also, any means or process employed to establish authenticity, reliability, or control. (HDI Lexicon, 
April 2008) 


Operational Warning. A warning to theater level or equivalent decision makers of developing situations or 
ongoing event which may initiate operational planning or trigger the execution or change in status of 
standing operations or contingency plans. (DoDD 3115.16, The Defense Warning Network,5 Dec 2013) 


Operations Officer - CIA. A career track within the Core Collector profession of the National Clandestine 
Service (NCS), Central Intelligence Agency (CIA). Operations Officers (OO's) are focused full time on 
clandestinely spotting, assessing, developing, recruiting, and handling individuals with access to vital 
foreign intelligence on the full range of national security issues. OO's use their sound judgment, high 
integrity, strong interpersonal skills, and ability to assess the character and motivations of others to 
establish strong human relationships and trust that provides the foundation needed to acquire high-value 
intelligence from foreign sources. An OO's career can include assignments in the NCS's three key areas 
of activity—human intelligence collection, counterintelligence, and covert action—on issues of highest 
interest to US national security, such as international terrorism, weapons proliferation, international crime 
and narcotics trafficking, and capabilities and intentions of rogue nations. Operations Officers serve the 
bulk of their time in overseas assignments that range typically from 2-3 years. (CIA; see 
<https://www.cia.gov/careers/jobs/view-all-jobs/core-collector.html>; accessed 19 Mar 2009) 


Operations Security (OPSEC). A process of identifying critical information and analyzing friendly actions 
attendant to military operations and other activities to: identify those actions that can be observed by 
adversary intelligence systems; determine indicators and vulnerabilities that adversary intelligence 
systems might obtain that could be interpreted or pieced together to derive critical information in time to 
be useful to adversaries, and determine which of these represent an unacceptable risk; then select and 
execute countermeasures that eliminate the risk to friendly actions and operations or reduce it to an 
acceptable level. (DoDD 5205.02E, DoD OPSEC Program, 20 Jun 2012) 


-- Also, a process of identifying critical information and subsequently analyzing friendly actions 
attendant to military operations and other activities to: a) identify those actions that can be observed by 
adversary intelligence systems; b) determine indicators that adversary intelligence systems might obtain 
that could be interpreted or pieced together to derive critical information in time to be useful to 
adversaries; and c) select and execute measures that eliminate or reduce to an acceptable level the 
vulnerabilities of friendly actions to adversary exploitation. (JP 1-02 and JP 3-13.3, Operations Security, 
4 Jan 2012) 


OPSEC's most important characteristic is that it is a process and not a collection of 
specific rules and instructions that can be applied to every operation or activity 


Although good operational security (Opsec) does not guarantee the success of any intelligence 
operation, faulty Opsec almost surely guarantees worse than failure. 
-- Angelo Codevilla, Informing Statecraft: Intelligence for a New Century (1992), p. 33 


OPSEC... is a systematic and proved process... [to] deny potential adversaries information about 
capabilities and intentions by identifying, controlling, and protecting generally unclassified evidence 
of the planning and execution of sensitive Government activities. 

-- NSDD 298, National Operations Security Program, 22 Jan 1988, p.1 


[T]here is a clear and compelling need for operational security in a military environment and in the 
conduct of sensitive operations. 
-- Joint Security Commission, Redefining Security, 28 Feb 1994, p. 66 


Director, DIA provides intelligence and counterintelligence threat analysis to support OPSEC 
planning to all DoD Components. . 
— DoDD 5205.02E, DoD OPSEC Program, 20 Jun 2012, p. 5 
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National OPSEC Program 
In 1988, President Ronald Reagan signed National Security Decision Directive 298 (NSDD 298). 
This directive established the "National Operations Security Program" as a means to identify, 
control, and protect unclassified information and evidence associated with U.S. national security 
programs and activities. 


NSDD 298 named the Director, National Security Agency, as the Executive Agent for interagency 
OPSEC training and included in his responsibilities the establishment and maintenance of the 
Interagency OPSEC Support Staff (IOSS). 


The primary responsibility of the IOSS is to act as a consultant to other U.S. government 
departments or agencies by providing technical guidance and assistance that will result in self- 
sufficient OPSEC Programs for the protection of U.S operations. Members of the IOSS staff 
assess OPSEC programs, assist in OPSEC program development, conduct surveys, assessments 
and provide OPSEC training. 


See IOSS web site at: «https://www.iad.gov/ioss/» 


Operations Security Assessment (OPSEC Assessment). An evaluative process, usually exercise, or 
support function to determine the likelihood that critical information can be protected from the adversary's 
intelligence. (JP 1-02 and JP 3-13.3, Operations Security, 4 Jan 2012) 


Operations Security Countermeasures (OPSEC Security Countermeasures). Methods and means to gain 
and maintain essential secrecy about critical information. (JP 1-02 and 3-13.3, Operations Security, 4 Jan 
2012) 


Operations Security Indicators (OPSEC Indicators). Friendly detectable actions and open-source 
information that can be interpreted or pieced together by an adversary to derive critical information. (JP 1- 
02 and JP 3-13.3, Operations Security, 4 Jan 2012) 


Operations Security Process (OPSEC Process). A process that examines a complete activity to 
determine what, if any, exploitable evidence of classified or sensitive activity may be acquired by 
adversaries. It is an analytical, risk-based process that incorporates five distinct elements: 1) critical 
information identification; threat analysis; 3) vulnerability analysis; 4) risk assessment; and 5) OPSEC 
countermeasures. (DoD 5205.02-M, DoD OPSEC Program Manual, 3 Nov 2008) 
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P. 
The operations security process involves five steps: 
E identification of critical information, analysis of threats, 
TES Apply See analysis of vulnerabilities, assessment of risk, and 


application of appropriate countermeasures. 
-- NSDD 298, National Operations Security Program, 22 Jan 1988 
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Operations Security Survey (OPSEC Survey). An application of the OPSEC process by a team of subject 
matter experts to conduct a detailed analysis of activities associated with a specific organization, 
operation, activity, exercise, or support function by employing the known collection capabilities of potential 
adversaries. (DODD 5205.02E, DoD OPSEC Program, 20 Jun 2012) 


-- Also, a collection effort by a team of subject matter experts to reproduce the intelligence image 
projected by a specific operation or function simulating hostile intelligence processes. (JP 1-02 and 
JP 3-13.3, Operations Security, 4 Jan 2012) 
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Operations Security Vulnerability (OPSEC Vulberability). A condition in which friendly actions provide 
operations security indicators that may be obtained and accurately evaluated by an adversary in time to 
provide a basis for effective adversary decisionmaking. (JP 1-02 and JP 3-13.3, Operations Security, 

4 Jan 2012) 


Operations Support Element (OSE). An element that is responsible for all administrative, operations 
support and services support functions within the counterintelligence and human intelligence staff 
element of a joint force intelligence directorate. (JP 1-02 and JP 2-01.2, CI & HUMINT in Joint Operations, 
16 Mar 2011 w/ chg 1 dated 26 Aug 2011) [Normally in the J2X] 


OPSEC, See Operations Security, 


Organized Cyber Intruders/Attackers. Those individuals, groups or organizations who violate 
international law or conventions relating to computer networks or who otherwise use the cyberspace 
domain to interfere with, disrupt, or deny computer network services. (OSD, Guidance for Employment 
of the Force) 


Original Classification Authority (OCA). An individual authorized in writing, either by the 
President, the Vice President, or by agency heads or other officials designated by the President, 
to initially classify information. (DoD IG Evaluation Guide, 22 Jan 2013) 


-- Also, an individual authorized in writing, either by the United States (U.S.) President, or by agency 
heads or other officials designated by the President, to classify information in the first instance. OCAs 
must receive training to perform this duty. (DSS Glossary) 


OCAs and other individuals delegated declassification authority in writing by the head of the IC 
element may declassify information within their purview pursuant to EO 13526 and 32 CFR Part 
2001 guidelines. Only the DNI may declassify space-based national imagery, pursuant to EO 
12951. 

-- ICD 710, Classification Management and Control Markings System, 21 Jun 2013 


Other Government Agency (OGA). Within the context of interagency coordination, a non Department 
of Defense agency of the United States Government. (JP 1-02) 


Overhead Reconnaissance. Activities carried out by space-based capabilities whose principal purpose 
is conducting and/or enabling intelligence collection. These activities are comprised of associated R&D, 
acquisition, test and evaluation, and system operations performed on or by satellites, communications, 
and facilities for data processing as well as command and control of spacecraft and payloads. (DoDD 
5105.23, NRO, 28 Jun 2011) 


Overt. Activities that are openly acknowledged by or readily attributable to the US Government, and 
include activities designed to acquire information through legal and open means without concealment. 
Overt information may be collected by observation, elicitation, or from knowledgeable human sources. 
(ICD 304, HUMINT, 6 Mar 2008; DoDD S-5200.37, 9 Feb 2009; JP 1-02; and JP 2-01.2, CI & HUMINT 
in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 


-- Also, refers to being in the open, without any attempt to deceive or mislead, with full knowledge 
of coordinating units or agencies; activity done without attempt to conceal it. (Cl Community Lexicon) 


-- Also, methods of conducting DoD activities that may be acknowledged by or attributable to the U.S. 
Government. (HDI Lexicon, April 2008) 
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Overt Collection. Intelligence activities with the ultimate goal of intelligence information collection which 
are not designed or executed to conceal sponsorship, collection activity, identity of operators, or 
methodologies employed. (Previously in DoDI S-5240.17, CI Collection, 12 Jan 2009) Also see open 
source intelligence. 


-- Also, the acquisition of intelligence information in the public domain. (Cl Community Lexicon) 
* While the importance of clandestine collection should not be underestimated, many of the 
pieces of the jigsaw puzzle which is 'finished foreign intelligence' can be overtly collected 
by a well-organized information gathering system." 


-- Rockefeller Commission Report (June 1975), p. 209 


Overt Intelligence. Information collected openly from public or open sources. (Senate Report 94-755, 
Book | — Glossary, 26 Apr 1976) 


Overt Operation. An operation conducted openly, without concealment. (JP 1-02 and JP 2-01.2, CI & 
HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 


Overt [HUMINT] Operations. Openly acknowledged by, or are readily attributable to, the US Government. 


Overt HUMINT methods include: debriefing, interrogation, elicitation, and observation. (JP 2-01.2, CI & 
HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 
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Packet Sniffer. Software that observes and records network traffic. (NIST, Glossary of Key Information 
Security Terms, May 2013) 


Parallel Investigative Jurisdiction. One or more agencies with differing objectives having simultaneous 
authority to investigate a matter or incident. An example would be a criminal matter that has a national 
security implication, which might require investigation by both a Cl organization and a criminal 
investigative organization. (AR 381-20, Army Cl Program, 25 May 2010) 


Paramilitary Forces. Forces or groups distinct from the regular armed forces of any country, but 
resembling them in organization, equipment, training, or mission. (JP 1-02 and JP 3-24, 
Counterinsurgency, 22 Nov 2013) 


Parole. A prearranged verbal exchange used for recognition and identification between intelligence 
personnel. (AFOSI Manual 71-142, OFCO, 9 Jun 2000) 


-- Also, a prearranged verbal exchange used by intelligence personnel to identify themselves to each 
other. (FBI FCI Terms) 


Passive Source. An individual recruited by a military Cl agency to act as a listening post for Cl purposes 
in a location associated with the individual’s job or social status. This source undertakes no actions 
unless associated with such status. A passive source is recruited or placed in an area that foreign 
intelligence would consider a priority target and there is evidence of foreign intelligence spotting, 
assessing, or recruiting activities. (AFOSI Manual 71-119, Cl Investigations, 27 Oct 2009) 


Pattern Recognition. An inductive process of recognizing a commonality or trend in an aggregate of 
indications from which as plausible explanation or model can be developed. (Word of Intelligence, 2" 
Edition, 2011) 


Patterns. [In Cl usage,] ...repeated incidents that may be similar in nature or dissimilar events that occur 
in a specific location or time span that may indicate potential FISS and ITO [international terrorist 
organization] targeting or information exploitation. (Army FM 2-22.2, CI. Oct 2009) 


Patriot Act (aka USA Patriot Act). The official title is "Uniting and Strengthening America by Providing 
Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001." An act to 
deter and punish terrorist acts in the United States and around the world, to enhance law enforcement 
investigatory tools, and for other purposes. (PL 107-56, 26 Oct 2001; codified as amended at 50 USC 8 
1861) 


The Patriot Act substantially expanded the authority of U.S. law enforcement agencies for the 
stated purpose of fighting terrorism in the United States and abroad. Among its provisions, the Act: 
-- increased the ability of law enforcement agencies to search telephone and e-mail 
communications and medical, financial and other records; 
-- eased restrictions on foreign intelligence gathering within the United States; 
-- expanded the Secretary of the Treasury's authority to regulate financial transactions, 
particularly those involving foreign individuals and entities; and 
-- enhanced the discretion of law enforcement and immigration authorities in detaining 
and deporting immigrants suspected of terrorism-related acts. 


The act also expanded the definition of terrorism to include "domestic terrorism," thus enlarging the 
number of activities to which the Patriot Act’s expanded law enforcement powers can be applied. 
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The Patriot Act made a number of changes to U.S. law. Key acts changed were the Foreign 
Intelligence Surveillance Act of 1978 (FISA), the Electronic Communications Privacy Act of 1968 
(ECPA), the Money Laundering Control Act of 1986, and Bank Secrecy Act (BSA), as well as the 
Immigration and Nationality Act. 


Additional information on the Patriot Act available on NCIX website at: 
«http://www.ncix.gov/publications/law/index.html- 


PCASS. Acronym for “Preliminary Credibility Assessment Screening System.” (DoDI 5210.91, Polygraph 
and Credibility Assessment Procedures, 12 Aug 2010 with change 1 dated 15 Oct 2013) Also see 
PCASS Instrument; polygraph examination. 


PCASS Instrument. A diagnostic instrument used during an interview capable of monitoring, recording, 
and/or measuring electrodermal and vasomotor activity. The PCASS instrument uses an algorithm to 
evaluate the physiological responses recorded by the two components. (DoDI 5210.91, Polygraph and 
Credibility Assessment Procedures, 12 Aug 2010 with chg 1 dated 15 Oct 2013) See PCASS. 
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The PCASS shall only be used as a field-expedient tool to screen persons of interest for 
intelligence and security purposes. Only certified personnel may conduct PCASS examinations. 


Per DoD policy, the PCASS will not be used to test U.S. persons (however does not apply to 
PCASS examinations conducted for training); see Enclosure 5, DoD Instruction 5210.91. 


Peace Operations (PO). A broad term that encompasses multiagency and multinational crisis response 
and limited contingency operations involving all instruments of national power with military missions to 
contain conflict, redress the peace, and shape the environment to support reconciliation and rebuilding 
and facilitate the transition to legitimate governance. Peace operations include peacekeeping, peace 
enforcement, peacemaking, peace building, and conflict prevention efforts. (JP 3-07.38 Peace Operations, 
17 Oct 2007) 


Peace Building. Stability actions, predominately diplomatic and economic, that strengthen and rebuild 
governmental infrastructure and institutions in order to avoid a relapse into conflict. (JP 3-07.3, Peace 
Operations, 17 Oct 2007) 

Peace Enforcement. Application of military force, or the threat of its use, normally pursuant to 


international authorization, to compel compliance with resolutions or sanctions designed to maintain or 
restore peace and order. (JP 3-07.3, Peace Operations, 17 Oct 2007) 
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Peacekeeping. Military operations undertaken with the consent of all major parties to a dispute, designed 
to monitor and facilitate implementation of an agreement (cease fire, truce, or other such agreement) and 
support diplomatic efforts to reach a long-term political settlement. (JP 3-07.3, Peace Operations, 17 Oct 

2007) 


Peacemaking. The process of diplomacy, mediation, negotiation, or other forms of peaceful settlements 
that arranges an end to a dispute and resolves issues that led to it. (JP 3-07.3, Peace Operations, 17 Oct 
2007) 


Pen Register. A device which records or decodes electronic or other impulses which identify the numbers 
dialed or otherwise transmitted on the telephone line to which such device is attached, but such term 
does not include any device used by a provider, or customer of a wire or electronic communication 
service for billing, or recording as an incident to billing, for communications services provided by such 
provider or any devise used by a provider, or customer of a wire communication service for cost 
accounting or other like purposes in the ordinary course of its business; see 18 USC §3127(3). 

(AR 381-10, US Army Intelligence Activities, 3 May 2007) Also see trap and trace. 


-- Also, [a device that] records or decodes dialing, routing addressing or signaling information 
transmitted by an instrument or facility from which a wire or electronic communication is transmitted, 
provided that such information must not include the contents of any communication. (FBI Domestic 
Investigations and Operations Guide, 15 Oct 2011) 


A pen register captures all outgoing phone numbers a particular telephone has called. A trap and 
trace device identifies all incoming phone numbers to a particular telephone. 


Pen register and trap and trace (PR/TT) devices enable the prospective collection on non-content 
traffic information associated with wire and electronic communications, such as: the phone 
numbers dialed from or to a particular telephone, including electronic communications; messages 
sent from or to a particular telephone; or the internet protocol (IP) address of communications on 
the Internet and other computer networks. 

-- FBI Domestic Investigations and Operations Guide, 15 Oct 2011, p. 18-123 


Penetration. [In intelligence usage,] the recruitment of agents within or the infiltration of agents or 
technical monitoring devices in an organization or group for the purpose of acquiring information or of 
influencing its activities. (ICS Glossary) 


Note: This term was previously in JP 1-02, however rescinded by JP 2-01.2, 16 Mar 2011. 


-- Also, the recruitment of agents within, or the planting of agents or technical monitoring devices 
within, a target organization to gain access to its secrets or to influence its activities. (Senate Report 
94-755, Book I — Glossary, 26 Apr 1976) 


-- Also, a principal counterintelligence objective is penetration of an adversary, and this can be 
achieved by the recruitment of a key source within an opponent's organization. Ideally, the penetration 
will be the recruitment of a senior figure with sufficient access to compromise all the service's operations, 
but lower-level penetrations, such as the management of a double agent, may be sufficient to reveal the 
identities of case officers and their operational premises. (Historical Dictionary of Cold War 
Counterintelligence, 2007) 


The best way to catch a spy is to recruit a spy 
-- Counterespionage Maxim 
(cited in Stuart A. Herrington, Traitors Among US: Inside the Spy Catcher's World, 1999, p. 255) 
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Penetration — a time-honored espionage practice 
...O0h what a tangled web we weave 


The key to CI success is penetration. For every American spy, there are several members of the 
opposition service who know who he or she is. No matter what it takes, we have to have 
penetrations. 
-- James M. Olson, “The Ten Commandments of Counterintelligence," Studies in Intelligence, Vol. 54 No. 5; 
see <https://www.cia.gov/library/center-for-the-study-of-intelligence/kent-csi/vol45no5/html/v45i5a08p.htm> 


Almost every spy that we have found, both in the CIA and FBI, has been found with the aid of 
recruited sources of our own on other hostile intelligence services. 


-- William Webster, Former FBI Director and DCI, in Senate testimony (9 Apr 2002) 


If the purpose of counterespionage is to manipulate enemy intelligence, as it is, then to have 
controlled agents in the staff of an enemy service is the most important objective of 
counterintelligence. 


-- William R. Johnson, Thwarting Enemies at Home and Abroad (2009) 


...[CJounterespionage has one purpose which transcends all others in importance: penetration. 
The only way to be sure that an enemy has been contained is to know his plans in advance and 
in detail. Moreover, only a high-level penetration of the opposition can tell you whether your own 
service is penetrated. 


...Conducting CE without the aid of penetrations is like fighting in the dark. Conducting CE with 
penetrations can be like shooting fish in a barrel. The famous case of Col. Oleg Penkovskiy... 
illustrates the great value of penetrations. There can never be enough of them. 


-- Austin B. Matschulat, "Coordination and Cooperation in Counterintelligence," Studies in Intelligence, 
V13: 2 (Spring 1969), pp. 29-30. 


Penetrating an adversary's intelligence service, especially the counterintelligence units, is one of 
the most valuable counterintelligence techniques. Often it is also notoriously difficult. 
-- Roy Godson, Dirty Tricks or Trump Cards: US Covert Action and Counterintelligence (1995), p. 207 


All countries... strive hard to secure penetration agents; and they constitute the counter- 
intelligence officer's worst nightmare. 


-- Chapman Pincher. Traitors: The Anatomy of Treason, First U.S. Edition (1987), p. 29 


Penetrations - selected examples: 

-- Colonel L Oleg V. Penkovsky was a British-US penetration of Soviet military intelligence (GRU). 
-- Harold A.R. "Kim" Philby was a Soviet penetration of British intelligence. 

-- Aldrich "Rick" Ames was a Soviet/Russian penetration of the CIA. 

-- Robert (Bob) Hanssen was a Soviet/Russian penetration of the FBI. 


Penetration Operation. The recruitment of agents within, the infiltration of agents, or the introduction of 
technical monitoring devices into an organization or physical facility to acquire information or influence the 
organization’s activities. (AR 381-47, OFCO, 17 Mar 2006) Also see recruitment-in-place. 


Penetration Testing. [In computer usage] a test methodology in which assessors, typically working under 
specific constraints, attempt to circumvent or defeat the security features of an information system. 
(CNSSI No. 4009, National Information Assurance Glossary, 26 April 2010) 


Pentagon Force Protection Agency (PFPA). [DoD agency that] provides force protection, security, and 
law enforcement to safeguard personnel, facilities, infrastructure, and other resources for the Pentagon 


Reservation and designated DoD facilities within the National Capital Region (NCR). (DoDD 5105.68, 
PFPA, 5 Dec 2013) 
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Perception Management. Within DoD: None -- term removed from JP 1-02. 


Periodic Reinvestigation (PR). An investigation conducted every 5 years for the purpose of updating a 
previously completed background or special background investigation. The scope consists of a personal 
interview, National Agency Check (NAC), Local Agency Check (LAC), credit bureau checks, employment 
records, employment references, and developed character references, and normally will not exceed the 
most recent 5-year period. (DSS Glossary) 


Permissive Environment. Operational environment in which host country military and law enforcement 
agencies have control as well as the intent and capability to assist operations that a unit intends to 
conduct. (JP 1-02 and JP 3-0, Joint Operations, 11 Aug 2011) 


PERSEREC. See Defense Personnel Security Research Center. 


Persistent Conflict. The protracted confrontation among state, nonstate, and individual actors that are 
increasingly willing to use violence to achieve their political and ideological ends. (Army FM 3-0, 
Operations, Feb 2008) 


Persistent Surveillance. Within DoD: None -- term removed from JP 1-02. 


Previously defined in JP 1-02 and JP 2-0, Joint Intelligence (22 Jun 2007) as: a collection strategy 
that emphasizes the ability of some collection systems to linger on demand in an area to detect, 
locate, characterize, identify, track, target, and possibly provide battle damage assessment and re- 
targeting in near or real-time. Persistent surveillance facilitates the prediction of an adversary's 
behavior and the formulation and execution of preemptive activities to deter or forestall anticipated 
adversary courses of action 


Persona. The social facade or image a person projects in public. A persona may be true or false. (DoDI 
S-5105.63, Implementation of DoD Cover and Cover Support Activities, 20 Jun 2013) 


Persona Non Grata (PNG). An international diplomatic term meaning "person who is not acceptable or 
not welcome." It is a legal status applied to diplomats who have been caught by the host country in 
espionage or other unlawful activities and are expelled and thereafter denied access to the host country. 
(CI Community Lexicon) 


Latin for "unwelcome person." The provision for declaring a person persona non grata is codified 
in international law; see Article 9 of the Vienna Convention on Diplomatic Relations of 1961. 


-- Also, a diplomatic expulsion by flag accrediting country. (AFOSI Manual 71-142, OFCO, 9 Jun 
2000) 


-- Also, the official act of declaring a foreign national unwelcome in this country. (FBI FCI Terms) 

-- Also, in diplomatic usage and under international law, the official act of declaring a foreign national, 
usually an official of a foreign government, as no longer welcome and forcing his/her expulsion. In 
tradecraft terminology, the undesirable individual is PNG'd. The most common use of PNG is for foreign 
diplomatic or official personnel caught in the act of engaging in illegal espionage activities. (The CIA 
Insider's Dictionary, 1996) 


Personal Meeting (PM). Face-to-face contact between a handler and a lead or asset. (HDI Lexicon, April 
2008) 
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-- Also, a clandestine meeting between two operatives, always the most desirable but a more risky 
form of communication. (CI Centre Glossary) 


Personal meetings may be held to give an agent his next assignment and instructions for carrying 
it out, to train him in tradecraft or the use of technical or communications equipment, to transmit 
documents, reports, technical equipment, money, or other items, or to fulfill several of these 
purposes. In actual practice several purposes are usually served by a meeting. In addition to its 
particular objectives more general needs can be filled. A meeting held for training purposes may 
be a means for clarifying biographic data on the agent or his views on various subjects. At every 
meeting with an agent one should study him and obtain new data on his potential and talents, 
thereby providing a better basis for judging his sincerity and deciding how much trust to place in 
him. 

-- L.K. Berrenev, 'Operational Contacts," Studies in Intelligence, Vol 9, Winter 1965, p.64 

[declassified 18 Sep 1995; originally classified SECRET]. 


Personal Protective Security Detail. Security personnel assigned to protect individuals who, by their 
grade, assignment, symbolic value, or relative isolation, are likely attractive or accessible terrorist targets. 
These trained and armed personnel are capable of providing continuous protection for designated 
individuals. (DoDD 5105.68, PFPA, 5 Dec 2013) 


Personally Identifiable Information (PII). Information which can be used to distinguish or trace an 
individual's identity, such as his or her name; social security number; date and place of birth; mother's 
maiden name; and biometric records, including any other personal information which is linked or linkable 
to a specified individual. Includes information about an individual that identifies, links, relates, or is unique 
to, or describes him or her (e.g., a social security number; age; military rank; civilian grade; marital status; 
race; salary; home or office phone numbers; other demographic, biometric, personnel, medical, and 
financial information, etc). (DoDD 5400.11, DoD Privacy Program, 8 May 2007) 


-- Also, information that can be used to uniquely identify, contact, or locate a single person or can be 
used with other sources to uniquely identify a single individual. (DSS Glossary) 


Personnel Security. The security discipline that assesses the loyalty, reliability, and trustworthiness of 
individuals for initial and continued eligibility for access to classified information or assignment in sensitive 
positions. (DoDD 5200.43, Management of the Defense Security Enterprise, 1 Oct 2012, w/ chg 1) 


-- A security discipline that assesses the loyalty, reliability, and trustworthiness of individuals for initial 
and continued eligibility for access to classified information. (IC Standard 700-1, 4 Apr 2008) 


-- Also, [with US Army] the application of standards and criteria to determine whether or not an 
individual is eligible for access to classified information, qualified for assignment to or retention in 
sensitive duties, and suitable for acceptance and retention in the total Army consistent with national 
security interests. (AR 380-67, Personnel Security Program, 24 Jan 2014) 


The essence of personnel security is to determine that those who have access to secrets as a 
result of their jobs are people of sufficient probity and responsibility who will safeguard that data. 


-- Frederick L. Wettering, "Counterintelligence: The Broken Triad." /nternational Journal of Intelligence 
and Counterintelligence 13 (Fall 2000), pp. 265-299. 


Personnel Security—The First and Best Defense 


The personnel security system is a the very heart of the government's security mission. ...(The 
main purpose of personnel security programs is to protect the national security interests of the 
United States by insuring the reliability and trustworthiness of those whom information vital to those 
interests is entrusted. 


-- Joint Security Commission, Redefining Security: A Report to the Secretary of Defense and the Director 
Central Intelligence, 28 Feb 1994, p. 39 
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For additional information see -- Personnel Security References 


EO 12968, Access to Classified Information 


EO 13467, Reforming Processes Related to Suitability for Government Employment, Fitness for 
Contractor Employees, and Eligibility for Access to Classified National Security Information 
DoD 5200.2-R, Personnel Security Program 


For Army policy see: AR 380-67, Personnel Security Program 


Personnel Security Investigation (PSI). An inquiry into the activities of an individual, designed to develop 
pertinent information pertaining to trustworthiness and suitability for a position of trust as related to loyalty, 
character, emotional stability, and reliability. (JP 1-02 and JP 2-01, Joint and National Intelligence Support 
to Military Operations, 5 Jan 2012) 


DoD generates 90% of the security investigation requirements in the Executive Branch... 
-- Security and Suitability Process Reform: Strategic Framework, Feb 2010 


A PSI is an inquiry into an individual's loyalty, character, trustworthiness, and reliability to ensure 
that he/she is eligible to access classified information, or for an appointment to a sensitive position 
or position of trust. DoD uses PSls to determine an individual's eligibility for a security clearance. 


In 2005, DoD transferred most of its PSI workload to U.S. Office of Personnel Management (OPM). 
All PSIs are conducted by the designated investigative service provider. In the case of DoD, OPM 
is the designated investigative service provider. 


The types of PSIs vary based on the level of security clearance necessary for a given sensitive 
position. The personnel security clearance process is governed primarily by EO 12968 (Access to 
Classified Information), EO 13467 (Reforming Processes Related to Suitability for Government 
Employment) and the Federal Investigative Standards. DoD Regulation 5200.2-R, "Personnel 
Security Program," outlines criteria for sensitive positions and the corresponding clearance levels. 


-- Also, any investigation required for the purpose of determining the eligibility of DoD military and 
civilian personnel, contractor employees, consultants, and other persons affiliated with the DoD, for 
access to classified information, acceptance or retention in the Armed Forces, assignment or retention in 
sensitive duties, or other designated duties requiring such investigation. PSIs include investigations of 
affiliations with subversive organizations, suitability information, or hostage situations...conducted for the 
purpose of making personnel security determinations. They also include investigations of allegations that 
arise subsequent to adjudicative action and require resolution to determine an individual's current 
eligibility for access to classified information or assignment or retention in a sensitive position. 

(AR 380-67, Personnel Security Program, 24 Jan 2014) 


Pharming. Redirecting users from legitimate websites to fraudulent ones for the purpose of extracting 
confidential data, e.g., mimicking bank websites. 
(FBI; see <http://www.fbi.gov/about-us/investigate/counterintelligence/internet-social-networking-risks-1 >) 


Phishing. Deceiving individuals into disclosing sensitive personal information through deceptive 
computer-based means. (CNSSI No. 4009, National Information Assurance Glossary, 26 April 2010) 


-- Also, usually an email that looks like it is from a legitimate organization or person, but is not and 
contains a link or file with malware. Phishing attacks typically try to snag any random victim. Spear 


phishing attacks target a specific person or organization as their intended victim. (FBI; see 
<http://www.fbi.gov/about-us/investigate/counterintelligence/internet-social-networking-risks-1>) 
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-- Also, a form of criminal activity using social engineering techniques through email or instant 
messaging. Phishers attempt to fraudulently acquire other people's personal information, such as 
passwords and credit card details, by masquerading as a trustworthy person or business in an apparently 
official electronic communication. (McAfee.com; accessed 15 Nov 2010) 


-- Also, Tricking individuals into disclosing sensitive personal information through deceptive computer- 
based means. (Words of Intelligence, 2"? Edition, 2011) 


Phreaking. Gaining unauthorized access to telecommunication systems. (FBl; see 
<http://www.fbi.gov/about-us/investigate/counterintelligence/internet-social-networking-risks-1>) 


Physical Search. Any intrusion upon a person or a person's property or possessions to obtain items of 
property or information. The term does not include examination of areas that are in plain view and visible 
to the unaided eye if no physical trespass is undertaken, and does not include examinations of 
abandoned property left in a public place. (DoD 5240.1-R, Dec 1982) Also see search. 


Types include consented physical search, plain view search, search incident to a lawful 
apprehension, and nonconsensual physical search. See USC §1821(5). 


For DoD Cl see Chapter 7, Procedure 7-Physical Searches, DoD 5240.1-R, Procedures Governing 
the Activities of DoD Intelligence Components that Affect United States Persons, 7 Dec 1982 


Physical Security. The security discipline concerned with physical measures designed to safeguard 
personnel; to prevent unauthorized access to equipment, installations, material, and documents; and to 
safeguard them against espionage, sabotage, damage, and theft. (DoDD 5200.43, Management of the 
Defense Security Enterprise, 1 Oct 2012 w/ chg 1 dated 24 Apr 2013) 


The physical protection of information, assets and personnel is fundamental to nay security system. 
-- Joint Security Commission Report, Redefining Security, 28 Feb 1994, p. 56 


-- That part of security concerned with physical measures designed to safeguard personnel; to 
prevent unauthorized access to equipment, installations, material, and documents; and to safeguard them 
against espionage, sabotage, damage, and theft. (JP 1-02 and JP 6-0, Joint Communications Systems, 
10 Jun 2010) 


-- Also, the security discipline concerned with physical measures designed to: protect personnel; 
prevent unauthorized access to facilities, equipment, material, and documents; and defend against 
espionage, terrorism, sabotage, damage, and theft. (IC Standard 700-1, 4 Apr 2008) 


Physical Security Investigation. All inquires, inspections, or surveys of the effectiveness of controls and 
procedures designed to provide physical security; and all inquires and other actions undertaken to obtain 
information pertaining to physical threats to DoD personnel or property. (JP 1-02) 


Physical Surveillance. A systematic and deliberate observation of a person by any means ona 
continuing basis, or the acquisition of a nonpublic communication by a person not a party thereto or 
visibly present thereat through any means not involving electronic surveillance. (DoD 5240.1-R, Dec 
1982) Also see surveillance. 


Surveillance, the job of following and observing designated persons without being noticed, is 
intrinsic to counterintelligence. 
-- William R. Johnson, Thwarting Enemies at Home and Abroad (2009) 


For DoD Cl see Chapter 9, Procedure 9 - Physical Surveillance, DoD 5240.1-R, Procedures 
Governing the Activities of DoD Intelligence Components that Affect United States Persons, 
7 Dec 1982 
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-- Also, physical surveillance (not requiring a court order): the deliberate observation... of persons, 
places, or events, on either a limited or continuous basis, in areas where there may or may not be a 
reasonable expectation of privacy. (FBI Domestic Investigations and Operations Guide, 15 Oct 2011) 


-- Also, physical surveillance (with a warrant or court order): a physical search constitutes any 
physical intrusion within the United States into premises or property (including examination of the interior 
of property by technical means) that is intended to result in the seizure, reproduction, inspection, or 
alteration of information, material, or property, under circumstances in which a person has a reasonable 
expectation of privacy. (FBI Domestic Investigations and Operations Guide, 15 Oct 2011, p. 18-152) 


Piracy. An illegal act of violence, depredation (e.g., plundering, robbing, or pillaging), or detention in or 
over international waters committed for private ends by the crew or passengers of a private ship or aircraft 
against another ship or aircraft or against persons or property on board such ship or aircraft. (JP 1-02) 


Pitch. [In intelligence usage] the effort made to recruit a source. (HDI Lexicon, April 2008) 


Placement. An individual's proximity to information of intelligence interest. (JP 1-02 and JP 2-01.2, 
CI & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) Also see access; 
placement & access. 


-- Also, the rationale for a HUMINT source or operational asset's presence in an operational area. 
(Defense HUMINT Enterprise Manual 3301.002, Vol Il Collection Operations, 23 Nov 2010) 


Placement and Access (P&A). An individual's proximity to and ability to collect information of intelligence 
interest. (HDI Lexicon, April 2008) Also see access. 


Plain Text. Unencrypted information. (CNSSI No. 4009, National Information Assurance Glossary, 
26 April 2010) 


Planned Target. Target that is known to exist in the operational environment, upon which actions are 
planned using deliberate targeting, creating effects which support commander's objectives. (JP 3-60, 
Joint Targeting, 13 Apr 2007) 


Planning. The ability to establish a framework to employ resources to achieve a desired outcome or 
effect. (Joint Capability Areas Taxonomy & Lexicon, 15 Jan 2008) 


-- Also, the process by which commanders (and the staff, if available) translate the commander's 
visualization into a specific course of action for preparation and execution, focusing on the expected 
results. (Army FM 3-0, Operations, Feb 2008) 


Planning and Direction. In intelligence usage, the determination of intelligence requirements, 
development of appropriate intelligence architecture, preparation of a collection plan, and issuance 
of orders and requests to information collection agencies. (JP 1-02 and JP 2-01, Joint and National 
Intelligence Support to Military Operations, 5 Jan 2012) 


Planning Order (PLANORD). A planning directive that provides essential planning guidance and directs 
the initiation of execution planning before the directing authority approves a military course of action. 

(JP 5-0, Joint Operation Planning, 11 Aug 2011) Also see execute order (EXORD). 

Plant. [In intelligence usage,] 1) to insert information into a target's intelligence channel; 2) an individual 


infiltrated into a foreign organization (a penetration); 3) a forged document provided to a foreign 
organization. (CIA in D&D Lexicon, 1 May 2002) 
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Planted Information. False or misleading information that the target has been permitted or helped to 
collect. (CIA in D&D Lexicon, 1 May 2002) 


Platform. In collection parlance, the conveyance for collection sensors. 


Plausible Denial. Official disclaimer supported by a believable cover story. (CIA in D&D Lexicon, 1 May 
2002) Also see plausible deniability. 


Plausible Deniability. The concept that allows the United States government, specifically the U.S. 
president himself, to claim no knowledge of or involvement in a covert action that goes public, particularly 
if it has gone badly. (James M. Olson, Fair Play: The Moral Dilemmas of Spying, 2006) 


Pocket Litter. The usual litter found in pockets: coins, tickets, keys, etc. In this case, pocket litter is 
planted so that if the agent is caught, incidental-looking items will reinforce his cover story. (TOP 
SECRET: The Dictionary of Espionage and Intelligence, 2005) 


Police Information. All available information concerning known and potential enemy and criminal threats 
and vulnerabilities collected during police activities, operations, and investigations. Analysis of police 
information produces police intelligence. (ATTP 3-39.20, Police Intelligence Operations, Jul 2010) 


Police Intelligence. Police intelligence results from the application of systems, technologies, and 
processes that analyze applicable data and information necessary for situational understanding and 
focusing policing activities to achieve social order. (ATTP 3-39.20, Police Intelligence Operations, 
Jul 2010) 


Political Intelligence. Intelligence concerning foreign and domestic policies of governments and the 
activities of political movements. (JP 1-02) 


Polygraph and Credibility Assessment (PCA). The overarching term covering programs, research, 
training, and procedures that employ technologies to assess an individual's truthfulness with the aid of 
technical devices that measure physiological data or behavioral activity. (DoDI 5210.91, PCA Procedures, 
12 Aug 2010 with chg 1 dated 15 Oct 2013) Also see polygraph examination. 


Polygraph Examination. A process that encompasses all activities that take place between a polygraph 
examiner and examinee during a specific series of interactions. (DoDD 5210.48, PCA Program, 25 Jan 
2007 with change 2 dated 15 Nov 2013) Also see credibility assessment; polygraph instrument. 


-- Also, a highly structure technique conducted by specialty trained Cl personnel certified by proper 
authority as polygraph examiners. (Army FM 2-22.2, CI, Oct 2009) 


Polygraph — Greek for "many writings" 


The most significant contribution of the polygraph is its success in eliciting information and its value 
as a deterrent; however, the polygraph should be one of several investigative tools. 
-- Webster Commission Report (A Review of FBI Security Programs), March 2002 (p. 68) 


The polygraph is a multichannel instrument that records changes in respiration, cardiovascular 
activity, and skin resistance in response to questions. According to polygraph theory, when a 
subject gives a false response to a relevant question..., the physiological reaction will be greater 
than the reaction to others questions (control or irrelevant questions). However, contrary to popular 
belief, there is no physiological response that is unique to deception. The reactions measured by 
the polygraph can be caused by a variety of emotions. This fact underlies much of the controversy 
surrounding the polygraph. [...] 
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Two types of polygraphs are currently used in personnel security screening the counterintelligence- 
scope( Cl-scope) polygraph and the full-scope polygraph. The Cl-scope polygraph focuses on 
espionage, sabotage, terrorism, mishandling classified information, and unauthorized contacts with 
representatives of foreign governments. [...] Screening polygraphs arguably have a deterrent 
effect. 
-- Joint Security Commission, Redefining Security: A Report to the Secretary of Defense and the Director 
Central Intelligence, 28 Feb 1994, pp.61-70 


The evidence is overwhelming that the polygraph, in the hands of a skilled examiner, is a very 
useful tool to elicit information from an applicant or an employee that might otherwise be obtained 
only after lengthy and costly investigation—or not at all. 
-- DCI's Blue Ribbon Panel on the Polygraph, C/A's Use of Polygraph in Personnel Screening, 
Redacted Copy approved for public release 29 May 2012. Copy available at: 
«http://www.nationalsecuritylaw.org/files/received/CIA/Poly Use of Polygraphy in Personnel Screening.pdf- 


For additional information, see -- 


"Your Polygraph Examination" at: 
«http://www.cdse.edu/multimedia/polygraph videos/polygraph.pdf- 


Committee to Review the Scientific Evidence on the Polygraph, The Polygraph and Lie Detector 
(Washington, DC: National Academies Press, 2003). 


Ken Alder, The Lie Detector: The History of an American Obsession (New York: Free Press, 2007) 


John F. Sullivan, Gatekeeper: Memories of a Polygraph Examiner (Washington, DC: Potomac 
Books, 2007) 


Also see the American Polygraph Association (APA) web site at «http://www.polygraph.org/» 


Polygraph Instrument. A diagnostic instrument to measure and record respiration, electrodermal, blood 
volume, and heart rate responses to verbal or visual stimuli. (DoDI 5210.91, Polygraph and Credibility 
Assessment Procedures, 12 Aug 2010 with chg 1 dated 15 Oct 2013) Also see polygraph examination. 


PORTICO. The nickname for the DoD Counterintelligence Community's enterprise information capability 
that promotes information sharing and provides standardized Cl activity reporting across the Department. 
PORTICO operates in a secure network environment and facilitates standardization of DoD Cl business 
processes by providing a common interface for shared results of core Cl functions (i.e., collection, 
investigations, analysis & production, operations, and functional services). 


Port Security. The safeguarding of vessels, harbors, ports, waterfront facilities, and cargo from internal 
threats such as destruction, loss, or injury from sabotage or other subversive acts; accidents; thefts; or 
other causes of similar nature. (JP 1-02 and JP 3-10, Joint Security Operations in Theater, 3 Feb 2010) 


Positive Intelligence. A term of convenience sometimes applied to foreign intelligence to distinguish it 
from foreign counterintelligence. (ICS Glossary, 1978) 


-- Also, information gathered concerning a foreign power that is significant to national security, foreign 
relations, economic interest, and other plans and policies of a government. (CI Community Lexicon) 


In the early 1900's military intelligence consisted of two separate fields of endeavor: positive 
intelligence and negative intelligence. Positive intelligence focused on "seeking information on our 
enemies or potential enemies" and negative intelligence focused on "preventing enemies or 
potential enemies from acquiring information of value about the United States." Following World 
War I, the term negative intelligence was replaced by counterintelligence. 

-- Source: Bruce W. Bidwell, History of the MI Division... Army General Staff: 1775 - 1941 (1986) 
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Posse Comitatus Act. Prohibits search, seizure, or arrest powers [by] US military personnel [in civilian 
law enforcement matters in the US unless authorized by legislation]. Amended in 1981 under Public Law 
97-86 to permit increased DoD support of drug interdiction and other law enforcement activities [Title 18, 
USC § 1385]. (JP 1-02) 


Posse Comitatus Act (PCA) places strict limits on the use of federal military personnel for law 
enforcement. Enacted in 1878, PCA prohibits the willful use of the US Army (and later, the US Air 
Force) to enforce laws, except as authorized by the Congress or the US Constitution. Although the 
PCA, by its terms, refers only to the Army and Air Force, DoD policy extends the prohibitions of the 
Act to the US Navy and Marine Corps, as well. 


Specifically prohibited activities include: interdiction of a vehicle, vessel, aircraft, or similar activity; 
search and/or seizure; arrest, apprehension, "stop-and-frisk" detentions, and similar activities; and 
use of military personnel for surveillance or pursuit of individuals, or as undercover agents, 
informants, investigators, or interrogators. Additionally, federal courts have recognized exceptions 
to the PCA. These common law exceptions are known as the "military purpose doctrine" and the 
"indirect assistance" exceptions. 


Exceptions and/or circumstances not falling under PCA include: 
1) Actions that are taken for the primary purpose of furthering a military or foreign affairs function 
of the United States; 
2) Federal troops acting pursuant to the President's Constitutional and statutory authority to 
respond to civil disorder; 
3) Actions taken under express statutory authority to assist officials in executing the laws, 
subject to applicable limitations; and 
4) Civil Disturbance operations authorized by statute. 


The PCA does not apply to National Guard forces operating in state active duty or Title 32 USC 
status, nor to the USCG, which operates under Title 14 USC authority. 


For an overview of the Posse Comitatus Act, see CRS Report R42659, The Posse Comitatus Act 
and Related Matters: The Use of the Military to Execute Civilian Law (16 Aug 2012), by Charles 
Doyle and Jennifer K. Elsea; copy available at: <http://www.fas.org/sgp/crs/natsec/R42659.pdf> 


Also see Craig T. Trebilcock, The Myth of Posse Comitatus, October 2000; copy available at: 
< http://www.homelandsecurity.org/journal/articles/trebilcock.htm- 


Also see DoDI 3025.21, Defense Support of Civilian Law Enforcement Agencies, 27 Feb 2013. 


Preliminary Credibility Assessment Screening System (PCASS) Instrument. A diagnostic instrument used 
during an interview capable of monitoring, recording, and/or measuring electrodermal and vasomotor 
activity. The PCASS instrument uses an algorithm to evaluate the physiological responses recorded by 
the two components. (DoDI 5210.91, PCA Procedures, 12 Aug 2010 with change 1 dated 15 Oct 2013) 


Only certified personnel may conduct PCASS examinations. Also IAW current DoD policy the 
PCASS will not be used to test U.S. persons. 


Preliminary Inquiry. An unobtrusive review of the facts and circumstances of an incident or allegation to 
determine if the preliminary information or circumstances is sufficient to warrant the initiation of an 
investigation or referral to an investigative entity. The limited objective will be determined by the policy 
of individual agencies and may include the collection of information from other agencies and/or other 
records such as travel, financial, HR, security, and badgeing [sic], etc.; which may be used to make an 
informed determination if the incident involved is part of a pattern. (ONCIX Insider Threat Detection — 
Glossary) Also see counterintelligence investigation, counterintelligence inquiry, investigation; 
preliminary counterintelligence investigation; Section 811 referral. 


Within DoD the proper term of use is Counterintelligence Inquiry or CI Inquiry; see DoDI 
O-5240.21, Counterintelligence Inquiries, 14 May 2009 with change 2 dated 15 Oct 2013. 
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Preliminary Investigation [counterintelligence related]. A limited scope inquiry into the circumstances 
surrounding a reported incident or matter of potential Cl interest to determine if there are specific facts 
giving reason to believe that a threat to national security may exist or if a full field Cl investigation is 
warranted. (AR 381-20, Army Cl Program, 25 May 2010) 


Preparation of the Environment (PE). An umbrella term for operations and activities conducted by 
selectively trained special operations forces to develop an environment for potential future special 
operations. (JP 3-05, Special Operations, 18 Apr 2011) 


President's Daily Brief (PDB). An all-source, analytic document produced for the President of the United 
States and members of his/her Cabinet and senior staff. Production is overseen by the ODNI with 
contributions from the Intelligence Community. 


Preventive Deployment. The deployment of military forces to deter violence at the interface or zone of 
potential conflict where tension is rising among parties. Forces may be employed in such a way that they 
are indistinguishable from a peace operations force in terms of equipment, force posture, and activities. 
(JP 3-07.3, Peace Operations, 17 Oct 2007) 


Prisoner of War (POW or PW). A detained person (as defined in Articles 4 and 5 of the Geneva 
Convention Relative to the Treatment of Prisoners of War of August 12, 1949) who, while engaged in 
combat under orders of his or her government, is captured by the armed forces of the enemy. (JP 1-02 
and JP 3-50. Personnel Recovery, 20 Dec 2011) 


Private Information. Data, facts, instructions, or other material intended for or restricted to a particular 
person, group, or organization. (Army Techniques Publication 2-22.9, Open-Source Intelligence, 10 Jul 
2012) 


Private Sector. An umbrella term that may be applied in the United States and in foreign countries to any 
or all of the nonpublic or commercial individuals and businesses, specified nonprofit organizations, most 
of academia and other scholastic institutions, and selected nongovernmental organizations. (JP 3-57, 
Civil Military Operations, 8 Jul 2008) 


Privacy Act. The Privacy Act of 1974 (5 U.S.C. 552a) establishes a code of fair information practices that 
governs the collection, maintenance, use, and dissemination of personally identifiable information about 
individuals that is maintained in systems of records by federal agencies. A system of records is a group of 
records under the control of an agency from which information is retrieved by an individual's name or by 
some other identifier assigned to the individual. The Privacy Act requires that agencies provide public 
notice of their systems of records through publication in the Federal Register. The Privacy Act prohibits 
the disclosure of information from a system of records absent the written consent of the individual who is 
the subject of the information search, unless the disclosure is pursuant to one of 12 statutory exceptions. 
The Privacy Act also provides individuals with a means by which to seek access to and amend their 
records and sets forth various agency record-keeping requirements. (ODNI, U.S. National Intelligence — 
An Overview 201 1) 


For DoD policy see DoD Regulation 5400.11-R, DoD Privacy Act Program. 


The Privacy Act regulates the way certain types of information may be acquired and used by the 
Federal Government and provides certain rights to individuals whose information is acquired by the 
government. 


A 240-page overview of the Act can be found at: <http://www.justice.gov/opcl/1974privacyact.pdf> 


Proactive TSCM. Cl-focused TSCM targeting using a risk-based approach with the goal of identifying and 
exploiting technical collection efforts targeting DoD interests. (DoDI 5240.05, TSCM, 3 Apr 2014) 
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Probable Cause. Would a prudent individual believe that a fact is probably true. (Congressional 
Research Memorandum, Subject: Probable Cause, Reasonable Suspicion, and Reasonableness 
Standards in the Context of the Fourth Amendment and the Foreign Intelligence Surveillance Act, 
30 Jan 2006; at <http://www.fas.org/sgp/crs/intel/m013006.pdf>) Also see reasonable belief. 


-- Also, 1) To search: A reasonable belief that a crime has been committed and that the person, 
property, or evidence sought in connection with the crime is located in the place or on the person to be 
searched; and/or 2) To apprehend: A reasonable belief that a crime has been committed and that the 
person to be apprehended committed it. (AR 190-20, Military Police Investigations, 1 Nov 2005) 


Probable Cause / Reasonable Belief 


The facts and circumstances are such that a trained and experienced reasonable person would 
hold the belief. 

* Fact Specific / Situation Dependant 

* Must be based on facts and circumstances that can be articulated 

* Can be based on experience, training and knowledge as it applies to the facts 

and circumstances 
e "Hunches" and “intuitions” don't count 
* Often requires education of non-intelligence personnel 
-- Briefing, Legal Fundamentals for Counterintelligence Professionals, 
Staff Judge Advocate, US Army Intelligence and Security Command, nd. circa 2012 


Probe. In information operations, any attempt to gather information about an automated information 
system or its on-line users. (JP 3-13, Information Operations, 13 Feb 2006) Also see information 
operations. 


-- Also, [In computer usage / information operations] a technique that attempts to access a system to 
learn something about the system. (CNSSI No. 4009, National Information Assurance Glossary, 26 April 
2010) 


Processing. A system of operations designed to convert raw data into useful information. (JP 2-0, Joint 
Intelligence, 22 Oct 2013) 


Processing and Exploitation. In intelligence usage, the conversion of collected information into forms 
suitable to the production of intelligence. (JP 1-02 and JP 2-01, Joint and National Intelligence Support to 
Military Operations, 5 Jan 2012) 


Production. The preparation of reports based on analysis of information to meet the needs of intelligence 
users (Consumer's) within and outside the Intelligence Community. (CIA, A Consumer's Guide to 
Intelligence, July 1995) Also see intelligence production. 


-- Also, conversion of information into intelligence through the integration, analysis, evaluation, and 
interpretation of data from all available sources and the preparation of intelligence products in support 
of known or anticipated user requirements. (AR 381-20, Army CI Program, 25 May 2010) 


Production results in the creation of intelligence, that is, value-added actionable information tailored 
to a specific customer. In government parlance, the term ‘finished intelligence" is reserved for 
products issued by analysts responsible for synthesizing all available sources of intelligence, 
resulting in a comprehensive assessment of an issue or situation, for use by senior analysts or 
decision makers. 

-- DIA, Intelligence Essentials for Everyone, June 1999 


Production is the development of intelligence through the analysis of collected information and 
existing intelligence. Analysts create intelligence products, conclusions, or projections regarding 
threats and relevant aspects of the operational environment to answer known or anticipated 
requirements in an effective format. 

-- ADRP 2-0, Intelligence, Aug 2012, p. 3-7 
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Production Requirement (PR). A customer's formal request for analytic support, identifying the topic or 
issue of interest, type of information or analysis required, date required, preferred format, and 
classification. (DoDI 5240.18, Cl Analysis & Production, 17 Nov 2009 with change 1 dated 15 Oct 2013) 


-- Also, an intelligence requirement that cannot be met by current analytical products resulting in 
tasking to produce a new product that can meet this intelligence requirement. (JP 2-0, Joint Intelligence, 
22 Oct 2013) 


Proliferation. The transfer of weapons of mass destruction, related materials, technology, and expertise 
from suppliers to hostile state or non-state actors. (JP 1-02 and JP 3-40, Combating WMD, 10 Jun 2009) 


Program Protection Plan (PPP). A risk-based, comprehensive, living plan to protect CPI that is 
associated with an RDA program. (DoDI 5200.39, CPI Protection within the DoD, 16 Jul 2008 with 
change 1 dated 28 Dec 2010) Also see counterintelligence support plan (CISP); critical program 
information (CPI). 


Note: DoDI 5200.39 is under revision. A proposed draft definition for PPP: a risk-based, 
comprehensive, living plan to identify and protect CPI and mission-critical functions and 
components associated with an RDA program. 


Program Protection is the integrating process for managing risks to advanced technology and 
mission-critical system functionality from foreign collection, design vulnerability or supply chain 
exploit/insertion, and battlefield loss throughout the acquisition lifecycle. 


The purpose of the PPP is to help programs ensure that they adequately protect their technology, 
components, and information. The PPP is used to develop tailored protection guidance for 
dissemination and implementation throughout the program for which it is created. The layering and 
integration of the selected protection requirements documented in a PPP provide for the integration 
and synchronization of CPI protection activities throughout DoD. 


Once a PPP is in place, it should guide program office security measures and updated as threats 
and vulnerabilities change or are better understood. Appendix B to the PPP is the 
Counterintelligence Support Plan (CISP), which should be cited/referenced here. 


See "Program Protection Plan Outline & Guidance," Version 1.0, July 2011; copy available on 
line at: < http:/Awww.acq.osd.mil/se/docs/PPP-Outline-and-Guidance-v1 -July201 1.pdf > 


Prominent Individual. Someone who is widely known and has a favorable public reputation. 
(DoDD S-5200.37, Management & Execution of Defense HUMINT, 9 Feb 2009) 


Propaganda. Any form of adversary communication, especially of a biased or misleading nature, 
designed to influence the opinions, emotions, attitudes, or behavior of any group in order to benefit the 
sponsor, either directly or indirectly. (JP 1-02 and JP 3-13.2, Psychological Operations, 7 Jan 2010) 


Proprietaries. A term used... to designate ostensibly private commercial entities capable of doing 
business which are established and controlled by intelligence services to conceal governmental affiliation 
of intelligence personnel and/or governmental sponsorship of certain activities in support of clandestine 
operations. (Senate Report 94-755, Book | — Glossary, 26 Apr 1976) 


Protection. The ability to prevent, mitigate adverse effects of attacks on personnel (combatant /non- 
combatant) and physical assets of the United States, allies, and friends. (Joint Capability Areas 
Taxonomy & Lexicon, 15 Jan 2008) 

-- Also, preservation of the effectiveness and survivability of mission-related military and nonmilitary 


personnel, equipment, facilities, information, and infrastructure deployed or located within or outside the 
boundaries of a given operational area. (JP 1-02 and JP 3-0, Joint Operations, 11 Aug 2011) 
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Protective Service Detail. Trained and armed protective security officials capable of providing continuous 
protection for a designated individual. (DoDI 2000.12, DoD AT Program, 1 Mar 2012 w/ change 1 dated 9 
Sep 2013) 


Protective Intelligence (PI). CRIMINT [criminal intelligence] used to identify, analyze, and provide leads 
for investigation into various direct and indirect threats to DoD personnel and property. It may provide 
further details about persons who may have the interest, motive, intention, and capability of mounting 
attacks against the DoD and its personnel. Additionally, it can aid DoD LEAs in gauging the potential 
threat to and vulnerability of a targeted individual or property and may be used in determining or 
preventing violence. (DoDI 5525.18, Law Enforcement Criminal Intelligence in DoD 18 Oct 2013) 


Protective Measures. Those actions, procedures, or designs implemented to safeguard protected 
information. (DSS Glossary) 


Provocation. Activity designed to induce an individual, organization, intelligence service, or governments 
to take action damaging to itself. (FBI FCI Terms) Also see dangle; double agent. 


-- Also, activity intended to cause an individual, organization, intelligence service, or government to 
take actions that can cause damage to itself. (Spy Book) 


Provocation [aka Dangle] 


"A provocation is an agent deployed by you to be recruited by an opponent and to perform his or her secret 
work under your control as a channel to and weapon against your opponent." 
-- William R. Johnson, Thwarting Enemies at Home and Abroad, Georgetown University Press (2009), p.98 


Prudent Risk. A deliberate exposure to potential injury or loss when the commander judges the outcome 
in terms of mission accomplishment as worth the cost. (ADRP 6-0, Mission Command, May 2012) 


Pseudonym. A code name assigned to an individual, place, or activity to enhance operational, 
administrative, and communication security. (AFOSI Manual 71-142, OFCO, 9 Jun 2000) 


-- Also, an assigned identity that is used to protect an individual's true identity. (CNSSI No. 4009, 
National Information Assurance Glossary, 26 April 2010) 


Psychological Operations (PSYOP). Within DoD: None -- term rescinded. See Military Information 
Support Operations (MISO). 


Term changed to MISO IAW SECDEF Memo dated 3 Dec 2010. 


Public Affairs (PA). Those public information, command information, and community relations activities 
directed toward both the external and internal publics with interest in the Department of Defense. (JP 1-02 
and JP 3-61, Public Affairs, 25 Aug 2010) 


Public Diplomacy. 1). Those overt international public information activities of the United States 
Government designed to promote United States foreign policy objectives by seeking to understand, 
inform, and influence foreign audiences and opinion makers, and by broadening the dialogue between 
American citizens and institutions and their counterparts abroad. 2). In peace building, civilian agency 
efforts to promote an understanding of the reconstruction efforts, rule of law, and civic responsibility 
through public affairs and international public diplomacy operations. Its objective is to promote and 
sustain consent for peace building both within the host nation and externally in the region and in the 
larger international community. (JP 1-02 and JP 3-07.3, Peace Operations, 17 Oct 2007) 


Public Domain. In open view; before the public at large and not in private or employing secrecy or other 
protective measures. (DSS Glossary) 
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Public Information. Within public affairs, that information of a military nature, the dissemination of which 
is consistent with security and approved for release. (JP 1-02 and JP 3-61, Public Affairs, 25 Aug 2010) 


Publicly Available Information. Information that has been published or broadcast for public consumption, 
is available on request to the public, is accessible on-line or otherwise to the public, is available to the 
public by subscription or purchase, could lawfully be seen or heard by any casual observer, is made 
available at a meeting open to the public, or is obtained by visiting any place or attending any vent that is 
open to the public. (Attorney General Guidelines for National Security Investigations and Foreign 
Intelligence Collection, 31 Oct 2003) 


--Also, data, facts, instructions, or other material published or broadcast for general public 
consumption; available on request to a member of the general public; lawfully seen or heard by any 


casual observer; or made available at a meeting open to the general public. (Army Techniques 
Publication 2-22.9, Open-Source Intelligence, 10 Jul 2012) 
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Questionable Intelligence Activity. An intelligence activity, as defined in EO 12333, that may be unlawful 
or contrary to E.O., Presidential directive, or applicable DoD policy governing that activity. (DoDD 
5148.11, ATSD/IO, 24 Apr 2013) Also see intelligence oversight. 


DoD Policy: See DoD 5240 1-R, Procedures Governing the Activities of DoD Intelligence 
Components that Affect United States Persons, 7 Dec 1982. 


Also see DTM 08-052, DoD Guidance for Reporting Questionable Intelligence Activities and 
Significant or Highly Sensitive Matters, 17 Jun 2009 with chg 4 dated 21 Aug 2013; copy at 
<http://www.dtic. mil/whs/directives/corres/pdf/DTM-08-052.pdf> 


Quit Claim. A document in which an asset acknowledges that all commitments due have been met by the 
handler’s organization. (HDI Lexicon, April 2008) 
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Rabbit. [Tradecraft jargon] The target in a surveillance operation. (Cl Centre Glossary) 


Radiogram. Coded bursts of data sent by a radio transmitter that can be picked up by a radio receiver 
that has been set to the proper frequency; as transmitted, radiograms generally sound like the 
transmission of Morse code. (FBI Affidavit, 25 June 2010) 


Radicalization. The process of acquiring and holding radical or extremist beliefs. (Congressional 
Research Service Report R42553, Countering Violent Extremism in the United States, 19 Feb 2014) 
Also see self-radicalization; violent extremism, violent radicalization. 


-- Also, the social and behavioral process whereby people adopt and embrace extremist attitudes, 
values or behaviors. It is a risk factor for involvement in terrorism, but involvement in terrorism does not 
always result from radicalization. JP1-02 does not include a definition for radicalization. (Defense Science 
Board Report, Predicting Violent Behavior, Aug 2012, citing Horgan’s The Psychology of Terrorism 2nd 
Edition, 2012) 


Radicalization Process 


The FBI model describes the radicalization process — the “way stations” — as four incremental 
stages of development: 1) Preradicalization, 2) Identification, 3) Indoctrination, and 4) Action. 
Each one is distinct, and a radicalized individual may never reach the final stage. 

See chart—The Radicalization Process—below... 


The Radicalization Process 
PRERADICALIZATION |IDENTIFICATION INDOCTRINATION j ACTION | 


Motivation/Conversion 
* Jilted believer 

* Acceptance seeker 

* Protest conversion 

* Faith reinterpretation 


Stimulus 
* Self 
* Other 


Opportunity 

* Mosque 

* Internet 

* School 

* Employment 
* Prison 

* Conferences 


Individual accepts the 
cause 


* Increased isolation 
from former life 
* Developing social 
bonds with new group 
* Forge new social 
identity 
* Domestic training 
* Overseas experience 
* Religious training 
* Language training 
* Basic paramilitary 
activities 


* Intensified group 
bonds 
* Social 
* Terrorist 

* Increased vetting 
opportunities 
* Training camp 
* Surveillance 
* Finance 


Individual convinced 
that action is required 
to support the cause. 


Individual knowingly 
engages in extremist 
activity. 


* Operational 
activities of 
Facilitation 
Recruitment 
Financing 
include: 
* Preparation 
* Planning 
* Execution 


+ 


+ 


+ 


+ 


CONVERSION/ 
REINTERPRETATION 


ACCEPTANCE 


CONVICTION 


TERRORISM 


NO ACTION 


PROPENSITY FOR 
ACTION 


READY FOR ACTION 


| IMPLEMENT ACTION | 


Source: Carol Dyer, Ryan E. McCoy, Joel Rodriguez, and Donald N. Van Duyn, "Countering Violent Islamic 
Extremism: A Community Responsibility, FB/ Law Enforcement Bulletin, Vol 76, No 12, Dec 2007* 


* Copy available at «http://www.fbi.gov/stats-services/publications/law-enforcement-bulletin/2007-pdfs/dec07leb.pdf- 
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-- Also, the process by which an individual, group, or mass of people undergoes a transformation 
from participating in the political process via legal means to the use or support of violence for political 
purposes. (Army Tactical Reference Guide, Radicalization into Violent Extremism — A Guide for Military 
Leaders, April 2011 


The growth in social media and the terrorist use of chat rooms, Facebook, Twitter, YouTube, and 
other sites has facilitated radicalization inside the United States. 
-- Seth G. Jones, The RAND Corporation, "The Extremist Threat to the U.S. Homeland," Testimony Before 


the Committee on Homeland Security United States House of Representatives, 15 January2014 
(This testimony available at «http://www.rand.org/pubs/testimonies/CT403.html») 


There is no easily identifiable terrorist-prone personality, no single path to radicalization and 
terrorism. Many people may share the same views, and only a handful of the radicals will go further 
to become terrorists. The transition from radical to terrorist is often a matter of happenstance. It 
depends on whom one meets and probably on when that meeting occurs in the arc of one's life. 

-- Brian M. Jenkins* 


* Brian Michael Jenkins, Would Be Warriors: Incidents of Jihadist Terrorist Radicalization in the United 
States Since September 11, 2001 (Santa Monica, CA: The RAND Corporation, 2010), p. 7. 


Studies by the Department of Homeland Security's Office of Intelligence and Analysis indicate that 
the radicalization dynamic varies across ideological and ethno-religious spectrums, different 
geographic regions, and socio-economic conditions. Moreover, there are many diverse "pathways" 
to radicalization and individuals and groups can radicalize or "de-radicalize" because of a variety of 
factors. 

-- U.S. Congress, Senate Committee on Homeland Security and Governmental Affairs, Written Testimony 
of Charles E. Allen, Assistant Secretary of Intelligence and Analysis and Chief Intelligence Officer, 
Department of Homeland Security, “Threat of Islamic Radicalization to the Homeland,” 110th Cong., 
1st sess., March 14, 2007, p. 5. 


Also see US Army Asymmetric Warfare Group, Tactical Reference Guide, Radicalization into 
Violent Extremism, A Guide for Military Leaders, August 201 1—copy available at: 
<http://www.wired.com/images_blogs/dangerroom/201 2/10/Radicalization-FINALO9091 1.pdf> 


Raid. An operation to temporarily seize an area in order to secure information, confuse an adversary, 
capture personnel or equipment, or to destroy a capability culminating with a planned withdrawal. 
(JP 1-02 and JP 3-0, Joint Operations, 11 Aug 2011) 


Rapport Building. Establishing a sense of connection between the interviewer and the interviewee to 
facilitate communication and information sharing. (Keats, 1993) 


Raw Data. Bits of collected data that individually convey little or no useful information and must be 
collated, aggregated, or interpreted to provide meaningful information. (ODNI, U.S. National Intelligence — 
An Overview 2011) 


Raw Intelligence. A colloquial term meaning collected intelligence information that has not yet been 
converted into finished intelligence. (ODNI, U.S. National Intelligence — An Overview 2011) 


Reachback. The process of obtaining products, services, and applications, or forces, or equipment, or 
material from organizations that are not forward deployed. (JP 1-02 and JP 3-30, Command and Control 
for Joint Air Operations, 12 Jan 2010) 


Reactive Operation. An operation initiated in response to a FIS personal contact. (AFOSI Manual 71-142, 
OFCO, 9 Jun 2000) 
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Real Time. Pertaining to the timeliness of data or information which has been delayed only by the time 
required for electronic communication. This implies that there are no noticeable delays. (Previously in 
JP 2-0, Joint Intelligence) Also see near real time. 


Reasonable Belief. A reasonable belief arises when the fact and circumstances are such that a 
reasonable person would hold the belief. Reasonable belief must rest on the facts and circumstances 
that can be articulated; “hunches” or intuitions are not sufficient. Reasonable belief can be based on 
experience, training, and knowledge in foreign intelligence or counterintelligence work applied to facts 
and circumstances at hand, so that a trained and experienced "reasonable person" might hold a 
reasonable belief sufficient to satisfy this criterion when someone unfamiliar with foreign intelligence or 
counterintelligence work might not. (DoD 5240.1-R, December 1982) Also see probable cause; 
reasonable suspicion. 


Reasonable Expectation of Privacy. In U.S. constitutional law the expectation of privacy is a legal test 
which is crucial in defining the scope of the applicability of the privacy protections of the Fourth 
Amendment to the United States Constitution. 


The extent to which a reasonable person in the particular circumstances involved is entitled to believe 
his or her actions are not subject to outside observations. Must be both objectively and subjectively 
reasonable [as well as] very fact specific. (SJA Office, USAINSCOM) 


As a general matter the Supreme Court has held that there may be circumstances in which a 
government employee has a legitimate expectation of privacy in the contents of governmental 
property that the employee uses or controls at work, such as an office or a locked desk drawer. 

See: O'Connor, 480 U.S. at 716-19 (1987) (plurality) (public employee has a reasonable expectation 
of privacy in personal items, papers, and effects in office, desk, and file cabinets provided by public 
employer); see id. at 730-31 (Scalia, J., concurring) (government employee has a legitimate 
expectation of privacy in the contents of his office). 


Instead, whether, in a particular circumstance, a government employee has a legitimate expectation 
of privacy in his use of governmental property at work is determined by "[t]he operational realities of 
the workplace" and “by virtue of actual office practices and procedures, or by legitimate regulation." 
See: O'Connor, 480 U.S. at 717 (plurality); see United States v. Simons, 206 F.3d 392, 398 (4th Cir. 
2000) ("[O]ffice practices, procedures, or regulations may reduce legitimate privacy expectations."). 


Reasonable Suspicion. Specific and articulable facts which, taken together with rational inferences from 
those facts, evince more than an inchoate and unparticularized suspicion or hunch of criminal activity. 
(United States v. Mason, 628 F.3d 123, 128 — 4" Cir. 2010 [quoting United States v. Branch, 537 F.3d 
328, 336 — 4" Cir. 2008]) 


Recognition Signal. Any prearranged signal by which individuals or units may identify each other. 
(JP 1-02 and JP 3-50. Personnel Recovery, 20 Dec 2011) 


-- Also, prearranged visual indicator used for recognition and identification between intelligence 
personnel. (AFOSI Manual 71-142, OFCO, 9 Jun 2000) 


-- Also, prearranged visual signal used by intelligence personnel to identify each other. (FBI FCI 
Terms) 


Reconnaissance (RECON). A mission undertaken to obtain, by visual observation or other detection 
methods, information about the activities and resources of an enemy or adversary, or to secure data 


concerning the meteorological, hydrographic, or geographic characteristics of a particular area. (JP 1-02 
and JP 2-0, Joint Intelligence, 22 Oct 2013) 
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Records Check. The process whereby a Special Agent obtains relevant information about Sources or 
Subjects from the records and information holdings of military, civilian or government agencies, as well as 
certain commercial companies and vendors, during the conduct of an investigation or operation. Types 
include military agency checks (MACs), local agency checks (LACs) and national agency checks (NACs). 


-- Military Agency Check (MAC): a records or files check conducted at any military agency within the 
jurisdiction of the Cl element conducting the check. 


-- Local Agency Check (LAC): a records or files check of official or publically available information 
retained by any local office or government agency within the jurisdiction of the CI element 
conducting the check. Records may include holdings and databases maintained by local and state 
law enforcement agencies, local courts, local offices of federal agencies, etc. 


-- National Agency Check (NAC): formal requests to federal agencies for searches of their records 
and supporting databases and files for information of investigative or operational interest. NACs 
include DoD agencies, as well as other federal agency holdings, e.g., FBI, CIA, DHS, ICE, IRS, 
OPM, State Department, FINCEN, etc. 


Recovery Operations. Operations conducted to search for, locate, identify, recover, and return isolated 
personnel, human remains, sensitive equipment, or items critical to national security. (JP 1-02 and 
JP 3-50, Personnel Recovery, 5 Jan 2007) 


Recruitment. The deliberate and calculating effort to gain control of an individual and to induce him or her 
to furnish information or to carry out intelligence tasks for an intelligence or Cl service. (DoDI S-5240.17, 
CI Collection Activities, 14 Mar 2014) 


-- Also, authorized personnel establishing control over an foreign individual who, witting or unwitting 
of USG involvement, accepts tasking as a result of the established relationship; authorized personnel 
establishing control over a U.S. person who, fully aware of USG involvement, accepts tasking as a result 
of the established relationship. (DoDI S-5200.42, Defense HUMINT and Related Activities (U), 8 Dec 
2009 w/ chg 1 dated 16 Aug 2010) 


-- Also, the acquisition of an individual's services who, witting or unwitting of U.S. Government 
involvement, accepts directions and control thus obligating both parties to an act in a prescribed manner. 
(HDI Lexicon, April 2008) 


-- Also, the establishment of a degree of control over an individual who, witting or unwitting of U.S. 
Government involvement accepts tasking as a result of the relationship established. (Army TC 2-22.307, 
Aug 2009) 


-- Also, the process of enlisting an individual to work for an intelligence or counterintelligence service. 
(FBI FCI Terms) 


-- Also, term for the tradecraft process of enlisting a target individual to work for an intelligence or 
security service. (The CIA Insider's Dictionary, by Leo D. Carl, 1996) 


-- Also, the tradecraft process of enlisting a target individual to work for an intelligence service—in 
most cases against his own country. The process includes spotting, assessing, developing, and 
recruitment. Motivation may be ideological, financial, or other, such as revenge. (A Spy's Journey) 


Recruitment... is a process of salesmanship, almost of seduction. 
-- SSCI Report 99-522 (1986) 
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Agent recruiting is the most important task of both strategic and operational intelligence. No real 
problems can be solved without agent penetration in basic government, military and technological 
centres of the enemy. 

-- Victor Suvorov, Inside Soviet Military Intelligence (1984); see Chapter 4 - Agent Recruiting. 


Agent recruitment is a tedious process with a low rate of success and a high rate of return. Of 
every ten agents recruited, eight will fall by the wayside because they lose their access or they tire 
of the commitment, one will be a problem—mainly of security—and one will work as a productive 
agent, perhaps for decades. 
-- Joseph W. Wippl (35 year CIA career with the National Clandestine Service), "The Qualities That 
Make a Great Case Officer," International Journal of Intelligence and Counterintelligence, Vol 25 
No 3 (Fall 2012), p. 602 


Recruitment... is an art form 
How do you do recruitment? "How do you sell anything in life? You have to have a product, you 
have to develop a relationship, and in that relationship you have to be able to identify people's 
strengths and weaknesses. And then you have to be able to ask that tough question: Will you help 
me? There is a sense of timing in it. It’s an art form, very frankly.” 
-- Jack Devine, 32-year CIA veteran in "Ten Questions," Time Magazine, Vol. 183 No. 23, 16 June 2014. p. 60 


Recruitment Cycle. The... process by which intelligence services recruit agents (aka the agent 
acquisition process). (James M. Olson, Fair Play: The Moral Dilemmas of Spying, 2006) 


“The recruitment cycle is the essence of spying” 


Seven steps of the recruitment cycle: 1) Spotting; 2) Assessing; 3) Developing; 4) Pitching; 5) Formalizing; 
6) Producing; and 7) Terminating. 


-- James M. Olson (CIA Retired), Former Chief CIA Counterintelligence 


-- Also, Agent Recruitment Cycle (ARC): the systematic method for acquiring agents HUMINT 
sources) who will satisfy intelligence collection requirements and meet intelligence needs. 


The Agent Recruitment Cycle consists of six steps: 

+ Spotting (or identifying) individuals who can meet intelligence needs as identified by analyst or 
policymakers. 

4 Assessing whether the spotted individuals have the placement and access to provide the 
desired information as well as beginning the process of determining their motivations, 
vulnerabilities, and suitability. 

+ Developing a relationship with the individual to further assess the factors above and to explore 
whether they will be responsive to initial tasking for intelligence information. 

+ The actual recruitment. 

+ Training and handling meetings with the agent, including taskings and debriefings. 

+ Either turning an agent over to another case officer or terminating the relationship. 

-- Randy Burkett, "An Alternative Framework for Agent Recruitment: From MICE to RASCALS," 
Studies in Intelligence, Vol 57, No 1 (March 2013), p. 55 


Seven basic areas: 1) Spotting; 2) Evaluation; 3) Recruiting; 4) Testing; 5) Training; 6) Handling; 
and 7) Termination. 


+ Spotting: the process of identifying foreigners or other persons who might be willing to spy... 

+ Evaluation: a thorough review of all information available... 

+ Recruiting: the recruitment "pitch"... People volunteer or agree to spy on their governments 
for many reasons. It is the task of the recruiter to determine what reason—if one exists—is 
most likely to motivate the potential agent. 

+ Testing: [testing the asset's] loyalty and reliability ... 
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+ Training: [tradecraft training] instructed in one of several methods of covert 
communications... learn the use of clandestine contacts. And... will be given training 
on security precautions, such as the detection and avoidance of surveillance. 

+ Handling: Successful handling of an agent hinges on the strength of the relationship 
that the case officer is able to establish with the agent. ....a good case officer must 
combine the qualities of a master spy, a psychiatrist, and a father confessor. ...One of the 
biggest problems in handling an agent is caused by the changeover of case officers. 

+ Termination: All clandestine operations ultimately come to an end. ...[need for] resettlement 


-- Victor Marchetti and John D. Marks, The CIA and the Cult of Intelligence, 2" Edition (1980), pp 215-228 


Agent recruitment [cycle]: 1) Spot; 2) Assess; 3) Develop & Recruit; 4) Test; 5) Train; 6) Handle; 
and 7) Terminate. 
-- Jefferson Mack, Running a Ring of Spies (1996) 


Recruitment-in-Place (RIP). An official who overtly continues to work for his government and 
clandestinely provides information of intelligence value to a foreign government; will in many instances 
be connected with a foreign government's intelligence service. (Cl Community Lexicon) Also see 
penetration; penetration operation. 


-- Also, a person who agrees to become an agent and retain his position in his organization or 
government while reporting on it to an intelligence or security organization of a foreign country. 
(ICS Glossary) 


-- Also, inducement of a person to become an informant or agent of an intelligence service while he 
or she remains in the same position and status. This term applies to personnel of foreign establishments, 
diplomatic or other, who continue to occupy their regular posts instead of defecting. (AFOSI Instruction 
71-101, 6 Jun 2000) 


-- Also, a foreign national who overtly continues to work for his government and covertly provides the 
U.S. with information of intelligence value. (FBI FCI Terms) 


Recruitment-in-place, one of the most difficult and sensitive activities in counterintelligence. 
-- William H. Webster, Director FBI, Speech on 22 March 1986 


Recruiting anybody to be a spy is an act of seduction. Recruiting hostile intelligence officers 
amounts to seducing seducers—an art in itself. 
-- Angelo Codevilla, Informing Statecraft: Intelligence for a New Century (1992), p. 337 


A recruitment who stays on the job... is the ultimate prize, the crown jewel of any 
counterintelligence operation. At great personal risk, a recruitment in place is in a position to 
provide continuous and up-to-date information. By contrast, a defector, while usually welcome, is 
of less value. Once debriefed of the information he or she knows, and with no further access to 
secrets, a defector has diminished worth. 

-- David Wise, Tiger Trap: America’s Secret Spy War with China (2011), p. 177 


It is axiomatic in intelligence work that ‘there is no better counterintelligence than recruiting the 
other side’s intelligence officers.’ 
-- James M. Olson (CIA Retired), Former Chief CIA Counterintelligence 


Reconstitution. The process of restoring critical assets and their necessary infrastructure 
support systems (or their functionality) to pre-incident operational status. (DoDI 3020.45, DCIP 
Management, 21 Apr 2008) 
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RED. In cryptographic systems, refers to information or messages that contain sensitive or classified 
information that is not encrypted. (CNSSI No. 4009, National Information Assurance Glossary, 26 April 
2010) Also see BLACK. 


RED EYE. The RED EYE Task Force, hosted by AFMC [Air Force Material Command] and sponsored 
by Region 1 [AFOSI] is a multi-agency operation consisting of nine federal law enforcement and 
intelligence agencies working together to identify, exploit, neutralize and mitigate threats of illicit 
procurement and illegal export of sensitive U.S. technology to foreign adversaries. (AFOSI 2012 

Fact Book) 


Red Team. An organizational element comprised of trained and educated members that provide an 
independent capability to fully explore alternatives in plans and operations in the context of the 
operational environment and from the perspective of adversaries and others. (JP 1-02 and JP 2-0, 
Joint Intelligence, 22 Oct 2013) Also see red team analysis. 


A "CI Red Team’ is a simulation of a foreign intelligence collection activities of a specified 
friendly/Blue target, such as a RDA project/program, installation, military operation, etc. May 
include the identification of physical, electronic, acoustic, or visual patterns of the supported 
activity/agency as may be seen through the eyes of ad adversary. 


Red Team Analysis. Models the behavior of an individual or group by trying to replicate how an 
adversary would think about an issue. (CIA, A Tradecraft Primer: Structured Analytical Techniques 
for Improving Intelligence Analysis, June 2005) Also see red team. 


Red Team analysis tries to consciously place the analyst in the same cultural, organizational, and 
personal setting -- "putting them in their shoes" -- in which the target individual or group operates. 
Red Team analysis is not easy to conduct. It requires significant time to develop a team of qualified 
experts who can think like the adversary. 


Contrarian methods and "Red Teams" should be a routine part of the analytical process. 
-- Jeffrey R, Cooper, Curing Analytical Pathologies, Center for the Study of Intelligence (Dec 2005), p. 43 


Redaction. For purposes of declassification, the removal of exempted information from copies of a 
document. (DoD Manual 5200.01-Vol 1, DoD Information Security Program, 24 Feb 2012) 


Refugee. A person who owing to a well-founded fear of being persecuted for reasons of race, religion, 
nationality, membership of a particular social group or political opinion, is outside the country of his or her 
nationality and is unable or, owing to such fear, is unwilling to avail himself or herself of the protection of 
that country. See also dislocated civilian; displaced person; evacuee; expellee; stateless person. (JP 1-02 
and JP 3-29, Foreign Humanitarian Assistance, 17 Mar 2009) 


Regional Security Officer (RSO). A security officer responsible to the chief of mission (ambassador), for 
security functions of all US embassies and consulates in a given country or group of adjacent countries. 
(JP 1-02 and JP 3-10, Joint Security Operations in Theater, 3 Feb 2010) 


-- Also, Diplomatic Security Special Agents of the U.S. Department of State (DoS), assigned to U.S. 
diplomatic missions overseas as the personal advisor to the ambassador or chief of mission on all 
security issues and coordinate all aspects of a mission's security program. They develop and implement 
effective security programs to protect DoS employees from terrorist, criminal, and technical attack both at 
work and at home. The RSO serves as the primary liaison with foreign police and security services 
overseas in an effort to obtain support for U.S. law enforcement initiatives and investigations. (DoS) 


See Department of State website at: <http:/Avww.state.gov/m/ds/protection/c8756.htm> 
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Reid Technique. A method of questioning subjects and assessing their credibility. The technique consists 
of a non-accusatory interview combining both investigative and behavior-provoking questions. If the 
investigative information indicates that the subject committed the crime in question, the Reid Nine Steps 
of Interrogation are utilized to persuade the subject to tell the truth about what they did. The Reid 
technique involves three different components — factual analysis, interviewing, and interrogation. 
(Wikipedia; accessed 21 Aug 2013) 


The term "Reid Technique" is a registered trademark of the firm John E. Reid and Associates, 
which offers training courses in the method they have devised. The technique is widely used by 
numerous law-enforcement agencies. For more information see: «http://www.reid.com/» 


Remediation. Actions taken to correct known deficiencies and weaknesses once a vulnerability has been 
identified. (DoDD 3020.40, DoD Policy and Responsibilities for Critical Infrastructure, 14 Jan 2010 w/ chg 
2 dated 21 Sep 2012) 


-- Also, the act of mitigating a vulnerability or a threat. (CNSSI No. 4009, National Information 
Assurance Glossary, 26 April 2010) 


Rendition. An extra-territorial activity to apprehend and return a person to the US or another country, with 
or without permission from the country in which the subject is apprehended. (National HUMINT Glossary) 


The term "rendition" in the counterterrorism context means nothing more than moving someone 
from one country to another, outside the formal process of extradition. 
-- Daniel Benjamin, Former Director for Counterterrorism, National Security Council 


For additional information see CRS Report (RL32890) Renditions: Constraints Imposed by Laws 
on Torture, 8 Sep 2009; copy available at: «http://www.fas.org/sgp/crs/natsec/RL32890.pdf- 


Repatriate. A person who returns to his or her country or citizenship, having left said native country either 
against his or her will, or as one of a group who left for reason of politics, religion, or other pertinent 
reasons. (JP 1-02) 


Repatriation. 1) The procedure whereby American citizens and their families are officially processed back 
into the United States subsequent to an evacuation. (JP 3-68, Noncombatant Evacuation Operations, 23 
Dec 2010); and 2) The release and return of enemy prisoners of war to their own country in accordance 
with the 1949 Geneva Convention Relative to the Treatment of Prisoners of War. (JP 1-0, Personnel 
Support to Joint Operations, 16 Oct 2006) 


Report of Investigation (ROI). An executive summary of all results of investigative activity conducted in 
an investigation. (902d MIG Investigations Handbook, updated 17 Oct 2012) . 


Reportable Incident. Any suspected or alleged violation of Department of Defense policy or of other 
related orders, policies, procedures or applicable law, for which there is credible information. (JP 1-02 
and JP 3-63, Detainee Operations, 30 May 2008) 


Request For Assistance (RFA). A request based on mission requirements and expressed in terms of 
desired outcome, formally asking for assistance. 


Request For Information (RFI). 1) Any specific time-sensitive ad hoc requirement for intelligence 
information or products to support an ongoing crisis or operation not necessarily related to standing 
requirements or scheduled intelligence production. 2) A term used by the National Security 
Agency/Central Security Service to state ad hoc signals intelligence requirements. (JP 2-0, Joint 
Intelligence, 22 Oct 2013) 
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Research, Development, and Acquisition (RDA). All activities associated with research and engineering, 
acquisition, international transfers of technology, and disposal of defense-related technology. 
(DoDI O-5240.24,CI Activities Supporting RDA, 8 Jun 2011 with change 1 dated 15 Oct 2013) 


Residency. An office or location in a country used by foreign intelligence officers from which to plan, 
coordinate, and execute intelligence activities. Also refers to the number of foreign intelligence agents 
present in a given area. (AR 381-20, Army Cl Program, 25 May 2010) 


Resilience. The ability to prepare for and adapt to changing conditions and withstand and recover rapidly 
from disruptions; includes the ability to withstand and recover from deliberate attacks, accidents, or 
naturally occurring threats or incidents. (PPD-21, 2013) 


Resiliency. The characteristic or capability to maintain functionality and structure (or degrade gracefully) 
in the face of internal and external change. (DoD! 3020.45, DCIP Management, 21 Apr 2008) 


Resistance Movement. An organized effort by some portion of the civil population of a country to resist 
the legally established government or an occupying power and to disrupt civil order and stability. 
(JP 1-02 and JP 3-05, Special Operations, 18 Apr 2011) 


Responsible Analytical Center (RAC). The Intelligence organization that has responsibility for providing 
integrated all-source analysis, or application of analysis, to produce an intelligence product to answer a 
specific COCOM Intelligence Task List (ITL) task or sub-task. DoD organizations that qualify as RACs 
include: DIA analytical offices [including DAC-1C] and Intelligence Centers, the COCOM Joint Intelligence 
Operations Centers (JIOCs), and the Service intelligence production centers (MCIA, NASIC, NGIC, and 
ONI). (CJCSM 3314.01, Intelligence Planning, 28 Feb 2007) 


Restraint. In the context of joint operation planning, a requirement placed on the command by a higher 
command that prohibits an action, this restricting freedom of action. (JP 1-02 and JP 5-0, Joint Operation 
Planning, 11 Aug 2011) 


Restricted Area. An area (land, sea or air) in which there are special restrictive measures employed to 
prevent or minimize incursions and/or interference, where special security measures are employed to 
prevent unauthorized entry. Restricted areas may be of different types depending on the nature and 
varying degree of importance of the security interest, or other matter contained therein. Restricted areas 
must be authorized by the installation/activity commander/director, properly posted, and shall employ 
physical security measures. Additionally, Controlled Areas may be established adjacent to Restricted 
Areas for verification and authentication of personnel. (DoD 5200.08-R, Physical Security Program, 

9 Apr 2007) 


-- Also, 1) An area (land, sea, or air) in which there are special restrictive measures employed to 
prevent or minimize interference between friendly forces; and 2) An area under military jurisdiction in 
which special security measures are employed to prevent unauthorized entry. (JP 1-02) 


Restricted Target. A valid target that has specific restrictions placed on actions authorized against it due 
to operational considerations. Also see restricted target list. (JP 3-60, Joint Targeting, 13 Apr 2007) 


Restricted Target List (RTL). A list of restricted targets nominated by elements of the joint force and 
approved by the joint force commander. This list also includes restricted targets directed by higher 
authorities. Also see restricted target. (JP 3-60, Joint Targeting, 13 Apr 2007) 


Returnee. A displaced person who has returned voluntarily to his or her former place of residence. 
(JP 3-29, Foreign Humanitarian Assistance, 17 Mar 2009) 


Revolution. The overthrow or renunciation of one government or ruler and the substitution of another by 
the governed. (Army FM 3-24-2, Tactics in Counterinsurgency, April 2009) 
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Risk. Probability and severity of loss linked to threats or hazards and vulnerabilities. (DoDD 3020.40, 
DoD Policy and Responsibilities for Critical Infrastructure, 14 Jan 2010 w/ chg 2 dated 21 Sep 2012) 


-- Also, probability and severity of loss linked to hazards (JP 1-02 and JP 5-0, Joint Operation 
Planning, 11 Aug 2011) 


-- Also, a measure of consequence of peril, hazard or loss, which is incurred from a capable 
aggressor or the environment (the presence of a threat and unmitigated vulnerability). (DoD 5200.08-R, 
Physical Security Program, 9 Apr 2007) 


-- Also, a measure of the potential degree to which protected information is subject to loss through 
adversary exploitation. (DoD 5205.02-M, DoD OPSEC Program Manual, 3 Nov 2008) 


-- Also, a measure of the extent to which an entity is threatened by a potential circumstance or event, 
and typically a function of 1) the adverse impacts that would arise if the circumstance or event occurs; 
and 2) the likelihood of occurrence. (CNSSI No. 4009, National Information Assurance Glossary, 26 April 
2010) 


-- Also, the potential for an unwanted outcome resulting from an incident, event, or occurrence, as 
determined by its likelihood and the associated consequences. (DHS, National Infrastructure Protection 
Plan - 2009) 


When you hear "calculated risk," don't ask to see the calculations. 


-- Dr. Gus Weiss, Former Assistant Secretary of Defense for Space Policy 
(quoted in /ntelligence Analysis: A Target-Centric Approach) 


Risk, in the context of critical infrastructure and terrorism, can be defined as the potential 
consequence associated with a particular kind of attack or event against a particular target, 
discounted by the likelihood that such an attack or event will occur (threat) and the likelihood that 
the target will sustain a certain degree of damage (vulnerability). 


Threat includes not only the identification of specific adversaries, but also their intentions and 
capabilities (both current and future). Consequences include lives and property lost, short term 
financial costs, longer term economic costs, environmental costs, etc. 


Given this definition, risk is not threat, nor vulnerability to a threat, nor the estimated consequences 
associated with a specific attack, but some integration of the three. 
-- CRS Report, RL30153, 8 Jan 2007 


Risk Avoidance. A security philosophy which postulates that adversaries are all-knowing and highly 
competent, against which risks are avoided by maximizing defenses and minimizing vulnerabilities. 
(DSS Glossary) Also see risk management. 


Risk Analysis. A method by which individual vulnerabilities are compared to perceived or actual security 
threat scenarios in order to determine the likelihood of compromise of critical information. (DSS Glossary) 


-- Also, examination of information to identify the risk to an information system. See risk assessment. 
(CNSSI No. 4009, National Information Assurance Glossary, 26 April 2010) 


Risk Assessment. A systematic examination of risk using disciplined processes, methods, and tools. A 
risk assessment provides an environment for decision makers to evaluate and prioritize risks continuously 
and to recommend strategies to remediate or mitigate those risks. (DoDD 3020.40, DoD Policy and 
Responsibilities for Critical Infrastructure, 14 Jan 2010 w/ chg 2 dated 21 Sep 2012) 


-- Also, the identification and assessment of hazards (first two steps of risk management process). 
(JP 1-02 and JP 3-07.2, Antiterrorism, 24 Nov 2010) 
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-- Also, a process of evaluating the risks to information based on susceptibility to intelligence 
collection and the anticipated severity of loss. (DoD 5205.02-M, DoD OPSEC Program Manual, 
3 Nov 2008) 


-- Also, a defined process used to fuse the procedures of analyzing threat, risks, and vulnerabilities, 
into a cohesive, actionable product. (DoD 5200.08-R, Physical Security Program, 9 Apr 2007) 


-- Also, the process of evaluating security risks based on analyses of threats, vulnerabilities, and 
probable adverse consequences to a facility, system, or operation. (IC Standard 700-1, 4 Apr 2008) 


Risk Assessment 


The process of identifying, prioritizing, and estimating risks. This includes determining the extent to 
which adverse circumstances or events could impact an enterprise. Uses the results of threat and 
vulnerability assessments to identify risk to organizational operations and evaluates those risks in 
terms of likelihood of occurrence and impacts if they occur. The product of a risk assessment is a 
list of estimated, potential impacts and unmitigated vulnerabilities. Risk assessment is part of risk 
management and is conducted throughout the Risk Management Framework (RMF). 

-- CNSSI No. 4009, National Information Assurance Glossary, 26 April 2010 


Risk Management (RM). The process of identifying, assessing, and controlling, risks arising from 
operational factors and making decisions that balance risk cost with mission benefits. (JP 1-02 and 
JP 3-0, Joint Operations, 11 Aug 2011) 


The basic concept for a cost effective security system is risk management rather than the 
unattainable and unaffordable goal of risk avoidance. 
-- Joint Security Commission II Report, 24 August 1999, p.12 


-- Also, a process by which decision makers accept, reduce, or offset risk and subsequently make 
decisions that weigh overall risk against mission benefits. (DoDD 3020.40, DoD Policy and 
Responsibilities for Critical Infrastructure, 14 Jan 2010 w/ chg 2 dated 21 Sep 2012) 


-- Also, process and resultant risk of systematically identifying, assessing and controlling risks. 
Commanders/Directors are required to identify critical assets and their subsequent protection 
requirements, including future expenditures required for the protection requirements. (DoD 5200.08-R, 
Physical Security Program, 9 Apr 2007) 


-- Also, the process of selecting and implementing security countermeasures to accept or mitigate the 
risk of a known or suspected threat to an acceptable level based on cost and effectiveness. (IC Standard 
700-1, 4 Apr 2008) 


-- Also, Antiterrorism (AT) Risk Management: the process of systematically identifying, assessing, 
and controlling risks arising from operational factors and making decisions that balance possible adverse 
outcomes with mission benefits. AT risk management is one of the five minimum elements of an AT 
program. The end products of the AT program risk management process shall be the identification of DoD 
elements and personnel that are vulnerable to the identified threat attack means. From the assessment of 
risk based upon the three critical components of AT risk management (threat assessment, criticality 
assessment, and vulnerability assessment), the commander or DoD civilian manager must determine 
which DoD elements and personnel are at greatest risk and how best to employ given resources and FP 
measures to deter, mitigate, or prepare for a terrorist incident. (DoDI 2000.12, DoD Antiterrorism 
Program, 1 Mar 2012 with change 1 dated 9 Sep 2013) 


Risk Mitigation. Prioritizing, evaluating, and implementing the appropriate risk-reducing controls/ 
countermeasures recommended from the risk management process. (CNSSI No. 4009, National 
Information Assurance Glossary, 26 April 2010) 
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Risk Response. Actions taken to remediate or mitigate risk, or to reconstitute capability in the event of 
loss or degradation. (DoDD 3020.40, DoD Policy and Responsibilities for Critical Infrastructure, 14 Jan 
2010 w/ chg 2 dated 21 Sep 2012) 


Romeo Spies. Men whose task is to seduce women who have access to confidential material, in the 
hope that through pillow talk the women will reveal secrets. (Encyclopedia of Cold War Espionage, Spies, 
and Secret Operations, 3rd revised edition 2012) 


Rolling Car Pickup. A clandestine car pickup executed so smoothly that the car hardly stops at all and 
seems to have kept moving forward. (CI Centre Glossary) Also see car pick-up. 


Rule of the Least Intrusive Means. The collection of information by a DoD intelligence component must 
be accomplished by the least intrusive means or lawful investigative technique reasonably available. 
(DIA Intelligence Law Handbook, Sep 1995) 


This rule prescribes a hierarchy of collection techniques which must be considered before an 
intelligence component engages in collection of information about US persons. The methodologies 
below become progressively more intrusive as one proceeds through this hierarchical framework: 


-- First, to the extent feasible, information must be collected from publically available materials, or 
with the consent of the person or persons concerned. 


-- Second, if collection from these sources is not feasible, then cooperating sources may be used. 


-- Third, if neither publically available information nor cooperating sources are sufficient or feasible, 
and then collection may be pursued using other lawful investigative techniques that require 
neither a judicial warrant nor the approval of the Attorney General of the United States. 


-- Finally, when none of the first three approaches has been sufficient or feasible, then the 
collecting intelligence component may seek approval for use of one of the techniques that 
require a warrant or approval of the Attorney General. 


DoD Policy: see DoD Regulation 5240.1-R, Procedures Governing the Activities of DoD 
Intelligence Components that Affect United States Persons, 7 Dec 1982 (para C2.4.2, page 18). 


Rules of Engagement (ROE). Directives issued by competent military authority that delineate the 
circumstances and limitations under which United States forces will initiate and/or continue combat 
engagement with other forces encountered. (JP 1-02 and JP 1-04, Legal Support to Military Operations, 
17 Aug 2011) 


Ruse. In military deception, a trick of war designed to deceive the adversary, usually involving the 
deliberate exposure of false information to the adversary's intelligence collection system. (JP 1-02 and 
JP 3-13.4, Military Deception, 13 Jul 2006) 
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Sabotage. An act or acts with intent to injure, interfere with, or obstruct the national defense of a country 
by willfully injuring or destroying, or attempting to injure or destroy, any national defense or war materiel, 
premises, or utilities, to include human and natural resources. (JP 1-02 and JP 2-01.2, Cl & HUMINT in 
Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 


-- Also, the willful destruction of government property with the intent to cause injury, destruction, or 
defective production of national defense or war materials by either an act of commission or omission. 
(IC Standard 700-1, 4 Apr 2008) 


Sabotage is a violation of Title 18 USC, §§ 2151-2156. 


[S]abotage is the destruction of material by covert means 
in order to destroy the capability of a country to pursue its policies. 


-- Tucker, David. Illuminating the Dark Arts of War, 
New York: Continuum International Publishing Group, 2012, p. 136 


Safe House. An innocent-appearing house or premises established by an organization for the purpose of 
conducting clandestine or covert activity in relative security. (JP 1-02 and JP 3-07.2, Antiterrorism, 24 Nov 
2010) 


-- Also, a facility use to afford security for operations. (HDI Lexicon, April 2008) 


-- Also, house or premises controlled by an intelligence service that affords at least temporary 
security for individuals engaged in intelligence operations. (Cl Community Lexicon) 


-- Also, any house, apartment, office, or other building or quarters used to afford security for persons 
engaged in clandestine activities or for intelligence collection purposes. Safe houses may be used as 
refuge for or holding of agents or defectors; lodging and feeding of couriers, escapees, or evaders; 
lodging and working space for agents; rendezvous training, briefing, or questioning; or storage of supplies 
and equipment. (National HUMINT Glossary) 


-- Also, a location controlled by an intelligence service that provides a secure place for individuals 
engaged in intelligence operations to meet. (FBI FCI Terms) 


-- Also, a secure facility, unknown to adversary intelligence and security services, used for agent 
meetings, defector housing or debriefing, and similar support functions. (CIA in D&D Lexicon, 1 May 
2002) 


-- Also, [safehouse] a secure location used by intelligence services to meet with agents or for other 
clandestine purposes. The renter or purchaser of a safehouse is usually a cutout, someone who has no 
visible connection with intelligence work or with any official organization. (James M. Olson, Fair Play: The 
Moral Dilemmas of Spying, 2006) 


-- Also, [safehouse] a sterile location, normally a house or apartment—but could be a hotel room as 
well—used to meet agents securely. (A Spy's Journey) 


Safeguarding. Measures and controls that are prescribed to protect classified information. (DoD Manual 
5200.01-Vol 1, DoD Information Security Program, 24 Feb 2012) 
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Sanction Enforcement. Operations that employ coercive measures to control the movement of certain 
types of designated items into or out of a nation or specified area. (JP 1-02 and JP 3-0, Joint Operations, 
11 Aug 2011) 


Sanitization. The editing of intelligence to protect sources, methods, capabilities, and analytical 
procedures to permit wider dissemination (IC Standard 700-1, 4 Apr 2008) 


Sanitize. To revise a report or other document in such a fashion as to prevent identification of sources, 
or of the actual persons and places with which it is concerned, or of the means by which it was acquired. 
Usually involves deletion or substitution of names and other key details. (JP 1-02) 


Sanitizing. The removal of information from the media or equipment such that data recovery using 
any known technique or analysis is prevented. Sanitizing shall include the removal of data from 

the media, as well as the removal of all classified labels, markings, and activity logs. Properly sanitized 
media may be subsequently declassified upon observing the organization's respective verification and 
review procedures. (DSS Glossary) 


Satellite Reconnaissance Advanced Notice (SATRAN) Program. Advanced warning of reconnaissance 


satellite orbits so military commanders can take appropriate action. (Center for Army Lessons Learned, 
http://usacac.army.mil/cac2/call/thesaurus/toc.asp?id=26671, accessed 4 Mar 2014) 


In response to the intelligence threat from Soviet imagery satellites, the United States initiated the 
Satellite Reconnaissance Advanced Notice (SATRAN) program... in 1966. 
-- Jeffrey T. Richelson, The US Intelligence Community (2012, Sixth Edition), pp. 270-271 


The mission of the SATRAN Program is to provide the US military, US Government agencies... 

with warning of periods where their equipment or activities are vulnerable to reconnaissance by 

foreign spacecraft. The SATRAN program provides accurate overflight information in a timely 

manner so that foreign spacecraft are denied the opportunity to collect useful intelligence data. 
-- Intellipedia (accessed 4 Mar 2014) 


SATRAN. Acronym, see Satellite Reconnaissance Advanced Notice Program above. 


Scams. [Cyber usage] Fake deals that trick people into providing money, information, or service in 
exchange for the deal. (FBI; see <http://www.fbi.gov/about-us/investigate/counterintelligence/internet- 
social-networking-risks-1>) 


Scattered Castles. The IC [Intelligence Community] security clearance repository and the Director of 
National Intelligence’s authoritative source for clearance and access information for all IC, military 
services, DoD civilians, and contractor personnel. DoD information is furnished by JPAS. (IC Standard 
700-1, 4 Apr 2008) 


Scientific and Technical Intelligence (S&TI). The product resulting from the collection, evaluation, 
analysis, and interpretation of foreign scientific and technical information that covers: a. foreign 
developments in basic and applied research and in applied engineering techniques; and b. scientific and 
technical characteristics, capabilities, and limitations of all foreign military systems, weapons, weapon 
systems, and materiel; the research and development related thereto; and the production methods 
employed for their manufacture. (JP 1-02 and JP 2-01, Joint and National Intelligence Support to Military 
Operations, 5 Jan 2012) 


Scientific Method. [One of the four basic types of reasoning applied to intelligence analysis, it] combines 


deductive and inductive reasoning: induction is used to develop the hypothesis, and deduction is used to 
test it. (DIA, /ntelligence Essentials for Everyone, June 1999) Also see abduction; deduction; induction. 


For additional information see Knowledge Management in the Intelligence Enterprise by Edward 
Waltz (2003). 


280 


Page 3797 of 3957 


Page 3798 of 3957 


Counterintelligence Glossary -- Terms & Definitions of Interest for CI Professionals (9 June 2014) 


Screening. In intelligence, [the] evaluation of an individual; or a group of individuals to determine their 
potential to answer collection requirements or to identify individuals who match a predetermined source 
profile coupled with the process of identifying and assessing the areas of knowledge, cooperation, and 
possible approach techniques for an individual who has information of intelligence value. (JP 1-02 and 
JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 201 1) 


For additional information see Chapter 6 "Screening," FM 2-22.3, Human Intelligence Collection 
Operations. 


SCRM. See Supply Chain Risk Management. 


Search. An examination, authorized by law, of a specific person, property, or area for specified property 
or evidence, or for a specific person for the purpose of seizing such property, evidence, or person. 
(AR 190-20) Also see physical search, search warrant, seizure. 


Search Warrant. An express authorization to search and seize issued by competent civilian authority. 
(AR 190-20) Also see search, seizure. 


A search warrant is a court order authorizing law enforcement to search a specified location and 
seize evidence. Under the Fourth Amendment, searches must be reasonable and specific. 


The Fourth Amendment prohibits unreasonable searches and seizures (U.S. Constitution. 
Amendment. IV). Searches and seizures are presumptively unreasonable, unless they are 
conducted pursuant to a warrant issued by a neutral magistrate upon a sworn showing of probable 
cause (Terry v. Ohio, 393 U.S. 1, 20, 1968). 


Sector-Specific Agency. Federal departments and agencies identified in Homeland Security Presidential 
Directive 7, "Critical Infrastructure Identification, Prioritization, and Protection," 7 December 2003 as 
responsible for CI/KR [critical infrastructure and/or key resource] protection activities in specified national 
CI/KR sectors. (DoDD 3020.40, DoD Policy and Responsibilities for Critical Infrastructure, 14 Jan 2010 w/ 
chg 2 dated 21 Sep 2012) 


-- Also, a Federal department or agency designated by PPD-21 with responsibility for providing 
institutional knowledge and specialized expertise as well as leading, facilitating, or supporting the security 
and resilience programs and associated activities of its designated critical infrastructure sector in the all- 
hazards environment. (PPD-21, 2013) 


PDD 21 identifies 16 critical infrastructure sectors and designates associated Federal SSAs. 
For the critical infrastructure sector "Defense Industrial Base" the Department of Defense is the 
designated SSA by PDD 21. 

Secret, Security classification that shall be applied to information, the unauthorized disclosure of which 


reasonably could be expected to cause serious damage to the national security that the original 
classification authority is able to identify or describe. (EO 13526) Also see security classification. 


SECRET Internet Protocol Router Network (SIPRNet). The worldwide SECRET .-level packet switch 


network that uses high-speed internet protocol routers and high-capacity Defense Information Systems 
Network circuitry. (JP 1-02 and JP 6-0, Joint Communications, 10 Jun 2010) 


Secret Writing (SW). Invisible writing. (FBI FCI Terms) 


-- Also, any tradecraft technique employing invisible messages hidden in or on innocuous materials. 
This includes invisible inks and microdots, among many other variations. (CI Centre Glossary) 
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-- Also, tradecraft term that describes the act of using special inks or special carbons papers 
(impregnated with chemicals) to write messages clandestinely. The utilization of special inks is known 
as the “wet system." The utilization of special carbon papers is known as the “dry system.” (Encyclopedia 
of the CIA, 2003] 


The simplest secret writing uses organic inks: milk, vinegar, lemon juice, even urine. These inks 
dry invisibly and can be developed by applying heat. Espionage agencies have produced many 
inks made of chemicals that could be developed only by a specific chemical. 

-- Spy Book 


The chief difficulty with secret inks was their inability to handle great volume of information that 
spies had to transmit in a modern war. 


-- David Kahn, The Codebreakers (1967) 


The techniques of secret writing are the same the world over. First the spy writes his cover letter. 
Then he writes the secret message on top, using a special sheet of carbon paper treated with a 
colorless chemical. Tiny particles of the chemical; are transferred to the letter, which can then be 
developed by the recipient. Most developing agents make the chemical traces grow, so that the 
message becomes legible, and unless the correct agent is known, the message remains 
undetectable. 

-- Peter Wright, Spy Catcher (1987), p.119 


For an explanation of secret inks, see Robert Wallace and H. Keith Melton, Spycraft: The Secret 
History of the CIA's Spytechs from Communism to Al-Qaeda (2008), pp. 427-437. 


Section 603 Referral. Section 603 of the "Intelligence Authorization Act for FY 1990" states: "Subject to 
the authority of the Attorney General, the FBI shall supervise the conduct of all investigations of violations 
of the espionage laws of the United States by persons employed by or assigned to United States 
diplomatic missions abroad. All departments and agencies shall report immediately to the FBI any 
information concerning such a violation. All departments and agencies shall provide appropriate 
assistance to the FBI in the conduct of such investigations. Nothing in this provision shall be construed 
as establishing a defense to any criminal, civil, or administrative action." (Public Law 101-193, 30 Nov 
1989) Also see Section 811 Heferral. 


See <http://www.intelligence.senate.gov/laws/pl101-193.pdf> 


Section 811 Referral. Section 811 of the Intelligence Authorization Act of 1995 (50 USC 4022) is the 
legislative act that governs the coordination of counterespionage investigations between Executive 
Branch agencies and departments and the FBI. Section 811 referrals are the reports — made by the 
Executive Branch agencies or departments to the FBI under Section 811(c)(1)(a) — that advise the FBI 
of any information, regardless of origin, which may indicate that classified information is being, or may 
have been, disclosed in an unauthorized manner to a foreign power or agent of a foreign power. 

(Cl Community Lexicon) 


Section 811 was enacted in response to the damage to US national security caused by the Aldrich 
Ames espionage case. The Ames case led to a legislative call for agencies to share data in 
counterespionage investigations and for the FBI to be involved earlier in the process of evaluating 
information concerning the possible compromise of classified information. 


Within DoD, all 811 Referrals are considered "significant CI activities" and as such must also be 
reported to DIA Office of Counterintelligence - Counterespionage Division (OCI-2) 


See <http://www.intelligence.senate.gov/laws/pl103-359.pdf> 
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"811" referrals... allow our operational counterintelligence sections to concentrate solely on 
detecting and countering foreign intelligence operations, focus on emerging strategic threats, 
and protecting United States secrets from compromise. 


-- Robert S. Muller, Ill, Director FBI 
Before the Senate Committee on the Judiciary (6 June 2002) 


Security. Proactive measures adopted to safeguard personnel, information, operations, resources, 
technologies, facilities, and foreign relations against harm, loss, or hostile acts and influences. (DoDD 
5200.43, Management of the Defense Security Enterprise, 1 Oct 2012 w/ chg 1 dated 24 Apr 2013) 
Also see operational security (OPSEC); security disciplines; security profession, security professional. 


DoD Policy 


Security is a mission critical function of the DoD and its proper execution has a direct impact on all 
DoD missions and capabilities and on the national defense. 
Security is the personal responsibility of all DoD personnel... 

-- DoD 5200.43, Management of the Defense Security Enterprise, 1 Oct 2012 


-- Also, 1) Measures taken by a military unit, activity, or installation to protect itself against all acts 
designed to, or which may, impair its effectiveness. 2) A condition that results from the establishment 
and maintenance of protective measures that ensure a state of inviolability from hostile acts or influences. 
3) With respect to classified matter, the condition that prevents unauthorized persons from having access 
to official information that is safeguarded in the interests of national security. (JP 1-02; JP 2-0, Joint 
Intelligence, 22 Oct 2013; and JP 3-10, Joint Security Operations in Theater, 3 Feb 2010) 


-- Also, the protection of information to assure it is not accidentally or intentionally disclosed to 
unauthorized personnel. (DSS Glossary) 


Security is not counterintelligence — counterintelligence is not security. 


“People like to confuse counterintelligence (Cl) with security. In practice, the two are related 
but not identical." 


-- William R. Johnson, Thwarting Enemies at Home and Abroad (2009) 


“...[CJounterintelligence measures deal directly with foreign intelligence service activities, while 
security programs are indirect defensive actions that minimize vulnerabilities." 
-- SSCI Report 99-522 (1986) 


"Counterintelligence investigates the enemy, or if you will in the modern world, the opposition, to 
learn their capabilities, intentions, methods and focus. It is not security work. Security protects. 
It does not attack. [Emphasis added] CI attacks the actor. It attacks the opposition intelligence 
structures. It is not speculative. Cl feeds security because it helps them focus on meaningful 
measures and safeguards. Using CI to help security is just smart security.” 
-- Robert P Hanssen (Soviet Spy, Former FBI Agent and current Federal inmate) as quoted in 
"Diary of a Spy" by Paul M. Rodriquez, Insight on the News, 16 July 2001. 


Security vs. Counterespionage -- "[T]he security effort seeks primarily to protect its assigned 
material against compromise, deliberate or accidental, while the counter-espionage effort 
operates actively to identify, thwart. mislead, and destroy an opposing espionage capability." 


-- George P. Morse, America Twice Betrayed: Reversing Fifty Years of Government 
Security Failure (1995), p. 50 
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"Counterintelligence... is often confused with security—that is, merely with protecting secrets 

and protecting against subversion. Yet whereas the objective of security is to cut and prevent 

all contacts between hostiles and those who are to be protected the objective of Cl is to engage 
hostile intelligence, control what it knows, and if possible control what it does. In principle, neither 
security people nor CI people deny the validity of the others approach, but CI people think of 
security as flatfooted cops, and the latter think of the former as game-playing spooks." 


-- Angelo Codevilla, Informing Statecraft: Intelligence for a New Century (1992), p. 26 


"Security is a dimension of clandestinity in espionage, counterespionage, counterintelligence, 
adultery, and poker. It is to these activities what style is to a writer, an athlete, or a musician, 
but it is not itself a work, a game, or a performance. lts purpose is prophylactic: it excludes 
toxic and infectious organisms and conserves vital fluids." 
-- William R. Johnson, "Clandestinity and Current Intelligence." Studies in Intelligence, vol 20, no. 3, 
(Fall 1976), pp. 15-69. Originally classified "Secret / No Foreign Dissem" [declassified]. 


“Cl and security shall be regarded as interdependent and mutually supportive disciplines with 
shared objectives and responsibilities associated with the protection of secrets and assets." 


"Security programs establish appropriate personnel, physical, information, operations, industrial 
and technical security, safeguards, and countermeasures to protect information and information 
systems, personnel, operations, resources, technologies, and facilities from threats." 

-- ICD 700, Protection of National Intelligence, 7 Jun 2012 


the degree of protection against 
danger, damage, loss, and crime. 


PERSONNEL PHYSICAL 
SECURITY SECURITY 


UNCLASSIFIED 


SECURIY 


INDUSTRIAL OPERATIONS 
SECURITY EO 12968 DoD 5200.08-R SECURITY 
DoD 5200.2-R DoDI 5200.08 


EO 12829 
DoD 5220.22-R 
NISPOM 

EO 13526 


DoDI 5200.01 
DoD Manual 5200.1 
Volumes 1-4 


DoDD 5205.02 
DoD 5220.2-M 


COMMUNICATION 
SECURITY 


INFORMATION 
SECURITY 


DoDI 8523.01 


Security Programs are the indirect defensive 
actions that minimize vulnerability 
-- Senate Select Committee on Intelligence Report 99-522 (1986) 


9 June 2012 


“Security is a vital element of the operational effectiveness of the national security activities of the 
government and of military combat readiness.” 
-- President Ronald Reagan, NSDD-145, 17 Sep 1984 
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General functions and responsibilities performed by security professionals, including 
communications security, counterintelligence awareness, security systems, international programs, 
operations security, research and technology protection, sensitive compartmented information 
security, special access program security, and security program policy. 

-- DoDI 3305.13, DoD Security Education, Training, and Certification, 13 Feb 2014 


Security--Four Basic Principles 


According to the Joint Security Commission, security is a dynamic and flexible system guided by 
four basic principles: 


1) Security policies and services must be realistically matched to the threats we face. The 
processes we use to formulate policies and deliver services must be sufficiently flexible to facilitate 
their evolution as the threat changes. 

2) Security policies and practices must be consistent and coherent across the Defense and 
Intelligence Communities, thereby reducing inefficiencies and enabling us to allocate scare 
resources efficiently. 


3) Security standards and procedures must result in the fair and equitable treatment of the 
members of our communities upon whom we rely to guard the nation's security. 


4) Security policies, practices, and procedures must provide the security we need at a price we can 
afford. 


-- Joint Security Commission, Redefining Security: A Report to the Secretary of Defense and 
the Director Central Intelligence, 28 Feb 1994, p. 3 


Security is a highly decentralized government function. [...] Effectively addressing security 
generates costs that must be balanced against risk and threats. Security, as a discipline, has 
historically been dominated by "police" type management, processes, and enforcement 
approaches. Although the police function is still required, today's security vulnerabilities are 
increasingly technical in nature and related to information technology systems, software, and 
hardware. 

-- WMD Report (31 March 2005), p. 545 


Security Classification. A category to which national security information and material is assigned to 
denote the degree of damage that unauthorized disclosure would cause to national defense or foreign 
relations of the United States and to denote the degree of protection required. (JP 1-02) 


There are three categories of security classification: 


1) Top Secret--National security information or material that requires the highest degree of 
protection and the unauthorized disclosure of which could reasonably be expected to cause 
exceptionally grave damage to the national security. Examples of "exceptionally grave damage" 
include armed hostilities against the United States or its allies; disruption of foreign relations vitally 
affecting the national security; the compromise of vital national defense plans or complex 
cryptologic and communications intelligence systems; the revelation of sensitive intelligence 
operations; and the disclosure of scientific or technological developments vital to national security. 


2) Secret- National security information or material that requires a substantial degree of protection 
and the unauthorized disclosure of which could reasonably be expected to cause serious damage 
to the national security. Examples of "serious damage" include disruption of foreign relations 
significantly affecting the national security; significant impairment of a program or policy directly 
related to the national security; revelation of significant military plans or intelligence operations; 
and compromise of significant scientific or technological developments relating to national security. 


3) Confidential--National security information or material that requires protection and the 
unauthorized disclosure of which could reasonably be expected to cause damage to the national 
security. 


For additional information see website at: <http://www.archives.gov/isoo/policy-documents/> 
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Security Classification Guide (SCG). A documentary form of classification guidance issued by an OCA 
[original classification authority] that identifies the elements of information regarding a specific subject 
that must be classified and establishes the level and duration of classification for each such element. 
(DoD Manual 5200.01-Vol 1, DoD Information Security Program, 24 Feb 2012) 


Security Clearance. An administrative determination by competent authority that an individual is eligible, 
from a security stand-point, for access to classified information. (JP 1-02) 


Within DoD, a security clearance is a determination that a person is eligible under DoD policy for 
access to classified information. Clearances allow personnel to access classified information 
categorized into three levels: top secret, secret, and confidential. The damage to national defense 
and foreign relations that unauthorized disclosure could reasonably be expected to cause ranges 
from “exceptionally grave damage" for top secret information to “damage” for confidential 
information. 


The security clearance process is designed to determine the trustworthiness of an individual prior to 
granting him or her access to classified national security information. The process has evolved 
since the early 1950s, with antecedents dating to World War Il. 


A security clearance is a determination that an individual—whether a direct federal employee or a 
private contractor performing work for the government—is eligible for access to classified national 
security information. 


A security clearance alone does not grant an individual access to specific classified materials. 
Rather, a security clearance means that an individual is eligible for access. In order to gain access 
to specific classified materials, an individual should also have a demonstrated "need to know" the 
classified information for his or her position and policy area responsibilities. In addition, prior to 
accessing classified information, an individual must sign an appropriate nondisclosure agreement. 
-- CRS Report R43216, Security Clearance Process: Answers to Frequently Asked Questions, 9 Sep 2013 * 
* Copy available at: <http://www.fas.org/sgp/crs/secrecy/R43216.pdf> 


Security Clearance Investigation. An inquiry into an individual's loyalty, character, trustworthiness and 
reliability to ensure that he or she is eligible for access to national security information. (ONCIX, 
<http://www.ncix.gov/SEA/reform/secvssuit.php>; accessed 18 Sep 2012) Also see suitability 
investigation. 


“The Director of National Intelligence shall serve as the Security Executive Agent. As the Security 
Executive Agent the Director of National Intelligence shall direct the oversight of investigations and 
determinations of eligibility for access to classified information or eligibility to hold a sensitive 
position made by any agency; shall be responsible for developing uniform and consistent policies 
and procedures to ensure the effective, efficient, and timely completion of investigations and 
adjudications relating to determinations of eligibility for access to classified information or eligibility 
to hold a sensitive position." 


— EO 13467, Reforming Processes Related to Suitability for Government Employment, Fitness for 
Contractor Employees, and Eligibility for Access to Classified National Security Information, 2 Jul 2008 


Security Compromise. The disclosure of classified information to persons not authorized access thereto. 
(DSS Glossary) 


Security Countermeasures (SCM). Actions, devices, procedures, and/or techniques to reduce security 
risks. (IC Standard 700-1, 4 Apr 2008) 


-- Also, those protective activities required to prevent espionage, sabotage, theft, or unauthorized 
use of classified or controlled information, systems, or material of the Department of Defense. (JP 1-02; 
and in previous edition JP 2-01.2, dated 13 Jun 2006) 


Security Detainee. Those detainees who are not combatants, but who may be under investigation or 
pose a threat to US forces if released. (Army FM 2-22.3, HUMINT Collector Operations, Sep 2006) 
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Security Disciplines. Core functions and responsibilities performed by security professionals with a 
concentration in personnel, physical, information, and industrial security. (DoDI 3305.13, DoD Security 
Education, Training, and Certification, 13 Feb 2014) Also see security; security professional. 


Security Environment Threat List. A list of countries with United States Diplomatic Missions that is 
compiled by the Department of State and updated semi-annually. The listed countries are evaluated 
based on: transnational terrorism; political violence; human intelligence; technical threats; and criminal 
threats [and rated via] four threat levels: Critical, High, Medium and Low. (DSS Glossary) 


Four Threat Levels: 


Critical — defined as a definite threat to United States assets based on adversary's capability, 
intent to attack, and targeting conducted on a recurring basis; 


High — defined as a credible threat to United States assets based on knowledge of an adversary's 
capability, intent to attack, and related incidents at similar facilities; 


Medium — defined as a potential threat to United States assets based on knowledge of an 
adversary's desire to compromise the assets and the possibility that the adversary could obtain 
the capability to attack through a third party who has demonstrated such a capability; and 
Low — defined as little as no threat as a result of the absence of credible evidence of capability, 
intent, or history of actual or planned attack against United States assets. 


Security Executive Agent (SecEA). The Director of National Intelligence shall serve as the Security 
Executive Agent. (EO 13467, 30 Jun 2008) 


For additional information see Security Executive Agent Directive 1 "Security Executive Agent 
Authorities and Responsibilities," 13 Mar 2012. 


Copy at: «http:;//www.ncix.gov/SEA/docs/2012-03-13 SEAD-1 Directive.pdf» 
Security Incident. A security compromise, infraction, or violation. (DSS Glossary) 


Security In-Depth. A concept of security calling for layered and complementary controls sufficient to 
detect and deter infiltration and exploitation of an organization, its information systems and facilities. 
(IC Standard 700-1, 4 Apr 2008) 


-- Also, a combination of layered and complementary security controls sufficient to deter, detect, and 
document unauthorized entry and movement within the installation and/or facility and the ability to delay 
and respond with force. Examples include the use of perimeter fences, employee and visitor entry and/or 
exit controls, sensors and intrusion detection systems, closed circuit video monitoring, security patrols 
during working and non-working hours, or other safeguards that mitigate vulnerabilities. (DTM 09-012, 

8 Dec 20089, w/ chg 2 dated 9 Sep 2012) 


-- Also, an array of security measures which, considered as a whole, provide a level of security 
greater that that by any one measure individually. Includes identification checks, perimeter fences, police 
patrols, motion detectors, and other security measures. (DoD Manual S-5240.09, OFCO Procedures and 
Security Classification Guide, 13 Jan 2011 w/ change 1 dated 16 Oct 2012) 


Security Infraction. A security incident that is not in the best interest of security and does not involve the 
loss, compromise, or suspected compromise of classified information. (DSS Glossary) 


Security Measures: [Actions] taken by the government and intelligence departments and agencies, 
among others, for protection from espionage, observation, sabotage, annoyance, or surprise. With 
respect to classified materials, it is the condition which prevents unauthorized persons from having 
access to official information which is safeguarded in the interests of national defense. (Senate Report 
94-755, Book I — Glossary, 26 Apr 1976) 
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Security Profession. An occupation dedicated to the protection of people, facilities, information, 
operations, and activities. (DoDI 3305.13, DoD Security Education, Training, and Certification, 13 Feb 
2014) Also see security; security disciplines; security professional. 


Security Professional. An individual who is educated, trained, and experienced in one or more security 
disciplines and provides advice and expertise to senior officials on the effective and efficient 
implementation, operation, and administration of the organization's security programs. (DoDI 3305.13, 
DoD Security Education, Training, and Certification, 13 Feb 2014) Also see security; security profession. 


Security Service. Entity or component of a foreign government charged with responsibility for 
counterespionage or internal security functions. (JP 1-02 and JP 2-01.2, CI & HUMINT in Joint 
Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011; and CI Community Lexicon) 


Sedition. Willfully advocating or teaching the duty or necessity of overthrowing the US government or any 
political subdivision by force or violence. (JP 1-02; also in previous edition JP 2-01.2, dated 13 Jun 2006) 


Sedition and criminal subversion of military forces are violations of Title 18 USC, 88 2384-2390 and 
is a punishable offense under UCMJ Article 94. It is a term of law which refers to overt conduct that 
is deemed by the legal authority as tending toward insurrection against the established order. It is 
the crime of creating a revolt, disturbance, or violence against lawful civil authority with the intent to 
cause its overthrow or destruction. Sedition often includes subversion of a constitution and 
incitement of discontent (or resistance) to lawful authority. A seditionist is one who engages in or 
promotes the interests of sedition. 


The difference between sedition and treason consists primarily in the subjective ultimate object of 
the violation to the public peace. Sedition does not consist of levying war against a government nor 
of adhering to its enemies, giving enemies aid, and giving enemies comfort. Nor does it consist, in 
most representative democracies, of peaceful protest against a government, nor of attempting to 
change the government by democratic means (such as direct democracy or constitutional 
convention). 


Sedition is the stirring up of rebellion against the government in power. Treason is the violation of 
allegiance to one's sovereign or state, giving aid to enemies, or levying war against one's state. 
Sedition is encouraging one's fellow citizens to rebel against their state, whereas treason is actually 
betraying one's country by aiding and abetting another state. 


Seizure. The taking or dispossession of property from the possessor by an authorized person or 
the restriction of the freedom of movement of an individual against his or her will by an agent of the 
Government. (AR 190-20) Also see search. 


Self-radicalization. Significant steps an individual takes in advocating or adopting an extremist belief 
system for the purpose of facilitating ideologically-based violence to advance political, religious, or social 
change. The self-radicalized individual has not been recruited by and has no direct, personal influence or 
tasking from other violent extremists. The self-radicalized individual may seek out direct or indirect 
(through the Internet for example) contact with other violent extremists for moral support and to enhance 
his or her extremist beliefs. (DoDD 5240.06, CIAR, 17 May 2011 with change 1 dated 30 May 2013) Also 
see radicalization; violent radicalization. 


-- Also, the process whereby people seek out opportunities for involvement in terrorist activity absent 
a formal involvement in a terrorist group and/or recruitment by others. (DSB Report, Predicting Violent 
Behavior, Aug 2012, citing Horgan's The Psychology of Terrorism 2nd Edition, 2012) 

-- Also, self radicalization: a phenomenon in which individuals become terrorists without joining an 


established radical group, although they may be influenced by its ideology and message. (DSB Report, 
Predicting Violent Behavior, Aug 2012) 
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Senate Select Committee on Intelligence (SSCI). Created pursuant to Senate Res. 400, 94th Congress: 


to oversee and make continuing studies of the intelligence activities and programs of the United States 
Government, and to submit to the Senate appropriate proposals for legislation and report to the Senate 
concerning such intelligence activities and programs. Provides legislative oversight over US intelligence 
activities to assure that such activities are in conformity with the Constitution and laws of the United 
States. (www.intelligence.senate.gov) 


The 1980 Intelligence Oversight Act charged the SSCI and the House Permanent Select 
Committee on Intelligence (HPSCI) with authorizing the programs of US intelligence agencies 
and overseeing their activities. 


Itis IC policy that IC elements shall, in a timely manner, keep the Congressional intelligence 
committees fully informed, in writing, of all significant anticipated intelligence activities, significant 
intelligence failures, significant intelligence activities, and illegal activities. 

-- ICD 112, Congressional Notification, 16 Nov 2011 


See an interested article entitled "Congressional Oversight of Intelligence: One Perspective," by 
Mary Sturtevant, Senate Committee Staff, in American Intelligence Journal, Summer 1992; copy 
available on line at: «http:;//www.fas.org/irp/eprint/sturtevant.html- 


Senior Defense Official / Defense Attaché (SDO/DATT). Principal DoD official in a U.S. embassy, as 
designated by the Secretary of Defense. (DoDD 5105.75, DoD Operations at Defense Embassies, 
21 Dec 2007) Also see Defense Attaché Office. 


The SDO/DATT is the Chief of Mission's (COM's) principal military advisor on defense and national 
security issues, the senior diplomatically accredited DoD military officer assigned to a US 
diplomatic mission, and the single point of contact for all DoD matters involving the embassy or 
DoD elements assigned to or working from the embassy. 


All DoD elements assigned or attached to or operating from U.S. embassies are aligned under the 
coordinating authority of the SDO/DATT. See DoD Directive 5105.75, DoD Operations at U.S. 
Embassies. 


Sensitive. Requiring special protection from disclosure that could cause embarrassment, compromise, or 
threat to the security of the sponsoring power. May be applied to an agency, installation, person, position, 
document, material, or activity. (JP 1-02 and JP 2-01, Joint and National Intelligence Support to Military 
Operations, 5 Jan 2012) 


Sensitive Activities [within DoD]. Operations, actions, activities, or programs that are generally handled 
through special access, compartmented, or other sensitive control mechanisms because of the nature of 
the target, the area of operation, or other designated aspects. Sensitive activities also include operations, 
actions, activities, or programs conducted by any DoD Component that, if compromised, could have 
enduring adverse effects on U.S. foreign policy, DoD activities, or military operations; or cause significant 
embarrassment to the United States, its allies, or the DoD. (DoDI O-5100.94, Oversight, Coordination, 
Assessment, and Reporting of DoD Intelligence and Intelligence-Related Sensitive Activities, 27 Sep 
2011 w/ change 1 dated 15 Oct 2013) 


Sensitive Compartmented Information (SCI). All information and materials bearing special community 
controls indicating restricted handling within present and future community intelligence collection 
programs and their end products for which community systems of compartmentation have been or will be 
formally established. (JP 1-02 and JP 2-01, Joint and National Intelligence Support to Military Operations, 
5 Jan 2012) 


-- Also, classified information concerning or derived from intelligence sources, methods, or analytical 
processes requiring handling exclusively within formal access control systems established by the DNI. 
(National Intelligence: A Consumer's Guide — 2009). 
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-- Also, classified national intelligence information concerning or derived from intelligence sources, 
methods, or analytical processes that is required to be handled within formal access control systems 
established by the DNI. (DoDI 5200.01, DoD Information Security Program and Protection of Sensitive 
Compartmented Information, 9 Oct 2008 w/ chg 1) 


Sensitive Compartmented Information Facility (SCIF). An accredited area, room, group of rooms, or 
installation where sensitive compartmented information (SCI) may be stored, used, discussed, and/or 
electronically processed. SCIF procedural and physical measures prevent the free access of persons 
unless they have been formally indoctrinated for the particular SCI authorized for use or storage within 
the SCIF. (JP 1-02 and JP 2-01, Joint and National Intelligence Support to Military Operations, 5 Jan 
2012) 


-- Also, a subset of CNI [Classified National Intelligence] concerning or derived from intelligence 
sources, methods or analytical processes that is required to be protected within formal access control 
systems established by the DNI [Director of National Intelligence]. (ICD 703, Protection of Classified 
National Intelligence, Including Sensitive Compartmented Information, 21 Jun 2013) 


-- Also, an accredited area where Sensitive Compartmented Information may be stored, used, 
discussed, and/or processed. Only those Intelligence Community Agencies with SCIF Accreditation 
Authority may officially accredit facilities to handle, process, and store SCI materials. (National 
Intelligence: A Consumer's Guide - 2009). 


For additional information on SCIFs see Physical and Technical Security Standards for Sensitive 
Compartmented Information Facilities, C. Standard Number 705-1, 17 Sep 2010, and Standards 
for the Accreditation and Reciprocal Use of Sensitive Compartmented Information, IC Standard 
Number 705-2, 17 Sep 2010. 


Sensitive Information. Information that the loss, misuse, unauthorized access, or modification could 
adversely affect the national interest, the conduct of Federal programs, or the privacy to which individuals 
are entitled under section 552a of Title 5, United States Code, but that has not been specifically 
authorized under criteria established by an Executive order or an Act of Congress to be kept secret in 

the interest of National defense or foreign policy. (DoD 5205.02-M, DoD OPSEC Program Manual, 3 Nov 
2008) 


Sensitive Site. A geographically limited area that contains, but is not limited to, adversary information 
Systems, war crimes sites, critical government facilities, and areas suspected of containing high value 
targets. (JP 1-02 and JP 3-31, Command and Control for Joint Land Operations, 29 Jun 2010) 


-- Also, a designated, geographically limited area with special diplomatic, informational, military, and 
economic sensitivity for the United States. This includes factories with technical data on enemy weapon 
Systems, war crimes sites, critical hostile government facilities, areas suspected of containing persons of 
high rank in a hostile government or organization, terrorist money-laundering areas, and document 
storage areas for secret police forces. (Army FM 2-0, Intelligence, 23 Mar 2010) 


Sensitive Site Exploitation (SSE). Within DoD, term rescinded. See site exploitation. 


This term was previously defined in JP 1-02 as: a related series of activities inside a captured 
sensitive site to exploit personnel documents, electronic data, and material captured at the site, 
while neutralizing any threat posed by the site or its contents. 


Note: Army Tactics, Techniques and Procedures (ATTP) 3-90.15 [FM 3-90.15] (8 Jul 2010) also 
rescinded "sensitive site exploitation" as a doctrinal term. 


Sensitive Sources and Methods. A collective term for those persons, organizations, things, conditions, 
or events that provide intelligence information and those means used in the collection, processing, and 
production of such information which, if compromised, would be vulnerable to counteraction that could 
reasonably be expected to reduce their ability to support US intelligence activities. (ICS Glossary) 
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Sensemaking. A set of philosophical assumptions, substantive propositions, methodological framings, 
and methods. (Sensemaking: A Structure for an Intelligence Revolution by David T. Moore) Also see 
sensemaking. Also see intelligence sensemaking. 


Sensemaking goes beyond analysis, a disaggregative process, and also beyond synthesis, which 
meaningfully integrates factors relevant to an issue. It includes an interpretation of the results of 
that analysis and synthesis. It is sometimes referred to as an approach to creating situational 
awareness "in situations of uncertainty." 


Copy of Sensemaking: A Structure for an Intelligence Revolution by David T. Moore available at 
<http://ni-u.edu/ni_press/pdf/Sensemaking.pdf> 


Serials. Individual items of evidence in a counterintelligence case are known as serials. They may not 
necessarily reach a standard required for a criminal prosecution but the objective is not necessarily to 
achieve a public trial and conviction, but to develop an investigation to the point where some advantage 
can be achieved. While serials may include entirely circumstantial evidence, unsubstantiated allegations, 
and coincidence, until verified or dismissed through inquiry and research, they remain valid and may stay 
in a dossier for decades. (Historical Dictionary of Cold War Counterintelligence, 2007) 


Shape. The ability to conduct activities to affect the perceptions, will, behavior, and capabilities of 
partner, competitor, or adversary leaders, military forces, and relevant populations to further U.S. national 
security or shared global security interests. (Joint Capability Areas Taxonomy & Lexicon, 15 Jan 2008) 


Shielded Enclosure. Room or container designed to attenuate electromagnetic radiation, acoustic 
signals, or emanations. (CNSSI No. 4009, National Information Assurance Glossary, 26 April 2010) 


Short-Range Agent Communication (SRAC). A device that allows agent and [case] officer to 
communicate clandestinely over a limited distance. (Spycraft) 


Signal. A prearranged visual or audio sign that a dead drop has been filled or emptied or that an 
emergency meeting is needed. (FBI FCI Terms) Also see signals. 


-- Also, prearranged visual or audio indicator having a designated significance for intelligence 
personnel involved. For example, to signify that a dead drop has been filled or emptied or to call an 
emergency or unscheduled personal meeting. (AFOSI Manual 71-142, OFCO, 9 June 2000) 


Signal Flags. The IC [Intelligence Community] database containing information used to assist security 
and counterintelligence professionals conducting National Agency Checks on individuals applying for 
positions with IC organizations. (IC Standard 700-1, 4 Apr 2008) 


Signal Security (SIGSEC). A generic term that includes both communications security and electronics 
security. (JP 1-02) Also see security. 


Signal Site. A prearranged fixed location, usually in a public place, on which an agent or intelligence 
officer can place a predetermined mark in order to alert the other to operational activity. Such a mark may 
be made by, for example, chalk or a piece of tape. (FBI -- Affidavit: USA vs. Robert Philip Hanssen, 

16 Feb 2001) 


The operational activity signaled may be the fact that a dead drop has been "loaded" and is ready 
to be "cleared." A call-out signal may be used to trigger a contact between an agent and an 
intelligence officer. 

— FBI: Affidavit USA vs. Robert Philip Hanssen, 16 Feb 2001) 


- Also, a covert means of communications using a nonalerting signal, such as a chalk mark on a 
lamppost, to either initiate or terminate a clandestine act, (Spycraft) Also see signals. 
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Signals. Any form of clandestine tradecraft using a system of marks, signs, or codes for signaling 
between operatives. (CI Centre Glossary) Also see signal site. 


Signals Intelligence (SIGINT). 1) A category of intelligence comprising either individually or in combination 
all communications intelligence [COMINT], electronic intelligence [ELINT], and foreign instrumentation 
signals intelligence [FISINT], however transmitted. 2) Intelligence derived from communications, 
electronic, and foreign instrumentation signals. (JP 1-02 and JP 2-0, Joint Intelligence, 22 Oct 2013) 


For DoD policy see DoDI O-3115.07, Signals Intelligence (SIGINT), 15 Sep 2008 


-- Also, intelligence gathered from data transmissions [signals intercepts], including Communications 
Intelligence (COMINT), Electronic Intelligence (ELINT), and Foreign Instrumentation Signals Intelligence 
(FISINT). SIGINT includes both raw data [collection] and the analysis of that data to produce intelligence. 
(ODNI, U.S. National Intelligence — An Overview 201 1) 


-- Also, information derived from intercepted communications and electronic and data transmissions. 
(WMD Report, 31 Mar 2005) 


The collection of signals intelligence is necessary for the United States to advance its national 
security and foreign policy interests and to protect its citizens and the citizens of its allies and 
partners from harm. 

-- PDD-28 Signals Intelligence Activities, 17 Jan 2014 


The Intelligence Community refers to the collection and exploitation of signals transmitted from 
communication systems, radars, and weapon systems as signals intelligence or SIGINT. SIGINT 
consists of Communications Intelligence (COMINT) — technical and intelligence information derived 
from intercept of foreign communications; Electronic Intelligence (ELINT) — information collected 
from systems such as radars and other weapons systems; and Foreign Instrumentation Signals 
Intelligence (FISINT) — signals detected from weapons under testing and development. 


SIGINT is collected in a variety of ways depending on the type of signal targeted. The National 
Security Agency (NSA) collects the raw SIGINT and then NSA translators, cryptologists, analysts, 
and other technical experts turn the raw data into something that an all-source analyst can use. 
Once the NSA has collected, processed, and analyzed SIGINT, it is passed on to CIA and 
Intelligence Community analysts who use it to complement information from other sources to 
produce finished intelligence. 


The volume and variety of today's signals adds challenges to the timely production of finished 
intelligence for policymakers. It is a lot of work to track and analyze all the SIGINT collected. 
-- www.cia.gov (accessed, 30 Nov 2010) 


Signals Intelligence (SIGINT): The interception of signals, whether between people, between 
machines, or a combination of both. The National Security Agency (NSA) is responsible for 
collecting, processing, and reporting SIGINT. Within the NSA, the National SIGINT Committee 
advises the Director, NSA, and the Director of National Intelligence (DNI) on policy issues and 
manages the SIGINT requirements system. 

-- www.intelligence.gov (accessed 13 Aug 2012) 


Signals Intelligence (SIGINT)... comprises Communications Intelligence (COMINT) and Electronic 
Intelligence (ELINT) , and activities pertaining thereto... 
-- NSCID 6, Signals Intelligence, 17 Feb 1972 (redacted copy, complete original version is TOP SECRET) 
Available at: <http://www2.gwu.edu/~nsarchiv/NSAEBB/NSAEBB23/docs/doc05.pdf> 


Signature. A recognizable, distinguishing pattern. See also attack signature or digital signature. (CNSSI 
No. 4009, National Information Assurance Glossary, 26 April 2010) 
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Signatures. [In Cl usage,] indicators of potential FISS and ITO [international terrorist organizations] 
methods of operations, including static surveillance of U.S. forces [and] installations.... (Army FM 2-22.2, 
CI, Oct 2009) 


Sign-of-Life Signal. A signal emitted periodically to signify that an agent is safe. (FBI FCI Terms) 


Silver Triangle. The South American region consisting of Peru, Bolivia, and Colombia that is historically 
known to be a major illegal drug production area. (JP 3-07.4, Joint Counterdrug Operations, 13 Jun 2007) 


Single Scope Background Investigation (SSBI). Investigation for individuals requiring a top secret 
clearance or working in a critical sensitive position; normally covers a 5-year period and consists of a 
subject interview, NAC, credit checks, character references, and employment records checks and 
references. 


-- Also, a personnel security investigation consisting of all the elements prescribed in Standard B of 
ICPG 704.1. The period of investigation for a SSBI varies, ranging from the immediate preceding 3 years 
for neighborhood checks to immediately preceding 10 years for local agency checks. (IC Standard 700-1, 
4 Apr 2008) 


Singleton. Intelligence operations conducted by a single intelligence officer or agent. These operations 
include intelligence collection, servicing agents, and courier services. (Spy Book) 


Site Exploitation. A series of activities to recognize, collect, process, preserve, and analyze information, 
personnel, and/or materiel found during the conduct of operations. (JP 1-02 and JP 3-31, Command and 
Control for Joint Land Operations, 29 Jun 2010) 


-- Also, systematically searching for and collecting information, material, and persons from a 
designated location and analyzing them to answer information requirements, facilitate subsequent 
operations, or support criminal prosecution. (Army Tactics, Techniques & Procedures 3-90.15 [FM 
3-90.15], Site Exploitation Operations, 8 Jul 2010) 


Situation Report (SITREP). A report giving the situation in the area of a reporting unit or formation. 
(JP 1-02 and JP 3-50, Personnel Recovery) 


Situational Awareness. Immediate knowledge of the conditions of the operation, constrained 
geographically and in time. (Army FM 3-0, Operations, Feb 2008) 


Slammer. Project Slammer was an Intelligence Community sponsored study of espionage to determine 
the motivation of the convicted spies and to learn the methods by which they committed their crimes. 


In 1985 U.S. intelligence agencies embarked on a 10-year benchmark study named Project 
Slammer, which was focused on interviewing incarcerated spies. It examined “espionage by 
interviewing and psychologically assessing actual espionage subjects Additionally, persons 
knowledgeable of subjects were contacted to better understand the subjects' private lives and how 
they are perceived by others while conducting espionage." Project Slammer sought to understand 
of the dynamics of espionage and to incorporate of that enhanced understanding into government 
and industry security programs. 


Project Slammer research endeavor consisted of voluntary interviews with incarcerated spies and 
subsequent analysis of the data. The effort was essentially de-funded in the early nineties and 
consequently lost impetus. Nevertheless, there are currently extant several Slammer papers and 
tapes which are used throughout the security community. Those analyses deal with the essential 
and multi-faceted motivational patterns underlying espionage. 


Although dated, the study's findings remain significant, and the conclusions included: No offender 
entered a position of trust with the intent to betray; and there were two prevalent sets of personality 
traits: 1) highly manipulative, dominant, and self-serving; and 2) passive, easily influenced, and 
lacking self-esteem. 
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Sleeper. [Tradecraft jargon] an illegal; or agent in a foreign country who does not engage in intelligence 
activities until told to do so. (FBI FCI Terms) 


-- Also, a spy placed in a target area but does not engage in espionage until he or she is activated at 
a future time. (Spy Book) 


-- Also, an illegal or agent residing in a foreign country under orders to engage in no intelligence 
activities. The inactive status, which can endure for a considerable time, serves to strengthen the legend 
and permit access by a foreign power to an individual in position to be ready for action under certain 
circumstances should a specific need arise. (Word of Intelligence, 2"? Edition, 201 1) 


SMADS. See Strategic Mission Assurance Data System. 


Social Engineering, An attempt to trick someone into revealing information (e.g., a password) that can be 
used to attack an enterprise. (CNSSI No. 4009, National Information Assurance Glossary, 26 April 2010) 


-- Also, the art of gaining access to buildings, systems or data by exploiting human psychology, rather 
than by breaking in or using technical hacking techniques. (The Ultimate Guide to Social Engineering, 
undated) 


Copy of "The Ultimate Guide to Social Engineering" available on line at: 
<http://assets.csoonline.com/documents/cache/pdfs/Social-Engineering-Ultimate-Guide.pdf> 


Social Networking. Web-based services that allow individuals to create a public profile, to create a list of 
users with whom to share connection, and view and cross the connections within the system. (Wikipedia) 


Most social network services are web-based and provide means for users to interact over the 
Internet, such as e-mail and instant messaging. Social network sites are varied and they 
incorporate new information and communication tools such as, mobile connectivity, 
photo/video/sharing and blogging. Social networking sites allow users to share ideas, pictures, 
posts, activities, events, and interests with people in their network. 


The main types of social networking services are those that contain category places (such as 
former school year or classmates), means to connect with friends (usually with self-description 
pages), and a recommendation system linked to trust. Popular methods now combine many of 
these, with American-based services such as Facebook, Google+, YouTube, LinkedIn, Instagram, 
Pinterest, Tumblr and Twitter widely used worldwide; Nexopia in Canada; Badoo, Bebo, VKontakte 
(Russia), Delphi (also called Delphi Forums), Draugiem.lv (mostly in Latvia), Hi5 (Europe), Hyves 
(mostly in The Netherlands), /WiW (mostly in Hungary), Nasza-Klasa, Soup (mostly in Poland), 
Glocals in Switzerland, Skyrock, The Sphere, StudiVZ (mostly in Germany), Tagged, Tuenti (mostly 
in Spain), and XING in parts of Europe; Hi5 and Orkut in South America and Central America; Mxit 
in Africa; and Cyworld, Mixi, Orkut, renren, weibo and Wretch in Asia and the Pacific Islands. 


Social networking services are increasingly being used in legal and criminal investigations. 
Information posted on sites such as MySpace and Facebook has been used by police (forensic 
profiling), probation, and university officials to prosecute users of said sites. In some situations, 
content posted on MySpace has been used in court 

-- Wikipedia at «http://en.wikipedia.org/wiki/Social networking» (accessed 11 Mar 2014) 


See "Social Media: Establishing Criteria for Law Enforcement Use" by Robert D. Stuart, M.S., in 
FBI, Law Enforcement Bulletin, Feb 2013. Article available at: <http://www.fbi.gov/stats- 
services/publications/law-enforcement-bulletin/201 3/february/social-media-establishing-criteria-for- 
law-enforcement-use> 
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*Under Investigation: Social Media Use by Law Enforcement" 
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- http://www.lexisnexis.com/government/investigations/ (accessed 11 Mar 2014) 


Socio-Cultural Dynamics. Information about the social, cultural, and behavioral factors characterizing the 
relationships and activities of the population of a specific region or operational environment. (DoDD 
3600.01, Information Operations, 14 Aug 2006 with Chg 1, 23 May 201 1) 


Sociocultural Analysis (SCA). The analysis of adversaries and other relevant actors that integrates 
concepts, knowledge, and understanding of societies, populations, and other groups of people, including 
their activities, relationships, and perspectives across time and space at varying scales. (JP 2-0, Joint 
Intelligence, 22 Oct 2013) 


Sociocultural Factors. The social, cultural, and behavioral factors characterizing the relationships and 
activities of the population of a specific region or operational environment. (JP 1-02 and JP 2-01.3, Joint 
Intelligence Preparation of the Operational Environment) 


Software Assurance. The level of confidence that software functions as intended and is free of 
vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software 
throughout the lifecycle. (DoDI 5200.44, Protection of Mission Critical Functions to Achieve Trusted 
Systems and Networks, 5 Nov 2012) 


Source. A person, thing, or activity from whom information or services are obtained. (DoDD S-3325.09, 
Oversight, Management, and Execution of Defense Clandestine Source Operations, 9 Jan 2013, with chg 
1 dated 13 Jun 2013) Also see agent; asset, controlled source; human source; HUMINT source. 


-- Also, 1) A person, thing, or activity from which information is obtained; 2) In clandestine activities, 
a person (agent), normally a foreign national, in the employ of an intelligence activity for intelligence 
purposes; or 3) In interrogation activities, any person who furnishes information, either with or without the 
knowledge that the information is being used for intelligence purposes. In this context, a controlled source 
is in the employment or under the control of the intelligence activity and knows that the information is to 
be used for intelligence purposes. An uncontrolled source is a voluntary contributor of information and 
may or may not know that the information is to be used for intelligence purposes. (JP 1-02 and JP 2-01.2, 
CI & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 
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-- Also, a person from whom information or services are obtained. (DoDD S-5200.37, Management & 
Execution of Defense HUMINT, 9 Feb 2009 w/ chg 2) 


-- Also, a person, device, system, or activity from which services or information are obtained. 
(Defense HUMINT Enterprise Manual 3301.02, Vol II Collection Operations, 23 Nov 2010) 


-- Also, a person from whom information or services are obtained. (DoDD 3600.01, Information 
Operations, 14 Aug 2006 with Chg 1, 23 May 2011 w/ chg 1 dated 26 Aug 2011) 


-- Also, a document, interview, or other means by which information has been obtained. From an 
intelligence perspective, sources are individuals (or HUMINT) who collect or possess critical information 
needed for intelligence analysis. (ODNI, U.S. National Intelligence — An Overview 2011) 


Source Directed Requirement (SDR). A HUMINT collection requirement based upon the placement and 
access of a source to collect and report on a specific person, place, thing, or event. (DHE-M 3301.001, 
DIA HUMINT Manual, Vol I, 30 Jan 2009 w/ chg 2) 


Source Management. The process of registering and monitoring the use of sources involved in 
counterintelligence and human intelligence operations to protect the security of the operations and avoid 
conflicts among operational elements. (JP 2-01.2, Cl & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 
1 dated 26 Aug 2011) 


Source Registry. A source record/catalogue of leads and sources acquired by collectors and centralized 
for management, coordination and deconfliction of source operations. (JP 1-02 and JP 2-01.2, CI & 
HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 


Source Validation. Vetting to determine if a source is who he/she claims to be, is free of external control, 
is capable of behaving in a secure manner, and possesses placement and access consistent with 
tasking. (HDI Lexicon, April 2008) Also see vetting and counterintelligence flags. 


All DoD human sources are vetted in accordance with National HUMINT Manager Directive 001.08 
(HUMINT Source Validation). 


For DoD policy see DoDI S-3325.07, Guidance for the Conduct of DoD Human Source 
Validation (U), 22 Jun 2009. 


Special Access Program (SAP). A program established for a specific class of classified information that 
imposes safeguarding and access requirements that exceed those normally required for information at 
the same classification level. (DoDD 5205.07, SAP Policy, 1 Jul 2010) 


-- Also, a program activity which has enhanced security measures and imposes safeguarding and 
access requirements that exceed those normally required for information at the same level. Information to 
be protected within the SAP is identified by an SCG [security classification guide]. (DoDI 5205.11, 
Management, Administration, and Oversight of DoD Special Access Programs, 6 Feb 2013) 


-- Also, a sensitive program, approved in writing by a head of agency with original top secret 
classification authority, that imposes need-to-know and access controls beyond those normally provided 
for access to confidential, secret, or top secret information. The level of controls is based on the criticality 
of the program and the assessed hostile intelligence threat. The program may be an acquisition program, 
an intelligence program, or an operations and support program. (JP 1-02 and JP 3-05.1, Joint Special 
Operations Task Force Operations, 26 Apr 2007) 


DoD SAPs are established and maintained only when absolutely necessary to protect the Nation's 
most sensitive capabilities; information; technologies; operations; and research, development, test 
and evaluation; or when required by statute pursuant to DoDD 5205.07, SAP Policy, 1 Jul 2010. 
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Acknowledged — Unacknowledged — Waived 


Acknowledged SAP: A SAP whose existence is acknowledged, affirmed, or made known to 
others, but its specific details (technologies, materials, techniques, etc.,) are classified as specified 
in the applicable SCG. 


Unacknowledged SAP: A SAP having enhanced security measures ensuring the existence of 
the program is not acknowledged, affirmed, or made known to any person not authorized for such 
information. 


Waived SAP: A SAP for which the Secretary of Defense has waived applicable reporting in 
accordance with DoD Manual 5200.01 following a determination of adverse effect to national 
security. An unacknowledged SAP that has more restrictive reporting and access controls than 
other unacknowledged SAPs. 


Interestingly, the Joint Security Commission noted in its 1994 report (Redefining Security) that -- 
“Special Access Programs are used to compensate for the fact that the classification 
system is not trusted to protect information effectively and does not adequately enforce 
the ‘need to know’ principle.” 


Special Access Program Central Office (SAPCO). The office within a DoD Component or OSD PSA that, 
when directed, executes, manages, administers, oversees, and maintains records on the SAPs for which 
it has been assigned CA. Responsibilities may also include developing and implementing policies and 
procedures for oversight, management, execution, administration, SAP security, IA for SAP IS, and 
records management of SAPs under their cognizance, as directed. (DoDD 5205.07, Special Access 
Program Policy, 1 Jul 2010) 


The DoD SAPCO is the office charged by the Deputy Secretary of Defense with responsibility as 
the designated proponent for developing and implementing policies and procedures for DoD SAP 
execution, management, and administration. 


For special access programs pertaining to intelligence sources, methods, and activities (but not 
including military operational, strategic, and tactical programs), these functions shall be exercised 
by the Director of National Intelligence. 


-- EO 13526, Classified National Security Information, 29 Dec 2009 


Special Actions. Those functions that due to particular sensitivities, compartmentation, or caveats cannot 
be conducted in normal staff channels and therefore require extraordinary processes and procedures and 
may involve the use of sensitive capabilities. (JP 1-02 and JP 3-05.1, Joint Special Operations Task 
Force Operations, 26 Apr 2007) 


Special Activities. Activities conducted in support of national foreign policy objectives abroad which are 
planned and executed so that the role of the U .S. Government is not apparent or acknowledged publicly, 
and functions in support of such activities, but which are not intended to influence U .S. political 
processes, public opinion, policies, or media and do not include diplomatic activities, the collection and 
production of intelligence, or related support functions. (IC Standard 700-1, 4 Apr 2008) Also see covert 
action. 


-- Also, within DoD: None -- term rescinded by JP 3-05, Special Operations, 18 Apr 2011. 
As previously defined, it was a term synonymous with "covert action" -- see covert action. 


Special Agent. Within DoD: None -- term rescinded by JP 2-01.2, CI & HUMINT in Joint Operations, 16 
Mar 2011. See Counterintelligence Special Agent. 


Previously defined in JP 1-02 as: a person, either United States military or civilian, who is a 
specialist in military [law enforcement,] security or the collection of intelligence or 
counterintelligence information. 
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-- Also, a United States military or civilian who is a specialist in military security or in the collection of 
intelligence or counterintelligence information. (Senate Report 94-755, Book I — Glossary, 26 Apr 1976) 


Special Area Clearance. The required concurrence granted to DoD personnel by the Department of State 
and the Office of the USD(P) for travel to certain overseas areas designated by the Department of State 
as special areas. (DoDD 4500.54E, DoD Foreign Clearance Program, 28 Dec 2009) 


Special Collection Service (SCS). [According to open source,*] a joint CIA-NSA signals intelligence 
collection organization. 


-- Also, elite, highly secret U.S. electronic intelligence group that conducts eavesdropping operations 
in [foreign] countries. The service is controlled by the NSA... [also] CIA experts are often assigned. (Spy 
Book) 


* See Jeffrey T. Richelson, The US Intelligence Community, Sixth Edition, 2012, pp. 224-226 


“According to a former high-ranking intelligence official, SCS was formed in the late 1970s after 
competition between the NSA's embassy-based eavesdroppers and the CIA's globe-trotting 
bugging specialists from its Division D had become counterproductive. While sources differ on how 
SCS works, some claim its agents never leave their secret embassy warrens where they perform 
close-quarters electronic eavesdropping, while others say agents operate embassy-based 
equipment in addition to performing riskier ‘black-bag’ jobs, or break-ins, for purposes of 
bugging....” 

-- Jason Vest & W. Madsen , “A Most Unusual Collection Agency,” The Village Voice, 24 Feb - 2 Mar 1999 


Special Collection Techniques. Those lawful investigative techniques which are employed by a DoD 
intelligence component under the rule of the least intrusive means, after a determination has been made 
that the required information is not publicly available, available with the consent of the person or persons 
concerned, or available from cooperative sources. (DIA Intelligence Law Handbook, Sep 1995) Also see 
rule of the least intrusive means. 


Special collection techniques -- also commonly referred to as “special investigative techniques” 
within Cl channels -- are addressed in DoD 5240.1-R, Procedures Governing the Activities of DoD 
Intelligence Components that Affect United States Persons, 7 Dec 1982, 


Procedures 5-10: 
* Procedure 5 - Electronic Surveillance 
* Procedure 6 - Concealed Monitoring 
* Procedure 7 - Physical Searches 
* Procedure 8 - Searches and Examination of Mail 
* Procedure 9 - Physical Surveillance 
* Procedure 10 - Undisclosed Participation in Organizations 


Special Communication. See definition provided in DTM 08-019, Establishment of the DoD Special 
Communication Enterprise Office (SCEO), 11 Jun 2008, marked FOUO. 


Special Event. An international or domestic event, contest, activity, or meeting, which by its very nature, 
or by specific statutory or regulatory authority, may warrant security, safety, and/or other logistical support 
or assistance from the Department of Defense. (DODD 3025.18, Defense Support of Civil Authorities, 

29 Dec 2010) 


Special Event Management. Planning and conduct of public events or activities whose character may 
them attractive targets for terrorist attack. (FBI Domestic Investigations and Operations Guide, 15 Oct 


2011) 
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Special Information Operations (SIO). Information operations that by their sensitive nature and due to 
their potential effect or impact, security requirements, or risk to the national security of the United States, 
require a special review and approval process. (JP 3-13, Information Operations, 13 Feb 2006) Also see 
information operations. 


Special Investigative Inquiry (SII). A supplemental personnel security investigation of limited scope 
conducted to prove or disprove relevant allegations that have arisen concerning a person upon whom a 
personnel security determination has been previously made and who, at the time of the allegation, holds 
a security clearance or otherwise occupies a position that requires a personnel security determination. 
(IC Standard 700-1, 4 Apr 2008) 


Special Investigative Techniques. See Special Collection Techniques. 


Special Limiting Criteria (SLC). [Term used in document/media exploitation activities]. A narrowly- 
defined set of criteria intended to restrict access to data that, if compromised, could imperil planned 
operations, contain evidence of espionage or counterintelligence operations, identify sources and 
methods, and[/or] contain illegal or inappropriate material. (National Media Exploitation Center) 


Special Mission Unit (SMU). A generic term to represent a group of operations and support personnel 
from designated organizations that is task-organized to perform highly classified activities. (JP 1-02 and 
JP 3-05.1, Joint Special Operations Task Force Operations, 26 Apr 2007) 


Special Operations (SO). Operations requiring unique modes of employment, tactical techniques, 
equipment and training often conducted in hostile, denied, or politically sensitive environments and 
characterized by one or more of the following: time sensitive, clandestine, low visibility, conducted with 
and/or through indigenous forces, requiring regional expertise, and/or a high degree of risk. (JP 3-05, 
Special Operations, 18 Apr 2011) 


Special Operations Activities. Activities that include each of the following insofar as it relates to special 
operations: direct action, strategic reconnaissance, unconventional warfare, foreign internal defense, civil 
affairs, psychological operations, counterterrorism, humanitarian assistance, theater search and rescue, 
and such other activities as may be specified by the president or the Secretary of Defense. 

(DoDD S-3325.09, Oversight, Management, and Execution of Defense Clandestine Source Operations, 9 
Jan 2013, with chg 1 dated 13 Jun 2013) 


Special Reconnaissance (SR). Reconnaissance and surveillance actions conducted as a special 
operation in hostile, denied, or politically sensitive environments to collect or verify information of strategic 
or operational significance, employing military capabilities not normally found in conventional forces. 

(JP 3-05, Special Operations, 18 Apr 2011) 


Special Security Center. The Director of National Intelligence element responsible for developing, 
coordinating, and overseeing Director of National Intelligence security policies and databases to support 
Intelligence Community security elements. The Special Security Center interacts with other Intelligence 
Community security organizations to ensure that Director of National Intelligence equities are considered 
in the development of national level security policies and procedures. (DSS Security Glossary) 


Specified Task. In the context of joint operation planning, a task that is specifically assigned an 
organization by its higher headquarters. (JP 1-02 and JP 5-0, Joint Operation Planning, 11 Aug 2011) 


Spoofing. [Tradecraft jargon] A ploy designed to deceive the observer into believing that an operation 
has gone bad when, in fact, it has been put into another compartment. (Spy Dust) 


-- Also, [cyber usage] deceiving computers or computer users by hiding or faking one's identity. Email 
spoofing utilizes a sham email address or simulates a genuine email address. IP spoofing hides or masks 


a computer's IP address. (FBI; see <http://www.fbi.gov/about-us/investigate/counterintelligence/internet- 
social-networking-risks-1>) 


299 


Page 3816 of 3957 


Page 387 of 3957 


Counterintelligence Glossary -- Terms & Definitions of Interest for CI Professionals (9 June 2014) 


Spot. [In intelligence usage,] to locate and recruit people demonstrated access to intelligence targets. 
(TOP SECRET: The Dictionary of Espionage and Intelligence, 2005) 


-- Also, to identify for consideration potential sources as candidates for recruitment. (AFOSI Manual 
71-142, OFCO, 9 Jun 2000) 


Spot Report. A non-standard DoD HUMINT report (not an IR) used to report on actionable/perishable 
HUMINT of a non-CRITIC nature. (DHE-M 3301.001, Vol I: Collection Requirement, Reporting, and 
Evaluation Procedures, 30 Jan 2009, w/ chg 2 dated 1 Feb 2012) 


-- Also, a concise narrative report of essential information covering events or conditions that may 
have an immediate and significant effect on current planning and operations that is afforded the most 
expeditious means of transmission consistent with requisite security. Also called SPOTREP. (Note: In 
reconnaissance and surveillance usage, spot report is not to be used.) (JP 1-02 and JP 3-09.3, Close Air 
Support) 


For CRITIC reporting see Chapter Three - Specialized Intelligence Reporting, DHE-M 3301.001, 
Vol I: Collection Requirement, Reporting, and Evaluation Procedures (U), 30 Jan 2009, w/ chg 2, 
dated 1 Feb 2012. 


Spotter. In intelligence, an agent or illegal assigned to locate and assess individuals in positions of value 
to an intelligence service. (JP 1-02; JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 
dated 26 Aug 2011; and CI Community Lexicon) Also see spotter / assessor. 


-- Also, an agent or illegal assigned to locate and assess individuals who might be of value to an 
intelligence service. (FBI FCI Terms) 


Spotter / Assessor. An asset assigned to locate and/or assess individuals of intelligence or operational 
interest. (HDI Lexicon, April 2008) Also see spotter; spotter assessor operation. 


Spotter / Assessor Operation. Those actions taken to identify persons who may be in contact with or 
placed in contact with opposition intelligence and counterintelligence services, and to determine the 
potential value of these persons as intelligence or counterintelligence sources. (AR 381-47, OFCO, 
17 Mar 2006) 


Spy. A generic term that refers... to either a professional intelligence officer work works for an 
intelligence service, or to a foreign source or asset who steals secrets on behalf of that intelligence 
service. (James M. Olson, Fair Play: The Moral Dilemmas of Spying, 2006) 


-- Also, a person employed by or in the service of a foreign government, either with or without pay, to 
secure information considered vital to the waging of a shooting or economic war against another country. 
(Committee on Un-American Activities, U. S. House of Representatives, April 1949) 


[T]he spy is the greatest of soldiers. If he is the most detested 
by the enemy, it is only because he is the most feared. 
— King George V (1865-1936) 


A U.S, intelligence officer that handles clandestine human sources is normally referred to as a 
"case officer (C/O)" or "operations officer (OO)." The people that case officers or OOs recruit as 
penetrations of foreign governments and organizations are their “agents.” Agents have access to 
important information and pass that information secretly to their case officers/OOs. 


An army without secret agents is exactly like a man without eyes or ears. 
-- Chia Lin, Chinese Strategist of the late eighth century 
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One spy in the right place is worth 20,000 men in the field. 
-- Napoleon 


In the circumstances of espionage and betrayal, 
one county's heroic spy is another's traitor. 
-- Frederick P. Hitz, Former Inspector General of the CIA (1990 - 1998) 


“What do you think spies are: priests, saints, and martyrs? 
They're a squalid procession of vain fools, traitors too, yes; 
pansies, sadists and drunkards, people who play 
cowboys and Indians to brighten their rotten lives..." 

-- Alec Leamas, the protagonist in LeCarre's The Spy Who Came in From the Cold. 


Spy Dust (also called METKA). Chemical marking compound developed by the KGB to keep tabs on the 
activities of a target officer. The compound is made of nitrophenyl pentadien (NPPD) and luminol. (Spy 
Dust) 


Spying. Under Article 106, UCMJ, in time of war, the act of clandestinely or under false pretences, 
collecting or attempting to collect, information with the intent to convey it to a hostile party. (AR 381-20, 
Army CI Program, 25 May 2010) 


Like war, spying is dirty business. Shed of its alleged glory, a soldier's job is to kill. 
Peel away the claptrap of espionage and the spy's job is to betray trust. 


-- William Hood, Mole (1993) 


Spying is a major weapon in the state's exercise of power, according to Machiavelli.* In his "Art of 
War.' He provides amazingly modern and sophisticated instructions on how to prevent spying by 
the enemy (counterintelligence), how to deceive the enemy (covert action), and how to learn its 
intentions (espionage). 
-- James M. Olson, Fair Play: The Moral Dilemmas of Spying (2006), p. 23 
* Niccolo Machiavelli (1469-1527), Florentine statesman and patriot. 


Spyware. Software that is secretly or surreptitiously installed into an information system to gather 
information on individuals or organizations without their knowledge; a type of malicious code. (CNSSI 
No. 4009, National Information Assurance Glossary, 26 April 2010) 


-- Also, a wide range of unwanted programs that exploit infected computers for commercial gain. 
They can deliver unsolicited pop-up advertisements, steal personal information (including financial 
information such as credit card numbers), monitor web-browsing activity for marketing purposes, or 
route HTTP requests to advertising sites. (McAfee.com; accessed 15 Nov 2010) 


Stability Operations. An overarching term encompassing various military missions, tasks, and activities 
conducted outside the United States in coordination with other instruments of national power to maintain 
or reestablish a safe and secure environment, provide essential governmental services, emergency 
infrastructure reconstruction, and humanitarian relief. (JP 1-02 and JP 3-0, Joint Operations, 11 Aug 
2011) 


Staff Judge Advocate (SJA). A judge advocate so designated in the Army, Air Force, or Marine Corps, 
and the principal legal advisor of a Navy, Coast Guard, or joint force command who is a judge advocate. 
(JP 1-04, Legal Support to Military Operations, 17 Aug 2011) 


Stake Out. Stationary surveillance of a person, site, or facility. (AFOSI Manual 71-142, OFCO, 9 Jun 
2000) 
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-- Also, stakeout: a surveillance point or location that has been employed (or laid out) with the benefit 
of prior planning. Usually meant to be occupied for an extended period of time. (Words of Intelligence, gn 
Edition, 2011) 


Standard Operating Procedure (SOP). A set of instructions covering those features of operations which 
lend themselves to a definite or standardized procedure without loss of effectiveness. The procedure is 
applicable unless ordered otherwise. (JP 1-02 and JP 3-31,Command and Control for Joint Land 
Operations, 29 June 2010) 


Star-Burst Maneuver. A countersurveillance ploy in which more than one target car or target officer is 
being followed and they suddenly go in different directions, forcing the surveillance team to make instant 
choices about whom to follow. (CI Centre Glossary) 


Statement Analysis (also called Scientific Content Analysis or SCAN and Investigative Discourse 
Analysis). A technique for analyzing the words people use. Proponents claim this technique can be used 
to detect concealed information, missing information, and whether the information that person has 
provided is true or false. (Wikipedia, accessed 5 Mar 2014) 


Station. A CIA operational center overseas... usually, but not always, located under cover in a U.S. 
official installation. The senior officer in charge of a station is known as the chief of station, or COS. 
(James M. Olson, Fair Play: The Moral Dilemmas of Spying, 2006) 


Status of Forces Agreement (SOFA). An agreement that defines the legal position of a visiting military 
force deployed in the territory of a friendly state. Agreements delineating the status of visiting military 
forces may be bilateral or multilateral. Provisions pertaining to the status of visiting forces may be set forth 
in a separate agreement, or they may form a part of a more comprehensive agreement. These provisions 
describe how the authorities of a visiting force may control members of that force and the amenability of 
the force or its members to the local law or to the authority of local officials. (JP 1-02 and JP 3-16, 
Multinational Operations, 7 Mar 2007) 


-- Also, an accord, either bilateral or multilateral, that defines the legal position of a visiting military 
force deployed in the territory of a friendly state, usually delineating matters affecting the relationship 
between the military force and the civilian authorities and population. (AR 381-20, Army CI Program, 
25 May 2010) 


Stay Behind [ aka sleeper]. Agent or agent organization established in a given country to be activated 
in the event of hostile overrun or other circumstances under which normal access would be denied. 
(JP 1-02) 


Steganography. The art, science, and practice of communicating in a way that hides the existence of the 
communication. (CNSSI No. 4009, National Information Assurance Glossary, 26 April 2010) 


-- Also, the process of hiding information by embedding messages within other, seemingly harmless 
messages. The process works by replacing bits of useless or unused data in regular computer files (such 
as graphics, sound, text) with bits of different, invisible information. This hidden information can be plain 
text, cipher text, or even images. (US Army TRADOC DCSINT Handbook 1.02, 15 Aug 2007) 


-- Also, the art and science of writing hidden messages in such a way that no one, apart from the 
sender and intended recipient, suspects the existence of the message, a form of security through 
obscurity. (Wikipedia; accessed 4 April 2011) 


Steganography (from the Greek root "staganos," meaning covered or secret), or stego, is the 
technique of hiding data in a host file. [...] Simply put, stego is hiding a covert message within 
another file so that only the sender and receiver can access it. 

-- Eric Cole, “Steganography: More than Meets the Eye, “in Information Security, November 2006 (pp. 32-37) 
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Steganography is the process of secreting data in an image. Moscow Center uses steganographic 
software that is not commercially available. The software package permits the SVR clandestinely 
to insert encrypted data in images that are located on publicly-available websites without the data 
being visible. The encrypted data can be removed from the image, and then decrypted, using 
SVR-provided software. Similarly, SVR-provided software can also be used to encrypt data, and 
then clandestinely to embed the data in images on publicly-available websites. 

-- FBI Affidavit, 25 June 2010 


The advantage of steganography, over cryptography alone, is that messages do not attract 
attention to themselves. Plainly visible encrypted messages—no matter how unbreakable— will 
arouse suspicion, and may in themselves be incriminating in countries where encryption is illegal. 
Therefore, whereas cryptography protects the contents of a message, steganography can be said 
to protect both messages and communicating parties. 


With the advent of digital media, steganography has come to include the hiding of digital 
information within digital files. Media files are ideal for steganographic transmission because of 
their large size. As a simple example, a sender might start with an innocuous image file and adjust 
the color of every 100th pixel to correspond to a letter in the alphabet, a change so subtle that 
someone not specifically looking for it is unlikely to notice it. 

-- Wikipedia (accessed 4 April 2011) 


For additional information also see -- <http://www.steganographypro.com/> and 
«http://www.citi.umich.edu/u/provos/papers/practical.pdf- 


Sterilize. To remove from material to be used in covert and clandestine actions any marks or devices 
which can identify it as originating with the sponsoring organization or nation. (Senate Report 94-755, 
Book | — Glossary, 26 Apr 1976) 


Strategic Communication. Focused United States Government efforts to understand and engage key 
audiences to create, strengthen, or preserve conditions favorable for the advancement of United States 
Government interests, policies, and objectives through the use of coordinated programs, plans, themes, 
messages, and products synchronized with the actions of all instruments of national power. (JP 1-02) 


Strategic Debriefing. Debriefing activity conducted to collect information or to verify previously collected 
information in response to national or theater level collection priorities. (JP 2-01.2, Cl & HUMINT in Joint 
Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011; and Army FM 2-22.3, HUMINT Collector 
Operations, 6 Sep 2006) 


Sources for strategic debriefing operations include but are not limited to émigrés, refugees, 
displaced persons, defectors, and selected U.S. personnel. 


Strategic Intelligence. Intelligence required for the formation of policy and military plans at national and 
international levels. Strategic intelligence and tactical intelligence differ primarily in level of application, but 
may also vary in terms of scope and detail. (JP 1-02) Also see intelligence; operational intelligence; 
tactical intelligence. 


Sherman Kent defined strategic intelligence as "high-level foreign positive intelligence." 
Strategic Intelligence Interrogation. An intelligence interrogation of any person who is in the custody or 
under the effective control of the DoD or under detention in a DoD facility, conducted at a theater-level 


detention facility. (DoDD 3115.09, DoD Intelligence Interrogations, Detainee Debriefings, and Tactical 
Questioning, 11 Oct 2012 w/ chg 1 dated 15 Nov 2013) Also see intelligence interrogation. 
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Strategic Level of War. The level of war at which a nation, often as a member of a group of nations, 
determines national or multinational (alliance or coalition) strategic security objectives and guidance, and 
then develops and uses national resources to achieve these objectives. (JP 1-02 and JP 3-0, Joint 
Operations, 11 Aug 2011) Also see also operational level of war; tactical level of war. 


Strategic Mission Assurance Data System (SMADS). A classified geospatially enabled Critical 
Infrastructure database with the capability to analyze potential national, strategic, and operational impacts 
resulting from the loss or disruption of Critical Infrastructure and Key Resources (CIKR). 


Strongly recommended that all DoD Cl personnel providing CI support to DCIP obtain an SMADS 
account. 


SMADS is a restricted database accessible on SIPRNet at: <https://smads.stratcom.smil.mil> 
Access is only granted to end-users who have a valid user account (requires valid need-to-know). 
Permissions are granted based upon a user's mission and associated responsibilities. 


SMADS is managed and maintained by the U.S Strategic Command (USTRATCOM) Mission 
Assurance Division (MAD). It is the current Joint Staff program of record for Critical Infrastructure 
and Key Resources (CIKR). 


Refer to the SMADS User Manual which serves as a general reference for end-users; it provides a 
step-by-step guide to performing web-enabled database tasks, while incorporating some DCIP 
program information to help facilitate the completion of these tasks. 


For other DCIP tools see web site at: <http://dcip.dtic.mil/DCIPtools.html> 


Strategy. A prudent idea or set of ideas for employing the instruments of national power in a 
synchronized and integrated fashion to achieve theater, national, and/or multinational objectives. 
(JP 1-02 and JP 3-0, Joint Operations, 11 Aug 2011) 


-- Military Strategy. The art and science of employing the armed forces of a nation to secure the 
objectives of national policy by the application of force or the threat of force. (JP 1-02) 


-- National Military Strategy. The art and science of distributing and applying military power to attain 
national objectives in peace and war; also called NMS. (JP 1-02) 


-- National Strategy. The art and science of developing and using the diplomatic, economic, and 
informational powers of a nation, together with its armed forces, during peace and war to secure national 
objectives; also called national security strategy or grand strategy. (JP 1-02) 


Structured Analysis. A distinct form of intelligence analysis methodology that provides a step-by-step 
process for analyzing the kinds of incomplete, ambiguous, and sometimes deceptive information that 
analysts must deal with. 


Structured analysis is a mechanism by which internal thought processes are externalized in a 
systematic and transparent manner so that they can be shared, built on, and easily critiqued by 
others. Structured analysis helps analysts ensure that their analytical framework—the foundation 
upon which they form their analytical judgments—is as solid as possible. 


For in-depth information on structured analysis see Richards J. Heuer, Jr. and Randolph H. 
Pherson, Structured Analytical Techniques for Intelligence Analysis (Washington, DC; CQ Press, 
2011). 


Subject. Person, place, or thing observed or under investigation. (AFOSI Manual 71-142, OFCO, 9 Jun 
2000) Also see suspect. 


-- Also, a person about whom probable cause exists to believe that the person committed a particular 
criminal offense. (AR 195-2, Criminal Investigation Activities, 15 May 2009) 
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Subject Interview. Interview with the subject of an investigation; it may be non-custodial or custodial. 


Interviews of subjects of CI investigations are conducted to afford subjects the opportunity to refute, 
explain, clarify or mitigate allegations of espionage, terrorism, and other acts that may constitute 
threats to national security. 

-- AR 381-20, Army CI Program, 25 May 2010 


Subversion. Actions designed to undermine the military, economic, psychological, or political strength or 
morale of a governing authority. (JP 1-02 and JP 3-24, Counterinsurgency, 22 Nov 2013) Also see 
subversive activity. 


-- Also, actions designed to undermine the military, economic, political, psychological, or moral 
strength of a nation or entity. It can also apply to an undermining of a person's loyalty to a government or 
entity. (Senate Report 95-755, Book I — Glossary, 26 Apr 1976) 


-- Also, actively encouraging military or civilian personnel to violate laws, disobey lawful orders or 
regulations, or disrupt military activities with the willful intent thereby to interfere with, or impair the loyalty, 
morale, or discipline of the US military forces. Lending aid, comfort, and moral support to individuals, 
groups, or organizations that advocate the overthrow of the U.S. Government. (AR 381-20, Army CI 
Program, 25 May 2010) 


-- Also, the crime of creating a revolt, disturbance, or violence against lawful civil authority with the 
intent to cause its overthrow or destruction. (Dictionary.com) 


Subversion refers to an attempt to overthrow structures of authority, including the state. It is an 
overturning or uprooting. Subversive activity is the lending of aid, comfort, and moral support to 
individuals, groups, or organizations that advocate the overthrow of incumbent governments by 
force and violence. All willful acts that are intended to be detrimental to the best interests of the 
government and that do not fall into the categories of treason, sedition, sabotage, or espionage 
are placed in the category of subversive activity. 


In the context of DoD investigative policy, subversion refers only to such conduct as is forbidden 
by the laws of the United States. Specifically, this is limited to information concerning the activities 
of individuals or groups that involve or will involve the violation of Federal law, for the purpose of: 
1) Overthrowing the Government of the United States or the government of a State; and 
2) Substantially impairing for the purpose of influencing U.S. Government policies or decisions. 

-- DoD 5200.2-R, Personnel Security Program, Jan 1987 (w. chg 3), p.22 


Subversion of Department of Defense Personnel. Actions designed to undermine the loyalty, morale, or 
discipline of DoD military and civilian personnel. (JP 1-02) 


-- Also, [previously defined in DoDI 5240.06, 7 Aug 2004] an act or acts inciting military or civilian 
personnel of the DoD to violate laws, disobey lawful orders or regulations, or disrupt military activities with 
the willful intent thereby to interfere with, or impair the loyalty, morale, [or] discipline, of the Military Forces 
of the United States. 


Criminal subversion of military forces is a violation of Title 18 USC, 88 2384-2390. 


Subversive Activity. Anyone lending aid, comfort, and moral support to individuals, groups or 
organizations that advocate the overthrow of incumbent governments by force and violence is subversive 
and is engaged in subversive activity. All willful acts that are intended to be detrimental to the best 
interests of the government and that do not fall into the categories of treason, sedition, sabotage, or 
espionage will be placed in the category of subversive activity. (JP 1-02) 
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Suitability Investigation. An inquiry into a person's identifiable character traits and conduct sufficient to 
decide whether an individual's employment or continued employment would or would not protect the 
integrity or promote the efficiency of the service. (ONCIX, http://www.ncix.gov/SEA/reform/secvssuit.php; 
accessed 18 Sep 2012) Also see security clearance investigation. 


"The Director of the Office of Personnel Management shall serve as the Suitability Executive Agent. 
As the Suitability Executive Agent, the Director of the Office of Personnel Management will be 
responsible for developing and implementing uniform and consistent policies and procedures to 
ensure the effective, efficient, and timely completion of investigations and adjudications relating to 
determinations of suitability and eligibility for logical and physical access." 

-- EO 13467 (30 June 2008) 


Superencryption. Process of encrypting encrypted information. Occurs when a message, encrypted off- 
line, is transmitted over a secured, on-line circuit, or when information encrypted by the originator is 
multiplexed onto a communications trunk, which is then bulk encrypted. (CNSSI No. 4009, National 
Information Assurance Glossary, 26 April 2010) 


Supply Chain. The linked activities associated with providing materiel from a raw materiel stage to an 
end user as a finished product. (JP 1-02 and JP 4-09, Distribution Operations, 5 Feb 2010) Also see 
adversarial supply chain operations, supply chain attack, supply chain risk, supply chain risk 
management. 


-- Also, the linked activities associated with providing materiel from a raw materiel stage to an end 
user as a finished product or system. Including design, manufacturing, production, packaging, handling, 
storage, transport, mission operation, maintenance, and disposal. (DoDI 4140.67, DoD Counterfeit 
Prevention Policy, 26 Apr 2013) 


-- Also, organizations, people, technology, information and associated resources involved in moving a 
product or service from supplier to customer. (National Counterintelligence Strategy of the United States 
of America, 2012) 


-- Also, a system of organizations, people, activities, information, and resources, possibly international 
in scope, that provides products or services to consumers. (CNSSI No. 4009, National Information 
Assurance Glossary, 26 April 2010) 


Supply Chain: 1) Starting with unprocessed raw materials and ending with the final customer using 
the finished goods, the supply chain links many companies together; 2) the material and 
informational interchanges in the logistical process stretching from acquisition of raw materials to 
delivery of finished products to the end user. All vendors, service providers, and customers are 
links in the supply chain. 

-- CSCMP Glossary, Feb 2010, p. 179 


See Supply Chain Management Terms and Glossary, Feb 2010. Available online at: 
<http://cscmp.org/sites/default/files/user_uploads/resources/downloads/glossary.pdf> 


Supply Chain Attack. Attacks that allow the adversary to utilize implants or other vulnerabilities inserted 
prior to installation in order to infiltrate data, or manipulate information technology hardware, software, 
operating systems, peripherals (information technology products) or services at any point during the life 
cycle. (CNSSI No. 4009, National Information Assurance Glossary, 26 April 2010) 


Supply Chain Risk. The risk that an adversary may sabotage, maliciously introduce unwanted function, 
or otherwise subvert the design, integrity, manufacturing, production, distribution, installation, or 
maintenance of an item of supply or a system so as to surveil, deny, disrupt, otherwise degrade the 
function, use or operation of the item or system. (DoDI O-5240.24, Cl Activities Supporting RDA, 8 Jun 
2011 w/ chg 1 and DoDI 5200.44, Protection of Mission Critical Functions to Achieve Trusted Systems 
and Networks, 5 Nov 2012) Also see supply chain risk management; supply chain risk mitigation; supply 
chain vulnerabilities. 
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-- Also, the risk that adversaries will insert malicious code into or otherwise subvert the design, 
manufacturing, production, distribution, installation, or maintenance of ICT components that may be used 
in DoD systems to gain unauthorized access to data, to alter data, to disrupt operations, or to interrupt 
communications. (DTM 09-016, SCRM to Improve the Integrity of Components Used in DoD Systems, 25 
Mar 2010 w/ chg 3 dated 23 Mar 2012) 


"The risk that an adversary may sabotage, maliciously introduce unwanted function, or otherwise 
subvert the design, integrity, manufacturing, production, distribution, installation, operation, or 
maintenance of an item of supply or a system so as to surveil, deny, disrupt, or otherwise degrade 
the function, use, or operation of a system." 


-- The Ike Skelton National Defense Authorization Act for Fiscal Year 2011, (Section 806) 


The increased dependence of the United States on global inputs in the manufacturing and service 
sectors, especially relating to information technology, opens the door to greater supply-chain 
vulnerabilities. As international companies and foreign individuals play a greater role in the 
information-technology supply chain, the specter of persistent, stealthy subversion is raised— 
particularly by foreign intelligence and military services, as well as international terrorists and 
criminal groups. 

— ONCIX website <http://www.ncix.gov/sections/carc/index.html> 


Within DoD, see DoDI 52400.44 (Protection of Mission Critical Functions to Achieve Trusted 
Systems and Networks, 5 Nov 2012) which establishes policy to minimize the risk that DoD's 
warfighting mission capability will be impaired due to vulnerabilities in system design or sabotage or 
subversion of a system's mission critical functions or critical components by foreign intelligence, 
terrorists, or other hostile elements. 


DoD computing systems, are a constant target of foreign exploitation. A 2007 Defense Science 
Board report noted that the software industry has become increasingly and irrevocably global. 
Much of the code is now written outside the United States, some in countries that may have 
interests inimical to those of the United States. The combination of DoD's profound and growing 
dependence upon software and the expanding opportunity for adversaries to introduce malicious 
code into this software has led to a growing risk to the Nation's defense. 


See report of the Defense Science Board Task Force on Mission Impact of Foreign Influence on 
DoD Software, Sep 2007. 


"A computer chip with a hidden, malicious flaw could sabotage a weapons system. And the 
compromised hardware is almost impossible to detect.... A chip might even be embedded with a 
‘kill switch,’ allowing the weapon to be disabled by remote control. ...only about 2 percent of the 
integrated circuits purchased every year by the military are manufactured in the United States." 

-- David Wise, Tiger Trap: America's Secret Spy War with China (2011), p. 233 


"Ihe Defense supply chain is at risk: More than two-thirds of electronics in U.S. advanced fighter 
aircraft are fabricated in off-shore foundries." 
-- Dr. Kaigham J. Gabriel, Acting Director DARPA, DoD 
March 2012 — Testimony before the Senate Armed Services Committee hearing on Emerging Threats 
and Capabilities 


“Interdependence of information technologies and integration of foreign technology in US 
information technology, telecommunications, and energy sectors will increase the potential scope 
and impact of foreign intelligence and security services’ supply chain operations. The likely 
continued consolidation of infrastructure suppliers—which means that critical infrastructures and 
networks will be built from a more limited set of provider and equipment options—uwill also increase 
the scope and impact of potential supply chain subversions. " 

-- James R. Clapper, DNI, Statement for the Record, Worldwide Threat Assessment of the US Intelligence 

Community, Senate Committee on Armed Services, 18 April 2013 
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Counterfeit Electronic Parts in the DoD Supply Chain... 


"In March 2001, the Senate Armed Services Committee initiated an investigation into counterfeit 
electronic parts in the Department of Defense (DOD) supply chain. The investigation uncovered 
overwhelming evidence of large numbers of counterfeit parts making their way into critical defense 
systems. ... The investigation... found overwhelming evidence that companies in China are the 
primary source of counterfeit electronic parts in the defense supply chain." 


-- Armed Services U.S. Senate Report 112-167, 21 May 2012; copy of full report at: 
«http://www.armed-services.senate.gov/Publications/Counterfeit?620Electronic?e20Parts. pdf> 


Supply Chain Risk Management (SCRM). The management of supply chain risk whether presented by 
the supplier, the supplied product and its sub-components, or the supply chain (e.g., packaging, handling, 
storage, and transport). (DoDI O-5240.24, CI Activities Supporting RDA, 8 Jun 2011 with change 1 dated 
15 Oct 2013) Also see adversarial supply chain operations, supply chain attack, supply chain risk; 
supply chain risk mitigation; supply chain vulnerabilities. 


-- Also, the systematic identification, assessment, and quantification of potential supply chain 
disruptions with the objective to control exposure to risk or reduce its negative impact on supply chain 
performance. (DoDI 4140.01, DoD Supply Chain Materiel Management Policy, 14 Dec 2011) 


-- Also, a systematic process for managing supply chain risk by identifying susceptibilities, 
vulnerabilities and threats throughout DoD's “supply chain" and developing mitigation strategies to 
combat those threats whether presented by the supplier, the supplied product and its subcomponents, or 
the supply chain (e.g., initial production, packaging, handling, storage, transport, mission operation, and 
disposal). (DoDI 5200.44, Protection of Mission Critical Functions to Achieve Trusted Systems and 
Networks, 5 Nov 2012) 


-- Also, management of risk that an adversary may sabotage, maliciously] introduce unwanted 
functions, or otherwise subvert the design, manufacturing, production, distribution, installation, or 
maintenance of an item of supply or a system so as to surveil, deny, disrupt, otherwise degrade the 
function, use or operation of the item or system. (DoD FCIP Strategy FY 2013-2017) 


-- Also, [within the Intelligence Community] the management of risk to the integrity, trustworthiness, 
and authenticity of products and services within the supply chain. It addresses the activities of foreign 
intelligence entities and other adversarial attempts aimed at compromising the IC supply chain, which 
may include the introduction of counterfeit or malicious items into the IC supply chain. (ICD 731, Supply 
Chain Risk Management, 7 Dec 2013) 


Supply chain risk management encompasses many disciplines and requires participation from 
subject matter experts in acquisition, counterintelligence, information assurance, logistics, program 
offices, analysis, security, and other relevant functions as necessary. 

-- ICD 731, Supply Chain Risk Management, 7 Dec 2013 


The President's Comprehensive National Cybersecurity Initiative (CNCI) 11 directs the 
implementation of SCRM in information and communications technology (ICT) acquisition. 


Various SCRM References: 


National Strategy for Global Supply Chain Security, White House, Jan 2012; copy available at 
www.whitehouse.gov 


Committee on National Security Systems Directive (CNSSD) No. 505, Supply Chain Risk 
Management (U), 7 Mar 2012; available at www.cnss.gov 


For SCRM policy within the IC see Intelligence Community Directive (ICD) 701, Supply Chain Risk 
Management, 7 Dec 2013. 


“Supply Chain Risk Management Awareness’ by J. Filsinger, B. Fast, D. Wolf, et al; copy available 
at: <http://www.afcea.org/committees/cyber/documents/Supplychain.pdf> 
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Supply Chain Risk Mitigation. A process to ensure software and hardware commodity items are not 
compromised by malicious actions that disrupt or endanger military operations or provided an entry point 
for gaining access or control of DoD systems. (DoD Strategy for Operating in Cyberspace, May 2011) 
Also see supply chain risk; supply chain risk management; supply chain risk vulnerabilities. 


Manage Supply Risk — Identify, assess, and prioritize efforts to manage risk by utilizing layered 
defenses, and adapting our security posture according to the changing security and operational 
environment. 

-- White House, National Startegy for Global Supply Chain Security, Jan 2012, p.1 


Supply Chain Vulnerabilities. An assessment of the supply chain related to CPI [critical program 
information] to determine if an adversary has the capability and intent to affect it in a manner that 
compromises the military effectiveness of the given platform, weapon system, or network. (DoDI 5200.39, 
CPI within the DoD,16 Jul 2008 with change 1 dated 28 Dec 2010) Also see supply chain risk; supply 
chain risk mitigation; supply chain risk management. 


Supplier Assurance. Evidence demonstrating the level of confidence that a supplier is free from 
vulnerabilities. (DoDI 5200.39, CPI within the DoD,16 Jul 2008 with change 1 dated 28 Dec 2010) 


Support Agent. An agent recruited to do support work, such as finding and living in safehouses, serving 
as a courier, or any of the other activities required to support a spy in place. In many cases, this support 
agent is a local citizen of the country in which the CIA operates. (A Spy's Journey) 


Support Asset. An asset who acquires, maintains, and/or provides services. (HDI Lexicon, April 2008) 


Supported Commander. 1) The commander having primary responsibility for all aspects of a task 
assigned by the Joint Strategic Capabilities Plan or other joint operation planning authority. 2) In the 
context of joint operation planning, the commander who prepares operation plans or operation orders in 
response to requirements of the Chairman of the Joint Chiefs of Staff. 3) In the context of a support 
command relationship, the commander who receives assistance from another commander's force or 
capabilities, and who is responsible for ensuring that the supporting commander understands the 
assistance required. (JP 1-02 and JP 3-0, Joint Operations, 11 Aug 2011) Also see support; supporting 
commander. 


Supporting Commander. 1) A commander who provides augmentation forces or other support to a 
supported commander or who develops a supporting plan. Includes the designated combatant commands 
and Defense agencies as appropriate. 2) In the context of a support command relationship, the 
commander who aids, protects, complements, or sustains another commander's force, and who is 
responsible for providing the assistance required by the supported commander. (JP 1-02 and JP 3-0, 
Joint Operations, 11 Aug 2011) Also see support; supported commander. 


Suspect Counterfeit. Materiel, items, or products in which there is an indication by visual inspection, 


testing, or other information that it may meet the definition of counterfeit materiel provided herein. 
(DoDI 4140.67, DoD Counterfeit Prevention Policy, 26 Apr 2013) Also see counterfeit material. 


Surreptitious Entry. Entry by stealth. (Spycraft) 


-- Also, unauthorized entry in a manner which leaves no readily discernible evidence. (DSS Glossary 
and AR 381-14, Technical Counterintelligence, 30 Sep 2002) 


-- Also, any entry into a guarded or locked area or container and a departure therefrom without 
leaving a trace that such entry was made. (FM 30-17, Counterintelligence Operations, Jan 1972) 


Surreptitious Entry Unit. Unit in OTS [CIA's Office of Technical Service] whose specialty was opening 


locks and gaining access to enemy installations for the purpose of supporting bugging operations. (Spy 
Dust) 
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Surveillance. The systematic observation of aerospace, surface, or subsurface areas, places, persons, 
or things, by visual, aural, electronic, photographic, or other means. JP 1-02 and JP 3-0, Joint Operations, 
11 Aug 2011) Also see counter surveillance, electronic surveillance, physical surveillance, surveillance 
detection. 


"Surveillance is a valuable investigative tool [emphasis added]...." 


"Investigators always should assume that subjects engaged in operational, terrorist, or criminal 
activity will attempt to detect surveillance by employing a variety of methods and techniques.... 
During surveillances, participants must remain vigilant and alert to the possibility of 
countersurveillance techniques being employed against them." 

-- John T. Nason, "Conducting Surveillance Operations" in FB/ Law Enforcement Bulletin, May 2004 


-- Also, systematic observation of a target. (Senate Report 94-755, Book I — Glossary, 26 Apr 1976) 


-- Also, the continuous watching or listening (overtly or covertly) of people, vehicles, places, or objects 
to obtain information concerning the activities and identities of individuals. (Peter Jenkins, Surveillance 
Tradecraft: The Professional's Guide to Covert Surveillance Training, 2010) 


-- Also, the tradecraft of undetected observation. Surveillance can be physical, electronic, or acoustic. 
It may include audio or photographic observation and includes mail opening. (A Spy's Journey) 


-- Also, actively but unobtrusively observing a subject to gather information about their 
activities and whereabouts. (Webster's New World Law Dictionary, 2010) 


-- Also [as used within DoD concerning force protection], monitoring the activity of DoD personnel, 
facilities, processes, or systems including showing unusual interest in a facility, infrastructure, or 
personnel (e.g., observations through binoculars, taking notes, drawing maps or diagrams of the facility, 
and taking pictures or video of a facility, infrastructure, personnel, or the surrounding environment) under 
circumstances that would cause a reasonable person to perceive a threat to DoD personnel, facilities, or 
forces in transit. (DTM 08-007, DoD Force Protection Threat Information, 22 Jul 2008) 


CI Surveillance Operations 


PHYSICAL 


* Static 
* Foot 
* Mobile 


Surveillance Assets 
(C : Supporting CI Investigations & Operations 
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Surveillance, by definition, is intrusion into the affairs of other people. 
-- William R. Johnson, Thwarting Enemies at Home and Abroad (2009) 


The word surveillance comes from the French surveiller, to watch over. The term is often used 
for all forms of observation or monitoring, not just visual observation. 


In order to be effective, surveillance must go unnoticed and be undetected. 


Surveillance can be used from a static point, on foot, from vehicle or by using technical devices. 
In most cases a combination of all four are used, with targets even often taking public transport 
and even attempting to detect or avoid surveillance. 

-- Peter Jenkins in an introduction to Surveillance Tradecraft (2010) 


Surveillance, physical: term for the universal tradecraft of undetected observation conducted by 
humans versus technical means. 


Surveillance, technical. generic term for surveillance using various forms of visual, auditory and 
electronic aids in covering a designated target. 


Surveillance, close: tradecraft jargon term for surveillance maintained where the prevention of 
loss of the subject is paramount. 


Surveillance, discreet: tradecraft jargon term for surveillance maintained on a "loose" basis, the 
prevention of detection being paramount, even to the loss of the subject being tailed. Generally, 
the guiding rule is to discontinue surveillance rather than risk actions which make the subject 
aware of the surveillance. 


Surveillance, fixed: tradecraft jargon term for a stationary or static surveillance. Also stakeout, 
tradecraft jargon for the static surveillance of a given target. 


Surveillance, foot: tradecraft jargon term for, as the words imply, a surveillance conducted on foot. 


Surveillance, mobile: tradecraft jargon term for surveillance conducted with the use of various 
mobile platforms, e.g., vehicles, aircraft, boats, etc. 


-- Adapted from The CIA’s Insider's Dictionary by Leo D. Carl (1996) 


Surveillance... must be executed with maximum care lest its target become aware of it. 
-- Allen W. Dulles, The Craft of Intelligence (2006), p. 124 


Surveillance Detection. Measures taken to detect and/or verify whether an individual, vehicle, or location 
is under surveillance. (DoDI S-5240.15, FPRG, 20 Oct 2010 with change 1 dated 16 Oct 2013) Also see 
counter surveillance, surveillance. 


-- Measures taken to determine if an individual is under surveillance. (HDI Lexicon, April 2008) 

-- Also, self-initiated actions taken by a target/subject to identify surveillance. Conducted by taking 
advantage of screen and flow, couple with detailed route selection, and noting possible surveillance 
against time and distance relationships. (Cl Community Lexicon) 

Surveillance Detection Route (SDR). A carefully crafted route, of varying lengths and complexity 
depending on the operational environment, used by a case officer and/or agent to get to a meeting site, 
and after leaving the meeting site, [to] determine that the case officer and agent are not under 
surveillance before going to and after the ops meeting. (National HUMINT Glossary) 


-- Also, a preplanned route used to determine if an individual is under surveillance. (HDI Lexicon, 
April 2008) 
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-- Also, a planned route taken by an agent or handler prior to conducting a clandestine act... 
designed to identify or elude surveillance. (Spycraft) 


-- Also, surveillance detection run; a route designed to erode or flush out surveillance without alerting 
them to an operative's purpose. (CI Centre Glossary) 


Professional case officers of all services, conduct lengthy SDRs before engaging in operational 
acts. A good SDH gives a case officer the opportunity to flush out surveillance if it is there and to 
make a determination of his or her surveillance status. The CIA jargon for completing an SDR 
and verifying without any doubt that surveillance is not there is "getting black." 

-- James M. Olson, Fair Play: The Moral Dilemmas of Spying (2006) 


Case officers posted to Moscow station underwent rigorous training in “denied area tradecraft”... 
The primary discipline was the surveillance detection route (SDR). Case officers moved about on 
long and circuitous routes planned in advance while searching for KGB "tails." If they detected 
surveillance, they aborted their missions. If no surveillance was detected, they would “go black" 
for brief periods and perform operational acts. 
-- Benjamin B. Fischer, "Spy Dust and Ghost Surveillance: How the KGB Spooked the CIA and Hid 
Aldrich Ames in Plain Sight," /nternational Journal of Intelligence and Counterintelligence, Vol 24 
No 2 (Summer 2011), p. 275 


See a brief discussion of "Surveillance Detection Runs" in an excellent article by Barry G. Royden, 
CIA, entitled "Tolkachev, A Worthy Successor to Penkovsky: An Exceptional Espionage Operation" 
originally classified SECRET and published in CIA's Studies In Intelligence, Vol. 41, No. 4. 1997. 
Later declassified and published in Studies In Intelligence, Vol 47, No. 3, 2003, Unclassified 
Edition; available at: <https:/Awww.cia.gov/library/center-for-the-study-of-intelligence/csi- 
publications/csi-studies/studies/vol47no3S/article02.html- 


Surveillance Device. A piece of equipment or mechanism used to gain unauthorized access to and 
removal of information. (DoDI 5240.05, TSCM, 3 Apr 2014) 


Suspect. A person about whom some credible information exists to believe that the person committed a 
particular criminal offense. (AR 195-2, Criminal Investigation Activities, 15 May 2009) Also see subject. 


Susceptibility. The inherent capacity of an asset to be affected by one or more threats or Hazards. 
(DoDI 3020.45, DCIP Management, 21 Apr 2008) 


Suspension of Access. The temporary withdrawal of a person's eligibility for access to classified 
information. Access is suspended when information becomes known that casts doubt on whether 
continued access is consistent with national security interests. (AR 380-67, Personnel Security Program, 
24 Jan 2014) 


Suspicious Activity. Observed behavior reasonably indicative of pre-operational planning related to 
terrorism or other criminal activity. (ISE-FS-200 v1.5 cited in DoDI 2000.26, SAR, 1 Nov 2011) See 
suspicious activity report (SAR). 


Suspicious Activity Report (SAR). Official documentation of behavior that may be indicative of 
preoperational planning related to terrorism or criminal intentions. (DoDI 2000.12, DoD AT Program, 1 
Mar 2013, w/ change 1 dated 9 Sep 2013) 


-- Also, official documentation of observed behavior reasonably indicative of pre-operational planning 
related to terrorism or other criminal activity. (ISE-FS-200 v1.5 cited in DoDI 2000.26, SAR, 1 Nov 2011) 
See suspicious activity. 

eGuardian -- the FBI’s law enforcement-centric threat reporting system -- rapidly disseminates 


SARs dealing with information regarding a potential threat or suspicious activity throughout the 
national law enforcement community to include DoD. 
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For DoD policy see DoDI 2000.26, Suspicious Activity Reporting, 1 Nov 2011. 


Access to the eGuardian system is via Law Enforcement Online (LEO). Only DoD law 
enforcement personnel or analysts within DoD law enforcement organizations will enter SARs 
into the eGuardian system. 


Categories of Suspicious Activity (see encl 4, DoDI 2000.26): Acquisition of Expertise; Breach or 
Attempted Intrusion; Eliciting Information; Expressed or Implied Threat; Flyover or Landing, 
Materials Acquisition or Storage; Misrepresentation; Recruiting; Sabotage, Tampering, or 
Vandalism; Surveillance; Testing of Security; Theft, Loss, or Diversion; Weapons Discovery; and 
Unexplained Absences of International Military Students. 


Information Sharing Environment (ISE) Functional Standard (FS) Suspicious Activity Reporting 
Version 1.5 (ISE-FS-200 v1.5) available on line at: <http:/Awww.ise.gov/sites/default/files/ISE-FS- 
200 ISE-SAR Functional Standard V1 5 Issued 2009.pdf- 


Suspicious Contact. Efforts by any individual, regardless of nationality, to obtain illegal or unauthorized 
access to classified information or to compromise a cleared employee, all contacts by cleared employees 
with known or suspected intelligence officers from any country, or any contact which suggests the 
employee concerned may be the target of an attempted exploitation by the intelligence services of 
another country. (DSS Glossary) 


Swallow. A female operative who uses sex as a tool. (Spy Dust) 


The swallow's mission is to engage in sexual activity with the targeted person and gather the 
intelligence either through pillow talk or blackmail. In order to be able to blackmail the targeted 
person into disclosing secrets, the sexual activity usually takes place in a prearranged room or 
residence equipped with hidden cameras and recording devices. 

-- Encyclopedia of the Central Intelligence Agency (2003) 


A male operative who uses sex as a tool is referred to as a "Raven." 


For additional open source information see David Lewis, Sexpionage: The Exploitation of Sex 
by Soviet Intelligence (1976). 


Sweep. [Jargon] To electronically and/or physically examine a room or area in order to detect any 
clandestine devices; a search for “bugs,” i.e., concealed electronic listening devices at a specific location. 
(Words of Intelligence, 2"? Edition, 2011) 


Synchronization. 1) The arrangement of military actions in time, space, and purpose to produce maximum 
relative combat power at a decisive place and time. 2) In the intelligence context, application of 
intelligence sources and methods in concert with the operation plan to ensure intelligence requirements 
are answered in time to influence the decisions they support. (JP 1-02 and JP 2-0, Joint Intelligence, 

22 Oct 2013) 


Synthesis. In intelligence usage, the examining and combining of processed information with other 
information and intelligence for final interpretation. (JP 2-0, Joint Intelligence, 22 Oct 2013) 


Systems Administrator (SA). Individual responsible for the installation and maintenance of an information 
system, providing effective information system utilization, adequate security parameters, and sound 
implementation of established Information Assurance policy and procedures. (CNSSI No. 4009, National 
Information Assurance Glossary, 26 April 2010) 


System Assurance. The justified measures of confidence that the system functions as intended and is 
free of exploitable vulnerabilities, either intentionally or unintentionally designed or inserted as part of the 


system at any time during the life cycle. (DoDI 5200.39, CPI Protection within DoD, 16 Jul 2008 with 
change 1 dated 28 Dec 2010) 
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T ee m mE B 


Tactical Control (TACON). Command authority over assigned or attached forces or commands, or military 
capability or forces made available for tasking, that is limited to the detailed direction and control of 
movements or maneuvers within the operational area necessary to accomplish missions or tasks 
assigned. TACON is inherent in operational control. TACON may be delegated to, and exercised at any 
level at or below the level of combatant command. When forces are transferred between combatant 
commands, the command relationship the gaining commander will exercise (and the losing commander 
will relinquish) over these forces must be specified by the Secretary of Defense. TACON provides 
sufficient authority for controlling and directing the application of force or tactical use of combat support 
assets within the assigned mission or task. (JP 1, 25 Mar 2013 and JP 1-02) Also see combatant 
command; combatant command (command authority); operational control. 


Tactical Intelligence. Intelligence required for planning and conducting tactical operations. (JP 1-02 and 
JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 


Tactical Intelligence and Related Activities (TIARA). Those activities outside the National Foreign 


Intelligence Program that accomplish the following: 1) respond to operational commanders' tasking for 
time-sensitive information on foreign entities; 2) respond to national intelligence community tasking of 
systems whose primary mission is support to operating forces; 3) train personnel for intelligence duties; 
4) provide an intelligence reserve; or 5) are devoted to research and development of intelligence or 
related capabilities. Specifically excluded are programs that are so closely integrated with a weapon 
system that their primary function is to provide immediate-use targeting data. (Previously in JP 1-02) 


Tactical Level of War. The level of war at which battles and engagements are planned and executed to 
achieve military objectives assigned to tactical units or task forces. (JP 1-02 and JP 3-0, Joint 
Operations, 11 Aug 2011) Also see operational level of war; strategic level of war. 


Tactical Questioning (TQ). The field-expedient initial questioning for information of immediate tactical 
value of a captured or detained person at or near the point of capture and before the individual is placed 
in a detention facility. Tactical questioning is generally performed by members of patrols, but can be done 
by any appropriately trained DoD personnel. Tactical questioning is limited to direct questioning. (DoDD 
3115.09, DoD Intelligence Interrogations, Detainee Debriefings, and Tactical Questioning, 11 Oct 2012 w/ 
chg 1 dated 15 Nov 2013) 


For DoD policy see DoDD 3115.09, DoD Intelligence Interrogations, Detainee Debriefings, and 
Tactical Questioning, 11 Oct 2012 


-- Also, direct questioning by any Department of Defense personnel of a captured or detained person 
to obtain time-sensitive tactical intelligence, at or near the point of capture or detention and consistent 
with applicable law. (JP 1-02 and JP 3-63, Detainee Operations, 30 May 2008) 


-- Also, expedient initial questioning for information of immediate tactical value. (Army FM 2-22.3, 
Human Intelligence Collector Operations, Sep 2006) 


Tag. Something that is attached to the item to be located and/or tracked, which increases its ability to be 
detected or its probability of identification by a surveillance system suitably tuned to the tag. (Defense 
Science Board 2004 Summer Study, Transition to and from Hostilities, Dec 2004) 

Tags can be either active (such as radio-emitting tags) or passive (such as radio frequency 


identification [RFID] tags). Passive tags can also be chemical (such as infrared fluorescent) or 
biological in nature. 
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Task. A clearly defined action or activity specifically assigned to an individual or organization that must 
be done as it is imposed by an appropriate authority. (JP 1, 25 Mar 2013) 


Task Critical Asset. An asset that is of such extraordinary importance that its incapacitation or destruction 
would have a serious, debilitating effect on the ability of one or more DoD Components or DISLA 
organizations to execute the task or mission-essential task it supports. Task critical assets are used to 
identify defense critical assets. (DoDD 3020.40, DoD Policy and Responsibilities for Critical Infrastructure, 
14 Jan 2010 w/ chg 2 dated 21 Sep 2012) 


Target. 1) An entity or object considered for possible engagement or other action; 2) in intelligence 
usage, a country, area, installation, agency, or person against which intelligence operations are 
directed... [emphasis added] (JP 1-02 and JP 3-60) 


-- Also, an individual, organization, or intelligence service against which intelligence operations are 
conducted. Also refers to documents or instruments which an intelligence service is trying to obtain, or the 
subject of a surveillance. (FBI FCI Terms) 


Target Audience (TA). An individual or group selected for influence. (JP 1-02 and JP 3-13, Information 
Operations, 13 Feb 2006) 


Target Folder. A folder, hardcopy or electronic, containing target intelligence and related materials 
prepared for planning and executing action against a specific target. (JP 1-02 and JP 3-60, Joint 
Targeting, 13 Apr 2007) 


Target Intelligence. Intelligence that portrays and locates the components of a target or target complex 
and indicates its vulnerability and relative importance. (JP 3-60, Joint Targeting, 18 Apr 2007) 


Targeted Violence: Pre-conceived violence focused on individuals, groups, or locations where 
perpetrators are engaged in behaviors that precede and are related to their attacks. These perpetrators 
consider, plan and prepare before engaging in acts of violence and are often detectable, providing an 
opportunity for disruption of the intended violence. (DSB Report, Predicting Violent Behavior, Aug 2012) 


"There is no panacea for stopping all targeted violence." 
-- DSB Report, Predicting Violent Behavior, August 2012 


Copy of Defense Science Board Report (DSB), Predicting Violent Behavior, Aug 2012 available at: 
<http://www.acq.osd.mil/dsb/reports/PredictingViolentBehavior.pdf> (accessed 10 Oct 2012) 


Targeting. The process of selecting and prioritizing targets and matching the appropriate response to 
them, considering operational requirements and capabilities. (JP 3-0, Joint Operations, 11 Aug 2011) 


-- Also, the act of focusing on a country, organization, non-state actor, installation, system, or person 
to identify an operational or intelligence goal. (National HUMINT Glossary) 


-- Also, the process of selecting targets and matching the appropriate response to them, including 
operational requirements and capabilities. The purpose of targeting is to disrupt, delay, or limit threat 
interference with friendly COAs [courses of actions]. (FM 2-22.2, Counterintelligence, Oct 2009) 


CI support to the targeting process include the development of CI targets list to identify those FISS 
and ITO persons, organizations, facilities, or installations that must be exploited through raid and 
capture to gain additional intelligence or neutralization to disable or destroy, negate, mitigate, or 
degrade the adversary's ability to collect on U.S. forces. 

-- FM 2.22-2, Counterintelligence, October 2009, p. 5-7 
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See JP 3-60, Joint Targeting, for additional information. 


Note: The doctrinal targeting process that has been adopted by the Army is denoted by the 
acronym “D3A,” which stands for "Decide, Deliver, Detect, and Assess" and is covered in-depth 
in FM 6-20-10, Tactics, Techniques, and Procedures for the Targeting Process, 8 May 1996. 


TARP. Acronym for Threat Awareness and Reporting Program; see Army Regulation 381-12, TARP, 
4 Oct 2012. 


Task Asset. [In critical infrastructure usage] an asset that is directly used to support execution of one or 
more operations, tasks, activities, or mission essential tasks (METs). (DoDI 3020.45, DCIP Management, 
21 Apr 2008) Also see asset, defense critical asset, defense critical infrastructure program (DCIP), task 
critical asset. 


Task Critical Asset (TCA). An asset that is of such extraordinary importance that its incapacitation or 
destruction would have a serious, debilitating effect on the ability of one or more DoD Components or 
DISLA organizations to execute the task or mission-essential task it supports. Task critical assets are 
used to identify defense critical assets. (DoDD 3020.40, Policy and Responsibilities for Critical 
Infrastructure, 14 Jan 2010 w/ chg 2 dated 21 Sep 2012) Also see asset, defense critical asset, defense 
critical infrastructure program (DCIP), task asset. 


Tier 1 - 3 Task Critical Assets 


Tier 1 TCA. An asset the loss, incapacitation, or disruption of which could result in mission (or 
function) failure at the DoD, Military Department, Combatant Command, sub-unified command, 
Defense Agency, or defense infrastructure sector level. 


Tier 2 TCA. An asset the loss, incapacitation, or disruption of which could result in severe mission 
(or function) degradation at the DoD, Military Department, Combatant Command, subunified 
command, Defense Agency, or defense infrastructure sector level. 


Tier 3 TCA. An asset the loss, incapacitation, or disruption of which could result in mission (or 
function) failure below the Military Department, Combatant Command, sub-unified command, 
Defense Agency, or defense infrastructure sector level. 
-- DoDM 3020.45-Vol 1, Defense Critical Infrastructure Program (DCIP): DoD Mission-Based Critical 
Asset Identification Process (CAIP), 24 Oct 2008 


Task Force Counterintelligence Coordinating Authority (TFCICA). An individual that affects the overall 
coordination of counterintelligence activities (in a joint force intelligence directorate counterintelligence 
and human intelligence staff element, joint task force configuration), with other supporting Cl 
organizations, and supporting agencies to ensure full Cl coverage of the task force operational area. 
(JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 


Tasking. Directing or requesting a source to perform in a specific manner to achieve an objective or 
conduct an activity. (DoDI S-5200.42, Defense HUMINT and Related Activities (U), 8 Dec 2009) 


-- Also, the process associated with acceptance of a validated collection requirement and assigning it 
to organic collection assets for action. (DHE-M 3301.001, Vol I: Collection Requirement, Reporting, and 
Evaluation Procedures, 30 Jan 2009, w/ chg 2 dated 1 Feb 2012) 


Tear Line. A physical line on an intelligence message or document separating categories of information 
that have been approved for foreign disclosure and release. (JP 2-0, Joint Intelligence, 22 Oct 2013) Also 
see tearline reporting. 


The sanitized information below the tear line should contain the substance of the information above 
the tear line, but without identifying the sensitive sources and methods. This will permit wider 


dissemination, in accordance with "need-to-know", need-to-release, and write-to-release principles 
and foreign disclosure guidelines of the information below the tear line. 
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-- Also, a physical line on an intelligence message or document separating categories of information 
that have been approved for foreign disclosure and release. Normally, the intelligence below the tear line 
is that which has been previously cleared for disclosure or release. (DoDI S-5240.17, Cl Collection 
Activities, 14 Mar 2014) 


Tearline Reporting. An automated or manual technique for separating an intelligence report into multiple 
portions separated by machine-or human-readable tearlines. A tearline section is the area in an 
intelligence report or finished intelligence product where the sanitized version of a more highly classified 
and/or controlled report is located. The sanitized information within the tearlines contains the substance 
of the more detailed information without identifying the sensitive sources and methods, allowing wider 
dissemination of substantive intelligence information to authorized users. (ICD 206, 17 Oct 2007) Also 
see tear line. 


Also see ICD 209, Tearline Production and Dissemination, 6 Sep 2012 


Technical Counterintelligence (TCI). A component of counterintelligence technical services. TCI includes 
Technical Surveillance Countermeasures (TSCM) and the investigation, study, and control of 
compromising emanations from information systems, known as TEMPEST. Also see technical 
penetration, Technical Surveillance Countermeasures, TEMPEST. 


The essence of technical counterintelligence collection is learning through technical means what 
foreign intelligence services see, hear, and sense, what they know about one's own technical 
means, and how they are using this information. 

-- Roy Godson, Dirty Tricks or Trump Cards: US Covert Action and Counterintelligence (1995), p. 224 


Technical Counterintelligence (TCI) Countermeasures. Any action, device, procedure, technique, or 


other measure that reduces the vulnerability of any equipment or facility that electronically processes 
information to technical exploitation of classified and/or sensitive information. (AR 381-14, Technical 
Counterintelligence [U], 30 Sep 2002) 


Technical Intelligence (TECHINT). Intelligence derived from the collection, processing, analysis, and 
exploitation of data and information pertaining to foreign equipment and materiel for the purposes of 
preventing technological surprise, assessing foreign scientific and technical capabilities, and developing 
countermeasures designed to neutralize an adversary's technological advantages. (JP 1-02 and JP 2-0, 
Joint Intelligence, 22 Oct 2013) 


-- Also, the identification, assessment, collection, exploitation, and evacuation of captured enemy 
materiel (CEM) in support of national and immediate technical intelligence requirements. TECHINT 
provides rapid performance and vulnerability assessments of enemy equipment, giving a critical edge to 
US forces in current and future operations. (Army FM 2-22.401, TECHINT, 9 Jun 2006) 


Technical Hazard. An insecure condition that could permit the technical exploitation of an area with 
classified national security information, restricted data, and/or unclassified information requiring 
protection. (AR 381-14, Technical Counterintelligence, 30 Sep 2002) 


Technical Penetration. The use of technological means to conduct an intentional, unauthorized 
interception of information-bearing energy. (DoDI 5240.05, TSCM Program, 22 Feb 2006) 


-- Also, a deliberate, unauthorized, clandestine emplacement of a device or modification of existing 
government equipment, or the clandestine employment of a technique, which allows the technical 


monitoring within an area for the purpose of gaining information. (Defense HUMINT Enterprise Manual 
3301.002, Vol II Collection Operations, 23 Nov 2010) 
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-- Also, technical penetrations include the employment of optical, electro-optical, electromagnetic, 
fluidic, and acoustic means as the sensor and transmission medium, or the use of various types of 
stimulation or modification to equipment or building components for the direct or indirect transmission of 
information meant to be protected. (Previously in JP 2-01.2, Cl & HUMINT Support to Joint Operations, 
13 Jun 2006) 


*... [It had been my experience that the most up-to-snuff secret audio and other clandestine 
monitoring techniques always seemed to be a step ahead of the counter-surveillance teams." 
-- Richard Helms with William Hood, A Look Over My Shoulder (2003), p. 449 


Technical Security. A security discipline dedicated to detecting, neutralizing, and/or exploiting a wide 
variety of hostile and foreign penetration technologies. This discipline mandates training in various 
countermeasure techniques. (IC Standard 700-1, 4 Apr 2008) 


Technical Services. The investigative use of video surveillance and interception of oral, electronic and 
wire communications. (AFPD 71-1, Criminal Investigations and Counterintelligence, 1 Jul 1999) 


Technical Surveillance. The use of optical, audio, or electronic monitoring devices or systems to 
surreptitiously collect information. (DoDI 5240.05, TSCM, 3 Apr 2014) 


-- Also, surveillance accomplished through the use of electronic listening devices, vehicle trackers, 
and signaling devices. (CI Community Lexicon) 


Technical Surveillance Countermeasures (TSCM). Techniques to detect, neutralize, and exploit technical 
surveillance technologies and hazards that permit the unauthorized access to or removal of information. 
(DoDI 5240.05, TSCM Program, 3 Apr 2014) 


-- Also, techniques and measures to detect and neutralize a wide variety of hostile penetration 
technologies that are used to obtain unauthorized access to classified and sensitive information. 
Technical penetrations include the employment of optical, electro-optical, electromagnetic, fluidic, and 
acoustic means as the sensor and transmission medium, or the use of various types of stimulation or 
modification to equipment or building components for the direct or indirect transmission of information 
meant to be protected. (JP 1-02 and JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 
dated 26 Aug 2011) 


-- Also, physical, electronic, and visual techniques used to detect and counter technical security 
devices, technical security hazards, and related physical security deficiencies. (IC Standard 700-1, 
4 Apr 2008) 


Long history of adversary technical surveillance 
collection and exploitation of sensitive U.S. facilities and activities... 


“In 1944, the very first TSCM sweep uncovered 120 microphones in the Moscow Embassy [U.S. 
Embassy in Moscow]." 


-- Frederick L. Wettering, “Counterintelligence: The Broken Triad." International Journal of 
Intelligence and Counterintelligence 13 (Fall 2000), pp. 265-299. 


TSCM identifies technically exploitable conditions and provides strategies to mitigate or remove 
them. 
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TSCM represents the convergence of two distinct disciplines -- counterintelligence and security 
countermeasures. These techniques and countermeasures are designed to detect and nullify a 
wide variety of technologies used to gain unauthorized access to classified national security 
information, restricted data, or otherwise sensitive information. 

-- ICD 702, TSCM, 18 Feb 2008 


TSCM involves the search for technical surveillance devices or "bugs." ...[T]he overwhelming 
number of technical attacks against US interests occur overseas. ... Scare resources should be 
directed both to specific threat-driven inspections and to the maintenance of an R&D and training 
effort, 
-- Joint Security Commission, Redefining Security: A Report to the Secretary of Defense and the Director 
Central Intelligence, 28 Feb 1994, p. 61 


The TSCM Program includes four separate functions: detection, nullification, isolation, and 
education. 


-- FM 2-22.2, Counterintelligence, October 2009, p. 6-5; 
also AR 381-14, Technical Counterintelligence (TCI) (U), 30 Sep 2002, p. 7 


TSCM: the systematic physical and electronic examination of a designated area by properly 
trained, qualified and equipped persons in an attempt to discover electronic eavesdropping 
devices, security hazards or security weaknesses. 

-- www.dbugman.com 


PROJECT GUNMAN 


A most spectacular case of electronic espionage occurred in the 1980s, at the height of the Cold 
War, when it was discovered that Soviet intelligence had successfully implanted very sophisticated 
bugs in a large number of electronic typewriters at the U.S. embassy in Moscow. On 25 March 
1985, the story of the Soviet bug of U.S. typewriters in the Moscow Embassy broke on the CBS 
nightly news. 


For detailed information see Sharon A. Maneki, Learning From the Enemy: The GUNMAN Project, 
NSA, 2012, 35 pages. Available on line at: http://www.nsa.gov/about/ files/cryptologic heritage/ 
center crypt history/ publications/Learning From the Enemy The GUNMAN Project.pdf 


Technical Surveillance Device (TSD). A device covertly installed to monitor (visually, audibly, or 
electronically) sensitive activities and/or information processing within a target area. (ICS Glossary) 


Technical Threat Analysis. A continual process of compiling and examining information on technical 
surveillance activities against personnel, information, operations, and resources. (DoDI 5240.05, TSCM 
Program, 3 Apr 2014) 


Technology. The application of scientific and technical information and know-how to design, produce, 
manufacture, use, adapt, reconstruct, or reverse-engineer goods. This includes technical information and 
data in all forms, including electronic form. The term does not include the goods themselves, nor does it 
include scientific information in the public domain. (DoDI 2040.02, International Transfers of Technology, 
Articles, and Services, 10 Jul 2008) Also see critical technology. 


Technology Readiness Level (TRL). A standard utilized in the scientific community to track the maturity of 
a technology. The readiness level is depicted on a numerical scale form one to nine, where one 


represents the initial idea stage and nine represents the final fielding and utilization of the technology. 
(DoD FCIP Strategy FY 2013-017) 
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Technology Targeting Risk Assessment (TTRA). A country-by-country assessment conducted by the 
Defense Intelligence Community that quantifies risks to CPI [critical program information] and related 
enabling technologies for weapons systems, advanced technologies or programs, and facilities such as 
laboratories, factories, research and development sites (test ranges, etc.), and military installations. The 
TTRA evaluates five independent risk factors, each of which contributes to an overall risk factor. The five 
areas evaluated are: Technology Competence, National Level of Interest, Risk of Technology Diversion, 
Ability to Assimilate, and Technology Protection Risk. (DoDI 5200.39, CPI within DoD, 16 Jul 2008 with 
change 1 dated 28 Dec 2010) 


The TTRA and CI Assessment provide laboratory/technical directors and Program Managers with 
information required to establish a comprehensive security program for the protection of identified 
critical program information (CPI). 


Technology Transfer. The intentional communication (sharing) of knowledge, expertise, facilities, 
equipment, and other resources for application to military and nonmilitary systems. (DoDI 5535.8, DoD 
Technology Transfer Program, 14 May 1999) 


-- Also, transferring, exporting, or disclosing defense articles, defense services, or defense technical 
data covered by the United States Munitions List (USML) to any foreign person or entity in the United 
States (U.S.) or abroad. (DSS Glossary) 


Telecommunications and Information Systems Security. Protection afforded to telecommunications and 
information systems, in order to prevent exploitation through interception, unauthorized electronic access, 
or related technical intelligence threats, and to ensure authenticity. Such protection results from the 
application of security measures (including cryptosecurity, transmission security, emission security, and 
computer security) to systems which generate, store, process, transfer, or communicate information of 
use to an adversary, and also includes the physical protection of technical security material and technical 
security information. (National Security Directive 42, National Policy for the Security of National Security 
Telecommunications and Information Systems, 5 Jul 1990) 


Copy of NSD 42 available at: <http://www.fas.org/irp/offdocs/nsd/nsd42.pdf> 


TEMPEST. An unclassified term referring to technical investigations for compromising emanations from 
electrically operated information processing equipment; these investigations are conducted in support of 
emanations and emissions security. (JP 1-02) Also see compromising emanations; TEMPEST Test. 


-- Also, an unclassified term that refers to the investigation and study of compromising emanations. 
(IC Standard 700-1, 4 Apr 2008) 


-- Also, a name referring to the investigation, study, and control of compromising emanations from 
telecommunications and automated information systems equipment. (CNSSI No. 4009, National 
Information Assurance Glossary, 26 April 2010) 


-- Also, Transient Electro Magnetic Pulse Emanation Standard (TEMPEST) the investigation, study, 
and control of compromising emanations from telecommunication and automated information systems 
equipment. (Defense HUMINT Enterprise Manual 3301.002, Vol II Collection Operations, 23 Nov 2010) 


-- Also, the evaluation and control of compromising emanations from telecommunications and 
automated information systems. TEMPEST countermeasures are designed to prevent FISS and ITO 


[international terrorist organization] exploitation of compromising emanations by containing them within 
the space of the equipment or facility processing classified information. (Army FM 2-22.2, Cl, Oct 2009) 
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-- An unclassified term referring to technical investigations for compromising emanations from 
electrically operated, information processing equipment; they are conducted in support of emanations and 
emission security. (ICS Glossary, Jun 1989) 


TEMPEST - the problem of compromising radiation. Any time a machine is used to process 
classified information electrically... that machine may emit radio frequency or acoustic energy. 
These emissions, like tiny radio beacons, may radiate through free space for considerable 
distances.... Or they may be induced on nearby conductors like signal lines, power lines, 
telephones lines, or waste pipes and be conducted along those paths for some distance.... When 
these emissions can be intercepted and recorded, it is frequently possible to analyze them and 
recover the intelligence that was processed by the source equipment. The phenomenon affects 
not only cipher machines buy any information-processing equipment—teletypewriters, duplicating 
equipment, intercoms, facsimile, computers. ... 

-- Source: NSA, TEMPEST: A Signal Problem, undated [declassified/redacted version] 

see <www.nsa.gov/public/crypt-spectrum.cfm> 
also at: http://www.nsa.gov/public info/ files/cryptologic spectrum/tempest.pdf 


TEMPEST (an acronym for Transient Electromagnetic Pulse Emanation Standard) is both a 
specification for equipment and a term used to describe the process for preventing compromising 
emanations. The fact that electronic equipment such as computers, printers, and electronic 
typewriters give off electromagnetic emanations has long been a concern of the US Government. 
An attacker using off-the-shelf equipment can monitor and retrieve classified or sensitive 
information as it is being processed without the user being aware that a loss is occurring. ... 
Given the absence of a domestic threat, any use of TEMPEST countermeasures within the US 
should require strong justification. 
[TEMPEST] attacks require a high level of expertise, proximity to the target, and 
considerable collection time. [emphasis added] 
The commission recognizes the need for an active overseas TEMPEST program but believes the 
domestic threat is minimal. 

-- Joint Security Commission, Redefining Security: A Report to the Secretary of Defense and the Director 

Central Intelligence, 28 Feb 1994, pp. 60-61 


According to a declassified NSA publication: "There is no special meaning in the word 
"TEMPEST.' It was simply picked from a covername list by a NSA engineer in the early 1950s. 
However, TEMPEST has now become a generic word used throughout the US Government and 
industry to describe the unintentional emanation of classified information from an equipment." 


-- NSA, Crypotolog, Nov 1983 [declassified], p. 1 


For a history of TEMPEST see declassified NSA publication, A History of U.S. Communications 
Security (U), [Vol I], revised July 1973, pp. 89-101; covers the timeframe through 1972. 


This NSA report identified the main TEMPEST countermeasures as: “low-level keying, 
shielding, filtering, grounding, isolation, and physical protective measures.” It also high- 
lighted that shielded enclosures “provided not only the best means, but the only means we 
had come across to provide really complete TEMPEST protection in those environments 
where a large-scale intercept effort could be mounted at close range.” 


TEMPEST Test. A laboratory or on site (field) test to determine the nature and amplitude of conducted or 
radiated signals containing compromising information. (NSTISSI 7002, TEMPEST Glossary, 17 Mar 
1995) Also see compromising emanations; TEMPEST. 


Temporary Refuge. Protection afforded for humanitarian reasons to a foreign national in a DoD shore 
installation, facility, or military vessel within the territorial jurisdiction of a foreign nation or in international 
waters, under conditions of urgency in order to secure the life or safety of that person against imminent 
danger, such as pursuit by a mob. (DoDI 2000.11, Procedures for Handling Requests for Asylum and 
Temporary Refuge, 13 May 2010) 
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Terrorism. The unlawful use of violence or threat of unlawful violence to instill fear and coerce 
governments or societies. Terrorism is often motivated by religious, political, or other ideological beliefs 
and committed in the pursuit of goals that are usually political. (JP 1-02 and JP 3-07.2, Antiterrorism, 
24 Nov 2010) Also see homegrown terrorist, radicalization, violent extremism, violent radicalization. 


There is no universally accepted definition of terrorism. 
It remains the subject of continuing debate in international bodies. 
-- Lord Carlile of Berriew Q.C. (March 2007) 


-- Also, premeditated, politically motivated violence perpetrated against non-combatant targets by 
sub-national groups or clandestine agents (22 USC §2656f(d) and the National Strategy for Combating 
Terrorism, Feb 2003) [Definition used by Department of State, NCTC and CIA]. 


-- Also, the unlawful use of force and violence against persons or property to intimidate or coerce a 
government, the civilian population, or any segment thereof, in furtherance of political or social objectives. 
(28 CFR 80.85) [Definition used by FBI, which reflects its mission, identifying a terrorist incident as a 
violation of the criminal laws of the United States and a suspected terrorist would, therefore, be subject to 
arrest and prosecution.] 


-- Also, [the federal crime of terrorism] an offense that is calculated to influence or affect the conduct 
of government by intimidation or coercion, or to retaliate against government conduct. This includes 
terrorist acts committed within and outside U.S. national boundaries. (18 USC §2332b(g)(5)(A)). 


-- Also, violent or illegal action taken on the basis of radical or extremist beliefs. (CRS Report 
R42553, Countering Violent Extremism in The United States, 19 Feb 2014) 


The Federal Bureau of Investigation (FBI) is the lead agency for investigating the federal crime of 
terrorism. If another federal agency identifies an individual who is engaged in terrorist activities or 
in acts in preparation of terrorist activities, the other agency is required to promptly notify the FBI. 

The extraterritorial jurisdiction for terrorism crimes is specified in 18 U.S.C. 2332b(e) and (f). 


Pursuant to 28 C.F.R. 0.85(1), the Attorney General has assigned responsibility to the Director of 
the FBI to "Exercise Lead Agency responsibility in investigating all crimes for which it has primary 
or concurrent jurisdiction and which involve terrorist activities or acts in preparation of terrorist 
activities within the statutory jurisdiction of the United States. Within the United States, this would 
include the collection, coordination, analysis, management and dissemination of intelligence and 
criminal information as appropriate." 

-- Congressional Research Service (CRS) Report R41780, 27 Apr 2011 


For additional information on terrorism, see US Army TRADOC G2 Handbook No.1, A Military 
Guide to Terrorism in the Twenty-First Century, 15 Aug 2007. 
Copy available at: <http://www.fas.org/irp/threat/terrorism/> 


Terrorism Threat Assessment. The process used to conduct a threat analysis and develop an evaluation 
of a potential terrorist threat; [or] the product of a threat analysis for a particular unit, installation, or 
activity. (DoDI 2000.16, DoD Antiterrorism Standards, 2 Oct 2006) 


Terrorist. One that engages in acts or an act of terrorism. (answer.com; accessed 27 October 2011) 


Terrorists undertake criminal acts that involve the use or threat of violence against innocent 
persons. These acts are premeditated, intended to achieve a political objective through coercion or 
intimidation of an audience beyond the immediate victims. 


— National Security Decision Directive 207, The National Program for Combating Terrorism (U), 
originally TOP SECRET, declassified 


Note: Within DoD; None -- the term "terrorist" removed from JP 1-02. Previously defined in 
JP 3-26, Counterterrorism (13 Nov 2009) as “those who commit acts of terrorism." 


322 


Page 3839 of 3957 


Page 3840 of 3957 


Counterintelligence Glossary -- Terms & Definitions of Interest for CI Professionals (9 June 2014) 


Terrorist Extremist. An extremist that uses terrorism -- the purposeful targeting of ordinary people -- to 
produce fear to coerce or intimidate governments or societies in the pursuit of political, religious, or 
ideological goals. Extremists use terrorism to impede and undermine political progress, economic 
prosperity, the security and stability of the international state system, and the future of civil society. 
(National Military Support Plan - War on Terrorism, 1 Feb 2006) 


Terrorist Group. Any number of terrorists who assemble together, have a unifying relationship, or are 
organized for the purpose of committing an act or acts of terrorism. 


Current list of Foreign Terrorist Organizations (FTOs) at US Department of State web site: 
«http://www.state.gov/s/ct/rls/other/des/123085.htm» 


Terrorist Identities Datamart Environment (TIDE). The U.S. Government's (USG) central repository of 
information on international terrorist identities. TIDE supports the USG’s various terrorist screening 
systems or "watchlists" and the US Intelligence Community's overall counterterrorism mission. (NCTC) 


The TIDE database includes, to the extent permitted by law, all information the USG possesses 
related to the identities of individuals known or appropriately suspected to be or to have been 
involved in activities constituting, in preparation for, in aid of, or related to terrorism (with the 
exception of purely domestic terrorism information). This information is available to 
counterterrorism professionals throughout the Intelligence Community, including the Department of 
Defense, via the web-based, read-only "TIDE Online." 

-- NCTC Fact Sheet at «http://www.nctc.gov/docs/Tide Fact Sheet.pdf- 


Terrorism Screening Center (TSC). A multi-agency center administered by the FBI with support from the 
Department of Homeland Security, the Department of State, the Department of Justice, the Department of 
Defense, the Department of the Treasury, and the Office of the Director of National Intelligence. The TSC 
maintains the U.S. government's consolidated Terrorist Watchlist —a single database of identifying 
information about those known or reasonably suspected of being involved in terrorist activity. (fbi.gov) 


The TSC was created by HSPD-6 (16 Sep 2003) to consolidate the USG's approach to terrorist 
screening by creating a single comprehensive database of known or appropriately suspected 
terrorists (KSTs), and to make the information from this consolidated list available to foreign, 
federal, state, local, territorial, tribal, regulatory and private sector entities through the TSC's 24/7 
Terrorist Screening Operations Center (TSOC). 


For additional information see FBI web site at: <http://www.fbi.gov/about-us/nsb/tsc> 


Terrorist Screening Database (TSDB). Under Homeland Security Presidential Directive-6, the TSDB is 
the master terrorist watchlist, for both international and domestic terrorists, maintained by the Terrorist 
Screening Center (TSC) for the U.S. Government. 


Terrorist Threat. An expression of intention, by an individual or group, to commit an act or acts of 
violence to inflict injury or damage in pursuit of political, religious, or ideological objectives. (DoDI 
2000.12, DoD Antiterrorism Program, 1 Mar 2012, w/ change 1 dated 9 Sep 2013) 


Terrorist threats emanate from a diverse array of terrorist actors, ranging from formal groups to 
homegrown violent extremists (HVEs) and ad hoc, foreign-based actors. 


US-based extremists will likely continue to pose the most frequent threat to the US Homeland. 
-- DNI, Worldwide Threat Assessment of the US Intelligence Community, SSCI, 29 January 2014, p. 4 


Terrorists with Global Reach — Transnational Terrorists. Terrorist organizations with an operational and 
support network in multiple countries that possess the capability to recruit, plan, resource, and execute 
terrorist acts worldwide. (National Military Support Plan - War on Terrorism, 1 Feb 2006) 


TFCICA. See Task Force Counterintelligence Coordinating Authority. 
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Theater. The geographical area for which a commander of a geographic combatant command has been 
assigned responsibility. (JP 1, Doctrine for the Armed Forces of the United States, 25 Mar 2013 and 
JP 1-02) 


Theater Clearance. Clearance for official travel within a geographic combatant command area of 
responsibility granted by the responsible geographic combatant commander or other delegated authority. 
(DoDD 4500.54E, DoD Foreign Clearance Program, 28 Dec 2009) 


Theater of War. Defined by the Secretary of Defense or the geographic combatant commander, the area 
of air, land, and water that is, or may become, directly involved in the conduct of the war. A theater of war 
does not normally encompass the geographic combatant commander's entire area of responsibility and 
may contain more than one theater of operations. (JP 1-02) 


Theater Strategy. An overarching construct outlining a combatant commander's vision for integrating and 
synchronizing military activities and operations with the other instruments of national power in order to 
achieve national strategic objectives. (JP 1-02 and JP 3-0, Joint Operations, 11 Aug 2011) 


Thermal Imagery. Imagery produced by sensing and recording the thermal energy emitted or reflected 
from the objects which are imaged. (JP 1-02) 


Third Agency Rule. An agreement among the US Government agencies participating in the exchange of 
intelligence data forbidding one agency to disseminate to another agency information which originated 
with a third agency. (National HUMINT Glossary) 


-- Also, the tenet that information, usually classified or sensitive, originating in one U.S. agency not be 
disseminated by another agency to which the information has not been made available without the 
consent of the originating agency. (AR 381-20, Army CI Program, 25 May 2010) 


Threat. The intention and capability of an adversary to undertake actions that would be detrimental to the 
interest of the U.S. (IC Standard 700-1, 4 Apr 2008) 


-- Also, the sum of the potential strengths, capabilities, and strategic objectives of any adversary that 
can limit or negate U.S. mission accomplishment or reduce force, system, or equipment effectiveness. 
(DoDD 5200.1-M, Acquisition Systems Protection Program, March 1994) 


-- Also, an adversary having the intent, capability, and opportunity to cause loss or damage. (DoDD 
3020.40, DoD Policy and Responsibilities for Critical Infrastructure, 14 Jan 2010 w/ chg 2 dated 21 Sep 
2012) 


-- Also, the perceived imminence of intended aggression by a capable entity to harm a nation, a 
government or its instrumentalities, such as intelligence, programs, operations, people, installations, or 
facilities. (DoD 5200.08-R, Physical Security Program, 9 Apr 2007) 


-- Also, (1) A source of unacceptable risk; or (2) The capability of an adversary coupled with the 
adversary's intention to undertake actions that would be detrimental to the success of certain activities or 
operations. (ODNI, U.S. National Intelligence — An Overview 2011) 


-- Also, the capability of an adversary coupled with his intentions to undertake any actions detrimental 
to the success of program activities or operations. (IOSS OPSEC Glossary of Terms, 27 Aug 2003) 


-- Also, any combination of actors, entities, or forces that have the capability and intent to harm 
United States forces, United States national interests, or the homeland. (ADRP 3-0, Unified Land 
Operations, May 2012) 


-- Also see threat to national security; transnational threat; foreign intelligence collection threat; 
insider threat. 
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Threat Advisory. An advisory is a one-time product or produced on a recurring schedule — daily, weekly, 
or monthly. The advisory informs authorized recipients of an immediate or the potential for a foreign 
intelligence or terrorist threat. The advisory typically contains information of a perishable nature. 

(DoDI 5240.18, CI Analysis & Production, 17 Nov 2009 with change 1 dated 15 Oct 2013) 


A threat advisory is distinguishable from an assessment and an analysis report in that it is prepared 
when there is an imminent or near-term intelligence or terrorist threat. A threat advisory often 
contains perishable information with only limited study or research conducted prior to publication. 


Threat Analysis. a process that examines an adversary's technical and operational capabilities, 
motivation, and intentions, designed to detect and exploit vulnerabilities. (DoDM 5205.02-M, DoD OPSEC 
Program Manual, 3 Nov 2008) 


-- Also, terrorism threat analysis, a continual process of compiling and examining all available 
information concerning potential terrorist activities by terrorist groups that could target the DoD 
Components or DoD elements and personnel. A threat analysis shall review the factors of a terrorist 
group's operational capability, intentions, activity, and the security environment within which friendly 
forces operate. Threat analysis is an essential step in identifying probability of terrorist attack and results 
in a threat assessment. (DoDI 2000.12, DoD Antiterrorism Program, 1 Mar 2012 with change 1 dated 9 
Sep 2013; also JP 1-02 and JP 3-07.2, Antiterrorism, 24 Nov 2010) 


Threat Assessment. A resultant product of the defined process used to conduct a threat analysis and 
develop an evaluation of a potential threat. Also, it is the product of a threat analysis for a particular unit, 
installation, or activity. (DoD 5200.08-R, Physical Security Program, 9 Apr 2007) 


-- Also, DCIP Threat Assessment: [in Defense Critical Infrastructure Protection usage] a compilation 
of strategic intelligence information incorporating multi-faceted threats facing DCAs [Defense Critical 
Assets] and Tier 1 TCAs [Task Critical Assets]. DCIP threat assessments address threats posed to DCAs 
[and Tier 1 TCAs] from domestic and transnational terrorist elements, foreign intelligence and security 
services, and weapons of mass destruction. (DoDI 5240.19, Cl Support to the Defense Critical 
Infrastructure Program, 31 Jan 2014) 


-- Also, an evaluation of the current or projected capability of a foreign intelligence service or 
international terrorist group to limit, neutralize, or negate the effectiveness of a friendly mission, 
organization, or material item through multidisciplined intelligence collection, espionage, or sabotage. 
(AR 381-20, Army CI Program, 25 May 2010) 


-- Also, in antiterrorism, examining the capabilities, intentions, and activities, past and present, of 
terrorist organizations as well as the security environment within which friendly forces operate to 
determine the level of threat. (JP 1-02 and JP 3-07.2, Antiterrorism, 24 Nov 2010) 


-- Also, [in antiterrorism usage] the process used to conduct a threat analysis and develop an 
evaluation of a potential terrorist threat; the product of a threat analysis for a particular unit, installation, 
or activity. (DoDI 2000.12, DoD Antiterrorism Program, 1 Mar 2012 with change 1 dated 9 Sep 2013) 


Threat Finance. The covert movement of the profits of illicit acts or of funds that will support illicit acts. 
(A Guide to Counter Threat Finance Intelligence by Marilyn B. Peterson, 2009) Also see counter threat 
finance (CTF). 


The covert movement of money is the underlying facilitator of all threat activity. 


Within DoD, see DoDD 5205.14, DoD Counter Threat Finance Policy, 19 Aug 2010 (w/ chg1 dated 
16 Nov 2012) 
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Threat Indicator. Any observable action that displays violent behavior, abnormal disgruntlement, 
radicalization, or an extreme world view on religion or another type of ideology. (US Army, Asymmetric 
Warfare Group, Insider Threats in Partnering Environments: A Guide for Military Leaders, Jun 2011) 


Copy of reference available at: <https://rdl.train.army.mil/catalog/go/100.ATSC/883A3A74-A803- 
4CD5-B693-0D59B108E7EC-1326399638300- 


Reference also at: «http://www.wired.com/images blogs/dangerroom/2012/10/awsc-pdf-CDR- 
7281 1.pdf> 


Threat Warning. The urgent communication and acknowledgement of time-critical information essential 
for the preservation of life and/or vital resources. (JP 1-02 and JP 2-01, Joint and National Intelligence 
Support to Military Operations, 5 Jan 2012) 


Threats to the National Security. International terrorism; espionage and other intelligence activities, 
sabotage, and assassination, conducted by, for, or on behalf of foreign powers, organizations, or persons; 
foreign computer intrusion; and other matters determined by the Attorney General, consistent with 
Executive Order 12333 or a successor order. (FBI, Domestic Investigations and Operations Guide, 

15 Oct 2011) 


Time Bomb. Resident computer program that triggers an unauthorized act at a predefined time. 
(CNSSI No. 4009, National Information Assurance Glossary, 26 April 2010) 


Time-Sensitive Collection Requirement (TSCR). A HUMINT collection requirement (HCR) needing 
immediate or time-specific action. Those organizations tasked with the time sensitive collection 
requirement should provide initial intelligence reports or a report stating an inability to collect on the 
requirement with 48 hours of issuance. (DHE-M 3301.002, Vol II Collection Operations, 23 Nov 2010) 


Tosses (hand, vehicular) [e.g., hand toss, car toss]. Tradecraft techniques for placing drops by tossing 
them while on the move. (CI Centre Glossary) 


Traces. The product resulting from a name check. (AFOSI Instruction 71-101, 6 Jun 2000) 


Tracking. Precise and continuous position-finding of targets by radar, optical, or other means. (JP 1-02 
and JP 3-07.4, Joint Counterdrug Operations, 13 Jun 2007) 


Tradecraft. Specialized methods and equipment used in the organization and activity of intelligence 
organizations, especially techniques and methods for handling communications with agents. Operational 
practices and skills used in the performance of intelligence related duties. (JP 1-02; JP 2-01.2, CI & 
HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011; DoDI S-5240.17, CI Collection 
Activities, 14 Mar 2014; and CI Community Lexicon) 


Tradecraft 


The methods of the clandestine operator... 
Principles and techniques of clandestine operations 


Successful espionage is impossible without good tradecraft 


In general, tradecraft is the sum total of the skills the Case Officer or agent must master in order 
to securely operate in the field and preserve security of operational activity. 


"Tradecraft is an art—a combination of common sense and imagination.... [T]he art of tradecraft, 
the methods employed to mange an intelligence operation. It is an art because of the nuances 
involved and it is not easy to learn. Some, lacking the personality traits, can never master it." 

-- Richard L. Holm, The Craft We Chose (2011), pp 25 and 275 
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The techniques adopted by spies to conceal their activities are lumped together under the 
catch-all term "tradecraft." It refers to a vast range of protective measures devised to preserve 
the operational security of spying. 

-- Frederick P. Hitz (Former CIA IG 1990-1998), The Great Game (2005) 


Pillars of Tradecraft: assessment; cover and disguise; concealments; clandestine surveillance; 
and covert communications. 


-- Spycraft (p. 363) 


[T]he greatest danger... lay not in betrayal by a Soviet mole, as Angleton would have it, but by 
simple mistakes in tradecraft and a failure to maintain proper compartmentation of information. 
-- Benjamin Weiser, A Secret Life (2004) 


“The spy who does not take tradecraft seriously is unlikely to remain a spy for very long.” 
-- H.H.A. Cooper and Lawrence J. Redlinger, Making Spies: A Talent Spotter's Handbook 


-- Also, the art, discipline and methodology of conducting secure clandestine operations and 
intelligence collection. (National HUMINT Glossary) 


-- Also, the tactics, techniques, and procedures used in executing HUMINT, counterintelligence, 
or related activities to obscure, protect, or otherwise frustrate detection. (HDI Lexicon, April 2008) 


-- Also, specialized techniques used in intelligence operations. (FBI FCI Terms) 


-- Also, the techniques, technology, and methodologies used in covert intelligence operations. 
Tradecraft applies to both the procedures, such as surveillance detection routes, as well as the use of 
devices in covert audio and agent communications. (Spycraft) 


-- Also, the art, methodology, and know-how of conducting clandestine operations and intelligence 
collection techniques. Includes such things as dead drops, covert communications, how to recruit agents, 
secret writing and photography, surveillance, and surveillance detection. (A Spy's Journey) 


-- Also, the essential skills required to conduct successful clandestine operations. (Encyclopedia of 
Cold War Espionage, Spies, and Secret Operations, 3" edition, 2012) 


-- Also, the techniques of the espionage trade, or the methods by which an agency involved in 
espionage conducts its business. Elements of tradecraft, in general terms, include the ways in which an 
intelligence officer arranges to make contact with an agent, the means by which the agent passes on 
information to the officer, the method for paying the agent, and the many precautions and tactics of 
deception applied along the way. («http://www.espionageinfo.com/Te-Uk/Tradecraft.html-) 


Tradecraft - Analytical. The term "tradecraft" usually applied to espionage techniques, but there is also 
analytical tradecraft: techniques, methods, and standards of the practice of analysis, e.g., framing 
questions, marshaling evidence, making concise arguments, identifying intelligence gaps, etc. Analytical 
tradecraft affords some criteria by which to judge analytical products and analysts. 


Transmission Security. The component of communications security that results from all measures 
designed to protect transmissions from interception and exploitation by means other than cryptanalysis. 
(JP 1-02 and JP 6-0, Joint Communications, 10 Jun 2010) Also see communications security. 
Transnational Threat. Any transnational activity (including international terrorism, narcotics trafficking, the 


proliferation of weapons of mass destruction and the delivery for such weapons, and organized crime) 
that threatens the national security of the United States. (50 USC §401a) 
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-- Also, any activity, individual, or group not tied to a particular country or region that operates across 
international boundaries and threatens United States national security or interests. (JP 1-02 and JP 3-26, 
Counterterrorism, 13 Nov 2009) 


DoD further defines a transnational threat as any activity, individual, or group not tied to a particular 
country or region that operates across international boundaries and threatens US national security 
or interests. These threats also include extremists who enter into convenient relationships that 
exploit each others’ capabilities and cloud the distinction between crime and terrorism (e.g., violent 
extremist organizations and opportunists, drug trafficking organizations, transnational criminal 
organizations [TCOs], and those trafficking in persons). 


Lawless and subversive organizations can take advantage of failed states, contested spaces, and 
ungoverned areas by forging alliances with corrupt government officials and some foreign 
intelligence services, further destabilizing political, financial, and security institutions in fragile 
states, undermining competition in world strategic markets, using cyberspace technologies and 
other methods to perpetrate sophisticated frauds, creating the potential for the transfer of WMD to 
terrorists, and expanding narco-trafficking and human and weapons smuggling networks. 

-- JP 3-27, Homeland Defense, 29 Jul 2013 (p. 1-4) 


Transnational Organized Crime (TOC). Self-perpetuating associations who operate transnationally for the 
purpose of obtaining power, influence, monetary and/or commercial gains, wholly or in part by illegal 
means, while protecting their activities through a pattern of corruption and/ or violence, or while protecting 
their illegal activities through a transnational organizational structure and the exploitation of transnational 
commerce or communication mechanisms. (White House, Strategy to Combat Transnational Organized 
Crime, Jul 2011) 


Transnational Criminal Organizations pose a National Security Threat 


TOC represent a globally-networked national security threat and pose a real and present risk to the 
safety and security of Americans and our partners across the globe. 


Countering TOC is defined as the means to detect, counter, contain, disrupt, deter, or dismantle 
the transnational activities of state and non-state adversaries threatening U.S. and partner nation 
national security. 


Copy of the Strategy to Combat Transnational Organized Crime (July 2011) at: 
<https://www.hsdl.org/?view&did=682263>. 


Also see The “New” Face of Transnational Crime Organizations (TCOs): A Geopolitical 
Perspective and Implications to U.S. National Security, March 2013 (a compendium of white papers 
on TCOs). 


“Transnational organized crime (TOC) networks erode good governance, cripple the rule of law 
through corruption, hinder economic competitiveness, steal vast amounts of money, and traffic 
millions of people around the globe. (Cybercrime, an expanding for-profit TOC enterprise....) TOC 
threatens US national interests in a number of ways: ...drug activity, facilitating terrorist activity, 
money laundering, corruption, human trafficking, and environmental crime.” 


-- James R. Clapper, DNI, Statement for the Record, Worldwide Threat Assessment of the US Intelligence 
Community, Senate Committee on Armed Services, 18 April 2013 


Trap. A hidden indicator to detect or confirm surreptitious tampering or search of items (e.g., documents, 
letters, packages, luggage, drawers, safes, rooms, film, equipment) by security or other personnel. 
(AFOSI Manual 71-119, CI Investigations, 27 Oct 2009) 


Trap and Trace. A device which capture the incoming electronic or other impulses which identify the 
origination number of an instrument or device from which a wire or electronic communication was 
transmitted; see 18 USC 83127(4). (AR 381-10, US Army Intelligence Activities, 3 May 2007) Also see 
pen register; trap and trace device. 


A trap and trace device identifies all incoming phone numbers to a particular telephone. 
A pen register captures all outgoing phone numbers a particular telephone has called. 
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Trap and Trace Device. Captures the incoming electronic or other impulses that identify the originating 
number or other dialing, routing, addressing or signaling information reasonably likely to identify the 
source of a wire or electronic communication, provided that such information does not include the 
contents of any communication. (FBI Domestic Investigations and Operations Guide, 15 Oct 2011) 
Also see pen register; trap and trace. 


Trash Cover. The intentional search of a specific person's trash (that is located at the place of collection), 
whether from a home or business, designed to find information relevant to an ongoing investigation when 
no reasonable expectation of privacy exists. A trash cover is a targeted effort to gather information 
regarding a particular person or entity by reviewing that person or entity's refuse. (FBI Domestic 
Investigations and Operations Guide, 15 Oct 2011) 


Treason. -- Violation of the allegiance owed to one's sovereign or state; betrayal of one's country. 
(JP 1-02) 


-- Also, [previously defined in DoDI 5240.06, C/ Awareness, Briefing, and Reporting Programs, 7 Aug 
2004) Whoever, owing allegiance to the United States, levies war against them or adheres to their 
enemies, giving them aid and comfort within the United States or elsewhere, is guilty of treason [in war 
time, treason is a violation of Title 18 USC, § 2381]. 


"Treason is the ultimate mid-life crisis." 
-- Dr. Marcus, CIA Psychiatrist in Sira by David Ignatius 


Treason is the only crime specifically defined in the U.S. Constitution. Article Ill Section 3 
delineates treason as follows: "Treason against the United States, shall consist only in levying 
War against them, or in adhering to their Enemies, giving them Aid and Comfort. No Person shall 
be convicted of Treason unless on the Testimony of two Witnesses to the same overt Act, or on 
Confession in open Court." 


The crime is prohibited by legislation passed by Congress; 18 U.S.C. § 2381 states "whoever, 
owing allegiance to the United States, levies war against them or adheres to their enemies, giving 
them aid and comfort within the United States or elsewhere, is guilty of treason and shall suffer 
death, or shall be imprisoned not less than five years and fined under this title but not less than 
$10,000; and shall be incapable of holding any office under the United States." In the history of 
the United States there have been fewer than 40 federal prosecutions for treason and even fewer 
convictions. 


"Treason is the ultimate word of betrayal. Treason means stabbing your country on the back. But in 
legal terms, treason, the only crime that is defined in the U.S. Constitution has a narrow meaning... 
The founding fathers, well aware of the political use of treason charges by the kings of England, 
wanted to restrict the crime to one that could not be used as an excuse for the elimination of 
political rivals." 

-- Thomas B. Allen and Norman Polmar, Merchants of Treason: America's Secrets for Sale (1988), p. 176 


“Treason is loved of many, but the traitor is hated of all.” 
-- Robert Greene 


Triple Agent. An agent who serves three [intelligence] services in an agent capacity but who, like a 
double agent, wittingly or unwittingly withholds significant information from two services at the instigation 
of the third service. (FBI FCI Terms) 

Trojan. A type of malware disguised or attached to legitimate or innocuous-seeming software, but that 


instead carries a malicious payload, most often opening a backdoor to unauthorized users. (Cybersecurity 
and cyberwar) Also see Trojan Horse. 
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Trojan Horse. A computer program that appears to have a useful function, but also has a hidden and 
potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate 
authorizations of a system entity that invokes the program. (CNSSI No. 4009, National Information 
Assurance Glossary, 26 April 2010) Also see Trojan. 


-- Also, a computer program with an apparently or actually useful function that contains additional 
(hidden) functions that surreptitiously exploit the legitimate authorizations of the invoking process to the 
detriment of security (for example, making a “blind copy" of a sensitive file for the creator of the Trojan 
horse). (DoD 5220.22.22-M-Sup 1, NISPOM Supplement, Feb 1995) 


-- Also, a malicious program that pretends to be a benign application; it purposefully does something 
the user does not expect. Trojans are not viruses since they do not replicate, but they can be just as 
destructive. (McAfee.com; accessed 15 Nov 2010) 


True Name. A genuine and accurate representation of an individual or organization name, that may 
involve alterations of other identity information (e.g., address, telephone number, credit score, employer) 
when used under an approved cover in order to conceal true identity, purpose, or organizational 
affiliation. (DoDI S-5105.63, Implementation of DoD Cover and Cover Support Activities, 20 Jun 2013) 


Trusted Foundry Program. DoD program that provides a cost-effective means to assure the integrity and 
confidentiality of integrated circuits during design and manufacturing while providing the US Government 
with access to leading edge microelectronics technologies for both Trusted and non-sensitive 
applications. (DMEA web site) 


Defense Microelectronics Activity (DMEA) is the program manager for the DoD Trusted Foundry 
program; see website at: <http://www.dmea.osd.mil/trustedic.html> 


Also see NSA's Trusted Access Program Office (TAPO) web site at: 
«http://www.nsa.gov/business/programs/tapo.shtml- 


TSCM. See Technical Surveillance Countermeasures. 


TSCM Practitioner. An individual trained and certified to conduct all TSCM activities within DoD. (DoDI 
5240.05, TSCM, 3 Apr 2014) Also see TSCM Technician. 


TSCM Technician. An individual trained to perform limited TSCM activities under the oversight of a 
TSCM practitioner. (DoDI 5240.05, TSCM, 3 Apr 2014) Also see TSCM Practitioner. 


TSCM Equipment. Equipment or mechanisms used to identify the presence of surveillance devices. 
TSCM includes general purpose, specialized, or fabricated equipment to determine the existence and 
capability of surveillance devices. (DoDI 5240.05, TSCM, 3 Apr 2014) 


Turnover. The official changing of an agent from one case officer to the other—i.e., turning him over to 
another. (A Spy's Journey) 


Two-Person Control (TPC). the continuous surveillance and control of material at all times by a minimum 
of two authorized individuals, each capable of detecting incorrect or unauthorized procedures with respect 
to the task being performed and each familiar with established security requirements. (DoDI 5200.33, 
Defense Courier Operations, 30 Jun 2011) Also see two-person integrity; two-person rule. 


-- Also, continuous surveillance and control of positive control material at all times by a minimum of 
two authorized individuals, each capable of detecting incorrect and unauthorized procedures with respect 


to the task being performed and each familiar with established security and safety requirements. (CNSSI 
No. 4009, National Information Assurance Glossary, 26 April 2010) 
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Two-Person Integrity. A provision that prohibits one person from working alone. (DoD 5220.22.22-M- 
Sup 1, NISPOM Supplement, Feb 1995) 


Two-Person Rule. A system designed to prohibit access by an individual to nuclear weapons and certain 
designated components by requiring the presence at all times of at least two authorized persons, each 
capable of detecting incorrect or unauthorized procedures with respect to the task to be performed. 

(JP 1-02) 
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Umbrella Special Access Program (SAP). An approved Department of Defense (DoD) Special Access 
Program (SAP) that contains compartments for specific projects within the overall program. While there is 
no formal requirement to obtain separate approval for each individual project under the umbrella SAP, 
each project must be consistent with the Special Access Program Oversight Committee (SAPOC)- 
approved scope of the umbrella SAP. The nickname, program description, and accomplishments of 

each significant project will be reported in the annual Special Access Program report. Note: An individual 
participant's access can be afforded across-the-board at the umbrella level or specific individual project 
access can be granted on a limited or non-umbrella level. (DSS Glossary) 


Unacceptable Risk. Threat to the life, safety, or health of employees, contractors, vendors, or visitors; to 
the Government's physical assets or information systems; to personal property; to records, privileged, 
proprietary, financial, or medical records; or to the privacy of data subjects, which will not be tolerated by 
the Government. (DoDI 5200.02, DoD Personnel Security Program, 21 Mar 2014) 


Unacknowledged SAP. A SAP [Special Access Program] having protective controls ensuring the 
existence of the program is not acknowledged, affirmed, or made known to any person not authorized 
for such information. (DoDD 5205.07, SAP Policy, 1 Jul 2010) Also see acknowledged SAP. 


Unauthorized Access. Any access that violates the stated security policy. (CNSSI No. 4009, National 
Information Assurance Glossary, 26 April 2010) 


Unauthorized Disclosure. A communication or physical transfer of classified information to an 
unauthorized recipient. (EO 13526, Classified National Security Information, 29 Dec 2009 and DoDD 
5210.50, Unauthorized Disclosure of Classified Information to the Public, 22 Jul 2005) 


Unauthorized disclosures of classified information, including media leaks, may compromise 
sources and methods and pose a threat to national security. 
-- ICD 701 Security Policy for Unauthorized Disclosures of Classified Information, 14 Mar 2007 


-- Also, a communication or physical transfer, usually of sensitive but unclassified information or 
classified information, to an unauthorized recipient. (ODNI, U.S. National Intelligence — An Overview 
2011) 


-- Also, an event involving the exposure of information to entities not authorized access to the 
information. (CNSSI No. 4009, National Information Assurance Glossary, 26 April 2010) 


-- Also, intentionally conveying classified documents, information, or material to any unauthorized 
person (one without the required clearance, access, and need to know). (AR 381-12, Threat Awareness 
and Reporting Program, 4 Oct 2010) 


Unauthorized disclosures of classified information put at risk the success of the most sensitive 
classified operations, plans, partnerships, and technologies of DoD and our mission partners. 


Personnel who disclose classified information without authorization, in addition to having potentially 
committed a crime, breach the trust that we, as leaders, have placed in them. 
-- SECDEF memorandum, subj: Deterring and Preventing Unauthorized Disclosures of Classified 
Information, 18 Oct 2012* 


* Copy available at: <http://www.fas.org/sgp/othergov/dod/osd101812.pdf> 
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Unauthorized disclosure of classified information is an increasingly common occurrence. 


The harm caused by... frequent unauthorized disclosures is manifold. Particular items of 
information appearing in the press provide valuable intelligence for our adversaries concerning the 
capabilities and plans of the United States for national defense and foreign relations.... Disclosures 
about US intelligence programs are particularly damaging, because they may cause sources to dry 
up. Lives of human agents are endangered and expensive technical systems become subject to 
countermeasures. 


--The Willard Report, 31 March 1982 
Leaking sensitive information is like giving the enemy our play book. 


Each year, countless unauthorized leaks cause severe damage to our intelligence activities and 
expose our capabilities. The fact of the matter is, some of the worst damage done to our 
intelligence community has come not from penetration by spies, but from unauthorized leaks by 
those with access to classified information.... The threat leaks pose to our national security is 
alarming, and it is imperative we do more to protect our national secrets. 
-- Congressman Rep. Pete Hoekstra at the Heritage Foundation, 25 July 2005. 
See full remarks at «http:;//www.fas.org/sgp/news/2005/07/hoekstra072505.html» 


Intelligence requires secrets. And secrecy is under assault.... When secrecy is breached, foreign 
targets of US intelligence—such as adversary countries and terrorists—learn about, and then often 
develop countermeasures to, US intelligence techniques and operations. As a result, the 
effectiveness of intelligence declines, to the detriment of the national security policymakers and 
warfighters, and the citizenry that it is meant to serve. 


-- James B. Bruce, Former CIA Officer 


See Bruce's excellent article, entitled "The Consequences of Permissive Neglect: Laws and Leaks 
of Classified Intelligence" in Studies of Intelligence (Vol 47 No 1), available online at: 
<https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/csi- 
studies/studies/vol47no1/article04.html> 


Leaks are a problem that has plagued intelligence agencies throughout modern history — they can 
undermine intelligence operations, jeopardize intelligence sources and methods, and have a 
terrible impact on the lives of covert agents who are publicly exposed. 

-- Senator Ron Wyden, cited in Senate Report 112-12, 4 April 2011, p. 12 


The unauthorized release of classified documents in 2010 by major newspapers and the Wikileaks 
website underscore the risks of widespread dissemination of sensitive information. 


-- CRS Report RL33539, Intelligence Issues for Congress, 20 Jun 2011 


In the secret operations canon it is axiomatic that the probability of leaks escalates exponentially 
each time a classified document is exposed to another person—be it an Agency employee, a 
member of Congress, a senior official, a typist, or a file clerk. Effective compartmentation is 
fundamental to all secret activity.... The potential leaks—deliberate or accidental—is vast. 

-- Richard Helms with William Hood, A Look Over My Shoulder (2003), pp.184-185 


Every once in a while, there are people in the United States government who decide that they want 
to break federal criminal law and release classified information, and they ought to be imprisoned. 
And if we find out who they are, they will be imprisoned. Why people do it, | do not know. 

-- Defense Secretary Donald Rumsfeld 
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When information about our intelligence, our people, or our operations appears in the media, it 
does incredible damage to our nation's security and our ability to do our job of protecting the nation. 
More importantly, it could jeopardize lives. For this reason, such leaks cannot be tolerated." 

-- CIA Director Leon Panetta, Nov 2010 


Leaks of classified information regarding intelligence sources and methods can disrupt intelligence 
operations, threaten the lives of intelligence officers and assets, and make foreign partners less 
likely to work with us. The culture of leaks has to change. 

-- Senator Dianne Feinstein, Chairman of the Senate Intelligence Committee, 25 July 2012 


Uncertain Environment. Operational environment in which host government forces, whether opposed to 
or receptive to operations that a unit intends to conduct, do not have totally effective control of the territory 
and population in the intended operational area. (JP 1-02 and JP 3-0, Joint Operations, 11 Aug 2011) 


Uncertainty. Doubt resulting from awareness of imperfect knowledge. This may arise from information 
absence, perceived error, deception, unpersuasive nature of evidence, complexity, etc. (A Handbook of 
the Psychology of Intelligence Analysis, Richard L. Rees, Ph.D., Editor; n.d. - circa 2007) 


In analysis, uncertainty can derive from seeing plausible alternatives to the truth (the latter of which 
may be unknown or unknowable). Moreover, emotional and motivational factors attend cognitive 
uncertainty. Analysts can feel anxiety or discomfort if they lack confidence or self-esteem generally, 
feel an aversion to ambiguity, or have a need to please, or have a hypersensitivity to criticism. This 
affective element can exist even in the presence of sufficient evidence to make a reasonable 
judgment. Some analyst may well estimate the truth, but—in contrast to the inscription on the wall 
of the CIA lobby (John 8:32)—the truth. 

-- A Handbook of the Psychology of Intelligence Analysis, Richard L. Rees, Ph.D., Editor; n.d., p. 375 


Unconventional Warfare (UW). A broad spectrum of military and paramilitary operations, normally of long 
duration, predominantly conducted through, with, or by indigenous or surrogate forces who are organized, 
trained, equipped, supported, and directed in varying degrees by an external source. It includes, but is not 
limited to, guerrilla warfare, subversion, sabotage, intelligence activities, and unconventional assisted 
recovery. (DoDD 3000.07, Irregular Warfare, 1 Dec 2008) 


-- Also, activities conducted to enable a resistance movement or insurgency to coerce, disrupt, or 
overthrow a government or occupying power by operating through or with an underground, auxiliary, and 
guerrilla force in a denied area. (JP 3-05, Special Operations, 18 Apr 201 1) 


Undeclared. An officer, asset, agent, or action whose agency affiliation is not formally identified to a 
foreign intelligence or security service, government or organization, or other US Government entity. 
(National HUMINT Glossary) 


-- Also, an individual or action whose intelligence affiliation is not disclosed. (HDI Lexicon, April 2008) 


Undercover Activity. Any investigative activity involving the use of an assumed identity by an undercover 
employee for an official purpose, investigative activity, or function. (FBI, Domestic Investigations and 
Operations Guide, 15 Oct 2011) 


Undercover Employee. An employee of the FBI, another federal, state, or local law enforcement agency, 
another entity of the United States Intelligence Community (USIC), or another foreign intelligence agency 
working under the direction and control of the FBI whose relationship with the FBI is concealed from third 
parties by the maintenance of a cover or alias identity for an official purpose, investigative activity, or 
function. (FBI, Domestic Investigations and Operations Guide, 15 Oct 2011) 
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Undercover Operation. A phrase usually associated with the law enforcement community and which 
describes an operation that is so planned and executed as to conceal the identity of, or permit plausible 
denial by, the sponsor. (DSS Glossary) 


Understand. The ability to individually and collectively comprehend the implications of the character, 
nature, or subtleties of information about the environment and situation to aid decision-making. (Joint 
Capability Areas Taxonomy & Lexicon, 15 Jan 2008) 


Unified Action. The synchronization, coordination, and/or integration of the activities of governmental 
and nongovernmental entities with military operations to achieve unity of effort. (JP 1, Doctrine for the 
Armed Forces of the United States, 25 Mar 2013) 


Unified Command Plan (UCP). The document, approved by the President, that sets forth basic guidance 
to all unified combatant commanders; establishes their missions, responsibilities, and force structure; 
delineates the general geographical area of responsibility for geographic combatant commanders; and 
specifies functional responsibilities for functional combatant commanders. (JP 1, Doctrine for the Armed 
Forces of the United States, 25 Mar 2013 and JP 1-02) Also see Combatant Command. 


Six Combatant Commands (COCOMs) have geographic area responsibilities: 
-- U.S. Northern Command (NORTHCOM) 
-- U.S. Central Command (CENTCOM) 
-- U.S. European Command (EUCOM) 
-- U.S. Pacific Command (PACOM) 
-- U.S. Southern Command (SOUTHCOM) 
-- U.S. Africa Command (AFRICOM) 


Three COCOMs that have worldwide functional responsibilities not bounded by geography: 
-- U.S. Special Operations Command (SOCOM) 
-- U.S. Strategic Command (STRATCOM) 
-- U.S. Transportation Command (TRANSCOM) 


Note: U.S. Joint Forces Command (JFCOM) was disestablished in August 2011. 


For additional information, see CRS Report, The Unified Command Plan and Combatant 
Commands: Background and Issues for Congress, 3 Jan 2013, copy available at: 
<http://www.fas.org/sgp/crs/natsec/R42077.pdf> 


Uniform Code of Military Justice (UCMJ). The criminal code governing the Armed Services of the United 
States. (CI Community Lexicon) 


UCMJ (10 USC Chapter 47), is the foundation of military law in the United States. See UCMJ 
appendix in Manual for Courts-Martial (MCM): «http://www.au.af.mil/au/awc/awcgate/law/mcm.pdf» 


Unilateral Operation. A clandestine activity conducted without the knowledge or assistance of a foreign 
intelligence or security service, host country, foreign organization, or non-state actor. (National HUMINT 
Glossary) 


United States (US). Includes the land area, internal waters, territorial sea, and airspace of the United 
States, including the following: a) US territories, possessions, and commonwealths; and b) Other areas 
over which the US Government has complete jurisdiction and control or has exclusive authority or 
defense responsibility. (JP 1-02) 


- Also, when used in a geographic sense, means all areas under the territorial sovereignty of the 
United States. (FBI Domestic Investigations and Operations Guide, 15 Oct 2011) 
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Unity of Effort. Coordination and cooperation toward common objectives, even if the participants are not 
necessarily part of the same command or organization - the product of successful unified action. 
(JP 1, Doctrine for the Armed Forces of the United States, 25 Mar 2013 and JP 1-02) 


Unknown Subject (UNSUB). The subject of an investigation, whose identity has not been determined, 
commonly referred to as an “UNSUB.” Also see DoD Unknown Subject. 


Unknown Subject Lead. [Within DoD,] information indicating an unidentified current or former DoD- 
affiliated individual may have passed information or provided support to an FIE. (DoD Manual 5240.26, CI 
Insider Threat Program, draft 20 Nov 2013) 


Unload Signal. A visual signal to indicate the departure of an individual or removal of an object from a 
given locale. (HDI Lexicon, April 2008) 


Unsolicited Correspondence. Request for information from a person which may range from direct 
inquiries by phone, e-mail, fax, or letter in which the recipient is asked to provide seemingly innocuous 
data. (AR 381-12, Threat Awareness and Reporting Program, 4 Oct 2010) 


Typical requests include solicitation of research papers, requests for additional information after 
a public presentation, suggestions for mutual research, requests for survey participation, and so 
forth; correspondence where the actual purpose may be to identify by name and position any 
individual who might be targeted later by a foreign intelligence service, and to elicit targeted 
information not readily obtainable by other means. 


Unwitting. A person who is not aware of USG sponsorship of or affiliation with the cover. (DoDI 
S-5105.63, Implementation of DoD Cover and Cover Support Activities, 20 Jun 2013) Also see witting. 


-- Also, not aware of US Government sponsorship or affiliation. (National HUMINT Glossary) 


-- Also, unaware of the true nature of the activities being conducted or of the intelligence connections 
of persons involved. (HDI Lexicon, April 2008) 


U.S. Coast Guard (USCG). A military, multi-function, maritime service that is the principal Federal agency 
responsible for safety, security, and stewardship with the maritime domain. It has diverse missions: 
national defense, homeland security, maritime safety, and environmental & natural resources 
stewardship. In March 2003, pursuant to the Homeland Security Act, the USCG was transferred from the 
Department of Transportation to the Department of Homeland Security (DHS). 


The Cl component of the USCG is the Coast Guard Counterintelligence Service (CGCIS). 


U.S. Homeland. The physical territory of the United States: the 50 states, District of Columbia, US 
territories and territorial waters; significant infrastructure linked to the United States; and major 
commercial air, land and sea corridors into the country. Also see homeland. 


U.S. National. US citizen and US permanent and temporary legal resident aliens. (JP 1-02) 


U.S. Person (USPERS; also USP). For intelligence purposes, a US person is defined as one of the 
following: 1) a US citizen; 2) an alien known by the intelligence agency concerned to be a permanent 
resident alien; 3) an unincorporated association substantially composed of US citizens or permanent 
resident aliens; or 4) — a corporation incorporated in the United States, except for those directed and 
controlled by a foreign government or governments. (JP 1-02 and JP 2-01.2, Cl & HUMINT in Joint 
Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) 


Note: A person or organization outside the United States shall be presumed not to be a USP 
unless specific information to the contrary is obtained. 
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U.S. Secret Service (USSS). A federal law enforcement agency mandated by Congress to carry out dual 
missions: protection of national and visiting foreign leaders, and criminal investigations. 
(www.secretservice.gov) 


The Secret Service was established in 1865, solely to suppress the counterfeiting of U.S. currency. 
Headquarters in Washington, D.C. and more than 150 offices throughout the United States and 
abroad. Congress transferred USSS to the Department of Homeland Security (DHS) in 2002. 


Criminal investigation activities encompass financial crimes, identity theft, counterfeiting, computer 
fraud, and computer-based attacks on the nation’s financial, banking, and telecommunications 
infrastructure. 


Protection mission is the most prominent of the two, covering the President, Vice President, their 
families, former Presidents, and major candidates for those offices, along with the White House and 
the Vice President’s residence (through the Service’s Uniformed Division). Protective duties of the 
Service also extend to foreign missions in the District of Columbia and to designated individuals, 
such as the Homeland Security Secretary and visiting foreign dignitaries. 


Separate from these specific mandated assignments, USSS is responsible for certain security 
activities such as National Special Security Events (NSSEs), which include the major party 
quadrennial national conventions as well as international conferences and events held in the United 
States. 


-- See CRS Report RL34603, The U.S. Secret Service: An Examination and Analysis of Its 
Evolving Missions, 31 July 2008 


U.S.A. Patriot Act. USA Patriot Act of 2011 (Public Law 107-56); see Patriot Act. 
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V ee ee eV SV 


Validation. [In intelligence usage], a process associated with the collection and production of intelligence 
that confirms that an intelligence collection or production requirement is sufficiently important to justify the 
dedication of intelligence resources, does not duplicate an existing requirement, and has not been 
previously satisfied. (JP 1-02 and JP 2-01.2, Cl & HUMINT in Joint Operations, 16 Mar 2011 w/ chg 1 
dated 26 Aug 2011) 


Vault. A room(s) used for the storing, handling, discussing, and/or processing of Special Access Program 
(SAP) information and constructed to afford maximum protection against unauthorized entry. (DSS 
Glossary) 


Vehicle-Borne Improvised Explosive Device (VBIED). A device placed or fabricated in an improvised 
manner on a vehicle incorporating destructive, lethal, noxious, pyrotechnic, or incendiary chemicals and 
designed to destroy, incapacitate, harass, or distract. Otherwise known as a car bomb. (JP 1-02 and 
JP 3-10, Joint Security Operations in Theater, 3 Feb 2010) 


VENONA. Highly classified U.S. SIGINT (cryptanalysis) effort during World War II to decipher encoded 

Soviet intelligence messages transmitted to Moscow on espionage activity in the United States. VENOA 
traffic indicated that the Soviets had over 300 assets of various kinds inside numerous U.S. Government 
agencies. 


-- Also, code name for the U.S. codebreaking project that deciphered portions of the texts of Soviet 
intelligence messages between Moscow and other cities in the 1940s. Most messages concerned spy 
activities in the United States. (Spy Book) 


I stood in the vestibule of the enemy’s house, having entered by stealth. 
I held in my hand a set of keys... and we were determined to use them. 
-- FBI Agent Robert J. Lamphere 


VENONA decryptions of Soviet intelligence messages in the 1940s, majority during WWII, identified 
numerous agents with access to the White House, Congress, and political parties, as well as agents 
in the media and in high-tech defense industries, however 178 Russian code names have yet to be 
linked to the true names of the American spies. 


Research in Soviet Archives has added to the corroboration of some VENONA material, including 
the identities of many codenamed individuals 


For additional information: 
«www.nsa.gov/public info/declass/venona/index.shtml- 
«http://web.archive.org/web/20060614231955/http://www.nsa.gov/publications/publi00039.cfm- 


Also see "In the Enemy's House: Venona and the Maturation of American Counterintelligence" at: 
<http://web.archive.org/web/20061 115021025/http://www.fbi.gov/libref/historic/history/foxpaper.htm- 


Also see The FBI-KGB War: A Special Agent's Story by Robert J. Lamphere and Tom Shachtman. 


Vetting. A generic term to describe the full spectrum of asset evaluation for authenticity, reliability and 
hostile control. It includes ops testing, caser officer and psychological assessment, polygraph, security, 
counterintelligence interview, production review and personal record questionnaires. (National HUMINT 
Glossary) Also see asset validation, source validation and counterintelligence flags. 


-- Also, as related to source validation, an ongoing process the purpose of which is to continually 
determine, by means of specific operational acts and analytical assessments, the motivation, veracity, 


and control of a reporting source. (DoDI S-3325.07, Guidance for the Conduct of DoD Human Source 
Validation (U), 22 Jun 2009) 
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-- Also, the complete process of investigating and testing a potential source or information to 
determine its ability and suitability for clandestine activities. (AFOSI Instruction 71-101, 6 Jun 2000) 


-- Also, a process of examination and evaluation, generally referring to performing a background 
check on someone before offering him or her employment, conferring an award, etc. In addition, in 
intelligence gathering, assets are vetted to determine their usefulness. (en.wikipedia.org/wiki/Vetting) 


"Vetting" literally means getting a sick animal examined by a veterinarian; 
it has evolved into a term meaning to test or scrutinize. 
-- Spy Book 


Vetting is used in agent/source authentication. The vetting process is one of testing and examining 
the agent to determine the degree of the agent's/source's reliability and truthfulness in reporting 
information. It is designed to weed out fabricators and double agents. 


Violent Behavior. The intentional use of physical force or power, threatened or actual, against a person or 
group that either results in or has a high likelihood of injury, death, or psychological harm to self or others. 
(DoDI 1438.06, DoD Workplace Violence Prevention and Response Policy 16 Jan 2014) 


Violent Extremism. Individuals who openly express their religious, political, or ideological views through 
violence or a call for violence. (US Army Tactical Reference Guide, Radicalization into Violent 
Extremism: A Guide for Military Leaders, Aug 2011) Also see radicalization, terrorism, violent 
radicalization. 


--Also, any ideology that encourages, endorses, condones, justifies, or supports the commission of a 
violent act or crime... to achieve political, social, or economic changes.... (FBI Counterterrorism Analytical 
Lexicon) 


-- Also, the process of adopting or promoting an extremist belief system for the purpose of facilitating 
ideologically based violence to advance political, religious, or social change. (House Bill 1955, 110' 
Congress, 24 Oct 2007) 


Copy of Army reference cited above available at: 
<https://rdl.train.army.mil/catalog/go/100.ATSC/883A3A74-A803-4CD5-B693-0D59B108E7EC- 
1326399638300> Reference also at: 

<http://www.wired.com/images_blogs/dangerroom/201 2/1 0/awsc-pdf-CDR-7281 1 .pdf> 


The Complexity of Violent Extremism 
The threat posed by violent extremism is neither constrained by international borders nor limited to 
any single ideology. Groups and individuals inspired by a range of religious, political, or other 
ideological beliefs have promoted and used violence against the homeland. 


Increasingly sophisticated use of the Internet, mainstream and social media, and information 
technology by violent extremists adds an additional layer of complexity. 


-- Department of Homeland Security 
See <http://www.dhs.gov/topic/countering-violent-extremism. (accessed 16 Jul 2013) 


"Violent extremism presents one of the greatest threats to 
the citizenry of the United States and its allies." 
-- Edges of Radicalization, Combating Terrorism Center, Feb 2012, p. 6 
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Violent Jihadist. The term characterizes jihadists who have made the jump to illegally supporting, 
plotting, or directly engaging in violent terrorist activity. (CRS Report R41416, 23 Jan 2013) 


American Jihadist Terrorism: Combating a Complex Threat, CRS Report R41416, 23 Jan 2013 
available online at: <http://www.fas.org/sgp/crs/terror/R41416.pdf> 


Violent Radicalization. The process of adopting or promoting an extremist belief system for the purpose 
of facilitating ideologically based violence to advance political, religious, or social change. (House Bill 
1955, 24 Oct 2007) Also see radicalization, terrorism, violent extremism. 


Virus. Malicious software; a form of Trojan horse that reproduces itself in other executable code. (DoD 
5220.22.22-M-Sup 1, NISPOM Supplement, Feb 1995) Also see computer virus. 


-- Also, a computer program that can copy itself and infect a computer without permission or 
knowledge of the user. A virus might corrupt or delete data on a computer, use e-mail programs to spread 
itself to other computers, or even erase everything on a hard disk. (CNSSI No. 4009, National Information 
Assurance Glossary, 26 April 2010) 


-- Also, a software program, script, or macro that has been designed to infect, destroy, modify, or 
cause other problems with a computer or software program. (US Army TRADOC DCSINT Handbook 
1.02, 15 Aug 2007) 


A virus is a computer program file capable of attaching to disks or other files and replicating itself 
repeatedly, typically without user knowledge or permission. Some viruses attach to files so when 
the infected file executes, the virus also executes. Other viruses sit in a computer's memory and 
infect files as the computer opens, modifies, or creates the files. Some viruses display symptoms, 
and others damage files and computer systems, but neither is essential in the definition of a virus; 
a non-damaging virus is still a virus. 

— McAfee.com; accessed 15 Nov 2010 


Volunteer. A person who initiates contact with a government, and who volunteers operational or 
intelligence information and/or request political asylum; includes call-ins, walk-ins, virtual walk-ins, 
and write-ins. (National HUMINT Glossary) 


Vulnerability. 1) The susceptibility of a nation or military force to any action by any means through 
which its war potential or combat effectiveness may be reduced or its will to fight diminished; 2). The 
characteristics of a system that cause it to suffer a definite degradation (incapability to perform the 
designated mission) as a result of having been subjected to a certain level of effects in an unnatural 
(man-made) hostile environment; and 3) In information operations, a weakness in information system 
security design, procedures, implementation, or internal controls that could be exploited to gain 
unauthorized access to information or an information system. (JP 1-02 and JP 3-60, Joint Targeting, 
13 Apr 2007) 


-- Also, a situation or circumstance, which left unchanged, may result in the degradation, loss of life, 
or damage to mission-essential resources. (DoD 5200.08-R, Physical Security Program, 9 Apr 2007) 


-- Also, a weakness or susceptibility of an installation, system, asset, application, or its dependencies 
that could cause it to suffer a degradation or loss (incapacity to perform its designated function) as a 
result of having been subjected to a certain level of threat or hazard. (DoDD 3020.40, DoD Policy and 
Responsibilities for Critical Infrastructure, 14 Jan 2010 w/ chg 2 dated 21 Sep 2012) 


-- Also, a physical feature or operational attribute that renders an entity open to exploitation or 
susceptible to a given hazard. (DHS, National Infrastructure Protection Plan - 2009) 


Vulnerability Analysis. A process that examines a friendly operation or activity from the point of view of 


an adversary, seeking ways in which the adversary might determine critical information in time to disrupt 
or defeat the operation or activity. (DoD 5205.02-M, DoD OPSEC Program Manual, 3 Nov 2008) 
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Vulnerability Assessment (VA). A Department of Defense, command, or unit-level evaluation 
(assessment) to determine the vulnerability of a terrorist attack against an installation, unit, exercise, port, 
ship, residence, facility, or other site. Identifies areas of improvement to withstand, mitigate, or deter acts 
of violence or terrorism. (JP 1-02 and JP 3-07.2, Antiterrorism, 24 Nov 2010) 


-- Also, [regarding infrastructure] a systematic examination of the characteristics of an installation, 
System, asset, application, or its dependencies to identify vulnerabilities. (DoDD 3020.40, DoD Policy and 
Responsibilities for Critical Infrastructure, 14 Jan 2010 w/ chg 2 dated 21 Sep 2012) 


-- Also, the comprehensive evaluation of an installation, facility, or activity to determine preparedness 
to deter, withstand, and /or recover from the full range of adversarial capabilities based on the threat 
assessment, compliance with protection standards, and risk management. (DoD 5200.08-R, Physical 
Security Program, 9 Apr 2007) 


-- Also, the process of identifying weaknesses in the protection of friendly operations and activities 
which, if successfully exploited by foreign intelligence, could compromise current or future plans, 
capabilities, or activities, including RDA [research, development and acquisition]. (AR 381-20, Army CI 
Program, 25 May 2010) 


Vulnerability Study. An analysis of the capabilities and limitations of a force in a specific situation to 
determine vulnerabilities capable of exploitation by an opposing force. (JP 1-02) 
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Waived Special Access Program. A SAP [Special Access Program] for which the Secretary of Defense 
has waived applicable reporting in accordance with [Section 119 of Title 10 US Code] following a 
determination of adverse effect to national security. An unacknowledged SAP that has more restrictive 
reporting and access controls. (DoDD 5205.07, SAP Policy, 1 Jul 2010) 


-- Also, an unacknowledged Special Access Program (SAP) to which access is extremely limited in 
accordance with the statutory authority of Section 119e of 10 United States Code (U.S.C), Reference b. 
The unacknowledged SAP protections also apply to Waived SAPs. Only the Chairman, Senior Minority 
member, and, by agreement, their Staff Directors of the four Congressional Defense Committees normally 
have access to program material. 


Waiver. An exemption from a specific requirement. (DSS Glossary) 


Walk-in. An unsolicited contact who provides information. (JP 1-02; JP 2-01.2, Cl & HUMINT in Joint 
Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011; DoDI S-5240.17, Cl Collection Activities, 14 Mar 
2014; and DHE-M 3301.002, Vol II Collections Operations, 23 Nov 2010) Also see volunteer. 


-- Also, an individual who voluntarily offers his services or information to a foreign government. 
(FBI FCI Terms) 


-- Also, an individual who offer his/her services to an intelligence service without being solicited. 
(CIA, D&D Lexicon, 1 May 2002) 


-- Also, someone who has something to offer or sell to the intelligence service he is approaching: 
a volunteer spy. (A Spy's Journey) 


Individuals who walk-in and provide information or offer to assist are motivated by a wide range of 
factors, including a sincere desire to help, pure greed, desire for revenge against some real or 
perceived grievance, etc. Each walk-in interview is unique. 


In the real world of secret operations volunteers have produced some of the greatest coups. 
"It's the walk-in trade that keeps the shop open" is one of the first bits of operational 
wisdom impressed on newcomers to the business. 

-- William Hood, Mole: The True Story of the First Russian Intelligence Officer Recruited by the CIA (1982) 


As always with a "walk-in," as we irreverently referred to volunteer agents, the first 
consideration is the possibility of provocation. 


-- Richard Helms with William Hood, A Look Over My Shoulder: A Life in the Central Intelligence Agency 
(2003), p. 219 


[Walk-in] applies universally to agents who volunteer their services to a hostile intelligence agency 
by making an approach to an adversary at its premises. The KGB recognized that some of its best 
sources including John Walker, Aldrich Ames, and Robert Hanssen, acted in this way, but did not 
use the same term, preferring "self-recruited agents. 

-- Historical Dictionary of Cold War Counterintelligence (2007) 


For the story of a walk-in, see Barry G. Royden, "Tolkachev, A Worthy Successor to Penkovsky," 
Studies in Intelligence, v 47, n 3: pp. 5-33. Full article available at: <https:/Awww.cia.gov/library/ 
center-for-the-study-of-intelligence/csi-publications/csi-studies/studies/vol47no3/article02.html- 


342 


Page 3859 of 3957 


Page 3860 of 3957 


Counterintelligence Glossary -- Terms & Definitions of Interest for CI Professionals (9 June 2014) 


...it should be emphasized once more that work with “walk-ins” is an important part of 
agent operations for strategic intelligence and when properly planned and conducted can 
be very fruitful. 

-- lvan A. Serov, GRU General (1962) 


See Ivan A. Serov, "Work with Walk-Ins,"* Studies in Intelligence, Vol 8, No, 1. This article, 
originally published in 1962, is adapted from one of several on Soviet intelligence doctrine written 
by high-ranking officers of the GRU (Soviet Military Intelligence). The article shows that 
Soviet/Russian problems in assessing and handling the walk-in are not unlike our own. The full 
article available at: «https:;//www.cia.gov/library/center-for-the-study-of-intelligence/kent- 
csi/vol8no1/html/v08i1a02p. 0001.htm > 


* Note: Russian term dobrozhelatel ("well-wisher") is virtually the same as our "walk-in." 


Warning. 1) A communication and acknowledgment of dangers implicit in a wide spectrum of activities by 
potential opponents ranging from routine defense measures to substantial increases in readiness and 
force preparedness and to acts of terrorism or political, economic, or military provocation; and 2) 
operating procedures, practices, or conditions that may result in injury or death if not carefully observed or 
followed. (JP 1-02) Also see warning intelligence. 


-- Also, a communication and acknowledgment of dangers implicit in a wide spectrum of activities by 
potential opponents ranging from routine defense measures to substantive increases in readiness and 
force preparedness and to acts of terrorism or political, economic, or military provocation. (DoDD 
3115.16, The Defense Warning Network,5 Dec 2013) 


-- Also, to issue an advance notification of possible harm or victimization following the receipt of 
information or intelligence concerning the possibility of a crime or terrorist attack. (ODNI, U.S. National 
Intelligence — An Overview 2011) 


Warning Intelligence. Those intelligence activities intended to detect and report time sensitive intelligence 
information on foreign developments that forewarn of hostile actions or intention against United States 
entities, partners, or interests. (JP 2-0, Joint Intelligence, 22 Oct 2013) 


Watch List. A list of words -- such as names, entities, or phrases -- which can be employed by a 
computer to select out required information from a mass of data. (Senate Report 94-755, Book | — 
Glossary, 26 Apr 1976) 


Weapon System. A combination of one or more weapons with all related equipment, materials, services, 
personnel, and means of delivery and deployment (if applicable) required for self-sufficiency. (DoDI 
5200.44, Protection of Mission Critical Functions to Achieve Trusted Systems and Networks, 5 Nov 2012) 


Weapons of Mass Destruction (WMD). Chemical, biological, radiological, or nuclear weapons capable of 
a high order of destruction or causing mass casualties and exclude the means of transporting or 
propelling the weapon where such means is a separable and divisible part from the weapon. (JP 1-02 and 
JP 3-40, Combating WMD, 10 Jun 2009) 


Specifically defined in US Code as: (1) any explosive, incendiary, or poison gas, bomb, grenade, 
rocket having a propellant charge of more than 4 ounces, or missile having an explosive or 
incendiary charge of more than one-quarter ounce, or mine or similar device; (2) any weapon that 
is designed or intended to cause death or serious bodily injury through the release, dissemination, 
or impact of toxic or poisonous chemicals or their precursors; (3) any weapon involving a disease 
organism; or (4) any weapon that is designed to release radiation or radioactivity at a level 
dangerous to human life. (18 USC 18 §2332a) 
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White List. The identities and locations of individuals who have been identified as being of intelligence or 
counterintelligence interest and are expected to be able to provide information or assistance in existing or 
new intelligence areas of interest. (Cl Community Lexicon) Also see Black List; Gray List. 


White lists contain the identities and locations of individuals in enemy controlled areas. These 
individuals are of intelligence or CI interest. They are expected to be able to provide information or 
assistance in the accumulation of intelligence data or in the exploitation of existing or new 
intelligence areas of interest. They are usually in accord with or favorably inclined toward U.S. 
policies. Their contributions are based on a voluntary and cooperative attitude. Decisions to place 
individuals on the white list may be affected by the combat situation, critical need for specialists in 
scientific fields, and such intelligence needs as indicated from time to time. 

Examples of individuals included in this category are: 

1) Deposed political leaders of a hostile state. 
2) Intelligence agents employed by U.S. or allied intelligence agencies. 
3) Key civilians in areas of scientific research, including faculty members of universities and 
staffs of industrial or national research facilities whose credibility have been established. 
-- USMC, MCWP 2-6 (previously 2-14), Counterintelligence, 5 Sep 2000 


Wilderness of Mirrors. The organizational culture of the secret services. In it deceptions are false, lies are 
truth, the reflections are illuminating and confusing. The phrase centers on the problem of the reliability of 
the secret information about espionage and the identity of spies. The mirrors comprise information from 
defectors, disinformation from the opposing sides in the Cold War, deviously covered false trails, and 
facts thought to be valid but incomplete (and later established as totally untrue). (Encyclopedia of Cold 
War Espionage, Spies, and Secret Operations, 3 edition, 2012) 


-- Also, expression to sgnify the confusion of the world of intelligence and espionage. James Jesus 
Angleton, long-time head of counterespionage for the CIA, is generally credited with coining the term, 
having written that the Wilderness of Mirrors "is that... myriad of strategms, deceptions, artifices and all 
other devices of disinformation which the Soviet bloc and its coordinated intelligence services use to 
confuse and split the West,” thus producing “an ever-fluid landscape where fact and illusion merge....” 
(Spy Book) 


“Wilderness of Mirrors" a description of counterintelligence attributed to James J. Angleton. It 
comes from T.S. Eliot's poem “Gerontion” (1920); also the title of a 1980 book authored by David 
C. Martin about CIA counterintelligence (New York: HarperCollins, First Edition, 1980). 


Angleton was CIA's Chief of the Counterintelligence from 1954 until his retirement in 1974. In 
December 1974, Angleton was basically forced into retirement by the Director of CIA (William 
Colby), who became convinced that Angleton's “labyrinthine” approach to counterintelligence 

severely hampered the Agency's primary mission -- clandestine HUMINT collection. 


Window Dressing. [Tradecraft jargon] Ancillary materials that are included in a cover story or deception 
operation to help convince the opposition or casual observers that what they are observing is genuine. 
(CI Centre Glossary) 
Witting. A term of intelligence art that indicates that one is not only aware of a fact or piece of information 
but also aware of its connection to intelligence activities. (JP 1-02 and JP 2-01.2, CI & HUMINT in Joint 
Operations, 16 Mar 2011 w/ chg 1 dated 26 Aug 2011) Also see unwitting. 

-- Also, a person is aware of USG sponsorship or affiliation. (National HUMINT Glossary) 


-- Also, aware of the true nature of the activities being conducted or of the intelligence connections 
of persons involved. (HDI Lexicon, April 2008) 


-- Also, knowledgeable as to certain aspects of a clandestine organization and its activities. 
(AFOSI Manual 71-142, OFCO, 9 Jun 2000) 
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Workplace Violence. Any act of violent behavior, threats of physical violence, harassment, intimidation, 
bullying, verbal or non-verbal threat, or other threatening, disruptive behavior that occurs at or outside the 
work site. (DoDI 1438.06, DoD Workplace Violence Prevention and Response Policy 16 Jan 2014) 


Worm. A self-replicating, self-propagating, self-contained program that uses networking mechanisms 
to spread itself. (CNSSI No. 4009, National Information Assurance Glossary, 26 April 2010) See worms. 


-- Also, a type of malware that spreads automatically over a network, installing and replicating itself. 
The network traffic from rapid replication and spread can cripple networks even when the malware does 
not have a malicious payload. (Cybersecurity and Cyberwar) 


A worm is an unwanted software program secretly planted on a computer that enables (among 
other things) someone other than the owner to control it. 


In 2009, cyber security analysts worldwide reported that a “worm” called Stuxnet had penetrated 
and, in all likelihood, damaged an Iranian nuclear facility. The attack was apparently prosecuted 
through the facility's industrial control system. 
-- RAND Report, A Cyberworm that Knows No Boundaries, 2011* (see Appendix B - Worms) 
* Copy at: <http://www.rand.org/content/dam/rand/pubs/occasional_papers/2011/RAND_OP342.pdf> 


Worms. Parasitic computer programs that replicate, but unlike viruses, do not infect other computer 
program files. Worms can create copies on the same computer, or can send the copies to other 
computers via a network. Worms often spread via Internet Relay Chat (IRC). (McAfee.com; accessed 
15 Nov 2010) See worm. 


Write for Maximum Utility (WMU). An approach that guides the way that intelligence organizations 
conceive, format, produce, and disseminate intelligence products in order to increase their usability 
for the intended customers. (ICD 208, 17 Dec 2008) Also see write-to-release. 


Utility is maximized when customers receive or are able to expeditiously discover and pull or 
request intelligence, information, and analysis in a form they are able to easily use and able to 
share with their colleagues, subordinates, and superiors. WMU ensures intelligence, information, 
and analysis are produced in a manner to facilitate reuse—either in its entirety or in coherent 
portions—thereby enabling wider dissemination and enhancing its usability. 


WMU shares certain goals as well as techniques with previous and ongoing IC WTR [write-to- 
release] efforts. WMU goes further than WTR in linking knowledge of the customer's operating 
environment to the intelligence production effort. The resulting effort is not *one size fits all" or 
production of all intelligence products at the lowest classification, but products tailored to best meet 
a customer's requirements. This may mean producing the definitive assessment on a given topic 
area based on all available intelligence, regardless of classification. 

-- ICD 208, Write for Maximum Utility, 17 Dec 2008 


Write-to-Release (WTR). A general approach whereby intelligence reports are written in such a way that 
sources and methods are protected so that the report can be distributed to customers or intelligence 
partners at lower security levels. In essence, write-to-release is proactive sanitization that makes 
intelligence more readily usable by a more diverse set of customers. The term encompasses a number 
of specific implementation approaches, including sanitized leads and tearline reporting. (ICD 208, 17 Dec 
2008) Also see tearline reporting and write for maximum utility. 


Written Statement. Permanently record of pretrial testimony of accused persons, suspects, victims, 
complaints, and witnesses. (FM 19-20, Law Enforcement Investigations, Nov 1985) 


Written statements may be used in courts as evidence attesting to what was told investigators. 
They also are used to refresh the memory of the persons making the statements. 
-- FM19-20, Law Enforcement Investigations, Nov 1985, p. 53 
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y ee ee nV 


Year of the Spy. The year 1985 was labeled "The Year of the Spy" by the media because of the number 
of espionage-related incidents that came to light that year. Unbeknownst to the media and the CIA at the 
time, several other significant spying ventures started during this same year and would not come to light 
until years later. (Spy Dust) 


-- Also, the phrase, coined late in 1985, to summarize the activities among notable spies and 
defectors in the Cold War. (Encyclopedia of Cold War Espionage, Spies, and Secret Operations, 
3" edition, 2012) 


John A. Walker, Jr. Sharon M. Scranage Jonathan J. Pollard Larry Wu-tai Chin Ronald W. Pelton 


"The Year of the Spy" -- 1985 


Spring 1985, the John Walker Spy Ring—John A. Walker, Jerry Whitworth, Arthur Walker, and 
Michael Walker—arrested for passing classified material to the Soviet Union. 


July 1985, CIA employee Sharon Marie Scranage and boyfriend Michael Soussoudis arrested for 
passing material to Ghanian intelligence. 


November 21, Navy intelligence analyst Jonathan Jay Pollard arrested for spying for Israel. 


November 23, former CIA analyst Larry Wu-Tai Chin arrested on charges of spying for the People's 
Republic of China since 1952. 


November 25, former National Security Agency employee Ronald William Pelton arrested for 
selling military secrets to the Soviets. 


-- FBI at «http;//www.fbi.gov/about-us/investigate/counterintelligence/cases» 


For general background on these cases see Thomas B. Allen and Norman Polmar, Merchants of 
Treason: America's Secrets for Sale, New York: Delacorte Press, 1988. 


For additional background see — 
Walker Spy Ring: Hunter, Robert W., with Lynn Dean Hunter, eds. Spy Hunter: Inside the FBI 
Investigation of the Walker Espionage Case. Annapolis, MD: Naval Institute Press, 1999. 
Other works on the Walker Espionage Ring: 
-- Barron, John. Breaking the Ring: The Bizarre Case of the Walker Family Spy Ring. 
Boston: Houghton Mifflin, 1987. 
-- Blitzer, Wolf. Territory of Lies: The Exclusive Story of the Walker Family Spy Ring. New 
York: Houghton Mifflin, 1987. 
-- Blum, Howard. / Pledge Allegiance: The True Story of the Walkers: An American Spy 
Family. Simon & Schuster Books, 1987. 
-- Earley, Pete. Family of Spies: Inside the John Walker Spy Ring. Bantam Books, 1988. 
-- Kneece, Jack. Family Treason: The Walker Spy Case. New York: Stein & Day, 1986. 
-- Walker, John Anthony. My Life as a Spy. Amherst, New York: Prometheus, 2008. 


Pollard: Olive, Ronald J. Capturing Jonathan Pollard: How One of the Most Notorious Spies in 
America History Was Brought to Justice. Annapolis, MD: Naval Institute Press, 2006. 


Chin: Hoffman, Tod. The Spy Within: Lary Chin and China's Penetration of the CIA. Hanover, 
NH: Steerforth Press, 2008. 
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Zero Day. [In computer usage] an attack that exploits a previously unknown vulnerability; taken from the 
notion that the attacks takes places on the zeroth day of awareness. Knowledge about zero-day exploits 
are valuable to both defenders and attackers. (Cybersecurity and Cyberwar) 


Zombie. [In computer usage] a computer that is infected with a virus or Trojan horse that puts it under the 
remote control of an online hijacker. The hijacker uses a zombie to generate spam or launch denial of 
service attacks. (McAfee Labs — Threat Glossary) 


-- Also, a computer that has been compromised by an outside party, for the purpose of exploiting its 
computational and network resources; frequently, lined into a botnet. (Cybersecurity and Cyberwar) 


Zoning. A method of surveillance in which the surveillance area is divided into zones, and surveillants are 
assigned to cover a specific area. (Words of Intelligence, 2"? Edition, 201 1) 
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Counterintelligence 
A variety of views... 


Counterintelligence (CI) is probably the most misunderstood secret intelligence function. 
The work itself has suffered as many definitions as there are intelligence services. 
-- Richard Helms, Former DCI and Director CIA 


Richard Helms with William Hood, A Look Over My shoulder: A Life in the Central Intelligence Agency 
(New York: Random House 2003), pp. 34-35 


*  ..[C]ountering the intelligence efforts of an adversary is the central function of 
counterintelligence.” 


-- Roy Godson, Dirty Tricks or Trump Cards: U.S. Covert Action and Counterintelligence (Washington: Brassey’s 
1995), pp. xii, 15 & 304 


"[Counterintelligence is]...intelligence of a special kind, plus something else.... 
Counterintelligence collects, stores, analyzes and disseminates information about certain foreign 
threats to U.S. security and then acts to destroy or neutralize them.... Its end purpose is not the 
mere collection and analysis of information, but action, and successful action, against those who 
threaten the security of the United States." 

-- Francis McNamara, U.S. Counterintelligence Today, (Washington: The Nathan Hale Institute1985), p. 18 


*[Counterintelligence] ... must strive to know everything possible about an adversary's 
intelligence capabilities, including his sources, and methods of collection, his covert actions at 
influencing and managing our actions and perceptions, and even his culture and thought 
processes." 
-- S. Eugene Poteat, "Counterintelligence Spy vs. Spy, Traitor vs. Traitor," American Intelligence Journal 

(Winter 2000-2001), p. 62 


“TCounterintelligence is] ...information about an adversary's intelligence operations, capabilities, 
agents, collection technology, and so on. It is not security. It is intelligence on which security 
policies should be based. Nor is it intelligence about an adversary's policy making or military 
operations or other nonintelligence capabilities and activities." 

-- William E. Odom, Fixing Intelligence For a More Secure America (New Haven: Yale University Press 2003), p. xxix 


“_,.[E]fforts taken to protect one's own intelligence operations from penetration and disruption by 
hostile nations or their intelligence services. It is both analytical and operational. ...nota 
separate step in the intelligence process but an important function throughout the process." 

-- Mark M. Lowenthal, Intelligence: From Secrets to Policy (Washington: CQ Press 2000), p. 98 


*. ..[NJational effort to prevent foreign intelligence services... from infiltrating our institutions and 
establishing the potential to engage in espionage, subversion, terrorism, and sabotage." 
-- Newton Miller, “Counterintelligence at the Crossroads," Intelligence Requirements for the 1980's: Elements 

of Intelligence, ed. Roy Godson (Washington: National Strategy Information Center, Inc., 1983), p. 50 
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*[Counterintelligence] ...involves the use of both offensive and defensive measures to: protect 

sensitive US information and operations from compromise and penetration by foreign intelligence 

services and other hostile entities; ensure the security and integrity of ongoing US diplomatic, 

military and intelligence operations; and penetrate, compromise and neutralize hostile operations 

mounted by foreign intelligence services, terrorist organizations and drug cartels.” 

-- "Richard L. Haver, "The Ames Case: Catalyst for a National Counterintelligence Strategy," Defense Intelligence 
Journal, Vol. 4 No. 1 (Spring 1995), p. 12 


*[Counterintelligence] ...includes all information gathered and activities conducted by the 
government aimed at detecting, analyzing, and countering threat. ...the term refers to active 
operations conducted to counter--through detection, assessment, neutralization, and 
manipulation--the intelligence operations of foreign countries and groups. ...it includes 
recruitment of foreign intelligence officers, disruption of activities, prosecution of criminal 
espionage, and manipulation and deception. ...it involves the use of surveillance, double agents, 
and other clandestine techniques." 
-- Kenneth E, deGraffenreid, "Countering Hostile Intelligence Activities as a Strategic Threat," National Strategy 
Information Center, Inc., Sep 1989, p. 3 


“Counterintelligence is a term often associated with catching spies. ...[It is also] information 
gathered and activities conducted with the purpose of disrupting and neutralizing the activities of 
hostile intelligence services." 
-- Jeffery Richelson, The US Intelligence Community, 2d ed. (Ballinger Publishing Co., Cambridge MA, 1989), 

pp. 317 - 330 


“Counterintelligence is a critical part of nearly all intelligence activities. When performed 
properly, the CI function is integral to the intelligence activity itself and part of the overall security 
of the organization." 

-- Aspin-Brown Commission Report, Preparing for the 21° Century: An Appraisal of U.S. Intelligence, 1 March 1996 


"[Counterintelligence is] ...the most arcane and organizationally fragmented, the least doctrinally 
clarified, and legally, and thus politically, the most sensitive intelligence activity." 
-- William E. Odom, Fixing Intelligence For a More Secure America (New Haven: Yale University Press 2003), p. 167 


“Cl, the quality-control of intelligence, is the key to the struggle between states and armies for a 
favorable disparity of knowledge. ...Cl concerns all other aspects of intelligence; that it must use 
all of the elements of intelligence as part of itself, while at the same time Cl as a whole must be 
part of the analysis, collection, and covert action practiced by intelligence services. In its inward- 
looking perspective, Cl is a double-check on one’s own intelligence operations. In its outward- 
looking perspective, it is the sharpest weapon in the intelligence arsenal.” 

-- Angelo Codevilla, Informing Statecraft: Intelligence for a New Century (1992), pp. 325-326 


“Counterintelligence... is a strategic instrument available to states to protect themselves and 
advance their interests in the struggle for power, wealth, and influence. ...the end product, the 
mission of counterintelligence, is action—action to protect against foreigners and action to 
manipulate foreigners in the service of national goals.” 


-- Roy Godson, Dirty Tricks or Trump Cards: U.S. Covert Action and Counterintelligence (Washington: Brassey’s 
1995), pp. 238-239 


Across the profession, there are vast differences in 
understanding of what counterintelligence means, and how it is done, 
and even the basic terminology it employs. 

-- Hon. Michelle VanCleave (former NCIX 2003-2006) 


The NCIX and the National Counterintelligence Mission: what has worked, what has not, and why, 
Case Study Prepared for the Project on National Security Reform, May 2008 
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Miscellaneous Thoughts... 


“Cl... the most secret of secret intelligence activities...." 
-- Senate Report 94-755, Church Committee Report, 26 April 1976 


“There are far too many in the Intelligence Community who either 
do not understand counterintelligence or, who understanding its concepts, 
have climbed to the top of their career ladders by opposing it." 


-- Senator Malcolm Wallop, Senate Intelligence Committee (1985) 


* ..[T]he counterintelligence community is performing its wartime mission every day 
as agents counter foreign intelligence threats — that's why we call it the silent war." 


-- Colonel Stuart A. Herrington, USA (Ret) 
Former Commander, US Army Foreign Counterintelligence Activity 


“In the spy game, when you're penetrated — when someone is working 
for the other side inside your security world — they own you." 


-- Richard Haver, Former Executive Director for IC Affairs and Former Special Asst to USD(I) 


“| became convinced that no intelligence service can be more 
effective than its counterintelligence component for very long." 


-- Richard Helms, Former DCI and Director CIA 
Richard Helms with William Hood, A Look Over My shoulder: A Life in the Central Intelligence Agency (2003), pp. 34-35 


“In short, there appears to be no abatement in espionage either now or on the horizon." 


-- Eli Jacobs, Chairman, Jacobs Panel 
SSCI, S. Hrg. 101-1293, "S. 2726 to Improve U.S. Counterintelligence Measures,” 101* Congress 2™ session, 1991, p. 9 
(Testimony before the Senate Select Committee on Intelligence, 23 May 1980) 


“No one can realistically expect that espionage will ever be totally eradicated. 
But we can take steps to minimize its occurrence and lessen its impact.” 


-- Senator David L. Boren, Chairman Senate Select Committee on Intelligence, 23 May 1990 
SSCI, S. Hrg. 101-1293, "S. 2726 to Improve U.S. Counterintelligence Measures,” 101“ Congress 2" session, 1991, p. 9 
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CI... A Never-Ending Necessity 


The Ten Commandments of Counterintelligence* 


> |-- Be Offensive 
> Il-- Honor Your Professionals (9 
> Ill -- Own the Street 

> IV-- Know Your History 

> V-- Do Not Ignore Analysis 
> VI - Do Not Be Parochial 


> VII -- Train Your People 


> VIII -- Do Not Be Shoved Aside — ee E 
> IX-- Do Not Stay Too Long 
> X-- Never Give Up 


-- James M. Olson, Former Chief of CIA Counterintelligence 
(served 31 years in the CIA) 


* James M. Olson, "The Ten Commandments of Counterintelligence," Center for the Study of Intelligence, CIA, Studies 
in Intelligence, Volume. 45 ,No. 5, Fall-Winter 2001, pp. 81-87; available online at <https://www.cia.gov/library/center- 
for-the-study-of-intelligence/csi-publications/csi-studies/studies/fall winter 2001/article08.html- 

Also available online at: <http://www.dtic.mil/dtic/tr/fulltext/u2/a529667.pdf> 
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To advance its interests, the United States will need to do what 
prudent statesmen have done in different ways for centuries: 
ensure that counterintelligence is adequate to the task. 


-- Roy Godson, Dirty Tricks or Trump Cards: U.S. Covert Action and Counterintelligence 
(Washington: Brassey's 1995), pp. 238-239 


Need for Counterintelligence... 


But there will always be espionage and there 
will always be counter-espionage. Though 
conditions may have altered, though 
difficulties may be greater..., there will 
always be secrets which one side jealously 
guards and which the other will use every 
means to discover; there will always be men 


who from malice or for money will betray 
their kith and kin and there will always be 
men who, from love of adventure or a sense 
of duty, will risk a shameful death to secure 
information valuable to their country. 


W. Somerset Maugham, Ashenden: or the British Agent (1928) 


Inescapable Truth... there will always be Spies 
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We must develop effective espionage and counterespionage services 
and must learn to subvert, sabotage and destroy our enemies by more clever, 


more sophisticated and more effective methods than those used against us. 
-- Doolittle Report (1954)* 


In counte. 


-- Eric Ambler, Light of Day (1962) 


* Report on the Covert Activities of the Central Intelligence Agency (aka Doolittle Report), 30 Sep 1954, redacted copy (originally 
classified TOP SECRET). Lt Gen James H. Doolittle was the Chairman of this Presidential directed Special Study Group. One 
result of the report was the creation of a counterintelligence staff within CIA which was run by James J. Angleton from 1954 to 
1974. Redacted copy available online at: <http://www.foia.cia.gov/helms/pdf/doolittle_report.pdf> 
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COUNTERINTELLIGENCE— THE WILDERNESS OF MIRRORS 


Counterintelligence officers—people who specialize in catching 
spies—work in a part of the profession so labyrinthine that 
it is often referred to as a “wilderness of mirrors"... 
-- H. Keith Melton and Robert Wallace, The Official CIA Manual of Trickery and Deception (2009) 


One final perspective... 


N 
` u-— 


— 


= cx 


...the practical criticism 
~_ of ambiguity. 


-- James Jesus Angleton 
CIA's Chief of Counterintelligence 
1954 to 1974 


Counterintelligence....a wilderness of mirrors 


“A wilderness of mirrors” -- a description of counterintelligence attributed to James J. Angleton. It comes from T.S. Eliot’s poem 
"Gerontion" (1920); also the title of a 1980 book authored by David C. Martin about CIA counterintelligence. 


Angleton was CIA's Chief of the Counterintelligence from 1954 until his retirement in 1974. In December 1974, Angleton was 
basically forced into retirement by the Director of CIA (William Colby), who became convinced that Angleton's "labyrinthine" 
approach to counterintelligence severely hampered the Agency's primary mission -- clandestine HUMINT collection. 
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THE CHALLENGE: 7HINKING THE UNTHINKABLE 


Most fundamental to counterintelligence—as true today as ever-is the 
need to “think the unthinkable.” Yet this is one of the most difficult 
attitudes to instill and maintain because it runs contrary to human 
nature, especially in open societies like the United States. ... 


Today, thinking the unthinkable is not easier, but it is just as critical to 
our national security. 


As we proceed to face the counterintelligence threat of the 21" century, 
we are faced with a host of challenges: some new, others ancient and 
deeply rooted in human weakness, and some not yet even invented. 

-- Honorable Richard Shelby, Chairman of the U.S. Senate Select Committee on Intelligence (2001)* 


To all Counterintelligence professionals -- 
Combating adversarial intelligence threats is a demanding 
and challenging profession... CI is a strategic instrument 

of national security underappreciated by most. 


-- COL Mark L. Reagan (USA Ret) 
Editor, Terms & Definitions of Interest for Counterintelligence Professionals 


CI a strategic enabler and a national asset... 
Critical to U.S. National Security 


* Quote from "Intelligence and Espionage in the 21st Century," Heritage Lectures - No. 705, The Heritage Foundation, 18 May 2001 
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Glossary of Security Terms, Definitions, and Acronyms, Defense Security Service, November 2012 — cited as 
DSS Glossary (337 pages). Copy available «http://www.cdse.edu/documents/cdse/Glossary Handbook.pdf- 


Glossary of Spy Terms, Cl Centre — cited as Cl Centre Glossary. Originally available online at <http://cicentre.com/ 
LINKS Reference Material.htm» -- site now requires membership to access, see <http://www.cicentre.com/> 


Historical Dictionary of Cold War Counterintelligence by Nigel West, Maryland: Scarecrow Press, Inc., 2007. 


Human Derived Information Lexicon Terms and Definitions for HUMINT, Counterintelligence, and related 
Activities, April 2008 — cited as HDI Lexicon. 
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Intelligence Essentials for Everyone, by Lisa Krizen, Occasional Paper Number Six, Washington DC: DIA Joint 
Military Intelligence College, June 1999. Copy available online at: <http://www.dia.mil/college/pubs/8342.htm> 


McAfee Labs - Threat Glossary, undated. Copy available online at: <http://www.mcafee.com/us/mcafee- 
labs/resources/threat-glossary.aspx » 


National Information Assurance (IA) Glossary, Committee on National Security Systems Instruction (CNSSI) 
No. 4009, 26 Apr 2010. Copy available on line at: <http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf> 
Also at <http://www.ncix.gov/publications/policy/docs/CNSSI_4009.pdf> 


National Intelligence: A Consumer's Guide — 2009. Copy available online at: 
«http://www.dni.gov/reports/IC Consumers Guide 2009.pdf- 


National HUMINT Glossary, unclassified, 15 pages, undated. Copy available on JWICS at: 
<http://jwc-nhb-nhc03.idiss.cia.ic.gov/intelink/NationalHUMINTGlossary.pdf> 


OPSEC Glossary of Terms. Interagency OPSEC Support Staff. Copy available online at: 
<http://www.ioss.gov/docs/definitions.html> 


Spy Book — The Encyclopedia of Espionage by Norman Polmar and Thomas B. Allen, New York: Random House, 
revised edition, 2002 — cited as Spy Book. 


Spy Dust: Two Masters of Disguise Reveal the Tools and Operations that Helped Win the Cold War by 
Antonio and Jonna Mendez, with Bruce Henderson, New York: Atria Books, 2002; Glossary pp. 283-298 (copy 
of glossary available on line at: <http://www.themasterofdisguise.com/glossary.html>) — cited as Spy Dust. 


Spycraft: The Secret History of the CIA's Spytechs from Communism to Al-Qaeda by Robert Wallace 
and H. Keith Melton, New York: Penguin Group, 2008 - cited as Spycraft. 


U.S. National Intelligence — An Overview 2011, Office of the Director of National Intelligence. Copy available 
online at: «http:;//www.odni.gov/IC. Consumers Guide 201 1.pdf» 


Words of Intelligence: An Intelligence Professional's Lexicon for Domestic and Foreign Threats, 2" Edition, 
by Jan Goldman. Lanham, MD: Scarecrow Press, Inc., 2011 — cited as Words of Intelligence. 


Notes: 


DoD issuances (e.g., directives, instructions, DTMs) approved for public release available on the Internet from the DoD Issuances 
Website at: <http:/Awww.dtic.mil/whs/directives/>. Also see <http://www.dtic.mil/doctrine/doctrine/doctrine.htm>. 


Department of the Army publications at <https://www.apd.army.mil/> Also Army Field Manuals (FMs) are available online at: 
<http://armypubs.army.mil/doctrine/active_fm.html> (requires an AKO account). Selected Army publications are also at: 
<http://www.fas.org/irp/doddir/army/index.htm|> 


Air Force doctrine at <http://www.cadre.maxwell.af.mil> 
Navy doctrine at <https://ndls.nwdc.navy.mil> 


Intelligence Community Intelligence Directives (ICDs), unclassified ICDs available online at: 
«http://www.dni.gov/electronic reading room.htm» 
Also see <http://www.dni.gov/index.php/intelligence-community/ic-policies-reports/intelligence-community-directives> 


United States law at <http://uscode.house.gov/lawrevisioncounsel.shtml>. United States Code (USC) also available online from the 
Government Printing Office online data base at: «http:;//www.gpoacess.gov/uscode/index.html» 
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Key DoD Counterintelligence Policy References | 


DoD Regulations 


e DoD 5240.1-R, Procedures Governing the Activities of DoD Intelligence Components that Affect 
United States Persons, 7 Dec 1982; supplemented by DTM 08-11, Intelligence Oversight Policy 
Guidance, 26 Mar 2008 (w/ change 3 dated 27 Jul 2012)* 


DoD Directives 


e DoDD 5240.01, DoD Intelligence Activities, 27 Aug 2007 (with change 1 dated 29 Jan 2013) 

e DoDD O-5240.02, Counterintelligence, 20 Dec 2007 (with change 1 dated 30 Dec 2010)* 

e DoDD 5240.06, Counterintelligence Awareness and Reporting (CIAR), 17 May 2011 (with change 
1 dated 30 May 2013) 

e DoDD 5210.48, Polygraph and Credibility Assessment Program, 25 Jan 2007 (with change 2 
dated 15 Nov 2013)* 

e DoDD S-3325.09, (U) Oversight Management, and Execution of Defense Clandestine Source 
Operations, 9 Jan 2013 (with change 1 dated 13 Jun 2013) 


DoD Instructions 


DoDI 5240.04, Counterintelligence Investigations, 2 Feb 2009 (with change 1 dated 15 Oct 2013)* 

DoDI 5240.05, Technical Surveillance Countermeasures (TSCM) Program, 3 Apr 2014 

DoDI C-5240.08, Counterintelligence Security Classification Guide (U), 28 Nov 2011 

DoDI S-5240.09, Offensive Counterintelligence Operations (OFCO) (U), 29 Oct 2008* 

DoDI 5240.10, Counterintelligence in the Combatant Commands and Other DoD Components, 

5 Oct 2011 (with change 1 dated 15 Oct 2013) 

DoDI S-5240.15, Force Protection Response Group (FPRG) (U), 20 Oct 2010 (with change 1) 

DoDI 5240.16, DoD Counterintelligence Functional Services (CIFS), 27 Aug 2012 (with change 1) 

DoDI S-5240.17, (U) Counterintelligence Collection Acclivities (CCA), 14 Mar 2014 

DoDI 5240.18, Counterintelligence Analysis and Production, 17 Nov 2009 (with change 1) 

DoDI 5240.19, Counterintelligence Support to the Defense Critical Infrastructure Program (DCIP), 

31 Jan 2014 

DoDI O-5240.21, Counterintelligence Inquires, 14 May 2009 (with change 2 dated 15 Oct 2013) 

DoDI 5240.22, Counterintelligence Support to Force Protection, 24 Sep 2009 (with change 1) 

DoDI S-5240.23, Counterintelligence Activities in Cyberspace (U), 13 Dec 2010 (with change 1) 

DoDI O-5240.24, Counterintelligence Activities Supporting Research, Development, and 

Acquisition (RDA), 8 Jun 2011 (with change 1 dated 15 Oct 2013) 

e DoDI 5240.25, Counterintelligence Badge and Credentials, 30 March 2012 (with change 1) 

e DoDI 5240.26, Countering Espionage, International Terrorism, and the Counterintelligence Insider 
Threat, 4 May 2012 (with change 1 dated 15 Oct 2013) 

e DoDI 5240.27, Joint Counterintelligence Training Academy (JCITA), 13 Nov 2013 

e DoDI 3305.11, DoD Counterintelligence Training, 19 Mar 2007 (with change 2 dated 15 Oct 2013) 

e DoDI 3305.12, Intelligence and Counterintelligence Training of Non-U.S. Persons, 25 Oct 2007 
(with change 2 dated 15 Oct 2013) 

e DoDI 5210.91, Polygraph and Credibility Assessment (PCA) Procedures, 12 Aug 2010 (with chg 1) 

e DoD! 5200.39, Critical Program Information (CPI) Protection within DoD, 16 Jul 2008 (with chg1)* 


DoD Manuals 

e DoD Manual S-5240.09-M, OFCO Procedures and Security Classification Guide (U), 13 Jan 2011 
Under Development 

e DoD Manual S-5240.26-M, (U) DoD Counterintelligence Insider Threat Program (CIITP)* 


* under revision / under development 
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Intelligence Community & Misc. Government Websites | 


OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE (ODNI): www.dni.gov 
NATIONAL COUNTERINTELLIGENCE EXECUTIVE (NCIX): www.ncix.gov 
NATIONAL COUNTERTERRORISM CENTER (NCTC): www.nctc.gov 
DEPARTMENT OF DEFENSE (DoD): www.defense.gov (also see: www.defenselink.mil) 
- Defense Intelligence Agency (DIA): www.dia.mil 
- Defense Security Service (DSS): www.dss.mil 
- Army: www.army.mil 
-- Intelligence & Security Command (INSCOM): www.inscom.army.mil 
-- 902d Military Intelligence Group: www.inscom.army.mil/MSC/902MIG.aspx 
-- Intelligence Knowledge Network (IKN): https://www.ikn.army.mil/ 
- Air Force: www.af.mil 
-- Air Force Office of Special Investigations (AFOSI): www.osi.andrews.af.mil 
-- Air Force ISR Agency: www.afisr.af.mil 
- Navy: www.navy.mil 
-- Naval Criminal Investigative Service (NCIS): www.ncis.navy.mil 
-- Office of Naval Intelligence (ONI): www.nmic.navy.mil 
- Marine Corp: www.marines.mil 
-- USMC Intelligence: www.hqinet001.hqmc.usmc.mil/Dirlnt/default.html 
NATIONAL SECURITY AGENCY (NSA): www.nsa.gov 
NATIONAL GEOSPATIAL-INTELLIGENCE AGENCY (NGA): www.nga.mil 
NATIONAL RECONNAISSANCE OFFICE (NRO): www.nro.gov 
CENTRAL INTELLIGENCE AGENCY (CIA): www.cia.gov 
DEPARTMENT OF JUSTICE (Dou): www.usdoj.gov 
- Federal Bureau of Investigation (FBI): www.fbi.gov 
- Drug Enforcement Agency (DEA): www.dea.gov 
- DoJ Office of Legal Counsel (OLC): www.usdoj.gov/olc 
- DoJ National Security Division (NSD): www.usdoj.gov/nsd 
DEPARTMENT OF HOMELAND SECURITY (DHS): www.dhs.gov 
- U.S. Coast Guard (USCG): www.uscg.mil 
- Customs and Border Protection (CBP): http://cbp.gov/ 
- Immigrations and Customs Enforcement (ICE): www.ice.gov 
- Transportation Security Administration (TSA): www.tsa.gov 
- U.S. Secret Service (USSS): www.secretservice.gov 
- DHS Office of Intelligence & Analysis: www.dhs.gov/xabout/structure/gc_1220886590914.shtm 
DEPARTMENT OF STATE: www.state.gov 
- Bureau of Diplomatic Security: www.state.gov/m/ds 
DEPARTMENT OF TREASURY: www.ustreas.gov 
- Office of Terrorism and Financial Intelligence: www.ustreas.gov/offices/enforcement/ 
- Financial Crimes Enforcement Network (FinCEN): www.fincen.gov 
DEPARTMENT OF ENERGY: www.energy.gov 
INTERAGENCY OPSEC SUPPORT STAFF (IOSS): www.ioss.gov 
WHITE HOUSE: www.whitehouse.gov 
U.S. SENATE: www.senate.gov 
- Senate Select Committee on Intelligence (SSCI): www. intelligence.senate.gov 
U.S. HOUSE OF REPRESENTATIVES: www.house.gov 
- House Permanent Select Committee on Intelligence (HPSCI): www.intelligence.house.gov 


LIBRARY OF CONGRESS: www.loc.gov 
- Federal legislative information available at: www.thomas.loc.gov 
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FOREWORD 


1. The NSTISSC Glossary Working Group recently convened to review terms 
submitted by the NSTISSC membership since the Glossary was last published in 
1999. This edition incorporates those terms. 


2. We recognize that, to remain useful, a glossary must be in a continuous 
state of coordination, and we encourage your review and welcome your comments. 
The goal of the Glossary Working Group is to keep pace with changes in information 
systems security terminology and meet regularly to consider comments. 


3. The Working Group would like your help in keeping up to date as new 
terms come into being and old terms fall into disuse or change meaning. Some terms 
from the previous version were deleted, others updated or added, and some are 
identified as candidates for deletion (C.F.D.). If a term you still find valuable and need 
in your environment has been deleted, please resubmit the term with a definition 
based on the following criteria: (a) specific relevance to the security of information 
systems; (D) economy of words; (c) accuracy; and (d) clarity. Use these same criteria 
to recommend any changes to existing definitions or suggest new terms. In all cases, 
send your suggestions to the NSTISSC Secretariat via mail or fax (410) 854-6814. 


4. Representatives of the NSTISSC may obtain additional copies of this 
instruction at the address listed below. 


MICHAEL V. HAYDEN 
Lieutenant General, USAF 


NSTISSC Secretariat (142). National Security Agency.9800 Savage Road STE 6716. Ft Meade MD 20755-6716 
(410) 854-6805.UFAX: (410) 854-6814 
nstissc ? radium.ncsc.mil 
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SECTION I 
TERMS AND DEFINITIONS 


Al Highest level of trust defined in the Orange Book 
(Department of Defense Trusted Computer System 
Evaluation Criteria, DoD 5200.28-STD). 


access Opportunity to make use of an information system 
(IS) resource. 


access control Limiting access to information system resources 
only to authorized users, programs, processes, or 
other systems. 


access control list (ACL) Mechanism implementing discretionary and/or 
mandatory access control between subjects and 
objects. 


access control mechanism Security safeguard designed to detect and deny 
unauthorized access and permit authorized access 
in an IS. 


access control officer (ACO) Designated individual responsible for limiting 
access to information systems resources. 


access level Hierarchical portion of the security level used to 
identify the sensitivity of IS data and the clearance 
or authorization of users. Access level, in 
conjunction with the nonhierarchical categories, 
forms the sensitivity label of an object. See 
category. 


access list (IS) Compilation of users, programs, or processes 
and the access levels and types to which each is 
authorized. 


(COMSEC) Roster of persons authorized 
admittance to a controlled area. 


access period Segment of time, generally expressed in days or 
weeks, during which access rights prevail. 
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access profile Associates each user with a list of protected objects 
the user may access. 


access type Privilege to perform action on an object. Read, 
write, execute, append, modify, delete, and create 
are examples of access types. 


accountability (IS) Process of tracing IS activities to a responsible 
source. 


(COMSEC) Principle that an individual is entrusted 
to safeguard and control equipment, keying 
material, and information and is answerable to 
proper authority for the loss or misuse of that 
equipment or information. 


accounting legend code (ALC) Numeric code used to indicate the minimum 
accounting controls required for items of 
accountable COMSEC material within the 
COMSEC Material Control System. 


accounting number Number assigned to an item of COMSEC material 
to facilitate its control. 


accreditation Formal declaration by a Designated Approving 
Authority (DAA) that an IS is approved to operate 
in a particular security mode at an acceptable level 
of risk, based on the implementation of an 
approved set of technical, managerial, and 
procedural safeguards. 


accreditation package Product comprised of a System Security Plan (SSP) 
and a report documenting the basis for the 
accreditation decision. 


accrediting authority Synonymous with Designated Approving Authority 
(DAA). 
add-on security Incorporation of new hardware, software, or 


firmware safeguards in an operational IS. 


advisory Notification of significant new trends or 
developments regarding the threat to the IS of an 
organization. This notification may include 
analytical insights into trends, intentions, 
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technologies, or tactics of an adversary targeting 
ISs. 


alert Notification that a specific attack has been directed 
at the IS of an organization. 


alternate COMSEC custodian Person designated by proper authority to perform 
the duties of the COMSEC custodian during the 
temporary absence of the COMSEC custodian. 


anti-jam Measures ensuring that transmitted information 
can be received despite deliberate jamming 
attempts. 

anti-spoof Measures preventing an opponents participation 
in an IS. 

assembly Group of parts, elements, subassemblies, or 
circuits that are removable items of COMSEC 
equipment. 

assurance See information assurance. 

attack Type of incident involving the intentional act of 


attempting to bypass one or more security controls 
(see Information Assurance) of an IS. 


attention character In Trusted Computing Base (TCB) design, a 
character entered from a terminal that tells the 
TCB the user wants a secure communications path 
from the terminal to some trusted code to provide a 
secure service for the user. 


audit Independent review and examination of records 
and activities to assess the adequacy of system 
controls, to ensure compliance with established 
policies and operational procedures, and to 
recommend necessary changes in controls, 
policies, or procedures. 


audit trail Chronological record of system activities to enable 
the reconstruction and examination of the 
sequence of events and/or changes in an event. 
Audit trail may apply to information in an IS, to 
message routing in a communications system, or 
to the transfer of COMSEC material. 
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authenticate To verify the identity of a user, user device, or 
other entity, or the integrity of data stored, 
transmitted, or otherwise exposed to unauthorized 
modification in an IS, or to establish the validity of 
a transmission. 


authentication Security measure designed to establish the validity 
of a transmission, message, or originator, or a 
means of verifying an individual's authorization to 
receive specific categories of information. 


authentication system Cryptosystem or process used for authentication. 


authenticator Means used to confirm the identity of a station, 
originator, or individual. 


authorization Access privileges granted to a user, program, or 
process. 
authorized vendor Manufacturer of INFOSEC equipment authorized to 


produce quantities in excess of contractual 
requirements for direct sale to eligible buyers. 
Eligible buyers are typically U.S. Government 
organizations or U.S. Government contractors. 


Authorized Vendor Program Program in which a vendor, producing an 

(AVP) INFOSEC product under contract to NSA, is 
authorized to produce that product in numbers 
exceeding the contracted requirements for direct 
marketing and sale to eligible buyers. Eligible 
buyers are typically U.S. Government organizations 
or U.S. Government contractors. Products 
approved for marketing and sale through the AVP 
are placed on the Endorsed Cryptographic 
Products List (ECPL). 


automated security monitoring Use of automated procedures to ensure security 
controls are not circumvented or the use of these 
tools to track actions taken by subjects suspected 
of misusing the IS. 


automatic remote rekeying Procedure to rekey a distant crypto-equipment 
electronically without specific actions by the 
receiving terminal operator. 


availability Timely, reliable access to data and information 


services for authorized users. 
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back door Hidden software or hardware mechanism used to 
circumvent security controls. Synonymous with 
trap door. 
backup Copy of files and programs made to facilitate 


recovery, if necessary. 


banner Display on an IS that sets parameters for system 
or data use. 


Bell-La Padula security model Formal-state transition model of a computer 
security policy that describes a formal set of access 
controls based on information sensitivity and 
subject authorizations. See star (*) property and 


simple security property. 


benign Condition of cryptographic data that cannot be 
compromised by human access. 


benign environment Nonhostile environment that may be protected 
from external hostile elements by physical, 
personnel, and procedural security 
countermeasures. 


beyond A1 Level of trust defined by the DoD Trusted 
Computer System Evaluation Criteria (TCSEC) to 
be beyond the state-of-the-art technology. It 
includes all the Al-level features plus additional 
ones not required at the Al-level. 


binding Process of associating a specific communications 
terminal with a specific cryptographic key or 
associating two related elements of information. 


biometrics Automated methods of authenticating or verifying 
an individual based upon a physical or behavioral 
characteristic. 

bit error rate Ratio between the number of bits incorrectly 


received and the total number of bits transmitted 
in a telecommunications system. 


BLACK Designation applied to information systems, and to 


associated areas, circuits, components, and 
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equipment, in which national security information 
is encrypted or is not processed. 


boundary Software, hardware, or physical barrier that limits 
access to a system or part of a system. 


brevity list List containing words and phrases used to shorten 
messages. 
browsing Act of searching through IS storage to locate or 


acquire information, without necessarily knowing 
the existence or format of information being 
sought. 


bulk encryption Simultaneous encryption of all channels of a 
multichannel telecommunications link. 


C 


call back Procedure for identifying and authenticating a 
remote IS terminal, whereby the host system 
disconnects the terminal and reestablishes 
contact. Synonymous with dial back. 


canister Type of protective package used to contain and 
dispense key in punched or printed tape form. 


capability Protected identifier that both identifies the object 
and specifies the access rights to be allowed to the 
subject who possesses the capability. In a 
capability-based system, access to protected 
objects such as files is granted if the would-be 
subject possesses a capability for the object. 


cascading Downward flow of information through a range of 
security levels greater than the accreditation range 
of a system network or component. 


category Restrictive label applied to classified or unclassified 
information to limit access. 


CCI assembly Device embodying a cryptographic logic or other 


COMSEC design that NSA has approved as a 
Controlled Cryptographic Item (CCI). It performs 
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CCI component 


CCI equipment 


central office of record 
(COR) 


certificate 


certificate management 


certificate revocation list 
(CRL) 


certification 


certification authority (CA) 


certification authority 
workstation (CAW) 
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the entire COMSEC function, but depends upon 
the host equipment to operate. 


Part of a Controlled Cryptographic Item (CCI) that 

does not perform the entire COMSEC function but 
depends upon the host equipment, or assembly, to 
complete and operate the COMSEC function. 


Telecommunications or information handling 
equipment that embodies a Controlled 
Cryptographic Item (CCI) component or CCI 
assembly and performs the entire COMSEC 
function without dependence on host equipment to 
operate. 


Office of a federal department or agency that keeps 
records of accountable COMSEC material held by 
elements subject to its oversight. 


Record holding security information about an IS 
user and vouches to the truth and accuracy of the 
information it contains. 


Process whereby certificates (as defined above) are 
generated, stored, protected, transferred, loaded, 
used, and destroyed. 


List of invalid certificates (as defined above) that 
have been revoked by the issuer. 


Comprehensive evaluation of the technical and 
nontechnical security safeguards of an IS to 
support the accreditation process that establishes 
the extent to which a particular design and 
implementation meets a set of specified security 
requirements. 


Third level of the Public Key Infrastructure (PKI) 
Certification Management Authority responsible for 
issuing and revoking user certificates, and exacting 
compliance to the PKI policy as defined by the 
parent Policy Creation Authority (PCA). 


Commercial-off-the-shelf (COTS) workstation with 
a trusted operating system and special purpose 
application software that is used to issue 
certificates. 
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certification package 


certification test and 
evaluation (CT&E) 


certified TEMPEST technical 
authority (CTTA) 


certifier 


challenge and reply 
authentication 


checksum 


check word 


cipher 


cipher text 


cipher text auto-key 
(CTAK) 


ciphony 


classified information 
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Product of the certification effort documenting the 
detailed results of the certification activities. 


Software and hardware security tests conducted 
during development of an IS. 


An experienced, technically qualified U.S. 
Government employee who has met established 
certification requirements in accordance with 
NSTISSC-approved criteria and has been appointed 
by a U.S. Government Department or Agency to 
fulfill CTTA responsibilities. 


Individual responsible for making a technical 
judgment of the system’s compliance with stated 
requirements, identifying and assessing the risks 
associated with operating the system, coordinating 
the certification activities, and consolidating the 
final certification and accreditation packages. 


Prearranged procedure in which a subject requests 
authentication of another and the latter 
establishes validity with a correct reply. 


Value computed on data to detect error or 
manipulation during transmission. See hash total. 


Cipher text generated by cryptographic logic to 
detect failures in cryptography. 


Any cryptographic system in which arbitrary 
symbols or groups of symbols, represent units of 
plain text, or in which units of plain text are 
rearranged, or both. 


Enciphered information. 


Cryptographic logic that uses previous cipher text 
to generate a key stream. 


Process of enciphering audio information, resulting 
in encrypted speech. 


Information that has been determined pursuant to 

Executive Order 12958 or any predecessor Order, 

or by the Atomic Energy Act of 1954, as amended, 
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to require protection against unauthorized 
disclosure and is marked to indicate its classified 
status. 


clearing Removal of data from an IS, its storage devices, 
and other peripheral devices with storage capacity, 
in such a way that the data may not be 
reconstructed using common system capabilities 
(i.e., keyboard strokes); however, the data may be 
reconstructed using laboratory methods. Cleared 
media may be reused at the same classification 
level or at a higher level. Overwriting is one method 
of clearing. 


closed security environment Environment providing sufficient assurance that 
applications and equipment are protected against 
the introduction of malicious logic during an IS life 
cycle. Closed security is based upon a system's 
developers, operators, and maintenance personnel 
having sufficient clearances, authorization, and 
configuration control. 


code (COMSEC) System of communication in which 
arbitrary groups of letters, numbers, or symbols 
represent units of plain text of varying length. 


code book Document containing plain text and code 
equivalents in a systematic arrangement, or a 
technique of machine encryption using a word 
substitution technique. 


code group Group of letters, numbers, or both in a code 
system used to represent a plain text word, phrase, 
or sentence. 


code vocabulary Set of plain text words, numerals, phrases, or 
sentences for which code equivalents are assigned 
in a code system. 


cold start Procedure for initially keying crypto-equipment. 


command authority Individual responsible for the appointment of user 
representatives for a department, agency, or 
organization and their key ordering privileges. 
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Commercial COMSEC Relationship between NSA and industry in which 
Endorsement Program (CCEP) NSA provides the COMSEC expertise (i.e., 


standards, algorithms, evaluations, and guidance) 
and industry provides design, development, and 
production capabilities to produce a type 1 or type 
2 product. Products developed under the CCEP 
may include modules, subsystems, equipment, 
systems, and ancillary devices. 


common criteria Provides a comprehensive, rigorous method for 
specifying security function and assurance 
requirements for products and systems. 
(Information Technology Security Evaluation 
Criteria [ITSEC]) 


common fill device One of a family of devices developed to read-in, 
transfer, or store key. 


communications cover Concealing or altering of characteristic 
communications patterns to hide information that 
could be of value to an adversary. 


communications deception Deliberate transmission, retransmission, or 
alteration of communications to mislead an 
adversary's interpretation of the communications. 
See imitative communications deception and 
manipulative communications deception. 


communications profile Analytic model of communications associated with 
an organization or activity. The model is prepared 
from a systematic examination of communications 
content and patterns, the functions they reflect, 
and the communications security measures 


applied. 
communications security Measures and controls taken to deny unauthorized 
(COMSEC) persons information derived from 


telecommunications and to ensure the authenticity 
of such telecommunications. Communications 
security includes cryptosecurity, transmission 
security, emission security, and physical security 
of COMSEC material. 


compartmentalization A nonhierarchical grouping of sensitive information 


used to control access to data more finely than 
with hierarchical security classification alone. 
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compromise 


compromising emanations 


computer abuse 
computer cryptography 


computer security 


computer security incident 


computer security subsystem 


COMSEC account 


COMSEC account audit 
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INFOSEC mode of operation wherein each user 
with direct or indirect access to a system, its 
peripherals, remote terminals, or remote hosts has 
all of the following: (a) valid security clearance for 
the most restricted information processed in the 
system; (b) formal access approval and signed 
nondisclosure agreements for that information 
which a user is to have access; and (c) valid need- 
to-know for information which a user is to have 
access. 


Type of incident where information is disclosed to 
unauthorized persons or a violation of the security 
policy of a system in which unauthorized 
intentional or unintentional disclosure, 
modification, destruction, or loss of an object may 
have occurred. 


Unintentional signals that, if intercepted and 
analyzed, would disclose the information 
transmitted, received, handled, or otherwise 
processed by information systems equipment. See 
TEMPEST. 


Intentional or reckless misuse, alteration, 
disruption, or destruction of information 
processing resources. 


Use of a crypto-algorithm program by a computer 
to authenticate or encrypt/decrypt information. 


Measures and controls that ensure confidentiality, 
integrity, and availability of IS assets including 
hardware, software, firmware, and information 
being processed, stored, and communicated. 


See incident. 


Hardware/software designed to provide computer 
security features in a larger system environment. 


Administrative entity, identified by an account 
number, used to maintain accountability, custody, 
and control of COMSEC material. 


Examination of the holdings, records, and 
procedures of a COMSEC account ensuring all 
11 
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COMSEC aid 


COMSEC boundary 


COMSEC chip set 


COMSEC control program 


COMSEC custodian 


COMSEC end-item 


COMSEC equipment 


COMSEC facility 
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accountable COMSEC material is properly handled 
and safeguarded. 


COMSEC material that assists in securing 
telecommunications and is required in the 
production, operation, or maintenance of COMSEC 
systems and their components. COMSEC keying 
material, callsign/frequency systems, and 
supporting documentation, such as operating and 
maintenance manuals, are examples of COMSEC 
aids. 


Definable perimeter encompassing all hardware, 
firmware, and software components performing 
critical COMSEC functions, such as key generation 
and key handling and storage. 


Collection of NSA approved microchips. 


Computer instructions or routines controlling or 
affecting the externally performed functions of key 
generation, key distribution, message 
encryption/decryption, or authentication. 


Person designated by proper authority to be 
responsible for the receipt, transfer, accounting, 
safeguarding, and destruction of COMSEC material 
assigned to a COMSEC account. 


Equipment or combination of components ready 
for use in a COMSEC application. 


Equipment designed to provide security to 
telecommunications by converting information to a 
form unintelligible to an unauthorized interceptor 
and, subsequently, by reconverting such 
information to its original form for authorized 
recipients; also, equipment designed specifically to 
aid in, or as an essential element of, the conversion 
process. COMSEC equipment includes crypto- 
equipment, crypto-ancillary equipment, 
cryptoproduction equipment, and authentication 
equipment. 


Space used for generating, storing, repairing, or 
using COMSEC material. 
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COMSEC incident 


COMSEC insecurity 


COMSEC manager 


COMSEC material 


COMSEC Material 
Control System (CMCS) 


COMSEC modification 


COMSEC module 


COMSEC monitoring 


COMSEC profile 


COMSEC survey 
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See incident. 


COMSEC incident that has been investigated, 
evaluated, and determined to jeopardize the 
security of COMSEC material or the secure 
transmission of information. 


Person who manages the COMSEC resources of an 
organization. 


Item designed to secure or authenticate 
telecommunications. COMSEC material includes, 
but is not limited to key, equipment, devices, 
documents, firmware, or software that embodies or 
describes cryptographic logic and other items that 
perform COMSEC functions. 


Logistics and accounting system through which 
COMSEC material marked "CRYPTO" is 
distributed, controlled, and safeguarded. Included 
are the COMSEC central offices of record, 
cryptologistic depots, and COMSEC accounts. 
COMSEC material other than key may be handled 
through the CMCS. 


See information systems security equipment 
modification. 


Removable component that performs COMSEC 
functions in a telecommunications equipment or 
system. 


Act of listening to, copying, or recording 
transmissions of one's own official 
telecommunications to analyze the degree of 
security. 


Statement of COMSEC measures and materials 
used to protect a given operation, system, or 
organization. 


Organized collection of COMSEC and 
communications information relative to a given 
operation, system, or organization. 
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COMSEC system data Information required by a COMSEC equipment or 
system to enable it to properly handle and control 
key. 
COMSEC training Teaching of skills relating to COMSEC accounting, 


use of COMSEC aids, or installation, use, 
maintenance, and repair of COMSEC equipment. 


concept of operations (CONOP) Document detailing the method, act, process, or 
effect of using an IS. 


confidentiality Assurance that information is not disclosed to 
unauthorized persons, processes, or devices. 


configuration control Process of controlling modifications to hardware, 
firmware, software, and documentation to ensure 
the IS is protected against improper modifications 
prior to, during, and after system implementation. 


configuration management Management of security features and assurances 
through control of changes made to hardware, 
software, firmware, documentation, test, test 
fixtures, and test documentation throughout the 
life cycle of an IS. 


confinement channel See covert channel. 
confinement property Synonymous with star (*) property. 
contamination Type of incident involving the introduction of data 


of one security classification or security category 
into data of a lower security classification or 
different security category. 


contingency key Key held for use under specific operational 
conditions or in support of specific contingency 
plans. 

contingency plan Plan maintained for emergency response, backup 


operations, and post-disaster recovery for an IS, to 
ensure the availability of critical resources and to 
facilitate the continuity of operations in an 
emergency situation. 


controlled access protection The C2 level of protection described in the Trusted 
Computer System Evaluation Criteria (Orange 
Book). Its major characteristics are: individual 
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accountability, audit, access control, and object 


reuse. 
controlled cryptographic item Secure telecommunications or information 
(CCD handling equipment, or associated cryptographic 


component, that is unclassified but governed by a 
special set of control requirements. Such items are 
marked "CONTROLLED CRYPTOGRAPHIC ITEM" 
or, where space is limited, "CCI." 


controlled security mode See multilevel security. 


controlled sharing Condition existing when access control is applied 
to all users and components of an IS. 


controlled space Three-dimensional space surrounding IS 
equipment, within which unauthorized persons are 
denied unrestricted access and are either escorted 
by authorized persons or are under continuous 
physical or electronic surveillance. 


controlling authority Official responsible for directing the operation of a 
cryptonet and for managing the operational use 
and control of keying material assigned to the 
cryptonet. 


cooperative key generation Electronically exchanging functions of locally 
generated, random components, from which both 
terminals of a secure circuit construct traffic 
encryption key or key encryption key for use on 
that circuit. 


cooperative remote rekeying Synonymous with manual remote rekeying. 


correctness proof A mathematical proof of consistency between a 
specification and its implementation. 


countermeasure Action, device, procedure, technique, or other 
measure that reduces the vulnerability of an IS. 


covert channel Unintended and/or unauthorized communications 
path that can be used to transfer information in a 
manner that violates an IS security policy. See 
overt channel and exploitable channel. 


covert channel analysis Determination of the extent to which the security 
policy model and subsequent lower-level program 
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covert storage channel 


covert timing channel 


credentials 


critical infrastructures 


cryptanalysis 


CRYPTO 


crypto-alarm 


crypto-algorithm 
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descriptions may allow unauthorized access to 
information. 


Covert channel involving the direct or indirect 
writing to a storage location by one process and 
the direct or indirect reading of the storage location 
by another process. Covert storage channels 
typically involve a finite resource (e.g., sectors on a 
disk) that is shared by two subjects at different 
security levels. 


Covert channel in which one process signals 
information to another process by modulating its 
own use of system resources (e.g., central 
processing unit time) in such a way that this 
manipulation affects the real response time 
observed by the second process. 


Information, passed from one entity to another, 
used to establish the sending entity's access rights. 


Those physical and cyber-based systems essential 
to the minimum operations of the economy and 
government. 


Operations performed in converting encrypted 
messages to plain text without initial knowledge of 
the crypto-algorithm and/or key employed in the 
encryption. 


Marking or designator identifying COMSEC keying 
material used to secure or authenticate 
telecommunications carrying classified or sensitive 
U.S. Government or U.S. Government-derived 
information. 


Circuit or device that detects failures or 
aberrations in the logic or operation of crypto- 
equipment. Crypto-alarm may inhibit 
transmission or may provide a visible and/or 
audible alarm. 


Well-defined procedure or sequence of rules or 
steps, or a series of mathematical equations used 
to describe cryptographic processes such as 
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crypto-ancillary equipment 


crypto-equipment 
cryptographic 


cryptographic component 


cryptographic equipment room 
(CER) 


cryptographic initialization 


cryptographic logic 


cryptographic randomization 


cryptography 


crypto-ignition key (CIK) 


cryptology 


cryptonet 


cryptoperiod 
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encryption/decryption, key generation, 
authentication, signatures, etc. 


Equipment designed specifically to facilitate 
efficient or reliable operation of crypto-equipment, 
without performing cryptographic functions itself. 


Equipment that embodies a cryptographic logic. 
Pertaining to, or concerned with, cryptography. 


Hardware or firmware embodiment of the 
cryptographic logic. A cryptographic component 
may be a modular assembly, a printed wiring 
assembly, a microcircuit, or a combination of these 
items. 


Controlled-access room in which cryptosystems are 
located. 


Function used to set the state of a cryptographic 
logic prior to key generation, encryption, or other 
operating mode. 


The embodiment of one (or more) crypto- 
algorithm(s) along with alarms, checks, and other 
processes essential to effective and secure 
performance of the cryptographic process(es). 


Function that randomly determines the transmit 
state of a cryptographic logic. 


Art or science concerning the principles, means, 
and methods for rendering plain information 
unintelligible and for restoring encrypted 
information to intelligible form. 


Device or electronic key used to unlock the secure 
mode of crypto-equipment. 


Field encompassing both cryptography and 
cryptanalysis. 


Stations holding a common key. 


Time span during which each key setting remains 
in effect. 


17 


UNCLASSIFIED 


Page 3897 of 3957 


NSTISSI 


UNCLASSIFIED 


cryptosecurity 


cryptosynchronization 


cryptosystem 


cryptosystem analysis 


cryptosystem evaluation 


cryptosystem review 


cryptosystem survey 


cyclic redundancy check 


D 


dangling threat 


dangling vulnerability 
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Component of COMSEC resulting from the 
provision of technically sound cryptosystems and 
their proper use. 


Process by which a receiving decrypting 
cryptographic logic attains the same internal state 
as the transmitting encrypting logic. 


Associated INFOSEC items interacting to provide a 
single means of encryption or decryption. 


Process of establishing the exploitability of a 
cryptosystem, normally by reviewing transmitted 
traffic protected or secured by the system under 
study. 


Process of determining vulnerabilities of a 
cryptosystem. 


Examination of a cryptosystem by the controlling 
authority ensuring its adequacy of design and 
content, continued need, and proper distribution. 


Management technique in which actual holders of 
a cryptosystem express opinions on the system's 
suitability and provide usage information for 
technical evaluations. 


Error checking mechanism that checks data 
integrity by computing a polynomial algorithm 
based checksum. 


Set of properties about the external environment 
for which there is no corresponding vulnerability 
and therefore no implied risk. 


Set of properties about the internal environment 
for which there is no corresponding threat and, 
therefore, no implied risk. 
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data aggregation The compilation of unclassified individual data 
systems and data elements resulting in the totality 
of the information being classified. 


data encryption standard (DES) Cryptographic algorithm, designed for the 
protection of unclassified data and published by 
the National Institute of Standards and Technology 
(NIST) in Federal Information Processing Standard 
(FIPS) Publication 46. 


data flow control Synonymous with information flow control. 


data integrity Condition existing when data is unchanged from 
its source and has not been accidentally or 
maliciously modified, altered, or destroyed. 


data origin authentication Corroborating the source of data is as claimed. 

data security Protection of data from unauthorized (accidental or 
intentional) modification, destruction, or 
disclosure. 

data transfer device (DTD) Fill device designed to securely store, transport, 


and transfer electronically both COMSEC and 
TRANSEC key, designed to be backward 
compatible with the previous generation of 
COMSEC common fill devices, and programmable 
to support modern mission systems. 


decertification Revocation of the certification of an IS item or 
equipment for cause. 


decipher Convert enciphered text to plain text by means of a 
cryptographic system. 


decode Convert encoded text to plain text by means of a 
code. 

decrypt Generic term encompassing decode and decipher. 

dedicated mode IS security mode of operation wherein each user, 


with direct or indirect access to the system, its 
peripherals, remote terminals, or remote hosts, has 
all of the following: a. valid security clearance for 
all information within the system; b. formal 
access approval and signed nondisclosure 
agreements for all the information stored and/or 
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processed (including all compartments, 
subcompartments, and/or special access 
programs); and c. valid need-to-know for all 
information contained within the IS. When in the 
dedicated security mode, a system is specifically 
and exclusively dedicated to and controlled for the 
processing of one particular type or classification of 
information, either for full-time operation or for a 
specified period of time. 


default classification Temporary classification reflecting the highest 
classification being processed in an IS. Default 
classification is included in the caution statement 
affixed to an object. 


degaussing Procedure that reduces the magnetic flux to virtual 
zero by applying a reverse magnetizing field. Also 
called demagnetizing. 


delegated development program INFOSEC program in which the Director, NSA, 
delegates, on a case by case basis, the development 
and/or production of an entire telecommunications 
product, including the INFOSEC portion, to a lead 
department or agency. 


denial of service Type of incident resulting from any action or series 
of actions that prevents any part of an IS from 
functioning. 

depot maintenance See full maintenance. 


descriptive top-level specification | Top-level specification written in a natural 
language (e.g., English), an informal design 
notation, or a combination of the two. Descriptive 
top-level specification, required for a class B2 and 
B3 (as defined in the Orange Book, Department of 
Defense Trusted Computer System Evaluation 
Criteria, DoD 5200.28-STD) information system, 
completely and accurately describes a trusted 
computing base. See formal top-level specification. 


design controlled spare part Part or subassembly for a COMSEC equipment or 
(DCSP) (C.F.D.) device with an NSA controlled design. 
design documentation Set of documents, required for Trusted Computer 


System Evaluation Criteria (TCSEC) classes C1 
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and above (as defined in the Orange Book, 
Department of Defense Trusted Computer System 
Evaluation Criteria, DoD 5200.28-STD), whose 
primary purpose is to define and describe the 
properties of a system. As it relates to TCSEC, 
design documentation provides an explanation of 
how the security policy of a system is translated 
into a technical solution via the Trusted 
Computing Base (TCB) hardware, software, and 


firmware. 
designated approving authority Official with the authority to formally assume 
(DAA) responsibility for operating a system at an 


acceptable level of risk. This term is synonymous 
with designated accrediting authority and 
delegated accrediting authority. 


dial back Synonymous with call back. 

digital signature Cryptographic process used to assure message 
originator authenticity, integrity, and 
nonrepudiation. 

digital signature algorithm Procedure that appends data to, or performs a 


cryptographic transformation of, a data unit. The 
appended data or cryptographic transformation 
allows reception of the data unit and protects 
against forgery, e.g., by the recipient. 


direct shipment Shipment of COMSEC material directly from NSA 
to user COMSEC accounts. 


discretionary access control Means of restricting access to objects based on the 

(DAC) identity and need-to-know of users and/or groups 
to which the object belongs. Controls are 
discretionary in the sense that a subject with a 
certain access permission is capable of passing 
that permission (directly or indirectly) to any other 
subject. See mandatory access control. 


distinguished name Globally unique identifier representing an 
individual's identity. 


DoD Trusted Computer System Document containing basic requirements and 


Evaluation Criteria (TCSEC) evaluation classes for assessing degrees of 
effectiveness of hardware and software security 
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controls built into an IS. This document, DoD 
5200.28 STD, is frequently referred to as the 
Orange Book. 


domain Unique context (e.g., access control parameters) in 
which a program is operating; in effect, the set of 
objects a subject has the privilege to access. 


dominate Term used to compare IS security levels. Security 
level S1 is said to dominate security level S2, if the 
hierarchical classification of S1 is greater than, or 
equal to, that of S2 and the non-hierarchical 
categories of S1 include all those of S2 as a subset. 


drop accountability Procedure under which a COMSEC account 
custodian initially receipts for COMSEC material, 
and then provides no further accounting for it to 
its central office of record. Local accountability of 
the COMSEC material may continue to be 
required. See accounting legend code. 


electronically generated key Key generated in a COMSEC device by introducing 
(either mechanically or electronically) a seed key 
into the device and then using the seed, together 
with a software algorithm stored in the device, to 
produce the desired key. 


Electronic Key Management Interoperable collection of systems being developed 

System (EKMS) by services and agencies of the U.S. Government to 
automate the planning, ordering, generating, 
distributing, storing, filling, using, and destroying 
of electronic key and management of other types of 
COMSEC material. 


electronic messaging services Services providing interpersonal messaging 
capability; meeting specific functional, 
management, and technical requirements; and 
yielding a business-quality electronic mail service 
suitable for the conduct of official government 
business. 
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electronic security Protection resulting from measures designed to 
(ELSEC) deny unauthorized persons information derived 


from the interception and analysis of 
noncommunications electromagnetic radiations. 


element Removable item of COMSEC equipment, assembly, 
or subassembly; normally consisting of a single 
piece or group of replaceable parts. 


embedded computer Computer system that is an integral part of a 
larger system. 


embedded cryptography Cryptography engineered into an equipment or 
system whose basic function is not cryptographic. 


embedded cryptographic system Cryptosystem performing or controlling a function 
as an integral element of a larger system or 


subsystem. 
emissions security Protection resulting from measures taken to deny 
(EMSEC) unauthorized persons information derived from 


intercept and analysis of compromising 
emanations from crypto-equipment or an IS. 


encipher Convert plain text to cipher text by means of a 
cryptographic system. 


encode Convert plain text to cipher text by means of a 
code. 

encrypt Generic term encompassing encipher and encode. 

encryption algorithm Set of mathematically expressed rules for rendering 


data unintelligible by executing a series of 
conversions controlled by a key. 


end-item accounting Accounting for all the accountable components of a 
COMSEC equipment configuration by a single 
short title. 

end-to-end encryption Encryption of information at its origin and 


decryption at its intended destination without 
intermediate decryption. 


end-to-end security Safeguarding information in an IS from point of 
origin to point of destination. 
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endorsed for unclassified Unclassified cryptographic equipment that 
cryptographic item (EUCI) embodies a U.S. Government classified 


cryptographic logic and is endorsed by NSA for the 
protection of national security information. See 
type 2 product. 


endorsement NSA approval of a commercially developed product 
for safeguarding national security information. 


entrapment Deliberate planting of apparent flaws in an IS for 
the purpose of detecting attempted penetrations. 


environment Aggregate of external procedures, conditions, and 
objects affecting the development, operation, and 
maintenance of an IS. 


erasure Process intended to render magnetically stored 
information irretrievable by normal means. 


Evaluated Products List (EPL) Equipment, hardware, software, and/or firmware 
evaluated by the National Computer Security 
Center (NCSC) in accordance with DoD TCSEC 
and found to be technically compliant at a 
particular level of trust. The EPL is included in the 
NSA Information Systems Security Products and 
Services Catalogue. 


event Occurrence, not yet assessed, that may effect the 
performance of an IS. 


executive state One of several states in which an IS may operate, 
and the only one in which certain privileged 
instructions may be executed. Such privileged 
instructions cannot be executed when the system 
is operating in other states. Synonymous with 
supervisor state. 


exercise key Key used exclusively to safeguard communications 
transmitted over-the-air during military or 
organized civil training exercises. 


exploitable channel Channel that allows the violation of the security 
policy governing an IS and is usable or detectable 


by subjects external to the trusted computing 
base. See covert channel. 
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F 


fail safe 


fail soft 


failure access 


failure control 


fetch protection 


file protection 


file security 


fill device 


FIREFLY 
firewall 


firmware 
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Capability of crypto-equipment or secure 
telecommunications equipment to resist efforts to 
extract key. 


Automatic protection of programs and/or 
processing systems when hardware or software 
failure is detected. 


Selective termination of affected nonessential 
processing when hardware or software failure is 
determined to be imminent. 


Type of incident in which unauthorized access to 
data results from hardware or software failure. 


Methodology used to detect imminent hardware or 
software failure and provide fail safe or fail soft 
recovery. 


IS hardware provided restriction to prevent a 
program from accessing data in another user's 
segment of storage. 


Aggregate of processes and procedures designed to 
inhibit unauthorized access, contamination, 
elimination, modification, or destruction of a file or 
any of its contents. 


Means by which access to computer files is limited 
to authorized users only. 


COMSEC item used to transfer or store key in 
electronic form or to insert key into a crypto- 
equipment. 


Key management protocol based on public key 
cryptography. 


System designed to defend against unauthorized 
access to or from a private network. 


Program recorded in permanent or semipermanent 


computer memory. 
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fixed COMSEC facility COMSEC facility located in an immobile structure 
or aboard a ship. 


flaw Error of commission, omission, or oversight in an 
IS that may allow protection mechanisms to be 
bypassed. 

flaw hypothesis methodology System analysis and penetration technique in 


which the specification and documentation for an 
IS are analyzed to produce a list of hypothetical 
flaws. This list is prioritized on the basis of the 
estimated probability that a flaw exists on the ease 
of exploiting it, and on the extent of control or 
compromise it would provide. The prioritized list is 
used to perform penetration testing of a system. 


flooding Type of incident involving insertion of a large 
volume of data resulting in denial of service. 


formal access approval Documented approval by a data owner allowing 
access to a particular category of information. 


formal development Software development strategy that proves security 
methodology design specifications. 
formal proof Complete and convincing mathematical argument 


presenting the full logical justification for each 
proof step and for the truth of a theorem or set of 
theorems. 


formal security policy model Mathematically precise statement of a security 
policy. Such a model must define a secure state, 
an initial state, and how the model represents 
changes in state. The model must be shown to be 
secure by proving the initial state is secure and all 
possible subsequent states remain secure. 


formal top-level specification Top-level specification written in a formal 
mathematical language to allow theorems, showing 
the correspondence of the system specification to 
its formal requirements, to be hypothesized and 
formally proven. 


formal verification Process of using formal proofs to demonstrate the 
consistency between formal specification of a 
system and formal security policy model (design 
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verification) or between formal specification and its 
high-level program implementation 
(implementation verification). 


frequency hopping Repeated switching of frequencies during radio 
transmission according to a specified algorithm, to 
minimize unauthorized interception or jamming of 
telecommunications. 


front-end security filter Security filter logically separated from the 
remainder of an IS to protect system integrity. 
Synonymous with firewall. 


full maintenance Complete diagnostic repair, modification, and 
overhaul of INFOSEC equipment, including repair 
of defective assemblies by piece part replacement. 
Also known as depot maintenance. See limited 


maintenance. 
functional proponent See network sponsor. 
functional testing Segment of security testing in which advertised 


security mechanisms of an IS are tested under 
operational conditions. 


G 


gateway Interface providing a compatibility between 
networks by converting transmission speeds, 
protocols, codes, or security measures. 


granularity Relative fineness to which an access control 
mechanism can be adjusted. 


guard Process limiting the exchange of information 
between systems. 


Gypsy verification environment Integrated set of software tools for specifying, 
coding, and verifying programs written in the 
Gypsy language. 
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hacker 


handshaking procedures 


hard copy key 


hardwired key 


hash total 


hashing 


hashword 


identification 


identity token 


identity validation 


imitative communications 
deception 


impersonating 


implant 
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Unauthorized user who attempts to or gains access 
to an IS. 


Dialogue between two IS's for synchronizing, 
identifying, and authenticating themselves to one 
another. 


Physical keying material, such as printed key lists, 
punched or printed key tapes, or programmable, 
read-only memories (PROM). 


Permanently installed key. 


Value computed on data to detect error or 
manipulation. See checksum. 


Computation of a hash total. 


Memory address containing hash total. 


Process an IS uses to recognize an entity. 


Smart card, metal key, or other physical object 
used to authenticate identity. 


Tests enabling an IS to authenticate users or 
resources. 


Introduction of deceptive messages or signals into 
an adversary's telecommunications signals. See 
communications deception and manipulative 
communications deception. 


Form of spoofing. 
Electronic device or electronic equipment 


modification designed to gain unauthorized 
interception of information-bearing emanations. 
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inadvertent disclosure Type of incident involving accidental exposure of 
information to a person not authorized access. 


incident (IS) Assessed occurrence having actual or 
potentially adverse effects on an IS. 


(COMSEC) Occurrence that potentially jeopardizes 
the security of COMSEC material or the secure 
electrical transmission of national security 
information or information governed by 10 U.S.C. 
Section 2315. 


incomplete parameter checking System flaw that exists when the operating system 
does not check all parameters fully for accuracy 
and consistency, thus making the system 
vulnerable to penetration. 


indicator A recognized action, specific, generalized, or 
theoretical, that an adversary might be expected to 
take in preparation for an attack. 


individual accountability Ability to associate positively the identity of a user 
with the time, method, and degree of access to an 
IS. 

information assurance (IA) Information operations that (IO) protect and defend 


information and information systems by ensuring 
their availability, integrity, authentication, 
confidentiality, and nonrepudiation. This includes 
providing for restoration of information systems by 
incorporating protection, detection, and reaction 
capabilities. 


information environment Aggregate of individuals, organizations, or systems 
that collect, process, or disseminate information, 
also included is the information itself. 


information flow control Procedure to ensure that information transfers 
within an IS are not made from a higher security 
level object to an object of a lower security level. 


information operations (IO) Actions taken to affect adversary information and 
ISs while defending one’s own information and ISs. 


information system (IS) The entire infrastructure, organization, personnel, 
and components for the collection, processing, 
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information systems security 
(INFOSEC and/or ISS) 


information systems security 
engineering (ISSE) 


information systems security 
equipment modification 


information systems security 
manager (ISSM) 


information systems 
security officer (ISSO) 


information systems security 
product 


initialize 
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storage, transmission, display, dissemination, and 
disposition of information. 


Protection of information systems against 
unauthorized access to or modification of 
information, whether in storage, processing or 
transit, and against the denial of service to 
authorized users, including those measures 
necessary to detect, document, and counter such 
threats. 


Effort to achieve and maintain optimal security 
and survivability of a system throughout its life 
cycle. 


Modification of any fielded hardware, firmware, 
software, or portion thereof, under NSA 
configuration control. There are three classes of 
modifications: mandatory (to include human 
safety); optional/special mission modifications; 
and repair actions. These classes apply to 
elements, subassemblies, equipment, systems, and 
software packages performing functions such as 
key generation, key distribution, message 
encryption, decryption, authentication, or those 
mechanisms necessary to satisfy security policy, 
labeling, identification, or accountability. 


Principal advisor on computer security matters. 


Person responsible to the designated approving 
authority for ensuring the security of an 
information system throughout its life cycle, from 
design through disposal. Synonymous with system 
security officer. 


Item (chip, module, assembly, or equipment), 
technique, or service that performs or relates to 
information systems security. 


Setting the state of a cryptographic logic prior to 


key generation, encryption, or other operating 
mode. 
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inspectable space Three dimensional space surrounding equipment 
that process classified and/or sensitive information 
within which TEMPEST exploitation is not 
considered practical or where legal authority to 
identify and/or remove a potential TEMPEST 
exploitation exists. Synonymous with zone of 
control. 


integrity Quality of an IS reflecting the logical correctness 
and reliability of the operating system; the logical 
completeness of the hardware and software 
implementing the protection mechanisms; and the 
consistency of the data structures and occurrence 
of the stored data. Note that, in a formal security 
mode, integrity is interpreted more narrowly to 
mean protection against unauthorized modification 
or destruction of information. 


integrity check value Checksum capable of detecting modification of an 
IS. 
interface Common boundary between independent systems 


or modules where interactions take place. 


interface control document Technical document describing interface controls 
and identifying the authorities and responsibilities 
for ensuring the operation of such controls. This 
document is baselined during the preliminary 
design review and is maintained throughout the IS 
lifecycle. 


interim approval Temporary authorization granted by a DAA for an 
IS to process information based on preliminary 
results of a security evaluation of the system. 


internal security controls Hardware, firmware, or software features within an 
IS that restrict access to resources only to 
authorized subjects. 


internetwork private line Network cryptographic unit that provides secure 

interface connections, singularly or in simultaneous 
multiple connections, between a host and a 
predetermined set of corresponding hosts. 


internet protocol (IP) Standard protocol for transmission of data from 
source to destinations in packet-switched 
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K 


key 


key-auto-key (KAK) 


key card 
(C.F.D.) 


key distribution center (KDC) 


key-encryption-key (KEK) 


key list 


key management 


key pair 


key production key (KPK) 
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communications networks and interconnected 
systems of such networks. 


Unauthorized act of bypassing the security 
mechanisms of a system. 


Usually a sequence of random or pseudorandom 
bits used initially to set up and periodically 
change the operations performed in crypto- 
equipment for the purpose of encrypting or 
decrypting electronic signals, or for determining 
electronic counter-countermeasures patterns, or 
for producing other key. 


Cryptographic logic using previous key to produce 
key. 


Paper card, containing a pattern of punched holes, 
that establishes key for a specific cryptonet at a 
specific time. 


COMSEC facility generating and distributing key in 
electrical form. 


Key that encrypts or decrypts other key for 
transmission or storage. 


Printed series of key settings for a specific 
cryptonet. Key lists may be produced in list, pad, 
or printed tape format. 


Supervision and control of the process whereby key 
is generated, stored, protected, transferred, loaded, 
used, and destroyed. 


Public key and its corresponding private key as 
used in public key cryptography. 


Key used to initialize a keystream generator for the 
production of other electronically generated key. 
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key recovery Mechanisms and processes that allow authorized 
parties to retrieve the cryptographic key used for 
data confidentiality. 


key stream Sequence of symbols (or their electrical or 
mechanical equivalents) produced in a machine or 
auto-manual cryptosystem to combine with plain 
text to produce cipher text, control transmission 
security processes, or produce key. 


key tag Identification information associated with certain 
types of electronic key. 


key tape Punched or magnetic tape containing key. Printed 
key in tape form is referred to as a key list. 


key updating Irreversible cryptographic process for modifying 
key. 
keying material Key, code, or authentication information in 


physical or magnetic form. 


L 


label See security label. 


labeled security protections Elementary-level mandatory access control 
protection features and intermediate-level 
discretionary access control features in a TCB that 
uses sensitivity labels to make access control 
decisions. 


laboratory attack Use of sophisticated signal recovery equipment in a 
laboratory environment to recover information from 
data storage media. 


least privilege Principle requiring that each subject be granted 
the most restrictive set of privileges needed for the 
performance of authorized tasks. Application of 
this principle limits the damage that can result 
from accident, error, or unauthorized use of an IS. 


level of protection Extent to which protective measures, techniques, 
and procedures must be applied to ISs and 
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networks based on risk, threat, vulnerability, 
system interconnectivity considerations, and 
information assurance needs. Levels of protection 
are: l. Basic: IS and networks requiring 
implementation of standard minimum security 
countermeasures. 2. Medium: IS and networks 
requiring layering of additional safeguards above 
the standard minimum security countermeasures. 
3. High: IS and networks requiring the most 
stringent protection and rigorous security 
countermeasures. 


limited maintenance COMSEC maintenance restricted to fault isolation, 
removal, and replacement of plug-in assemblies. 
Soldering or unsoldering usually is prohibited in 
limited maintenance. See full maintenance. 


line conditioning Elimination of unintentional signals or noise 
induced or conducted on a telecommunications or 
IS signal, power, control, indicator, or other 
external interface line. 


line conduction Unintentional signals or noise induced or 
conducted on a telecommunications or IS signal, 
power, control, indicator, or other external 
interface line. 


link encryption Encryption of information between nodes of a 
communications system. 


list-oriented IS protection in which each protected object has a 
list of all subjects authorized to access it. See also 
ticket-oriented. 


local authority Organization responsible for generating and 
signing user certificates. 


Local Management Device/ An EKMS platform providing automated 
Key Processor (LMD/KP) management of COMSEC material and generating 
key for designated users. 


lock and key protection system Protection system that involves matching a key or 
password with a specific access requirement. 
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logic bomb Resident computer program triggering an 
unauthorized act when particular states of an IS 
are realized. 


logical completeness measure Means for assessing the effectiveness and degree to 
which a set of security and access control 
mechanisms meets security specifications. 


long title Descriptive title of a COMSEC item. 


low probability of detection Result of measures used to hide or disguise 
intentional electromagnetic transmissions. 


low probability of intercept Result of measures to prevent the intercept of 
intentional electromagnetic transmissions. 


M 


magnetic remanence Magnetic representation of residual information 
remaining on a magnetic medium after the 
medium has been cleared. See clearing. 


maintenance hook Special instructions (trapdoors) in software 
allowing easy maintenance and additional feature 
development. Since maintenance hooks frequently 
allow entry into the code without the usual 
checks, they are a serious security risk if they are 
not removed prior to live implementation. 


maintenance key Key intended only for in-shop use. 


malicious applets Small application programs automatically 
downloaded and executed that perform an 
unauthorized function on an IS. 


malicious code Software or firmware capable of performing an 
unauthorized process on an IS. 


malicious logic Hardware, software, or firmware capable of 
performing an unauthorized function on an IS. 


mandatory access control Means of restricting access to objects 
(MAC) based on the sensitivity of the information 
contained in the objects and the formal 


authorization (i.e., clearance, formal access 
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mandatory modification 


manipulative communications 
deception 


manual cryptosystem 


manual remote rekeying 


masquerading 


master crypto-ignition key 


material symbol 
(MATSYM) (C.F.D.) 


memory scavenging 


message authentication code 


message externals 


message indicator 
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approvals, and need-to-know) of subjects to access 
information of such sensitivity. See discretionary 
access control. 


Change to a COMSEC end-item that NSA requires 
to be completed and reported by a specified date. 
See optional modification. 


Alteration or simulation of friendly 
telecommunications for the purpose of deception. 
See communications deception and imitative 
communications deception. 


Cryptosystem in which the cryptographic processes 
are performed without the use of crypto-equipment 
or auto-manual devices. 


Procedure by which a distant crypto-equipment is 
rekeyed electrically, with specific actions required 
by the receiving terminal operator. 


Form of spoofing. 


A key device with electronic logic and circuits 
providing the capability for adding more 
operational CIKs to a keyset (maximum of seven) 
any time after fill procedure is completed. The 
master CIK can only be made during the fill 
procedure as the first CIK. 


Communications circuit identifier used for key 
card resupply purposes. 


The collection of residual information from data 
storage. 


Data associated with an authenticated message 
allowing a receiver to verify the integrity of the 
message. 


Information outside of the message text, such as 
the header, trailer, etc. 


Sequence of bits transmitted over a 
communications system for synchronizing crypto- 
equipment. Some off-line cryptosystems, such as 
the KL-51 and one-time pad systems, employ 
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message indicators to establish decryption starting 


points. 
mimicking Form of spoofing. 
mode of operation Description of the conditions under which an IS 


operates based on the sensitivity of information 
processed and the clearance levels, formal access 
approvals, and need-to-know of its users. Four 
modes of operation are authorized for processing or 
transmitting information: dedicated mode, system- 
high mode, compartmented/partitioned mode, and 
multilevel mode. 


multilevel device Equipment trusted to properly maintain and 
separate data of different security categories. 


multilevel mode INFOSEC mode of operation wherein all the 
following statements are satisfied concerning the 
users who have direct or indirect access to the 
system, its peripherals, remote terminals, or 
remote hosts: a. some users do not have a valid 
security clearance for all the information processed 
in the IS; b. all users have the proper security 
clearance and appropriate formal access approval 
for that information to which they have access; and 
c. all users have a valid need-to-know only for 
information to which they have access. 


multilevel security (MLS) Concept of processing information with different 
classifications and categories that simultaneously 
permits access by users with different security 
clearances and denies access to users who lack 
authorization. 


mutual suspicion Condition in which two IS's need to rely upon each 
other to perform a service, yet neither trusts the 
other to properly protect shared data. 
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national security information Information that has been determined, pursuant to 
(NSI) Executive Order 12958 or any predecessor order, 
to require protection against unauthorized 
disclosure. 
national security system Any telecommunications or information system 


operated by the United States Government, the 
function, operation, or use of which: 1. involves 
intelligence activities; 2. involves cryptologic 
activities related to national security; 3. involves 
command and control of military forces; 4. 
involves equipment that is an integral part of a 
weapon or weapon system; or 5. is critical to the 
direct fulfillment of military or intelligence 
missions and does not include a system that is to 
be used for routine administrative and business 
applications (including payroll, finance, logistics, 
and personnel management applications). (Title 40 
U.S.C. Section1452, Information Technology 
Management Reform Act of 1996.) 


need-to-know The necessity for access to, or knowledge or 
possession of, specific information required to 
carry out official duties. 


network IS implemented with a collection of interconnected 
nodes. 
network front-end Device implementing protocols that allow 


attachment of a computer system to a network. 


network reference monitor See reference monitor. 
network security See information systems security. 
network security architecture Subset of network architecture specifically 


addressing security-relevant issues. 
network security officer See information systems security officer. 


network sponsor Individual or organization responsible for stating 
the security policy enforced by the network, 
designing the network security architecture to 


properly enforce that policy, and ensuring the 
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network is implemented in such a way that the 
policy is enforced. 


network system System implemented with a collection of 
interconnected components. A network system is 
based on a coherent security architecture and 
design. 


network trusted computing base Totality of protection mechanisms within a 

(NTCB) network, including hardware, firmware, and 
software, the combination of which is responsible 
for enforcing a security policy. See trusted 
computing base. 


network trusted computing base Totality of mechanisms within a single network 

(NTCB) partition component for enforcing the network policy, as 
allocated to that component; the part of the NTCB 
within a single network component. 


network weaving Penetration technique in which different 
communication networks are linked to access an 
IS to avoid detection and trace-back. 


no-lone zone Area, room, or space that, when staffed, must be 
occupied by two or more appropriately cleared 
individuals who remain within sight of each other. 
See two-person integrity. 


nonrepudiation Assurance the sender of data is provided with proof 
of delivery and the recipient is provided with proof 
of the sender's identity, so neither can later deny 
having processed the data. 


null Dummy letter, letter symbol, or code group 
inserted into an encrypted message to delay or 
prevent its decryption or to complete encrypted 
groups for transmission or transmission security 
purposes. 
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object Passive entity containing or receiving information. 
Access to an object implies access to the 
information it contains. 


object reuse Reassignment and re-use of a storage medium 
containing one or more objects after ensuring no 
residual data remains on the storage medium. 


off-line cryptosystem Cryptosystem in which encryption and decryption 
are performed independently of the transmission 
and reception functions. 


one-part code Code in which plain text elements and their 
accompanying code groups are arranged in 
alphabetical, numerical, or other systematic order, 
so one listing serves for both encoding and 
decoding. One-part codes are normally small 
codes used to pass small volumes of low-sensitivity 


information. 

one-time cryptosystem Cryptosystem employing key used only once. 

one-time pad Manual one-time cryptosystem produced in pad 
form. 

one-time tape Punched paper tape used to provide key streams 
on a one-time basis in certain machine 
cryptosystems. 

on-line cryptosystem Cryptosystem in which encryption and decryption 


are performed in association with the transmitting 
and receiving functions. 


open storage Storage of classified information within an 
accredited facility, but not in General Services 
Administration approved secure containers, while 
the facility is unoccupied by authorized personnel. 


operational data security Protection of data from either accidental or 
(C.F.D) unauthorized intentional modification, destruction, 


or disclosure during input, processing, storage, 
transmission, or output operations. 
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operational key 


operational waiver 


operations code 


operations security (OPSEC) 


optional modification 


Orange Book 
(C.F.D) 


organizational maintenance 


organizational registration 
authority (ORA) 


over-the-air key distribution 


over-the-air key transfer 


over-the-air rekeying (OTAR) 
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Key intended for use over-the-air for protection of 
operational information or for the production or 
secure electrical transmission of key streams. 


Authority for continued use of unmodified 
COMSEC end-items pending the completion of a 
mandatory modification. 


Code composed largely of words and phrases 
suitable for general communications use. 


Process denying information to potential 
adversaries about capabilities and/or intentions by 
identifying, controlling, and protecting unclassified 
generic activities. 


NSA-approved modification not required for 
universal implementation by all holders of a 
COMSEC end-item. This class of modification 
requires all of the engineering/doctrinal control of 
mandatory modification but is usually not related 
to security, safety, TEMPEST, or reliability. 


The DoD Trusted Computer System Evaluation 
Criteria (DoD 5200.28-STD). 


Limited maintenance performed by a user 
organization. 


Entity within the PKI that authenticates the 
identity and the organizational affiliation of the 
users. 


Providing electronic key via over-the-air rekeying, 
over-the-air key transfer, or cooperative key 
generation. 


Electronically distributing key without changing 
traffic encryption key used on the secured 
communications path over which the transfer is 
accomplished. 


Changing traffic encryption key or transmission 
security key in remote crypto-equipment by 
sending new key directly to the remote crypto- 
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equipment over the communications path it 
secures. 


overt channel Communications path within a computer system 
or network designed for the authorized transfer of 
data. See covert channel. 


overwrite procedure Process of writing patterns of data on top of the 
data stored on a magnetic medium. 


P 


parity Bit(s) used to determine whether a block of data 
has been altered. 


partitioned security mode IS security mode of operation wherein all personnel 
have the clearance, but not necessarily formal 
access approval and need-to-know, for all 
information handled by an IS. 


password Protected/private alphanumeric string used to 
authenticate an identity or to authorize access to 
data. 

penetration See intrusion. 

penetration testing Security testing in which evaluators attempt to 


circumvent the security features of a system based 
on their understanding of the system design and 
implementation. 


per-call key Unique traffic encryption key generated 
automatically by certain secure 
telecommunications systems to secure single voice 
or data transmissions. See cooperative key 
generation. 


periods processing Processing of various levels of classified and 
unclassified information at distinctly different 
times. Under the concept of periods processing, 
the system must be purged of all information from 
one processing period before transitioning to the 
next. 
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permuter Device used in crypto-equipment to change the 
order in which the contents of a shift register are 
used in various nonlinear combining circuits. 


plain text Unencrypted information. 


policy approving authority (PAA) First level of the PKI Certification Management 
Authority that approves the security policy of each 
PCA. 


policy certification authority (PCA) Second level of the PKI Certification Management 
Authority that formulates the security policy under 
which it and its subordinate CAs will issue public 
key certificates. 


positive control material Generic term referring to a sealed authenticator 
system, permissive action link, coded switch 
system, positive enable system, or nuclear 
command and control documents, material, or 
devices. 


preproduction model Version of INFOSEC equipment employing 
standard parts and suitable for complete 
evaluation of form, design, and performance. 
Preproduction models are often referred to as beta 
models. 


print suppression Eliminating the display of characters in order to 
preserve their secrecy. 


privacy system Commercial encryption system that affords 
telecommunications limited protection to deter a 
casual listener, but cannot withstand a technically 
competent cryptanalytic attack. 


privileged access Explicitly authorized access of a specific user, 
process, or computer to a computer resource(s). 


probe Type of incident involving an attempt to gather 
information about an IS for the apparent purpose 
of circumventing its security controls. 


production model INFOSEC equipment in its final mechanical and 
electrical form. 


proprietary information Material and information relating to or associated 
with a company’s products, business, or activities, 
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protected distribution systems 
(PDS) 


protection philosophy 


protection ring 


protective packaging 


protective technologies 
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including but not limited to financial information; 
data or statements; trade secrets; product research 
and development; existing and future product 
designs and performance specifications; marketing 
plans or techniques; schematics; client lists; 
computer programs; processes; and know-how that 
have been clearly identified and properly marked 
by the company as proprietary information, trade 
secrets, or company confidential information. The 
information must have been developed by the 
company and not be available to the Government 
or to the public without restriction from another 
source. 


Telecommunications deriving their protection 
through use of type 2 products or data encryption 
standard equipment. See type 2 product. 


Wire line or fiber optic distribution system used to 
transmit unencrypted classified national security 
information through an area of lesser classification 
or control. 


Informal description of the overall design of an IS 
delineating each of the protection mechanisms 
employed. Combination of formal and informal 
techniques, appropriate to the evaluation class, 
used to show the mechanisms are adequate to 
enforce the security policy. 


One of a hierarchy of privileged modes of an IS that 
gives certain access rights to user programs and 
processes that are authorized to operate in a given 
mode. 


Packaging techniques for COMSEC material that 
discourage penetration, reveal a penetration has 
occurred or was attempted, or inhibit viewing or 
copying of keying material prior to the time it is 
exposed for use. 


Special tamper-evident features and materials 
employed for the purpose of detecting tampering 
and deterring attempts to compromise, modify, 
penetrate, extract, or substitute information 
processing equipment and keying material. 
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protective technology/ 
package incident 
(C.F.D.) 


protocol 


proxy 


public key certificate 


public cryptography 
(C.F.D.) 


public key cryptography (PKC) 


public key infrastructure (PKI) 


purging 


Q 


QUADRANT 


R 


rainbow series 
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Any penetration of INFOSEC protective technology 
or packaging, such as a crack, cut, or tear. 


Set of rules and formats, semantic and syntactic, 
permiting IS’s to exchange information. 


Software agent that performs a function or 
operation on behalf of another application or 
system while hiding the details involved. 


Contains the name of a user, the public key 
component of the user, and the name of the issuer 
who vouches that the public key component is 
bound to the named user. 


Body of cryptographic and related knowledge, 
study, techniques, and applications that is, or is 
intended to be, in the public domain. 


Encryption system using a linked pair of keys. 
What one key encrypts, the other key decrypts. 


Framework established to issue, maintain, and 
revoke public key certificates accommodating a 
variety of security technologies, including the use 
of software. 


Rendering stored information unrecoverable. See 
sanitize. 


Short name referring to technology that provides 
tamper-resistant protection to crypto-equipment. 


Set of publications that interpret Orange Book 
requirements for trusted systems. 
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randomizer Analog or digital source of unpredictable, 
unbiased, and usually independent bits. 
Randomizers can be used for several different 
functions, including key generation or to provide a 
starting state for a key generator. 


read Fundamental operation in an IS that results only 
in the flow of information from an object to a 
subject. 

read access Permission to read information in an IS. 

real time reaction Immediate response to a penetration attempt that 
is detected and diagnosed in time to prevent 
access. 

recovery procedures Actions necessary to restore data files of an IS and 


computational capability after a system failure. 


RED Designation applied to an IS, and associated areas, 
circuits, components, and equipment in which 
unencrypted national security information is being 
processed. 


RED/BLACK concept Separation of electrical and electronic circuits, 
components, equipment, and systems that handle 
national security information (RED), in electrical 
form, from those that handle non-national security 
information (BLACK) in the same form. 


Red team Independent and focused threat-based effort by an 
interdisciplinary, simulated adversary to expose 
and exploit vulnerabilities as a means to improve 
the security posture of ISs. 


RED signal Any electronic emission (e.g., plain text, key, key 
stream, subkey stream, initial fill, or control signal) 
that would divulge national security information if 


recovered. 

reference monitor Access control concept referring to an abstract 
machine that mediates all accesses to objects by 
subjects. 

reference validation mechanism Portion of a trusted computing base whose normal 


function is to control access between subjects and 
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objects and whose correct operation is essential to 
the protection of data in the system. 


release prefix Prefix appended to the short title of U.S.-produced 
keying material to indicate its foreign releasability. 
"A" designates material that is releasable to specific 
allied nations and "U.S." designates material 
intended exclusively for U. S. use. 


remanence Residual information remaining on storage media 
after clearing. See magnetic remanence and 
clearing. 

remote rekeying Procedure by which a distant crypto-equipment is 


rekeyed electrically. See automatic remote 
rekeying and manual remote rekeying. 


repair action NSA-approved change to a COMSEC end-item that 
does not affect the original characteristics of the 
end-item and is provided for optional application 
by holders. Repair actions are limited to minor 
electrical and/or mechanical improvements to 
enhance operation, maintenance, or reliability. 
They do not require an identification label, 
marking, or control but must be fully documented 
by changes to the maintenance manual. 


reserve keying material Key held to satisfy unplanned needs. See 
contingency key. 


residual risk Portion of risk remaining after security measures 
have been applied. 


residue Data left in storage after information processing 
operations are complete, but before degaussing or 
overwriting has taken place. 


resource encapsulation Method by which the reference monitor mediates 
accesses to an IS resource. Resource is protected 
and not directly accessible by a subject. Satisfies 
requirement for accurate auditing of resource 
usage. 


risk Possibility that a particular threat will adversely 
impact an IS by exploiting a particular 


vulnerability. 
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risk analysis 


risk assessment 


risk index 


risk management 


S 


safeguarding statement 


sanitize 


scavenging 


scratch pad store (SPS) 
(C.F.D.) 


secure communications 


secure hash standard 


secure operating system 
(C.F.D.) 
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Examination of information to identify the risk to 
an IS. 


Formal description and evaluation of risk to an IS. 


Difference between the minimum clearance or 
authorization of IS users and the maximum 
sensitivity (e.g., classification and categories) of 
data processed by the system. 


Process of identifying and applying 
countermeasures commensurate with the value of 
the assets protected based on a risk assessment. 


Statement affixed to a computer output or printout 
that states the highest classification being 
processed at the time the product was produced 
and requires control of the product, at that level, 
until determination of the true classification by an 
authorized person. Synonymous with banner. 


Process to remove information from media such 
that data recovery is not possible. It includes 
removing all classified labels, markings, and 
activity logs. See purging. 


Searching through object residue to acquire data. 
Temporary key storage in crypto-equipment. 
Telecommunications deriving security through use 
of type 1 products and/or PDSs. 


Specification for a secure hash algorithm that can 
generate a condensed message representation 
called a message digest. 


Resident software controlling hardware and other 


software functions in an IS to provide a level of 
protection or security appropriate to the 
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classification, sensitivity, and/or criticality of the 
data and resources it manages. 


secure state Condition in which no subject can access any 
object in an unauthorized manner. 


secure subsystem Subsystem containing its own implementation of 
the reference monitor concept for those resources 
it controls. Secure subsystem must depend on 
other controls and the base operating system for 
the control of subjects and the more primitive 
system objects. 


security fault analysis Assessment, usually performed on IS hardware, to 
(SFA) determine the security properties of a device when 
hardware fault is encountered. 


security features users guide Guide or manual explaining how the security 
(SFUG) mechanisms in a specific system work. 
security filter IS trusted subsystem that enforces security policy 


on the data passing through it. 


security flaw Error of commission or omission in an IS that may 

(C.F.D.) allow protection mechanisms to be bypassed. See 
vulnerability. 

security inspection Examination of an IS to determine compliance with 


security policy, procedures, and practices. 


security kernel Hardware, firmware, and software elements of a 
trusted computing base implementing the 
reference monitor concept. Security kernel must 
mediate all accesses, be protected from 
modification, and be verifiable as correct. 


security label Information representing the sensitivity of a 
subject or object, such as its hierarchical 
classification (CONFIDENTIAL, SECRET, TOP 
SECRET) together with any applicable 
nonhierarchical security categories 
(e.g., sensitive compartmented information, critical 
nuclear weapon design information). 


security net control station Management system overseeing and controlling 
implementation of network security policy. 
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security perimeter 


security policy 


security range 


security requirements 


security requirements baseline 


security safeguards 


security specification 


security test and evaluation 
(ST&E) 


security testing 


seed key 


sensitive information 
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All components/devices of an IS to be accredited. 
Separately accredited components generally are 
not included within the perimeter. 


See information systems security policy. 


Highest and lowest security levels that are 
permitted in or on an IS, system component, 
subsystem, or network. 


Types and levels of protection necessary for 
equipment, data, information, applications, and 
facilities to meet IS security policy. 


Description of the minimum requirements 
necessary for an IS to maintain an acceptable level 
of security. 


Protective measures and controls prescribed to 
meet the security requirements specified for an IS. 
Safeguards may include security features, 
management constraints, personnel security, and 
security of physical structures, areas, and devices. 
See accreditation. 


Detailed description of the safeguards required to 
protect an IS. 


Examination and analysis of the safeguards 
required to protect an IS, as they have been 
applied in an operational environment, to 
determine the security posture of that system. 


Process to determine that an IS protects data and 
maintains functionality as intended. 


Initial key used to start an updating or key 
generation process. 


Information, the loss, misuse, or unauthorized 
access to or modification of, which could adversely 
affect the national interest or the conduct of federal 
programs, or the privacy to which individuals are 
entitled under 5 U.S.C. Section 552a (the Privacy 
Act), but that has not been specifically authorized 
under criteria established by an Executive Order or 
an Act of Congress to be kept classified in the 
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sensitivity label 


shielded enclosure 


short title 


simple security property 


single-level device 
(C.F.D.) 


single point keying 
sniffer 


software system test and 
evaluation process 


special mission modification 
(C.F.D.) 


speech privacy 
(C.F.D.) 
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interest of national defense or foreign policy. 
(Systems that are not national security systems, 
but contain sensitive information, are to be 
protected in accordance with the requirements of 
the Computer Security Act of 1987 (P.L.100-235).) 


Information representing elements of the security 
label(s) of a subject and an object. Sensitivity 
labels are used by the trusted computing base 
(TCB) as the basis for mandatory access control 
decisions. 


Room or container designed to attenuate 
electromagnetic radiation. 


Identifying combination of letters and numbers 
assigned to certain COMSEC materials to facilitate 
handling, accounting, and controlling. 


Bell-La Padula security model rule allowing a 
subject read access to an object, only if the 
security level of the subject dominates the security 
level of the object. 


IS device not trusted to properly maintain and 
separate data to different security levels. 


Means of distributing key to multiple, local crypto- 
equipment or devices from a single fill point. 


Software tool for auditing and identifying network 
traffic packets. 


Process that plans, develops, and documents the 
quantitative demonstration of the fulfillment of all 
baseline functional performance, operational, and 
interface requirements. 


Mandatory or optional modification that applies 
only to a specific mission, purpose, operational, or 
environmental need. 


Techniques using fixed sequence permutations or 


voice /speech inversion to render speech 
unintelligible to the casual listener. 
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split knowledge Separation of data or information into two or more 
parts, each part constantly kept under control of 
separate authorized individuals or teams so that 
no one individual or team will know the whole 
data. 


spoofing Unauthorized use of legitimate Indentification and 
Authentication (I&A) data, however it was obtained, 
to mimic a subject different from the attacker. 
Impersonating, masquerading, piggybacking, and 
mimicking are forms of spoofing. 


spread spectrum Telecommunications techniques in which a signal 
is transmitted in a bandwidth considerably greater 
than the frequency content of the original 
information. Frequency hopping, direct sequence 
spreading, time scrambling, and combinations of 
these techniques are forms of spread spectrum. 


star (*) property Bell-La Padula security model rule allowing a 
subject write access to an object only if the 
security level of the object dominates the security 
level of the subject. 


start-up KEK Key-encryption-key held in common by a group of 
potential communicating entities and used to 
establish ad hoc tactical networks. 


state variable Variable representing either the state of an IS or 
the state of some system resource. 


storage object An object supporting both read and write accesses 
to an IS. 
subassembly Major subdivision of an assembly consisting of a 


package of parts, elements, and circuits that 
perform a specific function. 


subject Generally a person, process, or device causing 
information to flow among objects or change to the 
system state. 


subject security level Sensitivity label(s) of the objects to which the 
subject has both read and write access. Security 
level of a subject must always be dominated by the 
clearance level of the user associated with the 
subject. 
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sub-registration authority (SRA) Individual with primary responsibility for managing 


(C.F.D.) the distinguished name process. 

superencryption Process of encrypting encrypted information. 
Occurs when a message, encrypted off-line, is 
transmitted over a secured, on-line circuit, or when 
information encrypted by the originator is 
multiplexed onto a communications trunk, which 
is then bulk encrypted. 

supersession Scheduled or unscheduled replacement of a 
COMSEC aid with a different edition. 

superuser Special user who can perform control of processes, 

(C.F.D.) devices, networks, and file systems. 


supervisor state 


suppression measure 


surrogate access 


syllabary 


symmetric key 


synchronous crypto-operation 


system administrator (SA) 
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Synonymous with executive state of an operating 
system. 


Action, procedure, modification, or device that 
reduces the level of, or inhibits the generation of, 
compromising emanations in an IS. 


See discretionary access control. 


List of individual letters, combination of letters, or 
syllables, with their equivalent code groups, used 
for spelling out words or proper names not present 
in the vocabulary of a code. A syllabary may also 
be a spelling table. 


Encryption methodology in which the encryptor 
and decryptor use the same key, which must be 
kept secret. 


Method of on-line crypto-operation in which 
crypto-equipment and associated terminals have 
timing systems to keep them in step. 


Individual responsible for the installation and 
maintenance of an IS, providing effective IS 
utilization, adequate security parameters, and 
sound implementation of established INFOSEC 
policy and procedures. 
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system assets 


system development 
methodologies 


system high 


system high mode 


system indicator 


system integrity 


system low 


system profile 


system security 
system security engineering 


system security evaluation 
(C.F.D.) 
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Any software, hardware, data, administrative, 
physical, communications, or personnel resource 
within an IS. 


Methodologies developed through software 
engineering to manage the complexity of system 
development. Development methodologies include 
software engineering aids and high-level design 
analysis tools. 


Highest security level supported by an IS. 


IS security mode of operation wherein each user, 
with direct or indirect access to the IS, its 
peripherals, remote terminals, or remote hosts, has 
all of the following: a. valid security clearance for 
all information within an IS; b. formal access 
approval and signed nondisclosure agreements for 
all the information stored and/or processed 
(including all compartments, subcompartments 
and/or special access programs); and c. valid 
need-to- know for some of the information 
contained within the IS. 


Symbol or group of symbols in an off-line 
encrypted message identifying the specific 
cryptosystem or key used in the encryption. 


Attribute of an IS when it performs its intended 
function in an unimpaired manner, free from 
deliberate or inadvertent unauthorized 
manipulation of the system. 


Lowest security level supported by an IS. 


Detailed security description of the physical 
structure, equipment component, location, 
relationships, and general operating environment 
of an IS. 


See information systems security. 
See information systems security. 


Risk assessment of a system, considering its 
vulnerabilities and perceived security threat. 
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system security management 
plan (C.F.D.) 


system security officer 


system security plan 
(C.F.D.) 


T 


tampering 


telecommunications 


telecommunications and 
automated information 
systems security (C.F.D.) 


telecommunications security 
(TSEC) 


TEMPEST 


TEMPEST test 


TEMPEST zone 


test key 


threat 
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Formal document fully describing the 
responsibilities for security tasks planned to meet 
system security requirements. 


See information system security officer. 


Formal document fully describing the planned 
security tasks required to meet system security 
requirements. 


Unauthorized modification altering the proper 
functioning of INFOSEC equipment. 


Preparation, transmission, communication, or 
related processing of information (writing, images, 
sounds, or other data) by electrical, 
electromagnetic, electromechanical, electro-optical, 
or electronic means. 


Superseded by information systems security. 


See information systems security. 


Short name referring to investigation, study, and 
control of compromising emanations from IS 
equipment. 


Laboratory or on-site test to determine the nature 
of compromising emanations associated with an IS. 


Designated area within a facility where equipment 
with appropriate TEMPEST characteristics 
(TEMPEST zone assignment) may be operated. 


Key intended for testing of COMSEC equipment or 
systems. 


Any circumstance or event with the potential to 


adversely impact an IS through unauthorized 
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access, destruction, disclosure, modification of 
data, and/or denial of service. 


threat analysis Examination of information to identify the 
elements comprising a threat. 


threat assessment Formal description and evaluation of threat to an 
IS. 
threat monitoring Analysis, assessment, and review of audit trails 


and other information collected for the purpose of 
searching out system events that may constitute 
violations of system security. 


ticket-oriented IS protection system in which each subject 
maintains a list of unforgeable bit patterns called 
tickets, one for each object a subject is authorized 
to access. See list-oriented. 


time bomb Resident computer program that triggers an 
unauthorized act at a predefined time. 


time-compliance date Date by which a mandatory modification to a 
COMSEC end-item must be incorporated if the 
item is to remain approved for operational use. 


time-dependent password Password that is valid only at a certain time of day 
or during a specified interval of time. 


traditional COMSEC program Program in which NSA acts as the central 
procurement agency for the development and, in 
some cases, the production of INFOSEC items. 
This includes the Authorized Vendor Program. 
Modifications to the INFOSEC end-items used in 
products developed and/or produced under these 
programs must be approved by NSA. 


traffic analysis (TA) Study of communications patterns. 

traffic encryption key (TEK) Key used to encrypt plain text or to superencrypt 
previously encrypted text and/or to decrypt cipher 
text. 

traffic-flow security (TFS) Measure used to conceal the presence of valid 


messages in an on-line cryptosystem or secure 
communications system. 
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traffic padding 


training key 
(C.F.D.) 


tranquility 


transmission security 
(TRANSEC) 


trap door 


trojan horse 


trusted computer system 


trusted computing base (TCB) 


trusted distribution 


trusted facility manual 


trusted identification 
forwarding 


Page 3936 of 3957 


NSTISSI No. 4009 


UNCLASSIFIED 


Generation of spurious communications or data 
units to disguise the amount of real data units 
being sent. 


Cryptographic key for training. 


Property whereby the security level of an object 
cannot change while the object is being processed 
by an IS. 


Component of COMSEC resulting from the 
application of measures designed to protect 
transmissions from interception and exploitation 
by means other than cryptanalysis. 


Synonymous with back door. 


Program containing hidden code allowing the 
unauthorized collection, falsification, or 
destruction of information. See malicious code. 


IS employing sufficient hardware and software 
assurance measures to allow simultaneous 
processing of a range of classified or sensitive 
information. 


Totality of protection mechanisms within a 
computer system, including hardware, firmware, 
and software, the combination responsible for 
enforcing a security policy. 


Method for distributing trusted computing base 
(TCB) hardware, software, and firmware 
components that protects the TCB from 
modification during distribution. 


Document containing the operational 
requirements; security environment; hardware and 
software configurations and interfaces; and all 
security procedures, measures, and contingency 
plans. 


Identification method used in IS networks whereby 
the sending host can verify an authorized user on 
its system is attempting a connection to another 
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host. The sending host transmits the required 
user authentication information to the receiving 
host. 


trusted path Mechanism by which a person using a terminal 
can communicate directly with the trusted 
computing base (TCB). Trusted path can only be 
activated by the person or the TCB and cannot be 
imitated by untrusted software. 


trusted process Process that has privileges to circumvent the 
system security policy and has been tested and 
verified to operate only as intended. 


trusted recovery Ability to ensure recovery without compromise 
after a system failure. 


trusted software Software portion of a trusted computing base 
(TCB). 
TSEC nomenclature System for identifying the type and purpose of 


certain items of COMSEC material. 


tunneling Technology enabling one network to send its data 
via another network's connections. Tunneling 
works by encapsulating a network protocol within 
packets carried by the second network. 


two-part code Code consisting of an encoding section, in which 
the vocabulary items (with their associated code 
groups) are arranged in alphabetical or other 
systematic order, and a decoding section, in which 
the code groups (with their associated meanings) 
are arranged in a separate alphabetical or numeric 
order. 


two-person control Continuous surveillance and control of positive 
control material at all times by a minimum of two 
authorized individuals, each capable of detecting 
incorrect and unauthorized procedures with 
respect to the task being performed, and each 
familiar with established security and safety 
requirements. 


two-person integrity (TPI) System of storage and handling designed to 
prohibit individual access to certain COMSEC 
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keying material by requiring the presence of at 
least two authorized persons, each capable of 
detecting incorrect or unauthorized security 
procedures with respect to the task being 
performed. See no-lone zone. 


type 1 product Classified or controlled cryptographic item 
endorsed by the NSA for securing classified and 
sensitive U.S. Government information, when 
appropriately keyed. The term refers only to 
products, and not to information, key, services, or 
controls. Type 1 products contain classified NSA 
algorithms. They are available to U.S. Government 
users, their contractors, and federally sponsored 
non-U.S. Government activities subject to export 
restrictions in accordance with International Traffic 
in Arms Regulation. 


type 2 product Unclassified cryptographic equipment, assembly, 
or component, endorsed by the NSA, for use in 
national security systems as defined in Title 40 
U.S.C. Section 1452. 


type 3 algorithm Cryptographic algorithm registered by the National 
Institute of Standards and Technology (NIST) and 
published as a Federal Information Processing 
Standard (FIPS) for use in protecting unclassified 
sensitive information or commercial information. 


type 4 algorithm Unclassified cryptographic algorithm that has been 
registered by the National Institute of Standards 
and Technology (NIST), but not published as a 
Federal Information Processing Standard (FIPS). 


U 


unauthorized disclosure Type of event involving exposure of information to 
individuals not authorized to receive it. 


unclassified Information that has not been determined 
pursuant to E.O. 12958 or any predecessor order 


to require protection against unauthorized 
disclosure and that is not designated as classified. 
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untrusted process 


updating 


user 


user ID 


User Partnership Program 
(UPP) 


user profile 


user representative 


U.S.-controlled facility 


U.S.-controlled space 
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Process that has not been evaluated or examined 
for adherence to the security policy. It may include 
incorrect or malicious code that attempts to 
circumvent the security mechanisms. 


Automatic or manual cryptographic process that 
irreversibly modifies the state of a COMSEC key, 
equipment, device, or system. 


Person or process authorized to access an IS. 


(PKI) Individual defined, registered, and bound to 
a public key structure by a certification authority 
(CA). 


Unique symbol or character string used by an IS to 
identify a specific user. 


Partnership between the NSA and a U.S. 
Government agency to facilitate development of 
secure IS equipment incorporating NSA-approved 
cryptography. The result of this program is the 
authorization of the product or system to 
safeguard national security information in the 
user's specific application. 


Patterns of a user's activity that can show changes 
from normal behavior. 


Person authorized by an organization to order 
COMSEC keying material and interface with the 
keying system, provide information to key users, 
and ensure the correct type of key is ordered. 


Base or building to which access is physically 
controlled by U.S. persons who are authorized U.S. 
Government or U.S. Government contractor 
employees. 


Room or floor within a facility that is not a U.S.- 
controlled facility, access to which is physically 
controlled by U.S. persons who are authorized U.S. 
Government or U.S. Government contractor 
employees. Keys or combinations to locks 
controlling entrance to U.S.-controlled spaces must 
be under the exclusive control of U.S. persons who 
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U.S. person 


V 


validation 


variant 


verification 


verified design 
(C.F.D.) 


virtual password 
(C.F.D.) 


virtual private network (VPN) 
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are U.S. Government or U.S. Government 
contractor employees. 


U.S. citizen or a permanent resident alien, an 
unincorporated association substantially 
composed of U.S. citizens or permanent resident 
aliens, or a corporation incorporated in U.S., 
except for a corporation directed and controlled by 
a foreign government or governments. 


Process of applying specialized security test and 
evaluation procedures, tools, and equipment 
needed to establish acceptance for joint usage of 
an IS by one or more departments or agencies and 
their contractors. 


One of two or more code symbols having the same 
plain text equivalent. 


Process of comparing two levels of an IS 
specification for proper correspondence (e.g., 
security policy model with top-level specification, 
top-level specification with source code, or source 
code with object code). 


Computer protection class in which formal security 
verification methods are used to assure mandatory 
and discretionary security controls can effectively 
protect classified and sensitive information stored 
in, or processed by, the system. Class A1 system 
is verified design. 


IS password computed from a passphrase meeting 
the requirements of password storage (e.g., 64 
bits). 


Protected IS link utilizing tunneling, security 
controls (see information assurance), and end- 
point address translation giving the impression of a 
dedicated line. 
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virus 


vulnerability 


vulnerability analysis 


vulnerability assessment 


W 


work factor 


worm 


write access 


Z 


zero fill 
zeroize 


zone of control 
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Self-replicating, malicious code that attaches itself 
to an application program or other executable 
system component and leaves no obvious signs of 
its presence. 


Weakness in an IS, system security procedures, 
internal controls, or implementation that could be 
exploited. 


Examination of information to identify the 
elements comprising a vulnerability. 


Formal description and evaluation of 
vulnerabilities of an IS. 


Estimate of the effort or time needed by a potential 
perpetrator, with specified expertise and resources, 
to overcome a protective measure. 


See malicious code. 


Fundamental operation in an IS that results only 
in the flow of information from a subject to an 
object. See access type. 


Permission to write to an object in an IS. 


To fill unused storage locations in an IS with the 
representation of the character denoting "O." 


To remove or eliminate the key from a crypto- 
equipment or fill device. 


Synonymous with inspectable space. 
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SECTION II 


COMMONLY USED ABBREVIATIONS AND ACRONYMS 


ACL 

ACO 

ADM (C.F.D.) 
AE (C.F.D.) 
AIG 

AIN 

AIRK (C.F.D.) 
AJ (C.F.D.) 
AK 

AKDC (C.F.D.) 
AKD/RCU 
AKMC (C.F.D.) 
AKMS (C.F.D.) 
ALC 

AMS 
ANDVT 
ANSI 

AOSS (C.F.D.) 
APC 

APU 


ARPANET (C.F.D.) 
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Access Control List 

Access Control Officer 
Advanced Development Model 
Application Entity 

Address Indicator Group 
Advanced Intelligence Network 
Area Interswitch Rekeying Key 
Anti-Jamming 

Automatic Remote Rekeying 


Automatic Key Distribution Center 


Automatic Key Distribution/Rekeying Control Unit 


Automated Key Management Center 
Automated Key Management System 
Accounting Legend Code 


1. Auto-Manual System 
2. Autonomous Message Switch 


Advanced Narrowband Digital Voice Terminal 
American National Standards Institute 
Automated Office Support Systems 

Adaptive Predictive Coding 

Auxiliary Power Unit 


Advanced Research Projects Agency Network 
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ASCII 


ASPJ (C.F.D.) 


ASSIST Program 


ASU (C.F.D.) 


ATM 


AUTODIN 


AV (C.F.D.) 


AVP 


C2 


C3 


CSI 


C4 


CA 


C&A 


CAW 


CCEP 


CCI 


CCO 


CDS (C.F.D.) 


CEOI 
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American Standard Code for Information 
Interchange 


Advanced Self-Protection Jammer 


Automated Information System Security Incident 
Support Team 


Approval for Service Use 
Asynchronous Transfer Mode 
Automatic Digital Network 


Auxiliary Vector 


Authorized Vendor Program 


1. Command and Control 
2. Controlled Access Protection (C.F.D.) 


Command, Control, and Communications 


Command, Control, Communications and 
Intelligence 


Command, Control, Communications and 
Computers 


Controlling Authority 
Cryptanalysis 
COMSEC Account 
Command Authority 
Certification Authority 


Ja E 


Certification and Accreditation 

Certificate Authority Workstation 
Commercial COMSEC Endorsement Program 
Controlled Cryptographic Item 

Circuit Control Officer 

Cryptographic Device Services 


Communications Electronics Operating Instruction 
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CEPR 


CER 


CERT 


CFD 


CIAC 


CIK 


CIP (C.F.D.) 


CIRK (C.F.D.) 


CIRT 


CK (C.F.D.) 


CKG 


CNCS (C.F.D.) 


CND 


CNK (C.F.D.) 


COMPUSEC 


COMSEC 


CONOP 


COR 


COTS 


CPS (C.F.D.) 


CPU 


Page 3944 of 3957 


Page 3944 of 3957 


UNCLASSIFIED 


Compromising Emanation Performance 
Requirement 


1. Cryptographic Equipment Room 
2. Communication Equipment Room 


Computer Security Emergency Response Team 
Common Fill Device 

Computer Incident Assessment Capability 
Crypto-Ignition Key 

Crypto-Ignition Plug 

Common Interswitch Rekeying Key 
Computer Security Incident Response Team 
Compartment Key 

Cooperative Key Generation 

COMSEC Material Control System 
Computer Network Attack 

Cryptonet Control Station 

Computer Network Defense 

Cryptonet Key 

Computer Security 

Communications Security 

Concept of Operations 


1. Central Office of Record (COMSEC) 
2. Contracting Officer Representative 


Commercial-off-the-shelf 
COMSEC Parent Switch 
Central Processing Unit 
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CRL 

CRP (C.F.D.) 
Crypt/Crypto 
CSE 


CSS 


CSSO 


CSTVRP 


CTAK 
CT&E 
CTTA 
CUP 


DAA 


DAC 
DAMA 
DCID 


DCS 


DCSP (C.F.D.) 
DDS 

DES 

DIB (C.F.D.) 


DISN 
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Certificate Revocation List 

COMSEC Resources Program (Budget) 
Cryptographic-related 
Communications Security Element 


. COMSEC Subordinate Switch 


PwNY 


. Coded Switch System 


Contractor Special Security Officer 
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. Constant Surveillance Service (Courier) 
. Continuous Signature Service (Courier) 


Computer Security Technical Vulnerability Report 


Program 
Cipher Text Auto-Key 


Certification Test and Evaluation 


Certified TEMPEST Technical Authority 


COMSEC Utility Program 


1. Designated Approving Authority 
2. Designated Accrediting Authority 
3. Delegated Accrediting Authority 


Discretionary Access Control 
Demand Assigned Multiple Access 
Director Central Intelligence Directive 


1. Defense Communications System 
2. Defense Courier Service 


Design Controlled Spare Part(s) 
Dual Driver Service (courier) 
Data Encryption Standard 
Directory Information Base 


Defense Information System Network 
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UNCLASSIFIED 


DITSCAP 


DoD TCSEC (C.F.D.) 


DLED (C.F.D.) 


DMA 


DMS 


DPL (C.F.D.) 


DSA 


DSN 


DSVT 


DTLS 


DTD 


DTS 


DUA 


EAM 


ECCM 


ECM 


ECPL 


EDAC 


EDESPL (C.F.D.) 


EDM (C.F.D.) 


EFD 


EFTO 
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DoD Information Technology Security Certification 
and Accreditation Process 


Department of Defense Trusted Computer System 
Evaluation Criteria 


Dedicated Loop Encryption Device 
Direct Memory Access 
Defense Message System 


Degausser Products List (a section in the 
INFOSEC Products and Services Catalogue) 


Digital Signature Algorithm 

Defense Switched Network 

Digital Subscriber Voice Terminal 
Descriptive Top-Level Specification 
Data Transfer Device 

Diplomatic Telecommunications Service 
Directory User Agent 

Emergency Action Message 

Electronic Counter-Countermeasures 
Electronic Countermeasures 


Endorsed Cryptographic Products List 
(a section in the Information Systems 
Security Products and Services Catalogue) 


Error Detection and Correction 

Endorsed Data Encryption Standard Products List 
Engineering Development Model 

Electronic Fill Device 


Encrypt For Transmission Only 
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UNCLASSIFIED 
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EGADS (C.F.D.) Electronic Generation, Accounting, and 


EKMS 


ELINT 


ELSEC (C.F.D.) 


E Model 


EMSEC (C.F.D.) 


EPL 


ERTZ 


ETL (C.F.D.) 


ETPL 


EUCI (C.F.D.) 


EV (C.F.D.) 
FDDI (C.F.D.) 
FDIU 

FIPS 

FOCI 

FOUO 
FSRS 

FSTS 


FTS 


GCCS 
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Distribution System 

Electronic Key Management System 
Electronic Intelligence 

Electronic Security 

Engineering Development Model 
Emissions Security 


Evaluated Products List (a section in the 
INFOSEC Products and Services Catalogue) 


Equipment Radiation TEMPEST Zone 
Endorsed Tools List 
Endorsed TEMPEST Products List 


Endorsed for Unclassified Cryptographic 
Information 


Enforcement Vector 

Fiber Distributed Data Interface 

Fill Device Interface Unit 

Federal Information Processing Standard 
Foreign Owned, Controlled or Influenced 


For Official Use Only 


Functional Security Requirements Specification 


Federal Secure Telephone Service 
Federal Telecommunications System 
File Transfer Access Management 
Formal Top-Level Specification 

Global Command and Control System 
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GETS Government Emergency Telecommunications 


GPS 


GTS 


GWEN 


HDM (C.F.D.) 


HUS (C.F.D.) 


HUSK (C.F.D.) 


IA 


I&A 


IEMATS 


IFF 


IFFN 


IIRK (C.F.D.) 


ILS 


INFOSEC 


IO 


IP 


IPM 


IPSO 


IR (C.F.D.) 


IRK (C.F.D.) 
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Service 

Global Positioning System 

Global Telecommunications Service 
Ground Wave Emergency Network 
Hierarchical Development Methodology 
Hardened Unique Storage 
Hardened Unique Storage Key 
Information Assurance 
Identification and Authentication 
Identity Based Access Control 
Interface Control Unit 

Intrusion Detection System 


Improved Emergency Message Automatic 
Transmission System 


Identification, Friend or Foe 
Identification, Friend, Foe, or Neutral 
Interarea Interswitch Rekeying Key 
Integrated Logistics Support 
Information Systems Security 
Information Operations 

Internet Protocol 

Interpersonal Messaging 

Internet Protocol Security Option 
Information Ratio 


Interswitch Rekeying Key 
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IS Information System 
ISDN Integrated Services Digital Network 
ISO International Standards Organization 
ISS (C.F.D.) Information Systems Security 
ISSE Information Systems Security Engineering 
ISSM Information Systems Security Manager 
ISSO Information Systems Security Officer 
IT Information Technology 
ITAR International Traffic in Arms Regulation 
ITSEC Information Technology Security Evaluation 
Criteria 
KAK Key-Auto-Key 
KDC Key Distribution Center 
KEK Key Encryption Key 
KG Key Generator 
KMASE (C.F.D.) Key Management Application Service Element 
KMC Key Management Center 
KMID Key Management Identification Number 
KMODC Key Management Ordering and Distribution Center 
KMP Key Management Protocol 
KMPDU (C.F.D.) Key Management Protocol Data Unit 
KMS Key Management System 
KMSA (C.F.D.) Key Management System Agent 
KMUA (C.F.D.) Key Management User Agent 
KP Key Processor 
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KPK 

KSD 

KSOS (C.F.D.) 
KVG (C.F.D.) 
LEAD 

LEAF (C.F.D.) 
LKG (C.F.D.) 
LMD 
LMD/KP 
LME (C.F.D.) 
LMI (C.F.D.) 
LOCK 

LPC 


LPD 


MATSYM (C.F.D.) 


MCCB (C.F.D.) 


MDC (C.F.D.) 


MEECN (C.F.D.) 
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Key Production Key 

Key Storage Device 

Kernelized Secure Operating System 

Key Variable Generator 

Low-Cost Encryption/Authentication Device 
Law Enforcement Access Field 

Loop Key Generator 

Local Management Device 

Local Management Device/Key Processor 
Layer Management Entry 

Layer Management Interface 

Logical Co-Processing Kernel 

Linear Predictive Coding 

Low Probability of Detection 

Low Probability of Intercept 

Limited Rate Initial Preproduction 

Large Scale Integration 


1. Mandatory Access Control 
2. Message Authentication Code 


1. Mandatory Modification 
2. Metropolitan Area Network 


Material Symbol 
Modification /Configuration Control Board 
Manipulation Detection Code 


Minimum Essential Emergency Communications 
Network 
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UNCLASSIFIED 


MEP (C.F.D.) 


MER 


MHS 


MI 


MIB 


MIJI (C.F.D.) 


MINTERM 


MISSI 


MLS 


MRT (C.F.D.) 


MSE 


NACAM 


NACSI 


NACSIM 


NAK 


NCCD 


NCS 


NCSC 


NISAC 


NIST 


NKSR (C.F.D.) 


NLZ 


NSA 


NSAD (C.F.D.) 
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Management Engineering Plan 

Minimum Essential Requirements 

Message Handling System 

Message Indicator 

Management Information Base 

Meaconing, Intrusion, Jamming, and Interference 
Miniature Terminal 

Multilevel Information Systems Security Initiative 
Multilevel Security 

Miniature Receiver Terminal 

Mobile Subscriber Equipment 

National COMSEC Advisory Memorandum 
National COMSEC Instruction 

National COMSEC Information Memorandum 


Negative Acknowledge 


Nuclear Command and Control Document 


1. National Communications System 
2. National Cryptologic School 
3. Net Control Station 


National Computer Security Center 

National Industrial Security Advisory Committee 
National Institute of Standards and Technology 
Nonkernel Security Related 

No-Lone Zone 


National Security Agency 


Network Security Architecture and Design 
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UNCLASSIFIED 


NSD 


NSDD 


NSEP 


NSI 


NSO (C.F.D.) 


NSTAC 


NSTISSAM 


NSTISSC 


NSTISSD 


NSTISSI 


NSTISSP 


NTCB 


NTIA 


NTISSAM 


NTISSD 


NTISSI 


NTISSP 


OADR 
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National Security Directive 

National Security Decision Directive 
National Security Emergency Preparedness 
National Security Information 


Network Security Officer 


National Security Telecommunications 
Advisory Committee 


National Security Telecommunications and 
Information Systems Security 
Advisory /Information Memorandum 


National Security Telecommunications and 
Information Systems Security Committe 


National Security Telecommunications and 
Information Systems Security Directive 


National Security Telecommunications and 
Information Systems Security Instruction 


National Security Telecommunications and 
Information Systems Security Policy 


Network Trusted Computing Base 


National Telecommunications and Information 
Administration 


National Telecommunications and Information 
Systems Security Advisory /Information 
Memorandum 


National Telecommunications and Information 
Systems Security Directive 


National Telecommunications and Information 
Systems Security Instruction 


National Telecommunications and Information 
Systems Security Policy 


Originating Agency's Determination Required 
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OPCODE Operations Code 
OPSEC Operations Security 
ORA Organizational Registration Authority 
OTAD Over-the-Air Key Distribution 
OTAR Over-the-Air Rekeying 
OTAT Over-the-Air Key Transfer 
OTP One-Time Pad 
OTT One-Time Tape 
PAA Policy Approving Authority 
PAAP (C.F.D.) Peer Access Approval 
PAE (C.F.D.) Peer Access Enforcement 
PAL Permissive Action Link 
PC Personal Computer 
PCA Policy Certification Authority 
PCMCIA Personal Computer Memory Card International 
Association 
PCZ (C.F.D.) Protected Communications Zone 
PDR Preliminary Design Review 
PDS 1. Protected Distribution Systems 


2. Practices Dangerous to Security 


PDU (C.F.D.) Protocol Data Unit 
PES Positive Enable System 
PKA (C.F.D.) Public Key Algorithm 
PKC Public Key Cryptography 
PKI Public Key Infrastructure 
PKSD Programmable Key Storage Device 
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P model 
PNEK 


PPL 


PRBAC (C.F.D.) 
PROM 
PROPIN 

PSL (C.F.D.) 
PWDS 
RACE (C.F.D.) 
RAMP 

RQT (C.F.D.) 
SA 

SABI 

SAO 


SAP 


SARK 
SBU 
SCI 


SCIF 


SDNRIU (C.F.D.) 


SDNS 


SDR 


SFA 


SHA 
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Preproduction Model 


Post-Nuclear Event Key 


Preferred Products List (a section in the INFOSEC 


Products and Services Catalogue) 
Partition Rule Base Access Control 
Programmable Read-Only Memory 
Proprietary Information 

Protected Services List 

Protected Wireline Distribution System 
Rapid Automatic Cryptographic Equipment 
Rating Maintenance Program 
Reliability Qualification Tests 

System Administrator 

Secret and Below Interoperability 
Special Access Office 


1. System Acquisition Plan 
2. Special Access Program 


SAVILLE Advanced Remote Keying 
Sensitive But Unclassified 


Sensitive Compartmented Information 


Sensitive Compartmented Information Facility 


Secure Digital Net Radio Interface Unit 
Secure Data Network System 

System Design Review 

Security Fault Analysis 


Secure Hash Algorithm 
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UNCLASSIFIED 


SFUG 


SI 


SIGSEC (C.F.D.) 


SISS 


SMU 


SPK 


SPS (C.F.D.) 


SRA (C.F.D.) 


SRR 


SSO 


SSP 


ST&E 


STE 


STS 


STU 


TA 


TACTED (C.F.D.) 


TACTERM 


TAG 


TCB 


TCD (C.F.D.) 


TCSEC (C.F.D.) 


TD (C.F.D.) 


TED 


TEK 
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Security Features Users Guide 

Special Intelligence 

Signals Security 

Subcommittee on Information Systems Security 
Secure Mobile Unit 

Single Point Key(ing) 

Scratch Pad Store 

Sub-Registration Authority 

Security Requirements Review 

Special Security Officer 

System Security Plan 

Security Test and Evaluation 

Secure Terminal Equipment 

Subcommittee on Telecommunications Security 
Secure Telephone Unit 

Traffic Analysis 

Tactical Trunk Encryption Device 

Tactical Terminal 

TEMPEST Advisory Group 

Trusted Computing Base 

Time Compliance Data 

DoD Trusted Computer System Evaluation Criteria 
Transfer Device 

Trunk Encryption Device 


Traffic Encryption Key 
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UNCLASSIFIED 


TNI (C.F.D.) 


TNIEG (C.F.D.) 


UPP 

USDE (C.F.D.) 
V model (C.F.D.) 
VPN 


XDM/X Model 
(C.F.D.) 
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TEMPEST Endorsement Program 
Trusted Facility Manual 

Traffic Flow Security 

Top-Level Specification 

Trusted Network Interpretation 


Trusted Network Interpretation Environment 
Guideline 


Two-Person Control 

Trusted Products Evaluation Program 
Two-Person Integrity 

Transmission Security 

Technical Review Board 

Tri-Service Tactical Communications System 
Technical Surveillance Countermeasures 
Telecommunications Security 

Transmission Security Key 

User Agent 

Unique Interswitch Rekeying Key 

User Interface System 

User Partnership Program 

Undesired Signal Data Emanations 
Advanced Development Model 

Virtual Private Network 

Experimental Development Model/Exploratory 


Development Model 
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SECTION III 
REFERENCES 


a. National Security Directive 42, National Policy for the Security of 
National Security Telecommunications and Information Systems, 5 July 1990. 


b. Executive Order 12958, National Security Information, dated 
29 September 1995. 


c. Executive Order 12333, United States Intelligence Activities, dated 
4 December 1981. 


d. Public Law 100-235, Computer Security Act of 1987, dated 8 January 
1988. 

e. 10 United States Codes Section 2315. 

f. 44 United States Code Section 3502(2), Public Law 104-13, Paperwork 


Reduction Act of 1995, dated 22 May 1995. 


g. Information Technology Management Reform Act of 1996 (within Public 
Law 104-106, DoD Authorization Act of 1996). 


h. NSA Information Systems Security Organization Regulation 90-16, dated 
29 October 1996. 
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